/srv/irclogs.ubuntu.com/2010/08/05/#ubuntu-server.txt

jose120photoDoes anyone know of any good reading material on good practices for setting up a Ubuntu Server as a guest VM?00:10
jose120photoI have setup Ubuntu Server VMs before, but I will be setting one up for production and I just want to make sure I don't run into any gotchas down the road00:11
YankDownUnderjose120photo, On what - an MS box?00:17
MTecknologySpamapS: I'm back - to fight this some more..00:17
MTecknologyIs it possible to not actually become the user but run a command with their uid?00:21
SpamapSMTecknology: :)00:22
SpamapSMTecknology: thats what sudo -u does00:22
MTecknologySpamapS: sudo -n -u demo.kalliki.com -i -- "ls /home"00:23
MTecknologySpamapS: Doing that shows me a listing of users inside of the jail00:23
SpamapSMTecknology: -i ?00:23
MTecknology...00:23
SpamapSMTecknology: why?00:23
MTecknologyto to run that command00:24
SpamapSMTecknology: thats for simulating their login .. as in, running their specified shell (probably your chroot)00:24
MTecknologythat would make sense why it's not working for me :P00:24
SpamapSIndeed00:24
MTecknologyHow can I execute a command without them logging in?00:24
SpamapSMTecknology: take off -i00:25
MTecknologySpamapS: have you ever had a huge face moment that involved your palm?00:25
uvirtbotNew bug: #613671 in puppet (main) ""undefined method `closed?' for nil:NilClass" when signing certificate" [Undecided,New] https://launchpad.net/bugs/61367100:26
MTecknologyI think I stuck this in a loop :S00:27
MTecknologySpamapS: thanks :D00:27
SpamapShttp://www.lostrepublic.us/Graphics/DoubleFacePalm.jpg00:28
MTecknology:P00:29
MTecknologyweird...00:29
MTecknologysomehow the yes command is taking EVERYTHING after it as input00:30
MTecknologyyes y | /usr/local/sbin/drush/drush -r $base $oper" - keeps repeating this -   y | /usr/local/sbin/drush/drush -r /jail/home/accents3101.com/pressflow -l accents3101.com up00:30
hggdhMTecknology: not here :-)00:33
MTecknologySpamapS: THERE! I needed -s instead of -i00:34
SpamapSMTecknology: if you're running it without a shell, thats why.00:34
SpamapSMTecknology: ah, yes, -s00:34
MTecknologyhggdh: you're not here?00:34
hggdhMTecknology: no, 'yes' behaves sensibly here00:34
hggdhI *am* here. I think.00:35
MTecknology:P00:35
MTecknologywoohoo - this is awesome my big massive fight with jails is coming to an end00:35
MTecknologyhggdh: It kind of makes sense that it acted like that - just weird00:36
=== erichammond1 is now known as erichammond
uvirtbotNew bug: #613683 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.3 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/61368301:51
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
=== oubiwann is now known as oubiwann-away
MTecknologyDangit.. I thought I had this puppy licked03:33
papertigersMTecknology: what puppy!03:35
MTecknologypapertigers: moving all users into a jail but having the system work as the users outside of the jail03:36
papertigersMTecknology: oh thats right you wanted to move vim haha03:36
MTecknologypapertigers: vim is the least of the battles :P03:36
MTecknologypapertigers: was one though. debootstrap lenny + removing packages I didn't need proved to be MUCH easier for this particular use. However.. jailkit was amazing and light.03:37
MTecknologypapertigers: WOW! Somehow I just managed to loop into becoming a user - basically   for i in {1..10}; do su - user$i; su - user$i; su - user$i; done03:40
MTecknologypapertigers: and to type exit a lotta times :P - I think that means my sudo command is wrong :P03:40
=== oubiwann-away is now known as oubiwann
papertigersMTecknology: you are crazy, whats this jail for03:43
MTecknologypapertigers: so no user can start php processes - there's a few other things I don't want them touching if they have a shell account03:44
papertigershmm03:44
papertigersMTecknology: why not just give them rbash03:44
papertigersof some sort03:44
papertigersrestrictive bash03:44
papertigershaha03:44
MTecknologypapertigers: tried that route - sum it up.. people rarely use rbash in real life because it doesn't really work03:45
papertigersthe other option id say would be pam03:46
papertigerspam seems perfect for this03:46
MTecknologypapertigers: The monday I decided to fix the big massive gaping security hjoles that I knew about for a while.03:47
MTecknologyI thought so too.. turns out it wasn't :P03:47
MTecknologyIt could help, but only do half of what I want03:47
MTecknologypapertigers: Monday morning I'd known about many holes for a while. Some of which allowed any remote user to entirely wipe the system03:50
MTecknologypapertigers: I'm curious - MTecknology: you are crazy, <-- what do you mean by that?03:52
MTecknologypapertigers: I kind of ignored it because I hear it so much :P03:52
papertigershaha03:54
papertigerswhat wholes?03:54
MTecknologyway too many to count03:54
[IA]ZealotQuestion: In 10.04 Server, how to I permanently disable screen blanking for all the ttys ?04:12
rdw200169[IA]Zealot: this was mentioned before (hold on)04:19
rdw200169[IA]Zealot: i believe this is what you want: http://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior04:30
[IA]Zealotrdw200169: I'll read it thanks :)05:06
TheJ3ckyl?? Ubuntu 10.04   syslogd equal to rsyslogd in /etc/default so that if I add the "-r"  it will allow remote syslog messages?06:33
TheJ3ckylanyone??06:39
=== lag is now known as Guest69465
Roxyhart0Hi there... i need to add the record A from my domain controler to bind, i am not sure how to do that. somebody know?07:17
ivoksit's process of editing a file07:26
Roxyhart0thanks ivoks, i know but i dont know what i need to write there as is a domain controler..i already write in it @ in A 127.0.0.1 as the same server is the domain controler, but still i got the error07:30
Roxyhart0so, maybe do i need to write something different?07:30
ivoksdid you raise serial?07:30
Roxyhart0sorry what do you mean?07:30
ttxDaviey: o/07:30
ivoksRoxyhart0: in that file where you added A record, there's a line that has string 'serial'07:31
ivoksor 'Serial'07:31
ivoksdo you see it?07:31
Roxyhart0no ?07:32
ivokscould you paste that file on pastebin?07:32
Roxyhart0sorry yes, it say erial 207:32
=== mdeslaur-afk is now known as mdeslaur
ivoksraise it to 3 and reload bind07:33
Roxyhart0ok, i will try tahnks07:33
=== lag is now known as Guest13436
=== g0rd0n_ is now known as g0rd0n
