[00:00] <deslector> julianc, ok, thanks
[00:11] <cloakable> dnsmasq is great :)
[00:19] <gop_> how do I mount a freenas smb share, and keep it mounted even after reboot
[00:30] <deslector> gop_, hmm.. /etc/fstab ?
[00:47] <gop_> thanks
[00:51] <gop_> deslector what do you mean /etc/fstab
[00:51] <deslector> gop_, sorry, you should edit /etc/fstab so that the share gets mounted automatically at startup
[00:52] <deslector> gop_, https://help.ubuntu.com/community/Fstab
[00:52] <gop_> k
[00:52] <gop_> thaknks
[00:52] <gop_> smbfs
[02:08] <edwin-sv> hello, how can i repair a bad superblock error in a ubuntu dapper server (sorry, i know that it's a too old release, but i am new in this place :p )
[02:09] <MTecknology> Any of you ever try to put centos on top of kvm? It mostly works but the networking part is being a massive pita...
[02:10] <edwin-sv> the HD has errors and after pass a fsck -p command, do not recognize the filesystem and grub presents an error 17 :(
[02:10] <MTecknology> edwin-sv: http://docs.sun.com/app/docs/doc/805-7228/6j6q7uf0i?a=view
[02:10] <MTecknology> edwin-sv: seems to be what you're looking for
[02:10] <edwin-sv> thanx MTecknology, i will try :)
[02:10] <MTecknology> if grub is complaining - You may need to reinstall grub after fixing this
[02:11] <MTecknology> also... get a new drive - drive errors are usually a bad omen
[02:11] <edwin-sv> ok, i will try that too...
[02:11] <MTecknology> !grub
[02:11] <MTecknology> check out the restore link
[02:14] <edwin-sv> MTecknology: the command newfs isn't present in ubuntu :(  (Display the superblock values with the newfs -N command)
[02:14] <edwin-sv> what can i use instead of newfs?
[02:15] <MTecknology> lemme research google :P
[02:17] <MTecknology> edwin-sv: what's the exact error
[02:18] <MTecknology> http://www.cyberciti.biz/faq/recover-bad-superblock-from-corrupted-partition/
[02:21] <edwin-sv> i try to mount the /dev/sda2 where the system is but it says that i must specify the type of filesystem and when i do that says that there is a bad superblock error
[02:21] <edwin-sv> a bad superblock on /dev/sda2
[02:31] <edwin-sv> MTecknology: when i run dumpe2fs /dev/sda2 says "couldnt find valid filesystem superblock" and it suposed says the number of my superblock /dev/sda2
[02:32] <edwin-sv> i didn't get the output (or similar) like in the example :s
[02:33] <MTecknology> edwin-sv: replace the drive and restore from backup would probly make the most sense..
[02:34] <MTecknology> i'm not much of a recovery expert - best i could say is spinrite might save you long enough to recover data
[02:35] <edwin-sv> the last employee that was watching linux server didn't backup of this drive, as i mentioned early i am new here and i found everything as is :S :$
[02:36] <MTecknology> spinrite is probably your best save - but it takes a while
[03:15] <MTecknology> If any of you are smart with kvm - I could really really use some help
[03:35] <failover> My fastcgi with php on lucid, crash after a few hours of use.
[03:36] <twb> failover: did you check the logs?
[03:37] <failover> i 'm not sure at what log file should i look...
[03:38] <twb> Everything in /var/log
[03:38] <twb> Sort by time to see what logs have been updated recently.
[03:38] <twb> And try looking for keywords like "php" or "apache" or whatever.
[03:41] <skrite> is there a way, if i have a server running a few different services, that i can give resource priority to one service? i run a web, mail, and ivr server. when the system is busy, the ivr gets jittery.
[03:42] <failover> ok,  twb, i will check the logs
[03:43] <twb> skrite: you probably want nice(1) for CPU and ionice(1) for I/O.
[03:43] <twb> These can and should be assigned indirectly via start-stop-daemon(8) where the init script uses that layer.
[03:44] <skrite> twb, thanks
[03:44] <skrite> if nice is not declared for a service, is there a nice level that Linux assumes for it?
[03:45] <twb> IIRC the default niceness is 0 or 10
[03:45] <twb> The manpage should say so
[03:45] <skrite> of course, thanks
[03:51] <failover> Nothing relevant on logs. My fcgi crash on lucid, but when i was using karmic the same happen.
[05:02] <tucemiux> is this a good line to have in your /etc/passwd: nobody:x:65534:65534:nobody:/nonexistent:/bin/s
[05:03] <twb> That's normal.
[05:03] <twb> Why d you ask?
[05:03] <twb> tucemiux: why do you ask?
[05:03] <tucemiux> twb, because I'm looking at some tips on how to secure my ubuntu server and theyre talkinb about making sure user nobody doesnt have a shell
[05:04] <twb> And why do they say to do that?
[05:05] <tucemiux> twb, because user nobody is not supposed to have a shell and I am wondering if that's true and if I should remove the shell from user nobody on my server
[05:05] <twb> Why do you think nobody shouldn't have a shell?
[05:05] <twb> Oh, sorry, I miread you
[05:06] <tucemiux> yeah thats ok
[05:06] <twb> I think you could set it to /bin/false and nothing would break
[05:06] <twb> But I wouldn't bother -- there are doubtless far more important things to lock down
[05:07] <tucemiux> twb, im thinking on setting it to /dev/null - would that break anything?
[05:07] <twb> Like: don't run PHP applications, don't allow password-based SSH access, etc.
[05:07] <twb> tucemiux: I believe /bin/false is the convention
[05:08] <tucemiux> twb, but what if a hacker creates a /bin/false? I would rather use /dev/null but I dont know if that'll break anything, i just installed ubuntu server and am learning along the way, my ssh and web server are up and running flawlessly
[05:08] <tucemiux> I am also very worried about this line: Successful su for www-data by root
[05:13] <tucemiux> twb, i guess Successful su for ww-data by root is nothing to worry about?
[05:15] <twb> That sounds like you started apache and it relinquished its root privileges
[05:18] <tucemiux> I'm using lighthtpd by the way, lighthttpd uses www-var
[05:20] <tucemiux> twb, what's the password for root?  Since it looks like there is a root user on my server: root:x:0:0:root:/root:/bin/bash
[05:20] <twb> root has no password.
[05:21] <tucemiux> dawn
[05:22] <tucemiux> good thing i disabled passwordless ssh logins but unfortunate for me, I didnt disable root login unti an hour ago and restarted my ssh server
[05:35] <SpamapS> tucemiux: you should have a user capable of sudoing to root though.
[05:36] <tucemiux> SpamapS,  yes i can sudo to root, im just wondering why there is a root user and what is the password, thats all
[05:37] <SpamapS> tucemiux: oh there's usually not a root password... its designed to reduce your risk and teach you not to do things as root mostly. ;)
[05:37] <tucemiux> SpamapS, basically, if an unauthorized user is able to gain access to my machine, would they be able to grant themselves root access, im new at this, if you know of any resources thatll help me explain that stuff i will greatly appreciate it
[05:38] <SpamapS> tucemiux: you'd have to really screw things up to make that possible.
[05:41] <tucemiux> SpamapS, i actually did, the good thing is that i didnt allow empty passwords for ssh but I did allow root logins :-(  At least I changed the default port
[05:42] <twb> pam shouldn't allow empty passwords from insecure ttys in any case
[05:42] <twb> But root's password isn't the null (empty) password -- it DOESN'T HAVE a password.
[05:43] <tucemiux> twb, thanks for the clarification, i can sleep well now -- im going to research about denyhosts and keep reading a tutorial i found to secure my ubuntu server
[05:43] <twb> denyhosts blows.
[05:44] <twb> IMO it's better for netfilter rules to recognize and tarpit brute-force attacks, than to periodically scan log files for attackers and append to an ipset table.
[05:49] <tucemiux> twb, netfilet rules?  Is it like ip tables?
[05:50] <twb> iptables is the user interface to netfilter.
[05:51] <SpamapS> I like denyhosts.
