/srv/irclogs.ubuntu.com/2010/08/11/#ubuntu-server.txt

hggdh	Daviey: yes, it seems to work. I will run some tests now. There is still a problem there, though	00:07
wieshka	hey there - i have two physical interfaces - eth0 & eth1, next i have public bridge on eth0 with DHCP for my virtual servers, but eth1 is directly connected to internet with static IP	00:10
wieshka	how can i specifie default interface, and eth1<-->br1 also for one vh	00:10
Daviey	hggdh: oh?	00:14
hggdh	Daviey: keep in mind that we still cannot deploy a separate SC by itself	00:15
hggdh	Daviey: so Chis still has some work to do	00:16
Daviey	hggdh: I'm not sure that is a topology i ever tested in Lucid.. Are you sure that is a regression?	00:17
hggdh	Daviey: certain. I checked 3 topos: all-in-one, all separate, and (CLC+Walrus), (CC+SC)	00:18
hggdh	Daviey: all-in-one works (this is topo1)	00:19
deckie1	roger wilco.	00:19
Daviey	hggdh: deckie1 is Chris	00:19
=== deckie1 is now known as deckie
Daviey	deckie: Meet hggdh, Carlos :)	00:19
hggdh	oh, hi deckie	00:19
deckie	hggdh: hello.	00:20
hggdh	all-separate failed, but I did not test installing eucalyptus-cloud on the SC	00:20
hggdh	this was topo2, BTW	00:20
deckie	i will have a fix for this in a little bit. it looks like something that needs to be shared is not in a common-lib	00:21
Daviey	hggdh: Okay.. First - Is registration now seeming to be reliable?	00:21
hggdh	and topo3 -- (CLC+Walrus), (CC+SC) -- I just installed. It failed, and then I installed on the (CC+SC) eucalyptus-cloud, following a suggestion from deckie	00:21
hggdh	Daviey: I insalled two NCs, and they registered correctly	00:21
hggdh	but I will need some installs to confirm -- the problem was intermittedt	00:22
hggdh	ugh	00:22
Daviey	hggdh: Agreed.	00:22
Daviey	hggdh / deckie: I need to go afk.. but i'm planning an upload (my) early tomorrow with the latest from the euca devel branch. hggdh, if you want to keep me updated i'll take on board what you say in the bug reports.	00:24
hggdh	Daviey: ack	00:25
deckie	Daviey: roger. thanks for your time.	00:25
CppIsWeird	just for a sanity check, the following command "diff -drq /dir1 /dir2" ensures that dir1 and dir2 are identical byte for byte, right?	00:25
hggdh	deckie: I will run some basic tests now. Are you aware that volumes are consistently failing to attach?	00:26
deckie	hggdh: yeah. sudo vs. euca_rootwrap if i understand right. we are working on a fix asap.	00:27
hggdh	deckie: actually, no, different issue, it seems	00:28
hggdh	deckie: bug 615646	00:29
uvirtbot	Launchpad bug 615646 in eucalyptus "cannot attach a volume to an instance" [High,New] https://launchpad.net/bugs/615646	00:29
deckie	hggdh: yessir, that is the one i had in mind. looking again though.	00:29
hggdh	deckie: the rootwrap issue I bypassed by adding a new entry in /etc/sudoers	00:29
deckie	hggdh: tgtd is running?	00:29
hggdh	deckie: IIRC, it was	00:30
hggdh	I will recheck on it one my first tests sequence is done	00:30
hggdh	deckie: the error is here: 20:39:23 ERROR [SystemUtil:pool-8-thread-1] com.eucalyptus.util.ExecutionException: sudo tgtadm --lld iscsi --op show --mode target --tid 1 error: tgtadm: can't find the target	00:31
deckie	hggdh: ok. please let me know how it goes.	00:33
hggdh	deckie: will do	00:33
deckie	hggdh: it may still be a permissions issue. the version w/ euca_rootwrap will be on lp shortly.	00:37
deckie	hggdh: also, might it be an apparmor issue?	00:38
hggdh	deckie: I did not see any messages from audit, but I also did not look closely... I will check	00:39
deckie	hggdh: if it takes alot of time/effort it may be easier to wait for the euca_rootwrap fix to pass qa on our side and get pushed to lp	00:39
hggdh	deckie: we do not have time, feature freeze is looming	00:41
hggdh	tomorrow we wee have to take a position	00:41
deckie	hggdh: it will be on LP in an hour or so?	00:41
hggdh	k	00:42
=== oubiwann-away is now known as oubiwann
hggdh	deckie: first run completed, 101 instances, 1 failure (I do not think it is an euca failure), so we are, pretty much, shining here	00:52
hggdh	deckie: I will run a volume allocation now, and check for audit failures	00:52
Daviey	deckie: How is the whitelisting for euca_rootwrap adoption getting on?	00:59
hggdh	deckie: I was wrong -- eucalyptus-sc does not come up even with -cloud installed on the same machine. The CC works, though.	01:20
hggdh	deckie: so I cannot test volumes on this distributed topology	01:21
hggdh	Daviey: IIRC, deckie told me that it is already in, and should be on next revision (1222?) in a few	01:21
hggdh	minutes	01:21
Iceman_B	HELP	01:28
Iceman_B	im getting a "ubuntu can't have a partition outside the disk" while installing	01:29
Iceman_B	and neither the back or continue buttons do anything :/	01:29
Daviey	hggdh: ack	01:30
Iceman_B	whats going on and how do I fix this?	01:30
deckie	hggdh: I am not seeing the same issues w/ the SC that you are. can you post the logs for the machines somewhere?	01:31
hggdh	Daviey: I already uploaded them to lp:~hggdh2/uec-qa, latest revision	01:32
hggdh	Daviey: revision 29	01:33
hggdh	deckie: ^	01:33
hggdh	sorry	01:33
deckie	hggdh: thanks, sorry i was afk'd	01:33
hggdh	deckie: no prob. I will have to be afk for the next half-hour	01:33
Daviey	deckie: Also, Is there any news on kees's euac_rootwrap getting merged.. The licencing issue should be OK	01:35
deckie	Daviey: it should be on lp shortly i'll circle back w/ more info in a bit	01:36
Daviey	deckie: super.. i'd love to drop our one :)	01:37
Daviey	afk	01:37
wieshka	Problem: i have server running ubuntu lucid, and so i also have 4 virtual servers on it running on KVM. Server has 2 ethernet ports - eth0 & eth1. eth0 is connected to my LAN (it is also connected to internet), and eth1 is connected directly to ISP with static ip configured. (my ifconfig: http://wieshka.pastebin.com/fn80SEFS, and here is my interface configfile: http://wieshka.pastebin.com/ZsSqDfed). What i need - the base system and 3 of virtual ser	02:00
wieshka	are in LAN over eth0, and one my virtual server is directly connected to internet over eth1.	02:00
wieshka	as you can see - i made bridges	02:00
wieshka	but something is wrong	02:00
wieshka	becouse none of my virtual server has now internet connection	02:00
wieshka	and no DHCP adreses assigned to virtual servers over br0 (dhcp enabled, passing QEMU inbuilt DHCP)	02:01
ChmEarl	wieshka, paste url's have extra wxxshka - remove it	02:11
uvirtbot	New bug: #616151 in qemu-kvm (main) "Buffer I/O Errors with emulated usb disk image" [Undecided,New] https://launchpad.net/bugs/616151	02:11
wieshka	ChmEarl: its from my auto paste script	02:13
ChmEarl	wieshka, I see the pastes now	02:14
ball	Can Ubuntu server boot from a software RAID array?	02:15
wieshka	ball: no problem	02:16
ball	wieshka: Thanks	02:16
wieshka	ball: i use RAID 1 + LVM + GRUB	02:16
* ball isn't familiar with LVM		02:16
wieshka	ball: you even can make array while installing during setup	02:17
ball	wieshka: I may give that a try, now.	02:17
wieshka	ball: LVM is easy	02:18
ball	'easy' doesn't tell me what it does ;-)	02:18
wieshka	so make RAID autodetect partitions, then configure RAID, then setup a LVM and easaly configure it	02:18
ball	...though I can guess	02:18
ball	Does booting from software RAID require lvm?	02:19
wieshka	no ball, LVM just gives you extra flexibility	02:19
wieshka	if you are going to make several partitions	02:19
wieshka	for example you have a 500 Gb disk	02:19
wieshka	make just 30 Gb partition for system for example	02:20
wieshka	later if you need - you can extend it	02:20
* mase_wk loves lvm		02:20
* wieshka same here		02:20
wieshka	i am using LVM for virtual servers	02:20
mase_wk	yep me too	02:20
mase_wk	backing up has never been easier.	02:21
wieshka	mase_wk: hmmm, what virtualization you use ?	02:21
mase_wk	i have some Xen boxes, mainly KVM these days	02:21
wieshka	mase_wk: basicly backups with img fails are easier :)	02:21
wieshka	but partitions gives some dozen of performance	02:21
wieshka	write/read	02:21
wieshka	i am using Enterpirse seagate disks	02:21
wieshka	sata on SAS controler :)	02:22
wieshka	mase_wk: i have problem with my KVM	02:22
wieshka	ok - i havent slept for a more than day and a half, so my brain .......	02:22
mase_wk	heh	02:22
wieshka	mase_wk: how good are you in KVM networking ?	02:22
