[00:02] <arrrghhh> so i've mounted a nfs share at /tmp, but not i can't umount it.  says device is busy - probably because it's /tmp... i can't even umount it with -f, what else can i do?
[00:06] <patdk-lap> kill any programs using /tmp :)
[00:07] <arrrghhh> patdk-lap, none should be at present...
[00:08] <patdk-lap> verify with lsof?
[00:08] <arrrghhh> i just did...and there are some .nfs files open
[00:08] <arrrghhh> from .python.b
[00:09] <arrrghhh> how do i know what process to kill tho?
[00:13] <arrrghhh> patdk-lap, i can't kill all of the .python.bin processes...
[00:23] <patdk-lap> reboot? :)
[00:24] <arrrghhh> hahaha
[00:24] <arrrghhh> yea i guess so
[00:24] <arrrghhh> this is a 'production' server so i was hoping to avoid that...
[00:25] <patdk-lap> heh
[02:47] <rcsheets> Standard Cloud Add-On - 1 Year: $350.01
[02:55] <rasengan> Anyone have an issue with pptpd GRE+ppp checksum errors?
[03:06] <mewsic> trying to setup vsftpd. can anyone help?
[03:14] <mewsic> help with server
[03:18] <mase_wk> mewsic: sure we are in here to help, but you need to provide us with specific problems that your having
[05:02] <MikeGuo> hi,
[05:02] <MikeGuo> everyone. I got a UEC issue.
[05:02] <MikeGuo> I can't register my node.
[05:02] <twb> !ask
[05:02] <MikeGuo> and I found people have same problem with me.
[05:02] <MikeGuo> there is bug:https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/598186
[05:03] <MikeGuo> is there other people got this issue too?
[05:03] <MikeGuo> thanks
[07:13] <alex88> what is file /proc/user_beancounters? and where are the current values of that things?
[07:16] <twb> alex88: it's OpenVZ's exposure of resource limitations stats
[07:18] <alex88> twb: thank you, but there are the limits..where i can see the current values? i have some fails in tcprcvbuf and tcpsndbuf
[07:21] <twb> The limits are configured in /etc/vz/conf/N.conf
[07:25] <alex88> is anything i can do with those buffers? i just download from my home when i get those errors
[07:29] <twb> alex88: ask #openvz.  I don't really feel like dealing with openvz stuff.
[07:31] <alex88> oh...sorry :) thank you
[07:59] <WalterN> for some reason apache is not saving the log files...
[08:00] <\sh> WalterN: hmm? elaborate? :)
[08:00] <WalterN> using the same configuration as with 9.10
[08:00] <WalterN> with virtual hosts
[08:00] <binBASH> moin
[08:00] <\sh> hey binBASH
[08:00] <WalterN> hmm.. lemme pastebin the config file
[08:00] <binBASH> Hi \sh ;)
[08:01] <alex88> paste somewhere :)
[08:01] <demon1981> hi all)) how I can determin frequency of my graphic card on my 10.04 without X server?
[08:02] <alex88> demon1981: look at manifacturer specs :)
[08:03] <demon1981> alex88: I dont know what video card I use:)
[08:03] <alex88> lspci?
[08:04] <WalterN> http://pastebin.com/gq8THFcV
[08:04] <WalterN> where pool is a RAID5
[08:05] <WalterN> it worked fine is 9.10 and on a single disk (didnt have RAID st up at the time)
[08:05] <alex88> WalterN: tried /var/log/apache2/error.log?
[08:05] <alex88> it shows startup errors
[08:06] <WalterN> checking
[08:07] <demon1981> I have that in dmesg
[08:07] <demon1981> [    4.702355] [drm] nouveau 0000:02:00.0: Detected an NV50 generation card (0x0a5000a2)
[08:07] <demon1981> may be its nvidia
[08:07] <demon1981> how I can determ model of card?
[08:08] <alex88> demon1981: i told lspci not dmesg
[08:08] <demon1981> ups
[08:08] <WalterN> alex88: oh, it says it cant open /media/pool/website/error_jewelcreekkennels.com.log. Unable to open logs
[08:09] <alex88> WalterN: look why..can you access with root?
[08:09] <alex88> like touch /media/pool/website/error_jewelcreekkennels.com.log
[08:09] <alex88> look also at fstab permissions for the drive
[08:11] <WalterN> I chowned the drive I thought
[08:11] <WalterN> maybe I should have -R ?
[08:11] <alex88> sure
[08:17] <WalterN> heh, that did it
[08:17] <demon1981> my card is GeForce 02:00.0 VGA compatible controller: nVidia Corporation GT216 [GeForce GT 220] (rev a2) very likely driver nouveau is used. How I can determine the frequency of output signal?
[08:17] <WalterN> strange though, why would I need to own the directory that its saving the log to?
[08:18] <WalterN> not sure who the owner was before, but could save anything I wanted before
[08:20] <WalterN> hmm, since I'm talking about it, what is a good website log viewer/analyzer thingy program?
[08:21] <\sh> webalizer / awstats / analog /modlogan it depends on your needs
[08:22] <WalterN> hobby server
[08:22] <\sh> webalizer
[08:22] <WalterN> as in, I dont know what I need :P
[08:23] <alex88> demon1981: you main monitor refresh?
[08:23] <alex88> WalterN: no, that not important...btw try to set log to debug in apache.conf, or ask in #httpd :)
[08:23] <alex88> gtg now
[08:27] <soulstar> hi, I'm having a problem setting up a router
[08:27] <soulstar> can anyone help?
[08:28] <WalterN> soloslinger: what kind of router, and for what?
[08:29] <soulstar> i'm setting up my computer to serve as a linux router
[08:29] <soulstar> i have ubuntu 10.04 installed
[08:30] <WalterN> oh, donno XD
[08:30] <WalterN> I could help with dd-wrt though :)
[08:30] <WalterN> which is not what you are using or want to use, so nevermind
[08:31] <soulstar> I'm using openwrt on my wireless routers...
[08:31] <soulstar> which I don't have a problem with
[08:36] <eagles|work> hey guys
[08:36] <eagles|work> my question is this.
[08:36] <alex88> soulstar: what you want to have?gateway?
[08:37] <eagles|work> i have  my modem connected to a router and the router is getting dos'd is it possible to black list the ips on my server so they cant flood the server again?
[08:37] <alex88> eagles|work: you have firewall? how are you'r linux skills?
[08:37] <qman__> eagles|work, yes, but it's even easier/better to use iptables recent
[08:38] <qman__> it'll dynamically block addresses that are spamming
[08:38] <eagles|work> qman__:  and alex88 i have iptables setup
[08:38] <eagles|work> would you like a pastebin of the iptables -L output
[08:38] <alex88> i use csf, and is awesome for ddos, bruteforces etc
[08:38] <alex88> try it
[08:39] <qman__> http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/
[08:39] <eagles|work> i have in the past but had mixed feelings about it
[08:39] <qman__> that example is for ssh, but can be used for any type of traffic
[08:40] <qman__> it'll significantly reduce the impact of the DoS while not cutting off service entirely
[08:40] <alex88> eagles|work: i've always been fine with that..
[08:41] <eagles|work> qman__: someone pointed out somethign valid though even though the server is secured the router and my incoming connection will still be getting flodded
[08:42] <qman__> eagles|work, the way this works is, the server will simply drop packets being spammed in
[08:42] <qman__> so the DoS would have to have so many resources that only the single incoming SYN packets can max your line
[08:42] <qman__> and if that's the case, there's nothing you can do about it
[08:42] <eagles|work> ya im in the process of setting up another server as a dedicated firewall
[08:43] <eagles|work> qman__: would snort help mitigate those kinds of attacks or not really
[08:43] <qman__> no
[08:43] <qman__> snort is an IDS, it has no effect on this sort of thing
[08:43] <qman__> it will simply tell you what is happening
[08:43] <eagles|work> ok
[08:44] <qman__> if the attacker can flood your line with SYN packets, there's nothing you can do on your end
[08:44] <qman__> contact your ISP
[08:44] <qman__> see if they can help
[08:45] <qman__> but, if they're only succeeding with the full handshake, a proper firewall will reduce the impact
[08:45] <WalterN> I should set up email sometime soon
[08:46] <eagles|work> qman__: im getting flooded with udp packets
[08:47] <qman__> eagles|work, is your server dropping them, or rejecting?
