/srv/irclogs.ubuntu.com/2010/10/05/#ubuntu-server.txt

_Neytiri_how do i setup a vpn server and route traffic from the remote pc's through it00:16
_Neytiri_i have pptpd in stalled and configured and remote clients can connect but i cant get the internet traffic to route00:17
pmatulis_Neytiri_: PPTP?  ouch00:18
_Neytiri_point to point tunneling server00:18
_Neytiri_http://forums.bit-tech.net/showthread.php?t=13202900:19
_Neytiri_i used that tutorial00:19
pmatulis_Neytiri_: PPTP design is broken and weak, consider IPsec or SSL/OpenVPN tunnel00:24
_Neytiri_ok how do i install that and is there a tutorial00:24
pmatulis_Neytiri_: yes, go to openvpn.net00:25
_Neytiri_if i can do it over a ssh connection all the better00:25
_Neytiri_and on openvpn.net there isnt a verson for ubuntu 10.4.100:25
_Neytiri_which is wha ti am running00:25
=== Wandrewvious is now known as WALoeIII
pmatulis_Neytiri_: check the 10.04 server guide00:43
ruben23hi guys any suggestion or idea im getting this tons of erro when i do apt-get update -----> http://pastebin.com/t7KXFFdb00:46
cwillu_at_work_Neytiri_, ubuntu has openvpn in the repository, you don't (and shouldn't) install it from openvpn.net yourself00:51
cwillu_at_workopenvpn isn't related to ssh though00:52
cwillu_at_workif that's what you were thinking00:52
cwillu_at_workruben23, your dns is down00:52
cwillu_at_workor something along those lines00:52
ruben23cwillu_at_work: im using google public--> 8.8.8.8 and 8.8.4.400:53
cwillu_at_workruben23, what does "host security.ubuntu.com" say?00:53
ruben23cwillu_at_work: thats my error when i do it00:53
cwillu_at_work?00:54
ruben23http://pastebin.com/t7KXFFdb00:54
cwillu_at_workruben23, I want you to type "host security.ubuntu.com" into a terminal and tell me exactly what it says00:54
cwillu_at_workthe pastebin is the output of your apt-get00:54
ruben23cwillu_at_work: connection time out: no server could be reached00:57
cwillu_at_workruben23, your dns configuration is messed up then.  pastebin the contents of /etc/resolv.conf00:58
cwillu_at_workapt-get pastebinit; pastebinit /etc/resolv.conf00:59
cwillu_at_worker, nevermind, you can't apt-get :p00:59
cwillu_at_workjust pastebin the file the normal way00:59
ruben23nameserver 8.8.8.8   and   nameserver 8.8.4.401:06
* cwillu_at_work realizes that he has better things to do than retyping his instructions over and over until ruben23 finally does them, and goes for lunch instead01:10
ruben23cwillu_at_work:)01:22
* cwillu_at_work gets back from lunch01:28
pmatuliscwillu_at_work: 18 minute lunch?01:39
cwillu_at_workpmatulis, it's also 6pm.  problem? :p01:39
=== freeflyi1g is now known as freeflying
mattcenHi all, I've got a server running 8.04, and am trying to work out what is telling logrotate to rotate /var/log/auth.log and /var/log/syslog. There is no reference to either file in /etc/logrotate.conf or /etc/logrotate.d/*02:13
=== [1]iclebyte is now known as iclebyte
=== harrisonk_away is now known as harrisonk
bgsmithI am looking for a good bare metal recovery solution for an ubuntu 10.04 server. The box has RAID1+LVM and I have tried mondo and clonezilla on a test system with no success over the last three days. (clonezilla does not support soft RAID), and mondo restore always fails to restore :(03:13
twbbgsmith: recovering from what?03:18
twbe.g. the server being destroyed, the HDDs dying, someone with root running an rm -rf /...03:18
bgsmithbare metal recovery03:19
bgsmithnew machine03:19
bgsmithsame specs03:19
bgsmithworst case scenario disaster recovery planning03:20
bgsmithI have filesystem level backup and archiving policies in place03:20
bgsmithbut setting up RAID, partition tables and the configuration etc would perhaps be too much to ask of a sys admin not too proficient with linux during a crunch.03:23