Roxyhart0hi there, i im writing 2 domains in the dns...one is mydomian.com and the another one is myseconddomain.com. for some reason the client just can do nslookup to the first one. What cpuld be the error? I am able to do nslookup to the second one but just form the same dns server, no form clients08:24
g0rd0nmaybe some error in the zone? reload bind and check syslog08:32
Jeeves_Roxyhart08: Which domains?08:43
Roxyhart08well, my domain controler which in samba is called MYDOMAIN and the  domain name which is mydomain.com08:45
Jeeves_Which one doesn't work?08:46
Roxyhart08apparetly i need to set it for both in dns, but the client just look for mydomain.com08:46
Roxyhart08MYDOMAIN08:46
Roxyhart08doesn work08:46
Jeeves_Do you actually own mydomain.com ?08:46
Roxyhart08i can see it form the our dns server08:46
Jeeves_That's not what I asked :)08:47
Roxyhart08is ujst a name...the name is WHcollege, but is just internal08:47
Jeeves_Roxyhart08: It does exist in the real world.08:47
Roxyhart08no08:47
Jeeves_It's always a bad idea to use real existing names internally.08:47
Roxyhart08doesn exist08:47
Jeeves_   Domain Name: MYDOMAIN.COM08:48
Jeeves_   Registrar: MYDOMAIN, INC.08:48
Roxyhart08the problem is i want to join windows client to the domain controler08:48
Roxyhart08is not the name ...the name that im using is WHCollege08:48
Roxyhart08it is not in the real world08:48
Jeeves_'called MYDOMAIN and the  domain name which is mydomain.com'08:49
Jeeves_Anyhow, which resolving nameserver is the client using?08:49
Roxyhart08it is using mydomain.com but when i do nslookup from the machines tell me mydomain.com doesnt find MYDOMAIN08:50
Jeeves_Anyhow, which resolving nameserver is the client using?08:50
Roxyhart08but if i do it form the ouw dns server it give me result08:50
Roxyhart08is using mydomain.com08:51
Jeeves_No, a nameserver cannot be 'mydomain.com'08:51
Roxyhart08what do you mean08:52
Jeeves_First of all, mydomain.com exists. Thus should not be use ny you unless you own it. Second of all, a resolving nameserver is an ip-addres, since it is the start of the DNS-chain.08:52
Roxyhart08im just sayind this name, but i got one different but is too long to write, that is why is tell you mydomain as a "X" name08:52
Roxyhart08it give the internal ip which is the ip for dns server 172.16.0.308:53
Jeeves_If you query that server from another client, does everything work?08:54
Roxyhart08same error08:55
Roxyhart08i would likt to have 2 domains ..but it just see one08:56
bcomphi, newbie here. i'm setting up apache on a server i just made, but i have no idea how to create a mysql server that can modify databases. can anyone help me?08:56
Jeeves_And if you query that IP from the server itself, does it work?08:56
Roxyhart08yes08:56
Roxyhart08excactly08:56
Jeeves_so 'dig @172.16.0.3 <thing that isn't working> A' works?08:57
Roxyhart08i do not have this tool from windows clients08:58
Roxyhart08i will try form a mac08:58
Jeeves_I asked you if it works from the server, you say yes, and now you say you have to try a mac08:59
Jeeves_omg, I'm going for a smoke08:59
Jeeves_Are you even using Ubuntu?08:59
Roxyhart08yes as server09:00
Roxyhart08but clients are windows and mac09:00
Roxyhart08the problem is with windows to join in the domain09:00
Jeeves_Yes, and I asked you to run the query *from* the server09:00
Roxyhart08(re join)09:00
Jeeves_'the problem is with windows'09:00
Roxyhart08ok, i did form a mac and it works09:00
Jeeves_That could be in the topic09:00
Jeeves_But that's not what I asked09:00
Jeeves_I give up09:00
bcompRoxyhart08: I'm on a mac now, if you need someone to test a site09:01
bcompjk09:01
Roxyhart08Jeeves, yes it work from the server09:01
bcompcould anyone help me with setting up a mysql server?09:12
Black_Prince!mysql09:14
ubottuLAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)09:14
bcompthx09:15
Black_Princeor this09:15
Black_Princehttps://help.ubuntu.com/10.04/serverguide/C/mysql.html09:15
bcompok so i just set up a database for use with ampache, but i'm getting an error for ampache09:25
bcomp"unable to make database ConnectionAccess denied for user 'ampache-user'@'localhost'"09:25
bcomp...09:27
Jeeves_bcomp: Have you done some 'grant'-stuff?09:28
bcompyeah i granted all the access i needed too09:29
bcompor so i thought09:29
bcompi might just make a user with full priviledges to see it if works09:29
bcompok what the hell09:30
Jeeves_bcomp: Have you done a 'flush privileges' ?09:31
bcompwould "CREATE DATABASE /media/ampache-musiclib;" be a valid command in mysql or not?09:31
Jeeves_No09:31
bcompwhat's wrong with the syntax?09:31
Jeeves_ /'s aren't allowed09:31
Jeeves_CREATE DATABASE ampache;09:31
bcompare '-'s not cool either?09:32
Jeeves_GRANT USAGE ON *.* to `ampache`@`localhost` identified by 'password' with grant option;09:32
Jeeves_GRANT ALL ON ampache.* to `ampache`@`localhost` with grant option;09:32
Jeeves_flush privileges;09:33
bcompwhat exactly does flush priviledges do?09:33
bcompout of interest09:34
Jeeves_It is (unfortunatly) needed by mysql to reread it's permission table09:35
bcompah09:35
bcompthanks09:36
huatsmorning09:37
bcompstill unable to make database connection09:38
Jeeves_bcomp: The server and client do run on the same machine, right?09:38
bcompyes09:38
Jeeves_And what error do you get?09:39
bcomp"Error: Unable to make Database ConnectionAccess denied for user 'ampache'@'localhost' (using password: YES)" from the client program09:39
Jeeves_and how did you call the database?09:40
bcompthe program allows you to set it up through a web interface09:40
Roxyhart08sombosy have exerience with samba? I mean what could happen if i change the workgroup name on smb.conf ?09:41
Black_PrinceNothing09:46
Roxyhart08cool!09:46
uvirtbotNew bug: #577041 in mysql-cluster-7.0 (universe) "package mysql-cluster-client-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/mysql', which is also in package mysql-client-core-5.1 0:5.1.41-3ubuntu12" [High,Triaged] https://launchpad.net/bugs/57704109:52
xamparti have 1TB raid1 with 2 1TB hdds. i replaced the other with 2TB hdd, and it's now syncing. after that i mean to replace the other 1TB hdd too. how do i grow the raid-device correctly?10:27
twbAFAIK you can't grow arrays10:29
twbYou would normally assemble a new (possibly degraded array), pvcreate it, move the LVs onto it, then decommission the old array.10:30