mase_wk	so what issue are you having with KVM?	02:22
mase_wk	thats a fairly open ended question...	02:23
wieshka	mase_wk: my server has two physical ethernet ports - eth0 & eth1	02:23
wieshka	so ..... eth0 is for base system and for 3 guests - like a public bridge	02:23
wieshka	how can i connect last - 4 guest directly to eth1, what haves static ip	02:24
wieshka	i made similar to public bridging, new bridge (br1) on eth1 interface	02:24
wieshka	but now - all my guests are lack of internet :)	02:24
wieshka	so something is wrong	02:24
mase_wk	yeh ok so your most of the way there	02:24
wieshka	so what i skipped ?	02:25
mase_wk	so on your KVM host you still have a default gw set up right ?	02:25
wieshka	yeah	02:25
wieshka	maybe ifconfig, /etc/network/interfaces, route output needed?	02:25
wieshka	to figure out ?	02:26
mase_wk	so in theory you just need to make sure each guest is using the appropriate bridge	02:26
wieshka	in theory :)	02:26
mase_wk	so long as they each have seperate mac addresses	02:26
wieshka	in theory i understanding :)	02:26
wieshka	but something i messed up - and i am stuck for 2 hours already	02:26
mase_wk	then make sure that in each guest that /etc/networking/interfaces actually referes to the correct IF	02:26
mase_wk	as if you use something like virt-clone	02:27
mase_wk	you will find that it sets up eth1 ,eth2 etc..	02:27
mase_wk	rather than eth0 which is the default in /etc/networking/interfaces	02:27
wieshka	hmmm, i dint understund you ....	02:27
mase_wk	make sure in each guest, that if you do ifconfig -a that the appropriate interface is set up correctly in /etc/networking/interfaces	02:28
mase_wk	brb	02:28
wieshka	hmmm .... then question - why my guests - who already worked (network) is now without internet becouse i connected second interface	02:29
wieshka	mase_wk: hmmm .... then question - why my guests - who already worked (network) is now without internet becouse i connected second interface	02:34
wieshka	mase_wk: whats wrong with your network connection ?	02:42
wieshka	:)	02:42
mase_wk	nothing, i'm messing with KDE	02:42
wieshka	mase_wk: - is there something wrong - i supouse no - http://wieshka.pastebin.com/0ZkTW6JA	02:45
wieshka	it is my interface file for my server	02:45
mase_wk	that looks fine, pastebin your libvirt config and also the /etc/network/interface for your guests	02:46
wieshka	now guests working	02:47
wieshka	so just stays to configure	02:47
wieshka	one guest to that physical interface	02:47
wieshka	so i have eth1 & br1 - i using manual/static IP adres for it	02:47
clusty	curious if one can boot an ubuntu from a raid (hardware raid).	02:48
patdk-lap	clusty, yes, why wouldn't you?	02:48
wieshka	clusty: i prefer software, but why you cant ?	02:48
patdk-lap	the whole point of a hardware raid is it looks just like a normal hardrive	02:48
clusty	patdk-lap: for one, how can grub read it's menu.lst, or how it's called now	02:48
patdk-lap	clusty, why would it need to?	02:49
patdk-lap	it's just a normal drive	02:49
patdk-lap	there is nothing special about hardware raid	02:49
patdk-lap	now software raid is special	02:49
wieshka	clusty: hardware raid gives you a single hard disk	02:49
ball	clusty: Yes, you can boot Ubuntu from hardware RAID	02:49
clusty	thought it needed the kernel module	02:49
patdk-lap	cause now grub has to know how it works	02:49
clusty	for the card	02:49
wieshka	use as simple disk	02:49
ball	wieshka: it gives you the illusion ofa single hard disk	02:49
ball	(assuming a small array)	02:49
patdk-lap	clusty, that is what the hardware raid bios is for :)	02:49
patdk-lap	now linux will bypass the bios, then you need a drive	02:50
patdk-lap	driver	02:50
clusty	patdk-lap: thanks. i am receiving my disks tomorrow and was wondering how it will all work out	02:50
patdk-lap	what raid card?	02:50
clusty	intel	02:51
patdk-lap	should be overly well supported then :)	02:51
clusty	it sees the module.	02:51
patdk-lap	the hardest issue I have with hardware raid, is to get good raid stats from it	02:51
patdk-lap	so I can monitor the health	02:51
clusty	the intel fukards are not giving the utils in deb format	02:52
clusty	just rpm	02:52
patdk-lap	that shouldn't be hard to install	02:52
clusty	i have yet to screw around with alien to get em working	02:52
patdk-lap	unless it's only in i386 and you need x64	02:52
clusty	the CD came just with 32	02:52
patdk-lap	heh, forget the cd	02:52
patdk-lap	see if you can download them	02:52
clusty	i struggled just to flash to latest FW	02:53
patdk-lap	normally the cd is a year or more out of date	02:53
clusty	try 3 :D	02:53
clusty	the initial bios was 2007	02:53
clusty	and new is 2010 version	02:53
* patdk-lap has been having fun with ldirectord		02:54
patdk-lap	I've just about got it fully ipv6 away now :)	02:54
clusty	what's that?	02:54
patdk-lap	aware	02:54
patdk-lap	things that I can't do with ipv6 in it seems to be limited to ping and mysql	02:55
clusty	patdk-lap: what raid controllers do you use ?	02:58
wieshka	mase_wk: i have to configure static IP address in guests interface file ?	02:58
mase_wk	yes	02:59
mase_wk	or configure your dhcp server to hand out the correct ip	02:59
wieshka	hmmm - can i give mac address the same as it is for my eth1 interface	03:00
wieshka	my ISP has attached to my physical IP address	03:00
wieshka	so i supouse the problem is there	03:00
wieshka	my ISP isnt giving ip address for my guest over bridge	03:00
patdk-lap	adaptec 2130, adaptec 2200, adaptec 2110, perc5, perc6, 3ware	03:00
wieshka	becouse there aperas my guest address - is that possible ?	03:01
wieshka	eth1 mac address is ignored	03:01
clusty	patdk-lap: i got a 3ware for the company a while back	03:01
wieshka	thats the way how bridge should work, i am correct ?	03:01
wieshka	so i need to spoof mac addres	03:01
clusty	support seemed nicer than my intel: the tools had decent install scripts - no packaging system	03:02
mase_wk	erm your mac address should be younique	03:08
mase_wk	unique	03:08
mase_wk	each guest needs a different mac address, usually specified from within the hosts' libvirt definition	03:09
wieshka	mase_wk: hmmm - how can i make it with out bridge	03:10
wieshka	there should be option	03:10
wieshka	to configure directly to physical interface	03:10
=== unreal_ is now known as unreal
wieshka	mase_wk: hmmm - why this does not works ? :) <interface type='direct'>	03:20
wieshka	<source dev='eth1' mode='vepa'/>	03:20
wieshka	</interface>	03:20
mase_wk	i don't think thats how you define a bridged network	03:24
mase_wk	you don't have a 'direct' interface	03:24
mase_wk	if you want a single guest to use a single interface , and only that interface is used by that guest	03:25
mase_wk	ie PCI passthrough	03:25
mase_wk	you need VTd support	03:25
mase_wk	otherwise if you have multiple guests to 1 interface you need a bridge	03:25
clusty	patdk-lap: still around?	03:28
patdk-lap	ya	03:28
clusty	any stripe size recommendations ?	03:29
clusty	for raid	03:30
patdk-lap	depends what you use it for	03:30
ball	clusty: try different settings and see what works best for you. I default to one track per stripe	03:30
ball	...but testing is important.	03:30
* patdk-lap wonders how ball calculates out a size of a track, since drives haven't had tracks forever		03:31
clusty	what are tracks to start with?	03:31
clusty	FS block size ?	03:31
patdk-lap	na	03:31
ball	patdk-lap: they have fake tracks these days.	03:31
patdk-lap	:)	03:31
patdk-lap	these days they are made like cd's, one very long track	03:32
patdk-lap	I forget if they have, or are going to go to the whole laserdisk method	03:32
patdk-lap	read/write parallel tracks at the same time	03:32
patdk-lap	I think they are	03:32
ball	patdk-lap: I doubt that's what they do now, though it's certainly possible with a voice coil.	03:35
ball	Not that it would matter to the system software anyway, it's just an array of sectors.	03:35
patdk-lap	well, I know what they used they where talking about parallel, but I really wasn't interested in how, at the time	03:35
ball	Let's see if I can learn how to do a software RAID on Ubuntu Server	03:36
patdk-lap	oh, that is easy :)	03:36
* ball wonders why "Chicago" would be listed as a time zone. That makes no sense to me.		03:36
patdk-lap	it's not	03:37
patdk-lap	it's listed as one of the largest citys in that timezone	03:37
