[00:32] <Doonz> dksad
[00:58] <zul> mathiaz: fyi i got an updated version of openldap with ufw profile and apport ready to go
[01:01] <brando753> hello everyone I have set up my server I have installed ISPConfig but now I would like to know how to get it live so my three diffrent domains point to my diffrent sights how would i do this? How would i get a domain to point to my ip?
[01:59] <mathiaz> zul: great!
[03:21] <chewbranca> what applications do you guys use for server monitoring? looking for something much simpler than nagios and that has an android app or rest api to allow for mobile monitoring and notifications
[03:22] <ball> ping? :-)
[03:22] <chewbranca> ping doesn't help you get notifications about load average or service availability
[03:23] <ball> I know, I was just being facetious.  I'll be interested to see what other people suggest though.
[03:24] <chewbranca> hahahha yeah wasn't sure, legitimate point though
[03:25] <chewbranca> I've been playing with zenoss and its still rather complicated, I would also need to build custom solutions for monitoring my applications and an android app, plus I would need to run it on a dedicated box
[04:49] <kimi_> Good Night
[04:50] <kimi_> Does anybody has experience setting up a Radius server in Ubuntu?
[04:52] <Shapeshiftr> Hey, what's the package for Mono again?
[04:52] <Shapeshiftr> I installed it on my other Ubuntu server, just forgot how.
[05:34] <processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
[05:51] <processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
[06:06] <processroute> can someone help me with my ubuntu-server issue: http://ubuntuforums.org/showthread.php?p=9655540 ?
[06:09] <twb`> !repeat
[06:10] <processroute> twb': i should wait more than 15 min?
[06:10] <twb`> Yes.
[06:10] <twb`> More like an hour or three.
[06:10] <processroute> IRC is live chat?
[06:10] <processroute> email/forums are 1 - 3 hrs
[06:11] <twb`> Kids these days
[06:11] <processroute> yep, we want everything faster
[06:11] <twb`> If an email arrives the same day it's sent, you should consider yourself lucky
[06:11] <processroute> when i email people, i expect to hear back within hours
[06:12] <processroute> i almost always do too
[06:12] <sweetpi> thats because they want to talk to you
[06:13] <processroute> sweet3.1418: that could well be it
[06:14] <processroute> guampa's writing a semi-solution to it on ubuntuforums, and i've posted ideas to fix it on brainstorm.ubuntu.com
[06:15] <twb`> Is this your question? "Is there a way to bind specific programs to specific network devices (not IPs, since I have dynamic IPs)?"
[06:16] <processroute> twb`: affirmative
[06:16] <twb`> You should have just posted that, rather than linking to a page that contains it.
[06:16] <twb`> To answer your question: no, there's no generic way to achieve that.
[06:16] <processroute> twb`: i couldn't find it on the internet, so i thought others might have the same question and want it on the internet
[06:16] <processroute> twb`: its in the kernel?
[06:17] <processroute> the restriction to do that
[06:17] <twb`> Best practice is to bind to all addresses, and set up a firewall.
[06:18] <processroute> twb`: like change the route and use iptables to route programs (though iptables will not route PIDs)
[06:18] <processroute> twb`: also having dynamic ips makes it difficult to bind to addresses instead of network interfaces
[06:19] <twb`> Are you making a statement, or asking a question?
[06:20] <processroute> twb`: making a statement, re-affirming its not possible to do that
[06:27] <processroute> twb: what are users supposed to do that have two vpn services with their vpn services having different ip addresses, or users with two isps?
[06:36] <twb> processroute: er, assign different ports?
[06:36] <twb> I have two OpenVPNs and one vpnc terminating on my laptop, and it Just Works
[06:46] <processroute> twb: you never have the urge to run one program through the vpnc device tun0 and others through the VPN apps?
[06:47] <twb> Er, no.
[06:48] <twb> Even if I did, it's still just be a matter of writing firewall rules.
[07:39] <jefimenko> i'm in the middle of an ubuntu install at a point where it's asking me which partition to install grub on. no matter what i select, the following page tells me that i haven't chosen any partitions to install grub to and asks me to confirm. is there any way that i can manually install grub from here to ensure that my system reboots properly?
[07:43] <kim0> jefimenko: dont really know .. but u can try installing on /dev/sda itself .. not on a partition
[07:44] <PlainFlavored> what is ubuntu enterprise cloud?
[07:44] <jefimenko> kim0: i tried selecting that too
[07:44] <jefimenko> is there a way to escape into a shell and manually do it?
[07:45] <jefimenko> it's very important that this server reboots properly since i am doing the install remotely
[07:45] <jefimenko> it will be 10x as much work if it doesn't :(
[07:45] <kim0> jefimenko: r u in text installer ?
[07:45] <jefimenko> i think it's freaking out because i chose manual package selection during the install process
[07:46] <jefimenko> kim0: yes
[07:46] <kim0> jefimenko: wouldn't ALT+F2 or other Function numbers, get u on a shell
[07:46] <jefimenko> because i've done other remote installs just like this one
[07:46] <jefimenko> never had this problem... but i was stupid to try selecting extra packages to install now
[07:49] <jefimenko> kim0: yes, i can get instal a shell that way
[07:49] <jefimenko> kim0: but i'm not familiar with the install environment
[07:49] <jefimenko> i'm a little disoriented in this sehll
[07:50] <kim0> jefimenko: check this out https://help.ubuntu.com/community/RecoveringUbuntuAfterInstallingWindows
[07:50] <kim0> relevant commands
[07:52] <jefimenko> the shell environment only has the grub-installer command
[07:52] <jefimenko> i wonder if the installation is mounted somewhere else
[07:54] <jefimenko> i don't have the grub or grub-install commands
[08:34] <RudyValencia> Why does the onboard Ethernet on my server perform worse than a PCI card?
[08:35] <RudyValencia> (internal Ethernet is an Intel e100-series Ethernet card, and the PCI card is a tulip-compatible Network Everywhere NE100.
[08:35] <RudyValencia> oops, NC100
[08:40] <RudyValencia> Why would an onboard Intel Ethernet port be slower than a PCI tulip-compatible NIC in my server?
[08:44] <lau> hi, do you know how to blacklist nf_nat_sip module ?
[08:44] <lau> I tried through /etc/modprobe.d/blacklist.conf in lucid but it is not blacklisted
[08:45] <lau> I though I could rename the .ko but does not look like a clean soluce
[08:45] <lau> any idea ?
[09:10] <_Techie_> i have postfix and dovecot installed and working, but postfix doesnt seem to be accepting smtp from other IP's
[09:35] <huats> morning
[09:43] <RoyK> happy sysadmin day everyone :)
[09:43] <a_ok> I'm working on a dell server with an idrac, when I use the virtualcd drive on the idrac it gets /dev/sda and the other disks are shifted accordingly so root is /dev/sdb all the sudden etc. Where (and how) should I confiugre udev so the virtual drive is always /dev/sdz?
[09:44] <twb> a_ok: if you are referring to drives by letter, you have already lost
[09:44] <twb> dynamic drive letter assignment is something that is only going to increase in the next decade
[09:44] <RoyK> a_ok: use the UUID
[09:44] <a_ok> does kvm support UUID?
[09:45] <RoyK> are you using raw disks with kvm?
[09:45] <a_ok> yes
[09:45] <a_ok> i'm going to anyway
[09:46] <RoyK> google says it should work ...
[09:46] <RoyK> I don't have kvm with raw disks, so I can't test from here...
[09:46] <RoyK> man kvm
[09:46] <RoyK> :)
[09:46] <a_ok> and its bloody annoying anyway. one time when using fd i need to look at /dev/sda and the other time I have to look at /dev/sdc
[09:50] <diogo_79> hi
[09:50] <a_ok> RoyK: I only see you can assign an uuid to a image not boot from it by uuid
[09:50] <diogo_79> how can i import gpg key to ubuntu server?
[09:53] <a_ok> twb: It seems that I really need to be referring to drives by letter. perhaps in the future I will resolve the uuid to device file but for now I don't have a choice. so where do I put them rules?
[09:53] <RoyK> a_ok: ok
[09:54] <RoyK> I'm not sure, but perhaps it's possible to use udev to assign device names for sdx, like with network cards
[09:59] <skydrome> Happy Sysadmin Day #ubuntu :)
[10:01] <a_ok> I don't get why drive letter asignment should dissapear in the future
[11:34] <NightDragon> hello all, is there a good place to head for apache info?
