[00:07] <hggdh> Daviey: yes, it seems to work. I will run some tests now. There is still a problem there, though
[00:10] <wieshka> hey there - i have two physical interfaces - eth0 & eth1, next i have public bridge on eth0 with DHCP for my virtual servers, but eth1 is directly connected to internet with static IP
[00:10] <wieshka> how can i specifie default interface, and eth1<-->br1 also for one vh
[00:14] <Daviey> hggdh: oh?
[00:15] <hggdh> Daviey: keep in mind that we still cannot deploy a *separate* SC by itself
[00:16] <hggdh> Daviey: so Chis still has some work to do
[00:17] <Daviey> hggdh: I'm not sure that is a topology i ever tested in Lucid.. Are you sure that is a regression?
[00:18] <hggdh> Daviey: certain. I checked 3 topos: all-in-one, all separate, and (CLC+Walrus), (CC+SC)
[00:19] <hggdh> Daviey: all-in-one works (this is topo1)
[00:19] <deckie1> roger wilco.
[00:19] <Daviey> hggdh: deckie1 is Chris
[00:19] <Daviey> deckie: Meet hggdh, Carlos :)
[00:19] <hggdh> oh, hi deckie
[00:20] <deckie> hggdh: hello.
[00:20] <hggdh> all-separate failed, but I did not test installing eucalyptus-cloud on the SC
[00:20] <hggdh> this was topo2, BTW
[00:21] <deckie> i will have a fix for this in a little bit.  it looks like something that needs to be shared is not in a common-lib
[00:21] <Daviey> hggdh: Okay.. First - Is registration now seeming to be reliable?
[00:21] <hggdh> and topo3 -- (CLC+Walrus), (CC+SC) -- I just installed. It failed, and then I installed on the (CC+SC) eucalyptus-cloud, following a suggestion from deckie
[00:21] <hggdh> Daviey: I insalled two NCs, and they registered correctly
[00:22] <hggdh> but I will need some installs to confirm -- the problem was intermittedt
[00:22] <hggdh> ugh
[00:22] <Daviey> hggdh: Agreed.
[00:24] <Daviey> hggdh / deckie: I need to go afk.. but i'm planning an upload (my) early tomorrow with the latest from the euca devel branch.  hggdh, if you want to keep me updated i'll take on board what you say in the bug reports.
[00:25] <hggdh> Daviey: ack
[00:25] <deckie> Daviey: roger.  thanks for your time.
[00:25] <CppIsWeird> just for a sanity check, the following command "diff -drq /dir1 /dir2" ensures that dir1 and dir2 are identical byte for byte, right?
[00:26] <hggdh> deckie: I will run some basic tests now. Are you aware that volumes are consistently failing to attach?
[00:27] <deckie> hggdh: yeah.  sudo vs. euca_rootwrap if i understand right.  we are working on a fix asap.
[00:28] <hggdh> deckie: actually, no, different issue, it seems
[00:29] <hggdh> deckie: bug 615646
[00:29] <deckie> hggdh: yessir, that is the one i had in mind.  looking again though.
[00:29] <hggdh> deckie: the rootwrap issue I bypassed by adding a new entry in /etc/sudoers
[00:29] <deckie> hggdh: tgtd is running?
[00:30] <hggdh> deckie: IIRC, it was
[00:30] <hggdh> I will recheck on it one my first tests sequence is done
[00:31] <hggdh> deckie: the error is here: 20:39:23 ERROR [SystemUtil:pool-8-thread-1] com.eucalyptus.util.ExecutionException: sudo tgtadm --lld iscsi --op show --mode target --tid 1 error: tgtadm: can't find the target
[00:33] <deckie> hggdh: ok.  please let me know how it goes.
[00:33] <hggdh> deckie: will do
[00:37] <deckie> hggdh: it may still be a permissions issue.  the version w/ euca_rootwrap will be on lp shortly.
[00:38] <deckie> hggdh: also, might it be an apparmor issue?
[00:39] <hggdh> deckie: I did not see any messages from audit, but I also did not look closely... I will check
[00:39] <deckie> hggdh: if it takes alot of time/effort it may be easier to wait for the euca_rootwrap fix to pass qa on our side and get pushed to lp
[00:41] <hggdh> deckie: we do not have time, feature freeze is looming
[00:41] <hggdh> tomorrow we wee have to take a position
[00:41] <deckie> hggdh: it will be on LP in an hour or so?
[00:42] <hggdh> k
[00:52] <hggdh> deckie: first run completed, 101 instances, 1 failure (I do not think it is an euca failure), so we are, pretty much, shining here
[00:52] <hggdh> deckie: I will run a volume allocation now, and check for audit failures
[00:59] <Daviey> deckie: How is the whitelisting for euca_rootwrap adoption getting on?
[01:20] <hggdh> deckie: I was wrong -- eucalyptus-sc does not come up even with -cloud installed on the same machine. The CC works, though.
[01:21] <hggdh> deckie: so I cannot test volumes on this distributed topology
[01:21] <hggdh> Daviey: IIRC, deckie told me that it is already in, and should be on next revision (1222?) in a few
[01:21] <hggdh> minutes
[01:28] <Iceman_B> HELP
[01:29] <Iceman_B> im getting a "ubuntu can't have a partition outside the disk" while installing
[01:29] <Iceman_B> and neither the back or continue buttons do anything :/
[01:30] <Daviey> hggdh: ack
[01:30] <Iceman_B> whats going on and how do I fix this?
[01:31] <deckie> hggdh: I am not seeing the same issues w/ the SC that you are.  can you post the logs for the machines somewhere?
[01:32] <hggdh> Daviey: I already uploaded them to lp:~hggdh2/uec-qa, latest revision
[01:33] <hggdh> Daviey: revision 29
[01:33] <hggdh> deckie: ^
[01:33] <hggdh> sorry
[01:33] <deckie> hggdh: thanks, sorry i was afk'd
[01:33] <hggdh> deckie: no prob. I will have to be afk for the next half-hour
[01:35] <Daviey> deckie: Also, Is there any news on kees's euac_rootwrap getting merged..  The licencing issue should be OK
[01:36] <deckie> Daviey: it should be on lp shortly i'll circle back w/ more info in a bit
[01:37] <Daviey> deckie: super.. i'd love to drop our one :)
[01:37] <Daviey> afk
[02:00] <wieshka> Problem: i have server running ubuntu lucid, and so i also have 4 virtual servers on it running on KVM. Server has 2 ethernet ports - eth0 & eth1. eth0 is connected to my LAN (it is also connected to internet), and eth1 is connected directly to ISP with static ip configured. (my ifconfig: http://wieshka.pastebin.com/fn80SEFS, and here is my interface configfile: http://wieshka.pastebin.com/ZsSqDfed). What i need - the base system and 3 of virtual ser
[02:00] <wieshka> are in LAN over eth0, and one my virtual server is directly connected to internet over eth1.
[02:00] <wieshka> as you can see - i made bridges
[02:00] <wieshka> but something is wrong
[02:00] <wieshka> becouse none of my virtual server has now internet connection
[02:01] <wieshka> and no DHCP adreses assigned to virtual servers over br0 (dhcp enabled, passing QEMU inbuilt DHCP)
[02:11] <ChmEarl> wieshka, paste url's have extra wxxshka - remove it
[02:13] <wieshka> ChmEarl: its from my auto paste script
[02:14] <ChmEarl> wieshka, I see the pastes now
[02:15] <ball> Can Ubuntu server boot from a software RAID array?
[02:16] <wieshka> ball: no problem
[02:16] <ball> wieshka: Thanks
[02:16] <wieshka> ball:  i use RAID 1 + LVM + GRUB
[02:16]  * ball isn't familiar with LVM
[02:17] <wieshka> ball: you even can make array while installing during setup
[02:17] <ball> wieshka: I may give that a try, now.
[02:18] <wieshka> ball: LVM is easy
[02:18] <ball> 'easy' doesn't tell me what it does ;-)
[02:18] <wieshka> so make RAID autodetect partitions, then configure RAID, then setup a LVM and easaly configure it
[02:18] <ball> ...though I can guess
[02:19] <ball> Does booting from software RAID *require* lvm?
[02:19] <wieshka> no ball, LVM just gives you extra flexibility
[02:19] <wieshka> if you are going to make several partitions
[02:19] <wieshka> for example you have a 500 Gb disk
[02:20] <wieshka> make just 30 Gb partition for system for example
[02:20] <wieshka> later if you need - you can extend it
[02:20]  * mase_wk loves lvm
[02:20]  * wieshka same here
[02:20] <wieshka> i am using LVM for virtual servers
[02:20] <mase_wk> yep me too
[02:21] <mase_wk> backing up has never been easier.
[02:21] <wieshka> mase_wk: hmmm, what virtualization you use ?
[02:21] <mase_wk> i have some Xen boxes, mainly KVM these days
[02:21] <wieshka> mase_wk: basicly backups with img fails are easier :)
[02:21] <wieshka> but partitions gives some dozen of performance
[02:21] <wieshka> write/read
[02:21] <wieshka> i am using Enterpirse seagate disks
[02:22] <wieshka> sata on SAS controler :)
[02:22] <wieshka> mase_wk: i have problem with my KVM
[02:22] <wieshka> ok - i havent slept for a more than day and a half, so my brain .......
