/srv/irclogs.ubuntu.com/2010/07/30/#ubuntu-server.txt

=== twister004_ is now known as twister004
Doonz	dksad	00:32
zul	mathiaz: fyi i got an updated version of openldap with ufw profile and apport ready to go	00:58
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
brando753	hello everyone I have set up my server I have installed ISPConfig but now I would like to know how to get it live so my three diffrent domains point to my diffrent sights how would i do this? How would i get a domain to point to my ip?	01:01
=== ian_brasil___ is now known as ian_brasil
mathiaz	zul: great!	01:59
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
uvirtbot	New bug: #611526 in openldap (main) "package slapd 2.4.21-0ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 143" [Undecided,New] https://launchpad.net/bugs/611526	02:37
=== rmk_ is now known as rmk
=== metcalfc_ is now known as metcalfc
chewbranca	what applications do you guys use for server monitoring? looking for something much simpler than nagios and that has an android app or rest api to allow for mobile monitoring and notifications	03:21
ball	ping? :-)	03:22
chewbranca	ping doesn't help you get notifications about load average or service availability	03:22
ball	I know, I was just being facetious. I'll be interested to see what other people suggest though.	03:23
chewbranca	hahahha yeah wasn't sure, legitimate point though	03:24
chewbranca	I've been playing with zenoss and its still rather complicated, I would also need to build custom solutions for monitoring my applications and an android app, plus I would need to run it on a dedicated box	03:25
=== hggdh is now known as hggdh\|away
kimi_	Good Night	04:49
kimi_	Does anybody has experience setting up a Radius server in Ubuntu?	04:50
Shapeshiftr	Hey, what's the package for Mono again?	04:52
Shapeshiftr	I installed it on my other Ubuntu server, just forgot how.	04:52
=== rmk_ is now known as rmk
processroute	can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?	05:34
processroute	can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?	05:51
processroute	can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?	06:06
twb`	!repeat	06:09
ubottu	Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. You can search https://help.ubuntu.com or http://ubuntuforums.org while you wait.	06:10
processroute	twb': i should wait more than 15 min?	06:10
twb`	Yes.	06:10
twb`	More like an hour or three.	06:10
processroute	IRC is live chat?	06:10
processroute	email/forums are 1 - 3 hrs	06:10
twb`	Kids these days	06:11
processroute	yep, we want everything faster	06:11
twb`	If an email arrives the same day it's sent, you should consider yourself lucky	06:11
processroute	when i email people, i expect to hear back within hours	06:11
processroute	i almost always do too	06:12
sweetpi	thats because they want to talk to you	06:12
processroute	sweet3.1418: that could well be it	06:13
processroute	guampa's writing a semi-solution to it on ubuntuforums, and i've posted ideas to fix it on brainstorm.ubuntu.com	06:14
twb`	Is this your question? "Is there a way to bind specific programs to specific network devices (not IPs, since I have dynamic IPs)?"	06:15
processroute	twb`: affirmative	06:16
twb`	You should have just posted that, rather than linking to a page that contains it.	06:16
twb`	To answer your question: no, there's no generic way to achieve that.	06:16
processroute	twb`: i couldn't find it on the internet, so i thought others might have the same question and want it on the internet	06:16
processroute	twb`: its in the kernel?	06:16
processroute	the restriction to do that	06:17
twb`	Best practice is to bind to all addresses, and set up a firewall.	06:17
processroute	twb`: like change the route and use iptables to route programs (though iptables will not route PIDs)	06:18
processroute	twb`: also having dynamic ips makes it difficult to bind to addresses instead of network interfaces	06:18
twb`	Are you making a statement, or asking a question?	06:19
processroute	twb`: making a statement, re-affirming its not possible to do that	06:20
=== twb` is now known as twb
processroute	twb: what are users supposed to do that have two vpn services with their vpn services having different ip addresses, or users with two isps?	06:27
twb	processroute: er, assign different ports?	06:36
twb	I have two OpenVPNs and one vpnc terminating on my laptop, and it Just Works	06:36
processroute	twb: you never have the urge to run one program through the vpnc device tun0 and others through the VPN apps?	06:46
twb	Er, no.	06:47
twb	Even if I did, it's still just be a matter of writing firewall rules.	06:48
jefimenko	i'm in the middle of an ubuntu install at a point where it's asking me which partition to install grub on. no matter what i select, the following page tells me that i haven't chosen any partitions to install grub to and asks me to confirm. is there any way that i can manually install grub from here to ensure that my system reboots properly?	07:39
kim0	jefimenko: dont really know .. but u can try installing on /dev/sda itself .. not on a partition	07:43
PlainFlavored	what is ubuntu enterprise cloud?	07:44
jefimenko	kim0: i tried selecting that too	07:44
jefimenko	is there a way to escape into a shell and manually do it?	07:44
jefimenko	it's very important that this server reboots properly since i am doing the install remotely	07:45
jefimenko	it will be 10x as much work if it doesn't :(	07:45
kim0	jefimenko: r u in text installer ?	07:45
jefimenko	i think it's freaking out because i chose manual package selection during the install process	07:45
jefimenko	kim0: yes	07:46
kim0	jefimenko: wouldn't ALT+F2 or other Function numbers, get u on a shell	07:46
jefimenko	because i've done other remote installs just like this one	07:46
jefimenko	never had this problem... but i was stupid to try selecting extra packages to install now	07:46
jefimenko	kim0: yes, i can get instal a shell that way	07:49
jefimenko	kim0: but i'm not familiar with the install environment	07:49
jefimenko	i'm a little disoriented in this sehll	07:49
kim0	jefimenko: check this out https://help.ubuntu.com/community/RecoveringUbuntuAfterInstallingWindows	07:50
kim0	relevant commands	07:50
jefimenko	the shell environment only has the grub-installer command	07:52
jefimenko	i wonder if the installation is mounted somewhere else	07:52
jefimenko	i don't have the grub or grub-install commands	07:54
RudyValencia	Why does the onboard Ethernet on my server perform worse than a PCI card?	08:34
RudyValencia	(internal Ethernet is an Intel e100-series Ethernet card, and the PCI card is a tulip-compatible Network Everywhere NE100.	08:35
RudyValencia	oops, NC100	08:35
RudyValencia	Why would an onboard Intel Ethernet port be slower than a PCI tulip-compatible NIC in my server?	08:40
lau	hi, do you know how to blacklist nf_nat_sip module ?	08:44
lau	I tried through /etc/modprobe.d/blacklist.conf in lucid but it is not blacklisted	08:44
lau	I though I could rename the .ko but does not look like a clean soluce	08:45
lau	any idea ?	08:45
_Techie_	i have postfix and dovecot installed and working, but postfix doesnt seem to be accepting smtp from other IP's	09:10
huats	morning	09:35
RoyK	happy sysadmin day everyone :)	09:43
a_ok	I'm working on a dell server with an idrac, when I use the virtualcd drive on the idrac it gets /dev/sda and the other disks are shifted accordingly so root is /dev/sdb all the sudden etc. Where (and how) should I confiugre udev so the virtual drive is always /dev/sdz?	09:43
twb	a_ok: if you are referring to drives by letter, you have already lost	09:44
twb	dynamic drive letter assignment is something that is only going to increase in the next decade	09:44
RoyK	a_ok: use the UUID	09:44
=== lau is now known as Guest32798
a_ok	does kvm support UUID?	09:44