[05:51] <SpamapS> I believe it can be changed to execute any command you want to update the local deny listing
[05:51] <SpamapS> hosts.deny is just its default
[05:52] <SpamapS> I do wonder if this starts to hurt performance at some point...
[05:52] <SpamapS> $ wc -l /etc/hosts.deny
[05:52] <SpamapS> 44289 /etc/hosts.deny
[05:53] <twb> Well, Wietse's tcpwrappers will complete more of the handshake before hanging up
[05:54] <twb> Compared to an ipset(8) IP hash, I mean.
[05:54] <tucemiux> twb, can i use netfilter through ssh?  My server is headless
[05:54] <twb> tucemiux: sure.
[06:06] <tucemiux> twb, im already using fail2ban,  should I use netfilter as well?
[06:07] <twb> They do the same job.
[06:08] <twb> It's just a matter of having a hard-coded netfilter rule, vs. having an active log-scanner that edits netfilter (or ipset) rules.
[06:08] <tucemiux> twb, thanks I guess I'll stay with fail2ban then
[06:09] <tucemiux> twb, do you have any recommendations or any resources I can read or for someone who plans on using ubuntu server to have his own ssh, web, and maybe e-mail server @ home?
[06:12] <twb> the ubuntu server guide
[06:12] <twb> Hosting your own mail server is almost certainly not worth the effort
[06:12] <twb> Unless you're doing it for pedagogical reasons, of course...
[06:13] <tucemiux> twb, hosting your own e-mail server is not worth the effort? what makes you say that?
[06:13] <twb> Because it's a major pain in the arse.
[06:13] <tucemiux> and that's a big mighty word you used back there you got me lost in the middle somewhere :-(
[06:14] <twb> I'm sure you can find a dictionary if you care enough
[06:15] <tucemiux> twb, so if I create my own domain as in, mineown.com,  how am I supposed to get e-mail addresses in the form of someone@mineown.com and where would the e-mail server be?
[06:16] <twb> You pay someone like google to do it for you.
[06:17] <tucemiux> twb,  ok so what is the part that is difficult with a e-mail server ?
[06:19] <twb> Hosting your MX records somewhere, setting up a secondary MX, setting up greylisting, making sure you're not an open relay, dealing with being RBLd, etc.
[06:19] <twb> Oh, and don't forget dealing with ISPs that block 25 on residential plans
[06:20] <twb> If you had 100 users it might be worth it; for a single-user home network it isn't.
[06:22] <tucemiux> twb, optimum online offers a service where they open port 80 and port 25 for you and it only costs about $10 a month
[06:22] <twb> Shrug
[06:23] <twb> A whole VPS doesn't cost much more than that, IIRC
[06:23] <SpamapS> these days I still host my vanity domains, but I do not do the MX work.. I leave that up to a barracuda anti-spam appliance that my hosting company provides
[06:23] <twb> Oh yeah, another issue is of course that when your home network goes down, you lose mail (unless/until the other MTAs resend it).
[06:24] <SpamapS> yeah I don't believe having servers at home is a) fun or b) ecologically friendly
[06:24] <SpamapS> Unless they're "servers"
[06:24] <SpamapS> or you have green power at home.. :)
[06:24] <twb> SpamapS: I got rid of mine when I realized it was a glorified NAS with an internet-facing httpd on it.  Now I just plug the disk into the back of my OpenWRT and (ab)use busybox httpd.  Nice and solid-state.
[06:25] <tucemiux> SpamapS,  I have a headless pentium III dua processor machine, does that count ?
[06:26] <SpamapS> twb: nice. :)
[06:26] <SpamapS> tucemiux: no, probably chomping down 1kw of power just to spin those old fans and disks. ;)
[06:27] <twb> Pentium IIIs do have a relatively good power profile, though
[06:27] <SpamapS> tucemiux: though reusing it *does* prevent waste.. so it may be a wash.
[06:27] <twb> Probably not as good as a modern MIPS or ARM or Atom/Geode, though.
[06:27] <SpamapS> True I recall the P3 just died because it was too inflexible to be moved up in clock rate or down in interconnect size.
[06:28] <tucemiux> twb, i can use a router to host a web site?  I''m using tomato on my router, can I use that to host a web site?
[06:28] <twb> tucemiux: you can do anything with anything.
[06:29] <tucemiux> twb, i mean, what youre doing nowadays, youre using your router to host a web site? How does that work?  Itll be awesome if I can do it at home with my router as well, it has the capabilities
[06:30] <twb> tucemiux: er, you just run an httpd
[06:31] <tucemiux> twb, ok so i just a daemon on the server and then what?  I plug a USB device into the router?  Or can I point the router to use a HD in another machine?
[06:33] <twb> That's something you'll have to discuss with the tomato people
[06:34] <tucemiux> twb, I was talking about what you do, I can actually flash my router with OpenWRT
[06:42] <joebob> I have a degraded raid array. i don't know if the disk is bad. do I risk bad things if I try to add the drive back into the array?
[06:42] <joebob> raid 1 btw
[06:42] <SpamapS> joebob: probably
[06:43] <SpamapS> joebob: what caused the drive to be marked as bad?
[06:43] <joebob> SpamapS, not sure. mdadm detail shows Spare Devices : 0 Failed Devices : 0
[06:44] <SpamapS> joebob: look in your kernel log.. maybe just try 'dmesg' first
[06:44] <joebob> says the second drive was "removed"
[06:44] <joebob> SpamapS, what am I looking for?
[06:44] <SpamapS> joebob: anything about the drive
[06:45] <SpamapS> joebob: you can also try 'sudo less /var/log/syslog' ... possible that mdadm or smartd printed messages that won't be in dmesg
[06:45] <joebob> SpamapS, http://pastebin.com/3r6CUQBj
[06:46] <SpamapS> joebob: ahh, so did you forcibly turn off your machine or have a kernel panic, anything like that?
[06:46] <SpamapS> joebob: its entirely possible that things are fine given that scenario.. you just need to re-add it.
[06:47] <joebob> SpamapS, had some power outages recently. just noticed tonight. could have been this way for a month
[06:47] <joebob> SpamapS, do I need to do : sfdisk -d /dev/sda | sfdisk /dev/sdb? or can I just try to add it again?
[06:48] <SpamapS> joebob: you only need to do that sfdisk step if you are afraid that the partition tables got out of sync for some reason
[06:49] <joebob> SpamapS, no not. so how do I add it back in?
[06:49] <twb> joebob: you should first be asking smartctl and hdparm/sdparm for info about the drive
[06:50] <twb> Particularly, run a short test and maybe a long test over the dodgy drive.  If they come back with any errors, get a new drive.
[06:51] <SpamapS> honestly if the data is worth any money at all, just buy a new drive. ;)
[06:51] <twb> If you're physically proximal, also check that the drives have proper airflow and are separated by a gap.  I see a lot of RAID1 arrays where the drives are one atop the other, and the top one dies.
[06:51] <twb> SpamapS: certainly a good rule of thumb.
[06:51] <joebob> SpamapS twb , ok will do thx
[06:52] <SpamapS> One of my favorite WTF's of all time was when I started at [insert previous employer] and notied a yellow drive light on a very expensive disk array..
[06:53] <SpamapS> the admin I was replacing goes "Oh yeah, they do that sometimes, just do this" and pulls it out, counts to 3, pushes it back in. "We'll make sure its green again when we leave, usually takes just a few minutes"
[06:53] <twb> We do that :-(
[06:54] <twb> If it comes up bad twice in a row, then you are confident that its *really* hosed, not just a stupid firmware
[06:54] <SpamapS> Best part was two weeks later when he was gone and I contacted the drive array maker to get 3 replacement drives, they informed me that the company had fallen off support, the drives had special firmware, and w/o support the drives would be $3k each.
[06:54] <twb> ahaha
[06:54] <SpamapS> I informed the president of the company that we needed to spend $9k plus $1k for a tech to come out and verify the array, or the db server might die at any moment.
[06:54] <twb> My customers "can't justify" the expense of support contracts
[06:55] <SpamapS> Guess what happened 4 months later, when we were still on the bad drives?