[08:47] <qman__> dropping is what you should be doing
[08:47] <alex88> reject will just generate more traffic
[08:47] <qman__> and if you are, that's all you can do
[08:47] <eagles|work> qman__: i have a router in between the outside and server
[08:47] <qman__> irrelevant
[08:48] <alex88> if the router can handle all the packets
[08:48] <eagles|work> and the router is just stopping the floods
[08:48] <qman__> well, it doesn't really matter where the packets are getting dropped, as long as they're getting dropped, and not rejected
[08:48] <qman__> that's all that can be done from your end
[08:48] <eagles|work> ya
[08:49] <mase_wk> thats not exactly true, if you can get someone else upstream to drop them for you :)
[08:49] <eagles|work> hehe
[08:49] <qman__> exactly my point, nothing else can be done on his end of the line
[08:49] <eagles|work> well i am in the process of setting up a dedicated firewall machien with 2 nic's
[08:49] <qman__> call the ISP, get them to help
[08:49] <mase_wk> yeh
[08:49] <mase_wk> or get the ip address, fly to their location and punch em in the face
[08:49] <eagles|work> ya i am waiting to get an email back with contact number
[08:50] <WalterN> meh
[08:51] <WalterN> just launch ICBM with IP seeker firmware installed
[08:51] <WalterN> make sure its not pointing to lo ;)
[08:52] <qman__> only two approaches there, get the ISP to drop the packets, or give you a fatter pipe
[08:52] <twb> IP address doesn't incidate elevation, which is critical for a targeted ICBM strike
[08:52] <twb> *indicate
[08:52] <mase_wk> qman__: i get hundreds of emails a day offering me a fatter pipe... =)
[08:52] <WalterN> twb: a contact fuse would work, though yeah.. elivation would make it more ideal :P
[08:53] <WalterN> elevation*
[08:53] <eagles|work> qman__: whats funnier if you look at the internal ip which is assigned by router dhcp
[08:53] <eagles|work> the ip they are attacking is the ip of my laptop
[08:54] <twb> So, fun fact that I learned today
[08:54] <twb> If localhost doesn't resolve, hardy won't enable NFSv3
[08:55] <twb> It'll silently fall back to NFSv2
[08:55] <eagles|work> i have another question related to this if im setting up a firewall machine that will take the incoming connection on one nic route it to the 2nd nic and the internal network
[08:56] <eagles|work> do i need to put the proxy on the server hosting the website or on the firewall server?
[08:56] <twb> "routing" isn't done by a firewall
[08:57] <eagles|work> twb: i know but one of the nic cards in this other machine will be directly connected to the external connection
[08:57] <eagles|work> the other to the internal network
[08:57] <eagles|work> my question is more on which machine should the proxy be
[08:57] <eagles|work> the one that has the firewall
[08:57] <eagles|work> or the server on the internal network
[08:57] <twb> proxy for what?
[08:58] <eagles|work> web proxy
[08:58] <eagles|work> like squid
[08:58] <eagles|work> as well as i want to provide some content filtering
[08:59] <twb> If you're masquerading and not using -j TPROXY or -j DNAT, you'll need a proxy on the masquerading device.
[08:59] <eagles|work> !masquerading | eagles|work
[08:59] <twb> Er, that is, for exposing a local service to the internet.
[08:59] <eagles|work> gotcha
[09:00] <twb> If you're just talking about providing a conventional caching HTTP proxy to browsers on the local network, squid can be deployed anywhere
[09:00] <eagles|work> twb: this is going to need to be on the masquerading device as its also access by people on the outsdie
[09:00] <eagles|work> would content filtering go on the masquerading device too
[09:01] <twb> Filtering of what content, from whom?
[09:01] <eagles|work> twb: like porno graphic content etc
[09:02] <eagles|work> from the internal network
[09:02] <eagles|work> im at a clinic and im working on providing wifi to the whole place
[09:02] <eagles|work> wifi with content filtering
[09:02] <eagles|work> btw qman__ if your interested this is the router security log http://pastebin.com/Yhzg3wWx
[09:03] <twb> Unless you're operating a "default deny" policy, you won't block pornography.
[09:03] <eagles|work> not even if i use dansguardian
[09:04] <twb> Let me rephrase: you won't block ALL pornography.
[09:04] <eagles|work> its better most then nothing
[09:05] <twb> Well, I can't comment on "most", but if that's your position then by all means adopt a "defalt allow" and a blacklist.
[09:05] <eagles|work> arent there some web based content filter where you tell the filter certain keywords are blocked etc
[09:06] <qman__> yes, but they're quite terrible and only marginally effective
[09:06] <qman__> nothing wrong with the software itself, the idea is flawed
[09:06] <eagles|work> ok
[09:07] <qman__> whitelisting is the only truly effective way
[09:07] <eagles|work> ok but using what something like dansguardian
[09:08] <twb> AFAIK dansguardian is just a blacklist and a squid hook.
[09:11] <eagles|work> twb: ok
[09:11] <eagles|work> and i officially hate my isp
[09:11] <eagles|work> they giving me the whole rubbish of they cant ddo anything
[09:11] <eagles|work> and only thing i can do is on my end with a firewall
[09:11] <eagles|work> and if they continue to contact the police
[09:13] <twb> qman__: the other one that screwed me at a prison was that they whitelisted google --- which happens to include all google's "cached page" pagse
[09:13] <qman__> yeah...you need to be a lot more specific than that
[09:14] <twb> Really the problem is the prison staff can be... not too bright
[09:49] <huats> morning
[09:55] <eagles|work> hey guys is it possible for a multicast to flood a connection?
[10:06] <froud> dual nic. eth0 and eth1. eth0 connects to public internet. eth1 connects to GSM router. GSM router has Port Forwarding to eth1. eth0 has a gw defined, eth1 does not. ip_forwarding is enabled. If I ping eth1 from the GSM network I get answer,.if I ping eth1 from the GSM network I get no answer. Anyone good with routing that can help?
[10:06] <_ruben> woah .. rereads it a couple of times
[10:06] <froud> lol
[10:07] <_ruben> how about a nice diagram? ;)
[10:07] <eagles|work> froud: you have a router involved in ur setup
[10:07] <eagles|work> and u want one nic directly on the internet right
[10:07] <froud> eagles|work: yes eth0 is on the internet
[10:08] <froud> eth1 connected to a BR970 GSM router
[10:08] <_ruben> weit .. your message is wrong: you're saying that pinging eth1 from GSM network does both work and not work
[10:08] <eagles|work> well u could connect eth0 to the router
[10:08] <_ruben> s/weit/wait/
[10:08] <eagles|work> but then put eth0 on the dmz of the router directly exposing it to the net that way
[10:08] <_ruben> and also quite importantly: what are trying to achieve?