RoyK	are you using raw disks with kvm?	09:45
a_ok	yes	09:45
a_ok	i'm going to anyway	09:45
RoyK	google says it should work ...	09:46
RoyK	I don't have kvm with raw disks, so I can't test from here...	09:46
RoyK	man kvm	09:46
RoyK	:)	09:46
a_ok	and its bloody annoying anyway. one time when using fd i need to look at /dev/sda and the other time I have to look at /dev/sdc	09:46
diogo_79	hi	09:50
a_ok	RoyK: I only see you can assign an uuid to a image not boot from it by uuid	09:50
diogo_79	how can i import gpg key to ubuntu server?	09:50
a_ok	twb: It seems that I really need to be referring to drives by letter. perhaps in the future I will resolve the uuid to device file but for now I don't have a choice. so where do I put them rules?	09:53
RoyK	a_ok: ok	09:53
RoyK	I'm not sure, but perhaps it's possible to use udev to assign device names for sdx, like with network cards	09:54
skydrome	Happy Sysadmin Day #ubuntu :)	09:59
a_ok	I don't get why drive letter asignment should dissapear in the future	10:01
=== Guest32798 is now known as lau
NightDragon	hello all, is there a good place to head for apache info?	11:34
_ruben	http://httpd.apache.org	11:44
binBASH	NightDragon: #httpd	11:46
NightDragon	httpd == apache2?	11:46
binBASH	nope	11:47
NightDragon	i can never get them straight... httpd, apache, apache 2.. prefork, postfork, @__@	11:47
binBASH	all the same ;)	11:47
binBASH	I dunno postfork though	11:47
binBASH	just prefork, peruser, worker, event	11:47
a_ok	how can I get info by devicefile?	11:51
a_ok	like bus type etc	11:51
a_ok	RoyK: this is rediculous. I can change the device file name of that disk with udev rules. Problem is that the kernel makes sr0 out of it but also makes sda... so the blody thing has two device files	12:07
RoyK	a_ok2: is it a drive or a cdrom?	12:39
a_ok2	RoyK: it's a virtual cdrom drive	12:40
RoyK	then forget about sda	12:41
a_ok2	RoyK if it was that easy I would. problem is that it is active one time and not active the other time. so we have stuff moving around	12:41
kaushal	hi	12:50
kaushal	is there a way to backport php5.3 to Hardy 8.04 server ?	12:50
pmatulis	kaushal: probably, but it wouldn't be an easy task. try https://launchpad.net/~bd808/+archive/php5.3	12:54
pmatulis	kaushal: otherwise, https://launchpad.net/ubuntu/+ppas?name_filter=php5	12:54
RoyK	kaushal: it'll be quite easy, really. just apt-get source php5, extract the php5.3 source somewhere, copy the debian/ directory from the ubuntu php5.2.4 source, cd into the 5.3 source and dpkg-buildpackage	13:04
RoyK	that should probably do it	13:04
kaushal	ok	13:05
kaushal	is that a recommended method ?	13:05
kaushal	RoyK: let me check	13:06
floown	hello	13:08
floown	to have Json, should I just install php5-json on a Jaunty server ?	13:09
NightDragon	hello all	13:10
NightDragon	would apreciate some help, i can not seem to connect to my ubuntu server from a mac	13:11
NightDragon	PC works just fine... and so does netatalk	13:11
NightDragon	(AFP	13:11
NightDragon	but when i try to do CMD+K, and do SMB://server, it does not work	13:11
NightDragon	connection failed	13:12
NightDragon	any suggestions?	13:12
sommer	morning all	13:14
=== TeTeT_ is now known as TeTeT
* NightDragon swears he hears crickets		13:14
Daviey	hey sommer !	13:20
Daviey	sommer: How are the doc's today? :)	13:20
sommer	cruisin, cruisin ;-)	13:21
Daviey	sommer: \o/	13:24
* NightDragon pokes someone		13:26
NightDragon	bump	13:26
Pici	NightDragon: Do you have a samba server running?	13:27
silentwhisper	i was able to run	13:29
silentwhisper	http server and mail server	13:29
silentwhisper	which server should i learn to setup	13:29
silentwhisper	i want to learn all	13:30
silentwhisper	server setup	13:30
cloakable	all?	13:30
Pici	I don't understand the question.	13:30
silentwhisper	i mean what are the things i need to learn in ubuntu server?	13:31
cloakable	That's... quite a task	13:31
Pici	!serverguide	13:31
ubottu	The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/	13:31
silentwhisper	like http server	13:31
silentwhisper	or mail server	13:31
silentwhisper	thats a long long list to learn	13:31
silentwhisper	in do you apply all of those in your company?	13:31
Pici	silentwhisper: I only use what I need to use.	13:32
silentwhisper	i want to learn what i need to learn and get a job	13:32
ttx	mathiaz, smoser, spamaps, zul: ping me when you are around	13:36
smoser	here	13:36
Pici	silentwhisper: I can't give you a list of what companies need you to learn. Start with httpd and some mail server, look at job listings to see what skills they require and learn those.	13:37
smoser	ttx,	13:37
ttx	smoser: yo, pm ?	13:38
blackstar256	#uscc	13:39
NightDragon	silentwhisper: what you need is a book	13:39
NightDragon	preferably from oreily	13:39
NightDragon	that gets into server administration	13:39
NightDragon	the best advice that i can give	13:39
NightDragon	is to install a linux distro (like Ubuntu ^_^), get _very_ comfortable with it, and then try to teach yourself server administration	13:40
NightDragon	silentwhisper: if your bash kung foo is not at least moderately strong, you wont be able to pass yourself off as a good sysadmin at interview, and even if you do... you wont be a good one and thats just not cool.	13:41
NightDragon	unix is something you need to gain expereince with, you cant just "read a webpage" and know it, like it was skype or something	13:41
NightDragon	i mean i cant say "you cant read the book"... because you kinda can, but if there was a singular book about everything you needed to know about unix administration, well it would be freaking huge. Like comically huge.	13:42
NightDragon	i've been using ubuntu/debian linux for 4+ years, and have done server administration for 1+ years, and i'm still learning a lot	13:43
TheJ3ckyl	20+ with Solaris, Irix, BSD, SCO, Redhat, etc.. etc.. etc.. and still don't know everything	13:45
TheJ3ckyl	ohh how could I leave out HPUX still have systems out there running on it	13:46
* NightDragon shudders at the thought of redhat		13:46
NightDragon	seriously, i've been playing in debian land too long	13:46
NightDragon	i do need to learn redhat	13:46
thesheff17	NightDragon: why RHEL ...stick with debian/ubuntu :)	13:47
TheJ3ckyl	Well, for small business use it's good that you can put customers on their support license	13:47
TheJ3ckyl	Of course Solaris IMHO is still the most stable with the best support.	13:49
NightDragon	thesheff17: well aptitude is my homeboy, but it seems like a lot of jobs out there pretty much use RHEL/Solaris/Centos/Fedora	13:49
TheJ3ckyl	and hardware is nice.	13:49
qman__	solaris is great if you're into self-torture	13:49
qman__	personally I just stay away	13:49
TheJ3ckyl	Fedora-Core is nice	13:49
thesheff17	NightDragon: true...though get the job and then switch to all ubuntu/debian...that is what I did :)	13:50
TheJ3ckyl	Self-Torture?	13:50
TheJ3ckyl	I like ubuntu for personal use	13:50
TheJ3ckyl	My home network is 100% ubuntu	13:50
thesheff17	if you use the terminal most of the time RHEL and ubuntu are really not all the different. I also feel like the support RHEL provides just a database of fixes....basically ubuntu and google accomplish the same thing.	13:52
TheJ3ckyl	Well, but they also have phone support for $$$. I have a day job already, but do consulting on the side so I don't have time to do support	13:53
thesheff17	true have you used Canonical support?	13:54
TheJ3ckyl	No, I haven't any good?	13:54
thesheff17	hehe I haven't either.....I'm guessing they are pretty good	13:55
thesheff17	also I hate how RHEL has ES, AS, and all these different version and support contracts....	13:55
TheJ3ckyl	Yeah, but the more corporate you get, the more your going to have to have that type of stuff	13:56
TheJ3ckyl	Hell, my primary vendor is Cisco.	13:56
TheJ3ckyl	and Sun	13:56
TheJ3ckyl	Talk about your different levels of support	13:56