[11:44] <_ruben> http://httpd.apache.org
[11:46] <binBASH> NightDragon: #httpd
[11:46] <NightDragon> httpd == apache2?
[11:47] <binBASH> nope
[11:47] <NightDragon> i can never get them straight... httpd, apache, apache 2.. prefork, postfork, @__@
[11:47] <binBASH> all the same ;)
[11:47] <binBASH> I dunno postfork though
[11:47] <binBASH> just prefork, peruser, worker, event
[11:51] <a_ok> how can I get info by devicefile?
[11:51] <a_ok> like bus type etc
[12:07] <a_ok> RoyK: this is rediculous. I can change the device file name of that disk with udev rules. Problem is that the kernel makes sr0 out of it but also makes sda... so the blody thing has two device files
[12:39] <RoyK> a_ok2: is it a drive or a cdrom?
[12:40] <a_ok2> RoyK: it's a virtual cdrom drive
[12:41] <RoyK> then forget about sda
[12:41] <a_ok2> RoyK if it was that easy I would. problem is that it is active one time and not active the other time. so we have stuff moving around
[12:50] <kaushal> hi
[12:50] <kaushal> is there a way to backport php5.3 to Hardy 8.04 server ?
[12:54] <pmatulis> kaushal: probably, but it wouldn't be an easy task.  try https://launchpad.net/~bd808/+archive/php5.3
[12:54] <pmatulis> kaushal: otherwise, https://launchpad.net/ubuntu/+ppas?name_filter=php5
[13:04] <RoyK> kaushal: it'll be quite easy, really. just apt-get source php5, extract the php5.3 source somewhere, copy the debian/ directory from the ubuntu php5.2.4 source, cd into the 5.3 source and dpkg-buildpackage
[13:04] <RoyK> that should probably do it
[13:05] <kaushal> ok
[13:05] <kaushal> is that a recommended method ?
[13:06] <kaushal> RoyK: let me check
[13:08] <floown> hello
[13:09] <floown> to have Json, should I just install php5-json on a Jaunty server ?
[13:10] <NightDragon> hello all
[13:11] <NightDragon> would apreciate some help, i can not seem to connect to my ubuntu server from a mac
[13:11] <NightDragon> PC works just fine... and so does netatalk
[13:11] <NightDragon> (AFP
[13:11] <NightDragon> but when i try to do CMD+K, and do SMB://server, it does not work
[13:12] <NightDragon> connection failed
[13:12] <NightDragon> any suggestions?
[13:14] <sommer> morning all
[13:14]  * NightDragon swears he hears crickets
[13:20] <Daviey> hey sommer !
[13:20] <Daviey> sommer: How are the doc's today? :)
[13:21] <sommer> cruisin, cruisin ;-)
[13:24] <Daviey> sommer: \o/
[13:26]  * NightDragon pokes someone
[13:26] <NightDragon> bump
[13:27] <Pici> NightDragon: Do you have a samba server running?
[13:29] <silentwhisper> i was able to run
[13:29] <silentwhisper> http server and mail server
[13:29] <silentwhisper> which server should i learn to setup
[13:30] <silentwhisper> i want to learn all
[13:30] <silentwhisper> server setup
[13:30] <cloakable> all?
[13:30] <Pici> I don't understand the question.
[13:31] <silentwhisper> i mean what are the things i need to learn in ubuntu server?
[13:31] <cloakable> That's... quite a task
[13:31] <Pici> !serverguide
[13:31] <silentwhisper> like http server
[13:31] <silentwhisper> or mail server
[13:31] <silentwhisper> thats a long long list to learn
[13:31] <silentwhisper> in do you apply all of those in your company?
[13:32] <Pici> silentwhisper: I only use what I need to use.
[13:32] <silentwhisper> i want to learn what i need to learn and get a job
[13:36] <ttx> mathiaz, smoser, spamaps, zul: ping me when you are around
[13:36] <smoser> here
[13:37] <Pici> silentwhisper: I can't give you a list of what companies need you to learn. Start with httpd and some mail server, look at job listings to see what skills they require and learn those.
[13:37] <smoser> ttx,
[13:38] <ttx> smoser: yo, pm ?
[13:39] <blackstar256> #uscc
[13:39] <NightDragon> silentwhisper: what you need is a book
[13:39] <NightDragon> preferably from oreily
[13:39] <NightDragon> that gets into server administration
[13:39] <NightDragon> the best advice that i can give
[13:40] <NightDragon> is to install a linux distro (like Ubuntu ^_^), get _very_ comfortable with it, and then try to teach yourself server administration
[13:41] <NightDragon> silentwhisper: if your bash kung foo is not at least moderately strong, you wont be able to pass yourself off as a good sysadmin at interview, and even if you do... you wont be a good one and thats just not cool.
[13:41] <NightDragon> unix is something you need to gain expereince with, you cant just "read a webpage" and know it, like it was skype or something
[13:42] <NightDragon> i mean i cant say "you cant read the book"... because you kinda can, but if there was a singular book about *everything* you needed to know about unix administration, well it would be freaking huge. Like comically huge.
[13:43] <NightDragon> i've been using ubuntu/debian linux for 4+ years, and have done server administration for 1+ years, and i'm still learning a lot
[13:45] <TheJ3ckyl> 20+ with Solaris, Irix, BSD, SCO, Redhat, etc.. etc.. etc.. and still don't know everything
[13:46] <TheJ3ckyl> ohh how could I leave out HPUX still have systems out there running on it
[13:46]  * NightDragon shudders at the thought of redhat
[13:46] <NightDragon> seriously, i've been playing in debian land too long
[13:46] <NightDragon> i do need to learn redhat
[13:47] <thesheff17> NightDragon: why RHEL ...stick with debian/ubuntu :)
[13:47] <TheJ3ckyl> Well, for small business use it's good that you can put customers on their support license
[13:49] <TheJ3ckyl> Of course Solaris IMHO is still the most stable with the best support.
[13:49] <NightDragon> thesheff17: well aptitude is my homeboy, but it seems like a lot of jobs out there pretty much use RHEL/Solaris/Centos/Fedora
[13:49] <TheJ3ckyl> and hardware is nice.
[13:49] <qman__> solaris is great if you're into self-torture
[13:49] <qman__> personally I just stay away
[13:49] <TheJ3ckyl> Fedora-Core is nice
[13:50] <thesheff17> NightDragon: true...though get the job and then switch to all ubuntu/debian...that is what I did :)
[13:50] <TheJ3ckyl> Self-Torture?
[13:50] <TheJ3ckyl> I like ubuntu for personal use
[13:50] <TheJ3ckyl> My home network is 100% ubuntu
[13:52] <thesheff17> if you use the terminal most of the time RHEL and ubuntu are really not all the different.  I also feel like the support RHEL provides just a database of fixes....basically ubuntu and google accomplish the same thing.
[13:53] <TheJ3ckyl> Well, but they also have phone support for $$$. I have a day job already, but do consulting on the side so I don't have time to do support
[13:54] <thesheff17> true have you used Canonical support?
[13:54] <TheJ3ckyl> No, I haven't any good?
[13:55] <thesheff17> hehe I haven't either.....I'm guessing they are pretty good
[13:55] <thesheff17> also I hate how RHEL has ES, AS, and all these different version and support contracts....
[13:56] <TheJ3ckyl> Yeah, but the more corporate you get, the more your going to have to have that type of stuff
[13:56] <TheJ3ckyl> Hell, my primary vendor is Cisco.
