[00:39] Madwill, lots of pepole here willj ust think I'm being a stick in the mud [00:39] but lxc != openvz [00:41] lxc is not as robust as openvz was (or that I understand it was). You cannot trust a UID 0 process in your lxc container. [00:41] maybe robust wasn't the right word for that. [00:42] it makes no promises that you could do such a thing. [01:39] Anyone install/use Tryton? [04:01] New bug: #629234 in vsftpd (main) "package vsftpd 2.2.2-3ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/629234 [04:16] New bug: #629236 in samba (main) "Can't install samba in 10.04.1 fresh install" [Undecided,New] https://launchpad.net/bugs/629236 === cs278|work is now known as Guest96508 [04:40] upon actually installing ubuntu server 10.04, will there be an option to encrypt everything before the install continues? [04:59] Hi all. I'm having some issues with Dell's Hardware RAID controller, Ubuntu 10.04, Dell T3500. Is this the right place to ask? [05:01] New bug: #629247 in libvirt (main) "Failure to alter VM's MAC address with virsh" [Undecided,New] https://launchpad.net/bugs/629247 [05:16] A little off topic and random. I just looked at the lines of code in Nginx - 137,212 LoC === viezerd- is now known as viezerd [05:37] Necesito montar un servidor con ubuntu, podrian ayudarme? [05:45] !es [05:45] En la mayoría de canales de Ubuntu se habla sólo en inglés. Si busca ayuda en español o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter. [05:47] ok thank you. [05:47] De nada. [07:01] How do I check whether I've set an "internet host name" for my 10.04 server install? like "hostname" but for web server identity.. [07:02] q_a_z_steve: where are you hearing about this "internet host name"? From e.g. apache's logs? [07:03] It probably means telling the daemon in question what FQDN to use, and/or putting same in /etc/hosts. [07:03] twb: well I'm not even sure I've set one yet. I've killed my box and just ran through a million lines of aptitudes since [07:04] q_a_z_steve: check "hostname --fqdn" first, I guess [07:05] twb: well that shows .lan so I probably haven't set one at all yet. [07:05] right? [07:07] That is most likely provided by the OpenWRT or whatever that is running your network [07:07] Or *was* running your network at the time you installed ubuntu [07:08] Unless your host has a public IP on the internet, getting a correct FQDN probably isn't important. [07:11] well obviously I *want* a domain name eventually to be tied to this web server... [07:14] twb: but you don't think that's an issue yet, right? [07:39] qman__: hi! [07:40] noticed that all the VMs had a shared virtual Optical drive. I removed that from all VMs and restarted them. eversince that, the errors have not reappeared. [07:41] will be monitoring this further over the next 2 days. [07:44] TeTeT: You awake? [07:45] intelliant: I saw your conversation yesterday - how was the CDROM shared between guests? I have 2 guests, each with a CDROM, and each KVM definition has : [07:45]
[07:45] But I would think that is "private" to each guest (i.e. 2 separate cdroms) [07:46] Jeeves_: barely ;) need to visit the dentist in the next 10 minutes, will be back in an hour [07:46] TeTeT: Ah. I'll give you something to think about at the dentist [07:46] dhcp4!~ [07:46] (I need it to run ISC dhcpv6 :)) [07:47] :-\ [07:47] PresuntoRJ: ? [07:47] Jeeves_: hmm, check out the PPA from Mathieu Trudel, he has a new network manager and probably also a dhcp4 client in it [07:47] Jeeves_: or he had a patch to remove the need for it, don't remember it exactly [07:48] I need the server and relay, but I'll have a look at his ppa. Thanks! [07:48] sherr: http://pastebin.com/Fryb0esQ [07:49] Mathieu only has networkmanager [07:49] i agree to what you are saying but this is just one observation [07:49] bummer [07:49] sherr: I still beleive the problem may lie elsewhere [07:49] maybe there are debian experimental packages for it? [07:49] Oh, that's a good one [07:50] best to test those in a vm, things can go awfully wrong with the experimental packages in my experience [07:50] may be over the weekend I will add the cdrom back and wait for the errors. [07:51] TeTeT: Yeah, I'll try that [07:51] Debian renamed it to isc-dhcp [07:51] which makes sense, given the fact that there are more dhcpd's around [07:54] intelliant: thanks. I have a "block" device, you have a file. Similar otherwise. Well, let's wait and see - I hope it works for you. [08:11] New bug: #629304 in mysql-5.1 (main) "-DMYSQL_CLIENT_NO_THREADS and undefined reference to `my_pthread_fastmutex_init'" [Undecided,New] https://launchpad.net/bugs/629304 [08:33] Jeeves_: any success with the experimental packages? [08:33] TeTeT: Yes [08:33] I've got isc-dhcp-relay running [08:34] All I gotta do know is figure out how dhcpv6 works :) [08:34] But first a shower, to really wake up :) [08:46] New bug: #629318 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück" [Undecided,New] https://launchpad.net/bugs/629318 [08:52] grrr, people that post bugs in their own language-- [09:37] hey can anyone help me my server tottally just blew up in my face and i have no idea what to do [09:37] hello [09:38] who install oracle 11gR2 on ubuntu 10.04? [09:41] i uninstalled a package then ran some updates and now when i try to boot i get "fsck from util-linux-ng 2.17.2 /dev/sda1: clean, 132765/4800512 files, 7904061/19182080 blocks (check in 2 mounts) init: udevtrigger main process (276) terminated with status 1 init: udevtrigger post-stop process (281) terminated with status 1 [09:42] !ask | Scorpion [09:42] Scorpion: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) [09:42] !details | Scorpion [09:42] Scorpion: Please give us full details. For example: "I have a problem with ..., I'm running Ubuntu version .... When I try to do ..., I get the following output: ..., but I expected it to do ..." [09:44] PresuntoRJ: I know you. [09:45] ;-; please can anyone help me i have a lot of people who use this server and im still learning some of the more in depth things and i just cant figure this problem out [09:45] X-2: of course :D [09:49] LordKitsuna: how come "blew up" ? electrical explosion? hdd failure? bad upgrade? [09:50] well i say that when a big error that prevents me from doing what i want to do happens [09:50] its just a figure of speech [09:51] as i said i uninstalled a package (bandwidthd to be exsact) then ran apt-get update follwed by apt-get upgrade (couldnt tell you what it upgraded) then all that error happnened [09:54] I have used bandwithd before... maybe there is an HDD error that went unoticed before you have tried this upgrade, because there is nothing in the package that could cause a failure to bot [09:54] Hmm [09:54] LordKitsuna: do you remember what is your filesystem? ext4? ext3? reiserfs? [09:55] ext4 i think [09:55] iirc [09:55] For things that are managed by upstart, for example, avahi-daemon, what is "good practice" to do to not have that service started/stopped except manually, rather than automatically? [09:55] LordKitsuna: do you have a livecd with you? when was your last backup ? [09:55] last backup...ummm ummm not tooo long ago also yes i have a live cd of ubuntu desktop with me [09:57] my power is being flashy it had better not go out this would be the worst possible timing [09:58] so what should i do with the live cd PresuntoRJ [09:58] could you try to power it on from the livecd? in there, try running (before you mount the HDD) a fsck to your partitions? let it complete the process before you try to boot it again [09:58] how can i create localhost in ubuntu [09:58] ??? [09:59] LordKitsuna: tune2fs also gives you some feedback on the health of the harddrives [09:59] sd-d_: ? [09:59] im not 100% sure how to run fsck (still learning ubuntu) do i just type it in a termanal? [09:59] sd-d_: 127.0.0.1 ? [10:00] PresuntoRJ, like we open a directory in browser in asp.net [10:00] LordKitsuna: most linux are the same... fsck /dev/partition (he correct name) [10:00] LordKitsuna: try $ man fsck to read the manual [10:00] PresuntoRJ, ur close .. [10:00] $ man also works for most commands [10:01] sd-d_: you want to access your filesystem from a web browser? [10:01] yes ... [10:01] PresuntoRJ: that's called DAV [10:01] :P [10:01] I think there is a python trick for that [10:02] python -m SimpleHTTPServer [10:02] You can do that with any old browser [10:02] make sure you have the tcp port opened on your firewall [10:02] but thats pretty unsafe [10:02] I usually use "busybox httpd" or thttpd [10:02] bleh my live cd takes forever to boot, ill let you know what happens once i actually get to it [10:02] twb: I think he mean from another computer [10:02] PresuntoRJ, was that for me ?? [10:03] Well, both of those export the working tree via HTTP as the current user on a given port -- just like Python's built in HTTPd implementation [10:03] sd-d_: yes... try from the folder you want to browse $ python -m SimpleHTTPServer [10:03] twb: never tried with busybox... I'll give it a try [10:04] PresuntoRJ: unfortunately you'd need the larger busybox in Ubuntu -- the one they give you to boot with doesn't have the httpd applet :-( [10:04] sd-d_: they are both incredibly unsafe... do it for LAN access only... set a proppet firewall rule (with ufw) for that [10:04] But "busybox httpd" works on any Debian box you're likely to run into :) [10:04] twb: cool [10:05] sd-d_: do you know how to use ufw to set up a firewall rule ? [10:05] sd-d_: why do you want to access the directory tree in a web server? Maybe there's a better way, like rsync. [10:05] server....you could use apache couldnt you? then put the files you want under the /var/www [10:06] LordKitsuna: yes [10:06] i hardly know what im talking about so just ignore me if tahts a stupid idea lol [10:06] Or really, you should use /srv/www or so -- /var/www is vestigial [10:08] all i know is i run a gazzel website (well kinda im more or less a chooser and my friends do the coding bit) and i can host shit in the /var/www so i just thought id throw it out as an idea [10:11] LordKitsuna: those are all pretty stupid ideas, even mine, if you don't know what you are sharing... at least with apache you could set up a password (htpasswd), and share only your home files, and choose not to follow symlinks... and NEVER FORGET to set a firewall to prevent access from where you do not trust in the first place [10:12] LordKitsuna: but anyway, if its only temporary... [10:12] PresuntoRJ, the file system shows as EXT3/4 (waht?) and i cant figure out how to use fsck right lol ill keep trying tho [10:12] hi! i accidentially did a ``chown -R foo: /``. Is there some (semi-)automated way to restore permissions to system defaults? [10:13] oh wait [10:13] hells yea [10:13] there is a gui for fsck [10:13] twb: if its for the access per-se, why not keep it to ssh/scp ? [10:14] LordKitsuna: a couple of questions... GUI for fsck? cool... and ? GUI? are you running your server with a GUI ? really? [10:14] LordKitsuna: not wrong, just unusual [10:14] PresuntoRJ, the check finished like instantly and said it was clean also no as i said i have a ubutu desktop live cd with me not server so natrually it had a gui [10:15] LordKitsuna: not judging here... I do this at home too... just said it was unusual [10:15] LordKitsuna: clean for every partition (if more