[00:17] can anyone explain this when i try to set up a CVS server: http://www.nomorepasting.com/getpaste.php?pasteid=33110 === unreal_ is now known as unreal === cs278^kinslayer is now known as cs278 [01:30] hey everyone, can i get some help with openvpn? im pretty much a total noob but im trying to get my home ubuntu box to connect pki to my pfsense box at work [01:30] but i cant seem to find much docs on this [01:31] anyone have anything they can point me too? === unreal_ is now known as unreal [02:42] hello. [02:43] I have an AMD64 computer that im thinking about making it a server. this has 2gb ram, and Im wanting to know if I should run ubuntu or xubuntu 10.04 LTS? [02:43] AMD II x2 245 proc [02:45] basically Im only wanting to run a file server for the time being.. until I can get used to managing and everything. Then I intend on upgrading the CPU to one that support VT so I can run multiple servers from one machine. [02:49] zelda: you'll need to see if your processor socket can accomodate a cpu that has VT extensions [02:53] zelda: and if you want to learn about ubuntu server then you should not run a DE (desktop environment) [02:54] ok Ive got ubuntu server 10.04 [02:54] my proc doesnt support virtualization. [02:54] So I have to get new hardware, but I dont need that for now. [02:57] zelda: well, your cpu doesn't support hardware-accelerated virtualization [02:57] zelda: you can still run vmware or virtualbox [02:58] yeah I knwo that right now. Im not going to virtualize anything right now. [02:58] yeah Ill run virtualbox [02:58] zelda: note that virtualbox itself can run without a gui [02:59] zelda: and this is what i recommend (no gui) [03:01] well Im learning so, its my first server I want to build. === dendrobates is now known as dendro-afk === unreal_ is now known as unreal [04:18] Hi guys, I just upgraded from 8.04 to 10.04 using the built in update utility.. but for some reason the grub file did not update and I am getting an alert that the /dev/disk/by-uuid/xxxxx does not exist and it is dropping me to a busybox shell... What should I do to get this fixed so it can boot my server? [04:22] riz0n: list the contents of /dev/disk/by-uuid/ in busybox [04:22] What UUIDs *are* there? [04:23] ok hang on and let me boot back up [04:24] when i ls/dev/disk/by-uuid/ it says No such file or directory [04:24] if i ls /dev/ it does not have a disk folder at all [04:27] You need a space between ls and /dev [04:28] OK, that suggests udev isn't in the ramdisk. [04:28] i am putting a space there,sorry [04:28] Fixing this is probably non-trivial. [04:28] What does /proc/partitions say? [04:28] It should list something like sda sda1 sda2 sda5 [04:29] when i cat partitions, it says major minor #blocks name [04:29] and thats it [04:30] That means your kernel and ramdisk don't have a driver for your SATA contoller [04:30] well i dont have a sata hard drive [04:30] its a ide drive [04:31] SCSI, ATA, whatever [04:31] to give you an idea of what i did, i was running 8.04 just fine and did the built in updater, and i guess that my grub.lst file didn't get updated because its still reflecting 8.04 in the grub file [04:31] Boot a live image, confirm that /etc/initramfs-tools.conf says "MODULES=most", and *not* "MODULES=dep". [04:31] riz0n: this issue has nothing to do with grub [04:32] ok hang on, i will get live disk going [04:32] riz0n: What command did you use to update? [04:33] * twb bets on d-r-u [04:35] I missed part of the conversation, but I was thinking he might have tried dist-upgrade which can break stuff. [04:35] yes it was distr-upgrade -d [04:35] i have livecd booting now as we speak [04:36] dist-upgrade as in "apt-get dist-upgrade" [04:36] ? [04:36] sudo dist-upgrade -d [04:36] someone in this # suggested it to me earlier [04:36] Ugh, more ubuntu-specific crap? [04:36] dist-upgrade does not upgrade you to a new Ubuntu release.. [04:37] Yeah, that's an ubuntuism. I wouldn't trust something canonical built. [04:37] i dont have the cmd in my buffer any more [04:37] dist-upgrade is a debian tool [04:37] the ubuntu tool is different [04:38] ok i got the live cd up and running [04:39] update-manager-core is the package that you need and you then run do-release-upgrade to upgrade your version of ubuntu. Prior to upgrading check your /etc/update-manager/release-upgrades and set 'Prompt=lts' (if upgrading to 10.04) [04:39] but if it's broken maybe these guys can continue to get you fixed ;) [04:39] Todd: there is no "dist-upgrade" binary in Debian. [04:40] really? I always read that it was a debian tool. It's most definitely not the recommended way of upgrading Ubuntu. [04:40] It has been breaking stuff for years. [04:40] The only dist-upgrade I know is "apt-get dist-upgrade". [04:40] Which do-release-upgrade runs internally. [04:40] my guess is i should perhaps change boot.lst to reflect the new kernel perhaps since its still referring to the old 8.04 kernel [04:41] riz0n: if you transitioned to grub 2, then the config file is now grub.cfg; menu.lst is unused. [04:41] i don't have grub.cfg [04:41] so i guess its still using the old grub [04:43] Should the git-daemon-run package install a script in /etc/init.d? sudo service git-daemon ... doesn't know what that service is. I see stuff in /etc/service (it is the only thing, actually) though... [04:43] * mikelifeguard also O.o at the choice of name for the system account (gitlog) :P [04:44] ok now I'm distracted and want clarification.. do-release-upgrade may run dist-upgrade in the background but it has to do far more than that since dist-upgrade does not seem to update various parts of the system (last time I ran it (2 years ago?)). [04:44] <|corpse|> Is it possible to install ubuntu-server in the installation shell? [04:44] it may have been do-release-upgrade [04:45] [18:28:07] riz0n: In general it's recommended to wait for 10.04.1 in two months to upgrade. If you want to now, sudo do-release-upgrade -d should do it. [04:45] so yes it was do-release-upgrade [04:45] sorry [04:45] Todd: if you read python, it turns out do-release-upgrade is just a python script [04:46] should i be booting kernel vmlinuz-2.6.32-22-generic-pae or vmlinuz-2.6.24-19-server [04:46] oh nice.. *has a look* [04:47] Hm, I wasn't aware that "avoid .0 releases" was