[13:56] <TheJ3ckyl> and Sun
[13:56] <TheJ3ckyl> Talk about your different levels of support
[13:56] <thesheff17> hehe
[13:56] <TheJ3ckyl> Juniper is going the way of Cisco now
[13:57] <TheJ3ckyl> They are really getting some more market share
[13:57] <thesheff17> yea most of the data centers my company looked at used juniper over cisco
[13:57] <TheJ3ckyl> Who knows is Juniper can compete with Cisco (Not talking technical mind you)
[13:57] <TheJ3ckyl> Maybe someone someday will topple Microsoft :)
[13:57] <thesheff17> functionality & price are def on Juniper side
[13:58] <TheJ3ckyl> Yeah, their IOS IMO has always been more mature along with their hardware
[13:58] <TheJ3ckyl> They just didn't offer the same support Cisco did which turns off the big enterprises
[13:59] <TheJ3ckyl> For a long time Juniper didn't even have a proper lab for good regression testing and support testing
[13:59] <TheJ3ckyl> They have definately overcome that now
[13:59] <thesheff17> yea I work for a startup so paychecks come first technology comes second so I have to deal with what my budget is...basically 0 dollars :)
[13:59] <TheJ3ckyl> but they need to show the larger enterprises they are ready to play on the same level Cisco can
[14:00] <TheJ3ckyl> heh yeah
[14:00] <TheJ3ckyl> I got it nice, I work for AT&T Labs
[14:00] <thesheff17> nice
[14:00] <TheJ3ckyl> We get a couple buck here and there :)
[14:01] <thesheff17> hehe yea I'm sure ATT is huge
[14:01] <thesheff17> hehe need a linux admin ? :)
[14:02] <TheJ3ckyl> Not in labs, but I think corporate is hiring, but they are primary of HPUX and Sun shop
[14:02] <TheJ3ckyl> We have a lot of Linux, but Labs doesn't hire without a network engineer background
[14:03] <TheJ3ckyl> Mobility does a lot of Linux as well
[14:03] <thesheff17> well I'm not looking now but I will have a masters in March for information system security....so I'm sure I will be looking then.
[14:04] <TheJ3ckyl> heh, my degree was in Civil Engineering
[14:04] <thesheff17> You guys runs lots of virtual machines?
[14:05] <TheJ3ckyl> that was back in 89 though when CS degrees were IPX, SCO, and pretty much worthless
[14:05] <TheJ3ckyl> by 1995
[14:05] <thesheff17> yea my old company has sco boxes
[14:06] <TheJ3ckyl> When I came to LABs in 97 we had a lot of SCO and HPUX
[14:06] <TheJ3ckyl> sucked
[14:06] <thesheff17> haha yea
[14:06] <TheJ3ckyl> We still have a lot of UX, I can't stand it
[14:07] <thesheff17> we had a sco box with an NTFS share mounted on a novel box...or the other way around...either way it broke and basically brought the business to a halt....spent 3 straight days fixing it.
[14:07] <thesheff17> and had to try to deal with sco getting a new version and it was a nightmware
[14:07] <TheJ3ckyl> I requested screen for a hopoff box that I use so when my VPN dies I can regain my session
[14:07] <thesheff17> haha
[14:07] <TheJ3ckyl> The admin told me it would be too much of a pain in the arse to install screen???
[14:08] <TheJ3ckyl> really ???
[14:08] <thesheff17> jeeze
[14:08] <TheJ3ckyl> That's UX for ya
[14:08] <Pici> Hey guys, I know this channel isn't getting a lot of questions right now, but its really not a discussion channel. Feel free to join #ubuntu-offtopic if you want to chat.
[14:08] <thesheff17> k
[14:08] <TheJ3ckyl> he ok
[14:08] <TheJ3ckyl> sorry got carried away
[14:08] <Pici> Its okay :)
[14:14] <kimi_> Good morning. Does anybody know how to setup a radius server in Ubuntu?
[14:14] <NightDragon> oooh
[14:15] <NightDragon> "Good morning all, i want to build a space shuttle today. Can anyone help?"
[14:15] <ssureshot>  might want to /join #nasa lol
[14:15] <thesheff17> lol
[14:16] <TheJ3ckyl> kimi_,  in terms of??  Configuring the flat file or integrating it with PAM or something?
[14:17] <kimi_> I want to receive the authentication of WPA clientes (wireless devices)
[14:19] <TheJ3ckyl> kimi_ it's been awhile, but essentially after you download radiusd, you will have a flatfile where you can point it to /etc/passwd or you can create the account with the flat file
[14:19] <kimi_> the idea is that every client that connects to my wifi routers, do the authentication (using RADIUS) to a server in internet
[14:19] <NightDragon> kimi: what kind of network are you trying to set up?
[14:19] <TheJ3ckyl> Do you WIFI router support radius?
[14:19] <kimi_> the network layout will be like this
[14:19] <NightDragon> the likely scenerio here is a dedicated RADIUS Server is _VERY_ overkill for anything less then enterprise setup
[14:20] <kimi_> I will have 4 routers, all configures with wireless security WPA Enterprise (where you MUST specify a Radius)
[14:20] <NightDragon> not nessicarily
[14:20] <kimi_> all the routers will connect to this Radius, and the radius will receive and handle autenthication
[14:20] <NightDragon> but yes with WPA2, you can use Radius
[14:21] <NightDragon> how many users are you planning on having connect to this net?
[14:21] <kimi_> with WPA and WPA2 Enterprise (not Personal) y can use radius
[14:21] <NightDragon> yes, i know you can. How many users will be using this net?
[14:21] <kimi_> I don't have now that number of users
[14:21] <NightDragon> ballpark it for me
[14:21] <kimi_> but up to now I'm have if it works for 5 or 10 users
[14:21] <NightDragon> is this for a buissness? around 50 users or so?
[14:21] <TheJ3ckyl> kimi_ Best thing to do is go google some radius confiration example, there are a lot of ways to setup a radius configuration, as you can include access lists, times of access, type of auth etc..
[14:22] <NightDragon> 5 or 10 users? man, for only 5 or 10 users you probably _REALLY_ dont need radius unless you really want it... i guess
[14:22] <kimi_> I have downloaded using apt "xtradius" but it doesn't not handle WPA authentication and the wireless clients can not login
[14:22] <kimi_> I want a prototype of 10 users, but it will have (I hope) thounsands
[14:22] <TheJ3ckyl> other then that just download and install radiusd and point your routers to it
[14:23] <NightDragon> thats because theres a lot more to it then that, kimi if you really want to go for it i can help you with it
[14:23] <NightDragon> your best way is probably router--> radius --> kerberos --> /etc/passwd (or mySQL DB, whatever)
[14:23] <TheJ3ckyl> kimi_ your router will not pass WPA to the radius server
[14:23] <kimi_> thanks, It will be grate if you can help me
[14:23] <NightDragon> but first, what is this network going to be used for/
[14:23] <TheJ3ckyl> LDAP, it good with radius as well
[14:24] <qman__> yeah, for thousands of users, LDAP would probably be best
[14:24] <NightDragon> well hold on guys
[14:24] <NightDragon> we have literally no idea what he's trying to do
[14:24] <kimi_> In the end, my idea is not only to obtain authentication using MySQL. I would like that the radius server calls  a process passing information about the client that is connected. I want to know MAC address os the router, and mac address of the client . And I know that information gets into the server
[14:24] <NightDragon> LDAP could be a _really_ bad idea if he's trying to set up like a home or small buissness setup
[14:25] <qman__> NightDragon, he said thousands of users
[14:25] <kimi_> what I know up to now
[14:25] <TheJ3ckyl> kimi_ you can pass that information is radius options
[14:25] <NightDragon> yeah
[14:25] <NightDragon> radius will handle that
[14:25] <kimi_> yes, I know. what I could successfully do is setup XTRadius
[14:26] <kimi_> to call a process when a Wifi clients wants to connect
[14:26] <kimi_> but then I said "login incorrect"
[14:26] <kimi_> and I think that is because xtradius cannot handle WPA authentication
[14:26] <TheJ3ckyl> Ok, so you want radius to hit up a shell script?
[14:27] <qman__> kimi_, radius simply handles the authenticating process and such, you still need a backend database of users and passwords to authenticate against, and radius supports tons of them
[14:27] <TheJ3ckyl> yeah, wait a second
[14:27] <TheJ3ckyl> Not sure what WPA has to do with Radius.....
[14:27] <kimi_> ok, I will ahve a backend, but not directly to MySQL, it will call a process first
[14:27] <TheJ3ckyl> here me out
[14:27] <qman__> anything from flat file and PAM to LDAP and mysql
[14:27] <TheJ3ckyl> Your router is either going to support radius for WPA or it's not
[14:28] <TheJ3ckyl> radius is radius
[14:28] <smoser> Daviey, ping
[14:28] <TheJ3ckyl> Your router is either going to send out a radius request for WPA auth or it's not
[14:28] <kimi_> my router has a wireless authentication feature that is WPA Enterprise, where I must configure a RADIUS server
[14:28] <TheJ3ckyl> The router might just perform radius for console, aux, term, auth
[14:29] <kimi_> what I found is that when I setup that, every client that wants to authenticate makes a call to the radius server
[14:29] <TheJ3ckyl> ok, yeah that make sense
[14:29] <kimi_> but my actual radius server cannot authenticate wireless clients, only wired ones
[14:29] <TheJ3ckyl> radius, should not care
[14:30] <TheJ3ckyl> unless it's passing something that is not compliant to the server?
