/srv/irclogs.ubuntu.com/2010/08/31/#ubuntu-server.txt

Psi-Jack	Has anyone worked much with AoE targets for HA networked storage mediums? I'm curious how fault tolerant it can be.	00:28
fbc_	I have a server with a 10gig system partition and would like to move and remap /var to another drive(bigger) as that is where all the data goes.	00:33
fbc_	could someone point me to a guide or how to?	00:33
fbc_	don't all jump in all at once now.	00:40
uvirtbot	New bug: #627142 in apache2 (main) "Apache2 init.d script runs 'stty sane', which will fail on script runs" [Undecided,New] https://launchpad.net/bugs/627142	00:51
=== xfaf is now known as zul
Andre_Gondim	I have a ubuntu server with cups installed, how do I access the interface in other pc in the same network	01:48
pmatulis	Andre_Gondim: i think cups has a web interface	01:53
Andre_Gondim	pmatulis, yeah, it has, but how may I do the accesss by other machine not localhost	01:54
pmatulis	Andre_Gondim: port 631 i believe	01:55
Andre_Gondim	I did, but don't show me nothing	01:55
pmatulis	Andre_Gondim: what exactly did you do?	01:56
Andre_Gondim	I installed ubuntu server, and cups, then in other machine try ip_from_server:631 and shows me a error page, like that page doesn't exists	01:57
pmatulis	Andre_Gondim: i guess the cups daemon isn't running	01:59
pmatulis	Andre_Gondim: you should get something like what i have on my system:	02:00
pmatulis	oops	02:01
pmatulis	cupsd 1938 root 7u IPv4 25155 0t0 TCP 127.0.0.1:631 (LISTEN)	02:01
Andre_Gondim	root 19103 0.0 0.1 6872 2620 ? Ss 21:45 0:00 /usr/sbin/cupsd -C /etc/cups/cupsd.conf	02:01
Andre_Gondim	pmatulis, like this?	02:02
pmatulis	Andre_Gondim: for me, it's listening on localhost	02:02
pmatulis	Andre_Gondim: change that in your config file	02:03
pmatulis	Andre_Gondim: what output do you get to:	02:03
pmatulis	sudo lsof -i4tcp:631 -nP	02:03
Andre_Gondim	cupsd 19103 root 6u IPv4 165972 0t0 TCP 127.0.0.1:631 (LISTEN)	02:04
pmatulis	Andre_Gondim: there you go. change the config file so it listens on your IP address	02:04
Andre_Gondim	pmatulis, the config file is cupsd.conf?	02:05
pmatulis	Andre_Gondim: yeah	02:05
Andre_Gondim	I have inserted Listen my_other_machine_ip:631 and restarted the service cups, bug the result is the same	02:06
pmatulis	Andre_Gondim: your other machine?	02:06
pmatulis	Andre_Gondim: no, put the server's address	02:07
Andre_Gondim	oh, I got it	02:07
Andre_Gondim	pmatulis, many thanks, now I can setup my printer ;)	02:08
pmatulis	Andre_Gondim: good work	02:08
YDU_Remote	...mornin y'all - anyone familiar with grub2 strangeness - i.e., on powerON (not reboot), grub just hangs with "out of disk" error...?	02:10
pmatulis	YDU_Remote: when you power on your machine does not boot but when you reboot it does?	02:12
YDU_Remote	pmatulis: Yeppers mate...exactly that. Strange, innit...	02:17
pmatulis	YDU_Remote: you might have a power issue (power supply or wall outlet)	02:18
YDU_Remote	pmatulis: All tested/checked/verified. This server installation also does the same thing at the lab, here, or anywhere else. Strange thing this - I've done the exact same installation/setup on several machines and this one is the only one that freaks like this. All the same hardware, same Ubu version, same everything.	02:19
pmatulis	YDU_Remote: but you're using the same p/s, obviously	02:20
pmatulis	YDU_Remote: or did you change it?	02:20
YDU_Remote	Used the PSU from a different box (the same, but just from a different box) -> same issue.	02:21
pmatulis	YDU_Remote: how many and what kind of drives?	02:23
YDU_Remote	pmatulis: Single drive, internal, 1.5tb => Samsung	02:32
pmatulis	YDU_Remote: swap in another one	02:33
YDU_Remote	pmatulis: Hard to do whilst this site is active - have to try that at COB	02:33
pmatulis	YDU_Remote: COB?	02:33
YDU_Remote	pmatulis: My bad - it's a WD (COB - Close of business)	02:34
pmatulis	YDU_Remote: alright	02:34
JasonMSP	Is it possible to adjust some setting so that I don't see the entire directory structure at the command prompt? maybe just the current folder name?	02:36
YDU_Remote	These kinda niggly things really give me the shiites sometimes...re-installed grub2 so many times I feel like I'm dating it...	02:36
pmatulis	JasonMSP: yes, of course	02:38
pmatulis	JasonMSP: you want to "customize your bash prompt" (assuming you're using bash as shell)	02:38
JasonMSP	pmatulis: yes	02:40
pmatulis	JasonMSP: so google will tell you, basically you want to define the PS1 variable	02:40
JasonMSP	thanks	02:40
pmatulis	JasonMSP: your current prompt is given by 'echo $PS1'	02:41
=== dendrobates is now known as dendro-afk
EvilPhoenix	i'm trying to configure lighttpd to work	02:41
EvilPhoenix	i installed it with apt-get	02:41
EvilPhoenix	and i'm getting 403 forbiddens everywhere	02:41
EvilPhoenix	how can I fix that	02:41
pmatulis	EvilPhoenix: i guess you need to configure it	02:41
EvilPhoenix	no crap	02:41
EvilPhoenix	i came here looking for support with that	02:42
pmatulis	http://redmine.lighttpd.net/wiki/1/TutorialConfiguration	02:44
pmatulis	EvilPhoenix: that should get you started	02:44
tf2ftw	a	03:03
tf2ftw	chrismsnz,	03:05
=== jman_ is now known as jjman
=== dendro-afk is now known as dendrobates
\|rt\|	does anyone know of any reasons you can get really bad (4.3 MB/s) write speed and really good (187 MB/s) read with software raid in linux?	03:18
chrismsnz	raid 5?	03:18
\|rt\|	doesn't seem to matter what file system I use or kernel version	03:18
\|rt\|	yes 5 disk raid 5	03:18
chrismsnz	it's doing a lot of calculation per write	03:18
stlsaint	any of you folks ever use psad with server edition?	03:19
chrismsnz	i haven't seen it that bad, but it's bad	03:19
\|rt\|	nah...cpu's can do that really fast	03:19
\|rt\|	it's not cpu bound when this is happening	03:19
\|rt\|	like 97% idle cpu	03:19
\|rt\|	i've used 12 disk raid5 software raid without any issues in the past	03:19
chrismsnz	is one of the disks dragging it down?	03:20
chrismsnz	try to run hdparm on each individual device	03:20
chrismsnz	hdparm -tT	03:20
\|rt\|	yeah did that already...they are all about the same	03:20
\|rt\|	50-60 MB/s	03:20
\|rt\|	but hdparm only test reads....and my slowness is writes	03:20
\|rt\|	I'll blow my raid volume away and run some bonnie++ tests on each drive	03:21
\|rt\|	but these same drives did a good job with OpenSolaris and ZFS	03:22
\|rt\|	if I can't get linux working right I'll try FreeBSD and just go back to ZFS	03:22
chrismsnz	zfs is nice :)	03:23
chrismsnz	if you're running a recent kernel the on-disk format for btrfs is now stable so might be worth a whack	03:23
\|rt\|	it is....I was hoping to play with BTRFS but the user space tools seem to be a bit lacking	03:23
chrismsnz	obviously not if it's production, though	03:23
\|rt\|	and it's documentation	03:23
chrismsnz	I prefer RAID 10 to raid 5	03:24
\|rt\|	chrismsnz: I started off playing with BTRFS on Maverick on this system just to see what it was like	03:24
\|rt\|	chrismsnz: yeah I agree only the raid 10 thing but these drives are only 250GB drives so for capacity I chose to stick to RAID5 for now	03:25
chrismsnz	in fact, you could probably use Linux's "raid 10" on your array - it outperformed raid6 in my tests	03:25
\|rt\|	but BTRFS doesn't do RAID5 yet	03:25
\|rt\|	yeah...I may do that just to test this....but I need to figure out what about my system Linux isn't likely	03:26
\|rt\|	liking	03:26
chrismsnz	well, if you want the bleeding edge - i heard that native linux ZFS is being released shortly as a compilable kernel module	03:26
\|rt\|	yeah I think i'll pass on that for now	03:26
\|rt\|	hopefully maverick +1 has BTRFS and the documentation and user space tools are improved	03:27
chrismsnz	natty narwhal D:	03:27
\|rt\|	integration with apt and snapshots would be nice too :)	03:28
chrismsnz	is your hardware exceedingly old or new?	03:30
\|rt\|	it's middle of the road	03:30
chrismsnz	a while ago linux was having trouble with an onboard sata controller I had and it affected speeds quite badly	03:31
\|rt\|	it's probably a year old or so but it wasn't cutting edge then	03:31
chrismsnz	shouldn't be a problem there :\	03:31
\|rt\|	yeah I've been looking for information about the SB700 chipset and performance issues but haven't found anything	03:31
\|rt\|	the system has an AMD Athlon 4850e cpu	03:32
chrismsnz	you're using software raid by mdadm right?	03:33
\|rt\|	yeah	03:33
* chrismsnz boggles		03:33
\|rt\|	i've tried the SATA controller in SATA mode and AHCI mode with the same results	03:33
\|rt\|	yeah i've never seen anything like this	03:34
\|rt\|	but i've tried a few older kernels on system rescue live cd's to make sure it wasn't a kernel issue	03:34
\|rt\|	what ever is going on doesn't seem to be tied to any kernel version	03:35
chrismsnz	you're using one parity disk?	03:35
\|rt\|	well raid5 doesn't have a dedicated parity disk...but it is n+1 parity	03:35
chrismsnz	err yeah	03:35
chrismsnz	i mean, i can see why it's slow to write... 5 disks = 4 reads and 2 writes per block	03:36
\|rt\|	I have plenty of pci slots open so one option may be to pick up a couple of 4 port sata controllers	03:37
chrismsnz	but like i said i haven't seen it that slow	03:37
chrismsnz	or 3 reads, hypothetically, plus parity calculation	03:37
\|rt\|	if the raid didn't rebuild at 50MB/s my first thought was partition mis-aligned but you normally don't see that much speed loss for that	03:38
\|rt\|	just did a bigger test to make sure I wasn't seeing some caching affect on the read spead	03:39
\|rt\|	wrote 7.4GB in 1767.36 seconds (4.2MB/s) and read 7.4GB in 49.046s (150MB/s) using dd	03:40
\|rt\|	time to blow away the raid and run bonnie++ on each drive to see what happens	03:41
\|rt\|	b/c if it's one drive the read speed could still be pretty good with raid5 as it could work around the slow drive	03:41
\|rt\|	not sure it's that intelligent though	03:41
chrismsnz	good luck :\	03:41
chrismsnz	also check dmesg and see if it's complaining about any of your hardware	03:42
\|rt\|	yeah hopefully something jumps out with the individual disks	03:42
\|rt\|	nothing in dmesg	03:42
chrismsnz	bummer	03:42
\|rt\|	chrismsnz: I think I found my problem	03:49
chrismsnz	ooh	03:49
\|rt\|	mkfs.ext4 on /dev/sda2 is going really slow....fast on all the other drives	03:49
chrismsnz	give it a prod with smartctl	03:49
chrismsnz	see if it's noticed a problem	03:49
\|rt\|	hmm sdd2 is slow as well...may have spoken too soon	03:52
\|rt\|	smart data is fine on all of the drives.....i'll have to swap what port the drives are plugged into and see if the problem follows ports, drives, or cables	03:53
Datz	hi, it seems as though cron isn't working on my system. Can someone help me out with a diagnosis?	03:59
chrismsnz	hi	04:10
chrismsnz	Datz: what makes you say that?	04:10
Datz	chrismsnz: I have cron jobs scheduled and they don't run	04:12
chrismsnz	ok, where did you schedule them?	04:12