the party line. [04:47] what is this windows? [04:47] * Todd ducks [04:48] lol [04:49] because from the looks of grub.lst, it is booting the 24-19-server file which is 8.04 according to the grub file. [04:50] grub.lst? That's non-standard. [04:50] sorry long night [04:50] menu.lst ;) [04:51] riz0n: it is important to get these strings right [04:51] Otherwise we will mis-diagnose problems. [04:52] i understand [04:56] When the linux installer asks which interface should be primary… should i put the one that goes to the internet or my local lan? [04:56] i'm installing on a hosted place [04:59] It is probably asking for the upstream (internet-facing) interface. [04:59] in order to download security patches [04:59] okay :) [05:04] That was interesting. I locked my screen session and it disconnected everything. Won't do that again. [05:04] Uh? [05:05] That's definitely not normal [05:05] are you running byobu? [05:05] well the good news is that i added the the new kernel 32-22-generic-pae to my menu.lst file and my server booted up :D [05:05] Nope. [05:05] ew, byobu [05:06] riz0n: hm [05:06] It only disconnected the applications running in the screen. [05:06] That still doesn't seem normal however.. [05:06] It's not [05:06] but it appears that the install has wiped out all my apache virtual servers (which is no issue) [05:06] That suggests that SCREEN crashed [05:06] Let's try it again. [05:06] All my windows are still here. [05:07] How can the windows be there if they disconnected? [05:07] I meant my applications lost their connection to the internet. All of my applications and windows were still running. [05:07] And now it appears to be working fine. [05:08] this is the joy of screen! [05:08] *shrug* Couple more lines of code then sleep. [05:08] and for whatever reason, it will not let me into phpmyadmin using any of the accounts i had made [05:08] screen is your friend.. even if he has a few bugs on him [05:08] speaking of which... I forget the thing to always start screen on login... [05:08] echo 'exec screen -R' >> ~/.bash_profile # or somethin [05:09] -D -R maybe [05:09] screen -r -dd will reattach to the first available screen [05:10] or maybe it's the last used.. dunno [05:10] I only use one [05:10] mikelifeguard: that's a risky approach [05:11] now, just out of curiosity, where can i find the files for mysql [05:11] http://paste.ubuntu.com/439713/ is how I do it [05:11] riz0n: /var/lib/mysql, probably [05:12] personally I don't find it all that difficult to type screen -r -dd after login [05:13] thanks, how can i go about restoring the mysql databases? it appears the files are still present in that folder, but are inaccessible from phpmyadmin [05:15] Todd: I ssh into a lot of hosts [05:15] twb: Avoid .0 is just for LTS to LTS upgrades. It gives a little more time for stabilization and for the development team to test LTS to LTS upgrade scenarios. [05:15] ScottK: ah, OK. [05:22] Which reminds me, as a developer, it's probably about time to do an LTS to LTS upgrade and see how it goes... [05:23] ScottK: Good luck! I'm trying to pick up the pieces right now as we speak! :) [05:23] Heh. Please be sure to file bugs. [05:52] ok, now i got mysql back up and running, but Apache seems to be misbehaving... [05:55] ... and I think I got that up and going again :D [05:56] Now I got one more problem. For some reason, the server booted up the X server. How can I make it boot into a text login prompt? [05:59] The usual method on a server is to not have X installed. [06:00] right, but apparently decided to install itself (which is fine) I just don't want it to start when the server starts [06:05] FWIW, mail server upgrade went fine. One minor bug filed. [06:06] "update-rc.d gdm disable" is correct for Debian. [06:06] I don't know the "right" way to disable it in 10.04; perhaps dpkg-divert --rename /etc/init/gdm [06:06] */etc/init/gdm.conf [06:06] yeah i renamed the gdm.conf file and that did it [06:07] You should use dpkg-divert so that it stays renamed [06:07] Otherwise an upgrade or purge-and-reinstall will put it back [06:07] now i got to fix dovecot, says line 8 something about ssl :/ lol [06:07] and fails to start [06:10] removed the line, /etc/init.d/dovecot start and we are OK :) [06:48] RoAkSoAx: you around/ === hersoy is now known as ersoy [09:33] during the server install, I'm asked if I want to use a http proxy. I do have an apt-proxy on my network. Is it safe to simply add its address there? [09:55] i'm looking for support about kerberos and apache [09:56] i've created with net ads keytab a separate keytab for apache2 and added the HTTP service principal [09:56] but after a week i got errors about gss auth [09:57] http://paste.ubuntu.com/439796/ [09:57] these are the errors in apache error log [10:00] remix_tj: did you do any changes before you started getting errors? [10:00] no, my collegue was working on the kerberized zone and started getting the password request [10:01] vmlintu: now i solved recreating the keytab flushing old principals and adding new ones, but i'm looking for a definitive solution [10:02] the principals didn't expire? [10:02] how can i check it? [10:03] kadmin.local -q "getprinc uid@REALM" [10:05] Missing parameters in krb5.conf required for kadmin client while initializing kadmin interface [10:06] which kerberos implementation do you use? [10:06] my kdc is MS Active Directory [10:07] maybe i can take a look on the doman controller? [10:08] oh, I didn't realise you are using AD.. I don't know how to check that on AD, sorry.. [10:08] vmlintu: i'm googling :-) [10:09] I've been running an apache server with some 50 realms on it for quite some time and there have been no problems.. [10:12] realms or domains? :-) [10:17] hey guys [10:17] need some help again [10:19] my monitor is only of the Half of the existing surface [10:28] my monitor is only of the Half of the existing surface [10:28] my monitor is only of the Half of the existing surface [10:30] hyperlinx: are you able to read the topic or is it in the other half of the monitor? [10:31] vmlintu: so you say the principal has no expiration, isn't it? [10:31] hyperlinx: #ubuntu please, unless your issue is server specific [10:33] remix_tj: 50 realms :) [10:34] vmlintu: :-O :-) [10:34] remix_tj: at least