* patdk-lap is annoyed that NYC is always listed, but not Wash D.C.		03:37
ball	It's not clear to me whether I'm supposed to create partitions of some sort before creating the RAID array, or whether I should create the RAID array from "Free space".	03:41
ball	What does Ubuntu expect me to do?	03:41
mase_wk	raid is a disk level thing	03:42
mase_wk	you need to set up raid first	03:42
mase_wk	then partition	03:42
ball	mase_wk: usually yes, but with software RAID?	03:42
mase_wk	then filesystem	03:42
patdk-lap	software raid you can do it either way	03:43
mase_wk	i imagine so. you probably need a single boot partition somewhere	03:43
ball	Ah, I see a "physical volume for RAID" option in the "Partition Disks" dialogue	03:44
patdk-lap	that is what the usb drive is for :)	03:44
Roxyhart0	hi there i would like to block p2p with iptables, sombody know the command line, also somebody is using patch-o-matic for that?	03:47
patdk-lap	roxy, you know that is a lost cause?	03:48
Roxyhart0	what is the lost cause block p2p?	03:49
clusty	patdk-lap: can't do l7 or ipp2p ?	03:49
* ball tinkers		03:49
clusty	unless it's ssl enabled torrent :D	03:49
patdk-lap	torrent doesn't do ssl	03:49
patdk-lap	but it does do md4 hashing, making l7/ipp2p useless	03:50
Roxyhart0	if i want to block any port over 3000 per example andopen just the port that i need?	03:51
Roxyhart0	what about it? http://bby.com.pl/linux-router/blocking-p2p-software-string-module/	03:51
clusty	patdk-lap: what i do wonder: my isp does DPI. they can somehow classify my torrent traffic	03:52
clusty	curious how	03:52
clusty	they throttle me down for everything they cannot figure out ?	03:52
patdk-lap	they normally do it by bandwidth analysist	03:53
Roxyhart0	somebody as listen about path-o-matic to block p2p?	03:56
=== unreal_ is now known as unreal
X32	how would I change the command line font?	05:28
jmarsden	X32: man setfont # This might do what you want, I'm not 100% sure	05:40
robertpayne	Easy way to delete lines out of a text file that match grep?	05:49
qman__	robertpayne, grep -v stufftoremove /path/to/file > file2; mv file2 file1	06:03
robertpayne	qman_: thanks :) I found it .. should've googled first was kind a stupid question	06:03
Roxyhart0	somebocy have a good doc to install ipp2p in ubunut?	06:20
Roxyhart0	ubuntu	06:20
=== freeflyi1g is now known as freeflying
alex88	hi, how is possible to scroll up in screen?	06:44
twb	^A[	06:44
uvirtbot	twb: Error: Missing "]". You may want to quote your arguments with double quotes in order to prevent extra brackets from being evaluated as nested commands.	06:44
Callum__	heh uvirtbot	06:45
alex88	it's ctrl-a escape	06:45
alex88	:)	06:45
Callum__	^A	06:45
uvirtbot	Callum__: Error: "A" is not a valid command.	06:45
Callum__	^help	06:45
uvirtbot	Callum__: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.	06:45
Callum__	^commands	06:46
uvirtbot	Callum__: Error: "commands" is not a valid command.	06:46
Callum__	wut	06:46
Callum__	what is then! =P	06:46
DexterLB	I have two machines running ubuntu server. Could you recommend some benchmark process I can run on both and see which performs better?	07:20
alex88	DexterLB: hardinfo has some tests, like fibonacci, md5 etc	07:24
DexterLB	alex88: thanks	07:24
DexterLB	I'll try it	07:24
alex88	DexterLB: or this http://www.tux.org/~mayer/linux/bmark.html	07:24
alex88	or this ftp://pi.super-computing.org/Linux/super_pi.tar.gz	07:25
robertpayne	qman_: shame the -B and -C don't work with -v :(	07:28
twb	alex88: that's what I said	07:33
twb	DexterLB: what resource(s) do you want to benchmark?	07:34
alex88	twb: about the ctrl-escape?	07:45
alex88	i've just seen ^A[	07:46
xampart	morning	07:46
alex88	xampart: morning	07:47
DexterLB	why is sudo so dead slow?	07:56
mase_wk	DexterLB: slow ?	07:58
mase_wk	how long does it take ?	07:58
DexterLB	like when it needs to ask for a password it waits 5sec or so before asking	07:59
DexterLB	is that some security measure?	07:59
twb	DexterLB: before prompting for the password?	07:59
DexterLB	yeah	07:59
twb	Do you have root?	07:59
DexterLB	oh?	08:00
DexterLB	i thought it was impossible not to have	08:00
twb	I mean, do you, DexterLB, have administrative privileges on this host	08:00
DexterLB	yup	08:00
DexterLB	it does work	08:00
DexterLB	but it takes some time	08:00
twb	OK, pastebin the output of egrep -v '^[[:space:]]*(#\|$)' /etc/sudoers	08:00
DexterLB	it is as it should be	08:02
DexterLB	Defaultsenv_reset	08:02
DexterLB	rootALL=(ALL) ALL	08:02
DexterLB	%sudo ALL=(ALL) ALL	08:02
DexterLB	%admin ALL=(ALL) ALL	08:02
DexterLB	oops	08:03
DexterLB	pastebin :D	08:03
DexterLB	sorry	08:03
twb	OK.	08:03
twb	Now do the same for nsswitch.conf and /etc/pam/common*	08:03
twb	Also lsb_release -a	08:04
twb	Er, /etc/pam.d/common-*	08:04
DexterLB	system rebooting	08:05
DexterLB	kernel upgrade	08:05
DexterLB	will have to wait a bit	08:05
twb	OK	08:05
DexterLB	http://dexterlb.pastebin.com/VLn4hm5a	08:08
DexterLB	i never understood regex	08:09
DexterLB	what does that thing mean	08:09
DexterLB	'^[[:space:]]*(#\|$)' that is	08:09
joschi	DexterLB: any string starting with any number of whitespace characters (space, tab, ...) or none, followed by a hash sign (#) or endline ($).	08:11
joschi	it basically filters out any comments and empty lines of a file	08:11
DexterLB	o	08:12
=== oubiwann is now known as oubiwann-away
=== oubiwann-away is now known as oubiwann
apw	o	08:50
robertpayne	ugh is there any reason SSH key authorization wouldn't work out of the box ubuntu? I've installed id_rsa.pub into ~/.ssh/authorized_keys on the server and have it locally in ~/.ssh/id_rsa chmoded properly too	08:56
Daviey	robertpayne: use ssh -vvv user@host .. the verbose info will likely provide some clue	09:00
robertpayne	debug2: we did not send a packet, disable method	09:01
robertpayne	hmm	09:01
joschi	robertpayne: check /var/log/auth.log and maybe raise the log level of your sshd	09:02
robertpayne	joschi: ok I'll try that	09:02
joschi	robertpayne: also check, if the user has a valid login shell and the permissions on ~/.ssh/ are correct	09:02
joschi	they should be 0700 on the directory and 0600 on the files inside it	09:03
=== oubiwann is now known as oubiwann-away
robertpayne	ya	09:03
robertpayne	Authentication refused: bad ownership or modes for directory /root	09:05
_ruben	ssh as root? eww	09:05
robertpayne	I turn it on then back off as I do large amounts of changes requiring sudo	09:06
robertpayne	heh "root" didn't own /root	09:06
KE1HA	Opps :-0	09:06
robertpayne	not sure how that happened.. thx joschi for the auth.log tip	09:07
_ruben	ouch	09:07
robertpayne	_ruben: and I completely agree root login = bad. I'm just working on my dev box right now and have days of work to do on it so avoiding hassle of passwords	09:08
=== oubiwann-away is now known as oubiwann
twb	Just use NOPASSWD and sudo -i from a trusted less-privileged account	09:09
_ruben	indeed	09:09
robertpayne	I see so create a user with no password and run like "ssh user@domain -p port 'sudo -i'"	09:11
Jimmyx	hi, wanna ask, i'm looking for some user-friendly howto build mail server.. maybe with postfix/dovecot/mysql for multiple domains.. any suggestions?	09:12
twb	Jimmyx: apt-get install ubuntu-serverguide	09:12
robertpayne	Jimmyx: if you'd like I can give you some shell scripts & conf files that are pretty much out of the box ready for a postfix/dovecot over SSL	09:13
Jimmyx	robertpayne: sounds good... if you dont mind :)	09:14
KE1HA	Hello All, Is there a 10.04 Server Manual in PDF that we can DL v.s. using the Wiki pages ?	09:24
robertpayne	twb: by NOPASSWD do you mean set the root user to have no password for sudo -i from the less privelged account?	09:31
twb	robertpayne: no, I mean set your %sudo user to have NOPASSWD: in /etc/sudoers	09:31
twb	i.e. "sudo foo" never prompts you	09:32
robertpayne	twb: ahh so the account could sudo root without typing in a pass	09:32
twb	Right.	09:32
twb	So really you're just as insecure from attackers, but at least you won't fat-finger stuff as often.	09:33
robertpayne	twb: true...	09:33
robertpayne	Assuming it'll still prompt for su	09:36
twb	Uh, sudo -i	09:36
robertpayne	gah yea sorry	09:36
bdrung	hi, can a member of the server team have a look at the sponsor request bug #378240?	09:38