thesheff17	hehe	13:56
TheJ3ckyl	Juniper is going the way of Cisco now	13:56
TheJ3ckyl	They are really getting some more market share	13:57
thesheff17	yea most of the data centers my company looked at used juniper over cisco	13:57
TheJ3ckyl	Who knows is Juniper can compete with Cisco (Not talking technical mind you)	13:57
TheJ3ckyl	Maybe someone someday will topple Microsoft :)	13:57
thesheff17	functionality & price are def on Juniper side	13:57
TheJ3ckyl	Yeah, their IOS IMO has always been more mature along with their hardware	13:58
TheJ3ckyl	They just didn't offer the same support Cisco did which turns off the big enterprises	13:58
TheJ3ckyl	For a long time Juniper didn't even have a proper lab for good regression testing and support testing	13:59
TheJ3ckyl	They have definately overcome that now	13:59
thesheff17	yea I work for a startup so paychecks come first technology comes second so I have to deal with what my budget is...basically 0 dollars :)	13:59
TheJ3ckyl	but they need to show the larger enterprises they are ready to play on the same level Cisco can	13:59
TheJ3ckyl	heh yeah	14:00
TheJ3ckyl	I got it nice, I work for AT&T Labs	14:00
thesheff17	nice	14:00
TheJ3ckyl	We get a couple buck here and there :)	14:00
thesheff17	hehe yea I'm sure ATT is huge	14:01
thesheff17	hehe need a linux admin ? :)	14:01
TheJ3ckyl	Not in labs, but I think corporate is hiring, but they are primary of HPUX and Sun shop	14:02
TheJ3ckyl	We have a lot of Linux, but Labs doesn't hire without a network engineer background	14:02
TheJ3ckyl	Mobility does a lot of Linux as well	14:03
thesheff17	well I'm not looking now but I will have a masters in March for information system security....so I'm sure I will be looking then.	14:03
TheJ3ckyl	heh, my degree was in Civil Engineering	14:04
thesheff17	You guys runs lots of virtual machines?	14:04
TheJ3ckyl	that was back in 89 though when CS degrees were IPX, SCO, and pretty much worthless	14:05
TheJ3ckyl	by 1995	14:05
thesheff17	yea my old company has sco boxes	14:05
TheJ3ckyl	When I came to LABs in 97 we had a lot of SCO and HPUX	14:06
TheJ3ckyl	sucked	14:06
thesheff17	haha yea	14:06
TheJ3ckyl	We still have a lot of UX, I can't stand it	14:06
thesheff17	we had a sco box with an NTFS share mounted on a novel box...or the other way around...either way it broke and basically brought the business to a halt....spent 3 straight days fixing it.	14:07
thesheff17	and had to try to deal with sco getting a new version and it was a nightmware	14:07
TheJ3ckyl	I requested screen for a hopoff box that I use so when my VPN dies I can regain my session	14:07
thesheff17	haha	14:07
TheJ3ckyl	The admin told me it would be too much of a pain in the arse to install screen???	14:07
TheJ3ckyl	really ???	14:08
thesheff17	jeeze	14:08
TheJ3ckyl	That's UX for ya	14:08
Pici	Hey guys, I know this channel isn't getting a lot of questions right now, but its really not a discussion channel. Feel free to join #ubuntu-offtopic if you want to chat.	14:08
thesheff17	k	14:08
TheJ3ckyl	he ok	14:08
TheJ3ckyl	sorry got carried away	14:08
Pici	Its okay :)	14:08
kimi_	Good morning. Does anybody know how to setup a radius server in Ubuntu?	14:14
NightDragon	oooh	14:14
NightDragon	"Good morning all, i want to build a space shuttle today. Can anyone help?"	14:15
ssureshot	might want to /join #nasa lol	14:15
thesheff17	lol	14:15
TheJ3ckyl	kimi_, in terms of?? Configuring the flat file or integrating it with PAM or something?	14:16
kimi_	I want to receive the authentication of WPA clientes (wireless devices)	14:17
TheJ3ckyl	kimi_ it's been awhile, but essentially after you download radiusd, you will have a flatfile where you can point it to /etc/passwd or you can create the account with the flat file	14:19
kimi_	the idea is that every client that connects to my wifi routers, do the authentication (using RADIUS) to a server in internet	14:19
NightDragon	kimi: what kind of network are you trying to set up?	14:19
TheJ3ckyl	Do you WIFI router support radius?	14:19
kimi_	the network layout will be like this	14:19
NightDragon	the likely scenerio here is a dedicated RADIUS Server is _VERY_ overkill for anything less then enterprise setup	14:19
kimi_	I will have 4 routers, all configures with wireless security WPA Enterprise (where you MUST specify a Radius)	14:20
NightDragon	not nessicarily	14:20
kimi_	all the routers will connect to this Radius, and the radius will receive and handle autenthication	14:20
NightDragon	but yes with WPA2, you can use Radius	14:20
NightDragon	how many users are you planning on having connect to this net?	14:21
kimi_	with WPA and WPA2 Enterprise (not Personal) y can use radius	14:21
NightDragon	yes, i know you can. How many users will be using this net?	14:21
kimi_	I don't have now that number of users	14:21
NightDragon	ballpark it for me	14:21
kimi_	but up to now I'm have if it works for 5 or 10 users	14:21
NightDragon	is this for a buissness? around 50 users or so?	14:21
TheJ3ckyl	kimi_ Best thing to do is go google some radius confiration example, there are a lot of ways to setup a radius configuration, as you can include access lists, times of access, type of auth etc..	14:21
NightDragon	5 or 10 users? man, for only 5 or 10 users you probably _REALLY_ dont need radius unless you really want it... i guess	14:22
kimi_	I have downloaded using apt "xtradius" but it doesn't not handle WPA authentication and the wireless clients can not login	14:22
kimi_	I want a prototype of 10 users, but it will have (I hope) thounsands	14:22
TheJ3ckyl	other then that just download and install radiusd and point your routers to it	14:22
NightDragon	thats because theres a lot more to it then that, kimi if you really want to go for it i can help you with it	14:23
NightDragon	your best way is probably router--> radius --> kerberos --> /etc/passwd (or mySQL DB, whatever)	14:23
TheJ3ckyl	kimi_ your router will not pass WPA to the radius server	14:23
kimi_	thanks, It will be grate if you can help me	14:23
NightDragon	but first, what is this network going to be used for/	14:23
TheJ3ckyl	LDAP, it good with radius as well	14:23
qman__	yeah, for thousands of users, LDAP would probably be best	14:24
NightDragon	well hold on guys	14:24
NightDragon	we have literally no idea what he's trying to do	14:24
=== lau is now known as Guest17167
kimi_	In the end, my idea is not only to obtain authentication using MySQL. I would like that the radius server calls a process passing information about the client that is connected. I want to know MAC address os the router, and mac address of the client . And I know that information gets into the server	14:24
NightDragon	LDAP could be a _really_ bad idea if he's trying to set up like a home or small buissness setup	14:24
qman__	NightDragon, he said thousands of users	14:25
kimi_	what I know up to now	14:25
TheJ3ckyl	kimi_ you can pass that information is radius options	14:25
NightDragon	yeah	14:25
NightDragon	radius will handle that	14:25
kimi_	yes, I know. what I could successfully do is setup XTRadius	14:25
kimi_	to call a process when a Wifi clients wants to connect	14:26
uvirtbot	New bug: #611695 in mysql-dfsg-5.1 (main) "mysqlhotcopy produces error about log tables" [Undecided,New] https://launchpad.net/bugs/611695	14:26
kimi_	but then I said "login incorrect"	14:26
kimi_	and I think that is because xtradius cannot handle WPA authentication	14:26
TheJ3ckyl	Ok, so you want radius to hit up a shell script?	14:26
qman__	kimi_, radius simply handles the authenticating process and such, you still need a backend database of users and passwords to authenticate against, and radius supports tons of them	14:27
TheJ3ckyl	yeah, wait a second	14:27
TheJ3ckyl	Not sure what WPA has to do with Radius.....	14:27
kimi_	ok, I will ahve a backend, but not directly to MySQL, it will call a process first	14:27