[14:30] <kimi_> I have tested radtest from machines connected to LAN
[14:30] <kimi_> and radius worked perfect
[14:30] <kimi_> but from a wireless network it wont
[14:30] <kimi_> it says "login incorrect"
[14:30] <qman__> yeah, the radius server won't care about that, so it must be an issue with the configuration/implementation of the clients requesting authentication
[14:30] <TheJ3ckyl> What radius server does your router vendor recommend?
[14:30] <kimi_> and the same information (user, pass) from a lan machine works great.
[14:30] <Daviey> smoser: o/
[14:30] <TheJ3ckyl> not all radius servers are ==
[14:31] <qman__> plenty of vendors use broken implementations
[14:31] <kimi_> linksys (I have one with dd-wrt, another with the original firmware, and another with CoovaAP( and Apple Airport
[14:31] <kimi_> all of them the same problem
[14:31] <TheJ3ckyl> I have had vendors that are compliant only with x radius server
[14:31] <kimi_> I would be happy if it only works with linksys and cisco.
[14:31] <cloakable> What are you encrypting the passwords with?
[14:31] <TheJ3ckyl> Yeah, could be a cleartext thing
[14:32] <TheJ3ckyl> or perhaps it on;y will do PAP/CHAP
[14:32] <qman__> with that much variation in hardware, you're going to want to set your radius server to accept pretty much any handshake method
[14:32] <cloakable> yeah
[14:33] <cloakable> Which needs cleartext backend
[14:33] <kimi_> sorry
[14:33] <TheJ3ckyl> Yeah, but some router clients will only send pap/chap
[14:33] <kimi_> I closed the wrong chat room
[14:33] <thesheff17> anyone really good with vmbuilder here? I have some weird things going on with it?
[14:34] <TheJ3ckyl> and depending on your radius server, some radius servers will only do cleartext or encryption
[14:34] <kimi_> yes
[14:34] <kimi_> I think that's the problem
[14:34] <kimi_> xtradius is doing only cleartext and not handling the encryptation
[14:35] <kimi_> that may be why I cannot connect wirelessclients correcly but yes using radtest
[14:35] <cloakable> mmmm
[14:35] <TheJ3ckyl> Did the router vendor recommend a particular radius server?
[14:35] <kimi_> I didn't found any recommend vendor. In the setup I only have the IP and port
[14:35] <kimi_> and If I want WPA Enterprise or WP2 Enterprise
[14:35] <qman__> dd-wrt should support most anything
[14:36] <qman__> but a stock linksys is going to be much more limited
[14:36] <qman__> I don't know what they use
[14:36] <kimi_> I could connect to radius with a stock linksys
[14:36] <kimi_> I have tested 4 routers with different firmwares, all of them do the same
[14:36] <TheJ3ckyl> cleartext auth?
[14:36] <TheJ3ckyl> with the linksys?
[14:37] <qman__> in this case, a packet capture might be in order, to figure out exactly what's going on
[14:37] <TheJ3ckyl> Yeah, that would at least tell you if the radius request is sent in using cleartext or not
[14:37] <kimi_> I have tested linksys with dd-wrt, coovaap, and stock firmware. all of them with WPA2 Enterprise to the same radius
[14:37] <kimi_> neither of them could authenticate
[14:37] <TheJ3ckyl> Just because it's WPA doesn't mean radius is sending it encrypted
[14:38] <qman__> WPA is only encrypting the over-the-air communication
[14:38] <kimi_> mm using wireshark and capturing what arrives to the radius port?
[14:38] <qman__> the radius authentication could be in cleartext or any number of handshake/encryption methods
[14:38] <kimi_> oh I see
[14:39] <qman__> the first step is figuring out what method the router is attempting to use
[14:39] <qman__> and a packet capture might tell you, or would at least tell you cleartext versus encrypted
[14:39] <kimi_> ok
[14:39] <TheJ3ckyl> exactly
[14:39] <kimi_> I will do that with wireless and wired clients in order to compare
[14:41] <TheJ3ckyl> Sometime on the router, you can specify the method in the radius config as well
[14:41] <TheJ3ckyl> I know Cisco and Juniper you can
[14:41] <TheJ3ckyl> not sur eon Linksys
[14:42] <kimi_> in the router when  I select WPA2 Enterprise I can configure these parameters: radius ip, radius port, secret key, passfrhase and key 1
[14:42] <TheJ3ckyl> yeah, sounds like it doesn't have the cleartext, or encryption option then
[14:43] <TheJ3ckyl> So you will need to sniff it as found out what it defaults to
[14:43] <TheJ3ckyl> Like we mentioned earlier at least you will know whether or not your dealing with cleartext or not
[14:43] <ttx> mathiaz_: yo
[14:44] <kimi_> yes.and I will have to change the radius server in order to handle the encriptation or not
[14:44] <TheJ3ckyl> yup
[14:44] <kimi_> how can I change that in radius?
[14:44] <ttx> mathiaz_: I'd need updated status on server-maverick-hadoop-pig and server-maverick-uds-seed-review for the release meeting
[14:44] <ttx> mathiaz_: looks like they are in bad shape
[14:46] <kimi_> thanks to all of you. I will do the testing when energy come back to my office
[14:46] <romanoff> Hello, I am using EC2 service and have installed Ubuntu Server 10.04 as described on https://help.ubuntu.com/community/EC2StartersGuide page. I have allowed users to go to port 80 outside in EC2 panel. But I just can't start web app on port 80. I get this - http://pastie.org/1067075. Seems like some process is running on port 80. But I couldn't see any using 'sudo netstat -anp | grep 80' command. Any ideas?
[14:46] <kimi_> now I'm connected to a 3G modem with the laptop
[14:46] <mathiaz_> ttx: updating the BP now
[14:47] <TheJ3ckyl> Well, there are a couple places
[14:47] <TheJ3ckyl> for auth, lemme, see
[14:47] <TheJ3ckyl> If your doing for example
[14:47] <TheJ3ckyl> MSCHAP
[14:47] <TheJ3ckyl> authenticate {
[14:47] <TheJ3ckyl>          
[14:47] <TheJ3ckyl>          #
[14:47] <TheJ3ckyl>          #  MSCHAP authentication.
[14:47] <TheJ3ckyl>          Auth-Type MS-CHAP {
[14:47] <TheJ3ckyl>                mschap
[14:47] <TheJ3ckyl>           }
[14:47] <TheJ3ckyl> 	
[14:47] <TheJ3ckyl> or Auth-Type cleartext {
[14:51] <smoser> ttx, do you know what kernel is used on the isos ?
[14:52] <smoser> ie, what does netboot/ubuntu-installer/amd64/{kernel,initrd.gz} on an iso come from "?
[14:52] <rasengan> Is it safe to upgrade Ubuntu 9.10 to 10.* whilest ISPConfig is installed?
[14:52] <ChmEarl> smoser,  2.6.32-21-generic
[14:52] <ttx> smoser: I think it's linux-server
[14:52] <ttx> hm
[14:53] <mathiaz_> ttx: both specs updated
[14:53] <ttx> mathiaz_: looking
[14:53] <kimi_> oh look at that
[14:54] <ttx> mathiaz: about hadoop, you think you are still on track ?
[14:54] <smoser> hm..
[14:54] <smoser> so any idea how i would get a initrd.gz given a linux-server package from the archive ?
[14:54] <mathiaz> ttx: yes - the WI defined for alpha3 are not impacted by any Freeze
[14:54] <smoser> i'm guessing its not the same as i'd get if i plucked it from /boot/ after installing package
[14:54] <ttx> mathiaz: same for seed-review ?
[14:54] <mathiaz> ttx: the seed-review discussion will probably spill over in the beta cycle
[14:54] <ttx> ah
[14:55] <mathiaz> ttx: I'm going to update the BP
[14:55] <ttx> mathiaz: ok POSTPONED / copy to beta as TODO
[14:55] <ttx> for the last two, I think
[15:00] <ChmEarl> smoser, what are you trying to do?