[06:55] <twb> Which is why I always tell them "OK, first you should call your support number and ask them.  Otherwise I'll charge time and materials and be RTFSing all week."
[06:55] <twb> SpamapS: fortunately your tape backup was only two, not five years, out of date!
[06:56] <SpamapS> A new admin was in the cage, brought a new SCSI disk with him, went to replace 1 of the two failed drives (it was a 6 disk RAID5 w/ 1 hot spare)... but he accidentally pulled one of the green drives.
[06:56] <SpamapS> so the array supporting the database, but not the transaction logs, failed....
[06:56] <SpamapS> which would have been *FINE*
[06:56] <twb> ahaga
[06:57] <SpamapS> there was a snapshot from 2 days earlier... and transaction logs up to the point in time of idiocy
[06:57] <twb> I love when the monkeys do that
[06:57] <SpamapS> but then he makes is REAL genius move
[06:57] <twb> cf. molly-guard
[06:57] <SpamapS> "the Array won't come up, I'm rebooting the array"
[06:57] <SpamapS> meanwhile I'm at home w/ 103F fever.. I'm like "sounds like a bad idea, call the mfgr, pay the support cost and get them out there dude"
[06:58] <SpamapS> nope, he reboots the array, which he discovers is impossible, because it has battery backups..
[06:58] <SpamapS> so he disconnects the power
[06:58] <SpamapS> wiping out the disk configuration..
[06:58] <SpamapS> and the binlogs
[06:58] <SpamapS> 2 days of database transactions, lost
[06:59] <SpamapS> and actually, 3 more days of another database's transactions lost because it was 'less important' and only backed up once per week
[06:59] <twb> Out of curiosity, what was this, db2?
[06:59] <SpamapS> Mysql
[06:59] <twb> Ahahahaha
[06:59] <SpamapS> on Sun
[07:00] <SpamapS> but Sun was not the mfgr of the array
[07:00] <twb> I'll never understand how mysql worms it way into enterprise environments.
[07:00] <SpamapS> anyway... the best part was how they recovered the "less important" data, which was usernames + passwords
[07:01] <SpamapS> mysql is simple
[07:01] <SpamapS> if you understand its limitations, its fine
[07:01] <twb> Hmph
[07:03] <SpamapS> the way they recovered the usernames/passwords that were added / changed was genius.. they had support respond "Oh I'm sorry you can't access the account you created last week. Whats your email address? Ok, yes it seems the account data was locked, I can create a temporary password for you and have it emailed to the address on file." and then just sign them up right on the spot.
[07:04] <SpamapS> If people knew it was happening they could have gotten free accounts, but who cares? nobody knew.
[07:04] <SpamapS> 6 months there felt like 6 years
[07:04] <SpamapS> twb: oh I forgot to laugh really hard at you calling them "enterprise" ;)
[07:05] <twb> It means the women wear miniskirts, and the hardware looks expensive but is actually just painted sheets of plywood
[07:06] <SpamapS> :)
[07:14] <kaushal> hi
[07:18] <trapmax> i have a referer to our website material, which is no longer in use. i also get some log-data regarding to this linking. any ideas on how to get te referring site to drop the link?
[07:21] <twb> Unless you're talking about HTTP, it's "referrer"
[07:22] <kaushal> can someone help me about https://lists.ubuntu.com/archives/ubuntu-server/2010-May/004246.html ?
[08:00] <SpamapS> kaushal: when you say it doesn't start, what do you mean?
[08:01] <kaushal> SpamapS: when i run it by hand using /etc/init.d/resqueweb start it works as expected but does not comeup automatically after boot up
[08:02] <SpamapS> kaushal: does the service listen on a specific IP?
[08:02] <kaushal> nope
[08:02] <SpamapS> kaushal: anything in the boot log?
[08:03] <kaushal> nope
[08:05] <SpamapS> kaushal: so the service isn't even mentioned in /var/log/boot.log ?
[08:05] <Jeeves_> kaushal: Ah, back again! :)
[08:05] <kaushal> SpamapS: cat /var/log/boot
[08:05] <kaushal> (Nothing has been logged yet.)
[08:06] <SpamapS> kaushal: /var/log/boot.log
[08:06] <e_t_> kaushal: you probably need to use the update-rc.d command to tell the computer to start it at boot. Take a look at this - http://www.debuntu.org/how-to-manage-services-with-update-rc.d
[08:06] <Jeeves_> SpamapS: The init-script gets executed, it's just the service called from the init-script that doesn't work
[08:06] <Jeeves_> e_t_: That's done.
[08:08] <SpamapS> the mail formatting screwed up the scripts..
[08:09] <SpamapS> impossible to tell where #'s are preceding a line if the next line is part of the comment or meant to be executed
[08:15] <SpamapS> kaushal: again, nothing in /var/log/boot.log ?
[08:16] <kaushal> SpamapS: nope
[08:16] <kaushal> SpamapS: mail formatting ?
[08:16] <kaushal> shall i pastebin all the scripts ?
[08:26] <SpamapS> kaushal: It might help.. but I'd love to see some logs .. thats weird
[08:26] <kaushal> sure
[08:26] <kaushal> SpamapS: please give me a moment
[08:35] <alktors> Hello! I have a spare computer and I would like to install ubuntu server version on it. Does it have a gui or it is text based?
[08:41] <kaushal> SpamapS: http://fpaste.org/L5BY/
[08:46] <e_t_> alktors: Ubuntu Server is text-based, though you are free to install a gui if you want. Alternately, you can add server packages to Ubuntu desktop.
[08:47] <alktors> e_t_,  Thanks for replying, I want to make a nexuiz server out of it. For example what do you type to get gnome?
[08:49] <e_t_> alktors: I am not familiar with nexuiz. The easiest way to get a desktop is to install one of these: ubuntu-desktop, kubuntu-desktop,xubuntu-desktop. Either ubuntu or xubuntu will give you a GNOME desktop, though xubuntu will be somewhat lighter on resources.
[08:50] <SpamapS> alktors: what is nexuiz?
[08:50] <alktors> e_t_,  Ok, thanks so much! It's a open source shooter.
[08:50] <SpamapS> kaushal: ok, thats a normal init script sure
[08:51] <alktors> SpamapS,  It's an open source shooter.
[08:51] <alktors> SpamapS, http://en.wikipedia.org/wiki/Nexuiz
[08:51] <SpamapS> kaushal: however, if rc had run it, you'd see "Starting ResqueServer: " in /var/log/boot.log
[08:51] <alktors> SpamapS,  It's really fun :)
[08:51]  * SpamapS has been placating his gaming need w/ quakelive
[08:51] <alktors> Thanks for the help e_t_
[08:51] <SpamapS> alktors: for running as a server, just use ssh
[08:51] <SpamapS> alktors: you don't need or want gnome. :)
[08:52] <alktors> SpamapS,  I need to get used to the terminal...I'm not an advanced user:(
[08:53] <SpamapS> alktors: its easier than you think
[08:53] <SpamapS> alktors: and I'd be willing to bet that all you're going to be able to do with gnome is open a terminal
[08:53] <SpamapS> alktors: to help w/ nexuiz I mean
[08:53] <kaushal> SpamapS: i dont see anything in /var/log/boot file
[08:53] <alktors> SpamapS,  :)
[08:54] <SpamapS> alktors: whereas if you just run it w/ regular server settings, you can use putty from windows, or ssh from a mac/linux box, and you don't need to waste time connecting your server to any keyboard/mouse/video
[08:54] <SpamapS> kaushal: */var/log/boot.log*
[08:54] <SpamapS> kaushal: boot.log != boot
[08:55] <alktors> SpamapS,  Ok, thanks. Well I will use ssh then, I migrated to linux for windows....and I have to say I'm so happy.
[08:55] <alktors> SpamapS,  :)It's a bit hard until I get good enough to help myself but it shure deserves the effort.
[08:55] <e_t_> alktors: I have to agree about SSH. It's amazing. Also, the best way to get practice on the command line is to use the command line.
[08:56] <alktors> e_t_,  Hehehehe, yes I think you are right.