|rt|hey guys I'm trying to setup a driver using dkms but while a driver is being built at /var/lib/dkms/arcmsr/<version>/<kernelversion>/<arch>/module/arcmsr.ko update-initramfs -v shows that this driver isn't not being included in the initrd any ideas?03:26
|rt|if I make install the driver it puts the .ko file in the /lib/modules/<kernelversion>/extra and update-initramfs shows that the driver is being included in the initrd03:28
twbbgsmith: so your DR plan has to cope with an ignorant sysadmin?03:29
bgsmithin the current scenario ... unfortunately ... yes. this is a small company, and I am the only linux guy here.03:31
bgsmithwe will expand and get more people on board, but that will take around 3 months.03:31
bgsmithso, automated re-creation of partition tables, RAID and filesystem restoration is needed.03:32
bgsmith(a la norton ghost / acronis true image)03:32
|rt|the raid in this case is software raid?03:33
bgsmithmondoarchive seems to be able to do this ... except that it is failing in many ways with our setup.03:33
bgsmithyes ... it is software raid.03:33
bgsmiththe bigger HP servers (couple of them) have hardware raid controllers03:34
|rt|partimage will do what you're looking for03:34
bgsmithand will be backed up by clonezilla03:34
|rt|clonezilla works for that too03:34
bgsmiththe clonezilla website still says that soft RAID + lvm is not supported03:35
|rt|actually clonezilla is a bit better I think03:35
|rt|ah....i take it you're running lvm on top of this software raid03:35
bgsmithyes lvm is running on it03:35
_Techie_is there a really good tutorial on getting a parallel port printer working with cups and hplip?03:36
|rt|bgsmith: dd isn't an option?03:36
bgsmithdd it seems will not work if /boot is on LVM03:37
|rt|how is that possible?  dd is just a block stream image of the block device03:37
bgsmithhttp://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1286246340448+28353475&threadId=7994003:39
bgsmiththat is just what I thought03:39
bgsmithI need to attend a meeting for an hour :( will be back! tnx03:40
twbbgsmith: I'm not aware of any magic that can do what you're asking properly03:40
|rt|i don't think lvm on hpUX is the same as on linux03:40
bgsmithhmmm I will test dd today.03:41
bgsmithactually mondoarchive claims to do just that.03:41
|rt|I know my wife used to work on the LVM equivalent on HPUX when she was at HP and I'm pretty sure it's a different animal there03:41
twbbgsmith: I have a DR solution for similar "dumb" customers, but it assumes that the "real" sysadmin manually performs partitioning ahead of time, and manually duplicates any lvextends and such on the DR box.03:41
bgsmithtwb: mondoarchive claims to do just that ... and works fantastically in a non RAID-lvm environment, and the manual says that it should handle raid+lvm as well ...03:42
twbIs that one of the DVD-RW based solutions?03:42
bgsmithcan do network based recovery or disk based03:43
twbOne of *my* core requirements was also that the end user not need to do anything like rotating media each week03:43
twb(Because they forget to do so.)03:43
bgsmithhmm03:43
twb!dpkg -l mondo03:44
ubottuError: I am only a bot, please don't think I'm intelligent :)03:44
twbGrmph03:44
twbubottu should be forked off the dpkg bot, instead of being its own damn silly supy instance03:44
ubottuError: I am only a bot, please don't think I'm intelligent :)03:44
bgsmithhttp://www.mondorescue.org/  ... I will do the dd thing, and run a couple of more tests with mondo after one hours worth of meetings03:44
twbbgsmith: OK, yeah, that's "mondo" in apt.03:45
bgsmithright ... but that was old03:45
bgsmithI had to get the latest03:45
bgsmithfrom the website03:45
bgsmithin order for the backup to work.03:45
twbI remember looking at it but not why I dismissed it.  Possibly because it looked overkill03:45