[02:22] <mase_wk> heh
[02:22] <wieshka> mase_wk: how good are you in KVM networking ?
[02:22] <mase_wk> so what issue are you having with KVM?
[02:23] <mase_wk> thats a fairly open ended question...
[02:23] <wieshka> mase_wk: my server has two physical ethernet ports - eth0 & eth1
[02:23] <wieshka> so ..... eth0 is for base system and for 3 guests - like a public bridge
[02:24] <wieshka> how can i connect last - 4 guest directly to eth1, what haves static ip
[02:24] <wieshka> i made similar to public bridging, new bridge (br1) on eth1 interface
[02:24] <wieshka> but now - all my guests are lack of internet :)
[02:24] <wieshka> so something is wrong
[02:24] <mase_wk> yeh ok so your most of the way there
[02:25] <wieshka> so what i skipped ?
[02:25] <mase_wk> so on your KVM host you still have a default gw set up right ?
[02:25] <wieshka> yeah
[02:25] <wieshka> maybe ifconfig, /etc/network/interfaces, route output needed?
[02:26] <wieshka> to figure out ?
[02:26] <mase_wk> so in theory you just need to make sure each guest is using the appropriate bridge
[02:26] <wieshka> in theory :)
[02:26] <mase_wk> so long as they each have seperate mac addresses
[02:26] <wieshka> in theory i understanding :)
[02:26] <wieshka> but something i messed up - and i am stuck for 2 hours already
[02:26] <mase_wk> then make sure that in each guest that /etc/networking/interfaces actually referes to the correct IF
[02:27] <mase_wk> as if you use something like virt-clone
[02:27] <mase_wk> you will find that it sets up eth1 ,eth2 etc..
[02:27] <mase_wk> rather than eth0 which is the default in /etc/networking/interfaces
[02:27] <wieshka> hmmm, i dint understund you ....
[02:28] <mase_wk> make sure in each guest, that if you do ifconfig -a that the appropriate interface is set up correctly in /etc/networking/interfaces
[02:28] <mase_wk> brb
[02:29] <wieshka> hmmm .... then question - why my guests - who already worked (network) is now without internet  becouse i connected second interface
[02:34] <wieshka> mase_wk: hmmm .... then question - why my guests - who already worked (network) is now without internet  becouse i connected second interface
[02:42] <wieshka> mase_wk: whats wrong with your network connection ?
[02:42] <wieshka> :)
[02:42] <mase_wk> nothing, i'm messing with KDE
[02:45] <wieshka> mase_wk: - is there something wrong - i supouse no - http://wieshka.pastebin.com/0ZkTW6JA
[02:45] <wieshka> it is my interface file for my server
[02:46] <mase_wk> that looks fine, pastebin your libvirt config and also the /etc/network/interface for your guests
[02:47] <wieshka> now guests working
[02:47] <wieshka> so just stays to configure
[02:47] <wieshka> one guest to that physical interface
[02:47] <wieshka> so i have eth1 & br1 - i using manual/static IP adres for it
[02:48] <clusty> curious if one can boot an ubuntu from a raid (hardware raid).
[02:48] <patdk-lap> clusty, yes, why wouldn't you?
[02:48] <wieshka> clusty:  i prefer software, but why you cant ?
[02:48] <patdk-lap> the whole point of a hardware raid is it looks just like a normal hardrive
[02:48] <clusty> patdk-lap: for one, how can grub read it's menu.lst, or how it's called now
[02:49] <patdk-lap> clusty, why would it need to?
[02:49] <patdk-lap> it's just a normal drive
[02:49] <patdk-lap> there is nothing special about hardware raid
[02:49] <patdk-lap> now software raid is special
[02:49] <wieshka> clusty: hardware raid gives you a single hard disk
[02:49] <ball> clusty: Yes, you can boot Ubuntu from hardware RAID
[02:49] <clusty> thought it needed the kernel module
[02:49] <patdk-lap> cause now grub has to know how it works
[02:49] <clusty> for the card
[02:49] <wieshka> use as simple disk
[02:49] <ball> wieshka: it gives you the illusion ofa single hard disk
[02:49] <ball> (assuming a small array)
[02:49] <patdk-lap> clusty, that is what the hardware raid bios is for :)
[02:50] <patdk-lap> now linux will bypass the bios, then you need a drive
[02:50] <patdk-lap> driver
[02:50] <clusty> patdk-lap: thanks. i am receiving my disks tomorrow and was wondering how it will all work out
[02:50] <patdk-lap> what raid card?
[02:51] <clusty> intel
[02:51] <patdk-lap> should be overly well supported then :)
[02:51] <clusty> it sees the module.
[02:51] <patdk-lap> the hardest issue I have with hardware raid, is to get good raid stats from it
[02:51] <patdk-lap> so I can monitor the health
[02:52] <clusty> the intel fukards are not giving the utils in deb format
[02:52] <clusty> just rpm
[02:52] <patdk-lap> that shouldn't be hard to install
[02:52] <clusty> i have yet to screw around with alien to get em working
[02:52] <patdk-lap> unless it's only in i386 and you need x64
[02:52] <clusty> the CD came just with 32
[02:52] <patdk-lap> heh, forget the cd
[02:52] <patdk-lap> see if you can download them
[02:53] <clusty> i struggled just to flash to latest FW
[02:53] <patdk-lap> normally the cd is a year or more out of date
[02:53] <clusty> try 3 :D
[02:53] <clusty> the initial bios was 2007
[02:53] <clusty> and new is 2010 version
[02:54]  * patdk-lap has been having fun with ldirectord
[02:54] <patdk-lap> I've just about got it fully ipv6 away now :)
[02:54] <clusty> what's that?
[02:54] <patdk-lap> aware
[02:55] <patdk-lap> things that I can't do with ipv6 in it seems to be limited to ping and mysql
[02:58] <clusty> patdk-lap: what raid controllers do you use ?
[02:58] <wieshka> mase_wk: i have to configure static IP address in guests interface file ?
[02:59] <mase_wk> yes
[02:59] <mase_wk> or configure your dhcp server to hand out the correct ip
[03:00] <wieshka> hmmm - can i give mac address the same as it is for my eth1 interface
[03:00] <wieshka> my ISP has attached to my physical IP address
[03:00] <wieshka> so i supouse the problem is there
[03:00] <wieshka> my ISP isnt giving ip address for my guest over bridge
[03:00] <patdk-lap> adaptec 2130, adaptec 2200, adaptec 2110, perc5, perc6, 3ware
[03:01] <wieshka> becouse there aperas my guest address - is that possible ?
[03:01] <wieshka> eth1 mac address is ignored
[03:01] <clusty> patdk-lap: i got a 3ware for the company a while back
[03:01] <wieshka> thats the way how bridge should work, i am correct ?
[03:01] <wieshka> so i need to spoof mac addres
[03:02] <clusty> support seemed nicer than my intel: the tools had decent install scripts - no packaging system
[03:08] <mase_wk> erm your mac address should be younique
[03:08] <mase_wk> unique
[03:09] <mase_wk> each guest needs a different mac address, usually specified from within the hosts' libvirt definition
[03:10] <wieshka> mase_wk: hmmm - how can i make it with out bridge
[03:10] <wieshka> there should be option
[03:10] <wieshka> to configure directly to physical interface
[03:20] <wieshka> mase_wk: hmmm - why this does not works  ? :)     <interface type='direct'>
[03:20] <wieshka>       <source dev='eth1' mode='vepa'/>
[03:20] <wieshka>     </interface>
[03:24] <mase_wk> i don't think thats how you define a bridged network
[03:24] <mase_wk> you don't have a 'direct' interface
[03:25] <mase_wk> if you want a single guest to use a single interface , and only that interface is used by that guest
[03:25] <mase_wk> ie PCI passthrough
[03:25] <mase_wk> you need VTd support
[03:25] <mase_wk> otherwise if you have multiple guests to 1 interface you need a bridge
[03:28] <clusty> patdk-lap: still around?
[03:28] <patdk-lap> ya
[03:29] <clusty> any stripe size recommendations ?
[03:30] <clusty> for raid
[03:30] <patdk-lap> depends what you use it for
[03:30] <ball> clusty: try different settings and see what works best for you.  I default to one track per stripe
[03:30] <ball> ...but testing is important.
[03:31]  * patdk-lap wonders how ball calculates out a size of a track, since drives haven't had tracks forever
[03:31] <clusty> what are tracks to start with?
[03:31] <clusty> FS block size ?
[03:31] <patdk-lap> na
[03:31] <ball> patdk-lap: they have fake tracks these days.
[03:31] <patdk-lap> :)
[03:32] <patdk-lap> these days they are made like cd's, one very long track
[03:32] <patdk-lap> I forget if they have, or are going to go to the whole laserdisk method
[03:32] <patdk-lap> read/write parallel tracks at the same time
[03:32] <patdk-lap> I think they are
[03:35] <ball> patdk-lap: I doubt that's what they do now, though it's certainly possible with a voice coil.