[10:09] <froud> okay here goes slowly
[10:09] <froud> eth0 <-> eth1 <-> GSM
[10:09] <froud> eth0 is public and available
[10:09] <froud> I can ping it
[10:10] <eagles|work> froud: you want to route traffic from 0 to 1
[10:10] <froud> eth1 is connected to a switch port on the GSM router
[10:10] <eagles|work> froud: man route btw might help
[10:10] <froud> GSM router SIM gets IP 10.0.0.1
[10:10] <froud> Eth1 got 192.168.1.2
[10:11] <eagles|work> you are on entierly different subnets for one
[10:11] <froud> On GSM host at 10.0.0.3 I can ping 10.0.0.1
[10:11] <froud> but I cannot reach 192.168.1.2
[10:11] <eagles|work> eth1 needs lets say 10.0.0.0.4 for example
[10:11] <eagles|work> froud: the ip is on a differrent network segment all together
[10:11] <eagles|work> brb from laptop
[10:11] <froud> eagles|work: yes but the subnets are joined by router GSM
[10:12] <froud> eth1[192.168.1.2] - GSM ROUTER - 10.0.0.1
[10:13] <eagles0513875> back
[10:13]  * eagles0513875 shakes head froudeth1 has to be a 10.0.0. ip though
[10:14] <froud> eagles0513875: why the B970 does routing
[10:15] <froud> If I route add default gw 192.168.1.2 to the server I can ping eth1
[10:15] <froud> from 10.0.0.3
[10:15] <_ruben> does the gsm router have a router for 192.168.1. network and does your machine have a route for the 10.0.0. network ?
[10:15] <froud> but then I will lose the eth0
[10:15] <eagles0513875> humm
[10:15] <_ruben> have a route meant
[10:15] <_ruben> i meant
[10:16] <_ruben> geesh, must be friday
[10:16] <froud> _ruben: default admin interface of router is 192.168.1.1
[10:17] <froud> I think what I need to do is add some route that will send traffic detined for 10.0.0.0 via eth1 and not eth0
[10:17] <froud> but I am not sure how
[10:17] <froud> my route knowledge is not that good :-)
[10:17] <_ruben> ip route add 10.0.0.0/24 via 192.168.1.1 dev eth1
[10:19] <froud> invalid argument
[10:23]  * froud goes to pastebin
[10:29] <alex88> oh..is there a ip command? i've always use route directly..
[10:30] <oCean_> ip is from 'iproute2', you could even add additional routing tables/rules
[10:30] <alex88> oCean_: i've seen the help..is a more complete command including also route
[10:31] <alex88> if i've seen right
[10:31] <froud> _ruben: http://pastebin.com/gdX2tUXn
[10:31] <froud> eagles0513875: http://pastebin.com/gdX2tUXn
[10:31]  * froud needs to step away for 5 mins, nature, brb
[10:40] <AlexC_> morning
[10:40] <AlexC_> when setting up a chroot for SSH, it all seems very, very mesy. I mean - what happens when updates come in for the files you've had to copy across into your chroot?
[10:41] <AlexC_> I can't think of any sane way for a sysadmin to monitor which files and copy the new ones over. Surely there has to be a simpiler way, such as with SSH using SFTP - you can simply use the internal-sftp and chroot users, done.
[10:42]  * eagles0513875 loves sftp so easy to setup compared to ftp
[10:42]  * froud is back
[10:43] <AlexC_> indeed, FTP shouldn't be used really - such a crap protocol. However, that's a different discussion :P
[10:44] <eagles0513875> ya sry
[10:44] <eagles0513875> never worked with a chroot much AlexC_tbh so i dunno what to tell ya
[10:44] <eagles0513875> dealing with my own issues atm here at work
[10:44] <AlexC_> it's quite shocking really that such thing is so ... complicated to do, really
[10:45] <\sh> AlexC_: why copy? hardlinking is a good way to go
[10:45] <\sh> or softlinks if that works...
[10:46] <AlexC_> \sh: hum, all guides/references that I've seen said to copy. I didn't think it was possible to link them due to the path changes
[10:47] <AlexC_> to a person not in a chroot, the links will work. But how would it work for a user in the chroot if they can't access above their chroot, which is where the real files would be
[10:48] <a_ok> is ther a known problem with logrotate in ubuntu 8.04 or am I mistaking in my configuration?
[10:48] <AlexC_> a_ok: how do we know you're making a mistake, when you tell us no problem?
[10:49] <a_ok> the files seem to be created with different rights (at random) and it does not seem to rotate daily properly
[10:50] <a_ok> AlexC_: http://pastebin.com/BXVQx3Hi
[10:51] <a_ok> AlexC_: as you can see /var/log/mail.log.6.gz modified date is wrong (checkt the content and it has entries of 1-8)
[10:52] <AlexC_> a_ok: not sure, only thing I can think of - is there another logrotate script using the same file?
[10:53] <a_ok> checked the configuration
[10:53] <a_ok> no duplicates
[10:56] <a_ok> AlexC_: there is only one logrotate installed. is there some other package that does rotating (perhaps sysklogd???)
[10:57] <a_ok> and why is there an uncompressed file called /var/log/mail.log.0 ?
[10:58] <AlexC_> a_ok: that's normal, it'll become .1.gz upon next rotate
[10:58] <AlexC_> a_ok: however, one thing - why do you want your log files writable?
[10:58] <AlexC_> 440 would do me
[10:59] <a_ok> but today its the 13th, and last change on mail.log.0 is the 8th...
[10:59] <AlexC_> ah, simple
[11:00] <AlexC_> your server has become aware it is 'Friday' and also the '13th'. Therefor, let it run wild and see what happens tomorrow
[11:00] <a_ok> lol
[11:01] <a_ok> AlexC_: don't need it writable actually in this case as syslog writes to it but its the default setting for all my logfiles
[11:01] <a_ok> be right back
[11:12] <\sh> AlexC_: regarding http://ulf.zeitform.de/de/dokumente/sshchroot.html you can use hardlinking without any problems (sorry is in german but I think google will help to translate ;))
[11:15] <AlexC_> \sh: interesting, thanks :)
[11:49] <demon1981> Hi! Where I can look for kernel boot param line in grub2?
[11:49] <a_ok> AlexC_: there are some default settings in logrotate.conf (the toplevel config file instead of stuff in logrotate.d) like a weekly rotate and keeping it for 4 weeks
[11:50] <a_ok> could that be the problem
[11:50] <a_ok> demon1981: /boot/grub/grub.cfg
[11:50] <a_ok> AlexC_: I noticed that the day's that are off are all sunday's
[11:50] <a_ok> its like it does not rotate those files
[11:51] <demon1981> a_ok: grub.cfg seems as script file. how I can compile from it result params string? is it possible?
[11:53] <a_ok> demon1981: erm its just a config file. if you scroll down a bit you should see the kernel line
[11:53] <a_ok> no compilation
[12:01] <demon1981> a_ok: I dont see here video params Where I can take those params? I want to decrease framebuffer frequency linux   /boot/vmlinuz-2.6.32-21-generic-pae root=UUID=c8b6c463-c05f-4f76-9a17-3d6d5b282d95 ro quiet initrd  /boot/initrd.img-2.6.32-21-generic-pae
[12:01] <demon1981> a_ok: this is line from /etc/grub/grub.cfg
[12:03] <a_ok> those are two lines i think
[12:04] <a_ok> you can edit the line starting with:  linux   /boot/vmlinuz-2.6.32-21-*
[12:31] <demon1981> a_ok:yes. it's 2 lines. if in kernel options we dont see video options then those options takes from other place. From what conf are they  takes? (I use nouveau framebuffer)

[12:46] <Daviey> hggdh: GOOD MORNING!
[12:46] <Daviey> hggdh: Thanks for your email last night.
[12:51] <hggdh> Daviey: Good morning
[12:53] <Daviey> hggdh: How are you this fine day?
[12:56] <hggdh> Daviey: so far I am fine... and I hope I will be able to find out what gives on the test rig
[12:57] <Daviey> hggdh: I have a PPA package enroute, but also expecting a new code drop to resolve a potential registration issue
[12:59] <hggdh> Daviey: right now I will try anything ;-)
[13:11] <Johnnyx> hey guys package dovecot-postfix contains full mailserver ready to run ? some kind of easy pack to install? am i right?
