smoserMadwill, lots of pepole here willj ust think I'm being a stick in the mud00:39
smoserbut lxc != openvz00:39
smoserlxc is not as robust as openvz was (or that I understand it was).  You cannot trust a UID 0 process in your lxc container.00:41
smosermaybe robust wasn't the right word for that.00:41
smoserit makes no promises that you could do such a thing.00:42
YankDownUnderAnyone install/use Tryton?01:39
uvirtbotNew bug: #629234 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/62923404:01
uvirtbotNew bug: #629236 in samba (main) "Can't install samba in 10.04.1 fresh install" [Undecided,New] https://launchpad.net/bugs/62923604:16
=== cs278|work is now known as Guest96508
oracleupon actually installing ubuntu server 10.04, will there be an option to encrypt everything before the install continues?04:40
wbiesingHi all. I'm having some issues with Dell's Hardware RAID controller, Ubuntu 10.04, Dell T3500. Is this the right place to ask?04:59
uvirtbotNew bug: #629247 in libvirt (main) "Failure to alter VM's MAC address with virsh" [Undecided,New] https://launchpad.net/bugs/62924705:01
MTecknologyA little off topic and random. I just looked at the lines of code in Nginx - 137,212 LoC05:16
=== viezerd- is now known as viezerd
danielhdiazNecesito montar un servidor con ubuntu, podrian ayudarme?05:37
ubottuEn la mayoría de canales de Ubuntu se habla sólo en inglés. Si busca ayuda en español o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.05:45
danielhdiazok thank you.05:47
twbDe nada.05:47
q_a_z_steveHow do I check whether I've set an "internet host name" for my 10.04 server install? like "hostname" but for web server identity..07:01
twbq_a_z_steve: where are you hearing about this "internet host name"?  From e.g. apache's logs?07:02
twbIt probably means telling the daemon in question what FQDN to use, and/or putting same in /etc/hosts.07:03
q_a_z_stevetwb: well I'm not even sure I've set one yet. I've killed my box and just ran through a million lines of aptitudes since07:03
twbq_a_z_steve: check "hostname --fqdn" first, I guess07:04
q_a_z_stevetwb: well that shows .lan so I probably haven't set one at all yet.07:05
twbThat is most likely provided by the OpenWRT or whatever that is running your network07:07
twbOr *was* running your network at the time you installed ubuntu07:07
twbUnless your host has a public IP on the internet, getting a correct FQDN probably isn't important.07:08
q_a_z_stevewell obviously I *want* a domain name eventually to be tied to this web server...07:11
q_a_z_stevetwb: but you don't think that's an issue yet, right?07:14
intelliantqman__: hi!07:39
intelliantnoticed that all the VMs had a shared virtual Optical drive. I removed that from all VMs and restarted them. eversince that, the errors have not reappeared.07:40
intelliantwill be monitoring this further over the next 2 days.07:41
Jeeves_TeTeT: You awake?07:44
sherrintelliant: I saw your conversation yesterday - how was the CDROM shared between guests? I have 2 guests, each with a CDROM, and each KVM definition has :07:45
sherr<address type='drive' controller='0' bus='1' unit='0'/>07:45
sherrBut I would think that is "private" to each guest (i.e. 2 separate cdroms)07:45
TeTeTJeeves_: barely ;) need to visit the dentist in the next 10 minutes, will be back in an hour07:46
Jeeves_TeTeT: Ah. I'll give you something to think about at the dentist07:46
Jeeves_(I need it to run ISC dhcpv6 :))07:46
Jeeves_PresuntoRJ: ?07:47
TeTeTJeeves_: hmm, check out the PPA from Mathieu Trudel, he has a new network manager and probably also a dhcp4 client in it07:47
TeTeTJeeves_: or he had a patch to remove the need for it, don't remember it exactly07:47
Jeeves_I need the server and relay, but I'll have a look at his ppa. Thanks!07:48
intelliantsherr: http://pastebin.com/Fryb0esQ07:48
Jeeves_Mathieu only has networkmanager07:49
intellianti agree to what you are saying but this is just one observation07:49
intelliantsherr: I still beleive the problem may lie elsewhere07:49
TeTeTmaybe there are debian experimental packages for it?07:49
Jeeves_Oh, that's a good one07:49
TeTeTbest to test those in a vm, things can go awfully wrong with the experimental packages in my experience07:50
intelliantmay be over the weekend I will add the cdrom back and wait for the errors.07:50
Jeeves_TeTeT: Yeah, I'll try that07:51
Jeeves_Debian renamed it to isc-dhcp07:51
Jeeves_which makes sense, given the fact that there are more dhcpd's around07:51
sherrintelliant: thanks. I have a "block" device, you have a file. Similar otherwise. Well, let's wait and see - I hope it works for you.07:54
uvirtbotNew bug: #629304 in mysql-5.1 (main) "-DMYSQL_CLIENT_NO_THREADS and undefined reference to `my_pthread_fastmutex_init'" [Undecided,New] https://launchpad.net/bugs/62930408:11
TeTeTJeeves_: any success with the experimental packages?08:33
Jeeves_TeTeT: Yes08:33
Jeeves_I've got isc-dhcp-relay running08:33
Jeeves_All I gotta do know is figure out how dhcpv6 works :)08:34
Jeeves_But first a shower, to really wake up :)08:34
uvirtbotNew bug: #629318 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/62931808:46
Jeeves_grrr, people that post bugs in their own language--08:52
LordKitsunahey can anyone help me my server tottally just blew up in my face and i have no idea what to do09:37
Scorpionwho install oracle 11gR2 on ubuntu 10.04?09:38
LordKitsunai uninstalled a package then ran some updates and now when i try to boot i get "fsck from util-linux-ng 2.17.2  /dev/sda1: clean, 132765/4800512 files, 7904061/19182080 blocks (check in 2 mounts) init: udevtrigger main process (276) terminated with status 1 init: udevtrigger post-stop process (281) terminated with status 109:41
PresuntoRJ!ask | Scorpion09:42
ubottuScorpion: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)09:42
PresuntoRJ!details | Scorpion09:42
ubottuScorpion: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..."09:42
X-2PresuntoRJ: I know you.09:44
LordKitsuna;-; please can anyone help me i have a lot of people who use this server and im still learning some of the more in depth things and i just cant figure this problem out09:45
PresuntoRJX-2: of course :D09:45
PresuntoRJLordKitsuna: how come "blew up" ? electrical explosion? hdd failure? bad upgrade?09:49
LordKitsunawell i say that when a big error that prevents me from doing what i want to do happens09:50
LordKitsunaits just a figure of speech09:50
LordKitsunaas i said i uninstalled a package (bandwidthd to be exsact) then ran apt-get update follwed by apt-get upgrade (couldnt tell you what it upgraded) then all that error happnened09:51
PresuntoRJI have used bandwithd before... maybe there is an HDD error that went unoticed before you have tried this upgrade, because there is nothing in the package that could cause a failure to bot09:54
PresuntoRJLordKitsuna: do you remember what is your filesystem? ext4? ext3? reiserfs?09:54
LordKitsunaext4 i think09:55
Psi-JackFor things that are managed by upstart, for example, avahi-daemon, what is "good practice" to do to not have that service started/stopped except manually, rather than automatically?09:55
PresuntoRJLordKitsuna: do you have a livecd with you? when was your last backup ?09:55
LordKitsunalast backup...ummm ummm not tooo long ago also yes i have a live cd of ubuntu desktop with me09:55
LordKitsunamy power is being flashy it had better not go out this would be the worst possible timing09:57
LordKitsunaso what should i do with the live cd PresuntoRJ09:58
PresuntoRJcould you try to power it on from the livecd? in there, try running (before you mount the HDD) a fsck to your partitions? let it complete the process before you try to boot it again09:58
sd-d_how can i create localhost in ubuntu09:58
PresuntoRJLordKitsuna: tune2fs also gives you some feedback on the health of the harddrives09:59
PresuntoRJsd-d_: ?09:59
LordKitsunaim not 100% sure how to run fsck (still learning ubuntu) do i just type it in a termanal?09:59
PresuntoRJsd-d_: ?09:59
sd-d_PresuntoRJ, like we open a directory in browser in asp.net10:00
PresuntoRJLordKitsuna: most linux are the same... fsck /dev/partition (he correct name)10:00
PresuntoRJLordKitsuna: try $ man fsck to read the manual10:00
sd-d_PresuntoRJ,  ur close ..10:00
PresuntoRJ$ man also works for most commands10:00
PresuntoRJsd-d_: you want to access your filesystem from a web browser?10:01
sd-d_yes ...10:01
twbPresuntoRJ: that's called DAV10:01
PresuntoRJI think there is a python trick for that10:01
PresuntoRJpython -m SimpleHTTPServer10:02
twbYou can do that with any old browser10:02
PresuntoRJmake sure you have the tcp port opened on your firewall10:02
PresuntoRJbut thats pretty unsafe10:02
twbI usually use "busybox httpd" or thttpd10:02
LordKitsunableh my live cd takes forever to boot, ill let you know what happens once i actually get to it10:02
PresuntoRJtwb: I think he mean from another computer10:02
sd-d_PresuntoRJ, was that for me ??10:02
twbWell, both of those export the working tree via HTTP as the current user on a given port -- just like Python's built in HTTPd implementation10:03
PresuntoRJsd-d_: yes... try from the folder you want to browse $ python -m SimpleHTTPServer10:03
PresuntoRJtwb: never tried with busybox... I'll give it a try10:03
twbPresuntoRJ: unfortunately you'd need the larger busybox in Ubuntu -- the one they give you to boot with doesn't have the httpd applet :-(10:04
PresuntoRJsd-d_: they are both incredibly unsafe... do it for LAN access only... set a proppet firewall rule (with ufw) for that10:04
twbBut "busybox httpd" works on any Debian box you're likely to run into :)10:04
PresuntoRJtwb: cool10:04
PresuntoRJsd-d_: do you know how to use ufw to set up a firewall rule ?10:05
twbsd-d_: why do you want to access the directory tree in a web server?  Maybe there's a better way, like rsync.10:05
LordKitsunaserver....you could use apache couldnt you? then put the files you want under the /var/www10:05
twbLordKitsuna: yes10:06
LordKitsunai hardly know what im talking about so just ignore me if tahts a stupid idea lol10:06
twbOr really, you should use /srv/www or so -- /var/www is vestigial10:06
LordKitsunaall i know is i run a gazzel website (well kinda im more or less a chooser and my friends do the coding bit) and i can host shit in the /var/www so i just thought id throw it out as an idea10:08
PresuntoRJLordKitsuna: those are all pretty stupid ideas, even mine, if you don't know what you are sharing... at least with apache you could set up a password (htpasswd), and share only your home files, and choose not to follow symlinks... and NEVER FORGET to set a firewall to prevent access from where you do not trust in the first place10:11
PresuntoRJLordKitsuna: but anyway, if its only temporary...10:12
LordKitsunaPresuntoRJ, the file system shows as EXT3/4 (waht?) and i cant figure out how to use fsck right lol ill keep trying tho10:12
felixhummelhi! i accidentially did a ``chown -R foo: /``. Is there some (semi-)automated way to restore permissions to system defaults?10:12
LordKitsunaoh wait10:13
LordKitsunahells yea10:13
LordKitsunathere is a gui for fsck10:13
PresuntoRJtwb: if its for the access per-se, why not keep it to ssh/scp ?10:13
PresuntoRJLordKitsuna: a couple of questions... GUI for fsck? cool... and ? GUI? are you running your server with a GUI ? really?10:14
PresuntoRJLordKitsuna: not wrong, just unusual10:14
LordKitsunaPresuntoRJ, the check finished like instantly and said it was clean also no as i said i have a ubutu desktop live cd with me not server so natrually it had a gui10:14
PresuntoRJLordKitsuna: not judging here... I do this at home too... just said it was unusual10:15
PresuntoRJLordKitsuna: clean for every partition (if more than one, of course)10:15