[08:57] <kaushal> ws status
[09:01] <SpamapS> kaushal: ?
[09:01] <SpamapS> kaushal: I need to get some sleep.. unless you've got anymore?
[09:02] <kaushal> SpamapS: yeah
[09:02] <kaushal> I did replied to all your questions
[09:02] <kaushal> Do you have something for me ?
[09:10] <SpamapS> kaushal: I need you to look in /var/log/boot.log  not /var/log/boot
[09:11] <SpamapS> kaushal: that should show the messages from your init script. If it doesn't, then your init script isn't running.
[09:14] <SpamapS> kaushal: if they do show, then there's something broken in your start script that is requiring a terminal, and you should contact the resque developers. :-/
[09:14]  * SpamapS passes out
[09:14] <kaushal> SpamapS: is there a way to generate boot.log file ?
[09:15] <SpamapS> kaushal: if its not there, then I don't know what to do. :-P
[09:36] <tdn> I have set up a server with apt-proxy. I experience a few problems with it. (Using depricated Python modules, hangs sometimes, etc.) This made me read a bit up on the application. I got the impression that apt-proxy is a discontinued project. Is this the case? If so, what should I use instead? Apt-cacher? Or something else?
[09:37] <e_t_> tdn: I think the latest is apt-cacher-ng
[09:37] <tdn> e_t_, ok. So is apt-proxy considered depricated?
[09:38] <e_t_> I guess so.
[09:38] <tdn> Ok.
[09:45] <kaushal> is there a way to generate boot.log file on 8.04 server
[09:45] <kaushal> I see /var/log/boot
[09:46] <kaushal> http://ubuntuforums.org/showthread.php?t=49925
[10:18] <kaushal> checking in again for my query
[10:18] <kaushal> is /var/log/boot the same as /var/log/boot.log ?
[10:28] <alvin> kaushal: no, it isn't.
[10:29] <alvin> kaushal: see /etc/default/bootlogd, but read the comments in bug 328881 first
[10:35] <dns53> i'm trying to help someone, they are trying to use bootlogd, we have enabled it in /etc/default/bootlogd,   is there anything else required?
[10:36] <jargon-> i'm trying to find a backport of squid2.7 for hardy. anyone know where i can find it? doesn't seem to be anything for squid in http://packages.ubuntu.com/hardy-backports/web/
[10:44] <alvin> dns53: I think that bug report contains a remark about /etc/default/bootlogd not being safe to enable. What's the trouble?
[10:44] <alvin> Since lucid, Ubuntu has a small bit of boot logging (mountall output), but it's not complete yet.
[10:46] <dns53> alvin it is on 8.04
[10:46] <alvin> dns53: 8.04 has no boot logging at all.
[10:47] <dns53> ok
[10:47] <alvin> What's the nature of the problem you're trying to solve?
[10:48] <dns53> it's not my problem but a person from #ubuntu-au trying to debug his own init script
[10:50] <dns53> his script works correctly when run by himself but does not work as an init.d script
[10:56] <alvin> environment variables are different during boot. Be careful to give full paths to executables
[10:57] <alvin> hmm, no. I'm talking about cron, but I gues the boot environment will be somewhat restricted too
[11:09] <twb> I just created, stopped, and restarted a RAID5 array of: --create /dev/md1 --level 5 -x 0 -n 3 /dev/sd[abc]2
[11:09] <twb> When I start it, I get mdadm: /dev/md1 has been started with 2 drives (out of 3) and 1 spare.
[11:10] <twb> Does that seem right to you?
[11:11] <dns53> raid 5 should be using all 3 drives
[11:12] <RoyK> raid5 on two drives - heh
[11:12] <RoyK> -x 0 == no spares
[11:13] <twb> Exactly!
[11:13] <RoyK> twb: what does /proc/mdstat say?
[11:13] <twb> md1 : active raid5 sda2[0] sdc2[3] sdb2[1] 1464645888 blocks level 5, 64k chunk, algorithm 2 [3/2] [UU_]
[11:13] <dns53> yes has it rebuilt the array?
[11:13] <twb> dns53: not yet; it's a large array
[11:13] <twb> where "large" is "more than 256MB"
[11:14]  * RoyK pats his 50TB opensolaris box
[11:14] <dns53> yes, so it is doing that, you need [UUU]
[11:15] <twb> dns53: any idea how to do so, given that I'm already supplying -n3 -x0?
[11:15] <RoyK> twb: looks like a bug to me - check dmesg for errors
[11:15] <dns53> twb wait for it to build i think, it's been a while since i used raid 5
[11:16] <RoyK> dns53: I really don't think it should show that
[11:16] <dns53> you may be right
[11:16] <dns53> but it does say that it has all 3 drives in the array
[11:17] <twb> I suspect it's just because it won't start syncing to the third drive until the first two are in sync
[11:17] <RoyK> erm
[11:17] <twb> the three-disk RAID1 array for /boot did something similar.
[11:17] <RoyK> that's not how raid5 works
[11:18] <RoyK> raid5 spreads all data across all drives
[11:18] <RoyK> http://en.wikipedia.org/wiki/Raid5#RAID_5
[11:18] <twb> But you can lose up to one drive
[11:18] <RoyK> yes, I know, but it should start all drives at once
[11:18] <twb> RoyK: even when CREATING the array?
[11:19] <dns53> you basically get half on one, half on the second and a checksum on the third, you can loose one of the drives and you have enough info to create the third again
[11:19] <RoyK> yes
[11:19] <dns53> no it creates the two halves on all drives then goes through and creating the checksums for all the blocks
[11:20] <twb> Well, since I have no way to tell it to behave differently, I'll see what happens and check on it tomorrow.
[11:20] <twb> The entire server is just a hot spare for the "real" server, so I don't care too much if it's out of commission for an extra day or two
[11:25] <RoyK> twb: did you check dmesg?
[11:25] <twb> RoyK: yes, there was nothing useful there.
[11:25] <RoyK> k
[11:25] <RoyK> twb: doing some testing here - give me 10 minutes
[11:26] <RoyK> twb: which ubuntu version is this?
[11:26] <twb> 8.04
[11:26] <RoyK> k
[11:26] <twb> Probably about 8.04.1
[11:27] <RoyK> then apt-get update && apt-get dist-upgrade before trying further
[11:27] <RoyK> that'll take you up to 8.04.4
[11:27] <twb> I'd prefer not to do that yet, because it's 8:30PM and it's in another suburb
[11:28] <twb> Just in case it becomes unbootable as a result
[11:28] <RoyK> your choice - but I've never seen that happen on a minor upgrade with ubuntu 8.04, and I've probably been across > 100 such servers
[11:29] <twb> Well, that and I *know* the bootloader and the network configuration were hosed the last time it booted, and it was set up with static config long enough for me to get in.  I haven't tested my fixes for those yet, either :-)
[11:30]  * dns53 has upgraded his server while on the bus
[11:30] <RoyK> twb: you don't need a reboot after such an upgrade
[11:30] <twb> Not normally, but sometimes it fucks up
[11:30] <RoyK> there'll be a new kernel, but the old one will work well until you get there
[11:31] <twb> I remember vividly repeatedly getting into nis vs. screen spinlocks when libc was being upgraded
[11:31] <RoyK> anyway - upgarde before doing more raid stuff
[11:31] <RoyK> 8.04.1 is quite old
[11:31] <twb> Not spinlocks, deadlocks
[11:32] <RoyK> that's a bitch
[11:32] <twb> Basically (IIUC) libc would try to restart nis, but the "finished restarting nis" output would be blocks while screen tried to talk to nis to find out who I was.
[11:33] <twb> One more reason to drop NIS ;-P
[11:33] <RoyK> yeah
[11:34] <twb> That would've been around 2005
[11:36] <RoyK> we're still using nis
[11:41] <RoyK> twb: perhaps try not to upgrade in screen next time :þ
[11:42] <twb> RoyK: but then if your SSH session is killed, you could (worst case) corrupt dpkg's database
[11:43] <RoyK> then login as a local account
[11:43] <RoyK> then use screen with that
[11:47] <RoyK> twb: I can test VM here if you like
[11:48] <twb> RoyK: it won't hurt :-)
[12:20] <RoyK> twb: http://pastebin.com/UT6ne0Sm
[12:20] <twb> Thanks
[12:21] <twb> Apart from algo 2 vs. 4, it certainly looks the same
[12:26] <RoyK> will test with 5 drives
[12:26] <RoyK> see how that works
[12:28] <twb> Now I check again, it says algo 2.