[03:35] <ball> Not that it would matter to the system software anyway, it's just an array of sectors.
[03:35] <patdk-lap> well, I know what they used they where talking about parallel, but I really wasn't interested in how, at the time
[03:36] <ball> Let's see if I can learn how to do a software RAID on Ubuntu Server
[03:36] <patdk-lap> oh, that is easy :)
[03:36]  * ball wonders why "Chicago" would be listed as a time zone.  That makes no sense to me.
[03:37] <patdk-lap> it's not
[03:37] <patdk-lap> it's listed as one of the largest citys in that timezone
[03:37]  * patdk-lap is annoyed that NYC is always listed, but not Wash D.C.
[03:41] <ball> It's not clear to me whether I'm supposed to create partitions of some sort before creating the RAID array, or whether I should create the RAID array from "Free space".
[03:41] <ball> What does Ubuntu expect me to do?
[03:42] <mase_wk> raid is a disk level thing
[03:42] <mase_wk> you need to set up raid first
[03:42] <mase_wk> then partition
[03:42] <ball> mase_wk: usually yes, but with software RAID?
[03:42] <mase_wk> then filesystem
[03:43] <patdk-lap> software raid you can do it either way
[03:43] <mase_wk> i imagine so. you probably need a single boot partition somewhere
[03:44] <ball> Ah, I see a "physical volume for RAID" option in the "Partition Disks" dialogue
[03:44] <patdk-lap> that is what the usb drive is for :)
[03:47] <Roxyhart0> hi there i would like to block p2p with iptables, sombody know the command line, also somebody is using patch-o-matic for that?
[03:48] <patdk-lap> roxy, you know that is a lost cause?
[03:49] <Roxyhart0> what is the lost cause block p2p?
[03:49] <clusty> patdk-lap: can't do l7 or ipp2p ?
[03:49]  * ball tinkers
[03:49] <clusty> unless it's ssl enabled torrent :D
[03:49] <patdk-lap> torrent doesn't do ssl
[03:50] <patdk-lap> but it does do md4 hashing, making l7/ipp2p useless
[03:51] <Roxyhart0> if i want to block any port over 3000 per example andopen just the port that i need?
[03:51] <Roxyhart0> what about it? http://bby.com.pl/linux-router/blocking-p2p-software-string-module/
[03:52] <clusty> patdk-lap: what i do wonder: my isp does DPI. they can somehow classify my torrent traffic
[03:52] <clusty> curious how
[03:52] <clusty> they throttle me down for everything they cannot figure out ?
[03:53] <patdk-lap> they normally do it by bandwidth analysist
[03:56] <Roxyhart0> somebody as listen about path-o-matic to block p2p?
[05:28] <X32> how would I change the command line font?
[05:40] <jmarsden> X32: man setfont   # This might do what you want, I'm not 100% sure
[05:49] <robertpayne> Easy way to delete lines out of a text file that match grep?
[06:03] <qman__> robertpayne, grep -v stufftoremove /path/to/file > file2; mv file2 file1
[06:03] <robertpayne> qman_: thanks :) I found it .. should've googled first was kind a stupid question
[06:20] <Roxyhart0> somebocy have a good doc to install ipp2p in ubunut?
[06:20] <Roxyhart0> ubuntu
[06:44] <alex88> hi, how is possible to scroll up in screen?
[06:44] <twb> ^A[
[06:45] <Callum__> heh uvirtbot
[06:45] <alex88> it's ctrl-a escape
[06:45] <alex88> :)
[06:45] <Callum__> ^A
[06:45] <Callum__> ^help
[06:46] <Callum__> ^commands
[06:46] <Callum__> wut
[06:46] <Callum__> what is then! =P
[07:20] <DexterLB> I have two machines running ubuntu server. Could you recommend some benchmark process I can run on both and see which performs better?
[07:24] <alex88> DexterLB: hardinfo has some tests, like fibonacci, md5 etc
[07:24] <DexterLB> alex88: thanks
[07:24] <DexterLB> I'll try it
[07:24] <alex88> DexterLB: or this http://www.tux.org/~mayer/linux/bmark.html
[07:25] <alex88> or this ftp://pi.super-computing.org/Linux/super_pi.tar.gz
[07:28] <robertpayne> qman_: shame the -B and -C don't work with -v :(
[07:33] <twb> alex88: that's what I said
[07:34] <twb> DexterLB: what resource(s) do you want to benchmark?
[07:45] <alex88> twb: about the ctrl-escape?
[07:46] <alex88> i've just seen ^A[
[07:46] <xampart> morning
[07:47] <alex88> xampart: morning
[07:56] <DexterLB> why is sudo so dead slow?
[07:58] <mase_wk> DexterLB: slow ?
[07:58] <mase_wk> how long does it take ?
[07:59] <DexterLB> like when it needs to ask for a password it waits 5sec or so before asking
[07:59] <DexterLB> is that some security measure?
[07:59] <twb> DexterLB: before prompting for the password?
[07:59] <DexterLB> yeah
[07:59] <twb> Do you have root?
[08:00] <DexterLB> oh?
[08:00] <DexterLB> i thought it was impossible not to have
[08:00] <twb> I mean, do you, DexterLB, have administrative privileges on this host
[08:00] <DexterLB> yup
[08:00] <DexterLB> it does work
[08:00] <DexterLB> but it takes some time
[08:00] <twb> OK, pastebin the output of egrep -v '^[[:space:]]*(#|$)' /etc/sudoers
[08:02] <DexterLB> it is as it should be
[08:02] <DexterLB> Defaults	env_reset
[08:02] <DexterLB> root	ALL=(ALL) ALL
[08:02] <DexterLB> %sudo ALL=(ALL) ALL
[08:02] <DexterLB> %admin ALL=(ALL) ALL
[08:03] <DexterLB> oops
[08:03] <DexterLB> pastebin :D
[08:03] <DexterLB> sorry
[08:03] <twb> OK.
[08:03] <twb> Now do the same for nsswitch.conf and /etc/pam/common*
[08:04] <twb> Also lsb_release -a
[08:04] <twb> Er, /etc/pam.d/common-*
[08:05] <DexterLB> system rebooting
[08:05] <DexterLB> kernel upgrade
[08:05] <DexterLB> will have to wait a bit
[08:05] <twb> OK
[08:08] <DexterLB> http://dexterlb.pastebin.com/VLn4hm5a
[08:09] <DexterLB> i never understood regex
[08:09] <DexterLB> what does that thing mean
[08:09] <DexterLB> '^[[:space:]]*(#|$)' that is
[08:11] <joschi> DexterLB: any string starting with any number of whitespace characters (space, tab, ...) or none, followed by a hash sign (#) or endline ($).
[08:11] <joschi> it basically filters out any comments and empty lines of a file
[08:12] <DexterLB> o
[08:50] <apw> o
[08:56] <robertpayne> ugh is there any reason SSH key authorization wouldn't work out of the box ubuntu? I've installed id_rsa.pub into ~/.ssh/authorized_keys on the server and have it locally in ~/.ssh/id_rsa chmoded properly too
[09:00] <Daviey> robertpayne: use ssh -vvv user@host .. the verbose info will likely provide some clue
[09:01] <robertpayne> debug2: we did not send a packet, disable method
[09:01] <robertpayne> hmm
[09:02] <joschi> robertpayne: check /var/log/auth.log and maybe raise the log level of your sshd
[09:02] <robertpayne> joschi: ok I'll try that
[09:02] <joschi> robertpayne: also check, if the user has a valid login shell and the permissions on ~/.ssh/ are correct
[09:03] <joschi> they should be 0700 on the directory and 0600 on the files inside it
[09:03] <robertpayne> ya
[09:05] <robertpayne> Authentication refused: bad ownership or modes for directory /root
[09:05] <_ruben> ssh as root? eww
[09:06] <robertpayne> I turn it on then back off as I do large amounts of changes requiring sudo
[09:06] <robertpayne> heh "root" didn't own /root
[09:06] <KE1HA> Opps :-0
[09:07] <robertpayne> not sure how that happened.. thx joschi for the auth.log tip
[09:07] <_ruben> ouch
[09:08] <robertpayne> _ruben: and I completely agree root login = bad.  I'm just working on my dev box right now and have days of work to do on it so avoiding hassle of passwords
[09:09] <twb> Just use NOPASSWD and sudo -i from a trusted less-privileged account
[09:09] <_ruben> indeed
[09:11] <robertpayne> I see so create a user with no password and run like "ssh user@domain -p port 'sudo -i'"
[09:12] <Jimmyx> hi, wanna ask, i'm looking for some user-friendly howto build mail server.. maybe with postfix/dovecot/mysql for multiple domains.. any suggestions?
[09:12] <twb> Jimmyx: apt-get install ubuntu-serverguide
[09:13] <robertpayne> Jimmyx: if you'd like I can give you some shell scripts & conf files that are pretty much out of the box ready for a postfix/dovecot over SSL
[09:14] <Jimmyx> robertpayne: sounds good... if you dont mind :)
[09:24] <KE1HA> Hello All, Is there a 10.04 Server Manual in PDF that we can DL v.s. using the Wiki pages ?