than one, of course) [10:17] PresuntoRJ: that, too. [10:17] actually i know why it was so fast now, i did it via command line just to be sure and got the following error "permission denied while trying to open /dev/sda you must have read/write to the file system or be root [10:17] PresuntoRJ: but you can hand out rsyncd access to anonymous users, and it supports DAV-style listings. [10:17] It really depends what he wants to achieve [10:17] and no my server itself has no GUI but i figured it would be easyer to just use my ubutu desktop live cd to fix it [10:18] LordKitsuna: try sudoing it first... sudo fsck /dev/partition [10:18] LordKitsuna: what is this alleged "gui fsck" called? [10:18] LordKitsuna: or gksudo if its a GUI application [10:18] PresuntoRJ: you don't need to use gksudo to launch a GUI -- the difference between gksudo and sudo is how it asks for a password. [10:18] twb: its the system/admin disk utility [10:19] twb: or whatever the name in english... it has a little drive icon (in pt-BR: Utilitário de Unidades) [10:19] twb: you can mount, umount, check, format, etc [10:20] twb: I think even partition, though I prefer and trust gparted for that [10:20] If you open up a terminal and run xprop, then click on the window, what is the WM_CLASS ? [10:20] (That's usually the "real" app's name) [10:20] twb: I use gksudo for GUI basically cause I would tell him to run via Alt+F2 also... ;) [10:21] PresuntoRJ, and when i use sudo fsck i get "device or resource busy while trying to open /dev/sda filesystem mounted or opened exclusively by another program? [10:21] LordKitsuna: umount it first, from the livecd [10:21] i did its not mounted [10:21] LordKitsuna: never try to fix a drive/partition while in use (mounted) [10:21] LordKitsuna: wiered [10:22] LordKitsuna: do you have it opened with gparted? [10:22] LordKitsuna: try $ sudo lsof -n | fgrep sda1 [10:24] PresuntoRJ, this might sound really stupid but how do you make the | (i copyed that from your message) i cant find that on my keyboard [10:27] PresuntoRJ, oh wait nvm i found it, it had a break in it on my keys so it looked like something else [10:29] PresuntoRJ, lsof :WARNING cant stat () tmpfs filesystem /cow output information may be incompleate lsof: WARNING cant stat() fuse.gvfs-fuse-deamon file system /home/ubuntu/.gvfs output information may be incompleate [10:32] LordKitsuna: no worry... the WARNINGS are for unaccessible folders (usually there) [10:33] LordKitsuna: if there is no hit for sda1 (guessing your partition is /dev/sda1 , of course) I am not sure what could be happening to prevent the fsck [10:34] PresuntoRJ, well i tried sda then sda1 and 2 just to be sure and those are the errors i got for all of them [10:35] LordKitsuna: are you sure that is the name of the HDD on your system? [10:35] LordKitsuna: it should have worked if it is correct and unounted [10:35] umounted [10:36] For things that are managed by upstart, for example, avahi-daemon, what is "good practice" to do to not have that service started/stopped except manually, rather than automatically? [10:36] I mean, upstart's nice and all, but there's no actual management system to manage it like there are SysV/LSB style init scripts. [10:36] Psi-Jack: what do you mean? [10:36] PresuntoRJ, yea its just shown as "/dev/sda" in the mounting manager and it shows as unmounted [10:37] PresuntoRJ: like, to stop a LSB script from starting during init, you'd update-rc.d -f servicename remove [10:37] I want to stop avahi-daemon from starting up on it's own. [10:37] Psi-Jack: i think they have more or less the same goal... where upsatart is an attempt to rewrite init.d in a kind of better way... not sure how... there is literature for that in the ubuntu site [10:37] !upstart [10:37] Upstart is meant to replace the old Sys V Init system with an event-driven init model. For more information please see: http://upstart.ubuntu.com/ [10:38] Yeah, not really covering my topic, actually. [10:38] Heh [10:38] LordKitsuna: but there are partitons under it? sda1 or sda2 ? [10:38] The only way I can figure to stop a service from auto-starting, is to remove it's event states. [10:38] LordKitsuna: which is root? which is boot? which is home? [10:39] As-in, editing /etc/init/avahi-daemon, and commenting out the start line. [10:39] Psi-Jack: you could try sudo chmod 644 the script file [10:39] It's not a script file. [10:39] it's a .conf file for upstart. [10:39] Psi-Jack: or update-rc.d --remove it [10:39] Again [10:39] Not an LSB script. [10:40] :) sorry [10:40] upstart's not handled by rc.d's, it's handled by upstart. [10:40] Which is why I'm asking the question I'm asking. :) [10:40] PresuntoRJ, im not 100%sure i thought i had it as default (it put /home and stuff in seperate parts) but it looks to all be one [10:41] PresuntoRJ, i did i few installs of it so its hard to remember what it ended up with in the end [10:41] Psi-Jack: but upstart still run the init scripts... just under upstart now [10:42] PresuntoRJ, i checked with the disk utility its all one partition [10:42] PresuntoRJ, or at least thats what it says [10:42] There's a big difference between /etc/init.d/ and /etc/init/ [10:42] LordKitsuna: you could try a bit of a labor here [10:42] create a /mnt/sda1 folder [10:42] then a /mnt/sda2 [10:42] and so on [10:42] mount them there , manually [10:43] browse for a while until you figure out who is what [10:43] you know what goens in your /home, dont you? [10:44] Psi-Jack: have you looked in /etc/default [10:44] Psi-Jack: http://upstart.ubuntu.com/misc/upstart.pdf [10:45] PresuntoRJ: For? There's nothing in /etc/default/ for avahi-daemon [10:45] ill need to have my friend do all this [10:45] hes the one who knows what hes doing [10:45] ill just end up breaking it more [10:45] thanks for the help [10:45] And that PDF is pretty much so old it's not even useful, nor it's contents useful. LOL [10:46] upstart's design ideas started in 2006, when this document was made. heh === ivoks_away is now known as ivoks [10:47] jdstrand: I know we've briefly chatted about it a number of times now, but we've never really gotten anywhere... ufw and libvirt's use of iptables... How can we make them better friends? [10:48] Psi-Jack: sorry, never read it... :D just found it [10:48] heh [10:48] jdstrand: I don't know if we've discussed this particular approach before, but how about if ufw had a concept of a "transient rule", i.e. a rule that gets added through ufw, but doesn't persist across reboots. [10:48] PresuntoRJ: Well, no offense, but it's obvious you know pretty much nothing about upstart, so you really can't help. ;) [10:49] Psi-Jack: no offense at all [10:49] Psi-Jack: we try to learn as well as we try to teach and help [10:49] Like I said, it /seems/ the only way to get, for example, avahi-daemon, to not run at startup, is to comment out the start rule it has, so it has no start event to trigger it's startup. [10:50] Psi-Jack: if upstart was not kind of obscure, it would be obvious for you too [10:50] upstart is by far, an incomplete replacement to LSB init scripts. [10:50] Psi-Jack: worst case scenario, at /etc/rc.local you could call for a service avahi-daemon stop [10:50] ugly ! [10:50] I mean, it doesn't even have anything even close to error tracking/handling needed for things such as CRM management of services. [10:51] Psi-Jack: I believe it was not the intention... it does asynchronous and inter-dependents starts pretty well... [10:52] Yeah. It works well, beyond it's limitations. [10:52] Psi-Jack: and it might do exactly what you asked for, I just don't know how to help you my self [10:52] But, it's limitations outweighs it's actual usefulness, which is it's bad side. ;) [10:52] PresuntoRJ: I really don't think it does, actually. [10:53] No matter what, I have to hack up the .conf file itself to make it stop, there's obviously no other way. [10:54] Psi-Jack: the most obvious trick I could think of would be move the avahi-daemon.conf to avahi-daemon.conf.disabled ... [10:54] I have basically two choices. Hack the avahi-daemon.conf and comment out the start rules. Alternatively, add a /etc/default/avahi-daemon file with START=false and hack the avahi-daemon.conf to check for it during the pre-start and make it exit if START != true [10:54] PresuntoRJ: Which disables it completely from even manually starting if I wanted to. [10:55] Psi-Jack: and from what I have found now, update-rc.d also works to disable most upstart scripts [10:55] No, it doesn't. [10:55] It has absolutely no effect, actually, because upstart doesn't care a spit about what's in /etc/rc#.d [10:56] Psi-Jack: good to know [10:56] All the /etc/init.d/'s are to upstart controlled services are is symlinks to upstart's control interface/ [10:56] That's it. ;) [10:56] Ubuntu 10.04 doesn't even use the old init system at all during boot up. [10:57] It's actually upstart itself that handles starting the /etc/init.d LSB scripts, now. [10:59] Heh [10:59] Psi-Jack: lol [11:00] Even upstart's faq is out of date now, too, because it said to reload the upstart configuration, use initctl reload, but that fails because it's missing a job name. [11:00] It's actually initctl reload-configuration now. [11:01] I dunno.. At this point, I'm thinking upstart is a dead-end project of Canonical's. It had great ideas, just not implemented well or fully, after 4, gaining quickly on 5 years now. [11:01] Psi-Jack: have you read about initctl ? [11:01] initclt list [11:01] etc [11:01] PresuntoRJ: Yep. [11:02] Like I said, the actual docs on upstart.ubuntu.com are out of date, already. [11:02] Psi-Jack: it is sad [11:03] I'm wondering how Fedora's systemd will end up being. [11:03] They're moving to it next release I hear, since it's finally just about ready for actual production use. ;) [11:03] Heck, it might even make it into RHEL6, but I'm not sure of that, yet. [11:06] I remember Solaris's SMF init system. Amazing stuff, great ideas, well done, even. [11:07] upstart was ideally going to be similar, but better, but... It fails. ;) [11:10] Psi-Jack: you should file a bug report on upstart... at least it call their attention [11:10] On what? The whole damned thing's still not even close to production quality. LOL [11:11] hehehehehehe. [11:12] There's even a brainstorm on how systemd is better than upstart and ubuntu should replace upstart with systemd. ;) [11:12] And ironically, the votes are also in favor of it. [11:12] systemd *is* better than upstart [11:13] It's just not production-ready [11:13] twb: Yeah. I've been noticing that. [11:13] It /almost/ is. [11:13] They were actually going to roll it out in f13, but it didn't quite make it. [11:13] personally of the three, I've been most impressed by Squeeze's startpar [11:13] startpar? hmmm [11:13] Never heard of startpar [11:14] Since 1) it works; and 2) it's backwards-compatible; and 3) the speed gain is on the same order as upstart or systemd [11:14] Psi-Jack: As of Squeeze, Debian defaults to reordering sysvinit jobs based on LSB headers, and running them in parallel. [11:14] Psi-Jack: I have found a "start on never" condition you should try on the upstart avahi-daemon.conf file [11:15] Psi-Jack: it should not start up on boot, and still be available for manual instructions [11:15] PresuntoRJ: Which would be the same as not giving it a start rule at