twbPresuntoRJ: that, too.10:17
LordKitsunaactually i know why it was so fast now, i did it via command line just to be sure and got the following error "permission denied while trying to open /dev/sda you must have read/write to the file system or be root10:17
twbPresuntoRJ: but you can hand out rsyncd access to anonymous users, and it supports DAV-style listings.10:17
twbIt really depends what he wants to achieve10:17
LordKitsunaand no my server itself has no GUI but i figured it would be easyer to just use my ubutu desktop live cd to fix it10:17
PresuntoRJLordKitsuna: try sudoing it first... sudo fsck /dev/partition10:18
twbLordKitsuna: what is this alleged "gui fsck" called?10:18
PresuntoRJLordKitsuna: or gksudo if its a GUI application10:18
twbPresuntoRJ: you don't need to use gksudo to launch a GUI -- the difference between gksudo and sudo is how it asks for a password.10:18
PresuntoRJtwb: its the system/admin disk utility10:18
PresuntoRJtwb: or whatever the name in english... it has a little drive icon (in pt-BR: Utilitário de Unidades)10:19
PresuntoRJtwb: you can mount, umount, check, format, etc10:19
PresuntoRJtwb: I think even partition, though I prefer and trust gparted for that10:20
twbIf you open up a terminal and run xprop, then click on the window, what is the WM_CLASS ?10:20
twb(That's usually the "real" app's name)10:20
PresuntoRJtwb: I use gksudo for GUI basically cause I would tell him to run via Alt+F2 also... ;)10:20
LordKitsunaPresuntoRJ, and when i use sudo fsck i get "device or resource busy while trying to open /dev/sda filesystem mounted or opened exclusively by another program?10:21
PresuntoRJLordKitsuna: umount it first, from the livecd10:21
LordKitsunai did its not mounted10:21
PresuntoRJLordKitsuna: never try to fix a drive/partition while in use (mounted)10:21
PresuntoRJLordKitsuna: wiered10:21
PresuntoRJLordKitsuna: do you have it opened with gparted?10:22
PresuntoRJLordKitsuna: try $ sudo lsof -n | fgrep sda110:22
LordKitsunaPresuntoRJ, this might sound really stupid but how do you make the | (i copyed that from your message) i cant find that on my keyboard10:24
LordKitsunaPresuntoRJ, oh wait nvm i found it, it had a break in it on my keys so it looked like something else10:27
LordKitsunaPresuntoRJ, lsof :WARNING cant stat () tmpfs filesystem /cow output information may be incompleate lsof: WARNING cant stat() fuse.gvfs-fuse-deamon file system /home/ubuntu/.gvfs output information may be incompleate10:29
PresuntoRJLordKitsuna: no worry... the WARNINGS are for unaccessible folders (usually there)10:32
PresuntoRJLordKitsuna: if there is no hit for sda1 (guessing your partition is /dev/sda1 , of course) I am not sure what could be happening to prevent the fsck10:33
LordKitsunaPresuntoRJ,  well i tried sda then sda1 and 2 just to be sure and those are the errors i got for all of them10:34
PresuntoRJLordKitsuna: are you sure that is the name of the HDD on your system?10:35
PresuntoRJLordKitsuna: it should have worked if it is correct and unounted10:35
Psi-JackFor things that are managed by upstart, for example, avahi-daemon, what is "good practice" to do to not have that service started/stopped except manually, rather than automatically?10:36
Psi-JackI mean, upstart's nice and all, but there's no actual management system to manage it like there are SysV/LSB style init scripts.10:36
PresuntoRJPsi-Jack: what do you mean?10:36
LordKitsunaPresuntoRJ, yea its just shown as "/dev/sda" in the mounting manager and it shows as unmounted10:36
Psi-JackPresuntoRJ: like, to stop a LSB script from starting during init, you'd update-rc.d -f servicename remove10:37
Psi-JackI want to stop avahi-daemon from starting up on it's own.10:37
PresuntoRJPsi-Jack: i think they have more or less the same goal... where upsatart is an attempt to rewrite init.d in a kind of better way... not sure how... there is literature for that in the ubuntu site10:37
ubottuUpstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/10:37
Psi-JackYeah, not really covering my topic, actually.10:38
PresuntoRJLordKitsuna: but there are partitons under it? sda1 or sda2 ?10:38
Psi-JackThe only way I can figure to stop a service from auto-starting, is to remove it's event states.10:38
PresuntoRJLordKitsuna: which is root? which is boot? which is home?10:38
Psi-JackAs-in, editing /etc/init/avahi-daemon, and commenting out the start line.10:39
PresuntoRJPsi-Jack: you could try sudo chmod 644 the script file10:39
Psi-JackIt's not a script file.10:39
Psi-Jackit's a .conf file for upstart.10:39
PresuntoRJPsi-Jack: or update-rc.d --remove it10:39
Psi-JackNot an LSB script.10:39
PresuntoRJ:) sorry10:40
Psi-Jackupstart's not handled by rc.d's, it's handled by upstart.10:40
Psi-JackWhich is why I'm asking the question I'm asking. :)10:40
LordKitsunaPresuntoRJ, im not 100%sure i thought i had it as default (it put /home and stuff in seperate parts) but it looks to all be one10:40
LordKitsunaPresuntoRJ, i did i few installs of it so its hard to remember what it ended up with in the end10:41
PresuntoRJPsi-Jack: but upstart still run the init scripts... just under upstart now10:41
LordKitsunaPresuntoRJ, i checked with the disk utility its all one partition10:42
LordKitsunaPresuntoRJ, or at least thats what it says10:42
Psi-JackThere's a big difference between /etc/init.d/ and /etc/init/10:42
PresuntoRJLordKitsuna: you could try a bit of a labor here10:42
PresuntoRJcreate a /mnt/sda1 folder10:42
PresuntoRJthen a /mnt/sda210:42
PresuntoRJand so on10:42
PresuntoRJmount them there , manually10:42
PresuntoRJbrowse for a while until you figure out who is what10:43
PresuntoRJyou know what goens in your /home, dont you?10:43
PresuntoRJPsi-Jack: have you looked in /etc/default10:44
PresuntoRJPsi-Jack: http://upstart.ubuntu.com/misc/upstart.pdf10:44
Psi-JackPresuntoRJ: For? There's nothing in /etc/default/ for avahi-daemon10:45
LordKitsunaill need to have my friend do all this10:45
LordKitsunahes the one who knows what hes doing10:45
LordKitsunaill just end up breaking it more10:45
LordKitsunathanks for the help10:45
Psi-JackAnd that PDF is pretty much so old it's not even useful, nor it's contents useful. LOL10:45
Psi-Jackupstart's design ideas started in 2006, when this document was made. heh10:46
=== ivoks_away is now known as ivoks
sorenjdstrand: I know we've briefly chatted about it a number of times now, but we've never really gotten anywhere... ufw and libvirt's use of iptables... How can we make them better friends?10:47
PresuntoRJPsi-Jack: sorry, never read it... :D just found it10:48
sorenjdstrand: I don't know if we've discussed this particular approach before, but how about if ufw had a concept of a "transient rule", i.e. a rule that gets added through ufw, but doesn't persist across reboots.10:48
Psi-JackPresuntoRJ: Well, no offense, but it's obvious you know pretty much nothing about upstart, so you really can't help. ;)10:48
PresuntoRJPsi-Jack: no offense at all10:49
PresuntoRJPsi-Jack: we try to learn as well as we try to teach and help10:49
Psi-JackLike I said, it /seems/ the only way to get, for example, avahi-daemon, to not run at startup, is to comment out the start rule it has, so it has no start event to trigger it's startup.10:49
PresuntoRJPsi-Jack: if upstart was not kind of obscure, it would be obvious for you too10:50
Psi-Jackupstart is by far, an incomplete replacement to LSB init scripts.10:50
PresuntoRJPsi-Jack: worst case scenario, at /etc/rc.local you could call for a service avahi-daemon stop10:50
PresuntoRJugly !10:50
Psi-JackI mean, it doesn't even have anything even close to error tracking/handling needed for things such as CRM management of services.10:50
PresuntoRJPsi-Jack: I believe it was not the intention... it does asynchronous and inter-dependents starts pretty well...10:51
Psi-JackYeah. It works well, beyond it's limitations.10:52
PresuntoRJPsi-Jack: and it might do exactly what you asked for, I just don't know how to help you my self10:52
Psi-JackBut, it's limitations outweighs it's actual usefulness, which is it's bad side. ;)10:52
Psi-JackPresuntoRJ: I really don't think it does, actually.10:52
Psi-JackNo matter what, I have to hack up the .conf file itself to make it stop, there's obviously no other way.10:53
PresuntoRJPsi-Jack: the most obvious trick I could think of would be move the avahi-daemon.conf to avahi-daemon.conf.disabled ...10:54
Psi-JackI have basically two choices. Hack the avahi-daemon.conf and comment out the start rules. Alternatively, add a /etc/default/avahi-daemon file with START=false and hack the avahi-daemon.conf to check for it during the pre-start and make it exit if START != true10:54
Psi-JackPresuntoRJ: Which disables it completely from even manually starting if I wanted to.10:54
PresuntoRJPsi-Jack: and from what I have found now, update-rc.d also works to disable most upstart scripts10:55
Psi-JackNo, it doesn't.10:55
Psi-JackIt has absolutely no effect, actually, because upstart doesn't care a spit about what's in /etc/rc#.d10:55
PresuntoRJPsi-Jack: good to know10:56
Psi-JackAll the /etc/init.d/'s are to upstart controlled services are is symlinks to upstart's control interface/10:56
Psi-JackThat's it. ;)10:56
Psi-JackUbuntu 10.04 doesn't even use the old init system at all during boot up.10:56
Psi-JackIt's actually upstart itself that handles starting the /etc/init.d LSB scripts, now.10:57
PresuntoRJPsi-Jack: lol10:59
Psi-JackEven upstart's faq is out of date now, too, because it said to reload the upstart configuration, use initctl reload, but that fails because it's missing a job name.11:00
Psi-JackIt's actually initctl reload-configuration now.11:00
Psi-JackI dunno..  At this point, I'm thinking upstart is a dead-end project of Canonical's. It had great ideas, just not implemented well or fully, after 4, gaining quickly on 5 years now.11:01
PresuntoRJPsi-Jack: have you read about initctl ?11:01
PresuntoRJinitclt list11:01
Psi-JackPresuntoRJ: Yep.11:01
Psi-JackLike I said, the actual docs on upstart.ubuntu.com are out of date, already.11:02
PresuntoRJPsi-Jack: it is sad11:02
Psi-JackI'm wondering how Fedora's systemd will end up being.11:03
Psi-JackThey're moving to it next release I hear, since it's finally just about ready for actual production use. ;)11:03
Psi-JackHeck, it might even make it into RHEL6, but I'm not sure of that, yet.11:03
Psi-JackI remember Solaris's SMF init system. Amazing stuff, great ideas, well done, even.11:06
Psi-Jackupstart was ideally going to be similar, but better, but... It fails. ;)11:07
PresuntoRJPsi-Jack: you should file a bug report on upstart... at least it call their attention11:10
Psi-JackOn what? The whole damned thing's still not even close to production quality. LOL11:10
Psi-JackThere's even a brainstorm on how systemd is better than upstart and ubuntu should replace upstart with systemd. ;)11:12
Psi-JackAnd ironically, the votes are also in favor of it.11:12
twbsystemd *is* better than upstart11:12
twbIt's just not production-ready11:13
Psi-Jacktwb: Yeah. I've been noticing that.11:13
Psi-JackIt /almost/ is.11:13
Psi-JackThey were actually going to roll it out in f13, but it didn't quite make it.11:13
twbpersonally of the three, I've been most impressed by Squeeze's startpar11:13
Psi-Jackstartpar? hmmm11:13
Psi-JackNever heard of startpar11:13
twbSince 1) it works; and 2) it's backwards-compatible; and 3) the speed gain is on the same order as upstart or systemd11:14
twbPsi-Jack: As of Squeeze, Debian defaults to reordering sysvinit jobs based on LSB headers, and running them in parallel.11:14
PresuntoRJPsi-Jack: I have found a "start on never" condition you should try on the upstart avahi-daemon.conf file11:14