[12:28] <twb> I must've misremembered it as 4
[12:35] <RoyK> wtf can I delete an md?
[12:36] <RoyK> http://pastebin.com/KRaLBTGg
[12:39] <RoyK> twb: from https://raid.wiki.kernel.org/index.php/Mdstat <-- represents the status of each device, either U for up or _ for down. So examples 2 and 6 show 'degraded' arrays with some devices 'down'.
[12:39]  * RoyK sticks to (open)solaris for storage
[13:04] <zul> morning
[13:05] <pmatulis> morning
[13:08] <ttx> zul: yo
[13:09] <ttx> zul, team, everyone: please nominate your favorite server-papercuts before the meeting today.
[13:09] <zul> sure..
[13:30] <sommer> morning
[13:43] <MasterZuFu> what firewalls are available in ubuntu 10.04 server version? I'm looking for the most secure one that's also the easiest to figure out as I'm new to using ubuntu, especially in a no-GUI manor.
[13:44] <pmatulis> MasterZuFu: there is only one f/w and it is called iptables
[13:44] <pmatulis> MasterZuFu: but there are several utilities/frontends to configure it
[13:44] <MasterZuFu> hmmmmmm ok
[13:44] <pmatulis> MasterZuFu: we recommend "uncomplicated firewall" (ufw)
[13:45] <MasterZuFu> alright, i'll look at that up
[13:45] <pmatulis> MasterZuFu: good.  it is installed in the base system
[13:45] <MasterZuFu> oh, really? it's already there?
[13:46] <pmatulis> MasterZuFu: yes.  try 'man ufw'
[13:46] <MasterZuFu> root@li116-92:~# man ufw
[13:46] <MasterZuFu> No manual entry for ufw
[13:46] <MasterZuFu> root@li116-92:~#
[13:46] <pmatulis> MasterZuFu: did you install with the standard ISO?
[13:47] <MasterZuFu> i'm using linode.com, it's a standard VPS install.
[13:47] <pmatulis> MasterZuFu: oh
[13:47] <MasterZuFu> yeah, i'm having to learn slowly but surely how to set this thing up
[13:47] <pmatulis> MasterZuFu: well then, do 'sudo aptitude install ufw'
[13:48] <MasterZuFu> for example, my email wasn't working. couldn't send activation emails with my forum. turns out i had to install the mail functionality first, then a mail front end, and then realize the mail front end (exim4 or something like that), is set default to "local only". yeah...frustrating. lol
[13:51] <MasterZuFu> ok, regarding ufw, or really, the linux firewall...anyone know the best settings to: A) prevent/slow down/stop a DDoS. B) Block all ports but SSH, HTTP, SSL, Webmin, phpmyadmin, and...uh, i guess whatever else I need, and also filter those ports so that they are secure? basically I really want my server to be secure, it doesn't look like it came secure out of the box though.
[14:00] <ttx> smoser: yo
[14:00] <smoser> hey
[14:00] <ttx> smoser: no good news ?
[14:00] <ttx> ok
[14:02] <smoser> no good news to share. so smoser works today. (/me's wife is expecting "any day now")
[14:11] <smoser> so, what is the correct response to the last comment to this bug: https://bugs.launchpad.net/eucalyptus/+bug/450044
[14:11] <smoser> the comment is completely not related to the bug.
[14:13] <ccheney> good morning guys :)
[14:24] <zul> ttx: right now its pulling out the following info from launchpad: http://paste.ubuntu.com/442803/
[14:25] <zul> hey smoser
[14:26] <ttx> smoser: send ----- MARK ----- every 5 min so that we know you didn't have to leave in a hurry :)
[14:26] <zul> smoser: for that bug ask the user to open a new bug
[14:26] <zul> hey ccheney
[14:34] <lau> i am installing kvm on my fresh lucid server x64 install
[14:34] <lau> https://wiki.ubuntu.com/kvm
[14:34] <lau> sudo aptitude install qemu-kvm
[14:35] <lau> The following NEW packages will be installed: ... x11-common{a}
[14:35] <lau> I do not want any x11 stuff on my server, how can I handle this ?
[14:36] <qbitza> Hi guys
[14:36] <qbitza> Will Ubuntu Server 64bit runon an Intel-3450?
[14:37] <qbitza> I've been trying to figure out if Intel's latest 64bit chips are compatible with AMD's 64bit
[14:38] <qbitza> but, the relevant info seems a bit obscured
[14:38] <lau> qbitza: try egrep -c ' lm ' /proc/cpuinfo
[14:38] <qbitza> I haven't actually bought the machine yet
[14:38] <lau> If 0 is printed, it means that your CPU is not 64-bit.
[14:38] <lau> so check manufacturer specification
[14:38] <qbitza> I'm doing an investigation to make sure that what we're buying will run what we want
[14:38] <qbitza> It says it's 64bit
[14:39] <qbitza> I'm just not sure about the AMD / Intel instruction sets
[14:39] <qbitza> There's something about Intel's EM64T being compatible with AMD's 64 bit
[14:39] <qbitza> But EM64T is at end-of-life
[14:40] <qbitza> So, just wondering - who here is runnign 64bit on Intel processors?
[14:41] <qbitza> And is it as good as AMD?
[14:41] <ccheney> qbitza, EM64T is end of life? you sure you aren't thinking of ia64?
[14:41] <qbitza> That's what my vendor told me
[14:41]  * ccheney is running amd64 on intel i7
[14:42] <qbitza> Okay, that should do it then, thanks ccheney.
[14:42] <ccheney> qbitza, http://en.wikipedia.org/wiki/EM64T#Intel_64  that gives some info about the different names intel used for the amd tech
[14:42] <qbitza> Hey, another Q, since I have your attention
[14:43] <TeTeT> smoser: Hi Scott, did you have a minute to look at the uec-describe-cloud tool I wrote? Would be nice if it got go to the standard uec tools :) If this is not too ambitious
[14:43] <qbitza> Virtualization: Xen / KVT / VirtualBox?
[14:43] <ccheney> qbitza, it appears ia64 may getting ready for EOL though, that is a completely different arch
[14:43] <qbitza> That's the one that's NOT AMD compatible, right?
[14:44] <qbitza> KVT = KVM, sorry
[14:44] <smoser> TeTeT, i'm sorry that i've ignored that so far.
[14:44] <smoser> I don't have any real objections to putting it in cloud-utils
[14:44] <ccheney> qbitza, yea ia64 is the VLIW design Intel did with HP, etc and that never really took off, microsoft finally announced it was dropping support in april
[14:44] <smoser> i haven't read over it though. just what you wrote in the email.
[14:45] <qbitza> ccheney, Okay. I was just worried there that they might've started switching to something else again when this Vendor told me EM64T is EOL.
[14:45] <ccheney> qbitza, vendor was most likely confused
[14:46] <ccheney> qbitza, or intel just renamed amd64 yet another time
[14:46] <qbitza> ccheney, Probably teh vendor's confused
[14:46] <qbitza> ccheney, They ARE a WinTel house ...
[14:47] <ccheney> ok
[14:47] <TeTeT> smoser: ok, you want to look at the code for sure, it's one of the first python scripts I wrote
[14:49] <oru_work> greetings. With postfix/dovecot can someone please remind me how to blacklist domains? I remember there is a file you can edit to do so I just don't remember which file
[14:57] <lau> why do I need some libpulse0, vorbis, x11-common packages when aptitude install qemu-kvm on a lucid server install ?