TheJ3ckyl	here me out	14:27
qman__	anything from flat file and PAM to LDAP and mysql	14:27
TheJ3ckyl	Your router is either going to support radius for WPA or it's not	14:27
TheJ3ckyl	radius is radius	14:28
smoser	Daviey, ping	14:28
TheJ3ckyl	Your router is either going to send out a radius request for WPA auth or it's not	14:28
kimi_	my router has a wireless authentication feature that is WPA Enterprise, where I must configure a RADIUS server	14:28
TheJ3ckyl	The router might just perform radius for console, aux, term, auth	14:28
kimi_	what I found is that when I setup that, every client that wants to authenticate makes a call to the radius server	14:29
TheJ3ckyl	ok, yeah that make sense	14:29
kimi_	but my actual radius server cannot authenticate wireless clients, only wired ones	14:29
TheJ3ckyl	radius, should not care	14:29
TheJ3ckyl	unless it's passing something that is not compliant to the server?	14:30
kimi_	I have tested radtest from machines connected to LAN	14:30
kimi_	and radius worked perfect	14:30
kimi_	but from a wireless network it wont	14:30
kimi_	it says "login incorrect"	14:30
qman__	yeah, the radius server won't care about that, so it must be an issue with the configuration/implementation of the clients requesting authentication	14:30
TheJ3ckyl	What radius server does your router vendor recommend?	14:30
kimi_	and the same information (user, pass) from a lan machine works great.	14:30
Daviey	smoser: o/	14:30
TheJ3ckyl	not all radius servers are ==	14:30
qman__	plenty of vendors use broken implementations	14:31
kimi_	linksys (I have one with dd-wrt, another with the original firmware, and another with CoovaAP( and Apple Airport	14:31
kimi_	all of them the same problem	14:31
TheJ3ckyl	I have had vendors that are compliant only with x radius server	14:31
kimi_	I would be happy if it only works with linksys and cisco.	14:31
cloakable	What are you encrypting the passwords with?	14:31
TheJ3ckyl	Yeah, could be a cleartext thing	14:31
TheJ3ckyl	or perhaps it on;y will do PAP/CHAP	14:32
qman__	with that much variation in hardware, you're going to want to set your radius server to accept pretty much any handshake method	14:32
cloakable	yeah	14:32
cloakable	Which needs cleartext backend	14:33
kimi_	sorry	14:33
TheJ3ckyl	Yeah, but some router clients will only send pap/chap	14:33
kimi_	I closed the wrong chat room	14:33
thesheff17	anyone really good with vmbuilder here? I have some weird things going on with it?	14:33
TheJ3ckyl	and depending on your radius server, some radius servers will only do cleartext or encryption	14:34
kimi_	yes	14:34
kimi_	I think that's the problem	14:34
kimi_	xtradius is doing only cleartext and not handling the encryptation	14:34
kimi_	that may be why I cannot connect wirelessclients correcly but yes using radtest	14:35
cloakable	mmmm	14:35
TheJ3ckyl	Did the router vendor recommend a particular radius server?	14:35
kimi_	I didn't found any recommend vendor. In the setup I only have the IP and port	14:35
kimi_	and If I want WPA Enterprise or WP2 Enterprise	14:35
qman__	dd-wrt should support most anything	14:35
qman__	but a stock linksys is going to be much more limited	14:36
qman__	I don't know what they use	14:36
kimi_	I could connect to radius with a stock linksys	14:36
kimi_	I have tested 4 routers with different firmwares, all of them do the same	14:36
TheJ3ckyl	cleartext auth?	14:36
TheJ3ckyl	with the linksys?	14:36
qman__	in this case, a packet capture might be in order, to figure out exactly what's going on	14:37
TheJ3ckyl	Yeah, that would at least tell you if the radius request is sent in using cleartext or not	14:37
kimi_	I have tested linksys with dd-wrt, coovaap, and stock firmware. all of them with WPA2 Enterprise to the same radius	14:37
kimi_	neither of them could authenticate	14:37
TheJ3ckyl	Just because it's WPA doesn't mean radius is sending it encrypted	14:37
qman__	WPA is only encrypting the over-the-air communication	14:38
kimi_	mm using wireshark and capturing what arrives to the radius port?	14:38
qman__	the radius authentication could be in cleartext or any number of handshake/encryption methods	14:38
kimi_	oh I see	14:38
qman__	the first step is figuring out what method the router is attempting to use	14:39
qman__	and a packet capture might tell you, or would at least tell you cleartext versus encrypted	14:39
kimi_	ok	14:39
TheJ3ckyl	exactly	14:39
kimi_	I will do that with wireless and wired clients in order to compare	14:39
TheJ3ckyl	Sometime on the router, you can specify the method in the radius config as well	14:41
TheJ3ckyl	I know Cisco and Juniper you can	14:41
TheJ3ckyl	not sur eon Linksys	14:41
kimi_	in the router when I select WPA2 Enterprise I can configure these parameters: radius ip, radius port, secret key, passfrhase and key 1	14:42
TheJ3ckyl	yeah, sounds like it doesn't have the cleartext, or encryption option then	14:42
TheJ3ckyl	So you will need to sniff it as found out what it defaults to	14:43
TheJ3ckyl	Like we mentioned earlier at least you will know whether or not your dealing with cleartext or not	14:43
ttx	mathiaz_: yo	14:43
kimi_	yes.and I will have to change the radius server in order to handle the encriptation or not	14:44
TheJ3ckyl	yup	14:44
kimi_	how can I change that in radius?	14:44
ttx	mathiaz_: I'd need updated status on server-maverick-hadoop-pig and server-maverick-uds-seed-review for the release meeting	14:44
ttx	mathiaz_: looks like they are in bad shape	14:44
kimi_	thanks to all of you. I will do the testing when energy come back to my office	14:46
romanoff	Hello, I am using EC2 service and have installed Ubuntu Server 10.04 as described on https://help.ubuntu.com/community/EC2StartersGuide page. I have allowed users to go to port 80 outside in EC2 panel. But I just can't start web app on port 80. I get this - http://pastie.org/1067075. Seems like some process is running on port 80. But I couldn't see any using 'sudo netstat -anp \| grep 80' command. Any ideas?	14:46
kimi_	now I'm connected to a 3G modem with the laptop	14:46
mathiaz_	ttx: updating the BP now	14:46
TheJ3ckyl	Well, there are a couple places	14:47
TheJ3ckyl	for auth, lemme, see	14:47
TheJ3ckyl	If your doing for example	14:47
TheJ3ckyl	MSCHAP	14:47
TheJ3ckyl	authenticate {	14:47
TheJ3ckyl		14:47
TheJ3ckyl	#	14:47
TheJ3ckyl	# MSCHAP authentication.	14:47
TheJ3ckyl	Auth-Type MS-CHAP {	14:47
TheJ3ckyl	mschap	14:47
TheJ3ckyl	}	14:47
TheJ3ckyl		14:47
TheJ3ckyl	or Auth-Type cleartext {	14:47
smoser	ttx, do you know what kernel is used on the isos ?	14:51
smoser	ie, what does netboot/ubuntu-installer/amd64/{kernel,initrd.gz} on an iso come from "?	14:52
rasengan	Is it safe to upgrade Ubuntu 9.10 to 10.* whilest ISPConfig is installed?	14:52
ChmEarl	smoser, 2.6.32-21-generic	14:52
ttx	smoser: I think it's linux-server	14:52
ttx	hm	14:52
mathiaz_	ttx: both specs updated	14:53
ttx	mathiaz_: looking	14:53
kimi_	oh look at that	14:53
=== mathiaz_ is now known as mathiaz
ttx	mathiaz: about hadoop, you think you are still on track ?	14:54
smoser	hm..	14:54
smoser	so any idea how i would get a initrd.gz given a linux-server package from the archive ?	14:54
mathiaz	ttx: yes - the WI defined for alpha3 are not impacted by any Freeze	14:54
smoser	i'm guessing its not the same as i'd get if i plucked it from /boot/ after installing package	14:54
ttx	mathiaz: same for seed-review ?	14:54
mathiaz	ttx: the seed-review discussion will probably spill over in the beta cycle	14:54
ttx	ah	14:54
mathiaz	ttx: I'm going to update the BP	14:55
ttx	mathiaz: ok POSTPONED / copy to beta as TODO	14:55
ttx	for the last two, I think	14:55
ChmEarl	smoser, what are you trying to do?	15:00
smoser	netboot a maverick install.	15:00
smoser	using kernel/ramdisk from iso is too old, as that package is no longer in archive.	15:00
ChmEarl	smoser, sorry - maverick is older than hardy?	15:01