PresuntoRJPsi-Jack: it should not start up on boot, and still be available for manual instructions11:15
Psi-JackPresuntoRJ: Which would be the same as not giving it a start rule at all, simply commenting it out. LOL11:15
PresuntoRJPsi-Jack: :-p11:15
twbI'm also *really* not sure about putting init in the hands of the kinds of people that get off on dbus.11:15
PresuntoRJPsi-Jack: I still do many init.d scripts my self...11:16
PresuntoRJPsi-Jack: that's why I never got to understand the upstart model11:16
Psi-JackI've done both, for many years.11:16
Psi-JackWell, upstart, only a few months.11:17
Psi-JackBut, yeah, I go in constantly having to fix broken "LSB" scripts because they're definitely and obviously NOT LSB.11:17
Psi-JackEverytime I see "set -e" in an init script, I cringe.11:17
twbPsi-Jack: pretty much every LSB header in Debian should be fixed now11:18
twbSince it's a requirement for that startpar stuff I was talking about11:18
Psi-JackThat is, absolutely, and posatively, ALWAYS the /worst/ thing you could possibly do in an LSB init script, is set -e11:18
PresuntoRJtwb: is this startpar also event driven ? does it respawn dead daemons?11:18
twbPresuntoRJ: no11:18
Psi-JackYeah, startpar fail then.11:18
twbPresuntoRJ: it's a conservative/incremental improvement11:18
Psi-JackSMF, upstart, and systemd, all have the advantage of watchdogging each service so if it stops, it can respawn it.11:19
PresuntoRJinittab also did it quite well a looong time ago11:19
twbWhereas upstart and systemd are more like "works as long as you don't do anything interesting"11:19
Psi-JackI will say this though.11:19
Psi-Jackupstart IS still better than djb's daemontools. THAT was pure junk.11:20
PresuntoRJtwb: pls, don't try to customize our scripts, they were meant for out of the box only !11:20
twbPresuntoRJ: by "interesting" I mean things like booting / and /home off NFS11:20
twbYou know, like unix has been doing since the 80s11:20
PresuntoRJtwb: ldap? anyone?11:21
Psi-Jacksystemd is targetting F14. Which should be ...11:21
PresuntoRJtwb: I really miss CDE from time to time11:21
twbIt completely and totally fails to work in lucid due to cyclic dependencies and race conditions in upstart jobs11:21
twbLook, I'll show you my workaround...11:21
Psi-JackJust around the corner now.11:21
PresuntoRJlest all go back to system 4.4 (pre BSD, pls)11:21
Psi-Jacktwb: heh, ouch! Yeah. I can see that.11:21
twbprintf %s\\n >/etc/init/mountall-net.conf 'description "Mount network filesystems"' "start on startup" "script" "sleep 2;while :;do pkill -USR1 mountall||:;sleep 0.1;done" "end script"11:22
twbYes, that's right, I just ignore events and have it try to mount any not-yet-mounted network filesystems every tenth of a second, FOREVER11:22
twbmountall(8) is a half-assed kludge because upstart forgot to solve mounting filesystems11:23
PresuntoRJtwb: let the io wars begin !11:24
Psi-JackAgain, AND anew!11:24
* X-2 grabs his old commandor6411:25
Psi-Jackyeah, it seems systemd took all the good ideas from SMF. ;)11:26
Psi-JackIn fact, systemd uses ideas from both SMF and launchd, which is fantastic.11:29
Psi-JackThat's /exactly/ what I've been waiting for for decades.11:29
Psi-Jackyeah, I'm gonna try the alpha version of fedora 14, since it uses systemd. Wanna see it in action for myself.11:38
alien1Hi there11:58
alien1I need a help with a bind server on ubuntu. I configured my DNS server I tested it from another server ... when I use command dig mail.domain doesn't work but if the command is dig domain it works.12:00
alien1I badly need mail.domain to be resolved12:00
jdstrandsoren: hey. I've not really had time to add ufw support to libvirt. I kinda figured that I needed to add FORWARD (and these days maybe ebtables too) support to ufw first. that said, all the necessary chains should already exist in ufw (ie, even though ufw doesn't manage the forward chains via the cli, the chains are there)12:22
jdstrandsoren: so transient rules would be quite easy12:22
jdstrandsoren: well, though I don't do anything with POSTROUTING-- strictly FORWARD12:24
sorenjdstrand: Have you looked at the nwfilter stuff at all?12:25
jdstrandsoren: no12:29
sorenjdstrand: Ok.12:30
jdstrandsoren: reading about it now, it seems their use of chains and subchains is quite compatible with ufw12:32
=== zoopster1 is now known as jpugh
=== jpugh is now known as zoopster
jdstrandsoren: in that libvirt and ufw should stay out of each other's way currently, and that adding support to ufw wouldn't be horribly difficult (though, we'd need some new infrastructure)12:33
sorenjdstrand: Yeah, not maverick material, clealy.12:37
sorenclearly, even.12:37
sorenjdstrand: It sounds really neat. I'm trying to get it working right now.12:38
sorenjdstrand: Oh, I never got around to asking you about this... Now that we run kvm guests as libvirt-qemu:kvm, what about disk image ownership? Does it get mangled or does libvirtd fiddle with ACL's or something?12:54
jdstrandsoren: it gets mangled. but it did before too-- just to root:root12:55
soren?!? What, really?12:55
sorenWhy would it do that?12:55
jdstrandsoren: yes-- 0.8.3 does this sort of thing automatically12:55
sorenOh, did it drop CAP_DAC_OVERRIDE ?12:55
jdstrandI didn't look at the implementation, I saw the results12:56
* soren still finds that *incredibly* offensive.12:56
jdstrandyeah, you are not ht eonly one12:56
jdstrandand there is no way to disable it that I know of, cause it happens in the DAC security driver, which the other security drivers stack on top of12:56
jdstrandsoren: under some circumstances, it will put the files back after it is done with them12:57
jdstrandsoren: that is not true of disk images, but is true of things like a usb key. unfortunately, having it use your actual cdrom device (eg /dev/sr0) will change that until your next reboot (when udev puts it back to what it is supposed to be)12:58
sorenjdstrand: dynamic_ownership in qemu.conf seems to be handy.13:03
soren# Whether libvirt should dynamically change file ownership13:03
soren# to match the configured user/group above. Defaults to 1.13:03
soren# Set to 0 to disable file ownership changes.13:03
soren#dynamic_ownership = 113:03
jdstrandsoren: oh, I did not see that13:03
jdstrandsoren: nice. though, we can't turn that to '0' by default without breaking *a lot*13:03
sorenI only just found it now by tracing back through the DAC override code.13:03
jdstrandsoren: but it is good to know it is there13:04
sorenjdstrand: Yeah. Sadly.13:04
jdstrandmdeslaur: ^13:04
sorenDo we have /any/ idea why it's not based on acl?13:04
jdstrandsoren: I would imagine for maximum portability13:04
jdstrandone would think it could try acl first then fall back13:05
sorenIt wouldn't be hard (nor unusual for libvirt) to attempt fancy new things, and if it fails, fall back to old, crappy things.13:05
jdstrandbut I've not looked at it13:05
jdstrandit's done things like that with qemu for forever13:05
mdeslauryeah, +1 for acls...the chowns it does sucks13:07
=== xfaf is now known as zul
soren:( someone dropped my favourite virt-viewer patch.13:19
mdeslaursoren: what was it?13:24
sorenmdeslaur: The one that let me not have to put "-c qemu:///system" on its command line every single time.13:33
mdeslaursoren: :(13:34
* soren headdesks13:34
sorenOh, well.13:34
* soren fixes libvirt13:35
mdeslaursoren: please add it back13:35
sorenmdeslaur: I'll fix it properly this time.13:35
sorenHow do I shed one of group memberships?13:46
sorenI mean, just for a single process, until it terminates.13:46
=== harrisonk_zzz is now known as harrisonk
sorenFrom the commandline.13:47
harrisonkis there a log of everyone that logs in to a server?13:49
Piciharrisonk: /var/log/auth.log13:50
kaushalI have a weird issue of ubuntu server getting freezed, I do not see anything in dmesg, kern.log and syslog, daemon.log13:51
kaushalis there a way to investigate it further ?13:51
kaushalI have enabled mcelog too13:51
kaushalPlease suggest/guide13:51
kaushalI am running Ubuntu Server Hardy 8.0413:51
harrisonkthen click on the server guide at the bottom13:53
harrisonksorry I thought you needed a guide book13:54
=== bladernr__ is now known as bladernr_
kaushalcan some one please guide me about setting up NameBased Virtual Host in Apache ?14:02
kaushalI have three Doc Root how do i access it on the browser ?14:03
kaushalso ServerName would be in this case would be ?14:04
MTecknologyWhat would be the best way to secure a USB drive but make it not dependant on that system?14:11
MTecknologyNormally I use truecrypt but since reading their license I'd very much prefer not doing that14:11
sherrMTecknology: license issue with Truecrypt - what in particular?14:13
MTecknologysherr: they call it 'open' but it's very very VERY restricted14:14
* patdk-wk wonders what the definition of, not dependant on that system, is14:15
* patdk-wk finds luks to not be dependent :)14:15
patdk-wkdid you mean cross os compatability?14:15
MTecknologyHow hard is luks to use?14:15
patdk-wkluks is esay14:16
MTecknologyany wiki page for that?14:16
patdk-wkin the gui, ubuntu autodetects and uses them no issues14:16
MTecknologyI don't like gui so I'd get to use cli - but that's pretty cool14:16
patdk-wkI do most of mine with cli, just takes 2 or 3 steps then14:17
patdk-wkunless you use crypttab to make it easier14:17
patdk-wksomething like this: https://help.ubuntu.com/community/EncryptedFilesystemHowto314:17
patdk-wkcryptsetup luksOpen, mount; unmount, cryptsetup luksClose14:18
MTecknologyyuppers.. that's exactly what I was looking for14:18
patdk-wkin the gui, it just shows the drive, click on it, it asks for password, it then opens it, and mounts it14:18
patdk-wkI haven't played with using random offsets for the luks header yet14:19
MTecknologyI only ever used LUKS from the alternate installer and from gentoo - one easy and one sucked pretty hard :P14:19
MTecknologyThis looks incredibly easy14:19
patdk-wkmy harddrive is full encrypted using luks14:19
=== dendro-afk is now known as dendrobates
patdk-wkso is my home server14:20
patdk-wktoo many warrenty drive replacements, keeping the data encrypted simplifies that14:20
xmaxmexhey patdk-wk.... /boot too...encrypted ?14:21
MTecknologyI'll probably do about 300GB for backup and 200GB for NTFS14:21
patdk-wkxmaxmex, nope14:21
MTecknologyafaik, you can't encrypt /boot - only keep it on something external14:21
MTecknologyhas that changed?14:21
patdk-wkif grub supported luks, it would work14:22
MTecknologyyou mean grub on the mbr could load a luks volume?14:23
patdk-wkthat would be the idea14:23
MTecknologyI didn't know it could do that :P14:23
patdk-wkit can't :)14:24
* patdk-wk notes the keyword, if14:24
MTecknologyI'm actually testing the drive with badblocks14:25
MTecknologynot sure if I feel like letting it finish though14:25
patdk-wkif it's an ssd, run it a few more times :)14:25
MTecknologyI'm not a big fan of SSD (yet)14:25
MTecknologyIt's a 500GB external seagate14:26
patdk-wkI'm loving my ssd14:26
patdk-wklaptop slowing it down though14:26
patdk-wkmy tests where getting 265MB/s throughput14:26
patdk-wklaptop only has sata1, so max 140MB/s14:26
patdk-wkencryption penalty, and it gets about 80MB/s14:27
MTecknologyMy only experience has been with the first netbooks14:27
MTecknologyNot sure if I want to finish with badblocks..14:28
patdk-wkdesructive test?14:28
MTecknologybadblocks -c 10240 -s -w -t random -v /dev/sdb14:29
sorenmdeslaur: \o/14:29
mdeslaursoren: what's up? :)14:30
patdk-wkheh, let it finish14:30
sorenmdeslaur: https://www.redhat.com/archives/libvir-list/2010-September/msg00043.html14:30
MTecknologypatdk-wk: I'll consider my drive super clean after this :D14:30