[15:00] <lau> even sudo aptitude install -s -R qemu-kvm needs these packages
[15:13] <elb0w> would have to look at the source code to know how to answer than question
[15:16] <alvin> Are you sure qemu-kvm is the right package? Using taksel, ubuntu-virt-server will be installed, and that contains kvm, libvirt-bin and openssh-server
[15:18] <alvin> lau: ok, digging a bit further, you are right. It's qemu-kvm. I guess you can install it with the -R switch to disable installation of recommended packages if you don't need them
[15:29] <oru_work> greetings. With postfix/dovecot can someone please remind me how to blacklist domains? I remember there is a file you can edit to do so I just don't remember which file
[15:33] <AivarasKivilius> Hello, I have something bad with ubuntu server, then i try to access file myip/testing.php (<? phpinfo(); ?>) it works, but if only myip/ it wont show index file, just give ne a download something phtml file with random name... What to do?
[15:34] <lau> hello alvin, point is even with -R switch, the qemu-kvm package installation requires libpulse0, x11-common and others
[15:35] <lau> where should I dig to understand why qemu-kvm needs them ? (I am trying to install on a server)
[15:35] <AivarasKivilius> Here is my server info: http://82.135.231.154/testing.php I think it can help for someone say, whats wrong in my server.
[15:36] <pmatulis> oru_work: have postfix inspect the mail headers
[15:47]  * kirkland notes he didn't file this; but only triaged it wishlist
[15:48] <hggdh> heh
[15:49] <hggdh> kirkland: BTW -- I tested trying to create more than 512 volumes on UEC, got an OOM there
[15:49] <kirkland> hggdh: did you bump up the loop devices?
[15:50] <hggdh> kirkland: yes, to 512, using Etienne's rig
[15:50] <hggdh> kirkland: but I still do not have console access, so cannot open a bug right now
[15:52] <alvin> lau: on what distribution?
[15:52] <alvin> lau: I can't confirm the x11-common. You're probably mistaken. Another package will want to install it.
[15:57] <kaushal> hi
[15:58] <kaushal> https://lists.ubuntu.com/archives/ubuntu-server/2010-June/004247.html
[15:58] <kaushal> is there a way to create boot.log ?
[15:58] <kaushal> I have deleted it
[16:00] <oru_work> I'm trying to blacklist a domain by editing /etc/spamassassin/local.cf and adding something like blacklist_from *@gmail.com as well as user@gmail.com and it has no effect. The mail still gets delivered to maildir
[16:07] <jiboumans> morning folks
[16:16] <sommer> high
[16:18] <kaushal> checking in again for my query ?
[16:18] <kaushal> https://lists.ubuntu.com/archives/ubuntu-server/2010-June/004247.html
[16:21] <RoyK> kaushal: you should find the boot log in /var/log/messages
[16:21] <kaushal> RoyK, it was there already i deleted it
[16:22] <RoyK> you deleted what?
[16:23] <kaushal> boot file under /var/log
[16:24] <RoyK> wtf? http://pastebin.com/JCTP2DAX
[16:25] <_tydeas_> When i login in ubuntu server i get a pretty nice header about temprature etc of the machine? where is this located? And how can i call it after being logged in?
[16:27] <RoyK> _tydeas_: it's in /etc/motd, a file generated by the system - grep through /etc to find where
[16:27] <lau> alvin: it is lucid server x64, I just http://paste.ubuntu.com/442851/
[16:28] <lau> alvin I sudo aptitude update && sudo aptitude safe-upgrade just before
[16:28] <lau> $ cat /etc/issue
[16:28] <lau> Ubuntu 10.04 LTS \n \l
[16:28] <simplexio> _tydeas_: lanscape_sysinfo
[16:29] <simplexio> _tydeas_: landscape-sysinfo
[16:29] <binBASH> 2 typos in one command ;)
[16:30] <binBASH> jdstrand: Btw. I found out why I couldn't clone in virt-manager.
[16:30] <oru_work> how can I check which version of spamassassin I have installed ?
[16:31] <lau> http://doc.ubuntu.com/ubuntu/serverguide/C/libvirt.html#virtual-networking (I just replaced kvm by qemu-kvm for lucid install)
[16:31] <jdstrand> jdstrand: oh?
[16:31] <jdstrand> heh
[16:31] <jdstrand> binBASH: oh?
[16:31] <binBASH> jdstrang: I had to change directories in host settings, because I didn't store the virtual machine images in the default folder.
[16:32] <binBASH> jdstrand btw. :)
[16:32] <jdstrand> interesting
[16:33] <binBASH> jdstrand: it defaults to /var/lib/libvirt/images
[16:33]  * jdstrand nods
[16:33] <binBASH> and I had my images in /srv/virtual-machines
[16:33] <binBASH> so it didn't find them and was unable to clone.
[16:33] <jdstrand> oh, I see, the xml had a different path and it didn't exist
[16:34] <Daviey> kirkland: The only other merge blocker is http://paste.ubuntu.com/442852/ .  Which looks like simply the handling of axis2_svc_generated.patch..  Can this be dropped do you think?
[16:34] <binBASH> I just rightclicked the machine host in the virt-manager and there you can change Host Details
[16:34] <binBASH> not the vm itself
[16:35] <binBASH> there I add the other directory and then it worked
[16:35] <jdstrand> cool
[16:35] <binBASH> yeah, I'm quite happy now ;)
[16:40] <oru_work> cat /etc/issue only shows ubuntu version, but not release name is that normal ?
[16:42] <binBASH> oru_work: you can type lsb_release -a instead
[16:48] <kirkland> Daviey: i think we can take upstream on that one too
[16:49] <Daviey> kirkland: Cool, in that case i have 16/17 patches to carry
[16:49] <Daviey> which all apply cleanly
[16:56] <corpse> does anyone know if  i can use transition to download files directly to my fileserver?
[17:02] <Daviey> kirkland: Do you have a moment to review the delta?
[17:40] <ayi> I recently upgraded a hardy server install to lucid. Afterwards, openssh became unreachable through a port forwarded NAT router, although accessible on the local network. Does lucid introduce some sort of blocking mechanism for non-local IPs?
[17:42] <SpamapS> ayi: unreachable as in it times out, or refuses connection?
[17:43] <ayi> it hangs forever
[17:47] <SpamapS> ayi: ok are you sure your IP didn't change?
[17:48] <ayi> yes, other port forwards work fine.. also changing the port forward to a different machine works
[17:48] <ayi> might there be some sort of apparmor trickery going on?
[17:49] <jdstrand> ayi: not unless you created an apparmor profile for openssh. Ubuntu does not ship one
[17:49] <SpamapS> I am still not very familiar with apparmor
[17:49] <jdstrand> sudo aa-status
[17:50] <jdstrand> that ^ will tell you if it is confined, and looking in kern.log will tell you if apparmor is blocking stuff
[18:04] <elb0w> if I have an up and down statement in /etc/network/interfaces why when I bring it down then up using ifconfig it removes the routes?
[18:11] <RoyK> elb0w: static routes?
[18:11] <elb0w> yeah
[18:12] <RoyK> http://www.ubuntugeek.com/howto-add-permanent-static-routes-in-ubuntu.html
[18:13] <elb0w> I have done this RoyK
[18:13] <elb0w> however if I do ifconfig eth3 down
[18:13] <elb0w> however if I do ifconfig eth3 up
[18:13] <elb0w> it does not reapply the routes
[18:13] <elb0w> only removes them
[18:13] <elb0w> however /etc/init.d/networking restart
[18:13] <elb0w> will apply the routes
[18:13] <RoyK> ok - sorry - no idea
[18:14] <elb0w> np not a major issue
[18:14] <elb0w> just inconvenient
[18:14] <RoyK> try ifdown/ifup
[18:14] <RoyK> instead of ifconfig
[18:17] <elb0w> Any idea why I get this when trying to stop service? http://pastebin.org/298735
[18:19] <elb0w> Any idea why I get this when trying to stop service? http://pastebin.org/298735
[18:20] <pmatulis> no
[18:20] <pmatulis> no
[18:21] <RoyK> elb0w: try /etc/init.d/postfix stop
[18:22] <elb0w> now I get those errors whenever I run insserv
[18:29] <kirkland> ccheney: ping
[18:34] <incorrect> so where is it that ethx gets mapped to ethy?