[13:28] <zul> morning
[14:15] <hggdh> hey Daviey, what was the URL for the wget on wrappers.conf?
[14:16] <hggdh> cannot find the email :-(
[14:25] <Daviey> hggdh, Ah, you are back - i just mailed you the wget line
[14:26] <hggdh> Daviey: sorry, weechat had a moment here
[14:27] <Daviey> hggdh, heh
[14:39] <jetole_> Does anyone know how I can implement watchdog on Linux / Ubuntu Server and also find a list of which watchdog hardware is supported
[14:48] <jdstrand> in order of request:
[14:50] <jdstrand> hallyn, Daviey, soren: I uploaded libvirt 0.8.3-1ubuntu1 yesterday. this morning I uploaded 0.8.3-1ubuntu2 to fix a ftbfs on armel, but I'm not planning other uploads (excepting an emergency), so have at it
[14:50] <Daviey> jdstrand, Super, i just wanted to test it - soren wanted to add a patch
[14:50] <Daviey> Thanks jdstrand !
[14:50] <jdstrand> sure :)
[14:51] <Daviey> jdstrand, Have you documented the merge?  It seemed pretty intense?
[14:51] <jdstrand> Daviey: in the changelog (as per standard practice)
[14:51] <Daviey> Good Point Well Made.
[14:52] <jdstrand> Daviey: most of those patches have comments at the top. I didn't write most of those, but tried to make them DEP-3 when I could find the history
[14:52] <Daviey> jdstrand, Ok.. thanks.. i'll read the changelog
[14:52] <jdstrand> Daviey: I also try to put in the changelog when I expect something to be able to be dropped, to help with future merges
[14:53] <Daviey> jdstrand, We'll keep you! :)
[14:53] <jdstrand> heh
[15:00] <v00lcano> guys, I have a newly installed 10.04 machine and am trying to follow this guide: https://help.ubuntu.com/community/LDAPClientAuthentication however there are looooots of inconsistencies, for example it asks to restart nscd but I have no /etc/init.d/nscd, also my /etc/libnss-ldap.conf is missing and I can't seem to find it anywhere else (updatedb && locate), I've found a libnss-ldap.conffiles in doc, but that just mentions /etc/init.d/libnss-ldap. Is
[15:01] <v00lcano> I know it's not a server-related issue, but someone in #ubuntu recommended I ask here since you guys might be more up to date on this matter
[15:16] <sherr> v00lcano: there's a libnss-ldapd package. Might be something you want. There's also a libnss-ldap package ... a bit confusing. The fisrt appears to be a fork of the second.
[15:26] <hggdh> Daviey: shouldn't eucalyptus-*-publication be stopped when you 'sudo stop eucalyptus'?
[15:27] <hggdh> Daviey: and shouldn't they be started when you (later on) 'sudo start eucalyptus'?
[15:30] <Daviey> hggdh, technically yes - i haven't tried that
[15:30] <hggdh> Daviey: before I open a bug there -- can you try it?
[15:30] <Daviey> hggdh, Hmm
[15:30] <Daviey> yes i can :)
[15:31] <Daviey> hggdh, I am prepairing an upload now btw
[15:31] <hggdh> Daviey: also, what images did you use on your tests yesterday night (rather, today very early)? Current Maverick UEC ISO?
[15:31] <hggdh> Daviey: cool!
[15:31]  * hggdh awaits happily
[15:31] <Daviey> hggdh, netboot, from archive.ubuntu.com
[15:32] <Daviey> so whatever was in the archive at that time
[15:32] <hggdh> Daviey: no, for the VM images
[15:32] <Daviey> oh..
[15:32] <Daviey> i used what was on uec-images.ubuntu.com
[15:33] <jetole> Can anyone help me out with how I configure watchdog on ubuntu server?
[15:33] <hggdh> Daviey: the dailies, then, correct?
[15:33] <Daviey> hggdh, you expect, avahi-publish -s Walrus _eucalyptus._tcp 8773 txtvers=1 protovers=1.5.0 type=walrus ipaddr=10.0.0.100 <-- to be killed?
[15:33] <hggdh> Daviey: yes indeed
[15:34] <hggdh> wy publish something that is currently dead?
[15:34] <hggdh> jetole: I never used whatdogs, sorry
[15:34] <ssureshot> any experts on load balancing here today
[15:34] <Daviey> hggdh, CLC avahi went - still waiting on Walrus
[15:34] <jetole> ssureshot: depends. Whats your question?
[15:35] <Daviey> hggdh, confirmed, walrus didn't go - this was on a CLC + Walrus box
[15:35] <Daviey> CLC did die
[15:36] <ssureshot> jetole: I have 2 servers setup and functioning with heartbeat / ldirectord all services set up that I need... My question is this.. When I turn on the backup load balancer first it doesn't transfer the server to the primary once it is turned on.. Is this normal?
[15:37] <jetole> ssureshot: what is the backup load balancer?
[15:37] <ssureshot> but if I turn the primary on first have the talking unplug primary services transfer accordingly and they transfer right back when I plug it back in
[15:37] <ssureshot> jetole: ubuntu 9.10 server
[15:38] <Daviey> hggdh, Hmm.. raise a bug - and i'll confirm it on a fresh box
[15:38] <Daviey> hggdh, Feel free to assign it to me,. and i would say Medium priority.. agree?
[15:38] <jetole> ssureshot: how are you load balancing though? Are you using ipvs, haproxy or something else?
[15:38] <ssureshot> oh ipvs
[15:38] <smoser> hallyn, around ?
[15:39] <jetole> ssureshot: I don't know. I have been meaning to switch to IPVS for a few months, I currently use HAproxy however I would ask this question in... what was that room? One sec
[15:39] <jetole> #linux-cluster
[15:39] <hggdh> Daviey: hum. Low should be fine
[15:40] <jetole> #linux-ha
[15:40] <ssureshot> jetole: awesome thank you sir
[15:40] <jetole> those two rooms are really good when it comes to IPVS
[15:40] <jetole> ssureshot: no prob
[15:40] <Daviey> hggdh, agreed
[15:42] <resno> im planning on setting up a server to play with. what is the recommended intrusion detection software? snort? munit and mungin?
[15:43] <zash> resno: I use sshguard i think
[15:43] <jetole> resno: suricata
[15:43] <aljosa> i can't find truecrypt in lucid althought there are gui tools for truecrypt available. any idea why truecrypt isn't available in lucid?
[15:44] <resno> zash: heh you think ;)
[15:44] <jetole> resno, used to be snort but afaik snort is... how do I put this? I guess snort isn't really being developed as actively anymore
[15:44] <jetole> snort 3 seems to have been on the back burner for far too long
[15:45] <resno> jetole: ah, darn out of date information :(
[15:45] <jetole> resno: suricata is a fork of snort created by The Open Information Security Foundation
[15:45] <jetole> resno: http://www.openinfosecfoundation.org/index.php/download-suricata
[15:46] <jetole> resno: actually, not a lot of people really follow snort closely enough to care so some people, in fact most people will still recommend snort
[15:46] <resno> i see. im curious to see how much of my playing will register on it, etc
[15:47] <jetole> the current snort release is 2.8.6.1 and, if I remember correctly, almost two years ago 2.8 was still being used and if I remember correctly, almost 2 years ago snort 3 was announced as the upcoming snort
[15:47] <resno> heh nice
[15:48] <jetole> resno: Well with both snort and suricata, you can always create custom rules plus some of the best rules don't come from snort. I think bleeding edge rules is the big one
[15:48] <jetole> I would use oinkmaster to download the snort rules and the bleeding edge rules and write a rule for anything you can find that doesn't register
[15:48] <resno> jetole: this mainly will detect attacks not block them right?