sorenmdeslaur: Didn't mean to leave you hanging there, I just had to wait for it to hit the ml archive.14:30
sorenmdeslaur: That fixes virsh, virt-viewer, and virt-manager in one go.14:30
mdeslaursoren: oh, cool! :P14:31
sorenmdeslaur: In theory, at least. :)14:32
sorenI wonder why I didn't do it that way to begin with.14:32
sorenOh right, because libvirt always went to xen by default.14:33
sorenmeh. Brave new world.14:33
MTecknologypatdk-wk: yay! it passed 5% :P14:36
MTecknologypatdk-wk: 15%... this is getting old :P15:06
ScottKSpamapS: I think you're premature to declare victory on gems.  I still object to the fact that gems can silently replace system binaries in your proposal.15:10
uvirtbotNew bug: #629524 in squid (main) "db_auth missing in ubuntu packages" [Undecided,New] https://launchpad.net/bugs/62952415:11
patdk-wkMTecknology, yes, but it's a good thing :)15:13
MTecknologypatdk-wk: ya- but there was nothing private on it :P15:20
hallynyou know, i'm trying out 'cache='none'' in virt-manager right now, and am pretty sure this is way slower than it was before15:20
patdk-wkhmm, that isn't going destroy any data15:20
patdk-wkit reads the drive, then writes random stuffs, tests it, then writes the org stuff back15:20
patdk-wkoh wait, heh never mind that15:21
hallynoh, hm, maybe it wasn't its fault :)15:21
zulsmoser: soren wants to more about the grub boot floppies for UEC15:23
sorensmoser: So... zul says something about floppies and uec and kernels.. What's that all about?15:23
smoserso, eucalyptus and ec2 run things with a kernel15:25
smoserin euca, and kvm, that means '-kernel <thing.here>'15:25
smoseri wanted to duplicate functionality of ec2's pv-grub solution (they use grub 0.97 to read /boot/menu.lst and register the pv-grub as a kernel, and it loads kernels and ramdisks)15:26
sorenOh, I didn't know they added that.15:26
smoserat first i thought i could just give "kernels" that were grub multiboot images.15:27
smoseras kvm can load a grub multiboot image15:27
sorenNah, that'd be by luck, I think.15:27
smoserwell, that doesn't really work, as when kvm does load a multiboot image, that multiboot image doesn't see biosdisks of type scsi15:27
smoser(it does work for virtio, but isn't promised to, and actually fails on reboot)15:27
smoseranthony's suggestion was to create a boot floppy15:28
sorenWith grub on it?15:28
smoserso, what i do is let the user register a multiboot compliant image as a kernel15:28
sorenFirst-stage loader?15:28
sorenOh, ok.15:28
smoserand i just promise to load that15:28
Deep6guys is there a way to get xen working on lucid without having to resort to hackish stuff?15:28
smoseri do that now by creating a grub floppy that multiboot loads the thing that they gave me.15:29
sorensmoser: "they"?15:29
Deep6my box doesn't have HW vm support15:29
smoserthey, as in registered kernel.15:29
sorensmoser: Oh, "the users".15:29
sorensmoser: Gotcha.15:29
sorensmoser: Thought you meant eucalyptus or kvm or whatnot.15:29
smoser(getting a link to patch for eucalyptus)15:30
sorenOk, so how is this strung together? You ship the floppy image or do you generate it?15:30
Deep6tap tap this thing on? anyone read me or am I still in some sort of limbo?15:30
smoserits kind of hacky how i do it.15:30
sorenDeep6: We hear you.15:31
smoseri generate it on the node.15:31
Deep6soren ok :)15:31
Deep6wasn't sure as I've not used this irc client before15:31
sorensmoser: Ok... and then how do you determine that this is what you want to use, rather than the regular kernel/ramdisk combo?15:31
smoserif its a multiboot image it takes the floppy path15:31
sorenOh, that's easily detectable?15:32
smoserthat shows how.15:32
smoserbasically 3 uint32 fields in the first 8192 bytes .15:32
smoserone is a signature byte15:32
smoserthen the 3 sum to uint32 015:32
smoserso, there is obivoulsy a chance for false positive.15:33
smoserbut its the same logic that kvm uses15:33
smoserso if i hit false positive, kvm would have anyway15:33
Deep6can anyone recommend a page for getting xen to work on lucid?15:34
smosermk-mb-loader is what makes the floppy disk.  that gets called by gen_kvm_libvirt_xml15:34
Deep6I've been googling about but nothing solid15:34
Deep6seems kind of broken :(15:34
sorenDeep6: It very likely is.15:34
Deep6soren...that's disappointing :(15:35
sorenDeep6: That's Xen for you.15:35
Deep6well I'd have to point the fault at Ubuntu this time15:35
Deep6broken packages15:35
sorensmoser: So... the goal of all of this is to make it so that people can put their own kernels in the filesystem.15:35
Deep6looks to be missing a xen kernel image entirely15:35
sorensmoser: ...and then eucalyptus will use that.15:35
smosersoren, well, yes.  putting kernels inside a filesystem is a pretty common practice :)15:36
Davieyzul, Would you be the best person to chime in with Deep6 ?15:36
sorenDeep6: We don't support Xen dom0 and haven't for a long time15:36
sorensmoser: ...but having it work on EC2 is not :)15:36
sorensmoser: Well, now it's becoming so, but up until recently.15:36
smoserright, and then genkvm_libvirt_xml writes xml that adds a floppy to 'loader' if it found a multiboot. otherwise, it writes 'kernel' to 'kernel'15:36
DavieyDeep6, I haven't touched xen since hardy :(15:37
zulDeep6: get the xen source from xenbits.xen.org and build it from source15:37
smosersoren, yeah, so it is a new feature, but i personally think its a *huge* feature.15:37
sorensmoser: I'm probably being really dense here..15:37
smoserdense on what ?15:37
sorensmoser: I'm getting to that :)15:37
patdk-wkbeep6, xen was dropped after 8.0415:38
sorensmoser: So... On EC2, how does the user tell the system that he wants to use the kernel on the filesystem and not one provided by Amazon (or someone else).15:38
DavieyDeep6, If it's not working for you with the packages, please do raise a bug15:38
patdk-wkso unless you do it yourself, from scratch, it isn't going work15:38
SpamapSScottK: hmm, I hope it didn't come off as victory. Its just consensus and a move in the right direction by the maintainer.15:38
sorensmoser: Is there a magic AKI?15:38
Deep6Daviey there appears to already be a bug opened15:39
smoseryes, amazon has 2 magic aki's per region15:39
sorensmoser: Oh, and I do agree this is a huge feature, by the way. No doubt.15:39
sorensmoser: I figured as much.15:39
Deep6zul: I'm not wanting to invest that much time to be candid :(15:39
Deep6I'll just likely grab debian instead as my dom015:39
smoserthat is the akis15:39
sorensmoser: And for people to use this on UEC, they shove a special kernel into their installation, and use the AKI corresponding to that to make this work.15:40
SpamapSScottK: that said, only Daigo has stated in the bug report that he is concerned with binaries going into the path. An overwhelming group of people are quite vocal that they want those binaries in the path by default.15:40
sorensmoser: ...and then eucalyptus detects this special AKI and uses the boot floppy to boot.15:40
sorensmoser: Is that about right?15:40
smoseroh. well, maybe15:40
smoseron eucalyptus, there is no speciak "AKI"15:40
smoser(in my implementation)15:40
smoserie, not a special aki id15:40
smoserif the kernel that is given to boot is a multiboot image, then it treats it specially.15:41
sorenI see, ok.15:41
smoseri'm not sure whether or not amazon actually had to do something special with their akis or not.15:41
smoseror, if anyone who could publish a kernel (ie me) could have just loaded a functional pv-grub loader as akernel and magic would have happened15:42
Davieysmoser, BTW... what are the steps to create a tarball of a lucid and mverick image with a ramdisk?15:42
smoseryeah, silly openstack, and its insistence on ramdisk. what year is this ?15:42
smoserDaviey, extract tarball, mount image, copy /mnt/boot/initrd-*virtual* ./my-initrd15:43
sorenWhat happens if you just provide an empty ramdisk?15:43
sorenThat should do the trick, really.15:43
smoserthen you can use publish-image for the kernel and ramdisk, or create a tarball with all those files init.15:43
smosersoren, yeah, i dont know its possible. the kernel would jus tignore it and try to go on with life.15:44
* Daviey waits for his eucalyptus cloud to finish installing before trying it.15:44
Deep6Daviey: https://bugs.launchpad.net/ubuntu/+source/xen-meta/+bug/54011015:44
uvirtbotLaunchpad bug 540110 in xen-meta "ubuntu-xen-server has broken dependencies (dup-of: 538917)" [Undecided,New]15:44
uvirtbotLaunchpad bug 538917 in xen-tools "xen-tools is not available in lucid" [Undecided,New]15:44
ScottKSpamapS: I just said it in the bug report too.15:45
alex_jonioops.. sorry15:45
smosersoren, one other piece of info.15:45
MTecknologypatdk-wk: Can cryptsetup handle UUID?15:45
smoserour uec-images come with a file named '-loader' which is a grub  multiboot loader that just basically does "multiboot (hd0,1)/boot/grub/core.img"15:45
ScottKSpamapS: I don't mind in the path, just not so it can replace system packages.15:45
MTecknologyThis is the first time UUID would actually help me :P15:46
smoserso then the guest just has to maintain /boot/grub/core.img and the loader will work.15:46
sorensmoser: Oh, ok, so it's not exactly like EC2.15:46
smoserwell its really close. we use grub215:47
smoserthey use grub115:47
smoseri didn't want to maintain grub1 code15:47
smosermore than i had to15:47
sorensmoser: i don't blame you :)15:47
smoserthat is what makes our loader file15:47
sorenI'm just curious, though...15:47
sorenIf you don't support the exact same approach as..15:48
sorenI know why :)15:48
sorenI was going to ask:15:48
sorenIf you don't support the exact same approach as EC2 anyway, why not go all in and just skip the whole -kernel (and optionally -ramdisk) business and just boot directly (like most peopel use kvm).15:48
smoserwe have 2 loader management utilities in our images.  grub-pc (for uec) and grub-legacy-ec2 (which does not conflict with grub2)15:49
soren..but obviously, there's not mbr.15:49
smoserright. i'd have had to have eucalyptus write an mbr, and put a loader on it.15:49
smoserand actually, my loader will do that.15:49
smoserso, if you booted an instance, via core.img15:49
smoserthen removed core.img15:49
smoserand installed any loader onto the guest's /dev/sda15:49
smoserthen rebooted15:50
smoserthe multiboot loader would not find the core.img and chainload to the disk15:50
sorenNova, by the way, is growing an option to let people upload raw disk images and specify a special AKI that will just boot the disk image directly.15:50
smoser(this is not tested, though, but "should work")15:50
smoseri did consider that path.15:50
smoserand using something like 'aki-RAWDISK'15:51
smoserbut that was more intrusive.15:51
sorenIt's very handy for people using hypervisors that don't let you pass kernels and ramdisks and such.15:51
sorenLike VirtualBox, for intsance.15:51
smoserwell, the floppy solution works there to15:51
soreninstance, even.15:51
sorenWell, probably.15:51
smoserif you dont mind using hardware from 199015:51
smoser(the floppy15:51
patdk-wkMTecknology, I hope so15:51
sorenThe rawdisk thing lets you boot other OS's, too, though.15:52
patdk-wkcrypt640bUUID=9dffcad4-f051-4db9-9323-51cd74ba2681 /etc/keys/storage.key luks15:52
patdk-wkcrypt2aUUID=6e5be471-b3e1-448f-8433-bb081cc4f7ef /etc/keys/storage.key luks15:52
patdk-wkcrypt400UUID=4afe55a6-1610-4f07-b07e-8c73d700c1c1 /etc/keys/storage.key luks15:52
patdk-wkcrypt1bUUID=e3fbc6b2-5877-4c97-846c-bd3532ec2c00 /etc/keys/storage2.key luks15:52
patdk-wkcrypt1aUUID=a8fb5ac8-680a-4acb-8fd6-414cb871591e /etc/keys/storage2.key luks15:52
sorenWho have never wanted to run OS/2 in the cloud? Come on?15:52
MTecknologypatdk-wk: I take that as a yes :P15:52