bgsmith(the restore still isn't)03:45
bgsmithbrb!03:45
twbupstream ships 2.2.9.4, squeeze and karmic onwards ship 2.2.7.  That's not a big jump...03:46
_Techie_is there a really good tutorial on getting a parallel port printer working with cups and hplip?03:55
twb_Techie_: don't you just plug it in and browse to :631 and follow the prompts?03:56
_Techie_apparantly not03:57
_Techie_i installed the hp drivers hplip03:57
_Techie_but whenever i run hp-setup -i, i only get USB and net03:57
twbPersonally I avoid printers that don't have onboard ethernet and PostScript03:58
_Techie_well, this printer was given to me for free and my new desktop machine doesnt have a lpt port03:58
twbCheapass printers are loss leaders for the consumables.03:59
_Techie_this isnt a cheapass printer04:00
_Techie_its a HP laserjet 2100m04:00
twbIf it doesn't have a RAM upgrade slot, it's a cheapass printer :P04:00
_Techie_it does have a RAM upgrade slot04:00
_Techie_comes with 4mb default04:00
|rt|simms maybe :)04:00
twbSo why are you connecting to it via the parallel port?04:00
_Techie_keep it in mind, its not exactly a new printer04:01
_Techie_twb, because i dont have the ethernet module for it04:01
ScottKJetdirect boxes aren't very expensive.04:01
_Techie_yeah, but im trying to make do with what i already have04:02
qman__I've got a parallel-ethernet print server device for such situations04:02
twb_Techie_: bummer04:02
twb_Techie_: well, anyway, as you may have guessed I can't help with the immediate problem :P04:02
_Techie_i figured, but its nice to atleast chat04:02
qman__but yeah, no reason not to buy network printers anymore04:03
qman__when you can get a laser with ethernet for $10004:03
_Techie_qman__, i would love to have an ethernet printer, but sometimes you gotta make do with what you already got, eg 2x 17" CRT's04:04
_Techie_and a 16"04:04
twbI kept those for ages because CRTs can do a much higher resolution that these bloody new-fangled LCDs04:08
mobasheri'm trying to install ubuntu server...which option should i select ubuntu enterprise cloud or server ?04:11
cwillu_at_workmobasher, are you installing onto a cloud?04:11
twbmobasher: if you do not know what a cloud is, you want the latter04:12
mobasheri have no cloud just this amd box and one intel with ubuntu desktop on it04:12
cwillu_at_workmobasher, so -server04:13
mobasherok thanks...i guess cloud is more for like server grid computing ?04:14
twbmobasher: well, cloud is for cloud computing04:14
cwillu_at_workyeah;  you're look for less hardware support and more virtualization support04:15
twbBut IMO it's mostly buzzword wankery04:15
cwillu_at_workspoken like somebody who doesn't know what they're talking about <304:15
mobasherthanks guys..appreciate it ;-)04:15
twbcwillu_at_work: you know it04:16
cwillu_at_workalthough I don't know for a fact that ubuntu's cloud stuff has memory ballooning and so forth enabled04:16
cwillu_at_worktwb, the concept of using-all-of-the-available-memory-on-cache fails hard in a virtual environment04:16
cwillu_at_workthe typical bandaid is to tell the vm that it only has 256mb available or whatever04:17
cwillu_at_workfar better is to say that it has several gb available (as is true), but that it should minimize its use of those resources04:18
qman__I'm of the opinion that clouds have their place04:18
cwillu_at_workotherwise you end up having cache on disk, with the vm thinking it has that data available quickly, and the host having little idea what can actually be pushed to disk04:18
qman__and that my 20 node network isn't it04:18
twbcwillu_at_work: erm, can't you jsut set stuff like vm.swappiness=0?04:19
cwillu_at_worktwb, that has nothing to do with this :)04:19
twb(OK, that's swap not cache, but you get the idea)04:19
cwillu_at_worktwb, and you don't necessarily _want_ swappiness at zero04:19