uvirtbot	Launchpad bug 378240 in xen-3.3 "Please merge xen-3.4 (3.4.0-2) from debian unstable" [Wishlist,Confirmed] https://launchpad.net/bugs/378240	09:38
uvirtbot	New bug: #616257 in openldap (main) "package slapd 2.4.21-0ubuntu5.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/616257	10:26
AtomicSpark	WTB ubuntu-server metapackage which gives me /exactly/ whats on the ubuntu server cd to fix crazy vpn hosts like linode. <3 Cookies for all!	10:52
alex88	you mean vps	10:55
alex88	well linode prices are crazy	10:56
huats	morning	10:59
alex88	where i can see the list of servers to use with apt?	11:11
alex88	i mean official repositories	11:11
twb	alex88: archive.ubuntu.com and XX.archive.ubuntu.com, where XX is your two-letter country code.	11:12
alex88	twb: thank you..de.archive.ubuntu downloads at 74kbyte/s...	11:13
twb	Good ISPs and universities will also provide secondary/tertiary mirrors.	11:14
joschi	alex88: https://launchpad.net/ubuntu/+archivemirrors	11:14
alex88	those are what i'm searching..	11:14
alex88	joschi: thank you :)	11:14
twb	In Debian there's a machine-parsable text list, which apt-spy uses to pick the nearest/fastest.	11:15
twb	I don't think that's available in Ubuntu :-/	11:15
alex88	there is on ubuntu desktop..	11:15
alex88	dunno on server	11:16
twb	alex88: yes, but that's built into synaptic or whatever	11:16
twb	Something like automagic like cdn.debian.net that automagically resolves to a good local mirror would be ideal.	11:16
joschi	alex88: ubuntu and ubuntu server use the same package sources. the only difference is the default installation	11:16
alex88	joschi: i know..but on ubuntu desktop you've "select best server" in synaptic...as twb said..	11:17
twb	GUIs are for chumps	11:18
alex88	;) right	11:19
alex88	https://launchpad.net/ubuntu/+mirror/ftp.halifax.rwth-aachen.de-archive how can i see if it has also other reps, not only main?	11:20
twb	alex88: apt-get from it	11:20
alex88	oh..just change sources.list and try :)	11:20
twb	Or browse their mirror in dists/lucid/	11:21
joschi	alex88: or you just take a look at the mirror yourself. -> http://ftp.halifax.rwth-aachen.de/ubuntu/dists/lucid/	11:21
joschi	alex88: any way, all mirrors in the list have main, universe and multiverse	11:21
twb	I'd just add a fast mirror first, then put XX.a.u.c and/or a.u.c below	11:22
twb	It'll then try the fast mirror and fall back to the complete mirror	11:22
notlistening	Hi running a virtualbox server that can accept connection on static ip but not make out going connections like ping, but the web server services reqests	11:23
joschi	notlistening: icmp is not supported by the NAT type network adapter of virtualbox	11:23
notlistening	ah sorry it is bridged	11:23
notlistening	and I am starting is using vbpxtppls	11:24
notlistening	*vboxtools	11:24
notlistening	I can even update the server so it is all goinging network traffic	11:24
notlistening	cnn't	11:25
twb	Maybe you aren't proxy ARP requests	11:26
alex88	also after changed reps still 70kbyte/s, and hoster says they not limit..i doubt..	11:26
notlistening	It has worked before :D	11:27
twb	I expect requests to/from the host OS work fine	11:27
notlistening	yes they work fine	11:29
notlistening	I checked that first	11:29
twb	So the guest can talk to the host?	11:29
notlistening	I can ssh into the machine, I can view webpages from it from different machines host and others	11:30
notlistening	the guest can't see the outside world or my internal network	11:30
twb	Uh, so the guest has no default route?	11:31
twb	I don't understand how these symptoms could occur	11:31
twb	What does iptables-save say?	11:31
notlistening	1 sec	11:31
notlistening	not installed	11:32
notlistening	could it be a virtualbox bug?	11:32
twb	Where did this disk image come from?	11:32
twb	If iptables-save isn't installed, you haven't done a normal ubuntu-server install	11:33
twb	(Where "installed" means "in root's $PATH")	11:33
alex88	oh...unattended upgrade was limiting to 70...-.-' noob	11:33
notlistening	It is the 10.10 server :D	11:33
twb	alex88: that's retarded	11:34
notlistening	and i did the most basic VM install	11:34
alex88	twb: i'm retarded :)	11:34
twb	QoS beats throttling	11:34
alex88	what you mean?	11:37
twb	Rather than limiting it to n kbps, just declare that it's bulk traffic	11:38
twb	QoS will then prioritize it below stuff like ssh	11:38
alex88	how do i set qos? btw, i was thinking that it limits just the automatic updates bandwith..	11:38
twb	With great difficulty	11:38
twb	Or throw shorewall at it, I guess	11:39
alex88	oh..no way..i have enough bandwith to not need to limit nothnig	11:39
twb	Then why did you limit it?	11:40
alex88	because i was thinking that it just limits automatic upgrades.. for the small time that i install something i have no bandwith problems..	11:41
notlistening	right my resolvconf it blank will that cause an issue for DNS?	11:43
twb	notlistening: /etc/resolv.conf should be populated by dhclient (DHCP)	11:44
notlistening	Well i am running with a static IP and DNS server has been set but i am just hunting for issues	11:45
Somoel	Hozsanna	11:48
Somoel	ikonia bruder ola	11:52
notlistening	Right i can now talk to my internal network	11:59
notlistening	DNS is the issue now	11:59
notlistening	fixed at the moment :D	12:03
Somoel	drupal? No! Never! Joomla better! Joomla forever!	12:09
Jeeves_	cmsmadesimple++	12:10
Somoel	website baker the better cms	12:10
Somoel	ola Jeeves bro'	12:11
twb	All PHP needs to die	12:13
twb	And all CMSes and all web apps in general	12:13
jpds	twb: Django?	12:13
twb	jpds: I'm not a fan of Python by any stretch, but it can't be any worse than what people do with PHP	12:14
hggdh	Daviey: good morning	12:18
* Daviey recently had a horrific experience with Joomla!.. I'm still too traumatised to go into it		12:18
Daviey	hey hggdh !	12:18
hggdh	Daviey: I see you are full of energy ;-)	12:18
Daviey	hggdh: hah :)	12:18
* hggdh is half-asleept		12:18
twb	TBH I'm surprised none of our prisoners have suborned the CMS already	12:19
kim0	is the 10.04.1 to be released next Tuesday	12:19
Daviey	hggdh: good to hear..	12:19
Daviey	kim0: AIUI, that is the current plan. But as i'm sure you know, it's out when it's announced :)	12:19
kim0	hehe ok	12:19
jpds	I thought it was tomorrow?	12:20
kim0	has been pushed back	12:20
jpds	Noone informs the mirror admin that's been prepping things, I see.	12:21
hggdh	Daviey: Chris says he found the issue with Walrus/SC on distributed installs	12:21
Daviey	hggdh: Yes.. he has pushed a fix.. I thought there was one more pending - but perhaps that was just their internal results.	12:22
Daviey	hggdh: Merging what I have as we speak.. will push to PPA shortly.	12:22
hggdh	Daviey: cool, thanks	12:24
uvirtbot	New bug: #616310 in backuppc (main) "Realease package backuppc 3.2.0" [Undecided,New] https://launchpad.net/bugs/616310	12:31
patdk-lap	twb, it's not really that php is bad, it has it's problems and all languages do	12:41
patdk-lap	but it's just the type of programmers that are using it that are the issue	12:41
patdk-lap	and that will happen with any easy to use language	12:42
patdk-lap	same issues with perl, perl added all kinds of help and ways to protect against most of those issues, but people still don't use them, unless they know what they are doing	12:42
robertpayne	Is there a way to permit root login via limited ips?	13:43
Iceman_B	I just installed 10.04, but I was expecting bash to use colors. it doesnt, how do I set this?	13:47
alvin	Iceman_B: It's documented in a commented section in ~/.bashrc	13:49
Iceman_B	lemme check	13:54
Iceman_B	I dont have such a file	13:54
Iceman_B	I mean, an "ls -a" on my homedir doesnt show it	13:56
Iceman_B	can I just create a ~/.bashrc file? or wont that solve anything ?	14:02
joschi	robertpayne: you mean root login via ssh?	14:05
robertpayne	joschi: was going to be for rsync purposes I found out you just run rsync under cron as root and push to non-root account on other server	14:06
alvin	Iceman_B: You don't? You can copy the default .bashrc from /etc/skel/.bashrc	14:11
floown	hello	14:12
floown	I can't use imap in Kontact since the upgrade to KDE 4.5, what packet should I manually install?	14:12
alvin	floown: Wrong channel. Better ask in #kubuntu. (I can't confirm. Haven't upgraded yet.)	14:14