sorenpatdk-wk: Please don't do that agian.15:52
MTecknologypatdk-wk: thanks :D15:52
patdk-wkheh, it's only 5 lines15:52
sorenpatdk-wk: s/only //15:53
smosersoren, so does the floppy15:53
smoser(boot other oses)15:53
zulsoren: i still have that caldera bootdisk lying around15:53
smoseryou just provide a loader.15:53
sorensmoser: I clearly haven't grasped grub2. How'd you do that?15:53
smoseruec images provide a linux specific loader. but anyone can provide a loader that loads windows.15:54
smosergrub2 is crazy cool15:54
smoserlook at lines 53-77 or so at http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/annotate/head%3A/mk-uec-mb-loader15:54
smoserthat is grub script15:55
sorensmoser: Ah, wicked.15:56
smoseri'm guessing it would not be difficult to add identical function to openstack, to use a boot floppy if a multiboot image is found in specified aki15:57
smoserother than using a floppy, i think its really clean.15:57
smoserthe nice thing is, what i promise to the end user is that i can load a multiboot image.15:57
smoserwhich is a documented standard, and one that grub isn't going to drop support for anytime soon.15:58
sorenYeah. Very cool!15:58
sorenI notice there's code for virtio in one of the scripts you patch.15:59
smoseryeah, euca 2.0 supports virtio root15:59
=== ivoks is now known as ivoks_away
sorenHow do you determine if the image in question will handle virtio disks nicely?15:59
smoseryou dont15:59
sorenIt's globally configured?15:59
sorenThought so.15:59
smoseryeah, its a mess of backwards compatibility16:00
sorenYeah. There's a reason we didn't just tweak the libvirt xml ourselves back then.16:00
sorenBut meh.16:00
smoserthey would have had to extend the ec2 api to allow per-image choice16:00
smoserwell, its configurable.16:00
smoseri had multiple conversations with multiple people on exactly what would break or was at least indeterminable when the admin turned on virtio root, virtio net, and/or virtio ebs volumes16:05
smoserbasically, you cannot keep backwards compat.16:05
smoserbut the scsi is a dead, unmaintained option.16:05
SpamapSScottK: the proposal has things going into /usr/local, where dpkg isn't allowed to put files.16:06
sorensmoser: Yup. It's teh suck.16:06
SpamapSScottK: so there is no replacement of packaged system files at all.16:06
sorensmoser: I'm looking at your code... Are the floppy and the loader tied to each other?16:06
sorensmoser: Then why must I pass the loader to the floppy generation thing?16:06
ScottKSpamapS: Replacement not in the send of replacing the file, but in the sense of superseding what gets run.16:06
smoserbecause the floppy will load *any* multiboot compliant loader16:07
smoserand the uec images come with *a* multiboot compliant loader16:07
smoser(which is quite likely suitable for other linuxes with grub-pc)16:07
mathiazScottK: how is that different from "make install", CPAN, python?16:08
smoseri could have cut out one of the steps, and just had the user supply a floppy disk as an aki.16:08
ScottKmathiaz: Python at least puts stuff in site/dist-packages where it's only in the path for Python.16:08
sorensmoser: Ok, it just seems odd that it needs it at build time, but I can use something completely different at runtime.16:08
ScottKSo it's radically different.16:08
mathiazScottK: installing via python distutils could drop an new apt binary in /usr/local/bin16:08
sorensmoser: Possibly because I don't understand it very well yet.16:09
b0gatyr_I need to install an MTA on my ubuntu box for only sending emails, what should I use?16:09
smoserbuild time ?16:09
smoserwhat build time16:09
ScottKmathiaz: It could, but it's not the typical use case.16:09
smoseri really should document this by the way.16:09
mathiazScottK: so how is that different in the gem world?16:09
sorensmoser: mk-mb-loader16:09
sorensmoser: Builds the floppy image.16:09
smoseri've wanted to, and this conversation is the best doc there is on it at the moment.16:09
ScottKmathiaz: My understanding is in the gem world installing to /usr/local is the normal use case.16:09
sorensmoser: Oh, I thought that floppy image would be reused?16:10
smoserthe floppy that it outputs cannot be reused16:10
sorensmoser: Ok, then I get it. No worries.16:10
smoserit is specific to that aki16:10
ScottKAnd while gems are generally thought of as a developer tool, once you freeze the gems and distribute your app, then it's an end user problem too.16:10
mathiazScottK: well - yes - user scripts go in /usr/local/bin/.16:10
mathiazScottK: isn't that the same in the python world as well?16:10
sorensmoser: Gotcha. I'm with you now.16:10
smoseri could have done a generic one, by using 2 floppies16:10
smoserbut comon, who ever had 2 floppy drives!16:10
mathiazScottK: easy_install ends up in /usr/local/bin/.16:10
smoserfwiw, the floppy could easily be made into a cdrom16:11
sorensmoser: I just somehow got the idea that it was only generated locally beucase it was simple to do so, people were likely to have the dependencies anyway, and it saved a bit of bandwidth.16:11
sorensmoser: Hey, I had two floppy drives for years.16:11
sorensmoser: And nothing else.16:11
sorensmoser: And one of them was 1.44MB!16:11
ScottKmathiaz: But we patch easy_install to respect if the package is already installed via a Debian package and not replace it.16:12
ScottKI'd be happy with that.16:12
smoseri got to run. i will try to write this out somehow.16:12
smoserbut i think you get the general idea16:12
sorensmoser: Wicked. Thanks for clearing this up!16:12
smoserand why the solution16:12
sorensmoser: Certainly.16:12
mathiazScottK: right - that could be a useful improvment16:12
ScottKmathiaz: Do that and I'm happy.16:13
mathiazScottK: how does it relate to the /usr/local/bin issue?16:13
smoserso far the only issue we've hit with it was that i added 'grub-pc' as a dependency to eucalyptus-nc.16:13
smoserwhich forced grub-pc to be installed earlier in the install process, which caused installer issues.16:13
mathiazScottK: what does easy_intall actually do wrt to debian packages?16:13
mathiazScottK: does it check if there is already an executable of the same name provided by a debian package?16:14
mathiazScottK: and if so easy_install refuses to proceed?16:15
ScottKmathiaz: I don't recall the details and I'm in a meeting at the moment, but something like thtat.16:15
ScottKAcutally I think it considers itself to have succesfully provided the requested package.16:15
SpamapSI'm fairly certain the ruby devs of the world would *hate* that gems wouldn't let them get the newer ruby lib just because the debian version was installed.16:24
SpamapSI've had many occasions with CPAN where I just want to replace one library in the chain of dependencies with the newest version.. but the others from deb/rpm/whatever are fine.16:25
SpamapSBut thats not really at issue. The current rubygems will happily let you replace an existing debian installed gem with a newer one.16:26
SpamapSIts just that if it has binary scripts, they won't be in the path16:26
twbEven if it lets you shoot yourself in the foot, it should still warn you16:26
SpamapSwhich is, btw, awesome because the binary script that you have, may not be compatible with the one from the library.16:26
SpamapStwb: ... ./configure doesn't warn you that you're putting stuff in /usr/local..why should gems?16:27
twbYou said "replace"16:27
twbI assumed that meant clobbering files16:27
twbAnyway, it's nowhere near as bad as trying to mix cabal and debian Haskell packages16:27
SpamapSjust putting them in an earlier point in the ruby library path16:27
twbWhich is pretty much guaranteed to result in your compiles failing at link time due to it trying to statically link in multiple versions of a library16:28
=== sjm is now known as sjm_
twbAt least debian haskell packages are actually maintained now16:28
ScottKSpamapS: I get that Ruby devs are insane, that doesn't mean we should be too.16:29
=== sjm_ is now known as sjm
SpamapSI have to agree with the poster who is concerned about how far Debian diverges from upstream.16:29
twbupstream is always insane16:29
SpamapSScottK: whats next, patch autoconf to put things in /var/lib/C by default?16:30
ScottKSpamapS: I'm not arguing the current situation is good.16:30
ScottKSpamapS: I'd be OK if it would do something like fail and warn "gem X would supersede binaries provided by package Y.  If you want gem X, remove package Y or reinstall with -f."16:32
SpamapSScottK: protecting /usr/bin from /usr/local/bin overrides isn't really something the OS can or should do.16:32
ScottKNot allowing third party non-native package managers to break the system, however, is.16:33
vmlintuSpeaking of ruby and gems - does anyone know how actively the gem debs are maintained? It seems like most ruby applications in the wild require something that is not packaged..16:33
SpamapSBecause right now, the bulk of the ruby world starts their system configuration on debian and ubuntu with  wget http://rubygems.org/rubygems.tar.gz && ... make make install and gets their gems *in /usr/bin*16:34
SpamapSSo by trying to protect these users, we've forced them into a much worse situation.16:34
SpamapSvmlintu: Ruby is exploding way to fast for packagers to keep up.16:34
ScottKOK.  So let's find a compromise that improves the situation.16:34
SpamapSScottK: If there was a hook in rubygems that could use update-alternatives, that might be better than just tossing things in /usr/local/bin from the debian package maintainer viewpoint. I am wary of the complexity of such a solution though.16:36
ScottKSpamapS: That's was got reverted last time around.16:36
vmlintuAre there efforts underway to get any ruby applications and their dependencies packaged or are all the efforts doomed?16:36
ScottKThere are ruby packages in the archives, just not gem based ones.16:37
SpamapSwell at this point, gem install from ruby 1.9.2 will put things in /usr/local/bin directly16:37
SpamapSI'd like to see a dh-make-gem created16:37
SpamapSAt least from that standpoint, it would lower the barrier to entry for making gems into debs16:38
ScottKSpamapS: I don't understand why it is essential that gems have unfettered access to trample the namespace of every binary on a system?16:39
twbvmlintu: there's at least one ruby app in ubuntu -- apt-listbugs :P16:40
SpamapSScottK: because thats what the authors intend it to have?16:40
ScottKSpamapS: And the Debian package system intends it to have none.  So what's the middle ground.16:40
vmlintutwb: puppet is also using ruby and rails16:40
SpamapSScottK: again, make and autoconf do the same thing... nobody's patching them to avoid /usr/local16:41
SpamapSQuite a few users download unpackaged software and untar, ./configure, make && make install, and accept the problems with that.16:41
vmlintuI wonder what happened to debgem.com as they managed to package a huge number of gems in some way..16:42
Madwillis this possible that httpd.conf is an empty file ?16:43
twbvmlintu: getting 90%-right packaging is something you can pretty much automate16:43
SpamapSIts very similar to the common carrier problem ISP's have. They *could* stop child porn at the routers, but then they'd be *responsible* for how people use their network. We are not taking responsibility for users' actions at a level that IMO is inappropriate.16:43
twbMadwill: check the .d directories16:43
SpamapSs/are not/are now/16:44
SpamapShuge DOH16:44
ScottKSpamapS: If they replace our gems with theirs, then it's equally no longer our problem.16:44
Madwillonly charset in there16:45
ScottKSo this kind of argument also works for keeping the status quo.16:45
Madwillmust be on the wrong folder16:45