[18:41] <ccheney> kirkland: sorry my xchat crashed
[18:42] <ccheney> kirkland, whats up? :)
[18:43] <kirkland> ccheney: hey
[18:43] <kirkland> ccheney: was wondering if you have your cloud up and running
[18:43] <kirkland> ccheney: and also if you have a fix in testing for https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/579942
[18:43] <ccheney> kirkland, not yet, i still have no AC should get it fixed today or tomorrow morning, also have been busy with the OOo security update this morning
[18:43] <kirkland> ccheney: kees added a comment to that bug with instructions on fixing
[18:44]  * ccheney checks to see if he has any ports available upstairs as its only place with semi-working air conditioning
[18:44] <kirkland> Daviey: smoser: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/432154
[18:46] <ccheney> kirkland, i should be able to fix 579942 on my laptop, will have to see if the systems can take the heat in the room where the switch is though
[18:46] <ccheney> kirkland, otherwise i might not be able to test it until i get my ac working again
[18:47] <ccheney> i have a portable ac unit but it seems to not work too well in mid day, but i could probably get it tested tonight using it
[18:48] <kirkland> ccheney: do you have mumble access?
[18:48] <ccheney> kirkland, yea let me see if i can get it to log in
[18:48] <ccheney> i haven't used it in a month or so
[18:49] <ccheney> hmm claims i don't have right password, looking it up now
[18:54] <SpamapS> anybody have a good solution for mumble feedback?
[18:54] <SpamapS> whenever I use it.. it just loops all over itself until all I hear is chirping and screeches
[18:54] <SpamapS> unless I use my noise cancelling bluetooth
[18:54] <mathiaz> SpamapS: I'm using push-to-talk
[18:56] <SpamapS> mathiaz: right at least when I do that, it stops when I let go.. but in a long sentence, it gets worse and worse
[18:57] <mathiaz> SpamapS: hm - usually it's an issue with the settings in mumble
[18:58] <mathiaz> SpamapS: you may wanna redo the settings correctly
[18:58] <SpamapS> mathiaz: I have been through the audio wizard a few times, thats usually where the worst feedback manifests. :-P
[18:58] <SpamapS> mathiaz: but when I go through w/ the bluetooth.. everything is nice and quiet.
[18:58] <ccheney> kirkland, can you hear me? i think i need to determine how to do push to talk
[18:58] <mathiaz> ccheney: we can hear you for the time bein
[18:58] <mathiaz> ccheney: being
[18:58] <ccheney> ccheney, ok
[18:59] <mathiaz> ccheney: hm - *can't*
[18:59] <mathiaz> ccheney: we cannot hear you
[18:59] <ccheney> mathiaz, ok will try testing again
[19:01] <zul> umm...meeting now?
[19:01] <mathiaz> zul: yes
[19:07] <Nicd^> I'm trying to install Ubuntu Server 10.04, but it complains that my CD is malformed. I dowloaded the image a second time and burned it again and verified (with OS X's Disk Utility), but it still complains. Can there be a problem with the 32-bit image on the website?
[19:14] <ThomasG33K> Whats the best method to send email reports to your external email? Do I have to install an smtp server just for that?
[19:14] <ThomasG33K> I meant log reports
[19:15] <EtienneG> ThomasG33K, nullmailer, perhaps?
[19:15] <EtienneG> I do not know it much, but it seems to do the job for send-only
[19:15]  * ThomasG33K looks it up on google
[19:16] <EtienneG> ThomasG33K, apt-cache show nullmailer
[19:16] <ThomasG33K> sudo apt-cache show nullmailer
[19:16] <EtienneG> will give you a bit of info
[19:16] <ThomasG33K> got it
[19:17] <cloakable> You don't need to run apt-cache using sudo :)
[19:18] <ThomasG33K> yeah forgot about that xD
[19:19] <ThomasG33K> When it gives me configure nullmailer, it asks for smart hosts. What does it mean?
[19:21] <ThomasG33K> Is it for specifying an smtp server to use?
[19:21] <ThomasG33K> thought nullmailer was a basic smtp or MTA server
[19:24] <ThomasG33K> sudo apt-get remove nullmailer
[19:24] <ThomasG33K> sorry dont like it
[19:25] <ThomasG33K> thanks for idea thought
[19:25]  * ccheney wishes he lived somewhere cold right now
[19:36] <Nicd^> on my computer the md5sums of ./install/netboot/ubuntu-installer/i386/initrd.gz and its entry in md5sum.txt match, but my server says the file failed md5 checksum verification. what could this be? I've already tried with two different cd's and verifying the result after burning
[19:41] <ItalicBold> greetings, can someone help me with an apache2 issue?
[19:45] <funkyHat> !ask | ItalicBold
[19:45] <ccheney> ttx, 551901 SRU doesn't seem to make much sense (at least to me) by the time 10.04.1 comes out 2000 SP4 will be no longer supported for for extended support by Microsoft
[19:45] <ccheney> ttx, though if its a more generic fix for something perhaps its still useful
[19:46] <ttx> ccheney: that's an interesting point -- though we had quite a few people bitten by that, so that would prove a lot of people still run W2000
[19:46] <ccheney> ok
[19:47] <ttx> ccheney: and it used to work alright
[19:47] <ccheney> ok :)
[19:47] <ttx> ccheney: but I didn't know the deadline was so close
[19:48] <ttx> a *lot* of DCs are running W2000SrvSP4
[19:48] <ttx> that should hurt them badly :)
[19:48] <ccheney> its apparently july 13
[19:48] <ccheney> http://support.microsoft.com/lifecycle/?LN=en-us&x=17&y=11&p1=7274
[19:49] <ccheney> heh more money to microsoft or conversions to linux soon :)
[19:50] <ItalicBold> sorry :P ok i have just done a new server intallation with lamp and i have edited /etc/apache2/apache2.conf and added the following lines:
[19:50] <ItalicBold> ServerSignature Off
[19:50] <ItalicBold> ServerTokens Prod
[19:50] <ItalicBold> I have restarted the apache service however I am still getting "Server	Apache/2.2.14 (Ubuntu)" in the response header. the above shoule make it just return "Server	Apache".
[19:51]  * ccheney found out that the AC repair will be done tomorrow morning at 11am, a full week without working AC, ugh :(
[19:54] <EtienneG> ccheney, you have my sympathy
[19:55] <ccheney> EtienneG, thanks :) it'll be up to 37C later this week, so hopefully it really is fixed tomorrow
[19:55] <EtienneG> ouch!
[19:55] <EtienneG> that gives you the urge to go to the mall!
[19:55] <EtienneG> ccheney, if I where in your shoes, I would be working at Starbucks!
[19:56] <EtienneG> and all my sympathy for wife, the timing couldn't be worse for her ... :(
[19:56] <ccheney> EtienneG, yea
[19:56] <hggdh> smoser: let's talk about your request to marjo in a few? Right now I have to recover EtienneG's rig
[19:56] <smoser> k
[19:57] <ccheney> EtienneG, yea, not good for her, and getting my server stuff running only works at night when i can get my little portable ac to work good enough
[19:57] <ccheney> EtienneG, i had to do a lot of security work for OOo today so luckily didn't lose any work time due to the outage
[19:59] <EtienneG> and I was complaining about my 32C last week ...
[20:00] <hggdh> EtienneG: come to Texas... Dallas is a nice place also, with 37+ expected this week
[20:01] <EtienneG> hggdh, I bet
[20:01] <EtienneG> I like it cool
[20:01] <EtienneG> except during the holidays
[20:01] <EtienneG> I mean, the summer one
[20:01] <hggdh> heh
[20:03] <Nicd^> on my computer the md5sums of ./install/netboot/ubuntu-installer/i386/initrd.gz and its entry in md5sum.txt match, but my server says the file failed md5 checksum verification. what could this be? I've already tried with two different cd's and verifying the result after burning
[20:03] <oru_work> can anyone recommend a ticket support software that would let me create statistics possibly in the form of charts/graphs after some period of time ?