Iceman_B	alvin: will try, thanks	14:20
hggdh	Daviey: thanks for packaging the beast. It is already building, so I will test ASAP	14:23
ssureshot	morning ... I have set preservejobhistory No in my cupsd.conf but the cXXXXXX jobs are never removed.. whats happening here and what am I missing?	14:24
zul	ttx: feature freeze is tomorrow right?	14:32
ttx	zul: yes	14:32
zul	ttx: damn	14:33
=== localg0d is now known as Ximal
Iceman_B	alvin: I copied the .bashrc file from /etc/skel to ~ and logged out and in again, but no change	14:53
Iceman_B	bash still shows up grey	14:53
Iceman_B	im connecting through putty btw, if that makes any difference. it used to work tho	14:53
alvin	Iceman_B: That's normal. You have to change the default .bashrc first. uncomment a line there	14:53
alvin	Iceman_B: #force_color_prompt=yes	14:54
Iceman_B	I know, I did that too	14:54
Iceman_B	let me doubel check just to be sure	14:55
Iceman_B	oh and, how do I find out WHAT shell im actually using?	14:55
Pici	echo $SHELL	14:55
Iceman_B	force_color_prompt=yes <--- yup	14:55
Iceman_B	checks out	14:55
Iceman_B	it returns /bin/bash	14:56
Iceman_B	so thats cool too	14:56
Iceman_B	and vim shows up in colors, so its not putty	14:56
Iceman_B	im also missing a .bash_logout	14:57
Iceman_B	strange	14:57
alvin	.bash_logout can also be found in /etc/skel You probably created the user without copying files from skel, or with another shell.	14:59
Iceman_B	no idea really, I just installed 10.04, rebooted and logged in	14:59
alvin	Iceman_B: The default is no colored prompt. I just try to color it by uncommenting #force_color_prompt=yes. It works fine.	15:00
Iceman_B	alvin: ok well, either im doing something wrong, or that just doesnt work here	15:02
alvin	Iceman_B: Did you log out after uncommenting? (or sourced .bashrc?)	15:03
Daviey	hggdh: no problem.. It's landing in the archive shortly. :)	15:03
Daviey	hggdh: let me know how it turns out :)	15:03
alvin	Iceman_B: I don't think you need other packages than bash to have a colored bash prompt	15:05
Iceman_B	I did log out after uncommenting, and I have no clue what you meant by "sourced"	15:06
Iceman_B	im still qutie new to this	15:07
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
alvin	'source' is a built-in shell command. You can refresh your login files with it. (like type: $ source .bashrc instead of logging off and logging in again)	15:21
Iceman_B	ooh cool	15:23
Iceman_B	thanks	15:23
Iceman_B	I might try a system wide setting in a minute	15:24
CharlieSu	Anyone using Amazon's Elastic Load Balancer?	15:26
CharlieSu	Does anyone know if it is possible to create a security group that only allows Amazon's Elastic load balancers? I only want the ELB's to be able to access a group of servers to do health checks, but i don't want the rest of the world to be able to make requests. This is because I have a web layer, application layer and DB layer with load balancers infront of both my web layer and application layer. The web layer is	15:29
hggdh	Daviey: the SC still fails to start on a distributed deployment	15:35
ttx	hggdh: do the others start up ?	15:36
tvw	I am just setting up a linux server and now I need to setup postfix. I wonder which way I should go. I would have expected not to deal with postfix at all, since we have a separate mailserver.	15:36
ttx	CharlieSu: maybe on #ubuntu-cloud	15:37
tvw	Now I wonder, whether I make it a smart host or totally local.	15:37
hggdh	ttx: I will have to go back to topo2, I was running topo3. Chris sent me a note late last night stating he had found the issue on the separate topos	15:37
CharlieSu	ttx: thx	15:37
hggdh	ttx: and would give us a fix today	15:37
ttx	hggdh: I thought that would be included on the recently-uploaded one	15:37
=== oubiwann is now known as oubiwann-away
hggdh	ttx: 2010-08-10 22:36:19 deckie i found the problem that was preventing remote walrus/sc from working.	15:39
hggdh	2010-08-10 22:36:45 deckie i'll follow up with you tomorrow and dave, and the list later tonight	15:39
hggdh	the time is URC-5	15:40
hggdh	UTC-5	15:40
ttx	Daviey: ^how does this map onto your own work ?	15:40
Daviey	hggdh: Yes.. I understood there was going to be another upstream commit.. But perhaps i missunderstood deckie.	15:41
Daviey	I think he left it going through their internal continual integration testing stuff...	15:42
Daviey	which would automatically push to the branch.. That is how i understood it.	15:43
Daviey	So either i missunderstood, or it failed the test	15:43
=== oubiwann-away is now known as oubiwann
tucemiux_	"tunnelled clear text passwords" is secure, right? Basically, it means authenticating using a password as opposed to a key	15:43
hggdh	I do not know, at this time I was trying to sleep (so that I could get up earlier and test it	15:44
hggdh	Daviey, ttx: going now to topo2 (fully-separated) to confirm	15:47
Daviey	hggdh: Appreciated! :)	15:48
RyanP	I have a server with something wrong with it. Among other things, when i execute "sudo -i", I get three "Sorry, try again." messages, then "sudo: 3 incorrect password attempts", without ever being prompted for a password. Anyone know what's going on?	16:00
Pici	Well thats not normal.	16:04
Pici	RyanP: You mention that other things are wrong with it, do you suspect that its been rooted?	16:06
tvw	What sense does it make to use sudo on a server? I will never work there as a normal user and if, every command would start with sudo? I do not want to start a discussion but only a hint?	16:06
RyanP	Pici, Not ruling it out, but I don't think so.	16:07
thesheff17	#/join ubuntu-virt	16:07
Iceman_B	alvin: oh cool, after sourcing ~/.bashrc it works	16:09
Iceman_B	(except that my prompt is now green too, but meh)	16:09
Pici	RyanP: What if you just try to sudo a different command? Also, does sudo point to where you expect it? check which sudo	16:09
Pici	tvw: One of the quickest arguments is that by not having a root user (or rather, having a locked password), anyone who tries to comprimise the server needs to know both a valid username and a password, rather than just 'root' and a password.	16:11
RyanP	sudo is /usr/bin/sudo, which seems to have appropriate permissions and such. sudo anything (sudo bash or sudo ls for example) give the same error.	16:11
Pici	RyanP: And your user is in the admin group?	16:12
tvw	Pici: Thanks, that makes sense.	16:12
tvw	RyanP: or is your user in the group 'sudo'	16:13
Iceman_B	where can I read what exactly happens during the install? I want to get some more insight into Linux	16:13
RyanP	Pici, the user is in the admin group.	16:14
tvw	Another question: The installation cd assumes, that the machine is connected to the internet. This make the installation a bit painful, if no network is attached to the server. Is there a way to avoid, that setup is querying the network all the time. It causes a lot of delays.	16:17
masoncloud	quit	16:22
qman__	tvw, just skip network configuration during setup	16:23
qman__	press cancel on DHCP, then choose do not configure at this time	16:23
tvw	qman__: That's a weird procedure, but thanks.	16:25
qman__	well, a server without a network connection isn't very useful, so it's assumed you have one	16:31
qman__	but not configuring the network will speed up the install	16:31
hggdh	Daviey, ttx: separate install definitely is still broken. So I guess we are waiting on the additional patch from Chris	16:47
ttx	Daviey: we are still waiting for an additional patch ?	16:48
hggdh	Daviey, ttx: I am now going back to all-in-one, to test the rootwrap & volume creation	16:48
ttx	hggdh: sounds good	16:48
Daviey	hggdh: Yeah.. seems there was an issue.. Gonna try and get hold of someone now.	16:49
Pici	kim0: Thanks for updating the irc/channellist wiki page, I forgot about that.	16:50
kim0	Pici: no worries :)	16:50
uvirtbot	New bug: #616404 in munin (main) "package munin-node 1.4.4-1ubuntu1 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/616404	17:07
tvw	After installation I get errors: "fd0 read error", "no such disk". I use raid1 and installed grub into MBR.	17:15
tvw	the floppy disk is disabled in BIOS.	17:15
sponzor	hi. i have 2x 500gb, 1x 1tb. i want to do is raid 1. so that i would have 1tb=1tb raid. how to combine 2x 500gb	17:20
patdk-wk	raid0 :)	17:21
patdk-wk	then do a raid1 on the 1tb and the raid0	17:21