[15:00] <smoser> netboot a maverick install.
[15:00] <smoser> using kernel/ramdisk from iso is too old, as that package is no longer in archive.
[15:01] <ChmEarl> smoser, sorry - maverick is older than hardy?
[15:02] <smoser> :)
[15:02] <smoser> maverick is 10.10
[15:05] <kimi_> thanks to everybody, I will come back later
[15:05] <kimi_> and let you know how I'm doing
[15:05] <kimi_> thanks TheJ3ckyl
[15:06] <ChmEarl> smoser, now I know ;)  - here is the netboot pair for maverick http://archive.ubuntu.com/ubuntu/dists/maverick/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
[15:06] <ChmEarl> smoser, also there is xen aware boot set
[15:07] <smoser> yeah, thats too old
[15:07] <smoser> :-(
[15:07] <smoser> do you know how that is created ?
[15:07] <ChmEarl> smoser, whats missing or wrong with it?
[15:08] <smoser> the kernel that is there is not in the archive. so if you boot off of it, the installer says "i can't find modules for this kernel"
[15:08] <smoser> which goes badly
[15:10] <ChmEarl> smoser, version is 2.6.35-10-generic
[15:11] <smoser> which is not available in archive.
[15:12]  * Daviey screams
[15:14] <jpds> Yo.
[15:20] <pmatulis> "in (cyber)space, no one can hear you scream"
[15:21] <ChmEarl> smoser, yes same thing happens with the xen boot files
[15:21] <ChmEarl> smoser, I tried it a second ago
[15:23] <RoyK> pmatulis: - In space, loud sounds, like explosions, are even louder because there is no air to get in the way
[15:23] <jpds> pmatulis: You'd hear Daviey.
[15:23] <pmatulis> jpds: but i didn't
[15:23] <a_ok2> RoyK so you need to scream explosive?
[15:24] <RoyK> :)
[15:26] <a_ok2> RoyK: I solved my problem by the way, based on Lun number I made udev rules that make some nice symlinks(very descriptive names this time)
[15:29] <ccheney> mathiaz, did you see my email from a few days ago? i've been out sick but didn't see a response
[15:30] <mathiaz> ccheney: yes - I should get to it today
[15:31] <ccheney> mathiaz, ok
[15:43] <mathiaz> ttx: how is usually JAVA_HOME handled?
[15:43] <mathiaz> ttx: do you always have to set it manually?
[15:43] <mathiaz> ttx: or is there a central place where this is set automatically
[15:43] <mathiaz> ttx: ?
[15:44] <ttx> mathiaz: hm
[15:44] <ttx> mathiaz: in tomcat6 there is a bit of code to pick the right JVM
[15:45] <ttx> see http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/lucid/tomcat6/lucid/annotate/head%3A/debian/tomcat6.init
[15:45] <ttx> lines 54-65
[15:45] <ttx> and then an /etc/default.tomcat6 settings lets you overwrite that
[15:46] <ttx> /etc/default/tomcat6
[15:46] <ttx> that's what I reproduced in terracotta's packaging
[15:46] <Daviey> Ahh.. i was wondering that myself yesterday
[15:47] <ttx> if you strongly depend on default-jre-headless you can hardcode /usr/lib/jvm/default-java
[15:47] <ttx> the tomcat6 technique lets you specify a default preference order, basically
[15:49] <raubvogel> When you use ubumirror with reprepro, how do you make the later check in the directory created by the former for new/removed packages?
[15:53] <mathiaz> ttx: it seems like JAVA_HOME should be centralized
[15:53] <mathiaz> ttx: isn't there an alternative system already in place?
[15:53] <mathiaz> ttx: for managing which version of java is the default one?
[15:53] <mathiaz> ttx: if tomcat6, hadoop, terracotta are all doing the same...
[15:54] <ttx> mathiaz: the problem is you need to set JAVA_HOME, not just the path to the java executable
[15:54] <ttx> but maybe that can be done
[15:59] <thesheff17> I run tomcat, jboss and terracotta at my company and I use the java service wrapper. http://wrapper.tanukisoftware.com/doc/english/download.jsp
[16:00] <thesheff17> it has a bunch of advanced features for java
[16:05] <SpamapS> ttx: seems like the solution there is to make the alternative point at a shell script that sets JAVA_HOME and then runs the real jvm
[16:05] <SpamapS> thesheff17: I've heard good things about that too.
[16:07] <thesheff17> yea I do like it allot...it is a little hard to setup but once is working correctly it is very easy to adjust ram, configuration, and when always shutdowns tomcat correctly
[16:10] <SpamapS> I think my buddies who maintain a large SOLR cluster use it too
[16:13] <Misterio> In ubuntu server, what is necessary to do to make a process to autostart? For example, ssh, apache, samba...
[16:14] <cloakable> nothing
[16:15] <thesheff17> Misterio: update-rc.d apache2 defaults is what I used to use.
[16:15] <cloakable> install it from apt and it will start on boot
[16:16] <thesheff17> I believe it is still valid with 10.04
[16:17] <cloakable> apache2 has always started automatically for me
[16:17] <Misterio> It says that file already exists, and nothing happens
[16:17] <a_ok2> it seems that kvm does not work without etherboot yet it is not dependency???
[16:17] <thesheff17> if it already exists then it should be starting
[16:17] <thesheff17> if it isn't there is something wrong with your setup
[16:19] <thesheff17> a_ok2: I use kvm without etherboot without any problems
[16:19] <thesheff17> a_ok2: are you trying to create a bridge for KVM?
[16:19] <a_ok2> thesheff17: I wonder why it insists on loading optrom than
[16:20] <a_ok2> thesheff17: I already have
[16:20] <a_ok2> will check out the bloody scripts
[16:22] <a_ok2> thesheff17: I have created a bridge and a tap. however non of the parameters I gave sugests it should use pxe. (I let it boot from cdrom to be exact)
[16:25] <smoser> kirkland, intended behavior ?
[16:25] <smoser> byobu-installer
[16:25] <smoser> ssh system where 1 session is open. i don't get a prompt for selection ?
[16:29] <a_ok2> thesheff17: sorry it was just a warning kind of error, the reason it broke of was that it apparently can not when ommiting host in -vnc
[16:30] <thesheff17> ah ok
[16:34] <papertigers> Does anyone know if you can directly connect two VM's in kvm
[16:34] <lolufail> hi!
[16:34] <thesheff17> papertigers: what do you mean directly connect?
[16:35] <papertigers> thesheff17: link a crossover cable trunk linking to physical boxes
[16:35] <papertigers> like8
[16:36] <papertigers> thesheff17: say I had two VM's , vm1 and vm2 they each have one nic bridged to the physical network, can I somehow also give them another nic directly connecting them
[16:36] <lolufail> I'm having the weirdest problem: ubuntu lucid server 64 on a debian host.
[16:36] <lolufail> the VM stops booting after "Begin: Running /scripts/init-bottom ... Done.", verbose says he hangs at mountall.
[16:36] <lolufail> when I append "init=/bin/bash" to the kernel line, remount the filesystem rw, remount it ro again, and reboot, the VM boots!
[16:36] <lolufail> if I shut it down again, mount it on the host, unmount it again and boot it again, it hangs -.- wtf?
[16:37] <lolufail> doesnt make any sense to me.
[16:37] <lolufail> xen btw
[16:38] <thesheff17> papertigers: that is a good question...is it possible to bridge two adapters and then just have the second adapter with a cross over cable.
[16:38] <qman__> papertigers, I would think you could create a new bridge between the two virtual adapters and not include a physical one
[16:38] <qman__> to get the same effect
[16:38] <papertigers> qman__: interesting, can you create a bridge not linked to a physical nic?
[16:40] <papertigers> thesheff17 and qman__ the reason I question is sometimes at school we use VMware and we have the ability to give x nics and connect them wherever for example a virtual vyatta router, I dont see why kvm wouldnt be able to do this because vmware can also be based on linux
[16:40] <qman__> I don't see why not
[16:40] <qman__> of course, the last time I messed with any of that extensively was with vmware 1.x
[16:42] <lolufail> aany clues?
[16:44] <qman__> lolufail, sorry, I don't know anything about xen
[16:44] <papertigers> qman__: I can create a bridge using brctl addbr testbridge
[16:44] <papertigers> however virt-manger wont let me select it because it is not bridged to any actual devices
[16:45] <qman__> papertigers, ah
[16:46] <a_ok2> papertigers: can't you just add a tap?