cwillu_at_workreally, you probably want swappiness at 100, so that the vm is perfectly aware of when it needs to go to disk, rather than it thinking that gee, my memory is really slow today!04:19
cwillu_at_workall this to say that yes, you really do want a different distro for vm than you do for real hardware04:20
cwillu_at_workwhether vm itself is useful to you is another matter04:20
twbI guess I call it 'buzzword wank' because it mostly seems to be stock standard virtualization with a shim to allow rapid (de)provisioning of stateless VM images across a farm.04:21
cwillu_at_work... as qman__ mentions04:21
qman__it's useful technology, but it is littered with buzzwords04:21
twbcwillu_at_work: where "different distro" mostly means a handful of kernel .config changes and sysctl.conf, I guess.04:21
qman__and it really isn't all that different from the virtualization we've been using for the last decade04:22
cwillu_at_workqman__, this is true.  But the solution to that isn't to focus on the wankery :p04:22
cwillu_at_worktwb, yes, that's what distro's do04:22
cwillu_at_workI mean the difference between ubuntu and kubuntu is a set of default packages04:22
twbI don't consider kubuntu to be a different distro04:22
cwillu_at_workand the difference between fedora and ubuntu is the packaging manager04:22
twbcwillu_at_work: and the packages04:23
cwillu_at_worktwb, not nearly as much as you may think04:23
twband all the other infrastructure, like the ticket system and the PR team04:23
cwillu_at_workboth distros want to be as stock as possible04:23
cwillu_at_worktwb, you're conflating the companies and the distros04:23
qman__fedora is very different04:23
cwillu_at_workhmm04:23
cwillu_at_workyeah, I see your point04:23
cwillu_at_workI'll say flavour instead :p04:23
twbNod.04:23
twbkubuntu and -server are "flavours" of Ubuntu04:24
cwillu_at_worknonetheless, it's significant enough differences that not having to configure a lot of things by hand is nice04:24
twbI *might* say CentOS is a flavour of RHEL :-)04:24
twister004hi guys... how can i configure a Raod warriror vpn tunnel using racoon, setkey and shorewall on ubuntu server ?04:25
twbtwister004: you have a roaming server?04:25
cwillu_at_worktwister004, I suggest finding a tutorial via google or something04:25
twister004so far i have been hardcoding.. as the public adresses are static.. but now, I have a dynamic address with a dns name... how can i incorporate this dns name in my ipsec setup on ubuntu?04:25
twister004it's not roaming04:26
qman__I use dynamic dns with my openVPN without issue, but I don't use ipsec, so not sure how that works04:26
twbqman__: it's basically like openvpn only more difficult :P04:27
cwillu_at_workit's like openvpn, except they reinvented _every_ aspect04:28
twbipsec is a core part of ipv6, so you WILL need to learn it sooner or later04:28
qman__yeah04:29
cwillu_at_workyou don't use the normal os routing tables, you don't use standard encryption, you don't use standard key management, it's recommended to use it via kernel-space modules rather that user-mode binaries and daemons...04:29
qman__I've had classes and such touch on it, but I've never actually used it04:29
mattcenNobody has any ideas about my logrotate query yet?04:33
cwillu_at_workmattcen, did you grep for auth in /etc/logrotate.d?04:35
qman__I just checked my remaining hardy server, there are none04:36
qman__might be hard coded?04:36
mattcencwillu_at_work: It returns nothing.04:36
cwillu_at_workmattcen, oh, I missed that you were on hardy04:37
cwillu_at_worksec04:37
qman__I'm guessing it uses the general rules in logrotate.conf04:37
qman__weekly, rotate 4, create04:37
qman__though that doesn't add up, since I have syslog going up to 604:39
mattcenhmmm04:41