all, simply commenting it out. LOL [11:15] Psi-Jack: :-p [11:15] heh [11:15] I'm also *really* not sure about putting init in the hands of the kinds of people that get off on dbus. [11:16] Psi-Jack: I still do many init.d scripts my self... [11:16] Psi-Jack: that's why I never got to understand the upstart model [11:16] I've done both, for many years. [11:17] Well, upstart, only a few months. [11:17] But, yeah, I go in constantly having to fix broken "LSB" scripts because they're definitely and obviously NOT LSB. [11:17] Everytime I see "set -e" in an init script, I cringe. [11:18] Psi-Jack: pretty much every LSB header in Debian should be fixed now [11:18] Since it's a requirement for that startpar stuff I was talking about [11:18] That is, absolutely, and posatively, ALWAYS the /worst/ thing you could possibly do in an LSB init script, is set -e [11:18] twb: is this startpar also event driven ? does it respawn dead daemons? [11:18] PresuntoRJ: no [11:18] Yeah, startpar fail then. [11:18] PresuntoRJ: it's a conservative/incremental improvement [11:19] SMF, upstart, and systemd, all have the advantage of watchdogging each service so if it stops, it can respawn it. [11:19] inittab also did it quite well a looong time ago [11:19] Whereas upstart and systemd are more like "works as long as you don't do anything interesting" [11:19] I will say this though. [11:20] upstart IS still better than djb's daemontools. THAT was pure junk. [11:20] twb: pls, don't try to customize our scripts, they were meant for out of the box only ! [11:20] :-/ [11:20] PresuntoRJ: by "interesting" I mean things like booting / and /home off NFS [11:20] Ahhhhh.. [11:20] You know, like unix has been doing since the 80s [11:21] twb: ldap? anyone? [11:21] systemd is targetting F14. Which should be ... [11:21] twb: I really miss CDE from time to time [11:21] It completely and totally fails to work in lucid due to cyclic dependencies and race conditions in upstart jobs [11:21] Look, I'll show you my workaround... [11:21] Just around the corner now. [11:21] lest all go back to system 4.4 (pre BSD, pls) [11:21] twb: heh, ouch! Yeah. I can see that. [11:22] printf %s\\n >/etc/init/mountall-net.conf 'description "Mount network filesystems"' "start on startup" "script" "sleep 2;while :;do pkill -USR1 mountall||:;sleep 0.1;done" "end script" [11:22] Yuck! [11:22] Yes, that's right, I just ignore events and have it try to mount any not-yet-mounted network filesystems every tenth of a second, FOREVER [11:23] Yikes. [11:23] mountall(8) is a half-assed kludge because upstart forgot to solve mounting filesystems [11:24] twb: let the io wars begin ! [11:24] Again, AND anew! [11:25] * X-2 grabs his old commandor64 [11:26] yeah, it seems systemd took all the good ideas from SMF. ;) [11:29] In fact, systemd uses ideas from both SMF and launchd, which is fantastic. [11:29] That's /exactly/ what I've been waiting for for decades. [11:29] heh [11:38] yeah, I'm gonna try the alpha version of fedora 14, since it uses systemd. Wanna see it in action for myself. [11:58] Hi there [12:00] I need a help with a bind server on ubuntu. I configured my DNS server I tested it from another server ... when I use command dig mail.domain doesn't work but if the command is dig domain it works. [12:00] I badly need mail.domain to be resolved [12:22] soren: hey. I've not really had time to add ufw support to libvirt. I kinda figured that I needed to add FORWARD (and these days maybe ebtables too) support to ufw first. that said, all the necessary chains should already exist in ufw (ie, even though ufw doesn't manage the forward chains via the cli, the chains are there) [12:22] soren: so transient rules would be quite easy [12:24] soren: well, though I don't do anything with POSTROUTING-- strictly FORWARD [12:25] Right. [12:25] jdstrand: Have you looked at the nwfilter stuff at all? [12:27] (currently) [12:29] soren: no [12:30] jdstrand: Ok. [12:32] soren: reading about it now, it seems their use of chains and subchains is quite compatible with ufw === zoopster1 is now known as jpugh === jpugh is now known as zoopster [12:33] soren: in that libvirt and ufw should stay out of each other's way currently, and that adding support to ufw wouldn't be horribly difficult (though, we'd need some new infrastructure) [12:37] jdstrand: Yeah, not maverick material, clealy. [12:37] clearly, even. [12:38] jdstrand: It sounds really neat. I'm trying to get it working right now. [12:39] cool [12:54] jdstrand: Oh, I never got around to asking you about this... Now that we run kvm guests as libvirt-qemu:kvm, what about disk image ownership? Does it get mangled or does libvirtd fiddle with ACL's or something? [12:55] soren: it gets mangled. but it did before too-- just to root:root [12:55] ?!? What, really? [12:55] Why would it do that? [12:55] soren: yes-- 0.8.3 does this sort of thing automatically [12:55] Oh, did it drop CAP_DAC_OVERRIDE ? [12:56] I didn't look at the implementation, I saw the results [12:56] * soren still finds that *incredibly* offensive. [12:56] yeah, you are not ht eonly one [12:56] and there is no way to disable it that I know of, cause it happens in the DAC security driver, which the other security drivers stack on top of [12:57] soren: under some circumstances, it will put the files back after it is done with them [12:58] soren: that is not true of disk images, but is true of things like a usb key. unfortunately, having it use your actual cdrom device (eg /dev/sr0) will change that until your next reboot (when udev puts it back to what it is supposed to be) [13:03] jdstrand: dynamic_ownership in qemu.conf seems to be handy. [13:03] # Whether libvirt should dynamically change file ownership [13:03] # to match the configured user/group above. Defaults to 1. [13:03] # Set to 0 to disable file ownership changes. [13:03] #dynamic_ownership = 1 [13:03] soren: oh, I did not see that [13:03] soren: nice. though, we can't turn that to '0' by default without breaking *a lot* [13:03] I only just found it now by tracing back through the DAC override code. [13:04] soren: but it is good to know it is there [13:04] jdstrand: Yeah. Sadly. [13:04] mdeslaur: ^ [13:04] Do we have /any/ idea why it's not based on acl? [13:04] soren: I would imagine for maximum portability [13:05] one would think it could try acl first then fall back [13:05] It wouldn't be hard (nor unusual for libvirt) to attempt fancy new things, and if it fails, fall back to old, crappy things. [13:05] but I've not looked at it [13:05] yeah [13:05] it's done things like that with qemu for forever [13:07] yeah, +1 for acls...the chowns it does sucks === xfaf is now known as zul [13:19] :( someone dropped my favourite virt-viewer patch. [13:24] soren: what was it? [13:33] mdeslaur: The one that let me not have to put "-c qemu:///system" on its command line every single time. [13:34] soren: :( [13:34] * soren headdesks [13:34] Oh, well. [13:35] * soren fixes libvirt [13:35] soren: please add it back [13:35] mdeslaur: I'll fix it properly this time. [13:46] How do I shed one of group memberships? [13:46] I mean, just for a single process, until it terminates. === harrisonk_zzz is now known as harrisonk [13:47] From the commandline. [13:49] is there a log of everyone that logs in to a server? [13:50] harrisonk: /var/log/auth.log [13:50] thanks [13:50] hi [13:51] I have a weird issue of ubuntu server getting freezed, I do not see anything in dmesg, kern.log and syslog, daemon.log [13:51] is there a way to investigate it further ? [13:51] I have enabled mcelog too [13:51] Please suggest/guide [13:51] I am running Ubuntu Server Hardy 8.04 [13:52] help.ubuntu.com [13:53] then click on the server guide at the bottom [13:53] https://help.ubuntu.com/8.04/serverguide/C/index.html [13:54] sorry I thought you needed a guide book === bladernr__ is now known as bladernr_ [14:01] hi [14:02] can some one please guide me about setting up NameBased Virtual Host in Apache ? [14:03] I have three Doc Root how do i access it on the browser ? [14:04] so ServerName would be in this case would be ? [14:11] What would be the best way to secure a USB drive but make it not dependant on that system? [14:11] Normally I use truecrypt but since reading their license I'd very much prefer not doing that [14:13] MTecknology: license issue with Truecrypt - what in particular? [14:14] sherr: they call it 'open' but it's very very VERY restricted [14:15] * patdk-wk wonders what the definition of, not dependant on that system, is [14:15] * patdk-wk finds luks to not be dependent :) [14:15] did you mean cross os compatability? [14:15] How hard is luks to use? [14:16] luks is esay [14:16] any wiki page for that? [14:16] in the gui, ubuntu autodetects and uses them no issues [14:16] I don't like gui so I'd get to use cli - but that's pretty cool [14:17] I do most of mine with cli, just takes 2 or 3 steps then [14:17] unless you use crypttab to make it easier [14:17] something like this: https://help.ubuntu.com/community/EncryptedFilesystemHowto3 [14:18] cryptsetup luksOpen, mount; unmount, cryptsetup luksClose [14:18] yuppers.. that's exactly what I was looking for [14:18] in the gui, it just shows the drive, click on it, it asks for password, it then opens it, and mounts it [14:19] I haven't played with using random offsets for the luks header yet [14:19] I only ever used LUKS from the alternate installer and from gentoo - one easy and one sucked pretty hard :P [14:19] This looks incredibly easy [14:19] my harddrive is full encrypted using luks === dendro-afk is now known as dendrobates [14:20] so is my home server [14:20] too many warrenty drive replacements, keeping the data encrypted simplifies that [14:21] hey patdk-wk.... /boot too...encrypted ? [14:21] I'll probably do about 300GB for backup and 200GB for NTFS [14:21] xmaxmex, nope [14:21] afaik, you can't encrypt /boot - only keep it on something external [14:21] has that changed? [14:22] if grub supported luks, it would work [14:23] you mean grub on the mbr could load a luks volume? [14:23] that would be the idea [14:23] I didn't know it could do that :P [14:24] it can't :) [14:24] * patdk-wk notes the keyword, if [14:24] oh.. [14:25] I'm actually testing the drive with badblocks [14:25] not sure if I feel like letting it finish though [14:25] if it's an ssd, run it a few more times :) [14:25] I'm not a big fan of SSD (yet) [14:26] It's a 500GB external seagate [14:26] I'm loving my ssd [14:26] laptop slowing it down though [14:26] my tests where getting 265MB/s throughput [14:26] laptop only has sata1, so max 140MB/s [14:27] encryption penalty, and it gets about 80MB/s [14:27] My only experience has been with the first netbooks [14:28] Not sure if I want to finish with badblocks.. [14:28] desructive test? [14:29] badblocks -c 10240 -s -w -t random -v /dev/sdb [14:29] mdeslaur: \o/ [14:30] soren: what's up? :) [14:30] heh, let it finish [14:30] mdeslaur: https://www.redhat.com/archives/libvir-list/2010-September/msg00043.html [14:30] patdk-wk: I'll consider my drive super clean after this :D [14:30] mdeslaur: Didn't mean to leave you hanging there, I just had to wait for it to hit the ml archive. [14:30] mdeslaur: That fixes virsh, virt-viewer, and virt-manager in one go. [14:31] soren: oh, cool! :P [14:32] mdeslaur: In theory, at least. :) [14:32] hhe [14:32] I wonder why I didn't do it that way to begin with. [14:33] Oh right, because libvirt always went to xen by default. [14:33] meh. Brave new world. [14:36] patdk-wk: yay! it passed 5% :P [15:06] patdk-wk: 15%... this is getting old :P [15:10] SpamapS: I think you're premature to declare victory on gems. I still object to the fact that gems can silently replace system binaries in your proposal. [15:11] New bug: #629524 in squid (main) "db_auth missing in ubuntu packages" [Undecided,New] https://launchpad.net/bugs/629524 [15:13] MTecknology, yes, but it's a good thing :) [15:20] patdk-wk: ya- but there was nothing private on it :P [15:20] you know, i'm trying out 'cache='none'' in virt-manager right now, and am pretty sure this is way slower than it was before [15:20] hmm, that isn't going destroy any data [15:20] it reads the drive, then writes random stuffs, tests it, then writes the org stuff back [15:21] oh wait, heh never mind that [15:21] oh, hm, maybe it wasn't its fault :) [15:23] smoser: soren wants to more about the grub boot floppies for UEC [15:23] smoser: So... zul says something about floppies and uec and kernels.. What's that all about? [15:25] :) [15:25] ok. [15:25] so, eucalyptus and ec2 run things with a kernel [15:25] Right. [15:25] in euca, and kvm, that means '-kernel ' [15:26] yup [15:26] i wanted to duplicate functionality of ec2's pv-grub solution (they use grub 0.97 to read /boot/menu.lst and register the pv-grub as a kernel, and it loads kernels and ramdisks) [15:26] Oh, I didn't know they added that. [15:26] Cool. [15:27] at first i thought i could just give "kernels" that were grub multiboot images. [15:27] as kvm can load a grub multiboot image [15:27] Nah, that'd be by luck, I think. [15:27] well, that doesn't really work, as when kvm does load a multiboot image, that multiboot image doesn't see biosdisks of type scsi [15:27] (it does work for virtio, but isn't promised to, and actually fails on reboot) [15:28] anthony's suggestion was to create a boot floppy [15:28] With grub on it? [15:28] so, what i do is let the user register a multiboot compliant image as a kernel [15:28] First-stage loader? [15:28] Oh, ok. [15:28] and i just promise to load that [15:28] guys is there a way to get xen working on lucid without having to resort to hackish stuff? [15:29] i do that now by creating a grub floppy that multiboot loads the thing that they gave me. [15:29] smoser: "they"? [15:29] my box doesn't have HW vm support [15:29] they, as in registered kernel. [15:29] smoser: Oh, "the users". [15:29] right [15:29] smoser: Gotcha. [15:29] smoser: Thought you meant eucalyptus or kvm or whatnot. [15:30] right. [15:30] (getting a link to patch for eucalyptus) [15:30] Ok, so how is this strung together? You ship the floppy image or do you generate it? [15:30] tap tap this thing on? anyone read me or am I still in some sort of limbo? [15:30] its kind of hacky how i do it. [15:31] Deep6: We hear you. [15:31] i generate it on the node. [15:31] soren ok :) [15:31] wasn't sure as I've not used this irc client before [15:31] smoser: Ok... and then how do you determine that this is what you want to use, rather than the regular kernel/ramdisk combo? [15:31] if its a multiboot image it takes the floppy path [15:32] Oh, that's easily detectable? [15:32] http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/maverick/eucalyptus/2.0/annotate/head%3A/debian/patches/22-uec-multiboot-kvm.patch [15:32] that shows how. [15:32] basically 3 uint32 fields in the first 8192 bytes . [15:32] one is a signature byte [15:32] then the 3 sum to uint32 0 [15:33] so, there is obivoulsy a chance for false positive. [15:33] but its the same logic that kvm uses [15:33] so if i hit false positive, kvm would have anyway [15:34] can anyone recommend a page for getting xen to work on lucid? [15:34] mk-mb-loader is what makes the floppy disk. that gets called by gen_kvm_libvirt_xml [15:34] I've been googling about but nothing solid [15:34] seems kind of broken :( [15:34] Deep6: It very likely is. [15:35] soren...that's disappointing :( [15:35] Deep6: That's Xen for you. [15:35] well I'd have to point the fault at Ubuntu this time [15:35] broken packages [15:35] smoser: So... the goal of all of this is to make it so that people can put their own kernels in the filesystem. [15:35] looks to be missing a xen kernel image entirely [15:35] smoser: ...and then eucalyptus will use that. [15:36] soren, well, yes. putting kernels inside a filesystem is a pretty common practice :) [15:36] zul, Would you be the best person to chime in with Deep6 ? [15:36] Deep6: We don't support Xen dom0 and haven't for a long time [15:36] smoser: ...but having it work on EC2 is not :) [15:36] smoser: Well, now it's becoming so, but up until recently. [15:36] right, and then genkvm_libvirt_xml writes xml that adds a floppy to 'loader' if it found a multiboot. otherwise, it writes 'kernel' to 'kernel' [15:37] Deep6, I haven't touched xen since hardy :( [15:37] Deep6: get the xen source from xenbits.xen.org and build it from source [15:37] soren, yeah, so it is a new feature, but i personally think its a *huge* feature. [15:37] smoser: I'm probably being really dense here.. [15:37] dense on what ? [15:37] smoser: I'm getting to that :) [15:38] beep6, xen was dropped after 8.04 [15:38] smoser: So... On EC2, how does the user tell the system that he wants to use the kernel on the filesystem and not one provided by Amazon (or someone else). [15:38] Deep6, If it's not working for you with the packages, please do raise a bug [15:38] so unless you do it yourself, from scratch, it isn't going work [15:38] ScottK: hmm, I hope it didn't come off as victory. Its just consensus and a move in the right direction by the maintainer. [15:38] smoser: Is there a magic AKI? [15:39] Daviey there appears to already be a bug opened [15:39] yes, amazon has 2 magic aki's per region [15:39] smoser: Oh, and I do agree this is a huge feature, by the way. No doubt. [15:39] smoser: I figured as much. [15:39] zul: I'm not wanting to invest that much time to be candid :( [15:39] http://bazaar.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts/annotate/head%3A/kernels-pv-grub-hd0-V1.01.txt [15:39] I'll just likely grab debian instead as my dom0 [15:39] that is the akis [15:40] smoser: And for people to use this on UEC, they shove a special kernel into their installation, and use the AKI corresponding to that to make this work. [15:40] ScottK: that said, only Daigo has stated in the bug report that he is concerned with binaries going into the path. An overwhelming group of people are quite vocal that they want those binaries in the path by default. [15:40] smoser: ...and then eucalyptus detects this special AKI and uses the boot floppy to boot. [15:40] smoser: Is that about right? [15:40] no [15:40] oh. well, maybe [15:40] on eucalyptus, there is no speciak "AKI" [15:40] (in my implementation) [15:40] ie, not a special aki id [15:41] if the kernel that is given to boot is a multiboot image, then it treats it specially. [15:41] I see, ok. [15:41] i'm not sure whether or not amazon actually had to do something special with their akis or not. [15:42] or, if anyone who could publish a kernel (ie me) could have just loaded a functional pv-grub loader as akernel and magic would have happened [15:42] smoser, BTW... what are the steps to create a tarball of a lucid and mverick image with a ramdisk? [15:42] yeah, silly openstack, and its insistence on ramdisk. what year is this ? [15:43] :) [15:43] Daviey, extract tarball, mount image, copy /mnt/boot/initrd-*virtual* ./my-initrd [15:43] What happens if you just provide an empty ramdisk? [15:43] That should do the trick, really. [15:43] then you can use publish-image for the kernel and ramdisk, or create a tarball with all those files init. [15:44] soren, yeah, i dont know its possible. the kernel would jus tignore it and try to go on with life. [15:44] * Daviey waits for his eucalyptus cloud to finish installing before trying it. [15:44] Exactly. [15:44] Daviey: https://bugs.launchpad.net/ubuntu/+source/xen-meta/+bug/540110 [15:44] Launchpad bug 540110 in xen-meta "ubuntu-xen-server has broken dependencies (dup-of: 538917)" [Undecided,New] [15:44] Launchpad bug 538917 in xen-tools "xen-tools is not available in lucid" [Undecided,New] [15:45] assaasaasasaassasasssssasasaddassOPOP456s4d65asdsdsakjljkjkljkl [15:45] ss/awa [15:45] SpamapS: I just said it in the bug report too. [15:45] oops.. sorry [15:45] soren, one other piece of info. [15:45] patdk-wk: Can cryptsetup handle UUID? [15:45] our uec-images come with a file named '-loader' which is a grub multiboot loader that just basically does "multiboot (hd0,1)/boot/grub/core.img" [15:45] SpamapS: I don't mind in the path, just not so it can replace system packages. [15:46] This is the first time UUID would actually help me :P [15:46] so then the guest just has to maintain /boot/grub/core.img and the loader will work. [15:46] smoser: Oh, ok, so it's not exactly like EC2. [15:47] well its really close. we use grub2 [15:47] they use grub1 [15:47] i didn't want to maintain grub1 code [15:47] more than i had to [15:47] smoser: i don't blame you :) [15:47] http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/annotate/head%3A/mk-uec-mb-loader [15:47] that is what makes our loader file [15:47] I'm just curious, though... [15:48] If you don't support the exact same approach as.. [15:48] Oh.. [15:48] I know why :) [15:48] I was going to ask: [15:48] If you don't support the exact same approach as EC2 anyway, why not go all in and just skip the whole -kernel (and optionally -ramdisk) business and just boot directly (like most peopel use kvm). [15:49] we have 2 loader management utilities in our images. grub-pc (for uec) and grub-legacy-ec2 (which does not conflict with grub2) [15:49] ..but obviously, there's not mbr. [15:49] s/not/no/ [15:49] right. i'd have had to have eucalyptus write an mbr, and put a loader on it. [15:49] and actually, my loader will do that. [15:49] so, if you booted an instance, via core.img [15:49] then removed core.img [15:49] and installed any loader onto the guest's /dev/sda [15:50] then rebooted [15:50] the multiboot loader would not find the core.img and chainload to the disk [15:50] Nova, by the way, is growing an option to let people upload raw disk images and specify a special AKI that will just boot the disk image directly. [15:50] (this is not tested, though, but "should work") [15:50] i did consider that path. [15:51] and using something like 'aki-RAWDISK' [15:51] but that was more intrusive. [15:51] It's very handy for people using hypervisors that don't let you pass kernels and ramdisks and such. [15:51] Like VirtualBox, for intsance. [15:51] well, the floppy solution works there to [15:51] instance, even. [15:51] Maybe. [15:51] Well, probably. [15:51] if you dont mind using hardware from 1990 [15:51] (the floppy [15:51] ) [15:51] MTecknology, I hope so [15:52] The rawdisk thing lets you boot other OS's, too, though. [15:52] crypt640b UUID=9dffcad4-f051-4db9-9323-51cd74ba2681 /etc/keys/storage.key luks [15:52] crypt2a UUID=6e5be471-b3e1-448f-8433-bb081cc4f7ef /etc/keys/storage.key luks [15:52] crypt400 UUID=4afe55a6-1610-4f07-b07e-8c73d700c1c1 /etc/keys/storage.key luks [15:52] crypt1b