xamparttwb: how about "mdadm --grow" option?10:38
twbxampart: oh, cool10:39
twbThat would've saved me some hassle last month10:39
xampartso no experiences anyone?10:39
twbIn that case I imagine you replace sdb (1TB) with sdb (2TB), resync, swap sda (1TB) for sda (2TB), then mdadm /dev/md0 --grow max10:41
xampartmy thoughts exactly. would be nice though, to have some information before messing my system up10:42
bcompso i'm trying to set up an irc server for the hell of it, but i'm getting lost and can't find any documentation12:01
twbapt-get install ircd?12:02
bcompi'm using ircd-ircu off aptitude12:02
twbThere should be documentation in manpages and/or /usr/share/doc/<package name>/, and possibly in comments at the top of /etc/<package name>.conf12:02
bcompah12:03
bcompwould straight-up ircd be a better choice?12:04
bcompi'm getting tired of having to type ircd-ircu, instead of just ircd12:04
bcompwhat's an easy way to uninstall programs?12:09
bcomp...12:11
xampartaptitude remove <package>12:11
bcompthanks12:15
sommermorning12:17
bcomphello12:27
xampartevening12:34
=== dendrobates is now known as dendro-afk
hggdhDaviey: good morning/afternoon, I hope you did get some sleep13:39
Davieyhggdh, heh13:39
Davieyhow are you doing?13:39
smoserso is all this my fault ?13:39
hggdhLife is good. Euca is not13:39
smosercause i slept good last night :)13:40
hggdh:-)13:40
smoseri really am sorry.13:40
Davieysmoser, yeah - UEC was running perfectly before you touched it :P13:40
Davieynow it's busted beyond repair :)13:40
hggdhsmoser: life sucks, then you die ;-)13:40
hggdhDaviey: I am cancelling the 60-sec interval run13:41
hggdhright now, 42% success13:41
smoserDaviey, did you open a grub bug ?13:41
smoseri'd like to look / comment at it13:41
hggdhsmoser: yes, there is one open13:41
Davieysmoser, yes13:41
* hggdh goes digging it13:41
smoserbug 61273113:42
uvirtbotLaunchpad bug 612731 in cloud-init "uec images and update-grub will have issues with virtio root" [Undecided,New] https://launchpad.net/bugs/61273113:42
Davieyerm13:42
smosergoogle rocks. i typed "grub bug uec"13:42
smoseroops13:42
smoserwrong one13:42
Davieybug 61346313:42
hggdhheh13:42
uvirtbotLaunchpad bug 613463 in eucalyptus "[10.10 - Alpha 3 (candidate)] Prompts misleading grub dialogs during UEC Node installation." [High,Confirmed] https://launchpad.net/bugs/61346313:42
hggdhnow13:42
bcompanyone here use zoneedit?13:43
bcompfor dns13:43
bcompor does anyone know anything about dns13:44
bcompin general13:44
hggdhDaviey: I am uploading the logs to lp:~hggdh2/uec-qa13:45
hggdhit seems most of the instance starts after a while failed on IP allocation13:46
Davieyhggdh, OK.. that sounds good.. I suspect that can be fixed reasonably trivially by upstream..13:47
hggdhbcomp: your best bet is to ask your question, and wait for someone to chime in13:47
hggdhDaviey: right-o. As long as thy are interested in it13:47
bcompthing is i don't really know where to start with the whole thing13:48
bcompi made a dns zone and linked it to a domain name, but i have no idea how to get my webserver connected to it13:48
thesheff17bcomp: you need dns on the domain to point to a web server www.google.com -> ip.13:49
thesheff17bcomp: usually you do this on your isp...godaddy etc.13:50
bcomphow do i make it do that?13:51
bcompohhh jk i totally didn't notice one of the settings13:52
=== mquin_ is now known as mquin
hggdhDaviey: bug 613832 opened14:08
uvirtbotLaunchpad bug 613832 in eucalyptus "Cannot mark address as allocating[unallocated.false->allocated.true] when it is assigned.true:" [Undecided,New] https://launchpad.net/bugs/61383214:08
=== guntbert_ is now known as guntbert
Davieyhggdh, Good bug!  Can you add it to the call agenda please?14:42
hggdhDaviey: will do. Mind reminding me where the agenda is?14:54
hggdhDaviey: Evo bit the dust again here :-(14:55
Davieyhggdh, Sorry.. frantically looking for something else14:56
hggdhDaviey: NP, got Evo back. For now ;-)14:57
Daviey:)14:58
hggdhDaviey: I added the 3 high/critical we have for v2.0, plust a tinyurl for euca bug ordered newest-first15:16
Davieyhggdh, you rock15:16
hggdhI hope this will give us what we need15:17
ssureshotanyone ever have issues with samba not cleaning up the print queue in /var/lib/samba/printing ? The windows queue never lets go of the print job15:19
smoseri15:33
smoseri'm out for an hour or so. will be back later.15:33
ttxhggdh, Daviey up for a coordination Mumble, before the call ?15:34
Davieyttx, yes15:34
SpamapSDaviey: will you guys be discussing the monitoring stuff?15:41
DavieySpamapS, Hmm - Dimitri is on leave this week.. he is the best person to be disucssiong it with15:42
DavieySpamapS, If i arrange a call for Monday - would you like to join?15:42
SpamapSDaviey: I think not actually, I just want to make sure its being pushed. Seems rather late to be adding a feature, even if it is just a tab that displays an html file of our choosing.15:43
jdstrandkirkland: hi!15:46
kirklandjdstrand: hi!15:47
kirklandjdstrand: you going to BB Rovers today?15:47
jdstrandkirkland: two questions for you: a) if I have logged in with my encrypted HOME (ie, $HOME is mounted), how can I see what encrypted filename a particular path is using (eg /home/jamie/tmp maps to /home/.ecryptfs/jamie/.Private/? and b) can I specify to *not* do filename encyption via adduser/pam configuration?15:49
jdstrandkirkland: re BB Rovers> I'm going to try, but may not be able to15:49
kirklandjdstrand: okay, i won't be there;  i'm in montreal right now15:50
kirklandjdstrand: here's what i do ....15:50
kirklandjdstrand: chmod 123 path/to/unencrypted/foo15:50
jdstrandheh15:50
jdstrandsneaky15:50
kirklandjdstrand: find $HOME/.Private -perm 12315:50
kirklandjdstrand: yeah :-)15:50
kirklandjdstrand: turns out perms 123 are pretty rare :-)15:51
jdstrandyeah :)15:51
kirklandjdstrand: as for turning off filename encryption, you can do that by deleting the 2nd line from $HOME/.ecryptfs/Private.sig15:51
kirklandjdstrand: (back up that file, first)15:51
kirklandjdstrand: i'm not sure how encrypted, and non-encrypted filenames in the same structure behaves right now15:52
Dark-Sunhello people15:52
jdstrandkirkland: tyhicks mentioned that it should just start using unencrypted from that point forward, but it would be mixed15:52
Dark-Suni tried to run an instance of ubuntu 10.415:52
jdstrandkirkland: iirc15:52
Dark-Sungot this error15:52