smoser	:)	15:02
smoser	maverick is 10.10	15:02
kimi_	thanks to everybody, I will come back later	15:05
kimi_	and let you know how I'm doing	15:05
kimi_	thanks TheJ3ckyl	15:05
ChmEarl	smoser, now I know ;) - here is the netboot pair for maverick http://archive.ubuntu.com/ubuntu/dists/maverick/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/	15:06
ChmEarl	smoser, also there is xen aware boot set	15:06
smoser	yeah, thats too old	15:07
smoser	:-(	15:07
smoser	do you know how that is created ?	15:07
ChmEarl	smoser, whats missing or wrong with it?	15:07
smoser	the kernel that is there is not in the archive. so if you boot off of it, the installer says "i can't find modules for this kernel"	15:08
smoser	which goes badly	15:08
ChmEarl	smoser, version is 2.6.35-10-generic	15:10
smoser	which is not available in archive.	15:11
* Daviey screams		15:12
jpds	Yo.	15:14
pmatulis	"in (cyber)space, no one can hear you scream"	15:20
ChmEarl	smoser, yes same thing happens with the xen boot files	15:21
ChmEarl	smoser, I tried it a second ago	15:21
RoyK	pmatulis: - In space, loud sounds, like explosions, are even louder because there is no air to get in the way	15:23
jpds	pmatulis: You'd hear Daviey.	15:23
pmatulis	jpds: but i didn't	15:23
a_ok2	RoyK so you need to scream explosive?	15:23
RoyK	:)	15:24
a_ok2	RoyK: I solved my problem by the way, based on Lun number I made udev rules that make some nice symlinks(very descriptive names this time)	15:26
uvirtbot	New bug: #611721 in tomcat6 (main) "postinst fails if group exists" [Undecided,New] https://launchpad.net/bugs/611721	15:26
uvirtbot	New bug: #611722 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/611722	15:26
ccheney	mathiaz, did you see my email from a few days ago? i've been out sick but didn't see a response	15:29
mathiaz	ccheney: yes - I should get to it today	15:30
ccheney	mathiaz, ok	15:31
mathiaz	ttx: how is usually JAVA_HOME handled?	15:43
mathiaz	ttx: do you always have to set it manually?	15:43
mathiaz	ttx: or is there a central place where this is set automatically	15:43
mathiaz	ttx: ?	15:43
ttx	mathiaz: hm	15:44
ttx	mathiaz: in tomcat6 there is a bit of code to pick the right JVM	15:44
ttx	see http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/lucid/tomcat6/lucid/annotate/head%3A/debian/tomcat6.init	15:45
ttx	lines 54-65	15:45
ttx	and then an /etc/default.tomcat6 settings lets you overwrite that	15:45
ttx	/etc/default/tomcat6	15:46
ttx	that's what I reproduced in terracotta's packaging	15:46
Daviey	Ahh.. i was wondering that myself yesterday	15:46
ttx	if you strongly depend on default-jre-headless you can hardcode /usr/lib/jvm/default-java	15:47
ttx	the tomcat6 technique lets you specify a default preference order, basically	15:47
raubvogel	When you use ubumirror with reprepro, how do you make the later check in the directory created by the former for new/removed packages?	15:49
mathiaz	ttx: it seems like JAVA_HOME should be centralized	15:53
mathiaz	ttx: isn't there an alternative system already in place?	15:53
mathiaz	ttx: for managing which version of java is the default one?	15:53
mathiaz	ttx: if tomcat6, hadoop, terracotta are all doing the same...	15:53
ttx	mathiaz: the problem is you need to set JAVA_HOME, not just the path to the java executable	15:54
ttx	but maybe that can be done	15:54
=== ian_brasil__ is now known as ian_brasil
thesheff17	I run tomcat, jboss and terracotta at my company and I use the java service wrapper. http://wrapper.tanukisoftware.com/doc/english/download.jsp	15:59
thesheff17	it has a bunch of advanced features for java	16:00
SpamapS	ttx: seems like the solution there is to make the alternative point at a shell script that sets JAVA_HOME and then runs the real jvm	16:05
SpamapS	thesheff17: I've heard good things about that too.	16:05
thesheff17	yea I do like it allot...it is a little hard to setup but once is working correctly it is very easy to adjust ram, configuration, and when always shutdowns tomcat correctly	16:07
SpamapS	I think my buddies who maintain a large SOLR cluster use it too	16:10
Misterio	In ubuntu server, what is necessary to do to make a process to autostart? For example, ssh, apache, samba...	16:13
cloakable	nothing	16:14
thesheff17	Misterio: update-rc.d apache2 defaults is what I used to use.	16:15
cloakable	install it from apt and it will start on boot	16:15
thesheff17	I believe it is still valid with 10.04	16:16
cloakable	apache2 has always started automatically for me	16:17
Misterio	It says that file already exists, and nothing happens	16:17
a_ok2	it seems that kvm does not work without etherboot yet it is not dependency???	16:17
thesheff17	if it already exists then it should be starting	16:17
thesheff17	if it isn't there is something wrong with your setup	16:17
thesheff17	a_ok2: I use kvm without etherboot without any problems	16:19
thesheff17	a_ok2: are you trying to create a bridge for KVM?	16:19
a_ok2	thesheff17: I wonder why it insists on loading optrom than	16:19
a_ok2	thesheff17: I already have	16:20
a_ok2	will check out the bloody scripts	16:20
a_ok2	thesheff17: I have created a bridge and a tap. however non of the parameters I gave sugests it should use pxe. (I let it boot from cdrom to be exact)	16:22
smoser	kirkland, intended behavior ?	16:25
smoser	byobu-installer	16:25
smoser	ssh system where 1 session is open. i don't get a prompt for selection ?	16:25
a_ok2	thesheff17: sorry it was just a warning kind of error, the reason it broke of was that it apparently can not when ommiting host in -vnc	16:29
thesheff17	ah ok	16:30
papertigers	Does anyone know if you can directly connect two VM's in kvm	16:34
lolufail	hi!	16:34
thesheff17	papertigers: what do you mean directly connect?	16:34
papertigers	thesheff17: link a crossover cable trunk linking to physical boxes	16:35
papertigers	like8	16:35
papertigers	thesheff17: say I had two VM's , vm1 and vm2 they each have one nic bridged to the physical network, can I somehow also give them another nic directly connecting them	16:36
lolufail	I'm having the weirdest problem: ubuntu lucid server 64 on a debian host.	16:36
lolufail	the VM stops booting after "Begin: Running /scripts/init-bottom ... Done.", verbose says he hangs at mountall.	16:36
lolufail	when I append "init=/bin/bash" to the kernel line, remount the filesystem rw, remount it ro again, and reboot, the VM boots!	16:36
lolufail	if I shut it down again, mount it on the host, unmount it again and boot it again, it hangs -.- wtf?	16:36
lolufail	doesnt make any sense to me.	16:37
lolufail	xen btw	16:37
thesheff17	papertigers: that is a good question...is it possible to bridge two adapters and then just have the second adapter with a cross over cable.	16:38
qman__	papertigers, I would think you could create a new bridge between the two virtual adapters and not include a physical one	16:38
qman__	to get the same effect	16:38
papertigers	qman__: interesting, can you create a bridge not linked to a physical nic?	16:38
papertigers	thesheff17 and qman__ the reason I question is sometimes at school we use VMware and we have the ability to give x nics and connect them wherever for example a virtual vyatta router, I dont see why kvm wouldnt be able to do this because vmware can also be based on linux	16:40
qman__	I don't see why not	16:40
qman__	of course, the last time I messed with any of that extensively was with vmware 1.x	16:40
lolufail	aany clues?	16:42
qman__	lolufail, sorry, I don't know anything about xen	16:44
papertigers	qman__: I can create a bridge using brctl addbr testbridge	16:44
papertigers	however virt-manger wont let me select it because it is not bridged to any actual devices	16:44
qman__	papertigers, ah	16:45
a_ok2	papertigers: can't you just add a tap?	16:46
a_ok2	i mean qman	16:46
papertigers	a_ok2: ive never worked with taps directly how do you do that	16:46