[15:48] <zash> resno: I thougt that was what it was called, and it was
[15:49] <jetole> resno: well that depends on you
[15:49] <jetole> both snort and suricata can be compiled as an IDS or IPS / detect or block
[15:49] <jetole> the blocking is done via NFQUEUE via netfilter and iptables
[15:49] <jetole> resno: but I would strongly recommend against blocking
[15:50] <jetole> IPS can be very dangerous
[15:50] <jetole> a false positive can block legitimate users
[15:50] <jetole> it's better to do IDS and analyze the results
[15:50] <resno> jetole: yes, ive read
[15:52] <jetole> Also, with either snort or suricata, I would recommend the unified2 format and the barnyard 2 utility
[15:52] <jetole> for front ends, you can look at BASE, Aanval or prelude prewikka
[15:53] <resno> jetole: thats quite a bit of information to get me started :)
[15:54] <kelt> what is wrong with IPS blocking legitimate users?
[15:55] <jetole> kelt: It's too much work when you can just turn the server off to block legitimate users
[15:55] <resno> lets just suppose i blocked myself, how would you get back in?
[15:55] <jetole> I find the poweroff command is quicker and easier then bothering with rules if I don't want people to access a service I am running. Plus you have the wasted time of developing and running a service that you don't want anyone to access
[15:57] <jetole> resno: afaik, the system works on a per match basis for example if you block fragmented packets and you send a fragmented packet then that packet is blocked however if you don't send a fragmented packet then it will go through
[15:57] <jetole> thats in theoreom, clearly you will have more rules then that
[15:57] <resno> oh ok
[15:57] <mathiaz> kirkland: o/
[15:57] <jetole> now if you wanted to have matches block all further attempts to connect then I would advise you look into the iptables/netfilter recent module
[15:58] <kelt> jetole: IPS only blocks "bad" things not everyone like powering off a system would do
[15:58] <jetole> for example, through iptables/netfilter, I can write a couple rules so that if I get 50 syn packets from a host in a minute then that host is blocked for an hour
[15:58] <jetole> 10:54 < kelt> what is wrong with IPS blocking legitimate users?
[15:59] <jetole> kelt: and no. An IPS blocks based on rules. If you have a rule which mis catagorizes a packet as an attack when that packet is really from a customer placing an order then you just lost a sale
[16:00] <jetole> kelt: Just to be clear, legitimate users are people who should be there. If you are wondering whats wrong with blocking people who should be there then turn your server off and save yourself the time of setting it up in the first place let alone configuring an IPS system
[16:01] <jetole> and kelt: "IPS is bad" is the widely agreed upon frame of thinking for any IT security professional in the industry. In fast in any company of the right size, you have levels of security analysts who look at records from IDS and promote it to higher levels if it is suspicious hence why they have options like that built into both free and commercial IDS systems
[16:02] <jetole> "the right size": poor choice of words on my part. I meant any company that is profitable enough that they can afford to do security analysis properly
[16:02] <jetole> bbiab: going for a smoke
[16:02] <resno> jetole: so, even with these levels of ids, fail2ban is still important?
[16:03] <kelt> jetole: if you have an attack that brings down your website that IPS could have prevented... then you lost 100 sales.
[16:03] <patdk-wk> heh, jetole, you mean like vonage, when they contacted me to stop hacking them over port 123, when vonage was using my server for ntp
[16:09] <jetole> kelt: if you have an attack that brings down your website that an IPS could have prevented then you have an attack that you are readily aware of that you did not patch or you are trusting 3rd party sites to supply IPS rules that you do not analyze so either you are not maintaining your servers in the first place or you are allowing for a high rate of false positives
[16:11] <jetole> resno: I don't use fail2ban. If you are referring to ssh I run it on a alternate port and only use ssh keys as well as iptables rules to limit syn connections within allowed times so if I receive a certain number of syn packets consistantly to my ssh port then they are blocked at the firewall as well as that host from all further communication for the time I set in the recent module
[16:11] <jetole> patdk-wk: that sounds like vonage
[16:12] <patdk-wk> atleast the guy that called was helpful
[16:13] <jetole> patdk-wk: why were they using your NTP server?
[16:13] <patdk-wk> I dunno
[16:13] <patdk-wk> they said they had a new admin setting up systems
[16:13] <jetole> ha
[16:13] <patdk-wk> and it sounds like they just left the default settings to use the pool.ntp.org
[16:13] <jetole> makes sense
[16:14] <jetole> you run a pool.ntp.org server?
[16:14] <patdk-wk> ya, several
[16:14] <jetole> ah that makes sense
[16:14] <jetole> yeah, I use a default us.pool.ntp.org as one of mine
[16:14] <jetole> after two nist ones
[16:14] <patdk-wk> I never use nist
[16:15] <patdk-wk> everytime I have checked it, I get horrible results from it
[16:15] <jetole> well I have had good luck with ntp.org but it's user run
[16:15] <patdk-wk> dunno if they fixed it recently
[16:15]  * jetole doesn't know
[16:15] <jetole> aside from ntp.org, who do you recommend
[16:15] <jetole> ?
[16:15] <patdk-wk> heh, well, back when I checked it, 5+ years ago, it felt like it was on a t1, with t3 amount of traffic attempting to use it
[16:15] <jetole> dhcpd.conf: option ntp-servers time-a.nist.gov, time-b.nist.gov, us.pool.ntp.org;
[16:16] <patdk-wk> I run my own ntp cluster
[16:16] <patdk-wk> so all my servers us my own pool
[16:16] <jetole> I don't know if thats the case now but I monitor NTP via nagios and I don't often get alerts but I don't know off the top of my head how thats checked
[16:16] <patdk-wk> the cluster heads, use some static and pool servers to help round them out
[16:16] <jetole> I gotta get back to trying to figure out how to use watchdog with a hardware timer in linux
[16:17] <jetole> everywhere I have looked so far has directed me towards the software watchdog daemon
[16:17] <jetole> :(
[16:17] <patdk-wk> hmm, watchdog just worked for me, using an old scb2 motherboard :)
[16:18] <jetole> Well I run a virtual cluster and want to set it up on the virtual machines but I had a bad experience once with a harware timer in a super micro board
[16:18] <jetole> so I'm being cautious
[16:18] <jetole> I know the watchdog package in ubuntu has nothing to do with physical watchdog
[16:19] <patdk-wk> http://buttersideup.com/docs/howto/IPMI_on_Debian.html
[16:19] <patdk-wk> all my watchdogs are ipmi
[16:19] <patdk-wk> all my server motherboards are currently intel though
[16:20] <jetole> afaik, this watchdog is PCI
[16:20] <jetole> it is intel, one sec, looking for the page that desribes it again
[16:20] <jetole> http://libvirt.org/formatdomain.html#elementsWatchdog
[16:20] <jetole> If you scroll down to model
[16:20] <jetole> 'i6300esb' — the recommended device, emulating a PCI Intel 6300ESB
[16:20] <patdk-wk> oh, a vm watchdog
[16:21] <jetole> well yes but it emulates the Intel 6300ESB
[16:21] <jetole> so the vm guests see the Intel device
[16:22] <jetole> patdk-wk: this looks promising: http://lkml.indiana.edu/hypermail/linux/kernel/0502.2/0908.html
[16:22] <patdk-wk> heh, dunno
[16:23] <patdk-wk> I haven't used kvm
[16:23] <patdk-wk> been using xen, but switching to vmware
[16:23] <patdk-wk> the whole xen -> kvm switch thing really annoyed me
[16:24] <jetole> I used to use ESX 3
[16:24] <jetole> didn't find it fast enough
[16:24] <jetole> and Xen has always been the bain of my existance. I still have a few Xen hosts
[16:24] <patdk-wk> all my stuff is esxi 4.1 now
[16:24] <jetole> I loathe them
[16:24] <jetole> CONFIG_I6300ESB_WDT=m
[16:25] <jetole> thats from the 10.04 kernel config so it's a module and just found this page with an explanation: http://cateee.net/lkddb/web-lkddb/I6300ESB_WDT.html
[16:25] <jetole> patdk-wk: I'm personally quite happy with KVM. I didn't like ESX 3 and loath Xen but I haven't tried ESX 3
[16:26] <patdk-wk> I have never used esx 3.5
[16:26] <patdk-wk> attempted to use hyperv for a windows cluster
[16:26] <patdk-wk> but the windows guests had tcp issues, for one 3rd party app
[16:27] <patdk-wk> webserver would get request headers, but response would never make it out of hyperv
[16:29] <jetole> never tried hyperV and I really don't want to
[16:29] <patdk-wk> I didn't either
[16:29] <patdk-wk> but the server already had win2008 on it, and I needed 4 vm's
[16:29] <patdk-wk> so figured, why not
[16:29] <patdk-wk> and the 3rd party vender said it would be fine
[16:30] <patdk-wk> not so much
[16:32] <jetole> haha
[16:32] <jetole> yeah all my windows2008 are VM themselves on KVM via libvirt
[16:32] <patdk-wk> took the hyperv image, moved to vmware, worked perfectly
[16:33] <jetole> yeah I remember migrating vmware esx images to kvm
[16:35] <jetole> oh btw, as per watchdog, I remember that Xen had a proposed watchdog spec that they chose not to accept
[16:55] <Kaelten> anyone know what boot option to pass in to install in textmode?