Dark-SunFinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.15:52
jdstrandkirkland: but that is untested by me15:53
GeekSquidSo, I borked my desktop by trying to install UEC, currently chrooted to it from live disk, ... How to fix, ... the error I get when I try to boot is 'eucalyptus-network (lo) main (755) killed by TERM signal' ... any quick fixes or workarounds to stop whatever is loading from freezing the system during boot, or should I go with an apt removal????15:53
jdstrandkirkland: I know that rtg hopes to look into the filename length issue with tyhicks, but it might be worthwhile to make turning it off configurable via pam or something... my two cents15:54
kirklandjdstrand: yeah, i'm very excited about rtg helping fix this15:54
jdstrandkirkland: anyhoo, thanks for the tips and have a good time in montreal :)15:54
kirklandjdstrand: you bet15:54
Dark-Sunany idea about uec's deploying vm error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.15:55
Dark-Sunttx: i just following ur yesterday link, in deploying an instance of "ubuntu 10.4" got this error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.15:58
Dark-Sunttx: oppss! forgot to say hello!15:58
ttxDark-Sun: looks like you don't have enough resources on your Node controller to run the type of instance you're asking for16:00
ttxlike, no node controller at all16:00
GeekSquidSorry, somehow I lost connectivity, repeat if anybody responded16:01
Dark-Sunttx: yes, it's probably true, cause it's on a virtual box.16:01
ttxDark-Sun: riught -- it doesn't really work on virtualized hardware.16:01
thesheff17Dark-Sun: on UEC you could edit a file on the node to adjust how many virtual machines it would run.16:01
Dark-Sunttx: how can i find out if NC is detected by CLC or not16:01
ttxgtg, sorry16:02
Dark-Sunthesheff17: nice, but it's my first VM!16:02
thesheff17Dark-Sun: sorry don't know much about virtual box...can you confirm the node is connected.16:03
thesheff17or is it just running on localhost?16:03
Dark-Sunthesheff17: that's right! everything is on my localhost.16:04
Dark-Sunthesheff17: is pinging enough?16:04
thesheff17I'm assuming you are running virtual box on what hypervisor?16:05
thesheff17on kvm16:06
Dark-Sunthesheff17: sorry but i got a linux mint here, with CLC,CC,Walrus installed on a VirtualBox and a NC on another VirutalBox machine.16:07
Dark-Sunthesheff17: it's KVM by default i guess16:08
* Dark-Sun hates cloud(s)! 16:09
thesheff17Dark-Sun what does kvm-ok say?16:09
=== [IA]Zealot_ is now known as [IA]Zealot
Dark-Sunoh w8 a minute, i didn't installed anything about kvm on my client!16:09
Dark-Sunwhat was that package name?16:10
Dark-Sunsorry16:10
Dark-Sunyeah! it was qemu-kvm16:11
thesheff17apt-get install kvm libvirt-bin python-virtinst virt-manager virt-viewer kvm libvirt-bin ubuntu-vm-builder qemu bridge-utils16:11
Dark-Sunthesheff17: thanks bro, it's on installing now ;)16:12
thesheff17Dark-Sun: you should also bridge eth0 to br016:13
Dark-Sunthesheff17: yep, i guess it's done automatically on the NC16:13
thesheff17Dark-Sun ah ok16:14
Dark-Suncause i got a br0 with a different ip address range there ;)16:14
=== robbiew1 is now known as robbiew
Dark-Sunthesheff17: problem persists! shall i do a restart?16:24
Dark-Sun:(16:25
thesheff17try to create a virtual machine with virt-manager16:25
Dark-Sunthesheff17: no idea how 2 do it16:27
Dark-Sun:(16:27
thesheff17Dark-Sun bring up a terminal and just type virt-manager16:28
thesheff17Dark-Sun it is a front end GUI for kvm.16:29
Dark-Sunthesheff17: yep, it's right here16:29
Dark-Sunthesheff17: humm... now i'm connected.16:32
Dark-Sunhow to install the operating system?16:33
thesheff17Dark-Sun: once connect you can create machines based on iso or cd-rom16:34
thesheff17Dark-Sun the first icon is to create a virtual machine.16:34
Dark-Sunthesheff17: yep, but how should i install images which i've installed on the cloud?16:35
thesheff17Dark-Sun: oh virt-manager doesn't support that16:37
thesheff17Dark-Sun: Does virtual box even?16:37
Dark-Sunthesheff17: no man! my cloud is deployed on VirtualBox16:38
thesheff17Dark-Sun: oh ok16:38
Dark-Sunthesheff17: alright, thanks 4 help anyway16:38
thesheff17Dark-Sun: try kvm-ok if that output is good then your virtual box isn't connected correctly to localhost16:39
Dark-Sunthesheff17: here's output: INFO: Your CPU supports KVM extensions INFO: /dev/kvm exists KVM acceleration can be used16:40
thesheff17Dark-Sun: yea then you are good...I would look at virtual-box config.  Also try to create a new vm with virtual box.  Maybe that is what you are trying to do when you get that error, but I have seen that error on UEC.16:41
Dark-Sundeamn! it's a crazy uec!16:48
Dark-Sunsending SIGTERM... bye every116:54
=== bastidrazor is now known as bastid_raZor
zulSpamapS: alot of the test suite has been fixed in 5.3.3 i think17:44
SpamapSzul: rhe-he-heeeaallly17:45
therobotHi, I am having problems setting hostname (ubuntu 10.04), see this gist: https://gist.github.com/984bc6c15ea9abf84ba418:04
therobotI can't make hostname -f return the fqdn of the machine18:06
wieshkahi - i have question about networking on my ubuntu for my virtual servers, runned on kvm - i am going to set up bind name server on my base system, what gives each virtual host a name, so in that way i am going to handle what connection goes where - un front of my server i have router with NAT.18:15
wieshkawill this idea/workaround work for me18:15
wieshkaor i have to make tap netwrking on bridges18:15
wieshka?18:15
Dark-Sunhi people18:31
Dark-Suni'm going insane! i run eucarc script, but euca-describe-availibility-zone returns: EC2_ACCESS_KEY environment variable must be set. Connection failed18:32
Dark-Sunany guru 2 help?18:34
=== wieshka_ is now known as wieshka
hggdhoh hasty people18:40
uvirtbotNew bug: #613940 in euca2ools (main) "euca-terminate-instances returns success on bogus input" [Undecided,New] https://launchpad.net/bugs/61394018:41
SpamapSwould somebody who has a running eucalyptus please be so kind as to post their /var/run/eucalyptus/nc-stats file somewhere?19:01
SpamapSmathiaz: is rrdtool failing to build because libdbi isn't in main yet?19:04
hggdhSpamapS: http://pastebin.ubuntu.com/473637/19:04
SpamapShggdh: :) thank you19:09
=== wieshka_ is now known as wieshka
thesheff17!ruby19:20
thesheff17any reason ruby hangs on 10.04?19:21