sponzor	will take that a lot of resorces of server? :P	17:22
patdk-wk	or, you may not want to do raid0, but do linear instead, to just concat the two, instead of striping them	17:22
patdk-wk	nope	17:22
sponzor	hmm linear? how to do that	17:23
patdk-wk	dunno, never done it	17:23
sponzor	:D	17:23
sponzor	than i will go with raid 0	17:23
patdk-wk	looks like instead of doing raid0, you just type linear	17:24
patdk-wk	the advantage of linear is if you really screw something up (like two of the drives fail)	17:25
patdk-wk	assuming one is the 1tb	17:25
patdk-wk	you could still recover half your data	17:25
sponzor	i will go with raid 0. ok i did raid 0. now i have 1tb lvm. i nead to do is that 1tb lvm will be raid not lvm.. ? how to do that. i m doinng fresh install...	17:27
patdk-wk	heh?	17:27
patdk-wk	why do you have lvm?	17:27
patdk-wk	what did you do?	17:27
patdk-wk	lvm is going slow things down :)	17:27
sponzor	lvm was automatic when i did raid 0	17:28
patdk-wk	I dunno if you can use the installation menu to give you what you want	17:28
patdk-wk	you should use lvm yes, but after you do the raid1	17:28
patdk-wk	I never setup mine using the installer so	17:29
sponzor	than i should install it on 1tb and make 2x 500 to 1tb and than to raid1 in the console after installation?	17:29
patdk-wk	don't think so	17:30
sponzor	hmm what should i do than? :P	17:30
patdk-wk	I normally just drop to console	17:30
patdk-wk	setup the raid	17:30
patdk-wk	then do the install	17:30
* patdk-wk is all about doing things manually though :)		17:30
sponzor	that is to hard.. its like gentoo then :P	17:31
patdk-wk	no it's not, I'm not waiting a week for it to build everything :)	17:31
sponzor	:P	17:31
uvirtbot	New bug: #616417 in mysql-5.1 (main) "AppArmor complains about missing local/usr.sbin.mysqld file" [Undecided,New] https://launchpad.net/bugs/616417	17:36
Tohuw	On my Ubuntu 9.10 server, I'm configuring DoveCot with LDAP as per http://wiki.dovecot.org/HowTo/DovecotOpenLdap and have a few questions... 1) In the example LDIF, what does the comment "# only necessary if you are NOT using 'bind' authentication" indicate? That the entire rest of the entry is not necessary, or just that stanza? I am using bind authentication for LDAP. 2) These will be virtual accounts. I see the global_uid and global	17:56
patdk-wk	bind authenication is nice	17:58
patdk-wk	it logs into the ldap server using the users name and password	17:59
patdk-wk	otherwise it logs in using whatever you want, then it checks itself that the username and password match what is in ldap	17:59
patdk-wk	second way is easier to configure ldap	17:59
patdk-wk	first way is faster, cause it is 1 lookup instead of 2 or more	17:59
Tohuw	patdk-wk: makes sense. Is it a security risk to allow for bind authentication, since this means any user could just log into the server? I'm guessing "no", because you want users in there to be able to login. The second question is: I will be using virtual names for my dovecot addresses (i.e. not every email address will link to a real user on the server). I suppose this means I DO need that stanza?	18:02
patdk-wk	security issue all depends on how insecure you configure your ldap :)	18:03
patdk-wk	I use bind, I want users to login, and users are restricted to only their own items	18:04
Tohuw	fair enough :)	18:04
patdk-wk	do need what stanza?	18:04
Tohuw	per the comment in the help doc I linked. Here's the excerpt (it's an example ldif): http://pastebin.com/mdvETEbK	18:05
Tohuw	I assume line 13 refers only to lines 14-18	18:06
Tohuw	or does it refer to the entire rest of the ldif?	18:06
patdk-wk	that is just creating an account, for dovecot to login to ldap with	18:07
patdk-wk	so if you don't use bind, you need it, if you use bind, it's not needed, but won't hurt	18:07
patdk-wk	the last two would be user accounts	18:08
ivoks	hm...	18:09
ivoks	it's missing posixAccount to be an 'account'	18:09
ivoks	without that objectClass it's not an account	18:10
ivoks	it's just an entry	18:10
patdk-wk	mine I only use, inetOrgPerson and posixAccount	18:11
ivoks	ah, i see what this is for	18:12
patdk-wk	for my webmail ones, inetOrgPerson, posixAccount, top, hordePerson	18:12
ivoks	in slap.conf read perms are given to cn=dovecot	18:12
patdk-wk	ya	18:12
ivoks	and then adds password	18:13
ivoks	it's a good tutorial	18:14
Tohuw	ivoks: I think so. I'm learning a good bit I didn't know about ldap and Dovecot. I've never had to setup a mail server from scratch with no "cheat scripts" before.	18:15
ivoks	oh, you haven't seen dovecot-postfix package? :)	18:16
Tohuw	ivoks: I've seen it, but I'm using Exim ;)	18:16
ivoks	it doesn't integrate with ldap	18:16
ivoks	why? :)	18:16
Tohuw	ivoks: it seems to offer the most robust featureset, and, frankly, I'm more familiar with troubleshooting it.	18:17
ivoks	fair enough	18:18
smoser	kirkland, ping me when you see this please.	18:23
patdk-wk	heh, I never setup mine even with an howto before	18:28
patdk-wk	I installed the dovecot-postfix last night though on 4 systems, in my demo lab	18:28
patdk-wk	cause I needed to test imap and smtp connections	18:28
Tohuw	patdk-wk: though some scoff at them, I really like Ubuntu's packages for so many setups. I wish I could have deployed 10.04 to this server, just for the "redmine" package. It would have saved me ~6 hours of work ;(	18:33
patdk-wk	well, I use the packages for quick tests	18:34
patdk-wk	half the time I end up compiling from source	18:34
Tohuw	yes, they're good for that. Especially because you can just purge them when you're done and poof, all gone (usually/sort of)	18:35
patdk-wk	I always poof the server :)	18:35
qman__	yeah, never run tests on a tainted server	18:35
qman__	the results won't be consistent	18:35
Tohuw	Unless you're replicating a tainted server environment you can't control ;)	18:35
patdk-wk	I wish these would install on ubuntu though	18:36
patdk-wk	http://www.percona.com/software/	18:36
patdk-wk	the mysql from there, really has issues with ubuntu	18:36
Tohuw	So many clients I have had the "pleasure" of working with are utterly horrified at the thought of actually rebuilding their server	18:36
patdk-wk	I can't install anything that uses mysql, after I install that, or ubuntu attempts to wipe it out	18:36
qman__	right, but you should make a copy of the server to mess with	18:37
qman__	not just mess with it	18:37
Tohuw	qman__: oh, I never test on production boxes themselves	18:37
patdk-wk	vm's are nice for that	18:37
Tohuw	I'm just saying, if you're going to run several very quick tests on relatively non-related software, you can just purge	18:37
patdk-wk	mirror production box	18:37
Tohuw	yes	18:37
patdk-wk	test :)	18:37
Tohuw	I'm transitioning our web and app server environments to Ubuntu Cloud servers. I'm in love	18:38
Tohuw	clone, clone, clone, destroy	18:38
Tohuw	whoosh	18:38
Tohuw	I remember when "virtualization" was what you did to "cluster". Right before "giving up" or "crying" or "getting seriously inebriated"	18:39
Tohuw	I think the worst setup I ever partook in was a clustered Exchange 4.x server. Suffice it to say the hostname of the dev boxen it was being tested on were clusterf*1 through clusterf**4 for a reason	18:40
patdk-wk	heh, oviously not exchange 2007 :)	18:41
patdk-wk	you need atleast 8 box's	18:41
Tohuw	and a small orbital space station	18:42
patdk-wk	I have a large postfix cluster	18:42
patdk-wk	then I have a small postfix cluster in front of exhcnage 2007	18:42
patdk-wk	I don't trust exchange to protect exchange	18:43
Tohuw	I don't trust exchange to exchange exchange	18:43
patdk-wk	I haven't had issues with exchange, only with outlook screwing u pthe mailbox's	18:44
Tohuw	Outlook is worse than exchange. I'd rather troubleshoot and work with Exchange than Outlook anyday	18:45
Tohuw	I despise Outlook	18:45
Tohuw	Okay back to working. Thanks for the help, as always	18:46
resno	im intersting in setting postfix for my offce to use for outgoing mail. how complicated is the setup?	19:06
patdk-wk	it can be as easy or complex as you want :)	19:08
patdk-wk	I've done them in <1hour, and some >3days	19:08
resno	i just want the office to be able to send emails through it	19:09
patdk-wk	the only real issue for using it for outgoing mail would be setting up your dns (forward and reverse) and spf records up correctly	19:09