[16:55] <patdk-wk> it doesn't?
[16:56] <patdk-wk> oh, heh, I always net-install, so it's always text for me :)
[16:59] <Kaelten> patdk-wk: I'm net installing
[16:59] <Kaelten> or is the annoying blue blocks everywhere the textmode?
[16:59] <patdk-wk> annoying blue blocks?
[16:59] <patdk-wk> you mean color ascii stuff?
[17:00] <Kaelten> patdk-wk: http://grab.by/5Tgj
[17:00] <Kaelten> that thing
[17:00] <zash> Kaelten: that is text mode
[17:00] <Kaelten> ah, k
[17:00] <Kaelten> was wondering if there was something less than that
[17:01] <patdk-wk> nope :)
[17:01] <patdk-wk> maybe a black/white version? :)
[17:01] <Kaelten> I'm testing in hyperv and it's driving me nuts because the redraw rate is so slow
[17:01] <patdk-wk> that is hyperv issue
[17:01] <patdk-wk> hyperv is using graphics mode, even though the video card in the vm is in text mode
[17:02] <Kaelten> adding "blacklist vga16fb" to modprobe.d/blacklist-framebuffer.conf fixes it
[17:02] <Kaelten> but that doesn't help me in the installer
[17:11] <Jhon> Hola buenos dias
[17:11] <Kaelten> anyone have any experiance with ubuntu and a QLogic 2560?
[17:12] <Jhon> Necesito sugerencias osbre servidores
[17:12] <Jhon> podria ayudarme
[17:13] <patdk-wk> kaelten, nope, only using ubuntu with a qlogic 2200
[17:13] <Kaelten> did the kernel support it ok, or am I looking at something scary?
[17:13] <Jhon> se habla español aki o ingles?
[17:14] <patdk-wk> yep
[17:14] <Kaelten> no habla español :(
[17:14] <patdk-wk> perfectly
[17:14] <Kaelten> that's good news, we have a fabric/storageworks from hp, but the hba's look like rebranded qlogics
[17:14] <Kaelten> and I'm thinking they're 2560s but I'm not certain
[17:15] <Kaelten> going down week after next to set it up, so trying to at least have an idea
[17:15] <patdk-wk> qlogic has always been well supported
[17:15] <patdk-wk> I'm pretty sure it's direct support from qlogic
[17:16] <Kaelten> that's good to hear, I know hp mainly offers support for rehl and suse,
[17:16] <Kaelten> but I'm stuck in my ways on using ubuntu
[17:19] <Jhon> por que si hablan español
[17:19] <Jhon> hablan en ingles
[17:22] <resno> Jhon: porfavor hables en ingles aqui
[17:23] <resno> Jhon: hablamos ingles solamente
[17:23] <Jhon> hablan solo ingles aki en la charla????
[17:23] <resno> !es
[17:24] <Jhon> :( ok es que yo casi no entiendo ingles
[17:25] <resno> Jhon: lo siento.
[17:25]  * RoyK is building a "Lord Vetinari clock" to a friend of mine (like the one Vetinari has in his waiting room - it ticks unevenly, tick, ... tock .. ticktock ..... tick ... tock
[17:25] <Jhon> de todas maneras gracias
[17:25] <resno> Jhon: hasta luego
[17:25] <RoyK> resno, Jhon: kan ikke dere snakke engelsk? jeg forstår ikke et ord
[17:34] <FunnyLookinHat> Ok guys - super strange issue - I have a cron'd PHP script that runs mencoder to rotate videos...  when I run the script as myself, i.e. php script.php - mencoder works fine.... but when cron runs the script as root, mencoder only converts the first second of the video - ideas???
[17:34] <Kaelten> now if I could only figure out why my netinstall has a messed up hostname
[17:35] <patdk-wk> FunnyLookinHat, bad path setting? it can't locate the audio encoder?
[17:35] <RoyK> Kaelten: just change it :þ
[17:35] <Kaelten> RoyK: I was hoping to be able to set it via the dhcp server
[17:36] <kirkland> mathiaz: o/
[17:36] <patdk-wk> I think it's storming outside
[17:36] <patdk-wk> my ups is going nuts
[17:36] <patdk-wk> nope, clear skys, how odd
[17:37] <Kaelten> patdk-wk: how do you handle hostnames with your netinstalls?
[17:37] <patdk-wk> I just type it in, during the install, when it asks for it :)
[17:37] <patdk-wk> really rather difficult
[17:38] <Kaelten> ah, so you're not doing unattended
[17:38] <patdk-wk> nope
[17:38] <FunnyLookinHat> patdk-wk: How would I fix that?  I mean - ldconfig should take care of the audio encoder, etc. right?
[17:38] <patdk-wk> FunnyLookinHat, what does ldconfig have to do with it?
[17:38] <patdk-wk> that is to locate lib's
[17:38] <patdk-wk> I dunno how mencoder works
[17:38] <FunnyLookinHat> Well ok - better question - why would it ONLY happen as root and not the user account ?
[17:39] <RoyK> Kaelten: no, but you can with reverse dns
[17:39] <patdk-wk> but normally the issue is always path related, if something doesn't work right in cron
[17:39] <FunnyLookinHat> kk
[17:39] <Kaelten> RoyK: ?
[17:39] <RoyK> ubuntu looks up its hostname in dns
[17:39] <RoyK> if none is found, it defaults to ubuntu (iirc)
[17:40] <Kaelten> mine seems to be defaulting to kickseed
[17:40] <mathiaz> kirkland: mumble?
[17:41] <kirkland> mathiaz: k, let me grab a headset
[17:46] <FunnyLookinHat> patdk-wk: more confusing - if I run the script as root, all is fine... if I let cron run it, cuts off at 1 sec.