mattcenBasically, to articulate my *actual* question, I want to change logcheck from running hourly, to daily, and therefore need it to run just before logrotate shifts the logs, but I was looking for evidence that logrotate is *actually* what's doing the rotation in this case.04:44
echosystmis LXC stable enough to use in a production environment?05:07
rougeleafanyone available to assist with installing driver for usb wifi card?05:45
frankstervilleHerron05:51
frankstervilleHewro05:51
rementisHaving an issue where an external usb drive randomly disappears...06:04
rementisI've never used irc before, so not sure if anyone can see this06:04
JanCrementis: we can see this06:05
hardfire<hardfire> help needed06:05
hardfire<hardfire> Error deploying virtual machine: Failed to create domain06:05
hardfire<hardfire> error in the one_vmm_log file06:05
hardfire<hardfire> what causes this error06:05
hardfire<hardfire> any help will be appreciated06:05
hardfireany help ??06:06
frankstervilleWhat u deploying06:07
qman__hardfire, it would help to mention what software you're using and what you did that resulted in this error06:07
frankstervilleVmware or box06:07
hardfireinstalled opennebula cloud using 2 machines06:08
hardfireone as contreller and other as node06:08
hardfireubuntu 9.1006:08
hardfiretrying to deploy a windows xp image06:08
frankstervilleWhy neb vs box?06:09
frankstervilleAnd why 9.10 vs 10.0406:09
JanCrementis: what exactly do you mean by disappear?06:10
rementisi mean it looks mounted, but the usb device isn't there.  can't even run fdisk on it06:11
hardfirewas trying the nebula express installer in 10.04 didnot work06:11
hardfireso using this as a guide right now https://help.ubuntu.com/9.04/serverguide/C/opennebula.html06:11
JanCrementis: maybe an issue with USB suspend not working correctly?06:11
rementisif i turn the usb hard drive off, then on, it reappears and I can mount it.  maybe power management?06:11
rementiscan i disable power management for usb06:12
JanCyou can, but I'd have to look up how06:13
hardfirefranksterville, der ?06:13
rementisIt would be awesome if you could find out how to do it, I've been looking and can't find anything06:13
hardfireany help for open-nebula would be appreciated06:15
hardfireubuntu box - 1 cc and 1 worker node06:15
hardfirecannot deploy vm06:15
hardfire Error deploying virtual machine: Failed to create domain06:15
JanCrementis: you can write -1 to /sys/bus/usb/devices/.../power/autosuspend where ... is the device06:25
rementiswow, let me try that06:26
rementiscan i ask where you found it?06:26
JanCin the linux kernel docs  ;)06:26
rementisany way i can determine which device my usb hard drive is?06:27
rementisit's not obvious at all06:27
blahdeblahrementis: lsscsi is what i use06:27
rementisand will i need to reboot after writing the -1?06:28
rementisperfect on lsscsi, thanks!06:28
blahdeblahrementis: np06:28
JanCAFAIK your drive going into suspend shouldn't cause errors, but if it does, this might help06:28
blahdeblahCan anyone point me to documentation about the difference between linux-image-virtual and linux-image-generic, and whether or not VMware tools is necessary when running linux-image-virtual under VMware Server?  I've searched Google and come up with no rationale for the existence of linux-image-virtual, nor any explanation of the difference between it and linux-image-generic.  I can diff the kernel config files, but i'm far fro06:29
JanCand reboot would reset this setting, so certainly don't reboot  ;)06:29
qman__yeah06:29
qman__if you want to set it permanently, do so in sysctl06:29
rementisi see this:06:30
JanCas qman__ says06:30
rementisroot@steeler:/sys/bus/usb/devices/usb1# lsscsi06:30
rementis[0:0:0:0]    disk    ATA      WDC WD400BB-23DE 05.0  /dev/sda06:30
rementis[0:0:1:0]    disk    ATA      ST3320620A       3.AA  /dev/sdb06:30