SpamapSScottK: right, so thats what most do, because they like Ubuntu enough to put up with that crap. But I have two personal friends who considered switching to CentOS because rubygems was so broken, they were tired of fixing it themselves.16:45
twbMadwill: I don't run apache, so I can't help much more.  Have you checked what the Ubuntu Server Guide has to say about it?16:45
SpamapSScottK: and we were inundated with ruby sysadmins and devs at Velocity 2010 begging us to fix rubygems16:46
twbSpamapS: have they filed a bug report in launchpad? ;-)16:46
SpamapStwb: years ago16:46
Madwilli think its in apache.conf and not httpd.conf anymore16:46
ScottKSpamapS: That's fine, but the definition of "fix" is not necessarily follow upstream's insanity blindly.16:46
Madwillthen what do you run out of curiosity ?16:47
SpamapSScottK: agreed, which is why we change /usr/bin, to /usr/local/bin. :)16:47
twbMadwill: busybox httpd16:47
SpamapSScottK: at least that way users can blow away /usr/local/bin/* and be "back to debian" ;)16:47
Madwillinterresting thx16:47
ScottKSpamapS: I agree that's an improvement, but I'd like to find a reasonable way to protect the namespace of existing binaries.  I wouldn't even mind if it was limited to protecting non-gem binaries.16:48
SpamapSIt would be interesting to expose the security problems in CPAN/pypi/rubygems by creating a MITM DNS cache poisoning attack that replaces the word "the" in string literals of code with "pwn3d" or something like that.. :)16:48
SpamapSScottK: is there an existing list of all packaged binaries? Otherwise are you going to do a 'which' before install (with users', not root's path)?16:49
twbSpamapS: apt-file ?16:50
SpamapSThat only knows about the currently installed binaries, right?16:50
twbEmphatically, no16:50
twbBut even so, it wouldn't help, because I could upload a new .deb next week that provides a new binary16:51
ScottKSpamapS: Maybe XB-Ruby-Gem and then if that's present, it's OK to supersede it.16:51
SpamapSOk, so that might work.16:51
twbAlso apt-file isn't installed on normal systems :-)16:51
SpamapStwb: yeah, like I was thinking earlier.. I don't think its the OS's job to protect that namespace. If the sysadmin starts installing things with a different package manager, they have accepted responsibility... we should of course make efforts to avoid unrepairable breakage, but I don't think we should stop them.16:52
SpamapSAnd somebody already pointed out that you only have to be a member of 'staff' to install in /usr/local, so you can even protect yourself by installing gems as a staff member, and not root.16:53
twbIMO it's reasonable to expect gems to (mis)behave about the same as cpan(1) and python-setuptools.16:53
SpamapSCPAN puts stuff in /usr/bin by default I think16:54
twbAnd I'd say the best way to fix it is to write code that can automatically turn gems into local packages, and encourage people to use that instead of just writing files onto the filesystem16:54
SpamapStwb: yeah like the sdist tool for python that allows very easy debianizing of pypi pakages16:54
twbSpamapS: I was actually thinking even more one-shot, like "m-a a-i foo" is/was16:55
vmlintuI'd love having something to easily turn gems to debs..16:55
twbvmlintu: I'm not stopping you from implementing it :P16:55
SpamapSvmlintu: file a wishlist bug. :)16:55
ScottKSpamapS: Would you agree with the idea that as a design goal it would be reasonable for gems to not supersede binaries provided by non-gem packages?16:55
twbScottK: where "provided" means already installed on the filesystem and visible to dpkg -S ?16:56
ScottKCan't expect it to know about packages not installed.16:56
twbScottK: it's TECHNICALLY possible (assuming your sources.list doesn't change), but I grant that it shouldn't be expected to know16:57
vmlintutwb: I'll probably implement something as I have a project in development with huge pile of gem dependencies that would need to be distributed somehow..16:57
SpamapSScottK: by limiting gems to /usr/local, you are already guaranteeing you won't overrite files. I think its reasonable to do a checkbefore install that goes "WARNING: bin files in this gem overrwrite files you already have in your path" .. but they should be able to continue anyway16:57
ScottKtwb: Agreed.  It's also very hard to not be slow even for ruby if you have to check stuff not installed.16:57
twbAre gems always 100% architecture: all?16:57
SpamapSScottK: the problem with that is, root's path is different from bob's path16:58
SpamapStwb: no16:58
vmlintutwb: no.. some of them compile binaries from c or something else..16:58
SpamapSlooking at the format of a gem .. it should be trivial to generate a debian/control and a tool to add to debhelper16:59
twbMake sure to write the tool in perl to spite the ruby users :P17:01
SpamapSwasn't ruby's creation inspired by perl6?17:02
twbI thought it was caused by greenspunning17:02
dominicdinadahow do i flush the arp tables ? some annoying entries in there that i cant figure out where the machine name is set to rujl1rb3tr13g90b lol17:03
twbdominicdinada: ip neighbour flush ?17:03
SpamapSdunno, the history on the website doesn't actually mention perl so maybe that was some crackpot idea from the nether regions of my head17:03
twbSpamapS: it's more a mishmash of the more obvious features of smalltalk and lisp, iirc17:04
dominicdinadatwb: i would assume so... i dont see it set in any of my hostnames but the server keeps calling it ewrfhj;wgasg;17:04
twbdominicdinada: uh, your getting line noise at the end of your messages17:04
twbSpamapS: http://en.wikipedia.org/wiki/Greenspun%27s_Tenth_Rule17:04
dominicdinadatwb: lol not noise the machine name is a bunch of random letters... so u can see how annoying that is17:05
SpamapStwb: hah, what an interesting concept. :)17:05
twbdominicdinada: is your host on a trusted network?17:05
twbdominicdinada: well, you can't use arp on an untrusted network17:06
dominicdinadai am pretty sure it is my doing when i was pissed long long ago i just cant track down which machine i set with the name lolk17:06
twbI guess someone is arp poisoning you17:06
dominicdinadatwb: well it is not ness, a arp entry i just assumed it was in the arp cache and other OS17:06
dominicdinadaOS's store such information and such in the arp tables17:07
twbSpamapS: it applies to more than just C and Fortran, of course -- it's just that's all that was around when Greenspun formulated the hypothesis.17:07
twbdominicdinada: when you run "ip neigh show", is it there, or not?17:07
SpamapStwb: Lisp and Haskell are on my todo list.. I suppose I should give them both a try. :-P17:07
kirklandzul: hey, i have an apache2 change i'd like to run by you17:08
twbSee also jwz's "Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can."17:08
zulkirkland: sure17:08
dominicdinadatwb: dang it i think i named the gateway the jibberish :/17:09
kirkland-                       --with-suexec-docroot=/var/www \17:09
twbHe had a really funny comment in, lesse, xscreensaver code, too...17:09
* SpamapS rejoices as his U-verse connection returns, freeing him from the bonds of 3G17:09
kirkland-                       --with-suexec-docroot=/home \17:09
kirkland+                        --with-suexec-docroot=/home  \17:09
twbdominicdinada: if it's an appliance, maybe it just got its knickers twisted -- bounce it17:09
zulkirkland: why?17:09
kirklandzul: basically, changing the suexec doc root default from /var/www (which doesn't work out of the box, as far as i can tell)17:10
kirklandzul: to /home17:10
SpamapSkirkland: +++17:10
kirklandzul: so that it'll work with /home/*/public_html17:10
dominicdinadatwb: still learning the underlying linux commands as this information is stored elsewhere in other OSs flavors17:10
SpamapSsuexec is only useful in per-user contexts17:10
kirklandzul: as it stands, you'd have to move each user's public_html to /var/www/*/public_html for it to work17:10
kirklandSpamapS: have you experienced this before17:10
kirklandSpamapS: this is the first I've encountered it17:10
twbShouldn't stuff be pointing at /srv/www instead of /var/www by now?17:10
kirklandSpamapS: but I found http://www.unixguru.biz/howto-apache2-suexec-php5-and-fastcgi-for-virtual-domains/17:11
twbdominicdinada: no worries17:11
SpamapSkirkland: I've configured suexec many times.. you never want that docroot to be the system wide docroot.17:11
zulkirkland: its this for php/17:11
kirklandSpamapS: okay ... how do I reconfigure it?  looks to me like the suexec binary has to be rebuilt from scratch17:11
kirklandzul: php or python, yeah17:11
SpamapSI haven't ever used suexec on a distro packaged apache though, because its usually pretty broken.17:12
zulkirkland: im hesitant against this change right now because we are getting closer17:12
dominicdinadatwb: ok it is actually this computer that is named "blah-tvykimdu0" since i am stream video to this machine iptraf shows the packets streaming BUT this machine hostname is set to diabolical-xx17:12
dominicdinadawhere the heck else is the machine name set if not in hostname... but it could be old neighbor entries :/17:13
kirklandSpamapS: would you mind filing a bug against apache2, complaining about suexec, and assign it to me?  :-)17:13
twbdominicdinada: probably the hostname you have in /etc/hostname (and /etc/hosts) doesn't agree with the records in your router's DNS server17:13
progre55hi guys, I need to gzip a huge file and pass it over to another server. But I dont have enough space on my current server for the gzipped file. How can I pipe the output of "tar -czf file.tar.gz file" into scp?17:13
twbdominicdinada: are you using DHCP to get an IP?17:13
SpamapSkirkland: hah, sure. :)17:13
patdk-wkyou can't pipe to scp17:13
dominicdinadatwb: in the router it is set correctly. because on the activity report it lists the machine name correctly there... yes dhcp17:14
kirklandzul: bummer17:14
twbpatdk-wk: cat -zc foo/ | ssh 'cat >foo.tar.gz17:14
twbOops, bad completion17:14
kirklandzul: i'll have to build a local copy then for my fedex project17:14
kirklandzul: how long does apache2 take to build locally?17:14
patdk-wkhehe :)17:14
zulkirkland: couple of minutes17:14
* patdk-wk wonders what output 'tar -czf file.tar.gz file' makes anyways17:15
dominicdinadatwb: nano hostname shows correct computer name ugh17:15
twbdominicdinada: then I don't know where the "bad" hostname is coming from.17:16
dominicdinadatwb: on the server i did ip neighbor flush all17:16
dominicdinada maybe it needs a reboot :/17:16
twbdominicdinada: you COULD reboot the server.  Or you could isolate and fix the damn problem.17:17
twbSpamapS: wouldn't something sudo- or polkit-flavoured be easier to lock down than suexec?17:17
dominicdinadatwb: well i am making the effort as i said before i cant track down any issue except old records it is very possible i named this machine blah-gkeghjeg before and changed it. or it could be a naming conflict but i dont think there is one17:18
twbdominicdinada: OK, fair enough17:18
dominicdinadatwb: every where i know to check the machine names etc it is not showing as a funny name :(17:19
patdk-wkdominicdinada, where do you see the incorrect name?17:20
dominicdinadawell in iptraf       but it is all over like in netstat etc17:20
patdk-wkthose all use whatever is set in nsswitch17:21
patdk-wkhosts:          files dns17:21
dominicdinadai will check on both machines17:21
SpamapStwb: yes, suexec *sucks*17:21
twbpatdk-wk: run "getent hosts" on both the good and bad names17:21
twbSpamapS: maybe it should just not be shipped by ubuntu, then17:21
dominicdinadansswitch.conf = db files :O17:21
patdk-wkheh, I don't use getent much, but then I don't have issues like that :)17:22