resno	i found a tut and im going to try it out	19:09
resno	this coming from an office server with no domain, should it still work?	19:10
patdk-wk	nope	19:11
patdk-wk	unless you set it up to use a smarthost	19:11
patdk-wk	outgoing email servers must have proper manners, or no one on the internet will accept email from you :)	19:11
resno	then i would need to forward the emails through another machine essentially	19:11
qman__	I think anyone who has had to spend days recovering and merging PST files hates outlook	19:12
patdk-wk	qman, my boss has 26gigs of pst's :)	19:12
patdk-wk	all active and in use	19:12
qman__	yeah, my uncle is in a similar situation	19:13
qman__	over 20 gigs, had a hard drive fail	19:13
qman__	sent it to a place which recovered the files	19:13
qman__	but then he had another 2-3 gigs of new PST files	19:13
qman__	and wanted them merged together	19:13
patdk-wk	ya, I do that about once a year, just to clean the pst	19:14
trimeta	Interesting question: Is it possible to configure ssh such that a certain user can only log in if the remote computer is in a specified subnet?	19:14
Daviey	hggdh: New snapshot landing in the archive shortly	19:15
Daviey	(not ppa)	19:15
qman__	trimeta, you can firewall it, but not based on the user	19:15
patdk-wk	I think new ssh lets you, dunno if the lucid one is new enough	19:15
trimeta	qman__: Yea, I would like to only restrict this one user from logging in from arbitrary remote machines, not all users.	19:15
qman__	any particular reason for it?	19:16
strax	You could ask nicely ;)	19:16
patdk-wk	http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html	19:16
qman__	I'm thinking this could be easily solved by using keys instead of passwords for that user	19:16
patdk-wk	oh wait, that isn'tby ip :)	19:16
trimeta	The main reason is that I've got a relatively insecure account that I want my father to be able to use from the local subnet, but which can't be accessed from the wider internet. But there are other, more secure accounts on the system I do want to access from the internet.	19:17
qman__	yeah, that's easily solved with key-based authentication	19:17
qman__	just put the key on computers you want to give access	19:18
hggdh	Daviey: ack	19:18
trimeta	It would be, if I could teach him how to use keys...he's got WinSCP and PuTTY as his access programs.	19:18
qman__	nothing to teach, you just set it up once	19:18
qman__	the other good solution I know of is to use two different SSH servers	19:19
strax	You can set up PuTTy to automatically use a key, just save a "profile" or whatever Putty calls it	19:21
strax	And WinSCP just uses Putty	19:22
trimeta	Not the same install of PuTTY, though.	19:22
strax	What do you mean?	19:23
qman__	just use pagent	19:23
trimeta	Whatever, I'm going to try messing with /etc/ssh/sshd_config and see if that works.	19:23
qman__	there's nothing to do with subnets there, that's out of the scope	19:24
strax	In fact, using a key makes it even easier for your father since then he doesn't have to type a password	19:24
trimeta	Apparently not: the AllowUsers directive lets me say user@host.	19:24
qman__	that's not subnets	19:24
trimeta	Where"host" can be of the form "192.168.*"	19:26
trimeta	And I just tested it and it worked; from a remote machine, it wouldn't let me log in even if I used the right password.	19:26
trimeta	Anyway, thanks for the advice guys, even if I ended up going a different path.	19:30
regius	I wonder if this is possible? I'm trying with dhcp-helper but I have a problem getting ip on server:eth1 http://img153.imageshack.us/img153/5623/iprelay.jpg	19:48
=== RyanP_ is now known as RyanP
Iceman_B	regius: personally, I cant make heads or tails out of your diagram	19:58
Iceman_B	maybe its be though	19:58
Iceman_B	*me	19:58
Iceman_B	im usually big on diagrams	19:58
regius	I want a computer between my home router and my isp	19:59
regius	It is named server in the diagram	19:59
regius	The eth* beside the boxes are interface names	19:59
regius	and the boxes are computers	20:00
Iceman_B	yeah, I gathtered that much	20:00
Iceman_B	but what you are trying to accomplish, I didnt	20:00
regius	I want a "transparent" computer infront of my home router	20:01
regius	so my server will have a internet friendly adress, and my home router will altso have a internet friendly address	20:02
Iceman_B	IANA network wizard, but this sounds to me like you would typically need 2 public IP adresses	20:02
Iceman_B	one for your router and one for the transparent machine	20:03
Iceman_B	but I assume you want both to share the same ip ?	20:03
regius	I think so to	20:03
regius	No I want two different ip:s	20:03
Iceman_B	oh	20:03
Iceman_B	then call your ISP	20:03
regius	My ISP will grant 5 public ip	20:03
Iceman_B	okay, so thats covered	20:03
arrrghhh	regius, you'll need a switch before your router (sorry to jump in if that's already been addressed)	20:04
regius	arrrghhh: okey, why?	20:04
Iceman_B	really? I mean, if 2 different MAC's request a DHCP lease with his ISP, he should get 2 back, no ?	20:04
arrrghhh	well that depends	20:05
arrrghhh	what is your edge device	20:05
arrrghhh	cable modem? dsl router?	20:05
regius	A computer	20:05
arrrghhh	your edge device is a computer...?	20:06
regius	My brand new fit-pc2i :-)(	20:06
regius	:-)	20:06
arrrghhh	so it's a T1? what?	20:06
regius	Yes	20:06
regius	RJ45 connection in to my flat	20:06
arrrghhh	ok what does that T1 land on? it goes directly into a computer?	20:06
regius	Yes	20:06
arrrghhh	ok, this computer... how many ethernet ports are on it?	20:06
regius	2	20:06
arrrghhh	well then it should work	20:07
arrrghhh	uhm.	20:07
arrrghhh	wait	20:07
arrrghhh	nvm, it won't work. you need another nic.	20:07
regius	So i tought I need 3 public ip	20:07
regius	2 on the edge device, and one on the home router	20:07
Iceman_B	you need 1 IP per device that you want visible on the internet, and you need to make sure that all requests are sent to your ISP, instead of any device on your network	20:08
arrrghhh	well your edge router only has 2 nics. one nic is consumed from the connection coming in, so you only have one NIC out. therefore you can only hoook up your router or server.	20:08
regius	Right now I'm trying to do a dhcp-relay local on the edge device	20:08
arrrghhh	i'd just put a switch on that T1 coming into your flat	20:08
regius	True	20:09
arrrghhh	get a little 4-port switch. problem solved, anything going into that switch will get its own public IP	20:09
regius	Maybe that's the best way... But still can I have do a dhcp request on eth1 for the interface eth0	20:10
maswan	arrrghhh: rj45 sounds like ethernet, not t1	20:10
=== metcalfc__ is now known as metcalfc
arrrghhh	maswan, the plug is the same... the only difference is the shielding on the cable...	20:10
arrrghhh	you're splitting hairs	20:10
Iceman_B	my hairs are splitting too :(	20:10
arrrghhh	lol	20:11
regius	It is a bit expensive with a gigabit switch	20:12
arrrghhh	regius, is your bandwidth from your provider that high?	20:12
regius	Is it not possible to fix this with some dhcp-relays	20:12
arrrghhh	no clue	20:12
arrrghhh	never done it before	20:12
regius	No but I wan't gigabit between my home network and the server	20:12
arrrghhh	regius, so wait... where is your LAN? on the router?	20:13
regius	yes	20:13
arrrghhh	then that's where your bottleneck would be. is that gigabit?	20:14
regius	yes	20:14
arrrghhh	then you wouldn't have to worry about the switch	20:14
arrrghhh	it would only switch traffic going out to the internet	20:14
arrrghhh	assuming you landed that rj45 plug into your flat in that switch	20:15
regius	no the internet connection are comming in to the server with 2 interfaces	20:15
arrrghhh	yes, i'm talking about putting a switch in front of that.	20:16
arrrghhh	so you can have more public IPs	20:16
arrrghhh	is that not what you're trying to do?!?!	20:16
hallyn	jdstrand: plans on libvirt 0.8.2 or 0.8.3 merge? Do you have time for that?	20:16
regius	yes but without buying new hardware :-)	20:16
jdstrand	hallyn: I will be working on it this week	20:16
jdstrand	hallyn: Daviey asked about that last week	20:17
hallyn	jdstrand: awesome, thanks	20:17
jdstrand	it will be 0.8.3	20:17
arrrghhh	regius, well i'm not sure then. either you add another nic to your edge device, or get a switch. i'm not sure how else to solve it. not saying there isn't a way, i just don't know it ;)	20:17