SpamapSthesheff17: its not hanging, thats its normal processing time19:23
thesheff17nm it is fine19:23
SpamapSthesheff17: ruby devs get lots of cups of coffee. ;)19:24
thesheff17SpamapS: the book just had # and I was used to python showing something :)19:24
thesheff17SpamapS: thx19:25
TohuwI have an Ubuntu server and two machines, one Windows and one Ubuntu Desktop. How do I setup the server so that it can ping these machines by their hostnames?19:33
TohuwIt's probably worth mentioning that the server is functioning as a DNS server right now, so it has all those packages19:34
cloakableTohuw: DNS with what server?19:41
cloakableTohuw: It's fairly simple with DNSmasq19:42
papertigersTohuw: you need to setup dns files19:47
papertigersTohuw: are you using bind919:47
papertigersthesheff17: ruby? are you setting up puppet19:49
thesheff17papertigers: yea I'm slowely going through the book19:52
papertigersI really want to learn UEC and puppet19:52
MTecknologyYou guys have any idea what could be going on here? http://dpaste.com/225392/ I'm working, working working, NOT working. The ethernet seems to just randomly die. I don't know where to look other than dmesg.19:54
thesheff17MTecknology: did you mess with the /etc/hosts file at all?19:56
MTecknologythesheff17: some- I added   10.41.0.5 dev.site.com19:57
thesheff17MTecknology: you have all the ip6 stuff in there?19:57
MTecknologythesheff17: ya19:58
thesheff17hmm..weird19:58
MTecknologyI'm not outside of considering bad hardware19:58
thesheff17MTecknology: yea if you can't think of anything crazy setup with the nic it may be.19:59
thesheff17MTecknology: does it have another port on the server?  I would try that one and see if you get the same results.20:00
MTecknologythesheff17: this is just a desktop20:01
MTecknologythesheff17: I wish I had another nic.. I might just pick one up20:02
papertigersMTecknology: they are cheap20:06
MTecknologypapertigers: if you have any amount of money they are20:08
papertigersMTecknology: I wish I had any amount of money20:12
MTecknologypapertigers: me too20:12
SpamapSI remember back in the day when I had a box of old NIC's20:14
=== dendro-afk is now known as dendrobates
mathiazSpamapS: right20:17
mathiazSpamapS: at least libdbi is now pulled into main20:17
mathiazSpamapS: http://people.canonical.com/~ubuntu-archive/component-mismatches.txt20:17
mathiazSpamapS: ^^ it shows up in the list20:17
mathiazSpamapS: once the MIR approved an archive admin can process it20:17
SpamapSmathiaz: such a tiny little library. ;)20:17
mathiazSpamapS: once libdbi is in main then rrdtool needs to be rebuilt20:18
SpamapSmathiaz: we're soooo close. ;)20:18
SpamapSmathiaz: so I've given up on getting collectd into main. I refactored eucalyptus's ganglia script to work for ganglia or munin..20:19
mathiazSpamapS: we've got until october to fix it :)20:19
mathiazSpamapS: ok20:19
SpamapSmathiaz: I really hope we can spend the next two months being fire inspectors and not fire fighters. :-D20:19
mathiazSpamapS: next UDS we can discuss it again20:19
SpamapSmathiaz: I think collectd is the right way to go. I'm just not crazy about dumping it in so close to the FF when everybody is way over taxed and munin gets the job done for now.20:20
* mathiaz nods20:20
SpamapSIf somebody needs to build a UEC w/ > 100 nodes.. I'll stay up all night helping them get collectd working for it. :-D20:21
* mathiaz reminds SpamapS that this channel is archived and logs are available publicly *forever*20:21
hggdhsmoser: I remember you had a similar problem, have you seen bug  613969?20:21
uvirtbotLaunchpad bug 613969 in libvirt "Uninformative libvirt error message when a virtual disk source is unavailable" [Undecided,New] https://launchpad.net/bugs/61396920:21
SpamapSmathiaz: every party needs a pooper thats what we invited you for20:22
smoseri have no problems.20:22
mathiazSpamapS: lol20:22
hggdhoh boy, TMI...20:22
smoseryou must be thinking of someone else20:22
smoser:)20:22
hggdhsmoser: probably... I am getting confused nowadays... ;-)20:22
smoseri'm looking, though, just a minute20:23
SpamapSso I actually did my changes to the 'extras/ganglia.sh' script in eucalyptus.. so its effectively 'ganglia_or_munin.sh' now .. I wonder, will eucalyptus accept this as a patch, or will we have to continue maintaining it forever?20:26
smoserhggdh, that bug is just bad error messages20:27
hggdhSpamapS: we can hope they will20:27
smoseri dont know that i've seen this explicilty, most of the time my libvirt issues are around app armour20:27
hggdhsmoser: ah, OK.20:27
smoserhggdh, i triaged that to 'triaged' and 'wishlist'20:30
mathiazSpamapS: it seems that there are still some local changes in the bzr branches that are not in the upstream release tarball: http://paste.ubuntu.com/473672/20:31
mathiazSpamapS: ^^ - re ceph packaging20:31
android60is it better to have the ubuntu on a different drive than data drives? or does it matter?20:32
SpamapSmathiaz: now why doesn't mine detect those?20:33
SpamapShm20:33
SpamapS>:20:33
mathiazSpamapS: how do you detect them?20:34
* SpamapS branches anew20:34
mathiazSpamapS: lsdiff won't work20:34
mathiazSpamapS: yeah - you probably wanna do that20:34
mathiazSpamapS: start from scratch20:34
mathiazSpamapS: 1. import official 0.21 release tarball20:34
mathiaz2. copy over patches and debian/20:34
SpamapSmathiaz: well first I want to figure out why yours sees changes, and mine does not20:35
mathiazSpamapS: are you using a maverick system/chroot to build the source package?20:35
mathiazSpamapS: the message I've pasted is part of the source build log20:36
SpamapSmathiaz: a maverick pbuilder yes20:36
SpamapSsbuild is still too scary for me. ;)20:36
mathiazSpamapS: :) - I'm also using bzr bd20:36
mathiazSpamapS: http://paste.ubuntu.com/473677/20:37
mathiazSpamapS: ^^ this is the full build log from the bzr branch to the source pacakge20:38
SpamapSmathiaz: http://paste.ubuntu.com/473678/20:38
SpamapSmathiaz: just checking the source build.. I get no differences20:38
SpamapSmathiaz: md5sum your orig tarball20:38
smosermathiaz, ping20:39
SpamapSclint@ubuntu:~/pkg/ceph/bzr/ceph-new-pkg-2$ md5sum ../ceph_0.21.orig.tar.gz20:39
smoserfor a native package:20:39
mathiazSpamapS: 3799fa5c51f092de2878fbcccc2bd71a20:39
SpamapS9ecbaf9975aa4d2afcaa2f14e8d21e73  ../ceph_0.21.orig.tar.gz20:39
SpamapSAHA20:39
mathiazsmoser: o/20:39
smoser0.14-0ubuntu1 or 0.14ubuntu120:39