twbdominicdinada: run "getent hosts" on both the good and bad names17:22
twbpatdk-wk: ignore that, I'm fat-fingering nicks17:22
SpamapStwb: no, its an industry standard and you would alienate *thousands* of hosting providers by not shipping it17:23
twbSpamapS: bummer17:23
* patdk-wk loves suexec17:23
dominicdinadatwb: patdk-wk both results look fine no bad names17:23
patdk-wkwell, when I must and forced to use it17:23
SpamapSpatdk-wk: as do many others. :)17:23
twbI wish there wasn't such a disconnect between "industry standard" and (genuine) best practices17:23
patdk-wkusing suexec is just the slowest way to run an cgi ever17:23
twbdominicdinada: I give up17:23
SpamapStwb: the key is not to eliminate risk, but to expose it.17:24
SpamapSthe more that ubuntu can help people calculate and accept the risk their taking, the more succesful people who use ubuntu will be17:24
twbI guess, but educating people who don't want to learn is HARD17:24
patdk-wkpeople that don't want to learn, most likely will never bother to use suexec17:25
SpamapSif you try to take all the risk away, you basically just get a mediocre system that never lets anybody do anything interesting17:25
twbJust isolating their chunk of the net from everyone else is easy (e.g. RBLs) :-)17:25
patdk-wkand will run everything as www-data :)17:25
MTecknologytwb: gimma gimma gimma - don't make me learn - just tell me how to do it the way i think it should work17:25
SpamapSkirkland: done17:25
kirklandSpamapS: bug #?17:25
twbSpamapS: dude, I'm a security weenie.  Null utility means aleph security :-P17:26
SpamapSbug 62963317:26
uvirtbotLaunchpad bug 629633 in apache2 "suexec should be configured to use /home as its docroot" [Wishlist,New] https://launchpad.net/bugs/62963317:26
* SpamapS wonders why it didn't pop up in channel yet17:26
twbSpamapS: the 1s got stuck in the tubes17:26
SpamapStwb: don't they just slide right through the holes in the 0's ?17:26
MTecknologySpamapS: LP seems very slow right now17:26
twbnot if the cable's too bent17:26
SpamapSs/right now//17:26
* SpamapS apologizes to lifeless for that cheap shot17:27
patdk-wkisn't lp getting updates today?17:27
MTecknologySpamapS: on a slow day it's still much faster than drupal.org17:27
SpamapShmm I just got the bug mail.. I bet the bot gets it shortly17:31
uvirtbotNew bug: #629633 in apache2 (main) "suexec should be configured to use /home as its docroot" [Wishlist,Triaged] https://launchpad.net/bugs/62963317:31
kirklandSpamapS: ah, i stand corrected ... there is a apache2-suexec-custom package17:32
=== bladernr_ is now known as fader__
=== fader__ is now known as bladernr_
SpamapSkirkland: that addresses this issue?17:33
kirklandSpamapS: possibly, i'm testing now17:33
SpamapSkirkland: is that mentioned in the README.Debian?17:33
kirklandSpamapS: i've still not actually gotten suexec to work17:33
Met4physicaafter following this guide: https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html i can no longer connect to my mail server from client17:43
Met4physicaany help?17:43
patdk-wkMet4physica, and what is the issue?17:44
Met4physicapatdk-wk: can't send mail17:44
patdk-wkthat guide is fine17:44
Met4physicapatdk-wk: prior i could telnet localhost 587 and it would work. post guide i do that, and it can't connect. client can't connect to smtp server17:44
patdk-wkdefine, send mail :)17:45
patdk-wkso your client can't connect? or does it connect and doesn't authenicate? what error message?17:45
Met4physicapatdk-wk: thunderbird email client was set up to use my server with postfix, dovecot and was working prior to going through this guide. made changes in guide. now, it states "Sending of message failed.17:45
Met4physicaThe message could not be sent because connecting to SMTP server "17:45
Met4physicaxxx.server.com failed"17:46
Met4physicacan't telnet to the port anymore, seems to be closed?17:46
batokI need to add a second "nic" to lucid , but I don't remember how to do that with command tools.  Any hint about a link or documentation on the subject?17:46
patdk-wkdid you screw up postfix config and it is not starting?17:46
patdk-wkbatok, turn off lucid, install nic, turn on, continue life17:47
batokin this case is a vNic ( vmware vsphere hypervisor ).17:47
batokI added the vnic already17:48
patdk-wkhmm, I normally just reboot the vm17:48
batokI am going to restart , tks17:48
Met4physicapatdk-wk: postfix restarts just fine, without any errors (as far as I can see)17:48
kirklandSpamapS: dang...  do you have any hints for me?17:48
kirklandSpamapS: i just want to have /home/kirkland/~public_html/foo.php to run as kirkland17:49
patdk-wkkirkland, did you make a virtual section in apache?17:49
kirklandpatdk-wk: hmm, not beyond the default17:49
patdk-wkI believe suexec only works inside a virtualhost17:50
patdk-wkand you need to use: SuexecUserGroup kirkland www-data17:50
patdk-wkor something like that17:50
Met4physicapatdk-wk: I can telnet 10024 and connect to Amavis - says the service is ready. However, now I can't connect on 25 or 58717:51
patdk-wkMet4physica, postfix isn't working, or setup correctly17:52
patdk-wkand those instructions don't cover that17:52
Met4physicapatdk-wk: i had postfix setup and working prior to this guide, so i would really wonder what changed? how would you suggest i go about troubleshooting?17:53
patdk-wkfirst, netstat -atn | grep 58717:53
Met4physicapatdk-wk: no result17:57
Met4physicaSep  3 16:57:12 aegir postfix/master[15108]: fatal: /etc/postfix/master.cf: line 26: bad transport type: content_filter=17:58
Met4physicain the guide it said, "Also add the following two lines immediately below the "pickup" transport service:" - seems to be related?17:58
patdk-wkMet4physica, did you indent them?17:59
Met4physicapatdk-wk: no18:00
Met4physicapatdk-wk: ok i fixed that18:01
Met4physicapatdk-wk: now my ports are open18:02
Met4physicapatdk-wk: that guide should have a note about the importance of indentation for us noobfolk18:02
patdk-wkit might assume you know postfix, not sure18:02
patdk-wkI mean, email servers themselfs are not hard18:02
patdk-wkbut making them talk to other ones, are18:02
Met4physicapatdk-wk: is there an equivalent to postfix with a more ...accessible configuration file format?18:03
Met4physicapatdk-wk: tried that, wasn't my cup of tea either18:03
patdk-wkI always thought postfix was pretty straight forward, only 2 files to worry about18:03
patdk-wkthough, I still do lots of sendmail work, editing cf files18:04
Met4physicapatdk-wk: i completely agree. but where would one read about how whitespace was important?18:04
Met4physicapatdk-wk: assuming they were self taught linux hobbiest types18:04
patdk-wkthe postfix master file manual18:04
Met4physicapatdk-wk: fair enough. still have a bit of resistance to reading such things, but its important. will do18:05
patdk-wkthere is very little to learn about master.cf, unless you want to make all kinds of new things in it18:06
patdk-wkgenerally each line is a service18:07
patdk-wkif you need more lines to define a service, you need whitespace first, to tell it you are continuing the last line18:07
qman__sendmail? accessible? not in this world18:07
Met4physicapatdk-wk: ah i see18:07
qman__the other supported mail server is exim, which I have zero experience with18:08
jjk9anyone confirm samba 3.4.7 on ubuntu 10.04 LTS was compiled without ldapsam support?18:08
patdk-wkqman__, never had an issue, I always thought it was pretty stright forward :)18:08
qman__postfix is probably the easiest I've ever used18:08
patdk-wkI just haven't had time to look at exim18:08
patdk-wkI mainly use postfix, and almost retired all sendmail18:08
patdk-wkI banish qmail as soon as I find it18:09
qman__there's one reduced feature set mail server basically just for forwarding local mail to a real mail server18:10
qman__forget what it's called18:10
patdk-wkall the ones I noticed, won't queue18:11
twbssmtp screwed me18:11
patdk-wkso if the connection, or real server is not working, your screwed18:11
twbI use msmtp-mta and it has never screwed me18:11
Met4physicapatdk-wk: now my client can send mail, but it does not reach its destination : my gmail account, in inbox or spam18:11
patdk-wkMet4physica, welcome to the world of, you must have everything in order for anyone to accept email from you :)18:12
twbthere's also the one that queues locally...18:12
patdk-wkget your hostnames, dns, dkim, spf, .... all setup correctly18:12
qman__yeah, it's a lot of effort18:12
EvilPhoenixany of you able to check the output of chkrootkit and tell me if there's anything i should be supremely worried about?18:12
Met4physicapatdk-wk: it was working previously to this guide... :(18:12
twbpatdk-wk: if he's using an envelope FROM of the gmail account he's TLS'd into, it'll accept anything, because it's a submission not a relay18:12
twbOh sorry, I misread18:13
Met4physicapatdk-wk: i also can't send an email to myself and receive it either . this is odd18:13
qman__EvilPhoenix, pastebin the output18:13
EvilPhoenixone sec18:13
hggdhDaviey, kirkland: there is a mismatch on expectation between /etc/init/eucalyptus.conf and /etc/eucalyptus/eucalyptus.conf18:14
hggdhDaviey, kirkland: we do not use CLOUD_OPTS in /etc/init/eucalyptus.conf18:15
ubottuFor posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.18:16
EvilPhoenixevil connectivity18:16
EvilPhoenixi know pastebin18:16
qman__you were killed for excess flood18:16
EvilPhoenixznc and xchat dont like each other18:17
EvilPhoenixqman__:  http://starfleet.pastebin.com/aMDXaHmw18:17
EvilPhoenixfor the chkrootkit output18:17
jjk9which ubuntu chat room to ask about samba on 10.04 LTS server? tks18:18
qman__well, unless bindshell is supposed to be running an IRC server, you're owned18:18
guntbertjjk9: server related issues are handled here (if anyone knows :-))18:19
* patdk-wk knows (but isn't saying :)18:19
Met4physicapatdk-wk: is there a way to see what happens to my email after my client believes it is delivered, but it has not reached destination?18:19
patdk-wkMet4physica, logs :) /etc/log/maillog18:20
qman__default ports, these guys aren't even trying18:20
qman__they probably didn't even delete the logs18:20
patdk-wkqman__, for what?18:20
qman__his chkrootkit, binshell is listening on 666718:20
jjk9guntbert: tks yeah but is samba server-related? or more general18:21
patdk-wkjjk9, depends, are you talking about samba *server*? or samba *client*?18:21
Met4physicapatdk-wk: my mail.log is empty, but my mail.info is FULL of goodies18:21
guntbertjjk9: just ask your question, nobody will hurt you :-)18:21
EvilPhoenixqman__:  there's an ircd on there18:21
EvilPhoenixqman__:  it helps to highlight me x]18:21
patdk-wkMet4physica, heh, I haven't used syslog for so long :)18:21
jjk9is ldapsam compiled into ubuntu samba 3.4.7?18:22
qman__EvilPhoenix, only one program can listen on a port, so if your IRCd is listening on 6667, then you're fine there18:23
qman__the suspicious files could be legit, they're just suspicious18:23
Met4physicapatdk-wk: if not using syslog,what would i use?18:23
Met4physicapatdk-wk: would you mind taking a look at my log ?18:23
EvilPhoenixso nothing outwardly suspicious then18:24
Met4physicapatdk-wk !)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)18:24
Met4physicais one notable error18:24
qman__EvilPhoenix, http://ubuntuforums.org/showpost.php?p=4176512&postcount=218:25
SpamapSlifeless: shaking over there?18:27
jo-erlendwhy is #ubuntu-virt invite only? I was wondering how difficult it is to install and configure spice with kvm at this point. Do we have packages for it in lucid?18:27
EvilPhoenixqman__:  thanks18:27
EvilPhoenixwhere can I suggest a change to a doc?18:27
SpamapSjo-erlend: its been folded into ubuntu-cloud / ubuntu-server18:27