UUID=e3fbc6b2-5877-4c97-846c-bd3532ec2c00 /etc/keys/storage2.key luks [15:52] crypt1a UUID=a8fb5ac8-680a-4acb-8fd6-414cb871591e /etc/keys/storage2.key luks [15:52] Who have never wanted to run OS/2 in the cloud? Come on? [15:52] patdk-wk: I take that as a yes :P [15:52] patdk-wk: Please don't do that agian. [15:52] patdk-wk: thanks :D [15:52] heh, it's only 5 lines [15:53] patdk-wk: s/only // [15:53] soren, so does the floppy [15:53] (boot other oses) [15:53] soren: i still have that caldera bootdisk lying around [15:53] you just provide a loader. [15:53] smoser: I clearly haven't grasped grub2. How'd you do that? [15:54] uec images provide a linux specific loader. but anyone can provide a loader that loads windows. [15:54] grub2 is crazy cool [15:54] look at lines 53-77 or so at http://bazaar.launchpad.net/~ubuntu-on-ec2/vmbuilder/automated-ec2-builds/annotate/head%3A/mk-uec-mb-loader [15:55] that is grub script [15:56] smoser: Ah, wicked. [15:57] i'm guessing it would not be difficult to add identical function to openstack, to use a boot floppy if a multiboot image is found in specified aki [15:57] other than using a floppy, i think its really clean. [15:57] the nice thing is, what i promise to the end user is that i can load a multiboot image. [15:58] which is a documented standard, and one that grub isn't going to drop support for anytime soon. [15:58] Yeah. Very cool! [15:59] I notice there's code for virtio in one of the scripts you patch. [15:59] yeah, euca 2.0 supports virtio root === ivoks is now known as ivoks_away [15:59] How do you determine if the image in question will handle virtio disks nicely? [15:59] you dont [15:59] It's globally configured? [15:59] yeah [15:59] Thought so. [16:00] yeah, its a mess of backwards compatibility [16:00] Yeah. There's a reason we didn't just tweak the libvirt xml ourselves back then. [16:00] But meh. [16:00] they would have had to extend the ec2 api to allow per-image choice [16:00] Yup. [16:00] well, its configurable. [16:05] i had multiple conversations with multiple people on exactly what would break or was at least indeterminable when the admin turned on virtio root, virtio net, and/or virtio ebs volumes [16:05] basically, you cannot keep backwards compat. [16:05] but the scsi is a dead, unmaintained option. [16:06] ScottK: the proposal has things going into /usr/local, where dpkg isn't allowed to put files. [16:06] smoser: Yup. It's teh suck. [16:06] ScottK: so there is no replacement of packaged system files at all. [16:06] smoser: I'm looking at your code... Are the floppy and the loader tied to each other? [16:06] no. [16:06] well. [16:06] smoser: Then why must I pass the loader to the floppy generation thing? [16:06] SpamapS: Replacement not in the send of replacing the file, but in the sense of superseding what gets run. [16:07] because the floppy will load *any* multiboot compliant loader [16:07] and the uec images come with *a* multiboot compliant loader [16:07] (which is quite likely suitable for other linuxes with grub-pc) [16:08] ScottK: how is that different from "make install", CPAN, python? [16:08] i could have cut out one of the steps, and just had the user supply a floppy disk as an aki. [16:08] mathiaz: Python at least puts stuff in site/dist-packages where it's only in the path for Python. [16:08] smoser: Ok, it just seems odd that it needs it at build time, but I can use something completely different at runtime. [16:08] So it's radically different. [16:08] ScottK: installing via python distutils could drop an new apt binary in /usr/local/bin [16:09] smoser: Possibly because I don't understand it very well yet. [16:09] I need to install an MTA on my ubuntu box for only sending emails, what should I use? [16:09] build time ? [16:09] what build time [16:09] mathiaz: It could, but it's not the typical use case. [16:09] i really should document this by the way. [16:09] ScottK: so how is that different in the gem world? [16:09] smoser: mk-mb-loader [16:09] smoser: Builds the floppy image. [16:09] i've wanted to, and this conversation is the best doc there is on it at the moment. [16:09] right. [16:09] oh [16:09] mathiaz: My understanding is in the gem world installing to /usr/local is the normal use case. [16:09] wait [16:10] smoser: Oh, I thought that floppy image would be reused? [16:10] no. [16:10] the floppy that it outputs cannot be reused [16:10] smoser: Ok, then I get it. No worries. [16:10] it is specific to that aki [16:10] And while gems are generally thought of as a developer tool, once you freeze the gems and distribute your app, then it's an end user problem too. [16:10] ScottK: well - yes - user scripts go in /usr/local/bin/. [16:10] ScottK: isn't that the same in the python world as well? [16:10] smoser: Gotcha. I'm with you now. [16:10] i could have done a generic one, by using 2 floppies [16:10] :) [16:10] but comon, who ever had 2 floppy drives! [16:10] ScottK: easy_install ends up in /usr/local/bin/. [16:11] fwiw, the floppy could easily be made into a cdrom [16:11] smoser: I just somehow got the idea that it was only generated locally beucase it was simple to do so, people were likely to have the dependencies anyway, and it saved a bit of bandwidth. [16:11] smoser: Hey, I had two floppy drives for years. [16:11] smoser: And nothing else. [16:11] smoser: And one of them was 1.44MB! [16:12] mathiaz: But we patch easy_install to respect if the package is already installed via a Debian package and not replace it. [16:12] I'd be happy with that. [16:12] i got to run. i will try to write this out somehow. [16:12] but i think you get the general idea [16:12] smoser: Wicked. Thanks for clearing this up! [16:12] and why the solution [16:12] smoser: Certainly. [16:12] ScottK: right - that could be a useful improvment [16:13] mathiaz: Do that and I'm happy. [16:13] ScottK: how does it relate to the /usr/local/bin issue? [16:13] so far the only issue we've hit with it was that i added 'grub-pc' as a dependency to eucalyptus-nc. [16:13] which forced grub-pc to be installed earlier in the install process, which caused installer issues. [16:13] ScottK: what does easy_intall actually do wrt to debian packages? [16:14] ScottK: does it check if there is already an executable of the same name provided by a debian package? [16:15] ScottK: and if so easy_install refuses to proceed? [16:15] mathiaz: I don't recall the details and I'm in a meeting at the moment, but something like thtat. [16:15] Acutally I think it considers itself to have succesfully provided the requested package. [16:24] I'm fairly certain the ruby devs of the world would *hate* that gems wouldn't let them get the newer ruby lib just because the debian version was installed. [16:25] I've had many occasions with CPAN where I just want to replace one library in the chain of dependencies with the newest version.. but the others from deb/rpm/whatever are fine. [16:26] But thats not really at issue. The current rubygems will happily let you replace an existing debian installed gem with a newer one. [16:26] Its just that if it has binary scripts, they won't be in the path [16:26] Even if it lets you shoot yourself in the foot, it should still warn you [16:26] which is, btw, awesome because the binary script that you have, may not be compatible with the one from the library. [16:27] twb: ... ./configure doesn't warn you that you're putting stuff in /usr/local..why should gems? [16:27] You said "replace" [16:27] I assumed that meant clobbering files [16:27] Nah [16:27] Anyway, it's nowhere near as bad as trying to mix cabal and debian Haskell packages [16:27] just putting them in an earlier point in the ruby library path [16:28] Which is pretty much guaranteed to result in your compiles failing at link time due to it trying to statically link in multiple versions of a library [16:28] doh === sjm is now known as sjm_ [16:28] At least debian haskell packages are actually maintained now [16:29] SpamapS: I get that Ruby devs are insane, that doesn't mean we should be too. === sjm_ is now known as sjm [16:29] I have to agree with the poster who is concerned about how far Debian diverges from upstream. [16:29] upstream is always insane [16:30] ScottK: whats next, patch autoconf to put things in /var/lib/C by default? [16:30] SpamapS: I'm not arguing the current situation is good. [16:32] SpamapS: I'd be OK if it would do something like fail and warn "gem X would supersede binaries provided by package Y. If you want gem X, remove package Y or reinstall with -f." [16:32] ScottK: protecting /usr/bin from /usr/local/bin overrides isn't really something the OS can or should do. [16:33] Not allowing third party non-native package managers to break the system, however, is. [16:33] Speaking of ruby and gems - does anyone know how actively the gem debs are maintained? It seems like most ruby applications in the wild require something that is not packaged.. [16:34] Because right now, the bulk of the ruby world starts their system configuration on debian and ubuntu with wget http://rubygems.org/rubygems.tar.gz && ... make make install and gets their gems *in /usr/bin* [16:34] So by trying to protect these users, we've forced them into a much worse situation. [16:34] vmlintu: Ruby is exploding way to fast for packagers to keep up. [16:34] OK. So let's find a compromise that improves the situation. [16:36] ScottK: If there was a hook in rubygems that could use update-alternatives, that might be better than just tossing things in /usr/local/bin from the debian package maintainer viewpoint. I am wary of the complexity of such a solution though. [16:36] SpamapS: That's was got reverted last time around. [16:36] indeed [16:36] Are there efforts underway to get any ruby applications and their dependencies packaged or are all the efforts doomed? [16:37] There are ruby packages in the archives, just not gem based ones. [16:37] well at this point, gem install from ruby 1.9.2 will put things in /usr/local/bin directly [16:37] I'd like to see a dh-make-gem created [16:38] At least from that standpoint, it would lower the barrier to entry for making gems into debs [16:39] SpamapS: I don't understand why it is essential that gems have unfettered access to trample the namespace of every binary on a system? [16:40] vmlintu: there's at least one ruby app in ubuntu -- apt-listbugs :P [16:40] ScottK: because thats what the authors intend it to have? [16:40] SpamapS: And the Debian package system intends it to have none. So what's the middle ground. [16:40] twb: puppet is also using ruby and rails [16:41] ScottK: again, make and autoconf do the same thing... nobody's patching them to avoid /usr/local [16:41] Quite a few users download unpackaged software and untar, ./configure, make && make install, and accept the problems with that. [16:42] I wonder what happened to debgem.com as they managed to package a huge number of gems in some way.. [16:43] is this possible that httpd.conf is an empty file ? [16:43] vmlintu: getting 90%-right packaging is something you can pretty much automate [16:43] Its very similar to the common carrier problem ISP's have. They *could* stop child porn at the routers, but then they'd be *responsible* for how people use their network. We are not taking responsibility for users' actions at a level that IMO is inappropriate. [16:43] Madwill: check the .d directories [16:44] s/are not/are now/ [16:44] huge DOH [16:44] SpamapS: If they replace our gems with theirs, then it's equally no longer our problem. [16:44] conf.d [16:45] only charset in there [16:45] So this kind of argument also works for keeping the status quo. [16:45] must be on the wrong folder [16:45] etc/apache2 [16:45] ScottK: right, so thats what most do, because they like Ubuntu enough to put up with that crap. But I have two personal friends who considered switching to CentOS because rubygems was so broken, they were tired of fixing it themselves. [16:45] Madwill: I don't run apache, so I can't help much more. Have you checked what the Ubuntu Server Guide has to say about it? [16:46] ScottK: and we were inundated with ruby sysadmins and devs at Velocity 2010 begging us to fix rubygems [16:46] SpamapS: have they filed a bug report in launchpad? ;-) [16:46] twb: years ago [16:46] i think its in apache.conf and not httpd.conf anymore [16:46] SpamapS: That's fine, but the definition of "fix" is not necessarily follow upstream's insanity blindly. [16:47] then what do you run out of curiosity ? [16:47] ScottK: agreed, which is why we change /usr/bin, to /usr/local/bin. :) [16:47] Madwill: busybox httpd [16:47] ScottK: at least that way users can blow away /usr/local/bin/* and be "back to debian" ;) [16:47] interresting thx [16:48] SpamapS: I agree that's an improvement, but I'd like to find a reasonable way to protect the namespace of existing binaries. I wouldn't even mind if it was limited to protecting non-gem binaries. [16:48] It would be interesting to expose the security problems in CPAN/pypi/rubygems by creating a MITM DNS cache poisoning attack that replaces the word "the" in string literals of code with "pwn3d" or something like that.. :) [16:49] ScottK: is there an existing list of all packaged binaries? Otherwise are you going to do a 'which' before install (with users', not root's path)? [16:50] SpamapS: apt-file ? [16:50] That only knows about the currently installed binaries, right? [16:50] Emphatically, no [16:51] But even so, it wouldn't help, because I could upload a new .deb next week that provides a new binary [16:51] SpamapS: Maybe XB-Ruby-Gem and then if that's present, it's OK to supersede it. [16:51] Ok, so that might work. [16:51] Also apt-file isn't installed on normal systems :-) [16:52] twb: yeah, like I was thinking earlier.. I don't think its the OS's job to protect that namespace. If the sysadmin starts installing things with a different package manager, they have accepted responsibility... we should of course make efforts to avoid unrepairable breakage, but I don't think we should stop them. [16:53] And somebody already pointed out that you only have to be a member of 'staff' to install in /usr/local, so you can even protect yourself by installing gems as a staff member, and not root. [16:53] IMO it's reasonable to expect gems to (mis)behave about the same as cpan(1) and python-setuptools. [16:54] Yeah [16:54] CPAN puts stuff in /usr/bin by default I think [16:54] And I'd say the best way to fix it is to write code that can automatically turn gems into local packages, and encourage people to use that instead of just writing files onto the filesystem [16:54] twb: yeah like the sdist tool for python that allows very easy debianizing of pypi pakages [16:55] SpamapS: I was actually thinking even more one-shot, like "m-a a-i foo" is/was [16:55] I'd love having something to easily turn gems to debs.. [16:55] vmlintu: I'm not stopping you from implementing it :P [16:55] vmlintu: file a wishlist bug. :) [16:55] SpamapS: Would you agree with the idea that as a design goal it would be reasonable for gems to not supersede binaries provided by non-gem packages? [16:56] ScottK: where "provided" means already installed on the filesystem and visible to dpkg -S ? [16:56] Yes [16:56] Can't expect it to know about packages not installed. [16:57] ScottK: it's TECHNICALLY possible (assuming your sources.list doesn't change), but I grant that it shouldn't be expected to know [16:57] twb: I'll probably implement something as I have a project in development with huge pile of gem dependencies that would need to be distributed somehow.. [16:57] ScottK: by limiting gems to /usr/local, you are already guaranteeing you won't overrite files. I think its reasonable to do a checkbefore install that goes "WARNING: bin files in this gem overrwrite files you already have in your path" .. but they should be able to continue anyway [16:57] twb: Agreed. It's also very hard to not be slow even for ruby if you have to check stuff not installed. [16:57] Are gems always 100% architecture: all? [16:58] ScottK: the problem with that is, root's path is different from bob's path [16:58] twb: no [16:58] twb: no.. some of them compile binaries from c or something else.. [16:59] looking at the format of a gem .. it should be trivial to generate a debian/control and a tool to add to debhelper [17:01] Make sure to write the tool in perl to spite the ruby users :P [17:01] :) [17:02] wasn't ruby's creation inspired by perl6? [17:02] I thought it was caused by greenspunning [17:03] how do i flush the arp tables ? some annoying entries in there that i cant figure out where the machine name is set to rujl1rb3tr13g90b lol [17:03] dominicdinada: ip neighbour flush ? [17:03] dunno, the history on the website doesn't actually mention perl so maybe that was some crackpot idea from the nether regions of my head [17:04] SpamapS: it's more a mishmash of the more obvious features of smalltalk and lisp, iirc [17:04] twb: i would assume so... i dont see it set in any of my hostnames but the server keeps calling it ewrfhj;wgasg; [17:04] dominicdinada: uh, your getting line noise at the end of your messages [17:04] SpamapS: http://en.wikipedia.org/wiki/Greenspun%27s_Tenth_Rule [17:05] twb: lol not noise the machine name is a bunch of random letters... so u can see how annoying that is [17:05] twb: hah, what an interesting concept. :) [17:05] dominicdinada: is your host on a trusted network? [17:05] no [17:06] dominicdinada: well, you can't use arp on an untrusted network [17:06] i am pretty sure it is my doing when i was pissed long long ago i just cant track down which machine i set with the name lolk [17:06] I guess someone is arp poisoning you [17:06] twb: well it is not ness, a arp entry i just assumed it was in the arp cache and other OS [17:07] OS's store such information and such in the arp tables [17:07] SpamapS: it applies to more than just C and Fortran, of course -- it's just that's all that was around when Greenspun formulated the hypothesis. [17:07] dominicdinada: when you run "ip neigh show", is it there, or not? [17:07] twb: Lisp and Haskell are on my todo list.. I suppose I should give them both a try. :-P [17:08] zul: hey, i have an apache2 change i'd like to run by you [17:08] See also jwz's "Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can." [17:08] kirkland: sure [17:09] twb: dang it i think i named the gateway the jibberish :/ [17:09] - --with-suexec-docroot=/var/www \ [17:09] He had a really funny comment in, lesse, xscreensaver code, too... [17:09] * SpamapS rejoices as his U-verse connection returns, freeing him from the bonds of 3G [17:09] - --with-suexec-docroot=/home \ [17:09] + --with-suexec-docroot=/home \ [17:09] dominicdinada: if it's an appliance, maybe it just got its knickers twisted -- bounce it [17:09] kirkland: why? [17:10] zul: basically, changing the suexec doc root default from /var/www (which doesn't work out of the box, as far as i can tell) [17:10] zul: to /home [17:10] kirkland: +++ [17:10] zul: so that it'll work with /home/*/public_html [17:10] twb: still learning the underlying linux commands as this information is stored elsewhere in other OSs flavors [17:10] suexec is only useful in per-user contexts [17:10] zul: as it stands, you'd have to move each user's public_html to /var/www/*/public_html for it to work [17:10] SpamapS: have you experienced this before [17:10] SpamapS: this is the first I've encountered it [17:10] Shouldn't stuff be pointing at /srv/www instead of /var/www by now? [17:11] SpamapS: but I found http://www.unixguru.biz/howto-apache2-suexec-php5-and-fastcgi-for-virtual-domains/ [17:11] dominicdinada: no worries [17:11] kirkland: I've configured suexec many times.. you never want that docroot to be the system wide docroot. [17:11] kirkland: its this for php/ [17:11] SpamapS: okay ... how do I reconfigure it? looks to me like the suexec binary has to be rebuilt from scratch [17:11] zul: php or python, yeah [17:12] I haven't ever used suexec on a distro packaged apache though, because its usually pretty broken. [17:12] kirkland: im hesitant against this change right now because we are getting closer [17:12] twb: ok it is actually this computer that is named "blah-tvykimdu0" since i am stream video to this machine iptraf shows the packets streaming BUT this machine hostname is set to diabolical-xx [17:13] where the heck else is the machine name set if not in hostname... but it could be old neighbor entries :/ [17:13] SpamapS: would you mind filing a bug against apache2, complaining about suexec, and assign it to me? :-) [17:13] dominicdinada: probably the hostname you have in /etc/hostname (and /etc/hosts) doesn't agree with the records in your router's DNS server [17:13] hi guys, I need to gzip a huge file and pass it over to another server. But I dont have enough space on my current server for the gzipped file. How can I pipe the output of "tar -czf file.tar.gz file" into scp? [17:13] dominicdinada: are you using DHCP to get an IP? [17:13] kirkland: hah, sure. :) [17:13] you can't pipe to scp [17:14] twb: in the router it is set correctly. because on the activity report it lists the machine name correctly there... yes dhcp [17:14] zul: bummer [17:14] patdk-wk: cat -zc foo/ | ssh 'cat >foo.tar.gz [17:14] Oops, bad completion [17:14] zul: i'll have to build a local copy then for my fedex project [17:14] zul: how long does apache2 take to build locally? [17:14] hehe :) [17:14] kirkland: couple of minutes [17:15] * patdk-wk wonders what output 'tar -czf file.tar.gz file' makes anyways [17:15] twb: nano hostname shows correct computer name ugh [17:16] dominicdinada: then I don't know where the "bad" hostname is coming from. [17:16] twb: on the server i did ip neighbor flush all [17:16] maybe it needs a reboot :/ [17:17] dominicdinada: you COULD reboot the server. Or you could isolate and fix the damn problem. [17:17] SpamapS: wouldn't something sudo- or polkit-flavoured be easier to lock down than suexec? [17:18] twb: well i am making the effort as i said before i cant track down any issue except old records it is very possible i named this machine blah-gkeghjeg before and changed it. or it could be a naming conflict but i dont think there is one [17:18] dominicdinada: OK, fair enough [17:19] twb: every where i know to check the machine names etc it is not showing as a funny name :( [17:20] dominicdinada, where do you see the incorrect name? [17:20] well in iptraf but it is all over like in netstat etc [17:21] those all use whatever is set in nsswitch [17:21] hosts: files dns [17:21] i will check on both machines [17:21] twb: yes, suexec *sucks* [17:21] patdk-wk: run "getent hosts" on both the good and