smoseri believe the second20:39
SpamapSmathiaz: http://ceph.newdream.net/download/ceph-0.21.tar.gz20:39
mathiazSpamapS: yes - that's the one I've downloaded20:39
SpamapSmathiaz: and yet, our md5sums are different?20:40
mathiazSpamapS: http://ceph.newdream.net/download/ceph-0.21.tar.gz20:40
SpamapSI jsut re-wgot it   9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz20:40
SpamapS9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz.120:40
mathiazSpamapS: hm - let me retry20:41
SpamapSmathiaz: remember, I was a little concerned about the carelessness in licensing? I think Sage may be a little bit loose w/ names and versions... so maybe there are two ceph-0.21.tar.gz files running around20:41
mathiazSpamapS: ok - I fixed my problem20:43
mathiazSpamapS: it was using the .orig file from the build-area/20:43
SpamapSmathiaz: that one bit me earlier too20:43
mathiazSpamapS: and the .orig. that was in the parent directory got overwritten20:43
mathiazSpamapS: yeah - it's not the first time20:43
SpamapSmathiaz: I went through and cleared out all ceph*.tar.gz's and started over. :-P20:44
mathiazSpamapS: we should probably file a bug against bzr-builddeb against that20:44
mathiazSpamapS: :)20:44
SpamapSmathiaz: I don't know if they can do anything short of md5sum'ing every time20:44
mathiazSpamapS: well - I would start by putting files in *one* place only20:44
mathiazSpamapS: I don't see the reason for keeping files in both .. and ../build-area/20:44
SpamapStrue, just symlink it20:45
SpamapSis there a way, in a .install file, to create a symlink?20:45
smosermathiaz, did you see my question above? which is correct for native packaging version. 0.14-0ubuntu1 or 0.14ubuntu120:46
mathiazSpamapS: you wanna use pkg-name.links20:46
SpamapSmathiaz: ahh perfect. :)20:46
mathiazsmoser: 0.14ubuntu120:46
smoserthanks.20:46
mathiazsmoser: sorry for not answering right away20:46
smoserno problem . just htought you missed it.20:46
smoserdo you know if there is something i can do that would make 'dch -i' do that ?20:46
mathiazsmoser: native packages are packages that don't have a revision - just an upstream version20:47
smoseri'm hoping something i could check in that would stick with that branch checkout20:47
mathiazsmoser: I don't know20:47
mathiazsmoser: native packages are quite unusual20:47
mathiazsmoser: what's the name of the package?20:47
smosercloud-utils20:47
smoserthe problem is that someone does a checkout, then 'dch -i' and they get the wrong numbering.20:48
mathiazsmoser: is there a reason why you wanna use a native package?20:48
smoserthere are lots of reasons to use native packages :)20:49
smoserthere is no point in releasing a tarball is the primary reason20:49
mathiazsmoser: fair enough20:49
smoserhm... 'man dch' indicates that it should do the right thing. "or, if this is a native Debian package, the version number."20:50
smoserbut it doesn't20:50
smoserhm.. or maybe it does.20:50
smoseranywya, htanks for the clarification, mathiaz20:50
mathiazSpamapS: what's the state of https://code.launchpad.net/~clint-fewbar/ubuntu/maverick/cloud-init/glusterfs-mount-example/+merge/29490?20:52
smoserdustin merged that into upstream cloud-init.20:57
kirklandsmoser: hope you don't mind ...20:58
smoseri missed it in my latest upload of cloud-init20:58
kirklandsmoser: was trying to clean out some email backlog;  looked harmless20:58
smoseri would have picked it up if it were a native package :)20:58
kirklandsmoser: go native, dood20:58
smoseryeah, its harmless. just doc, which is fine.20:58
SpamapSRight so it should be status = merged20:58
kirklandcolonel kurtz style20:58
smoserdone.20:59
smosermerged20:59
smoserso, i have work to do in the next couple days in cloud-init, so i'll get that into the ubuntu package too.20:59
smoserSpamapS, just an fyi, the example you give wont work for lucid21:00
therobotsorry to ask again, what is the proper way to set a fqdn on ubunt 10.04 ? thanks21:00
SpamapSsmoser: right, because of the issue w/ mount?21:00
smoseras for why, see last comment: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/61330921:00
uvirtbotLaunchpad bug 613309 in cloud-init "upstart scripts do not wait for 'cloud-config' status" [Undecided,New]21:00
smoserwhat is the mount issue ?21:00
SpamapSsmoser: its the one you fixed, isn't it?21:00
smoserhm... i forget.21:01
smoserwhat i fixed21:01
SpamapSyeah it was a while ago21:01
smoserbut in lucid, the runcmd isn't guaranteed to run after packages are installed21:01
smoser:-(21:01
SpamapSmounts were only being respected for device names21:01
jbernardkirkland: byobu: Cannot make directory '/var/run/screen': Permission denied21:01
smoserbut on maverick they it will.21:01
jbernardkirkland: i just started to see this21:01
SpamapSsmoser: well thats just annoying. ;)21:01
kirklandjbernard: lucid?  or maverick?21:01
smoseryeah, stupid parrallelism21:01
SpamapSWhy isn't the whole cloud-config run in one serial process?21:01
jbernardkirkland: lucid, ppa, 3.1-0ubuntu1~ppa421:02
smoserbecause, didn't you know ? parallel is better!21:02
smoser:)21:02
smoserin maverick, it does run serial. and the user can even modify the order if my chosen order is not sufficient for them.21:02
kirklandjbernard: dpkg -l screen21:03
jbernardkirkland: 4.0.3-14ubuntu121:03
jbernardkirkland: /var/run is on tmpfs21:04
jbernardkirkland: i remember seeing this before, but haven't in a while,  are others seeing this?21:04
smoseryou're seeing bug https://bugs.launchpad.net/ubuntu/+source/screen/+bug/57477321:04
uvirtbotLaunchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix committed]21:04
jbernardah ha21:04
smoserthere is a fix.21:04
smoserbut its not in -proposed or -updates... kirkland what is your feeling on that ? loic kind of nixed it21:05
smoseror suggested that it should be nixed.21:05
smoseri think it is very low risk SRU21:05
uvirtbotNew bug: #613999 in openvpn (main) "openvpn is started after samba (smbd, nmbd)" [Undecided,New] https://launchpad.net/bugs/61399921:05
kirklandjbernard: i think that's https://bugs.edge.launchpad.net/ubuntu/+source/screen/+bug/57477321:06
uvirtbotLaunchpad bug 574773 in screen "Cannot make directory '/var/run/screen': Permission denied (convert init to upstart)" [Medium,Fix committed]21:06
smoseris there an echo in here, kirkland ? :)21:06
kirklandsmoser: i just pasted a response to loic ...  we could add a mount/grep/sleep loop, that waits until /var/run is mounted21:06