[09:31] <robertpayne> twb: by NOPASSWD do you mean set the root user to have no password for sudo -i from the less privelged account?
[09:31] <twb> robertpayne: no, I mean set your %sudo user to have NOPASSWD: in /etc/sudoers
[09:32] <twb> i.e. "sudo foo" never prompts you
[09:32] <robertpayne> twb: ahh so the account could sudo root without typing in a pass
[09:32] <twb> Right.
[09:33] <twb> So really you're just as insecure from attackers, but at least you won't fat-finger stuff as often.
[09:33] <robertpayne> twb: true...
[09:36] <robertpayne> Assuming it'll still prompt for su
[09:36] <twb> Uh, sudo -i
[09:36] <robertpayne> gah yea sorry
[09:38] <bdrung> hi, can a member of the server team have a look at the sponsor request bug #378240?
[10:52] <AtomicSpark> WTB ubuntu-server metapackage which gives me /exactly/ whats on the ubuntu server cd to fix crazy vpn hosts like linode. <3 Cookies for all!
[10:55] <alex88> you mean vps
[10:56] <alex88> well linode prices are crazy
[10:59] <huats> morning
[11:11] <alex88> where i can see the list of servers to use with apt?
[11:11] <alex88> i mean official repositories
[11:12] <twb> alex88: archive.ubuntu.com and XX.archive.ubuntu.com, where XX is your two-letter country code.
[11:13] <alex88> twb: thank you..de.archive.ubuntu downloads at 74kbyte/s...
[11:14] <twb> Good ISPs and universities will also provide secondary/tertiary mirrors.
[11:14] <joschi> alex88: https://launchpad.net/ubuntu/+archivemirrors
[11:14] <alex88> those are what i'm searching..
[11:14] <alex88> joschi: thank you :)
[11:15] <twb> In Debian there's a machine-parsable text list, which apt-spy uses to pick the nearest/fastest.
[11:15] <twb> I don't think that's available in Ubuntu :-/
[11:15] <alex88> there is on ubuntu desktop..
[11:16] <alex88> dunno on server
[11:16] <twb> alex88: yes, but that's built into synaptic or whatever
[11:16] <twb> Something like automagic like cdn.debian.net that automagically resolves to a good local mirror would be ideal.
[11:16] <joschi> alex88: ubuntu and ubuntu server use the same package sources. the only difference is the default installation
[11:17] <alex88> joschi: i know..but on ubuntu desktop you've "select best server" in synaptic...as twb said..
[11:18] <twb> GUIs are for chumps
[11:19] <alex88> ;) right
[11:20] <alex88> https://launchpad.net/ubuntu/+mirror/ftp.halifax.rwth-aachen.de-archive how can i see if it has also other reps, not only main?
[11:20] <twb> alex88: apt-get from it
[11:20] <alex88> oh..just change sources.list and try :)
[11:21] <twb> Or browse their mirror in dists/lucid/
[11:21] <joschi> alex88: or you just take a look at the mirror yourself. -> http://ftp.halifax.rwth-aachen.de/ubuntu/dists/lucid/
[11:21] <joschi> alex88: any way, all mirrors in the list have main, universe and multiverse
[11:22] <twb> I'd just add a fast mirror first, then put XX.a.u.c and/or a.u.c below
[11:22] <twb> It'll then try the fast mirror and fall back to the complete mirror
[11:23] <notlistening> Hi running  a virtualbox server that can accept connection on static ip but not make out going connections like ping, but the web server services reqests
[11:23] <joschi> notlistening: icmp is not supported by the NAT type network adapter of virtualbox
[11:23] <notlistening> ah sorry it is bridged
[11:24] <notlistening> and I am starting is using vbpxtppls
[11:24] <notlistening> *vboxtools
[11:24] <notlistening> I can even update the server so it is all goinging network traffic
[11:25] <notlistening> cnn't
[11:26] <twb> Maybe you aren't proxy ARP requests
[11:26] <alex88> also after changed reps still 70kbyte/s, and hoster says they not limit..i doubt..
[11:27] <notlistening> It has worked before :D
[11:27] <twb> I expect requests to/from the host OS work fine
[11:29] <notlistening> yes they work fine
[11:29] <notlistening> I checked that first
[11:29] <twb> So the guest can talk to the host?
[11:30] <notlistening> I can ssh into the machine, I can view webpages from it from different machines host and others
[11:30] <notlistening> the guest can't see the outside world or my internal network
[11:31] <twb> Uh, so the guest has no default route?
[11:31] <twb> I don't understand how these symptoms could occur
[11:31] <twb> What does iptables-save say?
[11:31] <notlistening> 1 sec
[11:32] <notlistening> not installed
[11:32] <notlistening> could it be a virtualbox bug?
[11:32] <twb> Where did this disk image come from?
[11:33] <twb> If iptables-save isn't installed, you haven't done a normal ubuntu-server install
[11:33] <twb> (Where "installed" means "in root's $PATH")
[11:33] <alex88> oh...unattended upgrade was limiting to 70...-.-' noob
[11:33] <notlistening> It is the 10.10 server :D
[11:34] <twb> alex88: that's retarded
[11:34] <notlistening> and i did the most basic VM install
[11:34] <alex88> twb: i'm retarded :)
[11:34] <twb> QoS beats throttling
[11:37] <alex88> what you mean?
[11:38] <twb> Rather than limiting it to n kbps, just declare that it's bulk traffic
[11:38] <twb> QoS will then prioritize it below stuff like ssh
[11:38] <alex88> how do i set qos? btw, i was thinking that it limits just the automatic updates bandwith..
[11:38] <twb> With great difficulty
[11:39] <twb> Or throw shorewall at it, I guess
[11:39] <alex88> oh..no way..i have enough bandwith to not need to limit nothnig
[11:40] <twb> Then why did you limit it?
[11:41] <alex88> because i was thinking that it just limits automatic upgrades.. for the small time that i install something i have no bandwith problems..
[11:43] <notlistening> right my resolvconf it blank will that cause an issue for DNS?
[11:44] <twb> notlistening: /etc/resolv.conf should be populated by dhclient (DHCP)
[11:45] <notlistening> Well i am running with a static IP and DNS server has been set but i am just hunting for issues
[11:48] <Somoel> Hozsanna
[11:52] <Somoel> ikonia bruder ola
[11:59] <notlistening> Right i can now talk to my internal network
[11:59] <notlistening> DNS is the issue now
[12:03] <notlistening> fixed at the moment :D
[12:09] <Somoel> drupal? No! Never! Joomla better! Joomla forever!
[12:10] <Jeeves_> cmsmadesimple++
[12:10] <Somoel> website baker the better cms
[12:11] <Somoel> ola Jeeves bro'
[12:13] <twb> All PHP needs to die
[12:13] <twb> And all CMSes and all web apps in general
[12:13] <jpds> twb: Django?
[12:14] <twb> jpds: I'm not a fan of Python by any stretch, but it can't be any worse than what people do with PHP
[12:18] <hggdh> Daviey: good morning
[12:18]  * Daviey recently had a horrific experience with Joomla!..  I'm still too traumatised to go into it
[12:18] <Daviey> hey hggdh !
[12:18] <hggdh> Daviey: I see you are full of energy ;-)
[12:18] <Daviey> hggdh: hah :)
[12:18]  * hggdh is half-asleept
[12:19] <twb> TBH I'm surprised none of our prisoners have suborned the CMS already
[12:19] <kim0> is the 10.04.1 to be released next Tuesday
[12:19] <Daviey> hggdh: good to hear..
[12:19] <Daviey> kim0: AIUI, that is the current plan.  But as i'm sure you know, it's out when it's announced :)
[12:19] <kim0> hehe ok
[12:20] <jpds> I thought it was tomorrow?
[12:20] <kim0> has been pushed back
[12:21] <jpds> Noone informs the mirror admin that's been prepping things, I see.
[12:21] <hggdh> Daviey: Chris says he found the issue with Walrus/SC on distributed installs
[12:22] <Daviey> hggdh: Yes.. he has pushed a fix.. I thought there was one more pending - but perhaps that was just their internal results.
[12:22] <Daviey> hggdh: Merging what I have as we speak.. will push to PPA shortly.
[12:24] <hggdh> Daviey: cool, thanks
[12:41] <patdk-lap> twb, it's not really that php is bad, it has it's problems and all languages do
[12:41] <patdk-lap> but it's just the type of programmers that are using it that are the issue
[12:42] <patdk-lap> and that will happen with any easy to use language
[12:42] <patdk-lap> same issues with perl, perl added all kinds of help and ways to protect against most of those issues, but people still don't use them, unless they know what they are doing
[13:43] <robertpayne> Is there a way to permit root login via limited ips?
[13:47] <Iceman_B> I just installed 10.04, but I was expecting bash to use colors. it doesnt, how do I set this?
[13:49] <alvin> Iceman_B: It's documented in a commented section in ~/.bashrc
[13:54] <Iceman_B> lemme check
[13:54] <Iceman_B> I dont have such a file
[13:56] <Iceman_B> I mean, an "ls -a" on my homedir doesnt show it
[14:02] <Iceman_B> can I just create a ~/.bashrc file? or wont that solve anything ?