=== Guest17167 is now known as lau
a_ok2	papertigers: first install uml-utilities	16:48
papertigers	doing that as we speak already haha	16:48
papertigers	a_ok2: okay got it	16:48
a_ok2	than create a tap with tunctl -b -u <username that needs access (can be ommited)>	16:49
a_ok2	it should say what tab it made	16:49
a_ok2	than do brctl addif <bridgename> tap0	16:50
a_ok2	papertigers: nothing to it really	16:50
papertigers	ahh okay so basically i can create a bridge called trunklink	16:50
papertigers	and add say tap1 and tap2 and assign tap1 to vm1 and tap2 to vm2?	16:51
a_ok2	brctl addbr trunklink	16:51
a_ok2	yes exactly	16:51
a_ok2	that is what I do	16:51
papertigers	a_ok2: okay thanks a lot I will have to play with this, I recntly saw that openswitch project too	16:52
papertigers	http://linux-kvm.com/content/openvswitch-reaches-100	16:52
a_ok2	do note that you need to assign MAC adresses, by default it pics the same for every VM in this setup you will have conflitcs	16:52
a_ok2	papertigers: bridges work fine with me. can even use iptables on them	16:53
a_ok2	papertigers: I was really amazed with that (never had a firewall on a switch before)	16:53
papertigers	a_ok2: yea I need to get some iptables going on my kvm machine	16:54
papertigers	did it get complex?	16:54
thesheff17	yea another question is say I have a box running two VM. if one is communicating with the other does the traffic actually flow out of the cat5 to the switch and back in? Or is KVM smart enough to know to route traffic internally?	16:54
a_ok2	no, you just need to know that you have to put the rules in the forwarding table instead of input	16:54
papertigers	thesheff17: should hit the bridge device which is actually a switch	16:55
papertigers	and it should not go out	16:55
thesheff17	ah ok	16:55
thesheff17	cool	16:55
papertigers	brctl showmac vr0	16:56
papertigers	brctl showmac br0	16:56
papertigers	its showmacs	16:56
mathiaz	ttx: how about having a standard directory for JAVA_HOME	16:57
mathiaz	ttx: and then manage the standard directory as a symlink to the actual jvm used	16:57
a_ok2	papertigers: the nice thing of putting firewall rules on the bridge is that you only have to define them onces and firewall all the machines on it (one of my bridges is connected directly to the internet)	16:57
ttx	mathiaz: whatever solution would need to be discussed on debian-java	16:57
papertigers	thesheff17: that work? it should show a local field too	16:57
mathiaz	ttx: agreed	16:57
ttx	mathiaz: since most of the action happens there	16:57
mathiaz	ttx: it just seems that could be improved	16:58
ttx	(even I do my commits in debian first)	16:58
papertigers	a_ok2: are you doing the bridge device or the interfaces on it like vnet0	16:58
ttx	mathiaz: definitely, but there may have been prior art	16:58
* ttx eows		16:58
mathiaz	ttx: any examples of JAVA_HOME in debian/rules?	16:58
papertigers	a_ok2: would you mind sending me your iptables script and striping out anything you dont want me to see?	16:59
ttx	in debian/rules you set it to whatever you build-dep points to	16:59
ttx	mathiaz: JAVA_HOME=/usr/lib/jvm/default-java	16:59
ttx	mathiaz: since you bd on default-jdk	16:59
a_ok2	papertigers: no you set the rules on the bridge, and use the Ip adresses or mac adresses that are used in the VM host if you need to need to filter based on that	16:59
ttx	mathiaz: gtg	16:59
mathiaz	ttx: ok - thanks	16:59
papertigers	a_ok2: ahh okay	16:59
mathiaz	ttx: have a nice weekend!	17:00
papertigers	a_ok2: what kind of hardware is your KVM box	17:00
a_ok2	papertigers: dell poweredge something, has two Xeon E5520, and 8GB ram	17:01
a_ok2	disks are in a san (also a poweredge, running on openfiler)	17:02
papertigers	a_ok2: jealous haha, I have a box I built with a phenom quad core and 8gig of ram	17:03
papertigers	a_ok2: my disks are on my 5.4tb raid6 shared via nfs	17:03
thesheff17	hehe I have a dell desktop running KVM :)	17:03
a_ok2	thesheff17: well I have a laptop running kvm (on a 1.2 Ghz low voltage C2D) runs just fine	17:04
papertigers	thesheff17: all my money goes into my computers :( why do i even work	17:05
papertigers	a_ok2: how do you like openfiler	17:05
thesheff17	I feel the same way	17:05
thesheff17	I just bought a new i7 laptop	17:05
thesheff17	is it possible to bridge a wlan0 to br0?	17:06
a_ok2	thesheff17: we only have 900GB effectively (also raid 6) but they are those new SAS 6GB/s	17:06
papertigers	a_ok2: I would love to have sas based storage, but for now I will stick with sata for cost reasons	17:07
a_ok2	papertigers: it works greath if you have 2.3, unfortuanatly I have a bit to new hardware to run the stable version (perc h700 is not supported yet)	17:07
a_ok2	papertigers: actually they are not that expensive anymore	17:07
papertigers	my 1tb black WD drives never do me wrong	17:08
papertigers	a_ok2: how much is a typical drive	17:08
a_ok2	300Gb 230 euro's	17:10
a_ok2	ours where much cheaper though	17:11
a_ok2	let me see if I can find what we paid	17:11
papertigers	okay thanks	17:13
a_ok2	papertigers: its not specified, unfortunatly. we have 5 300GB 6gb/s 15k Hot swappable disks. for about 1000 euros I think	17:16
papertigers	a_ok2: great thanks for showing me tap haha now I am going to set up a bridge with a bunch of taps and vyatta and play with its routing	17:16
a_ok2	papertigers: you can actually use iptable rulles on the interface i forgot (you just have to specify it diferently) check this out: http://www.sjdjweis.com/linux/bridging/	17:19
a_ok2	gtg later	17:19
papertigers	thesheff17: ahh kvm is so nice	17:20
thesheff17	yea I really do like it...it works very well. I have been fighting a little with vmbuilder.	17:21
thesheff17	but I have been running kvm since 9.04 and never looked back at vmware	17:22
papertigers	thesheff17: I am going to try vmbuilder today	17:29
papertigers	hey do you know if there are any rules of thumb based on number of vms to processors	17:29
thesheff17	papertigers I have a small python wrapper for vmbuilder if you want it. Nothing special and it is a work in progress but works well.	17:30
thesheff17	vms per proc is tough...if most of the time the vm sits there and does nothing you can create a bunch....I try to limit 2-3 per CPU	17:31
papertigers	thesheff17: per cpu core?	17:32
thesheff17	papertigers: yes	17:32
papertigers	thesheff17: I love python, sure id love to have a look at it	17:32
papertigers	are you doing cpu pinning or just letting kvm controll that	17:33
thesheff17	I'm letting kvm control that. most linux machines just sit idle all day and then spike during a specific event cronjob usually....so I just make sure that I stagger cronjobs	17:34
thesheff17	http://ubuntu.pastebin.com/Ayxrcqn5	17:35
papertigers	thesheff17: hmm I am gonna set up a mini network in kvm maybe ill give them all like 128mb of ram and 1cpu	17:35
papertigers	thesheff17: thanks I downloaded it. What do you have your VMs doing, currently I have dns, web, and ubuntu mirror as my always up running vms	17:36
thesheff17	basically I have been prepping moving my production env to KVM and want to be able to build VM on the fly for load balancing. We are a big Java shop so we run tomcat, jboss, terracotta.	17:37
thesheff17	so in the script I just basically concatenate a string to build the packages I want per machine	17:38
papertigers	thesheff17: ahh nice, I need to find a company that will let me do their network and run ubuntu and VM's	17:38
papertigers	thesheff17: how do you plan on doing load balancing?	17:38
thesheff17	well I eventually want to get VM's running squid	17:39
thesheff17	but for now we use an hardware F5 that is super expensive	17:39
thesheff17	:(	17:39
thesheff17	also you may have to adjust the script a little...it accounts for a local ubuntu repository	17:40