chrismsnz	in crontab? cron.daily? cron.d?	04:12
Datz	crontab	04:13
chrismsnz	unprivileged user? or root user?	04:13
Datz	user	04:13
Datz	groups datz	04:13
Datz	datz : datz adm dialout cdrom plugdev crontab sambashare lpadmin admin	04:13
Datz	I added myself to crontab group	04:13
Datz	in hopes to fix it	04:13
chrismsnz	do you have an /etc/cron.deny or /etc/cron.allow file?	04:14
chrismsnz	(it's ok if you don't but if you do it will use it)	04:14
=== erichammond1 is now known as erichammond
Datz	no, for either	04:15
chrismsnz	ok	04:15
chrismsnz	you're running 10.04?	04:15
Datz	yes	04:16
chrismsnz	type "status cron"	04:16
Datz	ok	04:16
Datz	status: Unable to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory	04:16
Datz	this is a VM btw	04:16
Datz	don't know if it would matter in this case	04:17
chrismsnz	no... is it a normal server install?	04:17
Datz	yes	04:17
Datz	Linux VMserv 2.6.32-24-server #39-Ubuntu SMP Wed Jul 28 06:21:40 UTC 2010 x86_64 GNU/Linux	04:17
chrismsnz	does "ps -ef \| grep cron" show you anything? is it running?	04:18
Datz	yes	04:18
Datz	root 757 1 0 Aug21 ? 00:00:01 cron	04:18
Datz	datz 30006 27262 0 02:34 pts/0 00:00:00 grep --color=auto cron	04:18
chrismsnz	okay	04:19
chrismsnz	show me the crontab line you used to schedule the task	04:19
Datz	I just used this for testing: * * * * * date > /tmp/foo.log	04:20
Datz	nothing in /tmp/ yet	04:20
chrismsnz	ok one sec, just going to check a box	04:22
Andre_Gondim	Datz, try /3 * * * date > /tmp/foo.log	04:22
chrismsnz	try restarting the cron daemon in the meantime "restart cron"	04:22
Andre_Gondim	every 3 minutos	04:22
Datz	Andre_Gondim: I'll add that one as well	04:22
Andre_Gondim	and reload the cron liek chrislabeard said	04:22
Datz	I'm getting the same error I got with status	04:23
chrismsnz	ok	04:23
chrismsnz	try restarting dbus	04:24
chrismsnz	"restart dbus"	04:24
chrismsnz	then "restart cron"	04:24
Datz	should I try to restart cron with /etc/init.d/cron restart?	04:24
Datz	ok	04:24
chrismsnz	Datz: i don't know any more - half the friggen system is on upstart and half isn't	04:24
Datz	it holds up on restart	04:24
Andre_Gondim	Datz, yes	04:24
Datz	kk	04:25
chrismsnz	i'm testing these commands on a lucid box as i'm advising you, though :)	04:25
chrismsnz	yeah the init.d file just restarts it via upstart anyway	04:25
Datz	ah	04:25
Datz	yea	04:25
=== twister004_ is now known as twister004
Datz	well I never restarted the system after some updates, and it keeps asking for a restart.. might this create a problem?	04:26
Datz	humm, well now there is a foo.log :P	04:26
Datz	so I think restarting cron worked :)	04:27
Datz	maybe I should restart ....	04:27
chrismsnz	yeah...	04:27
Datz	heh hehe	04:27
Datz	thanks	04:27
chrismsnz	i've had dbus die after an update	04:27
Datz	ah	04:27
chrismsnz	whole system seems to run on it now hehe	04:27
Datz	well.. bb in a few thanks again	04:27
Datz	ah	04:27
chrismsnz	cool	04:27
Tim_R	I have a question about doing virtual ethernet onto my server how would I do that? I also got virtual hosting on couple pages how would I set all this up	04:32
chrismsnz	you mean having aliased IP addresses on the same interface?	04:33
Tim_R	yes	04:33
chrismsnz	ok	04:34
chrismsnz	Here's a good howto on adding alias's for an interface and how to configure them correctly to be permanent	04:35
chrismsnz	http://www.cyberciti.biz/tips/ubuntu-linux-creating-ethernet-alias-for-eth0-network-device.html	04:36
chrismsnz	However!	04:36
chrismsnz	If you just want it for virtual web hosting, you'll be better off relying on apache's virtualhost configuration	04:36
Tim_R	well see I have virtual hosting now on my server	04:37
Tim_R	alright thanks chris for your help	04:40
chrismsnz	:o	04:40
tf2ftw	anyone have any experiance with MAMP and enabling htaccess?	04:42
chrismsnz	i don't use mamp, but the apache config to enable it should be the same	04:44
tf2ftw	the problem im having is rewrite is not working	04:47
tf2ftw	let me get the file one sec	04:47
tf2ftw	its httpd.conf correct?	04:50
chrismsnz	the htaccess file is usually ".htaccess"	04:50
chrismsnz	httpd.conf configures the server	04:50
tf2ftw	i mean to enable mod_rewrite	04:50
chrismsnz	I'm not sure how mamp has it set up	04:51
chrismsnz	yeah httpd.conf	04:51
chrismsnz	(probably_	04:51
tf2ftw	looks like MAMP loads a mod_rewrite.so	04:52
tf2ftw	ffffuuuuu they have AllowOverride in more than one place in httpd.conf and you have to enable all of them	04:54
chrismsnz	oh, weak	04:54
chrismsnz	you should just be able to enable it for your "location"	04:55
chrismsnz	htdocs or whatever	04:55
tf2ftw	hmm yeah I enabled it with an apache restart still no joy... still digging	04:55
tf2ftw	ah so you can use a ".htaccess" file in another name using AcessFileName. That would be good for security?	04:57
tf2ftw	do i have to have the htaccess file in the root of my web server or can i just use it in the dir im working in (ex /htdocs/site1/) ?	04:59
tf2ftw	Its always worked for me just having it in teh working dir.	05:00
chrismsnz	should be in the dir your working in	05:00
tf2ftw	chrismsnz, why would httpd.conf be empty in /etc/apache2/httpd.conf ?	05:21
twb	tf2ftw: because most stuff happens in the .d's	05:22
tf2ftw	is that in sites-enabled?	05:22
chrismsnz	tf2ftw: twb is right, if your setting it up on ubuntu/debian	05:22
tf2ftw	yeah its ubuntu	05:23
twb	chrismsnz: if it was C5 it'd be /etc/httpd :-/	05:23
twb	Stupid apache people think theirs is the only httpd	05:23
chrismsnz	yeah he was talking about mamp before	05:23
tf2ftw	well looks like i might have found my htaccess problem	05:23
tf2ftw	the script itself	05:23
tf2ftw	does this look right? http://pastebin.com/F3UJ1a5k	05:24
chrismsnz	not a regex expert, but the second ^ doesn't make sense to me?	05:25
tf2ftw	let me look into that	05:26
chrismsnz	well it's supposed to indicate the beginning of a string, so it doesn't make sense to have it in the brackets there when you're matching any character for the file name	05:27
chrismsnz	again, not 100%	05:27
chrismsnz	a rewrite of mine looks like this:	05:28
chrismsnz	RewriteRule ^.*$ /index.php [NC,L]	05:28
tf2ftw	you are correct about the second ^	05:28
chrismsnz	so try changing yours to "RewriteRule ^.+\.html$ /$1.php [QSA,L]"	05:29
chrismsnz	err you need the brackets actually to capture	05:30
chrismsnz	RewriteRule ^(.+)\.html$ /$1.php [QSA,L]	05:30
tf2ftw	aha!	05:31
tf2ftw	take that "/" out before $1 and you are a winner	05:31
tf2ftw	Thanks	05:31
tf2ftw	The strange thing is i copied this htaccess file from another project that was working.. i might have copied the wrong one (obviously)	05:32
tf2ftw	thanks	05:32
chrismsnz	_b	05:33
tf2ftw	here is something weird, this htaccess works on my local MAMP but not my Ubuntu apache2..	05:34
tf2ftw	getting an Internal Server Error	05:34
chrismsnz	check the error log it normally sheds a little more light	05:34
tf2ftw	".htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration"	05:36
chrismsnz	heh	05:37
tf2ftw	check this out, how the folder is not showing up on the web server	05:37
chrismsnz	"sudo a2enmod rewrite"	05:37
chrismsnz	then restart apache	05:38
tf2ftw	you nailed it again. shit im going to have to start paying you	05:38
tf2ftw	o.O	05:38
tf2ftw	luckily i am at the end of my server journey here (i hope)	05:39
chrismsnz	hehe, already getting paid but considering going consulting next year	05:40
tf2ftw	good for you man. I took the jump recently.	05:40
tf2ftw	this server is great for keeping everything on one box. no more passing thumb drives or emails.	05:41
chrismsnz	yeah, testing the waters here in NZ to see if I can make a living as a python/django dev & sysadmin	05:42
tf2ftw	good luck.	05:42
tf2ftw	ok im checking out. Thanks again	05:43
ohzie	MDADM: Who are the experts? =D	06:00
uvirtbot	New bug: #627227 in apache2 (main) "ChrootDir(mpm_common) and DocumentRoot issues" [Undecided,New] https://launchpad.net/bugs/627227	06:01
chrismsnz	shout out, if someone's around they'll let ya know :)	06:09
chrismsnz	what's your prob?	06:09
ohzie	Trying to figure out if I can do raid 6 with more than two parity volumes, also spreading parity blocks redundantly across drives instead of having specific drives handle it. I'm very new to software raid, and not sure how to procede. =D	06:11
chrismsnz	cool	06:11
chrismsnz	well, you'll be happy to know that raid5 and raid6 have distributed parity, not dedicated disks	06:11
ohzie	I did look over the manual, and I'm under the impressive from a combination of the man file and the linux-raid wiki that I can define parity drives with -spare, but I wanted to talk to someone who has done it before I've done it.	06:11
ohzie	before I do it*	06:11
ohzie	chrismsnz, Sweet!	06:12
ohzie	Then I think I read it wrong and that -spare is probably not what I thought it was.	06:12
chrismsnz	a spare isn't a parity drive, it's a drive that is inactive until there's a problem with the array - at which point it will jump in and start reconstructing	06:14
ohzie	chrismsnz, That's automatic?	06:14
ohzie	Not even pillar does that crap	06:15
ohzie	Why the hell am I using Pillar	06:15
chrismsnz	what the hell is pillar D:	06:15
chrismsnz	ah, san/nas brand	06:15
ohzie	It's awesome	06:15
ohzie	but it doesn't do that	06:15
ohzie	I mean if we needed the iops I'd understand, but we really don't.	06:16
chrismsnz	i think it probably does, they might call it something different	06:16
chrismsnz	hot-spare is the other common name	06:16
ohzie	When a drive failed in one of our bricks, I had to come in on a sunday to plug the new one in. :3	06:16
chrismsnz	yeah, obviously it has to be configured as a spare at first - remember it's completely unused until there's a problem	06:17
chrismsnz	how many disks are we talking?	06:18
ohzie	I'm thinking 20.	06:19
chrismsnz	linux supports raid5 and raid6, but depending on the circumstances I normally lean towards Linux raid 10 or raid 1 + 0	06:19
ohzie	It depends on what they want to pay for.	06:19
ohzie	Between 10 and 20	06:19
ohzie	with the auto-rebuilding, i might be able to sell them on more	06:19
ohzie	with raid 6 can you have more than one backup of a parity block?	06:20
ohzie	like, losing three drives instead of two?	06:20
ohzie	or is more redundancy required for that?	06:20
chrismsnz	here's a big entry on raid levels http://en.wikipedia.org/wiki/RAID	06:20
chrismsnz	covers everything including linux's non-spec raid 10	06:21
chrismsnz	ohzie: not sure about that	06:21
chrismsnz	you can specify whatever redundancy you like with linux special mdraid 10 http://en.wikipedia.org/wiki/Non-standard_RAID_levels#Linux_MD_RAID_10	06:22
chrismsnz	ohzie: are you building an appliance?	06:22
ohzie	chrismsnz, Yes. :D	06:22
ohzie	Basically they want more storage in one of our locations, but they don't want to spend 80 thousand dollars on starting another pillar	06:23