[20:04] <alexm> ItalicBold: instead of editing apache2.conf maybe you can try with /etc/apache2/conf.d/security ?
[20:04] <alexm> i see there's a servertokens value there (at least on lucid) that probably overrides your previous value in apache2.conf
[20:05] <ItalicBold> ah
[20:05] <ItalicBold> thanks
[20:05] <ItalicBold> i see
[20:05] <ItalicBold> will try now
[20:05] <hggdh> EtienneG: the euca 1.6.2-0ubuntu30.1 seem to have already vanished from -proposed, probably on their way to -updates
[20:06] <hggdh> EtienneG: so we will have to wait to update them. Meanwhile, I will bounce euca on the CLC, Walrus, CC, and SC to recover the memory
[20:06] <EtienneG> hggdh, glad to hear that
[20:06] <EtienneG> hggdh, feel free to reboot the entire cloud if it is faster for you
[20:07] <hggdh> EtienneG: will reboot, then, faster
[20:07] <ItalicBold> thanks alexm, that worked
[20:08] <alexm> cool :) i didn't know that security file, i just grep -ri servertokens /etc/apache2 ;)
[20:09] <hggdh> EtienneG: rebooting now (CLC, Wlarus, CC, and SC). NCs were not affected
[20:12] <funkyHat> ItalicBold: look in /etc/apache2/conf.d/security -- that is probably where you should make your server signature settings
[20:12] <funkyHat> ItalicBold: oh, someone already answered -_-
[20:26] <oru_work> how would I extract .tar.gz file ?
[20:26] <Pici> oru_work: tar xzvf file.tar.gz
[20:35] <ccheney> oru_work, tar xvf is good enough on newer versions of tar to extract any compression format it happens to know about
[20:35] <ccheney> oru_work, z specifies gzip in particular
[20:54] <corpse> does anyone know if  i can use transition to download files directly to my fileserver?
[20:55] <RoyK> transition?
[20:55] <corpse> err sorry, transmission
[20:55] <RoyK> transmissioncli works for me
[20:56] <VadimCK> transmission-daemon also will work, has a built in web-gui
[20:57] <hggdh> kirkland: wasn't there a bug on memory leak on qemu-kvm?
[20:57] <kirkland> hggdh: libvirt
[20:57] <hggdh> kirkland: ah, thank you
[20:57] <kirkland> hggdh: i need to re-upload that
[20:58] <hggdh> kirkland: k
[20:58] <kirkland> hggdh: how late are you around today?
[20:58] <hggdh> kirkland: as late as you need me to be ;-)
[20:59] <kirkland> hggdh: heh, okay, i want to catch up with you on one thing in a bit
[20:59] <kirkland> hggdh: but i need to have 2 other conversations first
[20:59] <hggdh> kirkland: np
[21:00] <sommer> mathiaz: I have an openldap-dit-package ready for review: https://launchpad.net/~asommer/+archive/ppa/+packages, I probably missed something, but if you could take a look :)
[21:00] <sommer> or advise on the next step
[21:07] <mathiaz> sommer: do you have everything in a bzr branch?
[21:08] <sommer> mathiaz: yep, I've just been updating https://code.launchpad.net/~asommer/openldap-dit/openldap-dit-split
[21:08] <mathiaz> sommer: ok - I'll have a look at it then
[21:08] <sommer> mathiaz: coolio, thanks
[21:15] <NativeAngels> hello has anyone here installed ubuntu on a sunfire v100
[21:46] <hggdh> smoser: there?
[21:46] <smoser> yes
[21:47] <hggdh> smoser: so, what do you need to get done? marjo asked me to follow up with you
[21:48] <smoser> i think we're set
[21:48] <smoser> slangasek took care of it.
[21:48] <hggdh> oh, OK.
[21:49] <smoser> hggdh, are you on release team ?
[21:49] <hggdh> smoser: me poor humble self? no...
[21:49] <smoser> and are you likely to be the person who would be asked to popuulate http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all in the future for the ec2 images ?
[21:50] <hggdh> smoser: I *might* be, but I never did it, and am unsure if I have the access. I would say ara, though
[21:51] <smoser> ok. yeah, i was going to say that if you did end up with that job (and had access) that you would want to get the script to do it from slangasek
[21:52] <hggdh> at least it is good to know which door to knock if needed :-)
[22:02] <mikel> Hey all - I'm having some difficulty with sudo-ldap. Most LDAP functionality is working fine, users can login and so on, but they can't sudo at all - auth.log reports '3 incorrect password attempts' rather than 'you're not allowed sucka', but the passwords work just fine for the purpose of logging in via ssh in the first place.
[22:57] <NativeAngels> has anyone here used a sunfire v100
[22:58] <Elad> I am attempting to create a cert and I am at the part where I create a .csr, and it is not liking my common name, which I put as *.mydomain.com <--- Isn't this legit?
[22:58] <soren> Elad: I believe it is, yes.
[22:58] <soren> Elad: What's the error message?
[22:59] <Elad> The name entered in the CN(Common Name) field of the CSR MUST be the fully-qualified domain name for the Web site you will be using the certificate for (e.g., \"www.domainnamegoeshere.com\"), or a valid Intranet domain name. Do not include the \"http://\" or \"https://\" prefixes in your common name. The common name cannot include spaces. Do NOT enter your personal name in this field.
[22:59] <Elad> and I'm not including that stuff... so I am confused as to why it is angry with me
[22:59] <soren> NativeAngels: What's your question?
[22:59] <soren> Elad: What are you using to create it?
[23:00] <Elad> openssl req -new -key domain.key -out domain.csr
[23:00] <Elad> via, godaddy
[23:00] <Elad> I mean, the cert I am attempting to get is via godaddy
[23:01] <Elad> I am generating everything on my ubuntu server
[23:02] <soren> Elad: openssl happily accepts *.foobar.com for me.
[23:02] <Elad> it accepts it from me
[23:03] <soren> Elad: ....so what's the problem again?
[23:03] <Elad> it is when I go to request my cert from godaddy that I am getting problems
[23:03] <soren> Elad: Ah.
[23:03] <Elad> so I was making sure that I was creating it correctly
[23:04] <soren> Elad: They may not accept such requests. Not all do. Some do, but demand a higher fee for *.example.com style certs.
[23:04] <Elad> when I click on the help file it tells me I can do *.example.com
[23:04] <Elad> k, I will take it up with them; Thanks for the help
[23:05] <soren> Elad: Looking at their website, they do support it, but you need to choose "single domain with unlimited subdomains (wildcard)".
[23:08] <ajmitch> soren: you probably know better than I - what's the reason for adding netbase to dependencies? it's the only change to heimdal that we're carrying at the moment
[23:09] <Elad> soren, right you are; I will just register the 2 I need since I bought the 5 pack
[23:10] <soren> ajmitch: Hm.... That sounds vaguely familiar. Let me check.
[23:11] <ajmitch> it seems to have been added quite awhile ago, so I'm trying to find out if I need to keep it :)
[23:11] <kirkland> hggdh: around?
[23:12] <kirkland> hggdh: do you have time to mumble?
[23:12] <hggdh> kirkland: I sound like a chipmonk on mumble
[23:12] <hggdh> what about calling my cell?
[23:12] <kirkland> hggdh: sure
[23:12] <kirkland> hggdh: pm your number
[23:22] <soren> ajmitch: I think it may be a mistake, but I'm still looking.
[23:23] <ajmitch> I've found some old bugs about netbase in debian & ubuntu being different with regards to depending on an inetd
[23:23] <ajmitch> but that doesn't seem relevant anymore
[23:24] <ajmitch> & the last mention of netbase with heimdal was a merge where it was unsure why it was kept :)
[23:30] <soren> ajmitch: I think what really happened is that when Debian dropped the netbase dependency, whoever did the next merge messed it up.
[23:31] <ajmitch> ok, as long as I can convince the archive admins of that, it'll get synced then
[23:31] <ajmitch> thanks for checking up on it
[23:32] <soren> ajmitch: Sure thing.
[23:36] <ajmitch> looks like the other change carried was fixed in debian more than 2 years abgo