smoseryeah, cause that would be cleaner21:06
kirklandsmoser: you found it faster than me ;-)21:06
smoser:)21:06
kirklandsmoser: yeah;  i like the upstart job21:06
=== unreal_ is now known as unreal
kirklandjbernard: can you test the fix in -proposed?21:07
kirklandjbernard: and note in the bug if that fixes your problem?21:07
smoserthe awesome bar is awesome. folks that have jumped to other browsers don't get it. i just type 'bug screen' and then tab.21:07
jbernardsure, it's a race against /var/run being mounted, now?21:07
jbernards/now/no21:07
smosernot mounted21:08
smosercleaned21:08
smoserso, kirkland, your fix wont work.21:08
smoserthe 'wait til mounted'21:08
SpamapSkirkland: I'm wrapping up the finishing touches on making eucalyptus munin-friendly .. collectd seems to be a long shot at this point. I'll propose a merge as soon as I've tested it out, but if nothing else, it graphs NC/SC/Walrus stats using the ganglia plugin eucalyptus puts out (patched for munin) ...21:08
smoserthe problem is that screen's sysvinit job sets up /var/run and then some other upstart job comes through and cleans out /var/run21:08
SpamapSsmoser: ew!21:09
smoserbut, kirkland, the patch you have in comment 13 is wrong21:09
smoserit will never run21:09
SpamapSSeems like there need to be some fences between classes of upstart jobs21:09
smoserthere is no job 'filesystems'21:09
smoseror... no event.21:09
smoseryou would want 'filesystem'21:09
kirklandsmoser: yeah, that was fixed in maverick21:10
smoseroh. ok.21:10
kirklandsmoser: let me see what landed in -proposed;  i think i fixed it before it uploaded21:10
SpamapSmathiaz: I'm about to head ot lunch. Whats the status on ceph?21:10
kirklandsmoser: hmm, hasn't been accepted to proposed yet21:11
smosernow that i'm thinking about it.. i have to read this again21:11
ScottKzul: Is it you or SpamapS that's going to prepare the php-imap update for 5.3.3?21:11
* SpamapS spots the bus coming, and prepares to judo-throw zul21:12
smoseri'm wrong about cleaning21:13
smoseri think21:13
ScottKSpamapS or zul: uw-imap is FTBFS on armel due to build system regressions, so please version the build-dep so it doens't risk getting misbuilt.21:15
smoserso, there is no cleaning of /var/run, its a tmpfs mount point. and the problem is that screen's job was running befre that is mounted (sometimes). so its work gets mounted over.21:16
smoseri'm not really sure what does the mount21:16
jbernardsmoser: that's what i was thinking also21:16
=== dendrobates is now known as dendro-afk
jbernardsmoser: what about adding 'local_fs' to Required_Start for /etc/init.d/screen-cleanup ?21:19
SJrHmmmm I'm trynig to get autofs to work with 10.04, but it doesn't seem to work anymore. I'm following this guide: http://www.tjansson.dk/?p=84, but I only seem to get this error in the logs: automount[6907]: syntax error in nsswitch config near [ syntax error ]21:19
smoserjbernard, i dont think it would fix it.  in ubuntu, i could be wrong, but i dont think those lsb headers do anything.21:20
smoseri retract my statement to kirkland though i think the "while ! grep -q /var/run /proc/mounts && sleep 1; :; done" style wait would work fine21:23
SpamapSsmoser: wouldn't start on filesystem handle that as well?21:24
RoyKanyone here that knows about btrfs progress?21:24
RoyKit'd be nice to have something like zfs lite :รพ21:25
smoserSpamapS, yes, it would.21:25
smoserthe suggestion of the sleep and grep is to not do an upstart job, but remain sysvinit21:25
smoseras loic suggested he didn't like the conversion to upstart in an SRU21:25
FunnyLookinHatI'm having some issues with the copy of libfaac in the repos ( 10.04 ) - is there a way that i can tell what version is in the repos ?21:26
jbernardsmoser: is that fix currently in -proposed?21:27
smoseri see no indication of that.21:27
Black_Prince!info libfaac21:27
ubottuPackage libfaac does not exist in lucid21:27
smoserbut kirkland said it was.21:28
FunnyLookinHat!info libfaac021:28
FunnyLookinHat???21:28
Black_Prince!info libfaac021:28
ubottulibfaac0 (source: faac): an AAC audio encoder - library files. In component multiverse, is optional. Version 1.26-0.1ubuntu2 (lucid), package size 59 kB, installed size 152 kB21:28
FunnyLookinHatAh ok21:28
papertigersI need to try this ubuntu font21:38
bahamas10papertigers: its closed-source and proprietary21:38
papertigersbahamas10: I wish, i hope i have to go to windows update to get it21:39
bahamas10papertigers: it should prompt you with the update after you reboot twice.. don't forget your serial key21:40
kirklandjbernard: smoser: its not been accepted into proposed yet21:45
kirklandsmoser: yeah, that would be the easiest and most appropriate fix for lucid, probably21:46
kirklandsmoser: while/grep/sleep21:46
kirklandsmoser: i'll ditty up another package and upload to proposed, see if lool likes it any better :-)21:46
smoseri think you should push on the upstart job being the correct thing.21:47
smoserand even ask mr Keybuk to read it.21:48
smoserthat is the right solution21:48
smoseras the sleep grep ... would fail if for some reason /var/run is not on its own filesystem21:48
smoser(it will be in all of lucid unless modified by the user, but still)21:48
smoseri see now, /lib/init/fstab is what tells mountall to mount /var/run as a tmpfs21:49
wieshkahow can i install ACPI on ubuntu ?21:50
kirklandsmoser: i have asked keybuk REPEATEDLY to review that script21:53
lavishhi all. I've put a script into /etc/cron.hourly/ but it doesn't seem to be executed. Cron is running according to `service cron status'. Am I missing something?21:53
guntbertlavish: did you make it executable?21:54
lavishsure21:54
lavishroot@studenti:/backup# ls -l /etc/cron.hourly/21:54
lavishtotal 421:54
lavish-rwxr-xr-x 1 root root 243 2010-08-05 20:53 backup.sh21:54
mathiazSpamapS: looks good now - I've uploaded the ceph package to maverick21:54
mathiazSpamapS: it should be sitting in the NEW queue to be reviewed by an archive admin21:55
MTecknologythesheff17: http://profarius.com/content/secure-websites21:58
MTecknologythesheff17: not the 'best' article but I hope it's ok21:58
guntbertlavish: does your script start with a line #!/bin/sh ?21:59
smoserMTecknology, nice article.22:02
smoserthe time when I did something like this, I was playing with unionfs and jailing a root user (for testing, not entirely safe).22:02