chrismsnz	ohzie: you should play with FreeBSD and ZFS	06:23
chrismsnz	Linux has btrfs in the pipeline which is looking good, but not fully baked yet	06:23
chrismsnz	http://en.wikipedia.org/wiki/Zfs ZFS is awesome at managing massive amounts of storage	06:25
chrismsnz	under linux I'd probably set up the underlying RAID comprising all of the disks and plop a flexible LVM scheme on it	06:26
cerberos	I've got a new ubuntu server 10.04 VPS and I can't get ssh to work with keys (I've been trying on and off for days). my key is /root/.ssh/authorized_keys/id_rsa.pub - here is /etc/ssh/sshd_config http://dpaste.com/236672/	06:40
cerberos	doh, authorized_keys is a file	06:58
kaushal	hi	08:47
kaushal	can i get help regarding xen on Ubuntu Server ?	08:47
kaushal	or is there a irc channel for xen on Ubuntu ?	08:47
jpds	kaushal: #ubuntu-virt ? As far as I know, KVM is the only supported option.	08:48
kaushal	ok	08:48
kaushal	jpds: I am looking out for vmlinuz-2.6.32-24.xen and initrd.img-2.6.32-24.xen	08:49
kaushal	Cannot join to channel #ubuntu-virt (You must be invited)	08:49
kaushal	jpds: sorry about asking basic question	09:00
kaushal	so xen type is KVM ?	09:01
kaushal	not sure i understand that	09:01
jpds	kaushal: KVM is a different virtualisation technology.	09:02
twb	KVM is hardware virtualization. Xen is paravirtualization (though it will fall back to full virtualization).	09:02
kaushal	ok	09:03
kaushal	so whats the difference between them ?	09:03
twb	The difference is in how virtualization is done.	09:03
kaushal	twb: Thanks	09:09
imyousuf	Hi	09:31
imyousuf	I am trying to install sun-java6-jdk because Cloudera Distributed Hadoop has it as dependency, but I can't because of dependency failure	09:31
twb	In Lucid, Sun Java is in the "partners" repo. Have you enabled it?	09:32
imyousuf	twb: let me check	09:32
twb	(Incidentally, if you're trying to make proprietary "enterprise" crap work on linux, you might as well just shoot yourself now. It's NOT FUN.)	09:33
imyousuf	twb: CDH is Open Source :) they contribute back to Apache AFAIK	09:34
twb	Everybody says that; I believe them when Debian ftpmasters allows it through the NEW queue.	09:35
imyousuf	:-D	09:35
twb	FWIW, "wnpp-check hadoop" has no hits	09:36
\sh	moins	10:02
siretart	\sh: OK	10:03
\sh	siretart, cool...I just found the discussion about the freeze exception for fai	10:04
\sh	siretart, http://www.mail-archive.com/ubuntu-motu@lists.ubuntu.com/msg04598.html but I don't read anything about a granting ;)	10:04
siretart	\sh: there wasn't much disagreement either.	10:07
siretart	ah, you mean it would annoy someone if we broke FF for fai?	10:07
\sh	siretart, yes...but when we use the discussion from that time as a "granted FFE for FAI"...I'm happy to upload	10:08
\sh	siretart, and only today I got a message on fai-linux that the PPA packages are working	10:09
=== twister004__ is now known as twister004
siretart	oh, what a shame	10:10
siretart	\sh: TBH, I'd say just upload. the risk of breaking other unrelated packages is neglectable AFAIUI.	10:11
siretart	in terms of: 0	10:11
\sh	siretart, it won't break anything...	10:11
\sh	well, I'll prepare maverick packages + add the pointer to the ml archive for documentation...:) at the same time I'll do an FFe report for zend-framework ;)	10:12
siretart	cool!	10:12
qiyong	reload squid	10:25
qiyong	reload: Unknown instance:	10:25
=== rew is now known as drurew
drurew	anyone a cacti genious here? ; Im having a wierd problem where my graphs restart collecting at @ 2am..	10:32
twb	Most people here are humans.	10:33
twb	Or at least anthropoids	10:33
twb	(Oops.)	10:33
=== rew is now known as drurew
drurew	hey twb...	10:35
twb	wot?	10:37
drurew	"hey" as in "drurew waves to twb"	10:38
soren	jdstrand: It seems that the libvirt packaging branch finally has been succesfully imported. Do you want to start using it for our packaging work?	10:42
=== twister004_ is now known as twister004
Zikey	Hi, I'm running ubuntu 8.04LTS raid1 (MD+LVM), the first drive died, can I directly replace the first drive by a new one and boot up ?	11:28
Zikey	I'm affraid of what will happen when ubuntu will find a new empty drive as the first drive, will it automatically ID it and replace it as /dev/sda, or will it create a /dev/sdc ? (/dev/sdb being the healthy disk)	11:30
twb	Zikey: that depends how grub is configured on the second drive	11:30
Zikey	it's lilo	11:30
twb	Zikey: basically, you can't rely on it working	11:30
twb	Well, lilo I can't comment on	11:30
twb	lilo doesn't work with LVM reliably anyway	11:30
twb	(Since lilo remembers block offsets into the disk, and LVM can move extents around.)	11:31
Zikey	with 8.04 we didn't have a change to install grub that didn't work with lvm	11:31
twb	Zikey: that's because you tried to put /boot on LVM on RAID, which is 1) stupid; and 2) not supported by grub.	11:31
Zikey	k	11:31
twb	Note that this can happen accidentally due to a bug in d-i in 8.04	11:31
Zikey	unfortunately I didn't have the choice	11:32
\sh	siretart, bug #627337	11:32
uvirtbot	Launchpad bug 627337 in ubuntu "[FFE] FAI 3.4 for Ubuntu Maverick" [Undecided,New] https://launchpad.net/bugs/627337	11:32
twb	(Namely: if you allocate /boot to md0 in partman, then configure LVM, it will forget about md0's configuration, go through the WHOLE install, then put /boot in with LVroot and force lilo.)	11:32
Zikey	can i boot the 8.04LTS server by pressing some key to drop in command line without starting everything ?	11:32
NightDragon	hello all	11:32
NightDragon	a quick question if you dont mind	11:32
twb	Zikey: well, you can boot with "single" which will give you a root shell.	11:32
NightDragon	i'm getting an errror after setting up cups as a server,	11:33
Zikey	twb, how do you do that ?	11:33
twb	Zikey: it's usually the second option in the bootloader "rescue"	11:33
NightDragon	Request from "129.93.xxx.xxx" using invalid Host: field "xxxx.xxx.edu:631"	11:33
Zikey	what do I need to type when LILO boot ?	11:33
NightDragon	(xxx's are censored of course)	11:33
twb	Zikey: otherwise, manually add "single" to the boot parameters, however that is done	11:33
NightDragon	when i try to axs the website, i get a '400 bad request', the website being the cups web admin page	11:33
twb	Zikey: I haven't used lilo this millenium, so I don't remember	11:33
twb	NightDragon: "censoring" a public IP isn't exactly going to protect you	11:34
NightDragon	i know.	11:34
NightDragon	matter of habit.	11:34
twb	Bloody daft habit	11:34
NightDragon	better safe then sorry mate	11:34
NightDragon	oh look	11:35
NightDragon	i fixed my own problem :X	11:35
NightDragon	sorry guys	11:35
NightDragon	lol	11:35
twb	I expect you fat-fingered the URL in your browser	11:35
NightDragon	no, actually i added the magic line in my conf file	11:37
NightDragon	(some line that was apparently needed)	11:37
NightDragon	in any case, while i'm here... does anybody know of anything that can enable one to get some really good control over printing on a print server? something that extends the basic functionality of CUPS perhaps?	11:38
twb	Yeah, thingy	11:38
twb	Some guy in europe makes it...	11:38
twb	pykota, that's it	11:39
NightDragon	twb: narrows it down a bit. :-P	11:39
twb	It's really annoying to work with, but AFAIK nobody else has much along those lines	11:39
twb	It does stuff like rasterizing the page and calculating ink usage	11:39
NightDragon	actually, i think i've heard of this	11:40
twb	And per-user ink/paper printing allowance, of course.	11:40
NightDragon	yeah, kinda lame that they want to almost charge you for documentation	11:41
twb	I think I basically said "I don't want to deal with this, give it to an intern to deploy"	11:43
NightDragon	lol	11:43
NightDragon	actually, i have a question for you	11:43
NightDragon	i'm really sick and tired of our office (of which i'm the SA) having direct printing capabilities to all of the printers in the office	11:44
NightDragon	the results of which are some pretty stupid crap	11:44
NightDragon	...such as the fact that lordy help us if an IP gets changed inadvertantly, etc	11:44
twb	So move the printers to a new subnet and have the router block it	11:45
twb	*block access to it	11:45
NightDragon	...or i have to log on as adminstrator (a PITA in XP) to add a printer	11:45
NightDragon	...or when some fucktard prints off a thousand page job to the printer i use (a color printer, which happens to be located right next to me)	11:45
NightDragon	so my question... i want to convince my boss to move to a cups/samba print server. What are the talking points of this (advantages, disadvantages, etc)	11:46
NightDragon	, and what should i really know that i might not already? :)	11:46
twb	SPOF	11:46
NightDragon	yeah	11:46
NightDragon	it has to be failproof	11:46
twb	Versus the administrative cost of you having to go around fixing people's printer configs	11:47
NightDragon	if i work with a single print server, can i (1) add printers to the server, and have it reflect regionally across many users?	11:47
twb	Yes	11:47
twb	Er, depends what you mean by "regionally"	11:47
NightDragon	2) can i assign users into groups, and give them access to different printers depending on their groups	11:47
NightDragon	(i cant say 'globally' if i'm going to segment by groups lol)	11:48
twb	I think so; I haven't done it myself	11:48
NightDragon	ooh :D	11:48
twb	Obviously it'd also depend on whether you were going via IPP or Samba or both	11:48
NightDragon	samba	11:48
NightDragon	that way, it will use NT domain authentication for the usernames, wont it?	11:49
twb	So you have a homogeneous Windows network?	11:49
NightDragon	NTLM?	11:49
twb	I imagine s	11:49
twb	*so	11:49
NightDragon	yeah, we sit within a windows domain	11:49
* NightDragon is the stubborn bastard who will shoot himself before he picks a windows server over a good *nix server		11:49
NightDragon	come hell or high water lol... i hate working at a windows workstation as much as it is	11:50
NightDragon	well this is all moot, if you use samba you can authenticate over various things, including LDAP (which means AD), even if your not using NTLM directly	11:50
NightDragon	but question (4): Can you do cool things in cups like say... "users can print to this printer, but their jobs must have at least these many pages"	11:51
twb	Samba can talk to AD, but it can't be AD except in Samba 4.	11:51
twb	I don't know.	11:51
twb	Talk to #cups or so	11:51
NightDragon	and question 5) Can you add imaging scanners into a print server? we have a really slick high-cap, high-speed scanner... and it would be nice to be able to network that so everyone can use it	11:52
twb	ditto	11:52
NightDragon	idd	11:52
NightDragon	well this is good stuff	11:52
NightDragon	ty	11:53
twb	No worries	11:53
NightDragon	of course, there is one added benefit to having a cups server... no waiting for 20 minutes while joe tool over there completes his book job	11:55