[17:52] <_ruben> that's usually an environment and/or tty problem
[17:54] <FunnyLookinHat> kk... great.  that's even a bigger problem to debug :)
[17:57] <patdk-wk> there are hundreds of google hits for mencoder and cron
[17:57] <patdk-wk> all kinds of people having issues
[17:58] <patdk-wk> looks like strictly a env issue :)
[17:58] <patdk-wk> http://serverfault.com/questions/95729/difference-of-running-scripts-manually-or-with-a-cronjob
[17:59] <zash> PATH probably
[17:59] <zash> and PWD
[17:59] <patdk-wk> I said that hours ago :)
[18:00] <zash> "use absolute paths"
[18:00] <zash> patdk-wk: then someone didn't listen/read :P
[18:03] <FunnyLookinHat> Yeah I do use absolute paths, all the time, of course :)
[18:03] <patdk-wk> just cause you do, doesn't mean the program does also :)
[18:04] <FunnyLookinHat> hah true.
[18:05] <FunnyLookinHat> bastard of a program is erroring out with some random dependency...  I fixed one (was missing a random font file, which threw an error message but allowed it to keep running) - but now it's erroring out at a different point, hah
[18:06]  * patdk-wk is it sad, I install japanese fonts, to find a good english font I like for ssh
[18:07] <FunnyLookinHat> lol?
[18:16] <FunnyLookinHat> How do I get a bash script to include/source specific include files ?
[18:19] <zash> FunnyLookinHat: source path/to/script.sh
[18:22] <FunnyLookinHat> zash: thanks
[18:23] <zash> FunnyLookinHat: and . path/to/script.sh is equivalent
[18:26] <gnoob> Hi,  anyone knows about a good way of making infoscreens? Is there any preconfigured distros out there?  Would like to have e.g two terminals. tty1 for administration from shell and tty2 for X where impossible to log on.  tty2 shows a buch of web pages from a spesific folder..  Anything like this out there? :)
[18:27] <patdk-wk> gnoob, dunno of anything, but sounds like something that only takes a few min to make
[18:32] <gnoob> :)  would take me a minimum a couple og hours I think :)
[18:46] <hallyn> smoser: was flyin'.  wazzup?
[18:47] <Daviey> hggdh, Hey.. have you had a chance to try the packages from today?
[18:47] <Daviey> hggdh, i see you have \o/
[18:47] <smoser> hallyn, i have a fun bug for you
[18:47] <smoser> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/615529
[18:50] <FunnyLookinHat> So tell me this - I ran set > setopts and then included . /path/to/setopts within a wrapper bash script - still no luck, does that mean it isn't an ENV variable issue ?
[18:53] <hggdh> Daviey: I still see some instances failing to start
[18:53] <Daviey> hggdh, In what topology?
[18:54] <hggdh> Daviey: right now all-in-one, 170 started, about 6 failed
[18:54] <hggdh> this run should end in ~15 minutes, and I will then test volumes, then test distributed
[18:55] <Daviey> hggdh, OK.. Those numbers are *awful*.. better than Lucid release!  But i think that is a seperate bug to the one that has been fixed.
[18:55] <Daviey> erm, AREN'T awful. i mean;t to say
[18:56] <RoyK> Daviey: sorry to barge in, but what numbers are these?
[18:58] <Daviey> RoyK, Instances not starting when requested with UEC.
[18:59] <gnoob> patdk-wk: for a hommade "info screen project"  What should I do to start showing html pages automaticly after the automated login? Ill be able to start firefox, but cant see how to start firefox in fullscreenmode switching between htmlpages with e.g 30 second delay. Is firefox scriptable? of is there another tool I should use maybe?
[19:00] <hggdh> Daviey: I agree, the signature seems different
[19:00] <patdk-wk> making firefox reload on 30seconds doesn't even need firefox, just use a refresh in the html page :)
[19:02] <hallyn> smoser: that's not an easy bug to follow, but iiuc you're saying booting from floppy is not working as a workaround in uec?
[19:02] <hallyn> have you chatted with Daviey about it?
[19:03] <smoser> yes, in the end it looks like the work around doesn't work as i thought it did.
[19:03] <hallyn> I've not really used uec (other than as user of ec2) so not sure how to reproduce myself
[19:04] <hallyn> smoser: the bug never says what happens now.  does reboot fail?
[19:04] <smoser> i haven't actually tested on eucalyptus, (and I did test the work around there). it seems like it may not be 100% failure rate, and i got "lucky"
[19:04] <smoser> yes, in my local tests, reboot fails the same way.
[19:04] <hallyn> so the first boot works, and reboot fails?
[19:04] <smoser> yes.
[19:05] <smoser> i'm working on getting an easier recreate together.
[19:05] <hallyn> ok
[19:09] <gnoob> patdk-wk: sorry the noobing, but I dont think I understood how.  If I have a couple of html pages I want to be shown on info screen, and I want all pages to be shown and each one for 30 secs, before looping :)  Is this easily done?
[19:11] <RoyK> uvirtbot: pastebin
[19:12] <RoyK> uvirtbot: pastebin?
[19:12] <RoyK> !pastebin
[19:12] <RoyK> shouldn't ubottu be in #ubuntu-virt as well?
[19:18] <kman_> Hi all.  Anyone able to assist with getting a network card working in Ubuntu Server?  Can see it using lspci but not talking to the network.
[19:20] <RoyK> kman_: doesn't ifconfig -a show it?
[19:21] <kman_> Royk yes it shows there as well.
[19:22] <RoyK> kman_: if ifconfig -a shows the nic, just edit /etc/network/interfaces
[19:23] <kman_> OK will try.
[19:25] <RoyK> kman_: https://help.ubuntu.com/8.04/serverguide/C/tcpip.html is good reading :)
[19:37] <caution> I've had more memory added to my server but I don't see it in `top`, what might I need to do to start using it?
[19:37] <caution> a mount?
[19:37] <giovani> caution: is it reflected in the BIOS?
[19:38] <caution> it's a hosted server
[19:38] <giovani> is it a VPS, or a physical server?
[19:38] <caution> vps
[19:38] <giovani> ask the VPS provider
[19:38] <giovani> who knows how they handle it
[19:38] <giovani> a reboot is certainly required
[19:38] <caution> tried that
[19:39] <giovani> contact your provider
[19:40] <kman_> Royk.  Read through that.  looked at interfaces.  My ifconfig shows eth2 and eth4 but the interfaces refers to eth0. Could this be the problem?
[19:42] <RoyK> kman_: ubuntu links ethx to a mac address - to reset it, rm /etc/udev/rules.d/70-persistent-net.rules and reboot
[19:42] <RoyK> kman_: if you changed the NIC or something, it'll turn up as a new ethX
[19:44] <kman_> NOt only did I change the nic the mobo died and it's a whole new mobo.  There is a PCI nic and a mobo nic.  Thus eth2 and eth4.
[19:44] <RoyK> the new mobo will have new mac addresses
[19:44] <RoyK> remove that file and restart
[19:58] <shebaloma> i have been to #ubuntu-virt here is a past bin http://paste.ubuntu.com/477563/
[19:59] <shebaloma> it has to deal with virt-manager
[20:00] <thesheff17> shebaloma: on your virt box type virsh and see if you can get in.
[20:02] <shebaloma> http://paste.ubuntu.com/477577/
[20:03] <thesheff17> can you ping & ssh from the virt-manager machine to the virsh running machine?
[20:04] <shebaloma> ican manage the box from laptop using ssh <ip_addy)
[20:05] <cemc> I have a network interfaces question
[20:05] <thesheff17> shebaloma: I would restart libvirt and check the logs.
[20:05] <cemc> when I installed Lucid, I had eth0, eth1 autodetected, right? now I would like to reverse them, how do I do that?
[20:06] <thesheff17> cemc: what do you mean about reverse?
[20:06] <shebaloma> where do i find the log for libvirt
[20:07] <cemc> thesheff17: I mean, I have eth0 say a realtek card, and eth1 say a 3com, but I want them reversed, so that eth0 would be the 3com
[20:08] <cemc> but obviously the realtek one got detected first, so it got eth0 assigned to it
[20:09] <thesheff17> shebaloma: I think by default it goes to syslog...there is also /var/log/libvirt
[20:10] <thesheff17> shebaloma: but that looks like just logs for vm.