with mit kerberos tools you can set expiration times [10:35] vmlintu: so expiring is an available option... now asking on another channel about it [10:35] thanks [10:36] also check the AD logs [10:36] at least mit kerberos logs quite a bit stuff in kdc.log [10:41] vmlintu: thanks :-) [10:57] k folks, I have a very suspicious file laying in /usr/local/games called z [10:58] it is a binary and seems to be doing something with the logs [10:58] can anyone in here, please calm me down on this? [10:58] /usr/local is used for self installing binaries [10:58] cause there is also some suspicious cron schedule running /usr/local/games/.ICE/unix which doesn't even exist [10:59] that file doesn't come from package [10:59] ivoks: this is a fresh 10.04 with openssh and bin9 period [10:59] chkrootkit finds nothing suspicious [10:59] someone else has access to it :) [10:59] I am somewhat worried though, since this is a productive env [11:00] try string /usr/local/games/z [11:00] strings [11:00] ivoks: how could someone possibly have access to a server on a DMZ which is only reachable through NAT on the GW and a fail2ban with max 6 retries sitting behind ssh [11:00] /usr/local/games is only writable by root user [11:01] if you, as an admin, didn't put it there, someone else did [11:01] http://paste.pocoo.org/show/218439/ [11:01] run strings on that binary [11:02] hehe [11:02] cleaning logs file sounds so suspicious! [11:02] yep [11:02] it cleans access logs [11:02] seems zou guys have a bug in ubuntu 10.04 then, cause this vm has never been online! [11:03] it is only reachable through NAT when packet is inbound on pppoe... ssh runs in rsa only mode [11:03] you are the only admin of that machine? [11:03] yes [11:03] and the install is about 5 days old [11:03] check your .ssh/autorized_keys [11:03] I installed one image and copied that 5 times... all other 4 boxes are just fine [11:03] vmlintu can you take a look to this? http://paste.ubuntu.com/439811/ is a correct behaviour? [11:03] therefor, it's not a bug :) [11:04] ivoks: wow... there is actually an unknown dsa key [11:04] seems I am no longer a virgin^^ [11:05] check mtime of that file [11:05] crap [11:05] I just took the key out [11:06] and permissons on that file? [11:06] i hope they are 600 [11:07] check other 4 machines [11:09] k, I assume I can just del that binary? [11:10] when was is created? [11:10] before or after installation? :) [11:11] er... during or after installation [11:11] 2009-11-22 14:57 [11:11] how can that be? [11:11] perhaps noatime? [11:11] i bet all your machines have that same file :) [11:11] and that ssh key [11:12] you did an automated installation? [11:13] ivoks: no, all other boxes seem just fine... none of the zymptoms [11:14] symptoms [11:14] not even the key? [11:14] not even [11:14] probably a passive hack by some script? [11:15] passive hack? [11:15] soem script running and brutforcing ports [11:15] not intelligent enough to hack from where it has landed [11:15] if port isn't open, it can't brute force it [11:16] if your ssh is rsa only [11:16] ivoks: cut that... was probably open [11:16] then someone owns your key [11:16] tried password auth and got in [11:16] seems I forgot to restart ssh [11:16] only the pubkey [11:16] my cert is only localhost here on my laptop [11:16] i use ssh -YCc blowfish all the way along [11:16] and -a [11:17] only thing they have is my pub [11:17] well, post it on google... don't care.. [11:17] god damn script kiddies [11:19] k, seems I can somewhat reconstruct what has happened [11:19] I've set an easy passowrd during generation of the master image [11:19] never set password no on master image though [11:20] all my boxes where rnnign with root pw 1q2w3e [11:20] ^^ [11:20] baccenfutter: Error: "^" is not a valid command. [11:20] so the bug lies between keyboard and chair as so often [11:20] that's an easy password :) [11:21] so a bruteforce is absolutely possible [11:21] \ [11:22] I'm just wondering why fail2ban didn't kick in [11:22] he must have made it within the first 6 tires [11:22] luckz sone of a bitch [11:23] I owe him a beer for that^^ [11:23] ivoks: thx for stickin through this with me.. [11:24] np [11:42] New bug: #577710 in php5 (main) "php5 crashed with SIGSEGV in execute()" [Undecided,New] https://launchpad.net/bugs/577710 [11:51] New bug: #585787 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_hv_common()" [Undecided,New] https://launchpad.net/bugs/585787 [11:51] hello [11:51] apt-get install linux-headers-2.6.28-11-server [11:51] is not working [11:51] why? [12:04] I am setting up a cyber. And i want to time-limit access. So that the user can get a time for login and after that time he will be logged out. How can i realize this? === dendro-afk is now known as dendrobates [12:34] remix_tj: sorry, got pulled to other things.. I just checked that with my test system and kinit didn't complain anything [12:54] Have any of you guys used kexec to do a kernel upgrade without rebooting? [13:07] SuperLag, doing a kexec is a reboot in the sense all of userspace is gone === freeflyi1g is now known as freeflying [13:50] vmlintu: a friend of mine said that if there is winbind running it changes my machine password on the DC and does not refresh certs... now i disabled winbind and i wait the next week [13:52] ttx: ping just a heads up, the mysql source package has been renamed in debian [13:53] zul: meaning we should rename it as well ? [13:53] ttx: yep...i was going to spend some time on it [13:54] ttx: or we could give it to clint ;) [13:54] zul: you are nasty :) [13:54] ttx: heh [13:56] i need to update mysql-cluster anwyays [14:05] mdeslaur: i take it you are chomping at the big for mysql 5.1.47? ;) [14:12] zul: please speak english [14:12] mdeslaur: you were asking me about the mysql package is it because of the security update in 5.1.47? [14:12] remix_tj: that sounds interesting [14:12] zul: no, I solved that already [14:12] mdeslaur: ah ok [14:15] * zul shakes his fist === rgreening_ is now known as rgreening [14:18] morning [14:21] any libvirt expert in here? [14:21] :) [14:22] A few weeks ago I'd have paid to hear that question :) [14:22] ScottK: over here. :) [14:23] ttx: ? :) [14:23] ivoks: :P [14:24] i just want to change options it pases to kvm/qemu [14:28] ivoks: I guess it depends on what you want to change... I don't know of a generic way to pass arbitrary options [14:28] ivoks: maybe more help in #ubuntu-virt [14:30] ttx: yeah, i tried :) [14:31] New bug: #585830 in mtx (main) "tab completion does not work" [Undecided,New] https://launchpad.net/bugs/585830 [14:43] sommer: ping when you triage new bugs can you set them to incomplete/new if you dont have a response from a user [14:43] sommer: so they dont appear in the new bugs list [14:43] zul: sure, forgot to do that the last couple of times :) [14:43] sommer: i noticed :) [14:43] should I wait for a response, or do it after commenting? [14:50] What kind of VMs can you run on an Ubuntu server? [14:50] only *nix? [14:51] using KVM, that is [14:51] any [14:51] kvm supports running windows. it iprovides "full virtualization" [14:53] interesting [14:55] smoser: and paravirtualization with virtio, right? [14:57] ivoks, right. the virtio drivers (network and disk) provide paravirt, which gets you better performance. [14:57] SuperLag, note, there are certified windows drivers for virtio network and disk [15:01] so there is talk about taking the 'support' from this channel in the email list? [15:12] jcastro: I'm around now. [15:14] hi everyone === failover is now known as failover_out [15:48] mdeslaur: at least the ssl certs have been updated [15:48] zul: hehe [15:49] SuperLag, smoser: i believe virtio drivers for 64-bit windows products require a digital signature from MS [15:51] i was under the impression that there are such drivers available. [15:51] but i will be honest that i really *very* little windows experience [15:51] smoser: sure they're available, but not signed, and will therefore not work, that is my understanding [15:53] hi all [15:53] :) [15:53] Store rebuilding is -0.3% complete,why my store rebuilding return min value?ty [15:54] pmatulis, seems you are correct: http://blog.famzah.net/2010/01/09/kvm-qemu-virtio-storage-and-network-drivers-for-32-bit64-bit-windows-7-windows-vista-windows-xp-and-windows-2000/ === jjohansen is now known as jjohansen-afk [15:55] i was under the impression that redhat provided signed ones [15:56] https://bugzilla.redhat.com/show_bug.cgi?id=532480 [15:56] bugzilla.redhat.com bug 532480 in libvirt "libvirt lacks of signed drivers for virtio and viostor" [Medium,Closed: notabug] [15:56] "3) Buy a Red Hat subscription to get signed drivers [15:56] " [15:57] smoser: thanks for the confirmation [15:58] but they are available. [15:58] from redhat [15:58] i'm not sure on the legality of redistributing them if you had a RHEL subscription [15:59] i'm sure MS has thought of that and will only allow them by probing the KVM RedHat host and it's valid subscription [16:03] hmm === robbiew1 is now known as robbiew [16:16] New bug: #366242 in samba (main) "after adding samba sharing service, X restart failed on jaunty" [Undecided,New] https://launchpad.net/bugs/366242 [16:17] heh....do i really care about jaunty [16:18] New bug: #367473 in samba (main) "Segfault when trying to add a Windows printer via SAMBA" [Undecided,New] https://launchpad.net/bugs/367473 [16:27] New bug: #573847 in dbconfig-common (main) "package phpmyadmin 4:3.3.2-1 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/573847 === pgraner is now known as pgraner-afk === tarzxvf is now known as failover === failover is now known as failover3 [16:31] New bug: #585911 in minicom (universe) "minicom scripts never exit" [Undecided,New] https://launchpad.net/bugs/585911 [16:34] jcastro: re-pong. [16:35] ScottK: ok so anyway, the idea wasn't to get rid of server support, but have it so people who want to contribute have a place instead of mixing up with "help me with DNS" [16:36] jcastro: I think moving development away from support makes it less likely people who are here for more general reasons will feel like becoming involved. [16:37] In any case, the spec currently just says to drop support from this channel and nothing about what will replace it. [16:37] question... [16:37] So even if the intent is to split it, it's incomplete. [16:37] ScottK: daviey did mention that the channel wasn't that busy that you had to split it [16:37] can I resize a grow partition to a set size? [16:37] and also are grow partitions always logical? [16:38] ScottK: ok, I recommend ambushing matthiaz when he joins next. [16:38] jcastro: OK. [16:38] ScottK: the work-item reads way colder than what we discussed. [16:38] it's not like "and screw our users too!" [16:39] anyone knows what's going on with keyserver.ubuntu.com? [16:39] jcastro: I expected so, but I wasn't in the session, so all I know is what I read in the spec. [16:40] martin-: #canonical-sysadmin is probably a better channel to ask. [16:41] HI i have problem with my ubuntu === method_man_1 is now known as bihari [16:43] Is this a standard schema http://screencast.com/t/NTg4NTQ2ODk [16:43] can i install yahoo mesanger [16:48] kirkland, hey do you guys look after libvirt? [16:49] apw, jdstrand has done a lot recently, but, yes, it falls under ubuntu server team [16:50] and kirkland has done a lot there too [16:50] isn't soren the expert here? [16:51] cybrocop has a libvirt use case whereing the kvm instance is being started as root but setcap'd to have no capabilities, this renders logfiles etc un-writable ... heard of such a thing? [16:52] hi smoser, I've been trying to debug this issue for several days now and apw was gracious enough to help me and identify that libvirtd does a setcap to limit its capabilities [16:53] smoser: as a result, kvm isn't albe to map a VM's serial port to a logfile: http://open.