NightDragon	>:)	11:55
=== twister004__ is now known as twister004
ttx	ScottK: re: cobertura-maven-plugin, I'll have a look -- however my maven foo is intentionally limited.	12:10
=== twister004_ is now known as twister004
=== xfaf is now known as zul
Zikey	do you know if mdadm support replacing a raid 1 disk with a higher capacity one ?	13:21
Zikey	basically can mdadm do raid1 with two differents disks size ?	13:21
Pici	I believe its limited to the smallest disk size.	13:22
Zikey	k	13:22
patdk-wk	yep	13:22
Zikey	I'm stuck, I boot up the livecd, got a terminal	13:22
Zikey	unfortunately mdadm is not running	13:22
Zikey	when I install/run it it doesn't detect my array	13:23
twb	Zikey: don't use ubuntu desktop CD for recovery, it sucks	13:39
twb	Find something that at least has mdadm and lvm pre-installed in the live CD	13:39
twb	And yes: RAID1 of inequal nodes will use the smallest node size.	13:40
NightDragon	,	13:48
Zikey	When i run fsck on the filesystem, it says the fs is clean right away, is there any way to force it to verify it ?	13:54
patdk-wk	-f	13:54
Zikey	thx :)	13:54
patdk-wk	man fsck :)	13:54
Zikey	there is no -f in the man :(	13:55
Zikey	(ubuntu 8.04 LTS server)	13:55
patdk-wk	odd	13:55
patdk-wk	fsck --help :)	13:56
Zikey	doesn't work either :)	13:56
patdk-wk	it does on my 8.04 server	13:57
twb	In what way does it "not work"?	13:57
Zikey	not from the livecd it gives me an error (can not try again since it's checking now)	13:58
Zikey	I will tell you the error when done :)	13:58
Zikey	done	13:59
Zikey	no error, it just gives me: fsck 1.40.8 (13-Mar-2008)	14:00
Zikey	when i enter: fsck --help	14:00
patdk-wk	must be a livecd thing, I am doing this on a live system	14:01
twb	That's a really old CD	14:01
twb	fsck here is 2.17.2	14:01
patdk-wk	1.40.8 on my 8.04 system	14:01
twb	Huh, ok	14:02
Zikey	anyone every tried to replace a raid1 disk of an array (mdadm+lvm2) ?	14:05
Zikey	I wonder if it's that easy to remove the first disk and put a new one	14:05
Zikey	do you know if 8.04 support hot disk swapping ? can I remove the first disk and replace it while the system is running ?	14:09
jdstrand	soren: if it actually works and has a sane workflow, sure	14:13
soren	jdstrand: Does bound branches+dch+debcommit count as sane for you?	14:14
patdk-wk	heh, hotswapping is a hardware issue, really	14:14
jdstrand	soren: sure, assuming it works :)	14:15
twb	patdk-wk: not just hardware	14:15
* jdstrand is slightly jaded		14:15
soren	jdstrand: We can always try and fail miserably.	14:15
zul	slightly? :)	14:15
soren	jdstrand: :)	14:15
patdk-wk	ya, but linux has supported hotswapping drives for a while now	14:15
jdstrand	:)	14:15
twb	Buses that don't support hot-swapping natively sometimes have non-standard vendor hacks to add it, and that requires a Linux driver for that vendor	14:15
twb	(Unless it's handled entirely in the hardware RAID card, in which case You Win!)	14:16
patdk-wk	I do it on non-supported busses too, just force a bus reset after I swap	14:17
Jeeves_	echo	14:19
Jeeves_	echo '- - -' > /sys/block/dev/blah/host/blah/scan	14:20
Jeeves_	orso :)	14:20
tynot	anyone know the syntax to open port 5900 for VNC server?	14:24
patdk-wk	run the vpn server?	14:24
patdk-wk	if you mean firewall, guess it depends on what you use to manage your firewall	14:24
tynot	nope. ubuntu's on a local network. just trying to vnc to it from a mac.	14:25
patdk-wk	heh? no firewall?	14:26
binBASH	living on the edge	14:26
patdk-wk	in my case, hope you trust your coworkers, or family :)	14:26
tynot	just for remote admin locally.	14:26
soren	jdstrand: Alright, I think we're all set. I've just pushed a couple of changes.	14:32
zul	kirkland: ping when you are around?	14:37
tynot	anyone? can't get vine vnc to run on a MacBook Pro in LAN.	14:39
jdstrand	soren: ok, so we are talking about lp:ubuntu/libvirt?	14:41
soren	jdstrand: We are.	14:41
soren	jdstrand: is that ok?	14:49
jdstrand	soren: as much as I understand udd, sure -- I just wanted to make sure we were on the same page. I'm grabbing the branch now	14:50
tynot	anyone care to share how to setup and run vncserver locally?	14:50
soren	jdstrand: It's pretty simple, really.	14:50
tynot	vnc4server's already installed and running?	14:50
soren	jdstrand: When you check it out, you "bzr checkout lp:ubuntu/libvirt".	14:50
soren	jdstrand: If you've already branched it, you can "bzr bind lp:ubuntu/libvirt"	14:51
soren	jdstrand: That does the same thing.	14:51
* jdstrand nods		14:51
tynot	soren, thx. that's the syntax to run it from a client or server side?	14:51
soren	jdstrand: Oh, in the latter case, you also do a "bzr update" after binding, just in case. Otherwise it gets a bit confused.	14:51
soren	tynot: huh?	14:51
soren	tynot: Er... Talking to jdstrand about something completely different :)	14:51
tynot	I've both a MacBook Pro and a Windoze 7 PC trying to run Vine and UltraVNC, respectively.	14:52
soren	jdstrand: So, you make a change and use dch to add an entry to the changelog about it.	14:52
soren	jdstrand: like so: dch "whatever you want to be in debian/changelog"	14:53
tynot	sorry for the confusion, folks	14:53
soren	jdstrand: When you've done that, you run debcommit.	14:53
soren	jdstrand: This commits it to bzr with a commit log entry based on the debian changelog.	14:53
soren	jdstrand: Being a bound branch, this change is pushed to launchpad immediately.	14:53
soren	jdstrand: Once we want to roll a new upload, one of use will run "dch --release" which updates the timestamp in the changelog, and replaces "UNRELEASED" with "maverick" in the changelog.	14:54
soren	jdstrand: after that, you run "debcommit --release".	14:54
soren	jdstrand: This pushed the changes to the bzr branch and makes a tag.	14:55
soren	jdstrand: Once this succeeded, you build the source package and upload.	14:55
soren	jdstrand: It sounds tedious, but it's really a quite delightful workflow if more than one person is working on a package.	14:56
jdstrand	thanks for the explanation. I've only ever tried the udd thing with merges, and always had trouble with it	14:56
tynot	vnc, anyone?	14:56
jdstrand	soren: it is basically the same workflow I've used on other stuff with a bzr branch, except the debcommit parts	14:57
soren	tynot: What are you trying to do?	14:57
jdstrand	soren: so it should be quite comfortable	14:57
jdstrand	soren: how is the tag used in LP?	14:57
soren	jdstrand: I'm not sure it is, really.	14:58
soren	jdstrand: Well, you can see it in loggerhead.	14:58
tynot	soren, uh, not be in front of the linux console? just trying to admin the ubuntu server locally from a floor below me through vnc.	14:58
Zikey	If you change a disk (/dev/sdb) with another one, will it be mounted by default as /dev/sbc (because udev will keep /dev/sdb for the previous one) ?	14:59
Lichte	I just installed mysql-server and client and set the root password during setup, but I get this when I try 'mysql -u root -p' : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ; How do I get logged into mysql ???	14:59
soren	tynot: Why do you think you need vnc?	14:59
jdstrand	hallyn, kirkland: hey. fyi ^ please note we are going to try udd (Ubuntu Distributed Development) with libvirt. if you are unfamiliar with it, soren just gave a really good explanation of the workflow	14:59
soren	tynot: ssh is what you need, mate.	15:00
tynot	soren, clients are a Windoze 7 PC and a MacBook Pro. Either of them would be great to setup. I've UltraVNC on the PC and Vine on the MacBook. I don't know that I need VNC. I'm not married to it, although we're stuck in a PC world here without too much time.	15:01
soren	tynot: so stop wasting time on vnc and install ssh. It's all you need.	15:01
tynot	soren, ssh for Windoze?	15:02
zoopster	tynot: came in late, but just use putty on the win7 pc and native terminal ssh from OSX	15:02
zoopster	tynot: assuming you want to ssh into ubuntu server from those clients	15:02
soren	tynot: The idea of <insert whatever here> for Windows is a bit foreign to me, but I know for a fact that there are ssh clients for Windows.	15:03
tynot	I don't mind so long as we get a gui. Not adept enough to get around in a command line world anymore. I've already forgotten most of that stuff, unfort. VI was hell.	15:03
soren	tynot: You don't get a gui.	15:04
soren	tynot: If you want a gui, this is the wrong channel.	15:04
tynot	bye	15:04
soren	jdstrand: In fact, I'll roll a release straight away. The patch I added was just ACK'ed upstream, so I might as well.	15:05
jdstrand	cool beans	15:05
hggdh	Daviey: got a question re. euca2ools and Maverick	15:05
zul	hggdh: no	15:06
hggdh	Daviey: and good morning/afternoon	15:06
hggdh	zul: oh yes	15:06
hggdh	:-)	15:06
zul	hggdh: no really...no	15:06
hggdh	zul: absolutely yes. Just a small, tiny really, question	15:06
Daviey	hggdh: o/	15:07
soren	jdstrand: I suck.	15:07
hggdh	Daviey: bug 615442 -- would this be fixed on 1.3? Just asking, I intend to check on it	15:07
uvirtbot	Launchpad bug 615442 in euca2ools "euca-describe-users fails with ImportError: No module named euca_admin.users" [Medium,New] https://launchpad.net/bugs/615442	15:07
Lichte	I just installed mysql-server and client on 10.04 Server and set the root password during setup, but I get this when I try 'mysql -u root -p' : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ; How do I get logged into mysql ???	15:08
Daviey	hggdh: I don't think that bug is directly related to eucatools... i think it's eucalyptus	15:08
todd	Lichte: did you set a root password when you installed mysql?	15:09
Daviey	hggdh: But can be fixed with what we have already.	15:09
todd	Try without the -p and see if it lets you in.	15:09
hggdh	Daviey: I had a look at the eucalyptus source, and there is ./clc/tools/src/euca_admin that seems to have the imports, but not quite as python would like them	15:10
Lichte	todd: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)	15:10
soren	jdstrand: The quilt source packages are special. When I add a patch, I need to add it both to debian/patches /and/ apply it to the source tree.	15:11
hggdh	Daviey: one thing that I would like to have is euca-add-user (intead of going to the web interface)...	15:11
Daviey	hggdh: This is indeed the case... it's an issue that has been deferred whilst i waiting for upstream to land a patch i sent them	15:11
hggdh	Daviey: oh, OK. I am happy now	15:11
hallyn	jdstrand: alright, thx for the heads-up	15:11
Daviey	hggdh: We will have that working..	15:12
soren	jdstrand: Uploaded. Let's see what happens.	15:16
soren	jdstrand: Oh, bleh, we're frozen, aren't we?	15:16
jdstrand	soren: for beta yeah	15:16
soren	jdstrand: Oh well.	15:16
jdstrand	it'll get in after	15:17
soren	zul: do you happen to know the state of Xen dom0 in Maverick?	15:18
Lichte	damn, am I going to have to go back to 9.10 /	15:19
zul	soren: non existant	15:19