[16:46] <a_ok2> i mean qman
[16:46] <papertigers> a_ok2: ive never worked with taps directly how do you do that
[16:48] <a_ok2> papertigers: first install uml-utilities
[16:48] <papertigers> doing that as we speak already haha
[16:48] <papertigers> a_ok2: okay got it
[16:49] <a_ok2> than create a tap with tunctl -b -u <username that needs access (can be ommited)>
[16:49] <a_ok2> it should say what tab it made
[16:50] <a_ok2> than do brctl addif <bridgename> tap0
[16:50] <a_ok2> papertigers: nothing to it really
[16:50] <papertigers> ahh okay so basically i can create a bridge called trunklink
[16:51] <papertigers> and add say tap1 and tap2 and assign tap1 to vm1 and tap2 to vm2?
[16:51] <a_ok2> brctl addbr trunklink
[16:51] <a_ok2> yes exactly
[16:51] <a_ok2> that is what I do
[16:52] <papertigers> a_ok2: okay thanks a lot I will have to play with this, I recntly saw that openswitch project too
[16:52] <papertigers> http://linux-kvm.com/content/openvswitch-reaches-100
[16:52] <a_ok2> do note that you need to assign MAC adresses, by default it pics the same for every VM in this setup you will have conflitcs
[16:53] <a_ok2> papertigers: bridges work fine with me. can even use iptables on them
[16:53] <a_ok2> papertigers: I was really amazed with that (never had a firewall on a switch before)
[16:54] <papertigers> a_ok2: yea I need to get some iptables going on my kvm machine
[16:54] <papertigers> did it get complex?
[16:54] <thesheff17> yea another question is say I have a box running two VM.  if one is communicating with the other does the traffic actually flow out of the cat5 to the switch and back in?  Or is KVM smart enough to know to route traffic internally?
[16:54] <a_ok2> no, you just need to know that you have to put the rules in the forwarding table instead of input
[16:55] <papertigers> thesheff17: should hit the bridge device which is actually a switch
[16:55] <papertigers> and it should not go out
[16:55] <thesheff17> ah ok
[16:55] <thesheff17> cool
[16:56] <papertigers> brctl showmac vr0
[16:56] <papertigers> brctl showmac br0
[16:56] <papertigers> its showmacs
[16:57] <mathiaz> ttx: how about having a standard directory for JAVA_HOME
[16:57] <mathiaz> ttx: and then manage the standard directory as a symlink to the actual jvm used
[16:57] <a_ok2> papertigers: the nice thing of putting firewall rules on the bridge is that you only have to define them onces and firewall all the machines on it (one of my bridges is connected directly to the internet)
[16:57] <ttx> mathiaz: whatever solution would need to be discussed on debian-java
[16:57] <papertigers> thesheff17: that work? it should show a local field too
[16:57] <mathiaz> ttx: agreed
[16:57] <ttx> mathiaz: since most of the action happens there
[16:58] <mathiaz> ttx: it just seems that could be improved
[16:58] <ttx> (even I do my commits in debian first)
[16:58] <papertigers> a_ok2: are you doing the bridge device or the interfaces on it like vnet0
[16:58] <ttx> mathiaz: definitely, but there may have been prior art
[16:58]  * ttx eows
[16:58] <mathiaz> ttx: any examples of JAVA_HOME in debian/rules?
[16:59] <papertigers> a_ok2: would you mind sending me your iptables script and striping out anything you dont want me to see?
[16:59] <ttx> in debian/rules you set it to whatever you build-dep points to
[16:59] <ttx> mathiaz: JAVA_HOME=/usr/lib/jvm/default-java
[16:59] <ttx> mathiaz: since you bd on default-jdk
[16:59] <a_ok2> papertigers: no you set the rules on the bridge, and use the Ip adresses or mac adresses that are used in the VM host if you need to need to filter based on that
[16:59] <ttx> mathiaz: gtg
[16:59] <mathiaz> ttx: ok - thanks
[16:59] <papertigers> a_ok2: ahh okay
[17:00] <mathiaz> ttx: have a nice weekend!
[17:00] <papertigers> a_ok2: what kind of hardware is your KVM box
[17:01] <a_ok2> papertigers: dell poweredge something, has two Xeon E5520, and 8GB ram
[17:02] <a_ok2> disks are in a san (also a poweredge, running on openfiler)
[17:03] <papertigers> a_ok2: jealous haha, I have a box I built with a phenom quad core and 8gig of ram
[17:03] <papertigers> a_ok2: my disks are on my 5.4tb raid6 shared via nfs
[17:03] <thesheff17> hehe I have a dell desktop running KVM :)
[17:04] <a_ok2> thesheff17: well I have a laptop running kvm (on a 1.2 Ghz low voltage C2D) runs just fine
[17:05] <papertigers> thesheff17: all my money goes into my computers :( why do i even work
[17:05] <papertigers> a_ok2: how do you like openfiler
[17:05] <thesheff17> I feel the same way
[17:05] <thesheff17> I just bought a new i7 laptop
[17:06] <thesheff17> is it possible to bridge a wlan0 to br0?
[17:06] <a_ok2> thesheff17: we only have 900GB effectively (also raid 6) but they are those new SAS 6GB/s
[17:07] <papertigers> a_ok2: I would love to have sas based storage, but for now I will stick with sata for cost reasons
[17:07] <a_ok2> papertigers: it works greath if you have 2.3, unfortuanatly I have a bit to new hardware to run the stable version (perc h700 is not supported yet)
[17:07] <a_ok2> papertigers: actually they are not that expensive anymore
[17:08] <papertigers> my 1tb black WD drives never do me wrong
[17:08] <papertigers> a_ok2: how much is a typical drive
[17:10] <a_ok2> 300Gb 230 euro's
[17:11] <a_ok2> ours where much cheaper though
[17:11] <a_ok2> let me see if I can find what we paid
[17:13] <papertigers> okay thanks
[17:16] <a_ok2> papertigers: its not specified, unfortunatly. we have 5 300GB 6gb/s 15k Hot swappable disks. for about 1000 euros I think
[17:16] <papertigers> a_ok2: great thanks for showing me tap haha now I am going to set up a bridge with a bunch of taps and vyatta and play with its routing
[17:19] <a_ok2> papertigers: you can actually use iptable rulles on the interface i forgot (you just have to specify it diferently) check this out: http://www.sjdjweis.com/linux/bridging/
[17:19] <a_ok2> gtg later
[17:20] <papertigers> thesheff17: ahh kvm is so nice
[17:21] <thesheff17> yea I really do like it...it works very well.  I have been fighting a little with vmbuilder.
[17:22] <thesheff17> but I have been running kvm since 9.04 and never looked back at vmware
[17:29] <papertigers> thesheff17: I am going to try vmbuilder today
[17:29] <papertigers> hey do you know if there are any rules of thumb based on number of vms to processors
[17:30] <thesheff17> papertigers I have a small python wrapper for vmbuilder if you want it. Nothing special and it is a work in progress but works well.
[17:31] <thesheff17> vms per proc is tough...if most of the time the vm sits there and does nothing you can create a bunch....I try to limit 2-3 per CPU
[17:32] <papertigers> thesheff17: per cpu core?
[17:32] <thesheff17> papertigers: yes
[17:32] <papertigers> thesheff17: I love python, sure id love to have a look at it
[17:33] <papertigers> are you doing cpu pinning or just letting kvm controll that
[17:34] <thesheff17> I'm letting kvm control that.  most linux machines just sit idle all day and then spike during a specific event cronjob usually....so I just make sure that I stagger cronjobs
[17:35] <thesheff17> http://ubuntu.pastebin.com/Ayxrcqn5
[17:35] <papertigers> thesheff17: hmm I am gonna set up a mini network in kvm maybe ill give them all like 128mb of ram and 1cpu
[17:36] <papertigers> thesheff17: thanks I downloaded it.  What do you have your VMs doing, currently I have dns, web, and ubuntu mirror as my always up running vms
[17:37] <thesheff17> basically I have been prepping moving my production env to KVM and want to be able to build VM on the fly for load balancing.  We are a big Java shop so we run tomcat, jboss, terracotta.