bad names [17:21] SpamapS: maybe it should just not be shipped by ubuntu, then [17:21] nsswitch.conf = db files :O [17:22] heh, I don't use getent much, but then I don't have issues like that :) [17:22] heh? [17:22] dominicdinada: run "getent hosts" on both the good and bad names [17:22] ok [17:22] patdk-wk: ignore that, I'm fat-fingering nicks [17:23] twb: no, its an industry standard and you would alienate *thousands* of hosting providers by not shipping it [17:23] SpamapS: bummer [17:23] * patdk-wk loves suexec [17:23] twb: patdk-wk both results look fine no bad names [17:23] well, when I must and forced to use it [17:23] patdk-wk: as do many others. :) [17:23] I wish there wasn't such a disconnect between "industry standard" and (genuine) best practices [17:23] using suexec is just the slowest way to run an cgi ever [17:23] dominicdinada: I give up [17:24] twb: the key is not to eliminate risk, but to expose it. [17:24] the more that ubuntu can help people calculate and accept the risk their taking, the more succesful people who use ubuntu will be [17:24] I guess, but educating people who don't want to learn is HARD [17:25] people that don't want to learn, most likely will never bother to use suexec [17:25] if you try to take all the risk away, you basically just get a mediocre system that never lets anybody do anything interesting [17:25] Just isolating their chunk of the net from everyone else is easy (e.g. RBLs) :-) [17:25] and will run everything as www-data :) [17:25] twb: gimma gimma gimma - don't make me learn - just tell me how to do it the way i think it should work [17:25] kirkland: done [17:25] SpamapS: bug #? [17:26] SpamapS: dude, I'm a security weenie. Null utility means aleph security :-P [17:26] bug 629633 [17:26] Launchpad bug 629633 in apache2 "suexec should be configured to use /home as its docroot" [Wishlist,New] https://launchpad.net/bugs/629633 [17:26] * SpamapS wonders why it didn't pop up in channel yet [17:26] SpamapS: the 1s got stuck in the tubes [17:26] twb: don't they just slide right through the holes in the 0's ? [17:26] SpamapS: LP seems very slow right now [17:26] not if the cable's too bent [17:26] s/right now// [17:27] * SpamapS apologizes to lifeless for that cheap shot [17:27] isn't lp getting updates today? [17:27] SpamapS: on a slow day it's still much faster than drupal.org [17:31] hmm I just got the bug mail.. I bet the bot gets it shortly [17:31] New bug: #629633 in apache2 (main) "suexec should be configured to use /home as its docroot" [Wishlist,Triaged] https://launchpad.net/bugs/629633 [17:32] SpamapS: ah, i stand corrected ... there is a apache2-suexec-custom package === bladernr_ is now known as fader__ === fader__ is now known as bladernr_ [17:33] kirkland: that addresses this issue? [17:33] SpamapS: possibly, i'm testing now [17:33] kirkland: is that mentioned in the README.Debian? [17:33] SpamapS: i've still not actually gotten suexec to work [17:43] after following this guide: https://help.ubuntu.com/10.04/serverguide/C/mail-filtering.html i can no longer connect to my mail server from client [17:43] any help? [17:44] Met4physica, and what is the issue? [17:44] patdk-wk: can't send mail [17:44] that guide is fine [17:44] patdk-wk: prior i could telnet localhost 587 and it would work. post guide i do that, and it can't connect. client can't connect to smtp server [17:45] define, send mail :) [17:45] so your client can't connect? or does it connect and doesn't authenicate? what error message? [17:45] patdk-wk: thunderbird email client was set up to use my server with postfix, dovecot and was working prior to going through this guide. made changes in guide. now, it states "Sending of message failed. [17:45] The message could not be sent because connecting to SMTP server " [17:46] xxx.server.com failed" [17:46] can't telnet to the port anymore, seems to be closed? [17:46] I need to add a second "nic" to lucid , but I don't remember how to do that with command tools. Any hint about a link or documentation on the subject? [17:46] did you screw up postfix config and it is not starting? [17:47] batok, turn off lucid, install nic, turn on, continue life [17:47] in this case is a vNic ( vmware vsphere hypervisor ). [17:48] I added the vnic already [17:48] hmm, I normally just reboot the vm [17:48] I am going to restart , tks [17:48] patdk-wk: postfix restarts just fine, without any errors (as far as I can see) [17:48] SpamapS: dang... do you have any hints for me? [17:49] SpamapS: i just want to have /home/kirkland/~public_html/foo.php to run as kirkland [17:49] kirkland, did you make a virtual section in apache? [17:49] patdk-wk: hmm, not beyond the default [17:50] I believe suexec only works inside a virtualhost [17:50] and you need to use: SuexecUserGroup kirkland www-data [17:50] or something like that [17:51] patdk-wk: I can telnet 10024 and connect to Amavis - says the service is ready. However, now I can't connect on 25 or 587 [17:52] Met4physica, postfix isn't working, or setup correctly [17:52] and those instructions don't cover that [17:53] patdk-wk: i had postfix setup and working prior to this guide, so i would really wonder what changed? how would you suggest i go about troubleshooting? [17:53] first, netstat -atn | grep 587 [17:57] patdk-wk: no result [17:58] Sep 3 16:57:12 aegir postfix/master[15108]: fatal: /etc/postfix/master.cf: line 26: bad transport type: content_filter= [17:58] in the guide it said, "Also add the following two lines immediately below the "pickup" transport service:" - seems to be related? [17:59] Met4physica, did you indent them? [18:00] patdk-wk: no [18:01] heh [18:01] patdk-wk: ok i fixed that [18:02] patdk-wk: now my ports are open [18:02] patdk-wk: that guide should have a note about the importance of indentation for us noobfolk [18:02] heh [18:02] it might assume you know postfix, not sure [18:02] I mean, email servers themselfs are not hard [18:02] but making them talk to other ones, are [18:03] patdk-wk: is there an equivalent to postfix with a more ...accessible configuration file format? [18:03] sendmail? [18:03] patdk-wk: tried that, wasn't my cup of tea either [18:03] I always thought postfix was pretty straight forward, only 2 files to worry about [18:04] though, I still do lots of sendmail work, editing cf files [18:04] patdk-wk: i completely agree. but where would one read about how whitespace was important? [18:04] patdk-wk: assuming they were self taught linux hobbiest types [18:04] the postfix master file manual [18:04] http://www.postfix.org/master.5.html [18:05] patdk-wk: fair enough. still have a bit of resistance to reading such things, but its important. will do [18:06] there is very little to learn about master.cf, unless you want to make all kinds of new things in it [18:07] generally each line is a service [18:07] if you need more lines to define a service, you need whitespace first, to tell it you are continuing the last line [18:07] sendmail? accessible? not in this world [18:07] patdk-wk: ah i see [18:08] the other supported mail server is exim, which I have zero experience with [18:08] anyone confirm samba 3.4.7 on ubuntu 10.04 LTS was compiled without ldapsam support? [18:08] qman__, never had an issue, I always thought it was pretty stright forward :) [18:08] postfix is probably the easiest I've ever used [18:08] I just haven't had time to look at exim [18:08] I mainly use postfix, and almost retired all sendmail [18:09] I banish qmail as soon as I find it [18:10] there's one reduced feature set mail server basically just for forwarding local mail to a real mail server [18:10] forget what it's called [18:11] ssmtp? [18:11] all the ones I noticed, won't queue [18:11] ssmtp screwed me [18:11] so if the connection, or real server is not working, your screwed [18:11] I use msmtp-mta and it has never screwed me [18:11] patdk-wk: now my client can send mail, but it does not reach its destination : my gmail account, in inbox or spam [18:12] Met4physica, welcome to the world of, you must have everything in order for anyone to accept email from you :) [18:12] there's also the one that queues locally... [18:12] get your hostnames, dns, dkim, spf, .... all setup correctly [18:12] yeah, it's a lot of effort [18:12] any of you able to check the output of chkrootkit and tell me if there's anything i should be supremely worried about? [18:12] patdk-wk: it was working previously to this guide... :( [18:12] patdk-wk: if he's using an envelope FROM of the gmail account he's TLS'd into, it'll accept anything, because it's a submission not a relay [18:13] Oh sorry, I misread [18:13] patdk-wk: i also can't send an email to myself and receive it either . this is odd [18:13] EvilPhoenix, pastebin the output [18:13] one sec [18:14] Daviey, kirkland: there is a mismatch on expectation between /etc/init/eucalyptus.conf and /etc/eucalyptus/eucalyptus.conf [18:15] Daviey, kirkland: we do not use CLOUD_OPTS in /etc/init/eucalyptus.conf [18:16] bleh [18:16] !pastebin [18:16] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [18:16] evil connectivity [18:16] i know pastebin [18:16] you were killed for excess flood [18:16] yah [18:17] znc and xchat dont like each other [18:17] qman__: http://starfleet.pastebin.com/aMDXaHmw [18:17] for the chkrootkit output [18:18] which ubuntu chat room to ask about samba on 10.04 LTS server? tks [18:18] well, unless bindshell is supposed to be running an IRC server, you're owned [18:19] jjk9: server related issues are handled here (if anyone knows :-)) [18:19] * patdk-wk knows (but isn't saying :) [18:19] patdk-wk: is there a way to see what happens to my email after my client believes it is delivered, but it has not reached destination? [18:20] Met4physica, logs :) /etc/log/maillog [18:20] default ports, these guys aren't even trying [18:20] they probably didn't even delete the logs [18:20] qman__, for what? [18:20] his chkrootkit, binshell is listening on 6667 [18:21] ah [18:21] guntbert: tks yeah but is samba server-related? or more general [18:21] jjk9, depends, are you talking about samba *server*? or samba *client*? [18:21] patdk-wk: my mail.log is empty, but my mail.info is FULL of goodies [18:21] jjk9: just ask your question, nobody will hurt you :-) [18:21] qman__: there's an ircd on there [18:21] qman__: it helps to highlight me x] [18:21] Met4physica, heh, I haven't used syslog for so long :) [18:22] is ldapsam compiled into ubuntu samba 3.4.7? [18:23] EvilPhoenix, only one program can listen on a port, so if your IRCd is listening on 6667, then you're fine there [18:23] okay... [18:23] the suspicious files could be legit, they're just suspicious [18:23] patdk-wk: if not using syslog,what would i use? [18:23] mmm [18:23] patdk-wk: would you mind taking a look at my log ? [18:24] so nothing outwardly suspicious then [18:24] patdk-wk !)