zul	soren: its something you will have to coble yourself	15:19
smoser	Daviey, euca-add-user is broken ?	15:20
Daviey	smoser: Depends..	15:20
Daviey	smoser: I think it is working on the CLC	15:20
smoser	ah.	15:21
soren	zul: Lovely.	15:21
soren	zul: Do you happen to know how Debian's Xen dom0 support is?	15:22
zul	soren: better than ours i think	15:22
daxroc	Afternoon all	15:23
ttx	hallyn: about bug 599342, do you think we can have a fix for the next hours (in time for Beta) or should I unmilestone it ?	15:23
uvirtbot	Launchpad bug 599342 in libvirt "Temporary failure in name resolution" [Medium,Incomplete] https://launchpad.net/bugs/599342	15:23
daxroc	Is the cloud version of ubuntu commercial or is there a free version?	15:23
daxroc	or is it that you pay for the Management console ( landscape )?	15:24
hallyn	ttx: we have a fix, we're waiting for confirmation that it fixes the bug reporter's original problem	15:25
hallyn	i'll ping him one more time i guess	15:25
ttx	daxroc: we don't do commercial. Our cloud "version" is free and open source	15:25
hallyn	i suppose i'd argue that if noone else reports it, and he doesn't care for the fix, then we just leave as is?	15:26
ttx	hallyn: if it makes it before the euca upload/build/respin, then it'll be in beta, otherwise we'll fix it between beta and finalfreeze.	15:26
ttx	I guess we won't respin beta candidate just for this one.	15:27
hallyn	ttx: well the fix is there - should i jsut be proposing it for merge?	15:27
ttx	hallyn: it fixes the bug as far as you reproduced it ?	15:29
ttx	hallyn: looking at it, I think it can wait post-beta.	15:30
hallyn	ttx: i didn't reproduce the bug. it requires mucking with my dns.	15:30
ttx	ok then we'll wait for OP comment, and fix it post-beta. Unmilestoning it.	15:30
ttx	Daviey: that makes your eucalyptus upload the only expected respin, as things stand.	15:32
ttx	so, the earlier, the better.	15:32
hallyn	ttx: for my education, what does 'a respin' entail, in particular on Daviey's part?	15:32
Lichte	I just installed mysql-server and client on 10.04 Server and set the root password during setup, but I get this when I try 'mysql -u root -p' : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ; How do I get logged into mysql ???	15:32
Daviey	ttx: Hmm.. Well - it could be defered to post-beta.. Whilst I really would like as many of the small fixes in beta, it's not gonna kill the show.	15:33
ttx	hallyn: to make it on the ISO, packages uploaded during the freeze need acceptation by release team, building, publishing. Then a new ISO must be built (ISO must be respun), then published to the tracker	15:33
ttx	the whole process can take a few hours	15:34
ttx	Daviey: how many of those would qualify as regressions ?	15:35
Daviey	ttx, possibly 0	15:35
ttx	I was mostly concerned by bug 617053	15:35
uvirtbot	Launchpad bug 617053 in eucalyptus "on upgrade from 1.6.2, euca_upgrade should preserve DISABLE_ISCSI="Y"" [Medium,Fix released] https://launchpad.net/bugs/617053	15:35
ttx	being an upgrade issue	15:35
ttx	fixreleased ?	15:36
Daviey	good point.	15:36
Daviey	ttx: Simple fix, but blocked on a more generic upgrade issue.	15:36
ttx	Daviey: are we expecting upgrades to work with current ? with next upload ? Or after that ?	15:37
Daviey	ttx next upload.	15:39
ttx	ok, then I'd like to get that new euca in.	15:39
Daviey	Whilst i'm not convinced many will be doing the upgrade initially, i'd really like that to be rock solid pre-beta	15:39
=== JanC_ is now known as JanC
ecelis	z/win 3	16:12
* Daviey wonders if he is still "here"		16:28
Zikey	what is the best way to make a perfect clone (identifier+mbr+partition table+data) of a disk on ubuntu ?	16:29
Zikey	dd or ddrescue ?	16:31
patdk-wk	they do the same thing :)	16:32
patdk-wk	ddrescue is just for broken disks	16:32
tynot	softball ? syntax to promote user to admin, por favor?	16:39
ScottK	ttx: Thanks.	16:40
ttx	hggdh, smoser, kirkland, daviey: you have a few old TODOs on the https://blueprints.launchpad.net/ubuntu/+spec/server-maverick-dailytriage spec that you should mark DONE or POSTPONED	16:41
ttx	mathiaz: that was my fear with those "tracking-only" specs: that they are not up to date and they corrupt the rest of the charts and completion rates	16:41
ttx	adding work for the only benefit of getting the regular task in the same common list	16:42
zul	smoser: where is the ttylinux images again?	16:45
* Daviey screams at slow t'internet today.		16:45
Daviey	this is so painful.	16:45
smoser	zul, http://smoser.brickies.net/ubuntu/ttylinux-uec/	16:45
tynot	anyone? realize it's a rudimentary question, but I've forgotten the syntax to promote a user to admin. help, please?	16:46
mathiaz	ttx: hm - I wonder whether it helped people to actually do them	16:47
mathiaz	ttx: ie: does the fact that they show up on the task list made them being worked on	16:47
sherr	tynot: if you mean, add them to the "admin" group - see : man addgroup	16:47
tynot	never mind. got it.	16:47
mathiaz	ttx: if so I'd argue that the experiment was good	16:47
tynot	sherr, thx.	16:47
mathiaz	ttx: I'd argue that getting things done is more important than reporting being accurate	16:48
tynot	needed to give user on linux install admin priviledges is all.	16:48
ttx	mathiaz: the experiment continues :)	16:48
mathiaz	ttx: we shuld work on improving the reporting though	16:48
mathiaz	ttx: should	16:48
mathiaz	ttx: so that it's also useful on the reporting front	16:48
ttx	mathiaz: I'd argue that weekly tasks don't mix that well with tasks that don't have to occur on a specific day	16:49
ttx	(especially weekly tasks that you can potentially miss)	16:49
tynot	sherr, btw, what's the syntax here to address someone (in red) like you've just done to me. irc newbie.	16:49
mathiaz	ttx: true - tasks that should happen on a specific day should go on the calendra	16:50
mathiaz	ttx: IIRC jiboumans created an all event for weekly summaries in our calendar	16:50
mathiaz	ttx: that's another way to do it	16:50
ttx	mathiaz: it kinda conflicts with the event I already have on Monday to take care of it :)	16:51
mathiaz	ttx: lol - same here	16:51
ttx	but yes, calendar events are the way to track weekly-that-you-can-miss type of activity	16:51
qman__	anybody know of a good, recent samba performance tuning guide? everything I'm finding is for very old versions and assumes old network technology	16:53
qman__	my whole network is gigabit and the servers in question have RAID, so I'm dealing with significantly higher speeds than the "Windows 95 and NT" setups mentioned in the guides	16:55
_ruben	hmm .. wonder if i should look into the same, or just be happy with the like 300Mbps or so throughput i currently have	16:57
hallyn	kirkland: are there kvm backports for hardy? (i don't see them in the ubuntu-virt ppa)	16:58
siretart	hm. I'm trying to create a new VM with virt-manager/libvirt both on maverick, but I get an "libvir: Security Labeling error : internal error error calling aa_change_profile()"	16:59
siretart	(typos copied)	16:59
siretart	is this a known issue?	16:59
siretart	btw, I see no apparmor warnings in /var/log/kern.log	16:59
qman__	and of course we have gigs of RAM where they had megs at the time, so throwing another 32k at a buffer here or there is wholly insignificant to the rest of the system, but might speed up transfers	17:00
sbeattie	siretart: by any chance, do you have auditd running?	17:00
smoser	ttx, do you know of any reason why i should not start testing ec2 20100830 ?	17:00
smoser	err.. 20100831	17:00
sbeattie	(it would cause apparmor messages to not appear in dmesg/kern.log out, but rather /var/log/audit/audit.log if you do)	17:01
siretart	sbeattie: no, there is no process running with that name. how to start it?	17:03
siretart	ah, installing the package auditd seems to help	17:04
sbeattie	siretart: no worries, it's not installed by default, wanted to make sure it was the reason you weren't seeing messages.	17:04
sbeattie	err, it wasn't the reason.	17:04
siretart	ah, now I'm seeing these two messages in the audit.log:	17:05
siretart	type=ANOM_PROMISCUOUS msg=audit(1283270700.144:20): dev=vnet0 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295	17:05
siretart	type=ANOM_PROMISCUOUS msg=audit(1283270700.152:21): dev=vnet0 prom=0 old_prom=256 auid=4294967295 uid=118 gid=127 ses=4294967295	17:05
siretart	can someone translate this to english? ;-)	17:05
qman__	vnet0 went in and then out of promiscuous mode	17:07
siretart	and this is something that is not allowed? I want to create a new virtual machine, and eventually start it	17:08
jdstrand	siretart: those messages aren't denials. apparmor denials will still have the familiar 'DENIED' in the output	17:10
=== unreal_ is now known as unreal
jdstrand	siretart: it is just letting you know that the process with uid=118 and gid=127 (presumably libvirt-qemu:kvm) put the vnet0 interface in promiscuous mode	17:11
jdstrand	siretart: do you have the domain xml for the machine you are trying to create?	17:12
siretart	jdstrand: I'm using maverick's virt-manager to create the machine	17:13
siretart	I guess the xml is generated on the fly	17:13
jdstrand	siretart: what is the name of the vm?	17:13
siretart	'debtest'	17:13
jdstrand	siretart: can you paste the output of 'virsh dumpxml debtest'?	17:14
jdstrand	it should already be defined	17:14
jdstrand	(since the failure is in trying to start it)	17:14
siretart	no, it has not been defined yet. this is the step that fails	17:14
siretart	virsh list --all doesn't list any machine	17:14
jdstrand	siretart: are you sure? 'virsh list --all' should show it	17:14
jdstrand	hmm	17:14
jdstrand	maybe virt-manager tries to be smart and undefines on failure...	17:15
jdstrand	siretart: does the libvirt-qemu:kvm user have write permissions to the directory that you are trying to put the disk image?	17:15
siretart	jdstrand: yes, and the image has been created successfully. I've done 'sudo chmod 1777 /var/lib/libvirt/images'	17:16
siretart	it's owned by root:root	17:17
jdstrand	siretart: I'm confused by this statement: "the image has been created successfully", yet you don't have xml?	17:17
siretart	exactly	17:17
siretart	304214 4 drwxrwxrwt 2 root root 4096 Aug 30 21:24 /var/lib/libvirt/images/	17:17
siretart	304331 0 -rw------- 1 root root 8589934592 Aug 30 21:24 /var/lib/libvirt/images/debian.img	17:17
siretart	but no output of virsh list --all	17:18
jdstrand	siretart: you created /var/lib/libvirt/images/debian.img yesterday?	17:18
siretart	yes, I did. via virt-manager connecting to 'localhost'	17:18
jdstrand	siretart: what does /var/log/libvirt/qemu/debtest.log have to say?	17:19
siretart	the unusual part of this setup is that this is actually a kvm virtual machine, that I'm using for my maverick tests. I wanted to see what improvements mavericks brings in the libvirt camp, so I've installed libvirt-bin and virt-manager and tried to setup a qemu VM	17:19