[17:38] <thesheff17> so in the script I just basically concatenate a string to build the packages I want per machine
[17:38] <papertigers> thesheff17: ahh nice, I need to find a company that will let me do their network and run ubuntu and VM's
[17:38] <papertigers> thesheff17: how do you plan on doing load balancing?
[17:39] <thesheff17> well I eventually want to get VM's running squid
[17:39] <thesheff17> but for now we use an hardware F5 that is super expensive
[17:39] <thesheff17> :(
[17:40] <thesheff17> also you may have to adjust the script a little...it accounts for a local ubuntu repository
[17:40] <papertigers> I have a local ubuntu repository, one of my VMs :P
[17:41] <thesheff17> hehe nice
[17:41] <papertigers> thesheff17: how do you plan on spawning vms based on load?
[17:42] <thesheff17> that is a good question...I haven't gotten that far yet but plan on monitoring the load on the current VM's and put some zabbix threshhold on CPU & time and if that trigger happens spawn more
[17:43] <papertigers> thesheff17: ive never used zabbix
[17:43] <papertigers> what kind of vms do you want to spawn? webservers?
[17:43] <thesheff17> basically just a monitoring tool..I'm sure most can do it
[17:43] <thesheff17> yea web servers
[17:44] <thesheff17> and jboss
[17:44] <smoser> Daviey, ping
[17:44] <smoser> instances go from pending to terminated.  /var/log/libvirt/qemu/i-37430731.log shows:
[17:44] <smoser> libvir: Security Labeling error : internal error error calling aa_change_profile()
[17:44] <thesheff17> there is also a bug right now for tmpfs param which builds it in RAM for testing and is very quick.  You have to get the latest package from here https://launchpad.net/~vmbuilder/+archive/daily/+packages
[17:45] <papertigers> thesheff17: so basically you would need to set up a load balancer and dynamically add the ip's of the newly added vm's to the list of servers
[17:45] <thesheff17> yes or just have a range already in there
[17:46] <thesheff17> like 192.168.1.50-192.168.1.75 will be my web server range
[17:46] <papertigers> thesheff17: but if you had the range in there and a vm was off, wouldnt it still try to send the connection to it
[17:46] <thesheff17> and they do active checks on apache
[17:46] <thesheff17> they won't serve boxes not running apache
[17:46] <papertigers> thesheff17: ahh okay, what load balancer is that?
[17:47] <thesheff17> I'm using pound for our dev env and an F5 for production
[17:48] <thesheff17> papertigers: hehe I even run the pound server on the KVM server
[17:48] <papertigers> thesheff17: I am looking into doing this too now haha
[17:50] <smoser> above, i found bug 599450, trying hally's work around. to disable.
[17:50] <papertigers> thesheff17: I was playing around with migrate, I had it working perfectly, distributing load would be awesome too
[17:51] <thesheff17> papertigers that is such a good idea to migrate them around too :) Here is my config file for pound: http://ubuntu.pastebin.com/dyTjeV9Y
[17:52] <thesheff17> papertigers: it is setup to just load balance two machines but can easily have more
[17:52] <papertigers> thesheff17: thanks I have so much to play with now haha
[17:53] <thesheff17> papertigers: you can also do SSL with pound which I really like...not all load balancers have support for SSL.
[17:53] <papertigers> yeah moving them accross kvm servers is cool.  I could write a python script to monitor load and then migrate to the other kvm based upon load
[17:53] <thesheff17> papertigers: np I have been working on KVM and vmbuilder for a while now and would love to see more people use it and bounce ideas off each other. vmbuilder is so promising I can really build a lucid apache server in about 5 min.
[17:54] <papertigers> thesheff17: yeah i need to use vmbuilder, going through virt-manager and doing a full install sucks
[17:55] <papertigers> thesheff17: do you plan on building vms or having them built and turning them on when needed
[17:56] <thesheff17> papertigers: for production I would have them built and off.  Chances are I will spin up manually until I get all this working.  Eventually though I want my entire env build from vmbuilder.  Auditors are climbing up my back all the time telling me my servers are not the same
[17:57] <thesheff17> papertiger: I would love to just send the auditors my python script and say this is what our servers is running and nothing else.
[17:58] <papertigers> thesheff17: haha nice, yeah I am doing this all in my home lab for now.  What company do you work for
[17:59] <thesheff17> papertigers: ticketreserve.com
[17:59] <thesheff17> papertigers: hopefully no one gets offended...it has had some problems in the past :)
[18:00] <papertigers> thesheff17: what has?
[18:00] <thesheff17> papertigers: the company
[18:00] <thesheff17> papertigers: I do allot of consulting work though also
[18:01] <papertigers> thesheff17: ahh okay
[18:01] <papertigers> tell them you yourself are opensource haha
[18:01] <thesheff17> papertigers: I wish it was that easy :)
[18:03] <papertigers> thesheff17: I hate that on most of my vm's shutdown doesnt work :(
[18:07] <thesheff17> papertigers: are you running them from virt-manager or are you running shutdown -h now within the vm?
[18:08] <papertigers> virt-manager or virsh shutdown vm
[18:08] <papertigers> in the vm i can do a halt just fine
[18:08] <thesheff17> papertigers: ok yea I can't say I have had a vm not work with shutdown -h now inside the vm
[18:10] <RoyK> papertigers: I've seen that - I can't shutdown my VMs from virt-manager either
[18:10] <RoyK> 'halt' or similar from inside the VM works, though
[18:12] <papertigers> RoyK: yeah same
[18:12] <papertigers> thesheff17: interesting, I am looking at that tap stuff, looks like i cant assign it directly to a device, needs to be a part of a vm
[18:14] <thesheff17> papertigers: yea I'm having some weird results from vmbuilder...I'm emailing back and fourth with the developer for that project.
[18:38]  * RoyK reads up on Fortran
[18:46] <Daviey> smoser: Yeah.. i think that is apparmour playing it's magic - i think a fix is landing soon!
[18:46] <Daviey> that isn't our bug to solve, sadly.
[18:49] <SpamapS> Daviey: http://ceph.newdream.net/wiki/RADOS_Gateway
[18:49] <SpamapS> Daviey: ever seen that?
[18:50] <SpamapS> Daviey: its an S3 store.
[19:12] <mullerk> ]
[19:12] <mullerk>  i have a hp server, proliant dl120. I'm trying to install ubuntu 8.04, but the sata hard drive is not being detected in the installation. how can I discover the correct driver for that?
[19:15] <remix_tj> mullerk: maybe depends on the contoller
[19:15] <remix_tj> lspci maybe can help
[19:16] <mullerk> the problem is that I don't have the driver for that
[19:16] <mullerk> accordgin to hp website, it's a "HP Proliant Smart Array Controller". Anyway, I'm not using RAID
[19:20] <au> hello, I followed https://help.ubuntu.com/10.04/serverguide/C/postfix.html but when I do ehlo mail.mydomain.com, it has everything else but 250-AUTH LOGIN PLAIN
[19:20] <au> how can I get it to show 250-AUTH LOGIN PLAIN
[19:20] <au> brr, missing those question marks :)
[19:23] <Daviey> SpamapS: I hadn't.. looks interesting
[19:24] <soren> SpamapS, Daviey: S3 really isn't rocket science. It took me a day or so to implement in OpenStack.
[19:24] <soren> I'm surprised there isn't of them out there :)
[19:25] <au> hmm so any postfix gurus around?
[19:26] <RoyK> au: I'm not a guru, but I've used it for some years...
[19:27] <au> hmm would you be able to tell me what I am doing wrong? please
[19:30] <RoyK> au: what are you trying to achive?
[19:30] <RoyK> simple smtp?
[19:30] <RoyK> or authenticated smtp?
[19:31] <au> setup a simple smtp server
[19:31] <au> where yes I have to authenticate to send emails
[19:31] <RoyK> au: isn't that 250 ok, then, if you want auth?
[19:32] <au> hmm found a smtpd_tls_auth_only = yes in main.cf, one moment
[19:32] <RoyK> sounds reasonable :)
[19:32] <RoyK> TLS is a wee bit more secure than plaintext
[19:33] <au> I would like it to have both options
[19:33] <RoyK> au: if it's on a private LAN, just define the IPs from whom you want to allow relay
[19:35] <au> nope, not private lan
[19:36] <au> RoyK: thanks for help :)
[19:36] <RoyK> :)
[19:38] <thesheff17> au: yes I just checked mine and I have relayhost = ip  I also don't have to authentication.  I know this doesn't help but know it works...have you checked that you make sure you can get to port 25 on that smtp server?