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev [16:54] cybrocop_, let them know which command u used to start this thing up [16:54] apw: I have an issue here with virt-manager. When I try to clone a machine, it says it has no read access to the disc image :p [16:54] cybrocop_, binBASH, which release are you running [16:54] When I give all rights it says it can't find the disc image [16:55] binBASH, could be a similar issue quite easily [16:55] apw: 10.04lts [16:55] here is what I did: virsh define libvirt.xml; virsh start i-46D20834 [16:55] cybrocop_, this is when running under eucalyptus / UEC without any local modifications ? [16:55] because 10.04 is absolutely capable of running instances [16:55] smoser: here is my libvirt.xml [16:55] cybrocop_: did you change /etc/libvirt/qemu.conf to use the non-root user and group? [16:55] http://slexy.org/raw/s2KPFinewG [16:56] jdstrand: no [16:56] jdstrand: actually, I tried this: security_driver = "none" [16:57] jdstrand: sorry, this was many days ago... But it was done in order to address this same issue. [16:57] jdstrand: I thought selinux was somehow interfering. [16:57] cybrocop_: well, I saw the report and you said there was nothing regarding apparmor [16:57] cybrocop_: libvirt is protected by apparmor in ubuntu [16:58] jdstrand: Can this have something to do with my issue where I cannot clone the virt machine? [16:58] cybrocop_: but your errors should have logged something if it was blocking [16:58] jdstrand: Yes, there isn't. I just didn't know what else to do. I know it isn't apparmor related now for sure, because I did apparmor=0 [16:59] binBASH: look in dmesg or kern.log. if you have an apparmor denied message, then it is apparmor [16:59] cybrocop_: right. and you are sure you have in /etc/libvirt/qemu.conf 'user = "root"' and 'group = "root"' [17:00] jdstrand: here is the full file: http://slexy.org/raw/s2hIyg3Dnf [17:01] jdstrand: Ok, I will check this tomorrow then. Have to go now to chicken wing flatrate eating with the company :) [17:01] cybrocop: even with security_driver = none, it will still use the DAC security driver iirc [17:01] cybrocop: libvirt now uses a stacked security driver implementation [17:01] cybrocop: it may be a bug in the DAC driver [17:02] jdstrand: is there something I can do to help you debug? And is a workaround for me? [17:02] (the DAC driver is consulted before the apparmor/selinux iirc) [17:02] jdstrand: Or is DAC in the kernel [17:03] cybrocop_: the DAC driver uses standard unix Discretionary Access Controls. it is implemented by libvirt and chowns and chmods all kinds of stuff as it goes [17:04] as long as the xml is in the bug, I can look at it, but I am not actually working today [17:04] I can try to look at it tomorrow or the following day [17:06] jdstrand: OK, no problem. What I'm amazed by is no one else reporting this issue. I must be doing something different from others. [17:07] cybrocop_: what is the bug number again? [17:08] I havent opened a bug. Don't know how to actually. Shoudl I do that? I have a lot of info I can provide. [17:08] I only posted a question on the eucalyptus forum: http://open.eucalyptus.com/forum/libvirt-operation-failed-failed-retrieve-chardev-info-qemu-info-chardev [17:08] cybrocop_: please do open a bug. assign it to libvirt and give the problematic xml [17:08] How do I do that? [17:09] cybrocop_: I'll look at it when I come online [17:09] I'm new to Ubutntu [17:09] I'm new to Ubuntu [17:09] can anyone help test my rsylog server reception [17:09] cybrocop_: https://bugs.launchpad.net/ubuntu/+source/libvirt/+filebug [17:10] jdstrand: will do [17:10] cybrocop: please reference your euca forum question as well [17:12] cybrocop: I can say that using serial does work in at least some configurations, as I have a test for it for the apparmor driver, and it works in my test [17:12] can anyone help with rsyslog [17:12] cybrocop: so hopefully it will be easy enough to see what is happening once I can look at it more closely [17:13] jdstrand: OK. I can't wait to see what the problem is. :) Thanks and hope you get well soon. [17:13] why does ubuntu disable the root ID but create an ID that can sudo? if someone hacks into the ID and figures out the password they can still do root things? [17:14] cybrocop, so can I ask how you came to this ? [17:14] it looks (based on the libvirt xml) that you launched an instance in eucalyptus, then were using virsh/libvirt to manage it [17:14] is that right ? [17:14] Hey guys -just rolled out 10.04 to my cloud servers and it's amazing - great job! Had a question about getting php's mail function working... Which mail package should I be installing/configuring to get that function working? [17:15] And is there a good tutorial? I'm aware of the official guide at help.ubuntu.com/10.04/ but am open to other sites. :) [17:16] smoser: Yes, my eucalyptus images weren't launching [17:17] smoser: This happened all of a sudden on both node servers. I thought it was related to some recent update because previously the same images were running fine. [17:17] ah. and generally you've not done anything to the nodes (ie, they're generally vanilla install) ? [17:17] ONe was a proven working node, (albeit only for 2 days).. I thought I'd bring the 2nd node online and go into production. (Then I saw both nodes giving this problem.) [17:18] I don't remember whether I updated any packages on the 1st node. I might have because I reinstalled Eucalyptus on it and if libvirtd was updated recently then it may have been pulled & installed as a dependency. [17:19] I have since taken down the 1st node and I'm rebuilding it now... Doing a fresh install. IN a few hours I can confirm whether this happens on a vanilla install. [17:20] smoser: in Eucalyptus, I enabled the option for manual instance cleanup.. that is how the files were not deleted and I had an opportunity to troubleshoot using virsh. [17:24] cybrocop, updating packages shouldn't cause such problems obviously. i was wondering if it was more tinkering with the node [17:26] smoser: I definitely didn't tinker with libvirtd code. :) I had downloaded Eucalyptus code to tinker with. At one point, I had my own packages built from the source Ubuntu eucalyptus packages running on Node1. THen I uninstalled those and installed the official ubuntu packages. However, Node2 had only vanilla packages installed. [17:27] :q [17:27] ok. [17:28] sorry about the :q, wrong window. [17:29] what is the point of disabling root ? [17:31] what package does add-apt-repository belong too? Just turned on a ubuntu 10.04 server and it doesn't have it. [17:33] cybrocop, i guess i'm interested in your node reinstall... sorry i dont have any more ideas. i've not seen this error before, and can absolutely attest that as of yesterday my apt-get upgraded eucalyptus system works for launching instances. [17:40] I think it may be this.. security_driver = "none" [17:40] I remember doing