kirkland	zul: yo!	17:20
siretart	that logfile contains the commandline to qemu, and "libvir: Security Labeling error : internal error error calling aa_change_profile()"	17:20
siretart	(the typo in 'libvir' is actually there)	17:21
jdstrand	siretart: I'm not 100% sure virt-manager can be used in this way...	17:21
jdstrand	siretart: can you paste the full command line?	17:21
siretart	LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/qemu -S -M pc-0.12 -no-kvm -m 496 -smp 1,sockets=1,cores=1,threads=1 -name debtest -uuid 1e6f1921-e986-84c3-9d4e-9c52c20fa7be -nodefaults -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/debtest.monitor,server,nowait -mon chardev=monitor,mode=readline -rtc base=utc -no-reboot -boot d -drive file=/var/lib/libvi	17:21
siretart	rt/images/debian.img,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=/var/lib/libvirt/images/debian-testing-i386-netinst.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -device rtl8139,vlan=0,id=net0,mac=52:54:00:ac:04:8e,bus=pci.0,addr=0x3 -net tap,fd=27,vlan=0,nam	17:21
siretart	e=hostnet0 -chardev pty,id=serial0 -device isa-serial,chardev=serial0 -usb -device usb-tablet,id=input0 -vnc 127.0.0.1:0 -vga cirrus -device AC97,id=sound0,bus=pci.0,addr=0x4 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5	17:21
siretart	jdstrand: in what way? connecting to localhost and create a qemu VM?	17:21
jdstrand	siretart: importing an existing image	17:22
jdstrand	it might, I just don't know	17:22
siretart	well, the gui offered me that	17:22
jdstrand	ok	17:22
siretart	I can also delete and retry it, but I do remember that the error message was exact the same the first time I've tried that	17:22
jdstrand	siretart: can you paste the following: cat /etc/apparmor.d/libvirt/libvirt-1e6f1921-e986-84c3-9d4e-9c52c20fa7be*	17:23
siretart	sure: cat: /etc/apparmor.d/libvirt/libvirt-1e6f1921-e986-84c3-9d4e-9c52c20fa7be*: No such file or directory	17:23
siretart	root@siretart-desktop:/var/log/audit# find /etc/apparmor.d/libvirt/ -ls	17:24
siretart	656106 4 drwxr-xr-x 2 root root 4096 Aug 30 21:20 /etc/apparmor.d/libvirt/	17:24
siretart	656107 4 -rw-r--r-- 1 root root 164 Aug 25 21:44 /etc/apparmor.d/libvirt/TEMPLATE	17:24
jdstrand	siretart: my feeling is this suggests no xml and virt-manager/libvirt is not erroring out in the right place and we aren't getting a useful error	17:27
jdstrand	siretart: can you file a bug with exact steps to reproduce. please file it against virt-manager for now	17:27
jdstrand	siretart: if it is somewhere else, we can move it	17:27
siretart	instructions are easy: install maverick, install virt-manager and libvirt-bin, try to install debian squeeze via netinst iso	17:28
jdstrand	siretart: you already said that you did something 'different' though	17:28
jdstrand	siretart: you used an existing image	17:28
=== dendrobates is now known as dendro-afk
siretart	I'm removing it and try with a new one	17:29
jdstrand	siretart: we need all those differences. virt-manager is confirmed to work with an iso install	17:29
=== dendro-afk is now known as dendrobates
siretart	yepp, I've now tried with creating a new image, exactly the same problem	17:30
jdstrand	siretart: please file a bug	17:31
kirkland	hallyn: there's a kvm-84 for hardy	17:38
kirkland	hallyn: we can't backport much beyond that as we dropped the dkms kernel module from the kvm package build	17:39
kirkland	hallyn: i know our kernel team are supposed to be publishing backported kernels soon	17:39
siretart	jdstrand: Bug #627514	17:40
uvirtbot	Launchpad bug 627514 in virt-manager "[maverick] fails to create a new VM: libvir: Security Labeling error : internal error error calling aa_change_profile()" [Undecided,New] https://launchpad.net/bugs/627514	17:40
kirkland	hallyn: with those, we could backport qemu-kvm, and depend on a particular kernel version, with a new enough kvm module	17:40
kirkland	hallyn: however, i would strongly advise against anyone wanting to run production KVM against 8.04	17:40
siretart	jdstrand: I've even included a screenshot of the error message	17:40
kirkland	hallyn: strongly suggesting that they either upgrade to, or deploy 10.04	17:40
kirkland	hallyn: since we have a newer LTS, with a production-ready hypervisor	17:40
kirkland	hallyn: 8.04's KVM was tech-preview, at best	17:41
kirkland	hallyn: and the backport package is visible at https://edge.launchpad.net/ubuntu/+source/kvm	17:43
kirkland	hallyn: that's in the official backports repo	17:43
jdstrand	siretart: thanks	17:44
siretart	jdstrand: anything else I should add to the bug while I have the machine still on?	17:44
jdstrand	siretart: not at this time, thanks	17:45
hallyn	kirkland: i've got a testbed set up, meanwhiel i made the suggestion	17:59
hallyn	kirkland: i'll be honest, the kvm bug backlog is my primary source of stress and dismay these days	17:59
mathiaz	ttx: heya	18:05
mathiaz	ttx: was wondering about your findings about hudson?	18:05
* SpamapS <heart> CI systems.		18:07
mathiaz	SpamapS: do you know of other CI systems?	18:08
SpamapS	mathiaz: CruiseControl is sort of the sad cousin of Hudson. ;)	18:12
kirkland	hallyn: ack	18:12
kirkland	hallyn: it's a PITA	18:12
hallyn	kirkland: also a PITA? is launchpad pinning my cpu since last update	18:13
hallyn	$&%($&%(*	18:13
=== ivoks is now known as ivoks_bbl
kirkland	hallyn: launchpad?	18:14
kirkland	hallyn: as in, rendering a web page?	18:14
hallyn	yup	18:15
hallyn	just started this morning	18:15
hallyn	kirkland: would server team meeting today be a good time to bring up the question of updating lucid kvm to 0.12.5 or something?	18:17
hallyn	kirkland: (that would, for instance, solve bug 574665)	18:17
uvirtbot	Launchpad bug 574665 in qemu-kvm "kvm + virtio disk corrupts large volumes (>1TB)." [High,Triaged] https://launchpad.net/bugs/574665	18:17
kim0	Hi folks .. I can't make today's meeting, since I have a committment. There's no real updates from my side since I'm mostly just polishing the cloud portal	18:17
kuttan_	hi is there any channels discussing snmp / oids thanls	18:18
kuttan_	thanks	18:18
kirkland	hallyn: you would have to upload 0.12.5 to lucid-backports	18:18
kirkland	hallyn: you can't do a major version bump in an LTS	18:18
kirkland	hallyn: but that's fine by me (uploading 0.12.5 to lucid-backports)	18:19
hallyn	should i ask if there are objections at team mtg, or just do it?	18:19
mathiaz	jjohansen: hi!	18:20
jjohansen	mathiaz: hi	18:20
mathiaz	jjohansen: is it normal that linux-virtual installs 124M of modules?	18:21
jjohansen	mathiaz: define normal?	18:21
mathiaz	jjohansen: one of the goal of creating the linux-virtual package was to have stripped down kernel	18:21
mathiaz	jjohansen: in lucid linux-virtual modules would take less than 40 MB	18:22
jjohansen	mathiaz: its a known issue, basically when -virtual was split off of server it lost its pared down modules config and I need to go in and trim again	18:22
mathiaz	jjohansen: ok great	18:22
mathiaz	jjohansen: is there a bug about that alread?	18:22
jjohansen	yeah, just a sec	18:22
=== Thorn_ is now known as Thorn
jjohansen	mathiaz: Bug #621175	18:23
uvirtbot	Launchpad bug 621175 in linux "-virtual kernel contains too many modules" [Undecided,New] https://launchpad.net/bugs/621175	18:23
mathiaz	jjohansen: great - thanks	18:24
=== luis__lopez is now known as luis_lopez
yann2	is it possible to use scp in combination with sudo? ie: i want to copy via ssh files from a remote server to my local server, the remote files belong to root:root and are readable only by root, and the root login is disabled via ssh	18:52
ttx	mathiaz: I just looked quickly into it. It's quite basic but pushes towards best practices. I'd compare it to Nagios	18:52
ttx	i.e. no black magic, but does what it should do, and well.	18:53
mathiaz	ttx: but in a different domain right?	18:53
yann2	is there anything shorter than copying the files to another location on the remote server, chmod them, copy them, move them again, and rechmod them?	18:53
ttx	mathiaz: oh yes.	18:53
mathiaz	ttx: where you looking at hudson as a product to package or to use in the team?	18:54
ttx	mathiaz: more as part of my "staying current" objective. I already looked at it from a packaging perspective	18:54
hallyn	yann2: so you want the target files owned by root:root? Only way I can think of would be to do it as root from target machine, scp'ing with the source being remote :)	18:55
mathiaz	ttx: right - I'm more interested as a CI to use in the server team	18:55
mathiaz	ttx: I've just refactored my iso testing scripts	18:55
ttx	mathiaz: it's your classic Java thing: too many deps to package, compared to the ease of use of "just" deploying the prebuilt wart	18:55
ttx	war	18:55
mathiaz	ttx: and I may look at using hudson to track all the iso testing	18:55
mathiaz	ttx: now that I'm able to fully automate tests	18:55
yann2	hallyn, yeah, but then I couldn't scp them to the folder I want, as the normal user wouldnt have access to there :)	18:56
ttx	mathiaz: Hudson allows CI, but you can use to track any result	18:56
ttx	s/use/also use it/	18:56
yann2	also gets complicated with ssh agents, if I sudo -s to root on the remote host, I lose my agent connection	18:56
mathiaz	ttx: right - does it allow to attach random piece of information to results?	18:56
hallyn	you do what?	18:56
mathiaz	ttx: like installation logs?	18:57
ttx	mathiaz: there is an interface that allows you to post a result, I think you could attach anything to it	18:57
hallyn	yann2: so i think the answer is "no, bc otherwise you lose any safety of disabling root remote logins in the first place :)	18:57
yann2	well not if the user has sudo anyway...	18:58
kirkland	hallyn: fyi, https://help.ubuntu.com/community/UbuntuBackports	19:12
* RoyK just wrote a perl thing to find duplicate files in a directory hierarchy - nice in case you have tons of mp3s or other large files on a chaotic filesystem		19:14
Krazyderek	looking for a good way to backup 12 google apps accounts, including sent mail	20:07
Krazyderek	is postfix the best solution? or do i want something a bit more custom to dealing with google accounts?	20:08
RoyK	fetchmail?	20:08
Krazyderek	@RoyK have you used it for a while?	20:11
RoyK	not with google	20:11
Krazyderek	hmmm i guess i'd like something that will download evethying at a set time, say 3am, to keep a backup of google, and in the event someone blows up google or something, that i could just install thunderbird on everyone's desktop and just point it at our linux box downstairs and keep on chuggin' along	20:13
RoyK	Krazyderek: fetchmail can feed the mail into an MTA like postfix	20:16
Krazyderek	RoyK: sorry MTA?	20:19
kirkland	smoser: ping	20:19
kirkland	smoser: have you gotten the ttylinux image running in UEC/Maverick yet?	20:19
smoser	i think so , yeah	20:20