papertigers	I have a local ubuntu repository, one of my VMs :P	17:40
thesheff17	hehe nice	17:41
papertigers	thesheff17: how do you plan on spawning vms based on load?	17:41
thesheff17	that is a good question...I haven't gotten that far yet but plan on monitoring the load on the current VM's and put some zabbix threshhold on CPU & time and if that trigger happens spawn more	17:42
papertigers	thesheff17: ive never used zabbix	17:43
papertigers	what kind of vms do you want to spawn? webservers?	17:43
thesheff17	basically just a monitoring tool..I'm sure most can do it	17:43
thesheff17	yea web servers	17:43
thesheff17	and jboss	17:44
smoser	Daviey, ping	17:44
smoser	instances go from pending to terminated. /var/log/libvirt/qemu/i-37430731.log shows:	17:44
smoser	libvir: Security Labeling error : internal error error calling aa_change_profile()	17:44
thesheff17	there is also a bug right now for tmpfs param which builds it in RAM for testing and is very quick. You have to get the latest package from here https://launchpad.net/~vmbuilder/+archive/daily/+packages	17:44
papertigers	thesheff17: so basically you would need to set up a load balancer and dynamically add the ip's of the newly added vm's to the list of servers	17:45
thesheff17	yes or just have a range already in there	17:45
thesheff17	like 192.168.1.50-192.168.1.75 will be my web server range	17:46
papertigers	thesheff17: but if you had the range in there and a vm was off, wouldnt it still try to send the connection to it	17:46
thesheff17	and they do active checks on apache	17:46
thesheff17	they won't serve boxes not running apache	17:46
papertigers	thesheff17: ahh okay, what load balancer is that?	17:46
thesheff17	I'm using pound for our dev env and an F5 for production	17:47
thesheff17	papertigers: hehe I even run the pound server on the KVM server	17:48
papertigers	thesheff17: I am looking into doing this too now haha	17:48
smoser	above, i found bug 599450, trying hally's work around. to disable.	17:50
uvirtbot	Launchpad bug 599450 in linux "[apparmor] getattr handled incorrectly in 2.6.35-6.7" [High,Fix committed] https://launchpad.net/bugs/599450	17:50
papertigers	thesheff17: I was playing around with migrate, I had it working perfectly, distributing load would be awesome too	17:50
thesheff17	papertigers that is such a good idea to migrate them around too :) Here is my config file for pound: http://ubuntu.pastebin.com/dyTjeV9Y	17:51
thesheff17	papertigers: it is setup to just load balance two machines but can easily have more	17:52
papertigers	thesheff17: thanks I have so much to play with now haha	17:52
thesheff17	papertigers: you can also do SSL with pound which I really like...not all load balancers have support for SSL.	17:53
papertigers	yeah moving them accross kvm servers is cool. I could write a python script to monitor load and then migrate to the other kvm based upon load	17:53
thesheff17	papertigers: np I have been working on KVM and vmbuilder for a while now and would love to see more people use it and bounce ideas off each other. vmbuilder is so promising I can really build a lucid apache server in about 5 min.	17:53
papertigers	thesheff17: yeah i need to use vmbuilder, going through virt-manager and doing a full install sucks	17:54
papertigers	thesheff17: do you plan on building vms or having them built and turning them on when needed	17:55
thesheff17	papertigers: for production I would have them built and off. Chances are I will spin up manually until I get all this working. Eventually though I want my entire env build from vmbuilder. Auditors are climbing up my back all the time telling me my servers are not the same	17:56
thesheff17	papertiger: I would love to just send the auditors my python script and say this is what our servers is running and nothing else.	17:57
papertigers	thesheff17: haha nice, yeah I am doing this all in my home lab for now. What company do you work for	17:58
thesheff17	papertigers: ticketreserve.com	17:59
thesheff17	papertigers: hopefully no one gets offended...it has had some problems in the past :)	17:59
papertigers	thesheff17: what has?	18:00
thesheff17	papertigers: the company	18:00
thesheff17	papertigers: I do allot of consulting work though also	18:00
papertigers	thesheff17: ahh okay	18:01
papertigers	tell them you yourself are opensource haha	18:01
thesheff17	papertigers: I wish it was that easy :)	18:01
papertigers	thesheff17: I hate that on most of my vm's shutdown doesnt work :(	18:03
thesheff17	papertigers: are you running them from virt-manager or are you running shutdown -h now within the vm?	18:07
papertigers	virt-manager or virsh shutdown vm	18:08
papertigers	in the vm i can do a halt just fine	18:08
thesheff17	papertigers: ok yea I can't say I have had a vm not work with shutdown -h now inside the vm	18:08
RoyK	papertigers: I've seen that - I can't shutdown my VMs from virt-manager either	18:10
RoyK	'halt' or similar from inside the VM works, though	18:10
papertigers	RoyK: yeah same	18:12
papertigers	thesheff17: interesting, I am looking at that tap stuff, looks like i cant assign it directly to a device, needs to be a part of a vm	18:12
thesheff17	papertigers: yea I'm having some weird results from vmbuilder...I'm emailing back and fourth with the developer for that project.	18:14
* RoyK reads up on Fortran		18:38
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
Daviey	smoser: Yeah.. i think that is apparmour playing it's magic - i think a fix is landing soon!	18:46
Daviey	that isn't our bug to solve, sadly.	18:46
SpamapS	Daviey: http://ceph.newdream.net/wiki/RADOS_Gateway	18:49
SpamapS	Daviey: ever seen that?	18:49
SpamapS	Daviey: its an S3 store.	18:50
mullerk	]	19:12
mullerk	i have a hp server, proliant dl120. I'm trying to install ubuntu 8.04, but the sata hard drive is not being detected in the installation. how can I discover the correct driver for that?	19:12
remix_tj	mullerk: maybe depends on the contoller	19:15
remix_tj	lspci maybe can help	19:15
mullerk	the problem is that I don't have the driver for that	19:16
mullerk	accordgin to hp website, it's a "HP Proliant Smart Array Controller". Anyway, I'm not using RAID	19:16
au	hello, I followed https://help.ubuntu.com/10.04/serverguide/C/postfix.html but when I do ehlo mail.mydomain.com, it has everything else but 250-AUTH LOGIN PLAIN	19:20
au	how can I get it to show 250-AUTH LOGIN PLAIN	19:20
au	brr, missing those question marks :)	19:20
Daviey	SpamapS: I hadn't.. looks interesting	19:23
soren	SpamapS, Daviey: S3 really isn't rocket science. It took me a day or so to implement in OpenStack.	19:24
soren	I'm surprised there isn't of them out there :)	19:24
au	hmm so any postfix gurus around?	19:25
RoyK	au: I'm not a guru, but I've used it for some years...	19:26
au	hmm would you be able to tell me what I am doing wrong? please	19:27
RoyK	au: what are you trying to achive?	19:30
RoyK	simple smtp?	19:30
RoyK	or authenticated smtp?	19:30
au	setup a simple smtp server	19:31
au	where yes I have to authenticate to send emails	19:31
RoyK	au: isn't that 250 ok, then, if you want auth?	19:31
au	hmm found a smtpd_tls_auth_only = yes in main.cf, one moment	19:32
RoyK	sounds reasonable :)	19:32
RoyK	TLS is a wee bit more secure than plaintext	19:32
au	I would like it to have both options	19:33
RoyK	au: if it's on a private LAN, just define the IPs from whom you want to allow relay	19:33
au	nope, not private lan	19:35
au	RoyK: thanks for help :)	19:36
RoyK	:)	19:36
thesheff17	au: yes I just checked mine and I have relayhost = ip I also don't have to authentication. I know this doesn't help but know it works...have you checked that you make sure you can get to port 25 on that smtp server?	19:38
SpamapS	soren: backed by CEPH, this RADOS should be really damn scalable.	19:39
au	thesheff17: yep it works fine :) now just to see why it's giving me a wrong ssl certificate :)	19:40