smoseri'd chroot the user into a directory that had a unionfs mounted over the top of /.22:03
smoserso they could 'rm -Rf /' and see what would happen.22:03
smoseror 'rpm -e --force glibc'22:03
MTecknologysounds like fun22:03
MTecknologysounds like what i originally wanted but I think I'd prefer what I have now22:04
lavishguntbert: http://paste.pocoo.org/show/246526/ executed directly it works fine22:04
MTecknologysmoser: why jail root? what does that offer?22:04
MTecknologysmoser: btw - thanks22:05
guntbertlavish: use full paths for all executables you are calling (i.e /bin/bzip2)22:06
lavishguntbert: oky, let's wait ~1h ;)22:08
MTecknologySo.. If I want to specify a few cron tasks in a file, I can just put that file in /etc/cron.d/foo and it'll work like magic?22:08
MTecknologyI love simple22:09
guntbertMTecknology: look at the files in /etc/cron.d    -- they are crontabs22:10
MTecknologyguntbert: simple is awesome :D22:11
guntbertMTecknology: :)22:12
papertigerswho needs cron when you have the sleep command22:15
lavishguntbert: isn't anyway any log messages about failed cron scripts?22:22
lavishMTecknology: interesting post. I use hardened gentoo + grsecurity with an active RBAC policy on critical production servers22:24
lavishrbac is much simpler than selinux, really22:24
guntbertlavish: I'm not sure to be honest, if I remember correctly you can turn mails/logs on or off22:25
MTecknologylavish: I never looked at grsecurity much.22:25
lavishand it's simpler because the generated policy fits exactly your system, it's not developed by another company (like tresys ;)22:26
lavishMTecknology: give it a look22:26
lavishyou'll love it :D22:26
MTecknologynice22:26
MTecknologyhow much do you have to modify the default system to use it?22:27
lavishand most of the featuers of grsecurity come gratis. Only rbac needs some time to understand22:27
lavishMTecknology: nothing, it's not label based like selinux22:27
MTecknologylavish: spiffy22:28
MTecknologymaybe that'll be my next posting22:28
lavishMTecknology: if you need some help understanding rbac, feel free to hit me. I like mandatory control access systems a lot ;)22:29
MTecknologylavish: ok, thanks :)22:30
lavish(Oh, and apparmor will be merged into vanilla on 2.6.36. Canonical is just crazy. :P )22:30
lavishapparmor was left alone by novell. Then suse and ubuntu started switching from apparmor to selinux... and now what? Canonical developed apparmor in order to be included into vanilla... I don't really understand :P22:32
jdstrandlavish: ubuntu never switched to selinux22:32
lavishjdstrand: but it started to22:33
jdstrandlavish: we have selinux available for people to use22:33
jdstrandlavish: you are mistaken22:33
zulScottK: yes i know22:33
jdstrandlavish: we made selinux available to use, and continued to develop apparmor22:33
jjohansenlavish: actual its some what the same with suse, both are available to use22:33
jdstrandlike any technology, we reviewed the various MACs and found AppArmor to best fit with Ubuntu22:34
jdstrandand stuck with it22:34
lavishjdstrand: exactly, but for me starting to support selinux with apparmor abandoned by novell ment ubunt was starting to switch to selinux22:34
lavishI agree that apparmor fits ubuntu22:35
jdstrandlavish: I'm not sure how to respond to that. Ubuntu and Suse are different, and we make different decisions. at the time in question, we decided to stay with AppArmor22:36
jdstrandanyhoo, yea that apparmor is going upstream!22:37
* jdstrand continues to keep fingers and toes crossed22:37
jcastro\o/22:37
lavish:D22:37
=== dendro-afk is now known as dendrobates
ScottKzul: OK.  Just making sure.22:42
ScottKhttp://www.depesz.com/index.php/2010/08/05/how-to-make-sure-you-will-not-get-any-help-on-irc/22:49
lavishScottK: shit happens22:52
ScottKI've run into people like that myself.22:52
lavishScottK: I'm one of "like that" ppl, so stop bothering. Kthxbye.22:53
lavishj/k :P :P :P22:53
patdk-lapubuntu doesn't boot for me :)22:57
=== dendrobates is now known as dendro-afk
TohuwI don't have an "admin" group on my new ubuntu server install. I created one and added my user to it (echo "admin:x:119:ron" >> /etc/group) and then added "User_Alias ADMINS = %admin" using visudo, but I still cannot sudo as user ron. Why?23:07
patdk-lapdunno what visudo is23:09
patdk-lapbut how about editing /etc/sudoers23:09
patdk-lapand putting in like: %admin ALL=(ALL) ALL23:09
Tohuwpatdk-lap: "# This file MUST be edited with the 'visudo' command as root."23:10
Tohuw(from /etc/sudoers)23:11
patdk-lapheh, I never edit it with visudo :)23:11
patdk-lapnever knew visudo existed23:11
Tohuwpatdk-lap: hm. well, do I even need the user_alias line then?23:11
Tohuwor just the line you suggested23:12
patdk-lapI only have the line I said in mine23:12
Tohuwah, and it works. Thank you sir23:12
hggdhvisudo tries to make sudo survive a bad change -- like syntax error23:16
* patdk-lap should figure out why his ubuntu test server won't boot anymore23:16
patdk-laphangs doing some plymouth stuff23:17
patdk-lapall I did was add some ipv6 stuff into network/interfaces23:17
wieshkahey, is there somebody, who is using apache + mod_proxy ?23:17
Tohuw!anyone | wieshka23:17
ubottuwieshka: A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?23:17
wieshkaTohuw: :)23:18
wieshkathe problem is that i have only one IP address from my ISP, and i am ruuning severeal virtual machines on server, using the public bridge23:18
wieshkaso i have to route 80 port traffic for each vh23:19
patdk-lapall that, and we still don't know the question23:22
kirklandjdstrand: howdy!  do you know how to disable the virtio-balloon driver in libvirt?23:23
=== dendro-afk is now known as dendrobates
jdstrandkirkland: not otoh, no23:23
kirklandjdstrand: mkay23:24
jdstrand(I've never messed with it at all)23:24
kirklandjdstrand: do you know of a reason why libvirt would prevent you from assigning more than 16 cpus to a guest?23:24
kirklandjdstrand: the error i'm getting is about virtio balloon when i add the 17th cpu23:24
kirklandjdstrand: kvm alone can do -smp 17 just fine23:24
jdstrandsorry no-- I'd just compare the kvm invocations between the two. you might check kern.log to make sure libvirt isn't try to make some sort of an adjustment that is denied by apparmor23:25
=== dendrobates is now known as dendro-afk

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!