kirkland	smoser: if not, do you have a running UEC where you can try it?	20:20
kirkland	smoser: can you check?	20:20
smoser	http://smoser.brickies.net/ubuntu/ttylinux-uec/	20:20
kirkland	smoser: i'm trying to run it in a vm	20:20
kirkland	smoser: ie, in qemu alone	20:20
smoser	it should be fine.	20:20
kirkland	smoser: hrm, it's not coming up ...	20:22
kirkland	smoser: well, i used a really old one	20:22
kirkland	smoser: do you have console working with these new images?	20:22
RoyK	Krazyderek: mail transport agent	20:22
smoser	what is console ?	20:22
RoyK	Krazyderek: something like postfix or sendmail or whatever	20:22
smoser	remember that maverick euca-console-output was recently broken.	20:22
smoser	i'm not sure if its fixed now or not	20:22
=== ivoks_bbl is now known as ivoks
kirkland	smoser: euca-get-console	20:23
kirkland	smoser: so that i can see where it's stuck, if it's stuck	20:23
kirkland	smoser: what's the username/password in that image?	20:23
kirkland	smoser: root/linux ?	20:23
smoser	i dont know.	20:23
Krazyderek	RoyK: ah so would i setup both now? or just fetchmail? looks like i'd be using ETRN or ODMR modes and both are unfamiliar to me	20:24
RoyK	fetchmail can download your email easily using imap or pop3 and feed it to postfix, which can store it a dovecot store or something	20:25
smoser	i just verified: wget http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-i686-11.2_2.6.35-16_3.tar.gz -O out.tar.gz && uec-publish-tarball out.tar.gz foobucket i386 && euca-run-instances --key mykey $AMI	20:25
smoser	and reached the instance fine.	20:25
smoser	consoel output is present.	20:25
RoyK	Krazyderek: postfix doesn't do stuff like imap or pop, it's a plain MTA, but a jolly good one. Dovecot can do the storage, as a POA (post office agent)	20:26
Krazyderek	RoyK: i have an ubuntu server book here for the postfix and devecot stuff, and i can probably feel my way through that for one user, it's just keeping everything in order for all 12 people that worries me	20:27
kirkland	smoser: you rock, thanks	20:28
RoyK	Krazyderek: dovecot can easily handle quite a few users	20:28
RoyK	thousands	20:28
Krazyderek	RoyK: but how does fetchmail?	20:29
RoyK	fetchmail is just run with a cron job	20:30
RoyK	it fetches mail, basically	20:30
RoyK	for 12 users, that won't be much of a problem	20:30
Krazyderek	hmm	20:31
Krazyderek	RoyK: but i do need it, right? postfix can't do this for me?	20:31
Krazyderek	RoyK: sorry first mail server	20:31
cloakable	postfix won't fetch mail for you, mail needs to be sent to it.	20:32
RoyK	afaik postfix can't do pop or imap, so it can't aquire email from another host	20:32
cloakable	postfix does smtp only, yea	20:32
RoyK	yes, as cloakable said, use something like fetchmail to download the stuff	20:33
pmatulis	Krazyderek: consider setting up a typical mail server and then have google accounts send a copy of all mail to it	20:33
RoyK	feed it into postfix, and have postfix send it to dovecot (or something)	20:33
RoyK	pmatulis: give you have a static IP, that's probably the best	20:34
cloakable	Unless your isp has a smarthost, of course :)	20:34
pmatulis	cloakable: smarthost is for outgoing mail, not incoming	20:35
Krazyderek	we'd have to pay at least $15 a month extra for a static	20:35
RoyK	Krazyderek: then try fetchmail	20:35
pmatulis	Krazyderek: i don't understand, you're worrying about google blowing up but you can't afford a static IP? ;)	20:36
Krazyderek	hmmm fetchmail has I9 in their FAQ saying it doesn't play to well with gmail as of April 2008	20:36
cloakable	Krazyderek, pmatulis: Which would be a problem if your MX record was an ip address :P	20:36
RoyK	fetchmail -> postfix -> dovecot	20:37
* cloakable receives mail on a dynamic ip		20:37
pmatulis	Krazyderek: you can easily use the dynamic ip checker method - works very well	20:37
cloakable	Mmmm	20:38
JasonMSP	already did a google search. Im unfamiliar with terminology so my search isn't great. Im trying to understand SSL in order to configure VSFTPD for secure transfers (so passwords aren't sent in the clear). I can easily setup the VSFTP.conf options, but I need help with what else to make happen for the connection. Certificates, etc.. Can someone point me to a clear post that I can read up on?	20:38
Krazyderek	i do have a no-ip account for remote desktop and vpn addressing	20:38
kirkland	smoser: hrm, well, okay, i just published your latest tarball to my all-in-one-UEC-running-in-a-beefy-KVM	20:39
kirkland	smoser: published fine (thanks)	20:39
kirkland	smoser: running the instance, it goes to the "running" state no problem	20:40
kirkland	smoser: note that i'm using --addressing private	20:40
cloakable	kirkland: Use that as your MX record then shrug	20:40
kirkland	smoser: it stays in the running state (ie, it doesn't commit suicide)	20:40
smoser	do you get console output ?	20:40
kirkland	smoser: negative	20:40
smoser	then you need to fix that first.	20:40
kirkland	smoser: been running for ~350 seconds	20:40
kirkland	smoser: all i get is the timestamp back	20:40
kirkland	smoser: when i euca-get-console-output	20:41
smoser	your running into bug 619843	20:41
kirkland	smoser: well, instance id, then timestamp	20:41
cloakable	Erk	20:41
uvirtbot	Launchpad bug 619843 in eucalyptus "euca-get-console-output returns one single line" [High,Fix committed] https://launchpad.net/bugs/619843	20:41
Krazyderek	pmatulis: i'm not sure if the "forward copy" option in google will work for sentmail, so you'd have to BCC mail to yourself and setup some kind of rule to put it in the sent items....errr..	20:41
kirkland	smoser: ah	20:41
* kirkland goes tackle that nasty bugger		20:41
pmatulis	Krazyderek: huh?	20:41
smoser	kirkland, that is probably supposed to be fixed	20:42
smoser	Daviey, its not fix released ?	20:42
Krazyderek	pmatulis: when you were saying setup a regular mail server and have google send a copy	20:43
pmatulis	Krazyderek: ok, it won't work?	20:43
Krazyderek	pmatulis: not for sent mail i don' think	20:43
pmatulis	Krazyderek: not sure why	20:44
Krazyderek	pmatulis: i thought the forwarding only appied to incoming mail	20:44
RoyK	http://karlsbakk.net/fun/sinking.mpg	20:45
Krazyderek	pmatulis: i'll try it now	20:45
kirkland	Daviey: what change did you make? did you just add eucalyptus to the kvm group?	20:48
Krazyderek	pmatulis: ya incoming only	20:49
Krazyderek	i want to have a record of all sent mail backed up as well, so hopefully fetchmail is working better with google these days :S	20:49
=== jsalisbury_ is now known as jsalisbury
Krazyderek	RoyK: i don't see a listing for postfix under the fetchmail website, do you have some recommended settings or a reliable tutorial?	20:54
kirkland	smoser: sweet!	20:55
smoser	what'd you find ?	20:55
kirkland	smoser: i've got console output, and i can see my failure :-)	20:55
kirkland	smoser: you da man	20:55
smoser	what is fialure ?	20:55
kirkland	smoser: well, i have a mismash of network hackery i need to sort out	20:55
kirkland	smoser: basically, i need to fix my networking setup in eucalyptus.local.conf	20:55
kirkland	smoser: but the bugger is most definitely running!	20:56
JasonMSP	okay lets ask that question again in a different way. Can anyone point me to a primer on creating secure connections with ubuntu. like the ultimate basics so that i understand how the process works and then can apply it to VSFTP?	21:00
JasonMSP	(im looking at TLS in wiki now)	21:01
qman__	secure and FTP are mutually exclusive items	21:01
qman__	you can sandbox it off in its own restricted corner, but you cannot secure FTP	21:02
JasonMSP	qman: vsftp from what I understand can be configured with TLS/SSL. But again I really don't have any idea what im doing.	21:02
qman__	if it can, it's a new feature that I am unfamiliar with	21:03
qman__	I use the sftp built into openssh	21:03
qman__	as far as FTP daemons go, VSFTP is the best I have used, but it's still FTP	21:04
JasonMSP	Im working on the ability for clients to FTP into their sites. Each has a user id with which they can FTP, SSH is disabled so they can't get in to the server, and they are chrooted to their web.com folder.	21:04
JasonMSP	Im still weighing if it is necessary to secure the connection, but i don't like the idea of passwords being sent in the clear.	21:05
JasonMSP	http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29	21:06
qman__	centos, yuck	21:08
qman__	good information though	21:08
qman__	should be the same on ubuntu swapping yum for apt-get	21:08
qman__	and /etc/rc.d/init.d for the service command	21:09
JasonMSP	yes.. I tried this last week and didn't get it working. It may be the clients im working with to get in which is why I need the bare basics to undersatnd the process. I know how to create the certificates, but then the client connecting doesn't work with what I've tried so far.	21:09
JasonMSP	ive been using sudo service vsftpd restart	21:10
qman__	well, that's what's known as FTP/S, not SFTP	21:10
qman__	so make sure your clients are in the right mode	21:10
JasonMSP	ok then where can I get basics on the difference between all those.	21:10
qman__	with TLS it should still use port 21, too	21:10
qman__	SFTP is FTP over SSH	21:11
qman__	FTP/S is FTP with TLS encryption	21:11
JasonMSP	ok. so then im looking for FTP/S... Thanks!	21:11
qman__	a number of other protocols work like that too	21:11
qman__	TLS uses the standard, clear port and then starts encryption	21:12
qman__	where SSL uses a separate port, like how HTTPS uses 443	21:12
JasonMSP	does that mean password will still be sent in the clear?	21:12
qman__	no	21:12
qman__	the initial connection handshake is, then the STARTTLS command is sent	21:12
qman__	and the rest continues like SSL	21:12
JasonMSP	ah	21:13
JasonMSP	(i hear the angels signing in the background)	21:13
JasonMSP	*singing	21:13
qman__	now, I don't know if FTP/S transfers the files over the encrypted channel, or what other ports, if any, it uses, you'll have to look that up	21:15
qman__	but I do know that the authentication and control are handled over the secured connection	21:15
Krazyderek	RoyK: i sink i'm going to tackle this one tomorow, thanks for the tip i'll see how it goes on a small account first	21:16
Krazyderek	exit	21:16
JasonMSP	Does SFTP require users to have shell access?	21:17
qman__	no	21:18
qman__	it uses sshd, but the users can be easily denied shell access	21:18
qman__	however, the users must have a valid shell defined	21:18
JasonMSP	ok so it would be just as easy for them to SFTP. ive read that an option is /usr/sbin/nologin ??	21:20
JasonMSP	(easy because the client software is easily come by)	21:21
qman__	lots of clients support SFTP, on many platforms	21:22
qman__	however, I don't think nologin works	21:22
qman__	I can test and verify	21:22
qman__	/bin/false does not work	21:22
JasonMSP	i've got my ssh config file setup to allow only those in the group sshlogin	21:23