regius	Why would I need 3 nic:s? 1 for internet and one for the router	20:18
hallyn	jdstrand: cool - between that and 0.12.5 kvm, we'll see if we get teh fast vm saves now!	20:18
arrrghhh	regius, i thought you had another device that needed a public ip. you're not being very clear...	20:19
regius	Sorry	20:19
maswan	arrrghhh: not really, the end equipment is very different	20:19
maswan	arrrghhh: plugging in a t1 into an ethernet switch won't do much good	20:19
maswan	also, a t1 is horribly slow	20:19
regius	I guessed that the edge device needed 2 public ip:s and my router 1 public ip	20:20
arrrghhh	maswan, again, splitting hairs. if it's going directly into his server, it'll probably work on a switch. it's probably not an actual t1, probably metro ethernet or something like that.	20:20
maswan	arrrghhh: if it is going to his server, it's definately not a t1	20:20
regius	It's a 10/10 connection	20:21
arrrghhh	maswan, agreed.	20:21
=== schmidtm_ is now known as schmidtm
arrrghhh	but that's not really the problem here!	20:21
arrrghhh	perhaps i'm just not understanding.	20:22
regius	I have activated ip forward on the server and right now I'm trying relaying the dhcp request with dhcp-helper -b eth0 -i eth1 -d	20:22
regius	I thing I'm doing a pore job explaining :-(	20:22
arrrghhh	ok wait'	20:23
arrrghhh	let's start at square one	20:23
arrrghhh	you're paying your ISP for 5 public IP addresses, correct?	20:23
regius	Yes	20:23
regius	(or it's included for everyone)	20:23
arrrghhh	those public IPs, are they static?	20:23
regius	No	20:23
arrrghhh	i would hope so	20:23
arrrghhh	ouch.	20:23
arrrghhh	well, that changes things and i can see why you're running into a roadblock now.	20:24
maswan	regius: What I'd do is get a small cheap ethernet switch and put that first, then plug the rest into that. If you really need the machines behind eachother, that's more difficult.	20:24
arrrghhh	put a switch in front of your PE device :P lol that's the easiest.	20:24
maswan	Otherwise, hm, look into bridging between the internal and external interfaces, I think would be the terminology to search for	20:25
regius	True that would be easy	20:25
maswan	basically making the server act as a switch	20:25
arrrghhh	i'm just not sure how to pass the dhcp requests past your server.	20:26
maswan	because it needs to forward stuff, even though the upstreams network won't see it as a router for your other IPs, etc.	20:26
regius	I found dhcp-helper	20:26
maswan	even then, I'm not sure it'll work	20:26
Johnnyx	huh anyone with problems with postfix? with running it?	20:26
maswan	Johnnyx: works fine for me, usually	20:26
maswan	Johnnyx: but then I don't have any complex configuration, just to send the cron mails off to me, etc.	20:27
regius	It's look's like it can forward broadcast packages to a specific dhcp server	20:27
maswan	regius: yeah, but after that you also need to manage to grab and forward all the rest of the unicast traffic too	20:27
maswan	regius: which means the server has to appear to the upsterams network as having all those IPs	20:28
regius	ipforward?	20:28
Johnnyx	i've installed it and its not running.. when i start it /etc/init.d/postfix start it says starting ... OK	20:28
Johnnyx	but when i try postfix status it says system is not running	20:28
lamont	what does /var/log/mail.log say?	20:28
maswan	regius: that only solves part of th eproblem	20:28
maswan	regius: that's shifting the packets from eth0 to eth1, making your ISPs switch/router send them to your eth0 is also an issue	20:29
Johnnyx	hash map access missing map file /etc/mail/access.db .... i have no idea why...	20:29
Johnnyx	and in log	20:30
Johnnyx	reject=451 4.3.0 temporary system failure	20:30
regius	Thanks all for trying! I'm giving up :-) and buy a switch insted	20:31
maswan	regius: Anyway, a good start would finding a guide on setting up bridging and experimenting with that. I've never done that outside of the virtualisation world though. It is a tricky thing to do. And yes, that's what I'd do too, even if it can theoretically be done. :)	20:31
maswan	...	20:31
Johnnyx	lamont: any suggestions?	20:34
Egonis	I'm absolutely fed up with Windows Server, and want to use Ubuntu Server in its place... I tried to restore my Exchange mailboxes from backup, and it caused a STOP error on a fresh install... I'm in the process of switching to Lotus Domino, and really want to run that on Ubuntu Server, however our accounting software requires windows to operate -- is there a safe and clean way to run Windows Server 2008 in a Virtual Machine on U	20:52
Egonis	buntu?	20:52
_ruben	Johnnyx: sudo postmap /etc/mail/access	20:53
=== teddy is now known as teddymills
lau	according to pdns-doc 2.9.21-5ubuntu1.1 there is a testing mode /etc/init.d/pdns monitor for pdnsd	20:56
alvin	Egonis: I do that on some ubuntu servers. (KVM) It works but the downside is that you will have a lot of performance loss. There are no virtio drivers for Windows 2008, so don't expect good I/O	20:56
patdk-wk	heh?	20:57
patdk-wk	pdns != pdnsd	20:57
Egonis	alvin: It would be for a Pervasive (BTRIEVE) Database, and nothing more. The trouble is, the accounting software company won't support anything but their very precise configuration (even Server 2008 wasn't supported until weeks ago)	20:57
patdk-wk	pdnsd is a completely different, unlreated program	20:57
Johnnyx	hmm	20:57
Johnnyx	_ruben: do you know what this could mean	20:57
Johnnyx	postmap: warning: /etc/mail/access, line 105: record is in "key: value" format; is this an alias file?	20:57
alvin	Egonis: It might work, I use it for small databases too, but only when performance is not important. I hear you can buy signed drivers from Red Hat, but Canonical doesn't offer those for sale.	20:58
alvin	The source is there, but you'll have to sign them yourself. If I have the time, I'll look into that. Doesn't look easy on first sight.	20:58
Egonis	alvin: thanks for the info	20:58
alvin	There is a Brainstorm idea for that: http://brainstorm.ubuntu.com/idea/24582/	21:00
lau	thx patdk-wk	21:13
lamont	Johnnyx: postmap hash:/etc/mail/aliases	21:24
lamont	Johnnyx: postalias hash:/etc/mail/aliases <-- actually	21:25
=== lau is now known as Guest32771
hggdh	Daviey: you just put out r1225, correct?	21:31
trimeta	I'm worried that the bind server I have set up on my machine isn't actually caching DNS results...running dig on a new address two times in a row doesn't result in reduced query times.	21:35
trimeta	How can I check if I'm actually caching, and make sure that it does cache if it isn't currently?	21:35
Daviey	hggdh: correct, in the archive	21:35
* RoyK rewrites his PHP code to Fortran		21:39
=== Guest32771 is now known as lau
patdk-wk	trimeta, do a lookup for like, www.google.com	21:40
patdk-wk	then disconnect your internet cable	21:40
patdk-wk	and try again :)	21:40
patdk-wk	or you could have done a tcpdump on your internet connection and parse the results	21:40
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
mike1	anyone help with squid proxy for a server / not forwarding internet to lan....	23:17
mike1	anyone help with squid proxy for a server / not forwarding internet to lan....	23:23
SpamapS	mike1: how are you connecting to the proxy?	23:24
mike1	SpamapS: The set is as follows. Modem to eth0 on server/proxy eth1 to lan	23:28
mike1	I'm online throug the server right now (using ascII and lynx :)	23:29
SpamapS	mike1: so then what is your question?	23:30
mike1	I'm not getting the internet on my lan... I'm ssh'ing into the server to get out. packets aren't being forwarded	23:30
mike1	I'm guessing squid.conf isn't correct.	23:30
SpamapS	AH	23:31
SpamapS	well squid is really just for HTTP	23:31
SpamapS	it doesn't "forward packets"	23:31
mike1	<-- dummy using wrong terms sorry	23:31
SpamapS	Please do not self deprecate. ;)	23:32
mike1	ok done with that, but what I am missing. is it something in /etc/squid/squid.conf	23:32
SpamapS	mike1: you may find some answers here https://help.ubuntu.com/10.04/serverguide/C/firewall.html	23:33
SpamapS	mike1: what you probably want is IP masquerading.	23:33
mike1	SpamapS: i'll read up a bit, hope you around for a few ! thanks	23:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!