rementis[1:0:1:0]    cd/dvd  COMPAQ   DVD-ROM GD-8000  0011  /dev/sr006:30
rementis[5:0:0:0]    disk    WDC WD10 EAVS-32D7B1            /dev/sdc06:30
rementisand this06:30
rementisroot@steeler:/sys/bus/usb/devices# ls06:30
rementis1-0:1.0  1-5  1-5:1.0  2-0:1.0  3-0:1.0  4-0:1.0  usb1  usb2  usb3  usb406:30
rementisso which device is the WDC WD10?06:30
rementisand how do i put this setting in sysctl?06:30
twbrementis: ask hdparm06:31
blahdeblahrementis: use pastebin.com for stuff that long06:32
twbrementis: sysctl is for /proc/sys, not /sys06:32
twbIIRC power management of USB devices is on by default for only one kind of device... I can't remember which kind... hubs?06:33
JanCI thought they were going to enable it again for other devices too?06:37
JanCnot sure what kernel etc. that would apply to06:38
JanCrementis: does your external USB drive have its own power?  if not, it might suffer from a power loss...06:39
JanCoh...06:39
twbJanC: AFAIK, not done as at 2.6.3206:55
twbObviously if you pm-suspend or pm-hibernate, the device will fall over and get a new name when you resume.06:55
=== sailerboy is now known as zz_sailerboy
kaushalhi07:43
kaushalcan someone please guide me about fcron scheduler ?07:43
joschikaushal: `man fcron`. what's your concrete question?07:44
DatzSc07:45
kaushaljoschi: I do get fcron emails, is there a way to find out the receipient list ?07:47
kaushaland also is there a way to edit the subject line of fcron emails07:48
kaushalI dont see anything in /etc/fcron.conf07:48
joschikaushal: check your (f)crontabs for the MAILTO variable07:48
kaushaljoschi: how do i find out ?07:49
kaushalI did sudo fcrontab -l07:49
joschikaushal: `man 5 fcrontab`, or http://manpages.ubuntu.com/manpages/lucid/en/man5/fcrontab.5.html for the online version07:49
joschikaushal: well, `sudo fcrontab -l` will only show the crontab of 'root'07:49
kaushalyeah07:50
joschikaushal: /var/spool/fcron should be a good starting point (or the directory given for fcrontabs in your fcron.conf)07:50
joschibut don't edit these files directly07:50
SpamapSheh07:51
SpamapShow many times have I said that to myself?07:51
SpamapSman.. F cron.07:51
joschiSpamapS: I'm pretty sure that the f in fcron stands for 'fine' ;)07:52
SpamapSjoschi: just like in rtfm!07:53
kaushaljoschi: I checked /var/spool/fcron/root.orig07:53
joschiSpamapS: that depends on the context ;)07:53
kaushalshall i pastebin the /var/spool/fcron/root.orig ?07:53
_Techie_is there anything extra i need to do to have dovecot authenticate against users with /etc/passwd ?07:54
kaushalI dont see MAILTO variable07:55
kaushalnot sure i understand that07:55
kaushalI have not hardcoded any MAILTO in the fcrontab07:59
kaushaldont understand why mails are being sent to specific users08:00
kaushaljoschi: you around ?08:03
kaushalcan someone please guide me about my fcron issue ?08:15
_Techie_could you quickly explain what fcron is?08:20
kaushal_Techie_: yeah sure08:20
kaushalits a scheduler08:20
_Techie_does it differ from cron?08:20
kaushalyes08:20
_Techie_how exactly?08:20
_Techie_i might not be able to help, but im interested08:21
kaushalfor fcron it does not require that the server being up 24*7*36508:21
_Techie_i see08:22
_Techie_so rather than specifying a time to do a job, you can scedule a job to run X hours after boot08:22
kaushali was interested in the MAILTO directive08:23
_Techie_thats actually quite nifty08:23
_Techie_what about it?08:23
_Techie_hrmm08:24
_Techie_just read all the scrollback08:24
twbAnacron provides similar functionality08:24
twbAlso, vixie cron supports @reboot.08:25
_Techie_interesting question, ill have a poke around in cron and see if anythign jumps out08:25
_Techie_cron also supports @reboot08:25
_Techie_i use it all the time08:25
twbvixie cron *is* cron, as far as ubuntu is concerned08:25
_Techie_i see08:25