JasonMSP	so that should secure anyone else from shell access.	21:23
qman__	nologin does work	21:25
qman__	a bit surprising, guess I'm making some changes	21:26
JasonMSP	so as long as their shell folder is set with nologin, they don't have ssh access (because they are not in the group) they should only be able to access their folder. What about CHROOTing them to their web folder, this should still be accomplished by VSFTPD	21:27
JasonMSP	(their folders via FTP that is)	21:28
qman__	VSFTPD has nothing to do with SFTP using sshd	21:28
qman__	they are completely separate	21:28
qman__	whichever one you are using, you need to configure chroot with	21:29
qman__	or both, if using both	21:29
JasonMSP	VSFTPD is not needed if you are doing SFTP. ok. Is this because the client software acts as if it is FTPing, but in reality it is being done through SSH? As you can see im getting lost on the fundamentals which is what has been making this difficult.	21:30
qman__	SFTP is an internal function of sshd	21:31
qman__	it works like FTP but is built in	21:31
JasonMSP	ie its built in.	21:31
qman__	you can use other SFTP subsystems with sshd, but the internal one is the one I know and use with sftp-only users and chroots	21:32
JasonMSP	im on my third generation of working this solution. the first was straight VSFTP, then I was recommend SFTP and when I couldn't get either of those working I went back to VSFTPD. I have a working in the clear setup with VSFTPD now. I never was able to get a working SFTP solution (except for myself via key) I've got passwords turned off in SSHD config.	21:33
qman__	vsftpd cannot be used as an SFTP subsystem, because it's not SFTP, it's FTP/S	21:33
JasonMSP	i understand. they are separate (daemons?)	21:34
qman__	well, if you have password authentication disabled, SFTP users will need keys	21:34
qman__	a very secure configuration, but you may have trouble instructing users to use it	21:34
JasonMSP	EXACTLY!	21:35
JasonMSP	which is why i thought I would be able to use VSFTPD.	21:35
qman__	you can, but it will be FTP/S, not SFTP, and will require a different client mode	21:35
qman__	and I'm not sure on the specifics of how that one works	21:35
JasonMSP	client mode meaning protocol?	21:36
qman__	yes	21:36
qman__	also, FTP/S is not really standardized, some softwares implement it differently	21:37
JasonMSP	ok. I just used WinSCP to connect in the clear with a password which means it is using the VSFTPD daemon	21:39
JasonMSP	that means that it is possible then to secure this connection with TLS if that link I sent earlier configures it correctly.	21:41
qman__	that page states that winSCP doesn't do FTP/S	21:42
qman__	I can neither confirm nor deny	21:42
=== ivoks is now known as ivoks_away
WinstonSmith	try filezilla	21:53
WinstonSmith	does FTP/S i think	21:54
JasonMSP	you can select the protocol (FTP) and then it gives you a dropdopwn for encyption	22:01
JasonMSP	then you can choose none, SSL/TLS implicit, SSL explicit, or TLS explicit	22:02
JasonMSP	I used TLS explicit and it connected with the right certificate but they did not end up in the correct directory. so im thinking its a config setting	22:03
Zikey	I have a file named "core" at the root (/), it's probably a coredump, is there any tool to know more about it ?	22:03
Patrickdk	only if you care to debug it	22:04
Zikey	I just would like to know which binary crashed	22:05
Zikey	it's probably written in the core file	22:05
Patrickdk	gdb I believe	22:05
Patrickdk	been a few years since I worked on one	22:05
Zikey	strings <core worked :)	22:06
Zikey	damn asterisk...	22:06
Zikey	last question, how do you force a fsck on next reboot ?	22:09
soren	Zikey: touch /forcefsck	22:18
soren	iirc.	22:18
soren	Yup.	22:19
uvirtbot	New bug: #627676 in mysql-dfsg-5.1 (main) "package mysql-client-core-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/mysql', which is also in package mysql-client 0:5.1.50-2" [Undecided,New] https://launchpad.net/bugs/627676	22:26
Zikey	thx soren !	22:28
Kaelten	anyone have an example multipath.conf file they could point me at?	22:33
tucemiux	anyone knows how to configure a printer server manually?	23:02
DigitalDeviant	Would anyone here be helpful to help me setup a bind9 dns server on my ubuntu server? I have tried to follow multipe howto's and even webmin but i just can seem to get it working correctly. If someone could do a remote session with me and show/explain to me how it works I would be very greatfull	23:11
tomsdale	DigitalDeviant: sry - no experience here either but did you try howtoforge?	23:13
ScottK	DigitalDeviant: Look in the Ubuntu server guide on help.ubuntu.com.	23:13
ScottK	It has specifics on how to do it.	23:13
DigitalDeviant	yah, i have been looking at docs all day. They are confusing as hell to me. I have no problem setting dns up in windows, lol but since i am new to linux I keep hitting walls	23:14
ScottK	Did you try the Ubuntu server guide?	23:14
DigitalDeviant	yah, Ive spent a good 6 hours trying to get it to work	23:14
tomsdale	Does 10.04, apart from apparmor have a second firewall - I changed my ssh port to 31337 but the connection times out - on 22 it works. I already uninstalled apparmor	23:14
ScottK	tomsdale: There is one installed, but not active by default. I'd recommend putting apparmor back as it won't interfere with that.	23:15
tomsdale	what could it be then that won't allow me to connect via ssh? netstat -tap shows it listening on 31337	23:17
DigitalDeviant	you behind a hardware firewall tomsdale ?	23:17
tomsdale	nop - all in the internal network	23:18
DigitalDeviant	try using a port scanner to the ip with the SSH server. see if the port is open from site to site first	23:19
tomsdale	already set loglevel to debug but I don't see any request being made in the auth.log. And apparmor is uninstalled as I mentioned.	23:19
tomsdale	good idea	23:19
DigitalDeviant	are you using fail2ban as well ?	23:19
tomsdale	yes, nmap says filtered, ELITE	23:19
DigitalDeviant	so you are using fail2ban	23:20
tomsdale	yes, but according to the log I'm not jailed	23:20
DigitalDeviant	have you added your ip to the allow list in fail2ban	23:20
tomsdale	eh - banned.	23:20
tomsdale	I don't think it's my IP the problem - on port 22 all works fine. As soon as I change it to 31337 it stops working	23:21
DigitalDeviant	once you change the port, you have restarted the service right? i know stupid question, but sometimes people forget	23:22
tomsdale	I even did a good old fix all win problems reboot :-)	23:22
DigitalDeviant	lol	23:22
DigitalDeviant	ok	23:22
tomsdale	There somehow is another firewall actice I have the feeling.	23:24
DigitalDeviant	doesnt pure-ftp use port 31337. are you running that?	23:24
tomsdale	ah - there is bastille-firewall which is active.	23:25
DigitalDeviant	when i run into issues like that, i install webmin so i can look at everything all at once, it helps, then i purge it	23:25
tomsdale	that's it. it appears ubuntu server 10.04 uses by default apparmor and bastille-firewall. Two more secure than one ?	23:26
DigitalDeviant	i use ddwrt firewall and fail2ban. so im not to familair with software firewalls in ubuntu	23:27
sbeattie	um, what? bastille is not included by default.	23:27
tomsdale	hm - did a clean install from a howtoforge tut - checking whether it slipped in there somewhere.	23:28
DigitalDeviant	do i need multipe IP's to setup a dns server / lamp server ?	23:29
DigitalDeviant	i have two public ip's one pointing to dns port and the other to the lamp server. is the correct setup so far?	23:30
DigitalDeviant	or do i just use the one ip address for the dns and the lamp server	23:31
DigitalDeviant	im only hosting like 4 domain names	23:31
DigitalDeviant	neither will have email	23:32
fluvvell	I've got 10 domain names, dns and lamp all on the same ip. It really doesn't matter if you handle ports and everything correctly	23:32
DigitalDeviant	oh	23:33
DigitalDeviant	good then, that gives me ann extra ip :)	23:33
fluvvell	but I use fail2ban and shorewall (firewall)	23:33
DigitalDeviant	i use fail2ban and a hardware firewall with iptables	23:33
kirkland	smoser: still around?	23:33
kirkland	smoser: ideas? http://pastebin.com/Vx24Xn7H	23:34
fluvvell	DigitalDeviant: are you wanting bind for external dns or internal network ?	23:36
kirkland	smoser: metadata failage	23:36
DigitalDeviant	external. My server is behind verizon fios and I need to setup fwd and reverse zones for them to setup the ptr records or something	23:36
SpamapS	DigitalDeviant: you want to have your IP resolve to your server's hostname?	23:37
SpamapS	DigitalDeviant: you need at least two servers to host your own DNS. Do you have two?	23:38
DigitalDeviant	yah, the other one is sitting here right now getting server loaded on it as we speak, but right now on the fios i only have one	23:38
DigitalDeviant	brb guys	23:39
=== kentb is now known as kentb-afk
kirkland	smoser: nevermind, i think i have it!	23:40
DigitalDeviant	right now, my domains are using the ns1.verizon.net and ns2.verizon.net per the tech support. So i need to setup the dns server to resolve the domains or someting..ive never done dns on ubuntu so im lost like a 9 year old in a candy store	23:45
DigitalDeviant	and the howto's are not helping me a bit	23:46
DigitalDeviant	im more of a watch and learn type person, ya know	23:46
DigitalDeviant	I installed webmin to help because a frind of mine said it would make it easier....pfft	23:47
DigitalDeviant	ive been at this all day with no progress and im about to throw my server out the window	23:49
tomsdale	DigitalDeviant: Don't know if it helps your cause but I'm atm installing ispconfig 3 in a 3 server setup. Haven't gotten as far as DNS yet but it seems you can create zones in a web interface.	23:49
DigitalDeviant	yah, you can do that with webmin as well	23:49
DigitalDeviant	its just too confusing for me	23:49
tomsdale	you're using bind?	23:50
DigitalDeviant	yah	23:50
tomsdale	on howtoforge some people us mydns - have heard it's smaller and easier but the hosters tend to prefer bind.	23:51
DigitalDeviant	yah, i was told to use bind	23:52
tomsdale	I mean a software with Version Nr. 9 - It gotta be good. Even windows only got to 7 so far :-)	23:53
tomsdale	sry - not really helping your problem :-(	23:54
tomsdale	http://oreilly.com/catalog/9780596100575 ??	23:56
DigitalDeviant	its all good, been going through this crap all day :(	23:57
ath88	Hello, anyone whos nifty with sshtunnels got the time and temper to help me? I need to setup a tunnel from a netbook to my server, so i can access that netbook no matter what network it is logged onto. Is that possible?	23:58
DigitalDeviant	well the good news i guess is if im going to setup a second dns server, I might as well host mysql on it as well and get some load of the web server	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!