[14:05] <joschi> robertpayne: you mean root login via ssh?
[14:06] <robertpayne> joschi: was going to be for rsync purposes I found out you just run rsync under cron as root and push to non-root account on other server
[14:11] <alvin> Iceman_B: You don't? You can copy the default .bashrc from /etc/skel/.bashrc
[14:12] <floown> hello
[14:12] <floown> I can't use imap in Kontact since the upgrade to KDE 4.5, what packet should I manually install?
[14:14] <alvin> floown: Wrong channel. Better ask in #kubuntu. (I can't confirm. Haven't upgraded yet.)
[14:20] <Iceman_B> alvin: will try, thanks
[14:23] <hggdh> Daviey: thanks for packaging the beast. It is already building, so I will test ASAP
[14:24] <ssureshot> morning ... I have set preservejobhistory No in my cupsd.conf but the cXXXXXX jobs are never removed.. whats happening here and what am I missing?
[14:32] <zul> ttx: feature freeze is tomorrow right?
[14:32] <ttx> zul: yes
[14:33] <zul> ttx: damn
[14:53] <Iceman_B> alvin: I copied the .bashrc file from /etc/skel to ~ and logged out and in again, but no change
[14:53] <Iceman_B> bash still shows up grey
[14:53] <Iceman_B> im connecting through putty btw, if that makes any difference. it used to work tho
[14:53] <alvin> Iceman_B: That's normal. You have to change the default .bashrc first. uncomment a line there
[14:54] <alvin> Iceman_B: #force_color_prompt=yes
[14:54] <Iceman_B> I know, I did that too
[14:55] <Iceman_B> let me doubel check just to be sure
[14:55] <Iceman_B> oh and, how do I find out WHAT shell im actually using?
[14:55] <Pici> echo $SHELL
[14:55] <Iceman_B> force_color_prompt=yes <--- yup
[14:55] <Iceman_B> checks out
[14:56] <Iceman_B> it returns /bin/bash
[14:56] <Iceman_B> so thats cool too
[14:56] <Iceman_B> and vim shows up in colors, so its not putty
[14:57] <Iceman_B> im also missing a .bash_logout
[14:57] <Iceman_B> strange
[14:59] <alvin> .bash_logout can also be found in /etc/skel You probably created the user without copying files from skel, or with another shell.
[14:59] <Iceman_B> no idea really, I just installed 10.04, rebooted and logged in
[15:00] <alvin> Iceman_B: The default is no colored prompt. I just try to color it by uncommenting #force_color_prompt=yes. It works fine.
[15:02] <Iceman_B> alvin: ok well, either im doing something wrong, or that just doesnt work here
[15:03] <alvin> Iceman_B: Did you log out after uncommenting? (or sourced .bashrc?)
[15:03] <Daviey> hggdh: no problem.. It's landing in the archive shortly. :)
[15:03] <Daviey> hggdh: let me know how it turns out :)
[15:05] <alvin> Iceman_B: I don't think you need other packages than bash to have a colored bash prompt
[15:06] <Iceman_B> I did log out after uncommenting, and I have no clue what you meant by "sourced"
[15:07] <Iceman_B> im still qutie new to this
[15:21] <alvin> 'source' is a built-in shell command. You can refresh your login files with it. (like type: $ source .bashrc instead of logging off and logging in again)
[15:23] <Iceman_B> ooh cool
[15:23] <Iceman_B> thanks
[15:24] <Iceman_B> I might try a system wide setting in a minute
[15:26] <CharlieSu> Anyone using Amazon's Elastic Load Balancer?
[15:29] <CharlieSu> Does anyone know if it is possible to create a security group that only allows Amazon's Elastic load balancers?  I only want the ELB's to be able to access a group of servers to do health checks, but i don't want the rest of the world to be able to make requests.  This is because I have a web layer, application layer and DB layer with load balancers infront of both my web layer and application layer.  The web layer is
[15:35] <hggdh> Daviey: the SC still fails to start on a distributed deployment
[15:36] <ttx> hggdh: do the others start up ?
[15:36] <tvw> I am just setting up a linux server and now I need to setup postfix. I wonder which way I should go. I would have expected not to deal with postfix at all, since we have a separate mailserver.
[15:37] <ttx> CharlieSu: maybe on #ubuntu-cloud
[15:37] <tvw> Now I wonder, whether I make it a smart host or totally local.
[15:37] <hggdh> ttx: I will have to go back to topo2, I was running topo3. Chris sent me a note late last night stating he had found the issue on the separate topos
[15:37] <CharlieSu> ttx: thx
[15:37] <hggdh> ttx: and would give us a fix today
[15:37] <ttx> hggdh: I thought that would be included on the recently-uploaded one
[15:39] <hggdh> ttx: 2010-08-10 22:36:19     deckie  i found the problem that was preventing remote walrus/sc from working.
[15:39] <hggdh> 2010-08-10 22:36:45     deckie  i'll follow up with you tomorrow and dave, and the list later tonight
[15:40] <hggdh> the time is URC-5
[15:40] <hggdh> UTC-5
[15:40] <ttx> Daviey: ^how does this map onto your own work ?
[15:41] <Daviey> hggdh: Yes.. I understood there was going to be another upstream commit.. But perhaps i missunderstood deckie.
[15:42] <Daviey> I think he left it going through their internal continual integration testing stuff...
[15:43] <Daviey> which would automatically push to the branch.. That is how i understood it.
[15:43] <Daviey> So either i missunderstood, or it failed the test
[15:43] <tucemiux_> "tunnelled clear text passwords" is secure, right?  Basically, it means authenticating using a password as opposed to a key
[15:44] <hggdh> I do not know, at this time I was trying to sleep (so that I could get up earlier and test it
[15:47] <hggdh> Daviey, ttx: going now to topo2 (fully-separated) to confirm
[15:48] <Daviey> hggdh: Appreciated! :)
[16:00] <RyanP> I have a server with something wrong with it. Among other things, when i execute "sudo -i", I get three "Sorry, try again." messages, then "sudo: 3 incorrect password attempts", without ever being prompted for a password. Anyone know what's going on?
[16:04] <Pici> Well thats not normal.
[16:06] <Pici> RyanP: You mention that other things are wrong with it, do you suspect that its been rooted?
[16:06] <tvw> What sense does it make to use sudo on a server? I will never work there as a normal user and if, every command would start with sudo? I do not want to start a discussion but only a hint?
[16:07] <RyanP> Pici, Not ruling it out, but I don't think so.
[16:07] <thesheff17> #/join ubuntu-virt
[16:09] <Iceman_B> alvin: oh cool, after sourcing ~/.bashrc it works
[16:09] <Iceman_B> (except that my prompt is now green too, but meh)
[16:09] <Pici> RyanP: What if you just try to sudo a different command? Also, does sudo point to where you expect it? check   which sudo
[16:11] <Pici> tvw: One of the quickest arguments is that by not having a root user (or rather, having a locked password), anyone who tries to comprimise the server needs to know both a valid username and a password, rather than just 'root' and a password.
[16:11] <RyanP> sudo is /usr/bin/sudo, which seems to have appropriate permissions and such. sudo anything (sudo bash or sudo ls for example) give the same error.
[16:12] <Pici> RyanP: And your user is in the admin group?
[16:12] <tvw> Pici: Thanks, that makes sense.
[16:13] <tvw> RyanP: or is your user in the group 'sudo'
[16:13] <Iceman_B> where can I read what exactly happens during the install? I want to get some more insight into Linux
[16:14] <RyanP> Pici, the user is in the admin group.
[16:17] <tvw> Another question: The installation cd assumes, that the machine is connected to the internet. This make the installation a bit painful, if no network is attached to the server. Is there a way to avoid, that setup is querying the network all the time. It causes a lot of delays.
[16:22] <masoncloud> quit
[16:23] <qman__> tvw, just skip network configuration during setup
[16:23] <qman__> press cancel on DHCP, then choose do not configure at this time
[16:25] <tvw> qman__: That's a weird procedure, but thanks.
[16:31] <qman__> well, a server without a network connection isn't very useful, so it's assumed you have one
[16:31] <qman__> but not configuring the network will speed up the install
[16:47] <hggdh> Daviey, ttx: separate install definitely is still broken. So I guess we are waiting on the additional patch from Chris
[16:48] <ttx> Daviey: we are still waiting for an additional patch ?
[16:48] <hggdh> Daviey, ttx: I am now going back to all-in-one, to test the rootwrap & volume creation
[16:48] <ttx> hggdh: sounds good
[16:49] <Daviey> hggdh: Yeah.. seems there was an issue.. Gonna try and get hold of someone now.
[16:50] <Pici> kim0: Thanks for updating the irc/channellist wiki page, I forgot about that.
[16:50] <kim0> Pici: no worries :)
[17:15] <tvw> After installation I get errors: "fd0 read error", "no such disk". I use raid1 and installed grub into MBR.
[17:15] <tvw> the floppy disk is disabled in BIOS.