cablop	i need some help to setup a https apache server	19:54
Pici	What part of the setup is causing issues?	19:55
cablop	in one step i'll need to create certificates and other things and i don't know how to setup the server name... i mean the domain name that i need to create the certificates for, how can i?	19:55
cablop	an old guide says i need to go to "System->Administration->Networking:General" butr that menu does not exist here	19:55
mullerk	hey guys, i'm still looking for how to install the ubuntu server in a hp server with sata driver.. the hd is not being reconized... somebody help me!	19:55
cablop	or maybe i can sklip that hostname part and go ahead?	19:56
Pici	!hostname	19:56
ubottu	Use hostname <somehostname> to set the hostname, or to do it permanently: edit /etc/hostname and /etc/hosts . WARNING! Make sure that your current hostname and /etc/hosts match, otherwise sudo may not work properly.	19:56
cablop	wait a second can i set up a domain.name as a hostname?	19:58
RoyK	mullerk: what sort of SATA controller do you have on that one?	20:00
soren	SpamapS: I guess I didn't look too closely. Is it actually bound to ceph in any way, or is it just a frontend to an arbitrary filesystem?	20:05
thesheff17	cablop: I think the new 10.04 has an certificate built in if you install openssl	20:05
thesheff17	cablop: look under /etc/apache2/sites-available/ dir	20:06
thesheff17	cablop: that will be the location for config stuff.	20:06
cablop	thanks thesheff17	20:08
papertigers	thesheff17: this setup took me a bit to think about, going through with the vyatta install haha i stress my kvm box so much	20:11
thesheff17	cablop: check this out http://ubuntu.pastebin.com/mrjDZw2y	20:14
thesheff17	cablop: it is a little outdated that first link but still works. If you are going to get your cert signed you have to run it through that process as well and put the right files in the right place. /etc/apache2/auth/ is an directory I just created.	20:15
SpamapS	soren: as I understand it, RADOS is CEPH's lower level	20:16
soren	SpamapS: Oh, I see.	20:16
SpamapS	soren: so CEPH is really just an interface to RADOS, as is the RADOS Gateway which speaks S3	20:17
thesheff17	papertigers: nice...have you used virt-clone?	20:17
papertigers	thesheff17: yeah ive used it like once	20:19
thesheff17	papertigers: I haven't used it in a long time but there was a problem that you had to edit /etc/udev/rules.d/70-persitent-net.rules and adjust the network. which was a pain. I think I have started cloning a vm that had the script on the box and when you logged in as root it did a reboot and then the network was fixed.	20:19
papertigers	but then you have to set the hostname again and change the nic	20:19
RoyK	anyone that knows where I can get an affordable SSL certificate?	20:22
thesheff17	godaddy	20:23
RoyK	g'day	20:24
thesheff17	3 years 24 dollars	20:24
cablop	thanks thesheff17	20:25
cablop	RoyK try comodo too, they have certificates too	20:25
RoyK	seems godaddy is a good place to start - thanks :)	20:29
thesheff17	papertigers: what are you trying to do with vyatta?	20:29
thesheff17	RoyK: I sound a like a godaddy rep but they have cheap ssl certs and there turn around time on them are quick. Others take time to review bs thinking there is some type of extra security built into delaying you your cert. If it is isn't production self signed certs are always a good way to go.	20:32
thesheff17	Royk: hell have the govt certs are self signed.	20:32
RoyK	thesheff17: what would you recommend?	20:33
cablop	thanks for the help	20:33
cablop	i have to go for a while	20:33
RoyK	I don't want self-signed certs	20:33
cablop	see ya	20:33
thesheff17	RoyK: just the cheapest one for as long a you want...the crap that makes it green in the title bar is over kill :)	20:34
mullerk	Roy: it's a HP Proliant Smart Array COntroller	20:36
smoser	kirkland, Daviey one of you able to anwer	20:40
smoser	http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu/maverick/eucalyptus/devel/annotate/head:/debian/eucalyptus.conf	20:40
smoser	for VIRTIO, i put that on the CC or the NC	20:40
smoser	i tried CC and restart with CLEAN=1, but no affect it seems.	20:41
smoser	node controller. verified (i think).	20:41
raubvogel	which user does ngnix run as?	20:42
Daviey	o/	20:42
Daviey	smoser: I think we are carrying the force virtio patch, which might be causing that.	20:42
smoser	no	20:43
Daviey	smoser: Is the problem that, you can't get virtio, or you can't disable it?	20:43
smoser	without that stuff, it does virtio root	20:43
smoser	s/virtio root/scsi root/	20:43
smoser	adding it to eucalyptus.conf on the node changes it to virtio root	20:43
smoser	it seems broken to me that that setting would be on the node	20:43
Daviey	where would you expect it to be?	20:44
Daviey	surely it's the node that does the magic	20:44
smoser	yes, but surely it has to be configured on a per-cloud basis	20:44
Daviey	per node basis	20:44
smoser	it would be bonkers to have an image get one set of hardware on one node, and one set on another node.	20:44
smoser	because 2 nodes /etc/eucalpytus.conf settings differed.	20:45
Daviey	smoser: whilst i agree, it does seem to be logical to have the setting on the nc	20:45
smoser	no.	20:46
smoser	:)	20:46
Daviey	It reasonable to assume that if an end user changes the defaults, they need to have a plan to make it migrate themselves	20:46
Daviey	smoser: patches welcome if you disagree enough :)	20:46
SpamapS	Daviey: so , do we have any idea if eucalyptus will be able to display any graphs we produce?	20:47
* Daviey makes a call.		20:47
Daviey	SpamapS: Yes... just clarifying how now..	20:47
smoser	of course it will.	20:47
* smoser is feeling a bit snarky after dealing with instability all day		20:48
SpamapS	BTW does anybody know who moderates ubuntu-devel@lists ?	20:48
Daviey	SpamapS: check mailman]	20:50
benedikt	shouldnt libivirt store the virtual disk images somewhere in /var?	20:53
benedikt	it has been placing my images in my ~ for some reason	20:53
smoser	SpamapS, i've pinged cjwatson in your position before, and it got fixed.	20:58
smoser	he's probably overkill for that, but i'm fairly certain he has acl	20:58
benedikt	more specificly, how do i control where libvirt will store teh image for a guest i create	21:04
tyska	hi guys, im having problems with CUPS + WIN, cant print on authentication required printers, can someone help me?	21:25
tyska	im stucked very much time on this =/	21:26
thesheff17	ping benedikt	22:24
thesheff17	benedikt: ping	22:24
mustelo	I've got a lab running lucid (desktop) connecting via kerberos to a server. authentication works great, and I can login via the console on the desktop machines, but graphical login hangs. has anyone seen this issue?	22:25
benedikt	thesheff17: pong	22:26
thesheff17	benedikt: how are you building your vm?	22:26
thesheff17	virt-install?	22:27
benedikt	ubuntu-vm-builder	22:27
thesheff17	haha funny...ok I was creating multiple vm with a script	22:27
thesheff17	and they where overwriting each other	22:27
thesheff17	I talked to the developer and he just said what ever directory you are in they will build in there.	22:27
benedikt	ah, cool.	22:28
benedikt	then its pretty easy to decide where they go	22:28
thesheff17	At least here on lucid, the vm gets placed inside $CWD/ubuntu.kvm.	22:28
thesheff17	it used to be /var/ something...I was also very confused	22:28
thesheff17	I haven't tested it yet but I bet that is it.	22:28
benedikt	im gonna try later	22:34
benedikt	ill let you know	22:34
thesheff17	k sound good ttyl	22:35
=== unreal_ is now known as unreal
=== erichammond1 is now known as erichammond
papertigers	thesheff17: I messaged you if you are still around	23:41
kimi_	HEllo to everybody. Does anybody ever configured a freeradius in Ubuntu?	23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!