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2) [18:24] is one notable error [18:25] EvilPhoenix, http://ubuntuforums.org/showpost.php?p=4176512&postcount=2 [18:27] lifeless: shaking over there? [18:27] why is #ubuntu-virt invite only? I was wondering how difficult it is to install and configure spice with kvm at this point. Do we have packages for it in lucid? [18:27] qman__: thanks [18:27] where can I suggest a change to a doc? [18:27] jo-erlend: its been folded into ubuntu-cloud / ubuntu-server [18:28] file a bug against the appropriate -doc package, I think [18:28] but I'm not sure [18:28] * EvilPhoenix checks the list of installed packages on his system [18:30] ... [18:30] there is no -doc package with chkrootkit [18:30] a [18:30] SpamapS: it was [18:31] SpamapS: appears to be some significantly damaged bits [18:31] no stats on human impact yet [18:31] search for earthquake on twitter though [18:32] or the #earthquake tag [18:32] lifeless: its weird, I woke up last night thinking there was a giant earthquake going on but there wasn't [18:33] lifeless: google earthquake new zealand will give top hit nz earthquake site, 7.4, 30 km from christchurch ~4:35am local [18:33] jjk9: thats right [18:33] http://www.geonet.org.nz/earthquake/quakes/3366146g-maps.html [18:33] ouch thats really damn close to a big city [18:33] we're in rangiora on the left hand map [18:34] u would have felt that good then. I'm orig from wgton but now in San Diego [18:34] lifeless: how common are quakes there? [18:35] SpamapS: of this magnitude? not very AIUI [18:35] Having grown up living virtually on top of the san andreas fault .. I find quakes fascinating. [18:35] when I was in Wellington for 40+ years biggest was about 6.7 and very rare that size [18:35] Well quakes over 6.5 are pretty rare period [18:36] multiple amavisd and postfix errors: would someone mind looking at a log? [18:36] just a few each year [18:36] Met4physica: paste.ubuntu.com the relevant parts [18:37] SpamapS: http://paste.ubuntu.com/487922/ [18:37] why is MTA blocked?message not being delivered [18:39] Sep 3 17:31:52 aegir amavis[16333]: (16333-07) (!)FWD via SMTP: -> , 450 4.4.1 Can't connect to INET4 socket 127.0.0.1: Connection refused, MTA([127.0.0.1]:10025), id=16333-07 [18:40] connection refused.. are you sure there's an MTA running on port 10025 ? [18:40] my client is connecting to 587 [18:40] so that should be the port defined? [18:50] Met4physica: maybe amavisd is down? [18:51] remix_tj: here's an updated log, tried changing a couple of things http://paste.ubuntu.com/487930/ [18:53] i get a return from sender email! it states, "Diagnostic-Code: smtp; 554 5.4.0 Error: too many hops [18:53] " [18:53] Met4physica: can you paste the output of the command postconf -n ? [18:54] http://paste.ubuntu.com/487932/ [18:54] hggdh, OK, great - can you raise a bug please? :) [18:56] remix_tj: here is my postfix master file: http://paste.ubuntu.com/487934/ [18:57] anyone know any good tutorials for setting up a kvm guest from the command line [18:58] Met4physica: wait a bit [18:58] the default (https://help.ubuntu.com/community/KVM/CreateGuests) just isn't working [18:59] SpamapS: you're not kidding -- suexec is friggin hard to get right [18:59] Met4physica: the content filter should use port 10024 [19:00] remix_tj: what file is that setting in? [19:00] Met4physica: main.cf [19:00] and in master.cf you should add this [19:00] http://paste.ubuntu.com/487935/ [19:01] because you need to create a special istance of postfix that will recieve the mails checked by amavis [19:01] remix_tj: at the top of my master.cf is the second entry necessary? i was just fudging around [19:02] Met4physica: dunno, buy you can leave it [19:03] Met4physica: http://www.howtoforge.com/amavisd_postfix_debian_ubuntu this is a good tutorial [19:03] :-) [19:03] remix_tj: i left it, made your chagnes, and it works! AND additionally my DKIM seems to work now :) thanks a billion [19:04] kirkland: Have never had it working in under a full day of work. :-/ [19:04] kirkland: there are just too many pieces that can and do go wrong [19:06] ez Barre [19:06] oops [19:06] sry [19:08] Excuse me my DKIM does *not* work, gmail now just gets Mailed By [19:15] Met4physica: What are you using for dkim signing? [19:15] Met4physica: i do not know how dkim works... [19:16] ScottK: OpenDKIM Filter v2.1.3 [19:17] Met4physica: On maverick or an earlier release with your own package? [19:17] I initially installed it by source [19:17] but then just installed the Ubuntu Package [19:17] 10.04 [19:17] Then you have 2.0.2 if you are using the Ubuntu package. [19:17] If 2.1.3 is running, it's still yours. [19:19] a message I just sent cliams its 2.1.3 [19:20] SEJeff_work: I entered the same race condition with only two servers with configs: Srv1: http://pastebin.ubuntu.com/487938/ Srv2: http://pastebin.ubuntu.com/487939/. What might be wrong on them? Srv1 log: http://pastebin.ubuntu.com/487941/ srv2 log: http://pastebin.ubuntu.com/487942/ [19:20] Then it's still the one you installed from source. I'd remove that and use the packaged one (I know it works) [19:20] ups [19:21] New bug: #629720 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8 failed to install/upgrade: el subproceso script post-installation instalado devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/629720 [19:21] ScottK: I am having trouble with the DNS record too I Believe... [19:22] smtp.mail=transformationarts@openashland.com; dkim=neutral (no signature) header.i=@openashland.com [19:22] yet my email does contain a DKIM signature [19:23] Any of you happen to have dig + pastebin + time available for me? [19:23] Met4physica: Paste the signature [19:24] ScottK: here is the whole email (with the sig) http://paste.ubuntu.com/487947/ === dendrobates is now known as dendro-afk [19:26] New bug: #629723 in chkrootkit (main) "False Positive: IRCDs running on port 6667" [Undecided,New] https://launchpad.net/bugs/629723 === dendro-afk is now known as dendrobates [19:28] Met4physica: Where's your key record? [19:30] /var/db/dkim [19:31] my private key? [19:32] No, I mean the DNS record of the public key. [19:33] IIRC it should be located at dig txt mail._domainkeys.openashland.com and I don't find it. [19:33] i am using Linode's DNS manager [19:33] lets see.. [19:35] do you see it now? [19:43] Yes [19:44] So that was your first problem. No DNS record published. [19:46] ScottK: so the next problem ? :( [19:46] Met4physica: Dunno. Does it work now? [19:47] no [19:47] "Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of transformationarts@openashland.com designates 173.230.154.165 as permitted sender) smtp.mail=transformationarts@openashland.com; dkim=neutral (bad format) header.i=@openashland.com" [19:48] They may have your lack of DNS record negativel cached. What's the TTL on the DNS record? [19:48] You'll have to try again later. [19:49] TTL = default === dendrobates is now known as dendro-afk [19:49] Then it's hard to tell. [19:50] For me to look, I ssh'ed into a machine on a different network to avoid the negative cache. [19:50] I'd try again tomorrow. === ivoks_away is now known as ivoks [19:51] ScottK: thanks for the tips. If I sent an email with 1000 recipients out without DKIM, will I be spam blocked? === dendro-afk is now known as dendrobates [19:52] Met4physica: Hard to say, but the absence or presence of DKIM is unlikely to have a major effect. [19:52] ScottK: I am really attempting to understand what would have an effect... [19:55] That's a who area of study that's not particularly on topic here. === A-Tuin_ is now known as A-Tuin [20:03] ScottK: you're right, thx for the technical help [20:05] Met4physica: You're welcome. [20:17] If you do Bad Things you get blocked [20:18] What constitutes a bad thing is defined on a per-site basis by the site admin [20:18] Occasionally I'll run into people who reject all mail from gmail, for example. [20:26] hey guys, when you run "tar zcvf - SOURCEDIR | ssh user1@remotehost 'cd DESTDIR; tar zxvf - ' ", does it tar first on the memory and then send it, or does it tar and send it at the same time? I mean, I have a file about 19Gb, and only 8Gb ram and 4Gb free space on my local server hard-drive.. [20:30] progre55: tar operates on streams [20:31] twb: so it means I'm safe to run it, right?) [20:31] But you could just say tar -zxC DESTDIR [20:31] progre55: I believe so. [20:32] twb: great, thanks man, appreciate ) [20:39] i've got VSFTPD running great on my server, but I would like to secure the connection with ssl_enable=YES. So far I haven't gotten the connection to work over TLS which is what I would like to do. Does anyone have this working? Im using WinSCP to connect. [21:06] New bug: #629685 in postfix (main) "package postfix-pcre 2.7.0-1 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/629685 [21:17] Are there any docs on setting up kvm+libvirt/virt-manager on lucid to allow for live migration? [21:25] guys how to I make postfix my default MTA for ubuntu server , I installed ssmtp but I want to go back to postfix [21:26] Where's the best place to go to talk about kvm/virsh/virt-manager? [21:30] b0gatyr_: you can only have one MTA installed at a time [21:30] b0gatyr_: so I guess "apt-get install postfix" [21:32] twb: thanks, that did it. === roda is now known as Guest4226 [21:41] iulian: Thanks for the nova ack. === ivoks is now known as ivoks_away [21:44] thafreak: Right here. [21:46] soren: Don't mention it. [21:48] soren: are there any docs on setting up kvm for HA? [21:50] Mainly I'm just wondering what the preferred way of sharing VM disk images is. [21:50] I saw alot of people talking about just using NFS, but wasn't sure if iscsi is better [21:51] And if iscsi is better, do you just use one lun per vm, or do you do something like CLVM on one big iscsi target? [21:54] thafreak: Not that I know of. [21:56] Are images directly on NFS generally ok to use, or is that not really recommended for production? [22:15] thafreak: I would think NFS would be awful for performance vs. iscsi. [22:16] I would think so too [22:17] But most of what I read about live migration, most people refer to NFS [22:27] SpamapS: it's not going to be a drastic change, NFS has some optimizations [22:27] but they're not really comparable [22:30] I suppose NFS is pretty good at "give me Z bytes at offset X of file Y" [22:30] well, it's a filesystem, not a remote block device -- so it does a ton of fancy stuff [22:31] like what, bake souflés? [22:33] hmm wonder how many of these we'll see at UDS-N http://www.noisebot.com/narwhal_t-shirt.htm?cmp=elist20100903 [23:02] SpamapS: lol.. [23:24] when doing a "find | xargs rm -f" anyone know how I can view the file names as it's running so I can track the progress? [23:29] Hypnoz: rm -fv [23:36] zash: interested i was looking for a find verbose didn't think to put it on the rm command [23:37] Hypnoz: :D You could also do "find | tee /dev/stderr | xargs", but rm -v would probably be simpler [23:38] zash: -fv worked great thanks! [23:45] hey guys, how can I untar a file, but at the same time delete the archive, as I dont have enough space on my disc for both of them? [23:46] yikes that doesn't seem possible. could you put the archive on a flash drive or network drive? [23:46] how big of an archive are you talking? [23:47] the arch itself 9Gb [23:47] and the file is 19 [23:47] but I have 25 only [23:47] and it's a remote server [23:48] hmm .... [23:49] 25gb is the largest/only partition avail? [23:50] does the system have access to any other servers or network drives? [23:50] well, there's only 1 partition, and it's 32 Gb [23:50] you could go on another server, export a nfs share, and move the archive there, then extract over the network maybe [23:51] hmm.. let me see === lhavelun1 is now known as lhavelund