[17:20] <sponzor> hi. i have 2x 500gb, 1x 1tb. i want to do is raid 1. so that i would have 1tb=1tb raid. how to combine 2x 500gb
[17:21] <patdk-wk> raid0 :)
[17:21] <patdk-wk> then do a raid1 on the 1tb and the raid0
[17:22] <sponzor> will take that a lot of resorces of server? :P
[17:22] <patdk-wk> or, you may not want to do raid0, but do linear instead, to just concat the two, instead of striping them
[17:22] <patdk-wk> nope
[17:23] <sponzor> hmm linear? how to do that
[17:23] <patdk-wk> dunno, never done it
[17:23] <sponzor> :D
[17:23] <sponzor> than i will go with raid 0
[17:24] <patdk-wk> looks like instead of doing raid0, you just type linear
[17:25] <patdk-wk> the advantage of linear is if you really screw something up (like two of the drives fail)
[17:25] <patdk-wk> assuming one is the 1tb
[17:25] <patdk-wk> you could still recover half your data
[17:27] <sponzor> i will go with raid 0. ok i did raid 0. now i have 1tb lvm. i nead to do is that 1tb lvm will be raid not lvm.. ? how to do that. i m doinng fresh install...
[17:27] <patdk-wk> heh?
[17:27] <patdk-wk> why do you have lvm?
[17:27] <patdk-wk> what did you do?
[17:27] <patdk-wk> lvm is going slow things down :)
[17:28] <sponzor> lvm was automatic when i did raid 0
[17:28] <patdk-wk> I dunno if you can use the installation menu to give you what you want
[17:28] <patdk-wk> you should use lvm yes, but after you do the raid1
[17:29] <patdk-wk> I never setup mine using the installer so
[17:29] <sponzor> than i should install it on 1tb and make 2x 500 to 1tb and than to raid1 in the console after installation?
[17:30] <patdk-wk> don't think so
[17:30] <sponzor> hmm what should i do than? :P
[17:30] <patdk-wk> I normally just drop to console
[17:30] <patdk-wk> setup the raid
[17:30] <patdk-wk> then do the install
[17:30]  * patdk-wk is all about doing things manually though :)
[17:31] <sponzor> that is to hard.. its like gentoo then :P
[17:31] <patdk-wk> no it's not, I'm not waiting a week for it to build everything :)
[17:31] <sponzor> :P
[17:56] <Tohuw> On my Ubuntu 9.10 server, I'm configuring DoveCot with LDAP as per http://wiki.dovecot.org/HowTo/DovecotOpenLdap and have a few questions... 1) In the example LDIF, what does the comment "# only necessary if you are NOT using 'bind' authentication" indicate? That the entire rest of the entry is not necessary, or just that stanza? I am using bind authentication for LDAP. 2) These will be virtual accounts. I see the global_uid and global
[17:58] <patdk-wk> bind authenication is nice
[17:59] <patdk-wk> it logs into the ldap server using the users name and password
[17:59] <patdk-wk> otherwise it logs in using whatever you want, then it checks itself that the username and password match what is in ldap
[17:59] <patdk-wk> second way is easier to configure ldap
[17:59] <patdk-wk> first way is faster, cause it is 1 lookup instead of 2 or more
[18:02] <Tohuw> patdk-wk: makes sense. Is it a security risk to allow for bind authentication, since this means any user could just log into the server? I'm guessing "no", because you want users in there to be able to login. The second question is: I will be using virtual names for my dovecot addresses (i.e. not every email address will link to a real user on the server). I suppose this means I DO need that stanza?
[18:03] <patdk-wk> security issue all depends on how *insecure* you configure your ldap :)
[18:04] <patdk-wk> I use bind, I want users to login, and users are restricted to only their own items
[18:04] <Tohuw> fair enough :)
[18:04] <patdk-wk> do need what stanza?
[18:05] <Tohuw> per the comment in the help doc I linked. Here's the excerpt (it's an example ldif): http://pastebin.com/mdvETEbK
[18:06] <Tohuw> I assume line 13 refers only to lines 14-18
[18:06] <Tohuw> or does it refer to the entire rest of the ldif?
[18:07] <patdk-wk> that is just creating an account, for dovecot to login to ldap with
[18:07] <patdk-wk> so if you don't use bind, you need it, if you use bind, it's not needed, but won't hurt
[18:08] <patdk-wk> the last two would be user accounts
[18:09] <ivoks> hm...
[18:09] <ivoks> it's missing posixAccount to be an 'account'
[18:10] <ivoks> without that objectClass it's not an account
[18:10] <ivoks> it's just an entry
[18:11] <patdk-wk> mine I only use, inetOrgPerson and posixAccount
[18:12] <ivoks> ah, i see what this is for
[18:12] <patdk-wk> for my webmail ones, inetOrgPerson, posixAccount, top, hordePerson
[18:12] <ivoks> in slap.conf read perms are given to cn=dovecot
[18:12] <patdk-wk> ya
[18:13] <ivoks> and then adds password
[18:14] <ivoks> it's a good tutorial
[18:15] <Tohuw> ivoks: I think so. I'm learning a good bit I didn't know about ldap and Dovecot. I've never had to setup a mail server from scratch with no "cheat scripts" before.
[18:16] <ivoks> oh, you haven't seen dovecot-postfix package? :)
[18:16] <Tohuw> ivoks: I've seen it, but I'm using Exim ;)
[18:16] <ivoks> it doesn't integrate with ldap
[18:16] <ivoks> why? :)
[18:17] <Tohuw> ivoks: it seems to offer the most robust featureset, and, frankly, I'm more familiar with troubleshooting it.
[18:18] <ivoks> fair enough
[18:23] <smoser> kirkland, ping me when you see this please.
[18:28] <patdk-wk> heh, I never setup mine even with an howto before
[18:28] <patdk-wk> I installed the dovecot-postfix last night though on 4 systems, in my demo lab
[18:28] <patdk-wk> cause I needed to test imap and smtp connections
[18:33] <Tohuw> patdk-wk: though some scoff at them, I really like Ubuntu's packages for so many setups. I wish I could have deployed 10.04 to this server, just for the "redmine" package. It would have saved me ~6 hours of work ;(
[18:34] <patdk-wk> well, I use the packages for quick tests
[18:34] <patdk-wk> half the time I end up compiling from source
[18:35] <Tohuw> yes, they're good for that. Especially because you can just purge them when you're done and poof, all gone (usually/sort of)
[18:35] <patdk-wk> I always poof the server :)
[18:35] <qman__> yeah, never run tests on a tainted server
[18:35] <qman__> the results won't be consistent
[18:35] <Tohuw> Unless you're replicating a tainted server environment you can't control ;)
[18:36] <patdk-wk> I wish these would install on ubuntu though
[18:36] <patdk-wk> http://www.percona.com/software/
[18:36] <patdk-wk> the mysql from there, really has issues with ubuntu
[18:36] <Tohuw> So many clients I have had the "pleasure" of working with are utterly horrified at the thought of actually rebuilding their server
[18:36] <patdk-wk> I can't install anything that uses mysql, after I install that, or ubuntu attempts to wipe it out
[18:37] <qman__> right, but you should make a copy of the server to mess with
[18:37] <qman__> not just mess with it
[18:37] <Tohuw> qman__: oh, I never test on production boxes themselves
[18:37] <patdk-wk> vm's are nice for that
[18:37] <Tohuw> I'm just saying, if you're going to run several very quick tests on relatively non-related software, you can just purge
[18:37] <patdk-wk> mirror production box
[18:37] <Tohuw> yes
[18:37] <patdk-wk> test :)
[18:38] <Tohuw> I'm transitioning our web and app server environments to Ubuntu Cloud servers. I'm in love
[18:38] <Tohuw> clone, clone, clone, destroy
[18:38] <Tohuw> whoosh
[18:39] <Tohuw> I remember when "virtualization" was what you did to "cluster". Right before "giving up" or "crying" or "getting seriously inebriated"
[18:40] <Tohuw> I think the worst setup I ever partook in was a clustered Exchange 4.x server. Suffice it to say the hostname of the dev boxen it was being tested on were clusterf***1 through clusterf****4 for a reason
[18:41] <patdk-wk> heh, oviously not exchange 2007 :)
[18:41] <patdk-wk> you need atleast 8 box's
[18:42] <Tohuw> and a small orbital space station
[18:42] <patdk-wk> I have a large postfix cluster
[18:42] <patdk-wk> then I have a small postfix cluster in front of exhcnage 2007
[18:43] <patdk-wk> I don't trust exchange to protect exchange
[18:43] <Tohuw> I don't trust exchange to exchange exchange
[18:44] <patdk-wk> I haven't had issues with exchange, only with outlook screwing u pthe mailbox's
[18:45] <Tohuw> Outlook is worse than exchange. I'd rather troubleshoot and work with Exchange than Outlook anyday
[18:45] <Tohuw> I despise Outlook
[18:46] <Tohuw> Okay back to working. Thanks for the help, as always
[19:06] <resno> im intersting in setting postfix for my offce to use for outgoing mail. how complicated is the setup?