this on both machines because at one point I was having problems with apparmor and I thougth this would help. [17:42] smoser: I also remember messing around with apparmor profiles... before completely purging apparmor packages. === luis__lopez is now known as luis_lopez [18:01] smoser, jdstrand: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/585964 [18:01] Launchpad bug 585964 in libvirt "Libvirtd -- error: monitor socket did not show up.: Connection refused" [Undecided,New] [18:01] smoser, jdstrand: Can you let me know what else is required. [18:02] New bug: #570982 in munin (main) "munin-graph crashed with SIGSEGV in Perl_gv_check()" [Undecided,New] https://launchpad.net/bugs/570982 [18:02] New bug: #570983 in munin (main) "munin-limits crashed with SIGSEGV in Perl_pp_entersub()" [Undecided,New] https://launchpad.net/bugs/570983 [18:02] New bug: #576827 in munin (main) "munin-graph crashed with SIGSEGV in FcPatternDestroy()" [Undecided,New] https://launchpad.net/bugs/576827 [18:03] wtf is with all these perl bugs today [18:04] cybrocop_, i think i'll need to rely on jdstrand . but one thing you can do is attach the files that you've linked to . I don't know how permenent that pastebin is, but for permenance its nice to have things attached to a bug. [18:05] has anyone been able to setup an ldap server on lucid? I've been following the guide on https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html but I can't get it to function properly. [18:06] New bug: #576828 in awstats (main) "awstats_buildstaticpages.pl crashed with SIGSEGV in Perl_runops_standard()" [Undecided,New] https://launchpad.net/bugs/576828 [18:06] it may be that I just don't understand what it said, because it's fairly complicated and many things aren't explained at all, but I'm doing precicely what it tells me to, and I keep getting errors like "Invalid credentials". [18:08] the "Setting up ACL" section doesn't tell me anything, actually. How do I configure it like it sais it should be configured? I'm not allowed to perform that search because of invalid credentials. [18:10] jo-erlend: that search command should be: sudo ldapsearch -c -Y EXTERNAL -H ldapi:/// -LLL -b cn=config olcDatabase=config olcAccess [18:10] it's been updated and will be released with an update to the server guide === mathiaz_ is now known as mathiaz [18:11] damn... LDAP is always extra difficult in Ubuntu because the documentation doesn't fit real life. [18:11] New bug: #572674 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_runops_standard()" [Undecided,New] https://launchpad.net/bugs/572674 [18:11] New bug: #581383 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_pad_alloc()" [Undecided,New] https://launchpad.net/bugs/581383 [18:11] New bug: #584115 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_sv_clear()" [Undecided,New] https://launchpad.net/bugs/584115 [18:12] jo-erlend: do you have suggestions to make the documentation better fit real live? [18:12] jo-erlend: the documentation is setup to allow you to get up an running on ubuntu, not necessarily teach LDAP [18:12] New bug: #564522 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_peep()" [Undecided,New] https://launchpad.net/bugs/564522 [18:12] New bug: #571971 in awstats (main) "awstats.pl crashed with SIGSEGV in Perl_pp_or()" [Undecided,New] https://launchpad.net/bugs/571971 [18:12] jo-erlend: You're talking with the person that does the documenation, so this would be a really good time to speak up. [18:14] sommer, well, it wouldn't hurt if someone with experience would just copy and paste the commands from the guide from time to time. I've spent two days reading that document now. [18:14] jo-erlend: the OpenLDAP section was updated extensively for Lucid was there any other commands that didn't work... if so we'll be sure to correct them [18:16] well, after finishing that guide, the users are supposed to be able to change their passwords by themselves, using "passwd" or similar, right? That gives me "invalid credentials" [18:17] jo-erlend: no, that's not necissarily the purpose of the guide [18:17] smoser: I've attached the files. I will be in later if you need anything else. [18:17] sommer, using that command you gave me, I got some results. They're not at all similar to the output you're supposed to get, according to the guide. [18:17] jo-erlend: the guide has ldapscripts: sudo ldapsetpasswd [18:17] cybrocop_, thanks. sorry this is biting you. [18:18] jo-erlend: your output may vary depending on how your server is setup [18:18] that should probably be made more clear in the guide [18:18] sommer, the users are allowed to change their own passwords using those normal tools if you just deactivate unix accounts in pam-auth-config though. [18:18] smoser: NP, I'm glad at least I'm closer to the issue. [18:19] sommer, it's setup exactly as the guide sais. I mean _exactly_. [18:19] jo-erlend: right, the acl section needs updated... does your output look like: http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html ? [18:20] sommer, no. [18:20] I haven't done much testing with the passwd, and other utilities, when using openldap... I usually use ldapscripts or smbldaptools for the other attributes [18:20] sorry... One moment. :) [18:21] sommer, it does. [18:23] sommer, are there many other changes in that new document? I can try it out from scratch in a clean vm and see if it makes more sense to me than the old one. [18:23] oh. [18:25] sommer, are there many other changes in that new document? I can try it out from scratch in a clean vm and see if it makes more sense to me than the old one. [18:26] jo-erlend: not really everything should be current for Lucid. For Maverick we can add information to allow passwd work, or figure out why it doesn't with the current information. [18:26] Does anyone in here have experience with LTSP fat clients? [18:27] anyone here using ebox? [18:27] sommer, I hope to be finished configuring my ldap server a bit sooner than six months from now. :) [18:27] imthenachoman, I did for awhile. [18:27] kpettit: why did you stop? [18:27] it was too basic of config's for the modules I needed. [18:28] jo-erlend: right, what is the end result you're looking for with your LDAP server? [18:28] kpettit: i'm trying to figure out if