[20:12] <thesheff17> cemc: this isn't a typical thing to do.  I would look here to starthttp://www.debianhelp.co.uk/udev.htm
[20:16] <cemc> thesheff17: thanks, this actually help
[20:16] <cemc> s
[20:16] <thesheff17> cemc: np
[20:30] <DUEDAHL> is it possible to manage your ubuntu servers (ssh) through ubuntu-landscape?
[20:33] <shebaloma> i looked in /var/log all is fine in all the log files<thesheff17>
[20:37] <thesheff17> shebaloma: and this works from the command line? and not in the GUI? virsh -c qemu+ssh://root@192.168.1.5/system
[20:43] <DUEDAHL> is it possible to manage your ubuntu servers (ssh) through ubuntu-landscape?
[20:45] <shebaloma> http://paste.ubuntu.com/477595/ the what happens on the server
[20:47] <shebaloma> http://paste.ubuntu.com/477596/ this is form the client
[20:52] <shebaloma> http://paste.ubuntu.com/477598/ virsh -c qemu+ssh://shebaloma@192.168.1.3/system what happens if i change usre from roo to shebaloma
[20:55] <shebaloma> http://paste.ubuntu.com/477604/ and this is run from cliant
[20:55] <shebaloma> dose that help you <thesheff17>
[20:56] <jacob_> Hello everyone. I've been using ubuntu desktop for a few years now. I work at godaddy.com and have been using godaddy shared hosting for a while, now I want to use ubuntu server and host my site myself. Is there a control panel I can install on ubuntu server to make management of DNS and email a little easier?
[20:59] <thesheff17> shebaloma: use root
[20:59] <thesheff17> shebaloma: you prob have a permissions problem
[21:00] <shebaloma> on the server root login is disabled
[21:00] <thesheff17> jacob_: I just use the godaddy web site and point it to my public IP's for the web site...as far as I know there is no control panel.
[21:00] <shebaloma> i could enable but i forgot how
[21:02] <thesheff17> shebaloma: http://www.sunmanagers.org/pipermail/summaries/2002-June/001802.html
[21:02] <thesheff17> shebaloma: change your /etc/ssh/sshd_config file with those two lines in that link.
[21:03] <thesheff17> shebaloma: and restart /etc/init.d/ssh restart
[21:03] <jacob_> Hello everyone. I've been using ubuntu desktop for a few years now. I work at godaddy.com and have been using godaddy shared hosting for a while, now I want to use ubuntu server and host my site myself. Is there a control panel I can install on ubuntu server to make management of DNS and email a little easier?
[21:05] <CharlieSu> jacob_: look at ISPConfig
[21:09] <IVerbNouns> CharlieSu: Thanks I'll check that out.
[21:09] <shebaloma> ok works on the server
[21:09] <shebaloma> but not from clint
[21:12] <cemc> when enabling unattended upgrades, how can I exclude the kernel?
[21:12] <cemc> can I exclude 'linux-image*' ?
[21:22] <jdstrand> zul: hey. I was wondering if you could look at bug #578922, comment #1, points 2 and 3 and consider them for Ubuntu and pushing to Debian. I have not tested them at all and in the bug simply stated 'it could be done'
[21:24] <qman__> cemc, running "sudo apt-get upgrade" will not install kernel updates
[21:24] <qman__> you need to use "dist-upgrade" or equivalent for them to install
[21:24] <cemc> riight
[21:24] <cemc> of course
[21:25] <cemc> qman__: thanks
[21:25] <FunnyLookinHat> With a cron script, how can I make sure a pty is allocated for it ?  I'm using a bash-script wrapper to launch a php script that requires all sorts of junk so that mencoder will run
[21:37] <dominicdinada> what is the safe way to remove xorg, gnome desktop from someones server. And what will be lost by way of say conf for samba, network, etc
[21:44] <hallyn> well this is weird.  I swear yesterday there were two commeetns on old qemu-kvm bzr branch proposed merges about whether they were still needed, but now i can't find them either in email or in launchpad...
[21:50] <kman_> Royk.  I removed the file, restarted the system and still no internet.  It now shows only the eth0.
[21:52] <tyska> hi guys im working with cups on ubuntu, i wanna put authentication on my printers but my windows machines cannot access the printers with authentication, can someone help me?
[21:52] <RoyK> kman_: reconfigure /etc/network/interfaces
[21:52] <RoyK> if the interface is visible, it should be configurable
[21:54] <kman_> right now it is set for autoconfig.  I am a little surprised it does not see the two network cards.
[21:54] <kman_> Only one has a network connection so maybe that explains it.
[21:55] <RoyK> kman_: ifconfig -a
[21:56] <RoyK> pastebin that
[22:01] <kman_> I've never used pastebin sorry.  The results do show the two cards. One is a RTL-8139 which has known problems in Ubuntu.  The other is National Semiconductor DP03815.
[22:01] <kman_> Is there some help guide or info related to pastebin somewhere?
[22:02] <guntbert> !pastebin
[22:02] <guntbert> kman_: ^
[22:04] <glen1> this is a bit unrealistic xD but if I happened to own one of the cray jaguar supercomputers. Could I use it as a personal computer xD
[22:04] <glen1> http://en.wikipedia.org/wiki/Jaguar_%28computer%29
[22:06] <kman_> No need to pastebin.  It started working.  Not sure why.  I did switch the cable back and forth perhaps that triggered something.
[22:06] <kman_> Maybe I need to check for the cable.
[22:07] <Patrickdk> heh, I had issues like that with a realtek card
[22:07] <Patrickdk> I replaced it, no more issues :)
[22:07] <Patrickdk> I was planning on replacing the whole computer cause of it, but it hasn't come in yet
[22:43] <glen1> does anyone know about subdomans?
[22:43] <glen1> how is images.google.com different from google.com/images/
[22:44] <rcsheets> well, google.com/images/ doesn't exist
[22:44] <rcsheets> and images.google.com does
[22:45] <alex_joni> images.google.com is a subdomain
[22:45] <alex_joni> it can live on a different server, have a different IP, whatnot
[22:45] <alex_joni> google.com/images/ is just a folder on google.com/
[22:51] <taget> glen1:  what are you trying to do with your subdomain ?
[22:52] <glen1> I was just curious about it
[22:52] <glen1> alex_joni, oh I see
[22:52] <glen1> thanks
[23:19] <tyska> im trying to use a samba server in a 10.04 ubuntu but i get this error when trying to access it: samba tree connect failed: NT_STATUS_ACCESS_DENIED. Someone can help me?
[23:20] <tyska> guys?
[23:21] <tyska> someone can help me?
[23:22] <tyska> =(
[23:47] <shebaloma> hello <thesheff17> i figered it out i was using the wrong ssh-askpass
[23:49] <JordiGH> How do you get rid of command-not-found?
[23:49] <JordiGH> Removing the package left me with :
[23:49] <JordiGH> jgutierrez@ubuntuServer:~$ sdfdsf
[23:49] <JordiGH> /usr/bin/python: can't find '__main__.py' in '/usr/share/command-not-found'
[23:51] <JordiGH> I guess I can just nuke any mention of it in /etc/bash.bashrc
[23:53] <JordiGH> Ah, there we go.
[23:53] <JordiGH> "-bash: fasdfds: command not found"
[23:53] <JordiGH> Thanks!
[23:54] <thesheff17> shebaloma: yea it sounded like it was outside a connection issue with virt.
[23:57] <shebaloma> i had ssh-askpass but this was the problem them i installd gtk-led-askpass and works fine
[23:58] <shebaloma> so i think ssh-askpass is outdated