[19:39] <SpamapS> soren: backed by CEPH, this RADOS should be really damn scalable.
[19:40] <au> thesheff17: yep it works fine :) now just to see why it's giving me a wrong ssl certificate :)
[19:54] <cablop> i need some help to setup a https apache server
[19:55] <Pici> What part of the setup is causing issues?
[19:55] <cablop> in one step i'll need to create certificates and other things and i don't know how to setup the server name... i mean the domain name that i need to create the certificates for, how can i?
[19:55] <cablop> an old guide says i need to go to "System->Administration->Networking:General" butr that menu does not exist here
[19:55] <mullerk> hey guys, i'm still looking for how to install the ubuntu server in a hp server with sata driver.. the hd is not being reconized... somebody help me!
[19:56] <cablop> or maybe i can sklip that hostname part and go ahead?
[19:56] <Pici> !hostname
[19:58] <cablop> wait a second can i set up a domain.name as a hostname?
[20:00] <RoyK> mullerk: what sort of SATA controller do you have on that one?
[20:05] <soren> SpamapS: I guess I didn't look too closely. Is it actually bound to ceph in any way, or is it just a frontend to an arbitrary filesystem?
[20:05] <thesheff17> cablop: I think the new 10.04 has an certificate built in if you install openssl
[20:06] <thesheff17> cablop: look under /etc/apache2/sites-available/ dir
[20:06] <thesheff17> cablop: that will be the location for config stuff.
[20:08] <cablop> thanks thesheff17
[20:11] <papertigers> thesheff17: this setup took me a bit to think about, going through with the vyatta install haha i stress my kvm box so much
[20:14] <thesheff17> cablop: check this out http://ubuntu.pastebin.com/mrjDZw2y
[20:15] <thesheff17> cablop: it is a little outdated that first link but still works.  If you are going to get your cert signed you have to run it through that process as well and put the right files in the right place.  /etc/apache2/auth/ is an directory I just created.
[20:16] <SpamapS> soren: as I understand it, RADOS is CEPH's lower level
[20:16] <soren> SpamapS: Oh, I see.
[20:17] <SpamapS> soren: so CEPH is really just an interface to RADOS, as is the RADOS Gateway which speaks S3
[20:17] <thesheff17> papertigers: nice...have you used virt-clone?
[20:19] <papertigers> thesheff17: yeah ive used it like once
[20:19] <thesheff17> papertigers: I haven't used it in a long time but there was a problem that you had to edit /etc/udev/rules.d/70-persitent-net.rules and adjust the network.  which was a pain.  I think I have started cloning a vm that had the script on the box and when you logged in as root it did a reboot and then the network was fixed.
[20:19] <papertigers> but then you have to set the hostname again and change the nic
[20:22] <RoyK> anyone that knows where I can get an affordable SSL certificate?
[20:23] <thesheff17> godaddy
[20:24] <RoyK> g'day
[20:24] <thesheff17> 3 years 24 dollars
[20:25] <cablop> thanks thesheff17
[20:25] <cablop> RoyK try comodo too, they have certificates too
[20:29] <RoyK> seems godaddy is a good place to start - thanks :)
[20:29] <thesheff17> papertigers: what are you trying to do with vyatta?
[20:32] <thesheff17> RoyK: I sound a like a godaddy rep but they have cheap ssl certs and there turn around time on them are quick.  Others take time to review bs thinking there is some type of extra security built into delaying you your cert.  If it is isn't production self signed certs are always a good way to go.
[20:32] <thesheff17> Royk: hell have the govt certs are self signed.
[20:33] <RoyK> thesheff17: what would you recommend?
[20:33] <cablop> thanks for the help
[20:33] <cablop> i have to go for a while
[20:33] <RoyK> I don't want self-signed certs
[20:33] <cablop> see ya
[20:34] <thesheff17> RoyK: just the cheapest one for as long a you want...the crap that makes it green in the title bar is over kill :)
[20:36] <mullerk> Roy: it's a HP Proliant Smart Array COntroller
[20:40] <smoser> kirkland, Daviey one of you able to anwer
[20:40] <smoser> http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu/maverick/eucalyptus/devel/annotate/head:/debian/eucalyptus.conf
[20:40] <smoser> for VIRTIO, i put that on the CC or the NC
[20:41] <smoser> i tried CC and restart with CLEAN=1, but no affect it seems.
[20:41] <smoser> node controller. verified (i think).
[20:42] <raubvogel> which user does ngnix run as?
[20:42] <Daviey> o/
[20:42] <Daviey> smoser: I think we are carrying the force virtio patch, which might be causing that.
[20:43] <smoser> no
[20:43] <Daviey> smoser: Is the problem that, you can't get virtio, or you can't disable it?
[20:43] <smoser> without that stuff, it does virtio root
[20:43] <smoser> s/virtio root/scsi root/
[20:43] <smoser> adding it to eucalyptus.conf on the node changes it to virtio root
[20:43] <smoser> it seems broken to me that that setting would be on the node
[20:44] <Daviey> where would you expect it to be?
[20:44] <Daviey> surely it's the node that does the magic
[20:44] <smoser> yes, but surely it has to be configured on a per-cloud basis
[20:44] <Daviey> per *node* basis
[20:44] <smoser> it would be bonkers to have an image get one set of hardware on one node, and one set on another node.
[20:45] <smoser> because 2 nodes /etc/eucalpytus.conf settings differed.
[20:45] <Daviey> smoser: whilst i agree, it does seem to be logical to have the setting on the nc
[20:46] <smoser> no.
[20:46] <smoser> :)
[20:46] <Daviey> It reasonable to assume that if an end user changes the defaults, they need to have a plan to make it migrate themselves
[20:46] <Daviey> smoser: patches welcome if you disagree enough :)
[20:47] <SpamapS> Daviey: so , do we have any idea if eucalyptus will be able to display any graphs we produce?
[20:47]  * Daviey makes a call.
[20:47] <Daviey> SpamapS: Yes... just clarifying how now..
[20:47] <smoser> of course it will.
[20:48]  * smoser is feeling a bit snarky after dealing with instability all day
[20:48] <SpamapS> BTW does anybody know who moderates ubuntu-devel@lists ?
[20:50] <Daviey> SpamapS: check mailman]
[20:53] <benedikt> shouldnt libivirt store the virtual disk images somewhere in /var?
[20:53] <benedikt> it has been placing my images in my ~ for some reason
[20:58] <smoser> SpamapS, i've pinged cjwatson in your position before, and it got fixed.
[20:58] <smoser> he's probably overkill for that, but i'm fairly certain he has acl
[21:04] <benedikt> more specificly, how do i control where libvirt will store teh image for a guest i create
[21:25] <tyska> hi guys, im having problems with CUPS + WIN, cant print on authentication required printers, can someone help me?
[21:26] <tyska> im stucked very much time on this =/
[22:24] <thesheff17> ping benedikt
[22:24] <thesheff17> benedikt: ping
[22:25] <mustelo> I've got a lab running lucid (desktop) connecting via kerberos to a server. authentication works great, and I can login via the console on the desktop machines, but graphical login hangs. has anyone seen this issue?
[22:26] <benedikt> thesheff17: pong
[22:26] <thesheff17> benedikt: how are you building your vm?
[22:27] <thesheff17> virt-install?
[22:27] <benedikt> ubuntu-vm-builder
[22:27] <thesheff17> haha funny...ok I was creating multiple vm with a script
[22:27] <thesheff17> and they where overwriting each other
[22:27] <thesheff17> I talked to the developer and he just said what ever directory you are in they will build in there.
[22:28] <benedikt> ah, cool.
[22:28] <benedikt> then its pretty easy to decide where they go
[22:28] <thesheff17> At least here on lucid, the vm gets placed inside $CWD/ubuntu.kvm.
[22:28] <thesheff17> it used to be /var/ something...I was also very confused
[22:28] <thesheff17> I haven't tested it yet but I bet that is it.
[22:34] <benedikt> im gonna try later
[22:34] <benedikt> ill let you know
[22:35] <thesheff17> k sound good ttyl
[23:41] <papertigers> thesheff17: I messaged you if you are still around
[23:57] <kimi_> HEllo to everybody. Does anybody ever configured a freeradius in Ubuntu?