its worth it? i mean I admin hundreds of unix boxes at work w/o gui, and i prefer CLI, but i dont know if there is any added beneift [18:28] kpettit: cause i will install apache,php,postgresql,and shorewall so .. [18:28] imthenachoman, I think it would cause you more problems then solve if you already know what your doing [18:28] jo-erlend: the OpenLDAP section itself is geared toward generic LDAP server configuration, but we could add another section for Address Book, Central Auth, etc [18:29] kpettit: i like your logic my good man or sir...i like your logic [18:29] kpettit: well thanks [18:29] it's great for somebody new to linux, but fairly restrictive if you already ahve things setup a certian way [18:29] humm k [18:29] cool [18:29] webmin is another good one. [18:29] doesnt work so well with ubuntu from what i hear [18:29] I like webmin a bit better, mainly becuase it has alot more modules and there are more choices. And you can still hand edit most things if you want too [18:30] sommer, I need to use LDAP in order for users to have the same password on their terminal server session and in their web applications. They should be able to change their passwords easily. That's mostly it. [18:30] webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead. [18:30] imthenachoman: There is a bot here too, not just #ubuntu [18:30] imthenachoman, works great for what I use it for. I mainly just use the mysql, fstab, users, and some other simple ones. [18:30] Pici: oh....my bad sir, my bad [18:31] The apache module, and openvpn one such [18:31] well im gonna do things the old fashioned way, i like to know whats going on, what files change [18:31] etc.. [18:31] i dont need openvpn [18:31] I mean suck. I really hate their apache one [18:31] this is more a test/play/learn server for me [18:31] the iptables one is pretty good though. [18:31] im going to use shorewall for firewal [18:31] jo-erlend: I see, the guide should get you most of the way there, but you'll still need to learn more about administering OpenLDAP [18:31] i hear it rocks [18:31] sommer, and if they were able to share addressbooks as well, that would be great. [18:31] there was a shorewall module, but I haven't used it before [18:32] I mainly use arno's firewall. I like it because there is a cli ubuntu config or you can edit a simple text file. [18:32] jo-erlend: you should be good with users with object class posixAccount, inetOrgPerson, etc... ldapscripts makes it easy to add, remove, manipulate objects [18:33] My brain can't hold the complexities of iptables so I liked the simplier arno config. [18:33] jo-erlend: for my users I created a simple web form that uses php5-ldap to change the password attribute... been working great for a few years now [18:33] kpettit: i dont know if shorewall uses iptables but it seems to work [18:34] I don't know of any firewall linux programs that don't use iptables === unreal_ is now known as unreal [18:34] they are all pretty much front ends config tools to iptables [18:36] yeah [18:36] if your using it now you can type "iptables --list" to see the raw rules [18:36] well i got shorewall working so i'll stick with that [18:36] oh cool [18:37] wow...a lot of stuff [18:37] well i know nothing about firewall so i'll stick with shorewall [18:37] Here is the basic iptables info. If anything it will show you some commands you can use to find out how shorewall does things [18:37] https://help.ubuntu.com/community/IptablesHowTo [18:38] sommer, I appreciate your help. In order to preserve my sanity, I'm going to take a little break, but then I'll try that new document in a fresh environment and see if that does the trick. [18:38] sommer, can you recommend a good book about openldap btw? I only have generic ones. [18:39] jo-erlend: you're welcome, I learned using http://oreilly.com/catalog/9781565924918/ but it's waaaayyyy old. https://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book is pretty good too [19:01] !ecryptfs [19:07] sommer, one thing I think is a bit confusing in the guide, is "As an example of modifying the cn... blabla". Is it just an example, or is it necessary and what does it do? [19:08] yep, just an example of how to modify an attribute... i.e. replace this attribute with whichever attribute you'd like to modify [19:28] sommer, ok, everything seems to be working nicely, except for that passwd-thingy. It'd be really nice if I could get that up and running as well. auth.log gives me to identical error messages when I run that command. Is it possible that there is a bug which makes it try to look the user and password from the local /etc/passwd instead of using the ldap directory? [19:30] jo-erlend: not 100% sure... you might check the /etc/pam.d/common-password file, and make sure it has something about ldap... also the /etc/nsswitch.conf file [19:38] they look good to me, anyway. [19:47] jo-erlend: maybe put ldap in front of files in nsswitch.conf... you'll want to be careful though, because you could lock yourself out of the system [19:47] I've tried that already. It had no effect. Unless I need to reload anything? [19:50] so why not use ldapscriptsetpasswd ? [19:51] because the people I'm trying to help are very, very non-geeks. [19:52] you could alias ldapscriptsetpasswd to passwd :) [19:52] heh, the point is that this is a terminal server. The desktop has tools to change your own information, including the password. I'd like to use that. [19:54] ah... not sure how well those tools work with ldap, but should be possible one way or another [19:54] I would think so... Can't find any information on how to set it up though. [19:55] but I suspect that if I get passwd to work as expected, then those other tools would work as well. [19:55] I wouldn't be to optimistic about that... I imagine those tools are hard coded to edit /etc/passwd [19:56] but there are some pretty good gui tools to manipulate ldap... phplapadmin, lat, luna, etc [19:57] I use lat myself, but it's not something I'll expose my users to. [19:58] besides, it's really buggy. [20:03] mdeslaur: throw confetti its done uploaded now we will never mention it again [20:04] zul: you want me to congratulate you on doing your job? :) [20:04] zul: congrats!!!! [20:04] zul: yay!! [20:04] mdeslaur: it would be