qman__file a bug against the appropriate -doc package, I think18:28
qman__but I'm not sure18:28
* EvilPhoenix checks the list of installed packages on his system18:28
EvilPhoenixthere is no -doc package with chkrootkit18:30
lifelessSpamapS: it was18:30
lifelessSpamapS: appears to be some significantly damaged bits18:31
lifelessno stats on human impact yet18:31
lifelesssearch for earthquake on twitter though18:31
lifelessor the #earthquake tag18:32
SpamapSlifeless: its weird, I woke up last night thinking there was a giant earthquake going on but there wasn't18:32
jjk9lifeless: google earthquake new zealand will give top hit nz earthquake site, 7.4, 30 km from christchurch ~4:35am local18:33
lifelessjjk9: thats right18:33
SpamapSouch thats really damn close to a big city18:33
lifelesswe're in rangiora on the left hand map18:33
jjk9u would have felt that good then. I'm orig from wgton but now in San Diego18:34
SpamapSlifeless: how common are quakes there?18:34
lifelessSpamapS: of this magnitude? not very AIUI18:35
SpamapSHaving grown up living virtually on top of the san andreas fault .. I find quakes fascinating.18:35
jjk9when I was in Wellington for 40+ years biggest was about 6.7 and very rare that size18:35
SpamapSWell quakes over 6.5 are pretty rare period18:35
Met4physicamultiple amavisd and postfix errors: would someone mind looking at a log?18:36
SpamapSjust a few each year18:36
SpamapSMet4physica: paste.ubuntu.com the relevant parts18:36
Met4physicaSpamapS: http://paste.ubuntu.com/487922/18:37
Met4physicawhy is MTA blocked?message not being delivered18:37
SpamapSSep  3 17:31:52 aegir amavis[16333]: (16333-07) (!)FWD via SMTP: <transformationarts@openashland.com> -> <zkrebs@gmail.com>, 450 4.4.1 Can't connect to INET4 socket Connection refused, MTA([]:10025), id=16333-0718:39
SpamapSconnection refused.. are you sure there's an MTA running on port 10025 ?18:40
Met4physicamy client is connecting to 58718:40
Met4physicaso that should be the port defined?18:40
remix_tjMet4physica: maybe amavisd is down?18:50
Met4physicaremix_tj: here's an updated log, tried changing a couple of things http://paste.ubuntu.com/487930/18:51
Met4physicai get a return from sender email! it states, "Diagnostic-Code: smtp; 554 5.4.0 Error: too many hops18:53
remix_tjMet4physica: can you paste the output of the command postconf -n ?18:53
Davieyhggdh, OK, great - can you raise a bug please? :)18:54
Met4physicaremix_tj: here is my postfix master file: http://paste.ubuntu.com/487934/18:56
veenenenanyone know any good tutorials for setting up a kvm guest from the command line18:57
remix_tjMet4physica: wait a bit18:58
veenenenthe default (https://help.ubuntu.com/community/KVM/CreateGuests) just isn't working18:58
kirklandSpamapS: you're not kidding -- suexec is friggin hard to get right18:59
remix_tjMet4physica: the content filter should use port 1002418:59
Met4physicaremix_tj: what file is that setting in?19:00
remix_tjMet4physica: main.cf19:00
remix_tjand in master.cf you should add this19:00
remix_tjbecause you need to create a special istance of postfix that will recieve the mails checked by amavis19:01
Met4physicaremix_tj: at the top of my master.cf is the second entry necessary? i was just fudging around19:01
remix_tjMet4physica: dunno, buy you can leave it19:02
remix_tjMet4physica: http://www.howtoforge.com/amavisd_postfix_debian_ubuntu this is a good tutorial19:03
Met4physicaremix_tj: i left it, made your chagnes, and it works! AND additionally my DKIM seems to work now :) thanks a billion19:03
SpamapSkirkland: Have never had it working in under a full day of work. :-/19:04
SpamapSkirkland: there are just too many pieces that can and do go wrong19:04
baccenfutterez Barre19:06
Met4physicaExcuse me my DKIM does *not* work, gmail now just gets Mailed By19:08
ScottKMet4physica: What are you using for dkim signing?19:15
remix_tjMet4physica: i do not know how dkim works...19:15
Met4physicaScottK: OpenDKIM Filter v2.1.319:16
ScottKMet4physica: On maverick or an earlier release with your own package?19:17
Met4physicaI initially installed it by source19:17
Met4physicabut then just installed the Ubuntu Package19:17
ScottKThen you have 2.0.2 if you are using the Ubuntu package.19:17
ScottKIf 2.1.3 is running, it's still yours.19:17
Met4physicaa message I just sent cliams its 2.1.319:19
RoAkSoAxSEJeff_work: I entered the same race condition with only two servers with configs: Srv1: http://pastebin.ubuntu.com/487938/ Srv2: http://pastebin.ubuntu.com/487939/. What might be wrong on them? Srv1 log: http://pastebin.ubuntu.com/487941/ srv2 log: http://pastebin.ubuntu.com/487942/19:20
ScottKThen it's still the one you installed from source.  I'd remove that and use the packaged one (I know it works)19:20
uvirtbotNew bug: #629720 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/62972019:21
Met4physicaScottK: I am having trouble with the DNS record too I Believe...19:21
Met4physicasmtp.mail=transformationarts@openashland.com; dkim=neutral (no signature) header.i=@openashland.com19:22
Met4physicayet my email does contain a DKIM signature19:22
MTecknologyAny of you happen to have dig + pastebin + time available for me?19:23
ScottKMet4physica: Paste the signature19:23
Met4physicaScottK: here is the whole email (with the sig) http://paste.ubuntu.com/487947/19:24
=== dendrobates is now known as dendro-afk
uvirtbotNew bug: #629723 in chkrootkit (main) "False Positive: IRCDs running on port 6667" [Undecided,New] https://launchpad.net/bugs/62972319:26
=== dendro-afk is now known as dendrobates
ScottKMet4physica: Where's your key record?19:28
Met4physicamy private key?19:31
ScottKNo, I mean the DNS record of the public key.19:32
ScottKIIRC it should be located at dig txt mail._domainkeys.openashland.com and I don't find it.19:33
Met4physicai am using Linode's DNS manager19:33
Met4physicalets see..19:33
Met4physicado you see it now?19:35
ScottKSo that was your first problem.  No DNS record published.19:44
Met4physicaScottK: so the next problem ? :(19:46
ScottKMet4physica: Dunno.  Does it work now?19:46
Met4physica"Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of transformationarts@openashland.com designates as permitted sender) smtp.mail=transformationarts@openashland.com; dkim=neutral (bad format) header.i=@openashland.com"19:47
ScottKThey may have your lack of DNS record negativel cached.  What's the TTL on the DNS record?19:48
ScottKYou'll have to try again later.19:48
Met4physicaTTL = default19:49
=== dendrobates is now known as dendro-afk
ScottKThen it's hard to tell.19:49
ScottKFor me to look, I ssh'ed into a machine on a different network to avoid the negative cache.19:50
ScottKI'd try again tomorrow.19:50
=== ivoks_away is now known as ivoks
Met4physicaScottK: thanks for the tips. If I sent an email with 1000 recipients out without DKIM, will I be spam blocked?19:51
=== dendro-afk is now known as dendrobates
ScottKMet4physica: Hard to say, but the absence or presence of DKIM is unlikely to have a major effect.19:52
Met4physicaScottK: I am really attempting to understand what would have an effect...19:52
ScottKThat's a who area of study that's not particularly on topic here.19:55
=== A-Tuin_ is now known as A-Tuin
Met4physicaScottK: you're right, thx for the technical help20:03
ScottKMet4physica: You're welcome.20:05
twbIf you do Bad Things you get blocked20:17
twbWhat constitutes a bad thing is defined on a per-site basis by the site admin20:18
twbOccasionally I'll run into people who reject all mail from gmail, for example.20:18
progre55hey guys, when you run  "tar zcvf - SOURCEDIR | ssh user1@remotehost 'cd DESTDIR; tar zxvf - ' ", does it tar first on the memory and then send it, or does it tar and send it at the same time? I mean, I have a file about 19Gb, and only 8Gb ram and 4Gb free space on my local server hard-drive..20:26
twbprogre55: tar operates on streams20:30
progre55twb: so it means I'm safe to run it, right?)20:31
twbBut you could just say tar -zxC DESTDIR20:31
twbprogre55: I believe so.20:31
progre55twb: great, thanks man, appreciate )20:32
JasonMSPi've got VSFTPD running great on my server, but I would like to secure the connection with ssl_enable=YES.  So far I haven't gotten the connection to work over TLS which is what I would like to do.  Does anyone have this working?  Im using WinSCP to connect.20:39
uvirtbotNew bug: #629685 in postfix (main) "package postfix-pcre 2.7.0-1 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/62968521:06
thafreakAre there any docs on setting up kvm+libvirt/virt-manager on lucid to allow for live migration?21:17
b0gatyr_guys how to I make postfix my default MTA for ubuntu server , I installed ssmtp but I want to go back to postfix21:25
thafreakWhere's the best place to go to talk about kvm/virsh/virt-manager?21:26
twbb0gatyr_: you can only have one MTA installed at a time21:30
twbb0gatyr_: so I guess "apt-get install postfix"21:30
b0gatyr_twb: thanks, that did it.21:32
=== roda is now known as Guest4226
soreniulian: Thanks for the nova ack.21:41
=== ivoks is now known as ivoks_away
sorenthafreak: Right here.21:44
iuliansoren: Don't mention it.21:46
thafreaksoren: are there any docs on setting up kvm for HA?21:48
thafreakMainly I'm just wondering what the preferred way of sharing VM disk images is.21:50
thafreakI saw alot of people talking about just using NFS, but wasn't sure if iscsi is better21:50
thafreakAnd if iscsi is better, do you just use one lun per vm, or do you do something like CLVM on one big iscsi target?21:51
sorenthafreak: Not that I know of.21:54
thafreakAre images directly on NFS generally ok to use, or is that not really recommended for production?21:56
SpamapSthafreak: I would think NFS would be awful for performance vs. iscsi.22:15
thafreakI would think so too22:16
thafreakBut most of what I read about live migration, most people refer to NFS22:17
giovaniSpamapS: it's not going to be a drastic change, NFS has some optimizations22:27
giovanibut they're not really comparable22:27
SpamapSI suppose NFS is pretty good at "give me Z bytes at offset X of file Y"22:30
giovaniwell, it's a filesystem, not a remote block device -- so it does a ton of fancy stuff22:30
SpamapSlike what, bake souflés?22:31
SpamapShmm  wonder how many of these we'll see at UDS-N http://www.noisebot.com/narwhal_t-shirt.htm?cmp=elist2010090322:33
MTecknologySpamapS: lol..23:02
Hypnozwhen doing a "find | xargs rm -f" anyone know how I can view the file names as it's running so I can track the progress?23:24
zashHypnoz: rm -fv23:29
Hypnozzash: interested i was looking for a find verbose didn't think to put it on the rm command23:36
zashHypnoz: :D  You could also do "find | tee /dev/stderr | xargs", but rm -v would probably be simpler23:37
Hypnozzash: -fv worked great thanks!23:38
progre55_hey guys, how can I untar a file, but at the same time delete the archive, as I dont have enough space on my disc for both of them?23:45
Hypnozyikes that doesn't seem possible. could you put the archive on a flash drive or network drive?23:46
Hypnozhow big of an archive are you talking?23:46
progre55_the arch itself 9Gb23:47
progre55_and the file is 1923:47
progre55_but I have 25 only23:47
progre55_and it's a remote server23:47
Hypnozhmm ....23:48
Hypnoz25gb is the largest/only partition avail?23:49
Hypnozdoes the system have access to any other servers or network drives?23:50
progre55_well, there's only 1 partition, and it's 32 Gb23:50
Hypnozyou could go on another server, export a nfs share, and move the archive there, then extract over the network maybe23:50
progre55_hmm.. let me see23:51
=== lhavelun1 is now known as lhavelund

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!