[19:08] <patdk-wk> it can be as easy or complex as you want :)
[19:08] <patdk-wk> I've done them in <1hour, and some >3days
[19:09] <resno> i just want the office to be able to send emails through it
[19:09] <patdk-wk> the only real issue for using it for outgoing mail would be setting up your dns (forward and reverse) and spf records up correctly
[19:09] <resno> i found a tut and im going to try it out
[19:10] <resno> this coming from an office server with no domain, should it still work?
[19:11] <patdk-wk> nope
[19:11] <patdk-wk> unless you set it up to use a smarthost
[19:11] <patdk-wk> outgoing email servers must have proper manners, or no one on the internet will accept email from you :)
[19:11] <resno> then i would need to forward the emails through another machine essentially
[19:12] <qman__> I think anyone who has had to spend days recovering and merging PST files hates outlook
[19:12] <patdk-wk> qman, my boss has 26gigs of pst's :)
[19:12] <patdk-wk> all active and in use
[19:13] <qman__> yeah, my uncle is in a similar situation
[19:13] <qman__> over 20 gigs, had a hard drive fail
[19:13] <qman__> sent it to a place which recovered the files
[19:13] <qman__> but then he had another 2-3 gigs of new PST files
[19:13] <qman__> and wanted them merged together
[19:14] <patdk-wk> ya, I do that about once a year, just to *clean* the pst
[19:14] <trimeta> Interesting question: Is it possible to configure ssh such that a certain user can only log in if the remote computer is in a specified subnet?
[19:15] <Daviey> hggdh: New snapshot landing in the archive shortly
[19:15] <Daviey> (not ppa)
[19:15] <qman__> trimeta, you can firewall it, but not based on the user
[19:15] <patdk-wk> I think new ssh lets you, dunno if the lucid one is new enough
[19:15] <trimeta> qman__: Yea, I would like to only restrict this one user from logging in from arbitrary remote machines, not all users.
[19:16] <qman__> any particular reason for it?
[19:16] <strax> You could ask nicely ;)
[19:16] <patdk-wk> http://www.cyberciti.biz/tips/openssh-deny-or-restrict-access-to-users-and-groups.html
[19:16] <qman__> I'm thinking this could be easily solved by using keys instead of passwords for that user
[19:16] <patdk-wk> oh wait, that isn'tby ip :)
[19:17] <trimeta> The main reason is that I've got a relatively insecure account that I want my father to be able to use from the local subnet, but which can't be accessed from the wider internet. But there are other, more secure accounts on the system I do want to access from the internet.
[19:17] <qman__> yeah, that's easily solved with key-based authentication
[19:18] <qman__> just put the key on computers you want to give access
[19:18] <hggdh> Daviey: ack
[19:18] <trimeta> It would be, if I could teach him how to use keys...he's got WinSCP and PuTTY as his access programs.
[19:18] <qman__> nothing to teach, you just set it up once
[19:19] <qman__> the other good solution I know of is to use two different SSH servers
[19:21] <strax> You can set up PuTTy to automatically use a key, just save a "profile" or whatever Putty calls it
[19:22] <strax> And WinSCP just uses Putty
[19:22] <trimeta> Not the same install of PuTTY, though.
[19:23] <strax> What do you mean?
[19:23] <qman__> just use pagent
[19:23] <trimeta> Whatever, I'm going to try messing with /etc/ssh/sshd_config and see if that works.
[19:24] <qman__> there's nothing to do with subnets there, that's out of the scope
[19:24] <strax> In fact, using a key makes it even easier for your father since then he doesn't have to type a password
[19:24] <trimeta> Apparently not: the AllowUsers directive lets me say user@host.
[19:24] <qman__> that's not subnets
[19:26] <trimeta> Where"host" can be of the form "192.168.*"
[19:26] <trimeta> And I just tested it and it worked; from a remote machine, it wouldn't let me log in even if I used the right password.
[19:30] <trimeta> Anyway, thanks for the advice guys, even if I ended up going a different path.
[19:48] <regius> I wonder if this is possible? I'm trying with dhcp-helper but I have a problem getting ip on server:eth1 http://img153.imageshack.us/img153/5623/iprelay.jpg
[19:58] <Iceman_B> regius: personally, I cant make heads or tails out of your diagram
[19:58] <Iceman_B> maybe its be though
[19:58] <Iceman_B> *me
[19:58] <Iceman_B> im usually big on diagrams
[19:59] <regius> I want a computer between my home router and my isp
[19:59] <regius> It is named server in the diagram
[19:59] <regius> The eth* beside the boxes are interface names
[20:00] <regius> and the boxes are computers
[20:00] <Iceman_B> yeah, I gathtered that much
[20:00] <Iceman_B> but what you are trying to accomplish, I didnt
[20:01] <regius> I want a "transparent" computer infront of my home router
[20:02] <regius> so my server will have a internet friendly adress, and my home router will altso have a internet friendly address
[20:02] <Iceman_B> IANA network wizard, but this sounds to me like you would typically need 2 public IP adresses
[20:03] <Iceman_B> one for your router and one for the transparent machine
[20:03] <Iceman_B> but I assume you want both to share the same ip ?
[20:03] <regius> I think so to
[20:03] <regius> No I want two different ip:s
[20:03] <Iceman_B> oh
[20:03] <Iceman_B> then call your ISP
[20:03] <regius> My ISP will grant 5 public ip
[20:03] <Iceman_B> okay, so thats covered
[20:04] <arrrghhh> regius, you'll need a switch before your router (sorry to jump in if that's already been addressed)
[20:04] <regius> arrrghhh: okey, why?
[20:04] <Iceman_B> really? I mean, if 2 different MAC's request a DHCP lease with his ISP, he should get 2 back, no ?
[20:05] <arrrghhh> well that depends
[20:05] <arrrghhh> what is your edge device
[20:05] <arrrghhh> cable modem?  dsl router?
[20:05] <regius> A computer
[20:06] <arrrghhh> your edge device is a computer...?
[20:06] <regius> My brand new fit-pc2i :-)(
[20:06] <regius> :-)
[20:06] <arrrghhh> so it's a T1?  what?
[20:06] <regius> Yes
[20:06] <regius> RJ45 connection in to my flat
[20:06] <arrrghhh> ok what does that T1 land on?  it goes directly into a computer?
[20:06] <regius> Yes
[20:06] <arrrghhh> ok, this computer... how many ethernet ports are on it?
[20:06] <regius> 2
[20:07] <arrrghhh> well then it should work
[20:07] <arrrghhh> uhm.
[20:07] <arrrghhh> wait
[20:07] <arrrghhh> nvm, it won't work.  you need another nic.
[20:07] <regius> So i tought I need 3 public ip
[20:07] <regius> 2 on the edge device, and one on the home router
[20:08] <Iceman_B> you need 1 IP per device that you want visible on the internet, and you need to make sure that all requests are sent to your ISP, instead of any device on your network
[20:08] <arrrghhh> well your edge router only has 2 nics.  one nic is consumed from the connection coming in, so you only have one NIC out.  therefore you can only hoook up your router or server.
[20:08] <regius> Right now I'm trying to do a dhcp-relay local on the edge device
[20:08] <arrrghhh> i'd just put a switch on that T1 coming into your flat
[20:09] <regius> True
[20:09] <arrrghhh> get a little 4-port switch.  problem solved, anything going into that switch will get its own public IP
[20:10] <regius> Maybe that's the best way... But still can I have do a dhcp request on eth1 for the interface eth0
[20:10] <maswan> arrrghhh: rj45 sounds like ethernet, not t1
[20:10] <arrrghhh> maswan, the plug is the same... the only difference is the shielding on the cable...
[20:10] <arrrghhh> you're splitting hairs
[20:10] <Iceman_B> my hairs are splitting too :(
[20:11] <arrrghhh> lol
[20:12] <regius> It is a bit expensive with a gigabit switch
[20:12] <arrrghhh> regius, is your bandwidth from your provider that high?
[20:12] <regius> Is it not possible to fix this with some dhcp-relays
[20:12] <arrrghhh> no clue
[20:12] <arrrghhh> never done it before
[20:12] <regius> No but I wan't gigabit between my home network and the server
[20:13] <arrrghhh> regius, so wait... where is your LAN?  on the router?
[20:13] <regius> yes
[20:14] <arrrghhh> then that's where your bottleneck would be.  is that gigabit?
[20:14] <regius> yes
[20:14] <arrrghhh> then you wouldn't have to worry about the switch
[20:14] <arrrghhh> it would only switch traffic going out to the internet
[20:15] <arrrghhh> assuming you landed that rj45 plug into your flat in that switch
[20:15] <regius> no the internet connection are comming in to the server with 2 interfaces
[20:16] <arrrghhh> yes, i'm talking about putting a switch in front of that.
[20:16] <arrrghhh> so you can have more public IPs
[20:16] <arrrghhh> is that not what you're trying to do?!?!
[20:16] <hallyn> jdstrand: plans on libvirt 0.8.2 or 0.8.3 merge?  Do you have time for that?