nice.. [20:04] * mdeslaur pats zul on the back [20:05] mathiaz: ping mysql changed from mysql-dfsg-5.1 to mysql i just uploaded 5.1.47 we need to replace the source package in main with the new version [20:13] zul: so you've merged the new package? [20:14] mathiaz: yep [20:14] i just finished uploading it [20:15] zul: so the next step is to just ask for the removal of mysql-dfsg-5.1 from maverick [20:15] mathiaz: yep [20:16] zul: and let know the archive admins that mysql-dfsg-5.1 has been renamed to mysql-5.1 in order to get the package quickly through the NEW queue [20:16] mathiaz: acked [20:17] sommer, why would anyone hardcode that instead of simply reusing passwd? I know I would have. [20:17] oh... [20:18] nvm. :) [20:31] hey all [20:32] if i have the PID of a process or script, how can i find out what script it is? [20:32] i have a bunch of scripts, and one is not playing nice [20:33] skrite99, ls -l /proc//exe === pgraner-afk is now known as pgraner [20:35] thanks a lot coffeedude [20:36] <|corpse|> ok so after many days of trying i can finaly get though most of the installation of server 10.04. When i get to partitions formatting it jumps to 33% and freezes. any ideas on a fix? [20:59] is ext4 safe for server? [20:59] with lucid [21:03] webPragmatist: should be, however some have reported performance issues... [21:03] webPragmatist: http://www.phoronix.com/forums/showthread.php?t=23149 .. though I'm not sure that those were super scientific tests [21:04] hrm [21:05] hey i'm having another issue… when I run parted it takes forever [21:05] i'm guessing because it's unsure about the floppy [21:05] i get v [21:05] Warning: Unable to open /dev/fd0 read-write (Read-only file system). /dev/fd0 has been opened read-only. [21:05] and it hangs… if i do p free [21:13] RoAkSoAx: hey you around? [21:16] i was wondering… it was suggest to use corosync to link configs [21:16] how can you trust that a node has specific stuff installed ? [21:17] for instance if a node doesn't have a specific apache module installed [21:17] and it gets enabled in the config [21:29] webPragmatist: that's totally admin side [21:29] LOL i'm reading this [21:29] http://coolerq.livejournal.com/89739.html [21:32] RoAkSoAx: after reading that i'm just confused [21:33] what's clusterglue [21:36] webPragmatist: cluster-glue is a package that contains the LRM (which handle the RA's) [21:36] greek [21:36] please use more acronym [21:37] webPragmatist: please refer to [1], there you can find nice Diagrams: [1] http://www.clusterlabs.org/ [21:37] RoAkSoAx: never would have clicked that [21:37] http://screencast.com/t/ZDVkOWYwNjI [21:48] gosh this crap gives me a big ass headache [21:48] pardon my blunt [21:48] ness [21:51] the [21:51] RoAkSoAx: you said use corosync for your logs… can you link me that thesis or whatever it was you wrote up? [21:52] woops - mt :) [21:52] i wish i was a clustering genius…… [21:54] Ok - This may sound dumb - but "mail" doesn't seem to be installed in my system after I installed postfix... What package installs that? === failover_out is now known as failover [22:03] webPragmatist: I never said use corosync for logs. Corosync is the one who does the messaging between nodes, while Pacemaker is the one that does the Resource Management [22:03] sorry configs [22:04] how do you sync like apache sites available and such [22:06] webPragmatist: that you leave to other synchronization tool like csync2 [22:07] ohhhhhhh csync [22:07] thank yo [22:07] you* [22:07] RoAkSoAx: how do you handly upgrades to the software? [22:08] again admin stuff? [22:09] what is the status of xen in lucid [22:09] not so zen [22:10] webPragmatist: yes, but I'm pretty sure there are tools to do that and I'm not aware of [22:10] webPragmatist: you can also take a look at puppet [22:10] well this is probably not AS important [22:11] webPragmatist: if it is a two node cluster, it is not... [22:16] hi smoser [22:16] I just finished the reinstall of Node1 in my euca cluster and the problem is gone on this node. [22:23] RoAkSoAx i'm reading this article… is corosync = openais [22:23] i'm confused [22:24] webPragmatist: don't pay attention to the article :) [22:24] i'm reading http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf [22:25] hey, is there some way I can get info about my users, like when they were created? [22:28] RoAkSoAx: hrm? [22:30] xen is pretty dead in ubuntu? [22:31] incorrect: Yes, where efforts have instead gone into KVM. [22:31] RoAkSoAx: ah As far a I understand the OpenAIS project split up into subprojects. corosync now provides only the cluster communication. Since pacemaker only need the communication in the cluster, this it all we need. [22:31] quote [22:32] bleh i obviously need more playing around with vms [22:51] <|corpse|> Hi, im having trouble installing server 10.04. i can cruz right though the hole install process until i get to the file partition part. I can select my partition i want to use (i have tried several drives now) and every time it will just straight to 33% and freeze up [23:04] I had thought that I setup my mailserver correctly - but when I try to send a test email with "mail" it just hangs... does that suggest a particular issue ? [23:13] nmnmn,m === luis__lopez is now known as luis_lopez [23:27] smoser: I was able to reproduce the problem on a clean install. [23:27] The issue occurs when I try to remove/purge apparmor [23:40] hi. i'm playing with libvirt [23:40] is there any way to get virt-manager on my machine to connect to the root-owned libvirtd without using ssh or something? [23:41] i can ping google but not wget www.google.com, look that http://bpaste.net/show/6680/ any idea? [23:41] if i try to use 'local' it seems to be dbus(orbit/whatever)-acivating a libvirtd instance running as my user. not what i want [23:41] i do have permission to access the libvirt socket, but i don't know how to tell virt-manager to use it [23:50] oh [23:50] there is a virsh path [23:51] ya. works fine with virsh, actually [23:51] and virt-install [23:51] qemu:///system [23:51] ya. i added that using gconf [23:51] it's working now :) [23:51] from man 1 virsh [23:52] please file a bug saying it wasn't as easy as it could be? [23:52] i'm a pretty big fan of how this stuff works [23:52] not a bad idea.