[20:16] <regius> yes but without buying new hardware :-)
[20:16] <jdstrand> hallyn: I will be working on it this week
[20:17] <jdstrand> hallyn: Daviey asked about that last week
[20:17] <hallyn> jdstrand: awesome, thanks
[20:17] <jdstrand> it will be 0.8.3
[20:17] <arrrghhh> regius, well i'm not sure then.  either you add another nic to your edge device, or get a switch.  i'm not sure how else to solve it.  not saying there isn't a way, i just don't know it ;)
[20:18] <regius> Why would I need 3 nic:s? 1 for internet and one for the router
[20:18] <hallyn> jdstrand: cool - between that and 0.12.5 kvm, we'll see if we get teh fast vm saves now!
[20:19] <arrrghhh> regius, i thought you had another device that needed a public ip.  you're not being very clear...
[20:19] <regius> Sorry
[20:19] <maswan> arrrghhh: not really, the end equipment is very different
[20:19] <maswan> arrrghhh: plugging in a t1 into an ethernet switch won't do much good
[20:19] <maswan> also, a t1 is horribly slow
[20:20] <regius> I guessed that the edge device needed 2 public ip:s and my router 1 public ip
[20:20] <arrrghhh> maswan, again, splitting hairs.  if it's going directly into his server, it'll probably work on a switch.  it's probably not an actual t1, probably metro ethernet or something like that.
[20:20] <maswan> arrrghhh: if it is going to his server, it's definately not a t1
[20:21] <regius> It's a 10/10 connection
[20:21] <arrrghhh> maswan, agreed.
[20:21] <arrrghhh> but that's not really the problem here!
[20:22] <arrrghhh> perhaps i'm just not understanding.
[20:22] <regius> I have activated ip forward on the server and right now I'm trying relaying the dhcp request with dhcp-helper -b eth0 -i eth1 -d
[20:22] <regius> I thing I'm doing a pore job explaining :-(
[20:23] <arrrghhh> ok wait'
[20:23] <arrrghhh> let's start at square one
[20:23] <arrrghhh> you're paying your ISP for 5 public IP addresses, correct?
[20:23] <regius> Yes
[20:23] <regius> (or it's included for everyone)
[20:23] <arrrghhh> those public IPs, are they static?
[20:23] <regius> No
[20:23] <arrrghhh> i would hope so
[20:23] <arrrghhh> ouch.
[20:24] <arrrghhh> well, that changes things and i can see why you're running into a roadblock now.
[20:24] <maswan> regius: What I'd do is get a small cheap ethernet switch and put that first, then plug the rest into that. If you really need the machines behind eachother, that's more difficult.
[20:24] <arrrghhh> put a switch in front of your PE device :P  lol that's the easiest.
[20:25] <maswan> Otherwise, hm, look into bridging between the internal and external interfaces, I think would be the terminology to search for
[20:25] <regius> True that would be easy
[20:25] <maswan> basically making the server act as a switch
[20:26] <arrrghhh> i'm just not sure how to pass the dhcp requests past your server.
[20:26] <maswan> because it needs to forward stuff, even though the upstreams network won't see it as a router for your other IPs, etc.
[20:26] <regius> I found dhcp-helper
[20:26] <maswan> even then, I'm not sure it'll work
[20:26] <Johnnyx> huh anyone with problems with postfix? with running it?
[20:26] <maswan> Johnnyx: works fine for me, usually
[20:27] <maswan> Johnnyx: but then I don't have any complex configuration, just to send the cron mails off to me, etc.
[20:27] <regius> It's look's like it can forward broadcast packages to a specific dhcp server
[20:27] <maswan> regius: yeah, but after that you also need to manage to grab and forward all the rest of the unicast traffic too
[20:28] <maswan> regius: which means the server has to appear to the upsterams network as having all those IPs
[20:28] <regius> ipforward?
[20:28] <Johnnyx> i've installed it and its not running.. when i start it /etc/init.d/postfix start it says starting ... OK
[20:28] <Johnnyx> but when i try postfix status it says system is not running
[20:28] <lamont> what does /var/log/mail.log say?
[20:28] <maswan> regius: that only solves part of th eproblem
[20:29] <maswan> regius: that's shifting the packets from eth0 to eth1, making your ISPs switch/router send them to your eth0 is also an issue
[20:29] <Johnnyx> hash map access missing map file /etc/mail/access.db .... i have no idea why...
[20:30] <Johnnyx> and in log
[20:30] <Johnnyx> reject=451 4.3.0 temporary system failure
[20:31] <regius> Thanks all for trying! I'm giving up :-) and buy a switch insted
[20:31] <maswan> regius: Anyway, a good start would finding a guide on setting up bridging and experimenting with that. I've never done that outside of the virtualisation world though. It is a tricky thing to do. And yes, that's what I'd do too, even if it can theoretically be done. :)
[20:31] <maswan> ...
[20:34] <Johnnyx> lamont: any suggestions?
[20:52] <Egonis> I'm absolutely fed up with Windows Server, and want to use Ubuntu Server in its place... I tried to restore my Exchange mailboxes from backup, and it caused a STOP error on a fresh install... I'm in the process of switching to Lotus Domino, and really want to run that on Ubuntu Server, however our accounting software requires windows to operate -- is there a safe and clean way to run Windows Server 2008 in a Virtual Machine on U
[20:52] <Egonis> buntu?
[20:53] <_ruben> Johnnyx: sudo postmap /etc/mail/access
[20:56] <lau> according to pdns-doc 2.9.21-5ubuntu1.1 there is a testing mode /etc/init.d/pdns monitor for pdnsd
[20:56] <alvin> Egonis: I do that on some ubuntu servers. (KVM) It works but the downside is that you will have a lot of performance loss. There are no virtio drivers for Windows 2008, so don't expect good I/O
[20:57] <patdk-wk> heh?
[20:57] <patdk-wk> pdns != pdnsd
[20:57] <Egonis> alvin: It would be for a Pervasive (BTRIEVE) Database, and nothing more. The trouble is, the accounting software company won't support anything but their very precise configuration (even Server 2008 wasn't supported until weeks ago)
[20:57] <patdk-wk> pdnsd is a completely different, unlreated program
[20:57] <Johnnyx> hmm
[20:57] <Johnnyx> _ruben: do you know what this could mean
[20:57] <Johnnyx> postmap: warning: /etc/mail/access, line 105: record is in "key: value" format; is this an alias file?
[20:58] <alvin> Egonis: It might work, I use it for small databases too, but only when performance is not important. I hear you can buy signed drivers from Red Hat, but Canonical doesn't offer those for sale.
[20:58] <alvin> The source is there, but you'll have to sign them yourself. If I have the time, I'll look into that. Doesn't look easy on first sight.
[20:58] <Egonis> alvin: thanks for the info
[21:00] <alvin> There is a Brainstorm idea for that: http://brainstorm.ubuntu.com/idea/24582/
[21:13] <lau> thx patdk-wk
[21:24] <lamont> Johnnyx: postmap hash:/etc/mail/aliases
[21:25] <lamont> Johnnyx: postalias hash:/etc/mail/aliases <-- actually
[21:31] <hggdh> Daviey: you just put out r1225, correct?
[21:35] <trimeta> I'm worried that the bind server I have set up on my machine isn't actually caching DNS results...running dig on a new address two times in a row doesn't result in reduced query times.
[21:35] <trimeta> How can I check if I'm actually caching, and make sure that it does cache if it isn't currently?
[21:35] <Daviey> hggdh: correct, in the archive
[21:39]  * RoyK rewrites his PHP code to Fortran
[21:40] <patdk-wk> trimeta, do a lookup for like, www.google.com
[21:40] <patdk-wk> then disconnect your internet cable
[21:40] <patdk-wk> and try again :)
[21:40] <patdk-wk> or you could have done a tcpdump on your internet connection and parse the results
[23:17] <mike1> anyone help with squid proxy for a server / not forwarding internet to lan....
[23:23] <mike1> anyone help with squid proxy for a server / not forwarding internet to lan....
[23:24] <SpamapS> mike1: how are you connecting to the proxy?
[23:28] <mike1> SpamapS:  The set is as follows.   Modem to eth0 on server/proxy eth1 to lan
[23:29] <mike1> I'm online throug the server right now (using ascII and lynx :)
[23:30] <SpamapS> mike1: so then what is your question?
[23:30] <mike1> I'm not getting the internet on my lan...  I'm ssh'ing into the server to get out.  packets aren't being forwarded
[23:30] <mike1> I'm guessing squid.conf isn't correct.
[23:31] <SpamapS> AH
[23:31] <SpamapS> well squid is really just for HTTP
[23:31] <SpamapS> it doesn't "forward packets"
[23:31] <mike1> <-- dummy using wrong terms sorry
[23:32] <SpamapS> Please do not self deprecate. ;)
[23:32] <mike1> ok done with that, but what I am missing.  is it something in /etc/squid/squid.conf
[23:33] <SpamapS> mike1: you may find some answers here https://help.ubuntu.com/10.04/serverguide/C/firewall.html
[23:33] <SpamapS> mike1: what you probably want is IP masquerading.
[23:35] <mike1> SpamapS:  i'll read up a bit, hope you around for a few ! thanks