_Techie_hrmm, i cant seem to turn up anything on my sytem that would be of any help with your issue08:28
_Techie_do you want to recieve cron mail?08:28
kaushalI am receiving fcron email08:29
_Techie_yes08:29
_Techie_do you want to recieve it08:29
kaushalI want to disable it08:29
twbkaushal: remove the MTA, then08:29
_Techie_i have a way, but its only a tempoary fix08:29
_Techie_twb, it uses system mailboxes08:29
kaushaltwb: is there a way to disable the receipients ?08:30
twbcron cannot deliver mail unless there is an MTA installed08:30
_Techie_twb, and most people like to have mail functionality on their server08:30
twb_Techie_: yeah, I know :-)08:30
_Techie_kaushal, after each fcron command, add this     >/dev/null 2>&108:30
_Techie_that will stop it from giving any output08:31
_Techie_and then it wont send you emails08:31
kaushalok08:31
_Techie_its not a proper fix, but it will stop it untill a fix can be found08:31
kaushalso is it fcrontab -e and then add 30 02 * * * /usr/local/bin/scripts/gziptomcat4.sh >/dev/null 2>&1 ?08:32
_Techie_perfect08:32
kaushaltwb: is that correct ?08:32
twbHmm?08:32
twbLooks OK to me08:32
twbApart from you running tomcat :P08:33
kaushalbasically i want to stop sending emails to particular users08:33
twbkaushal: man newaliases08:33
twbOr ask #postfix how to blacklist users, I guess08:33
_Techie_twb, except the mail is sent by the user that the cronjob runs as, to the user that the cronjon runs as08:34
_Techie_so blacklisting users isnt really a good idea08:34
kaushal_Techie_: Thanks08:34
_Techie_wait08:34
_Techie_sorry08:34
_Techie_sent from cron@domain.com to the user08:34
kaushal_Techie_: ?08:34
=== cs278| is now known as cs278
_Techie_so blacklisting could work08:35
kaushal_Techie_: shall i pastebin the email ?08:35
_Techie_nah08:35
_Techie_i know what it looks like08:35
kaushal30 02 * * * /usr/local/bin/scripts/gziptomcat4.sh >/dev/null 2>&1 would do the fix ?08:35
_Techie_i have my cronjobs send me email, i find it handy to know when services dont start properly08:35
_Techie_yeah that would fix it08:35
kaushalso that line means the script would get executed and it wont send emails ?08:36
_chris_hej all08:36
_Techie_yep08:37
blahdeblahCan anyone tell me whether there is a programmatic way to find out whether a reboot is required after an automated upgrade?08:37
_Techie_kaushal, it pipes all output to /dev/null and reports back that it ran properly.... no output... no email08:37
kaushal_Techie_: ok08:38
_chris_im pretty new to linux and want to put a service to autostart, im wondering if can also define dependencies ? for example service x should not start before service a b and c are started ?08:38
_Techie_!upstart |  _chris_08:39
blahdeblah_chris_: Most of that happens automatically with Ubuntu server08:39
ubottu_chris_: Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/08:39
_chris_ty :08:40
_Techie_blahdeblah, you mean other than logging into ssh and have it blatantly tell you that a system reboot is required?08:40
_chris_:)08:40
blahdeblah_Techie_: yes.  "programmatic" means i don't want to have to log in - i want to find out via shell script or something like that08:45
kucumberwhen I login to my server via ssh I am getting the notice - 47 packages can be updated.09:05
kucumber19 updates are security updates.09:05
kucumber sudo apt-update isn't fixing this....09:05
kucumber*sudo apt-get update09:06
blahdeblahkucumber: apt-get update just refreshes the package lists; apt-get upgrade is what you want09:09
_chris_can i see what program are in autostart already ?09:09
_chris_*programs09:09
twb_chris_: list /etc/init (or /etc/event.d, in 8.04)09:09
_chris_twb, no command 'list' found09:10
twbBased on that response, I think you don't know enough to safely write new upstart jobs09:11
=== sanderj__ is now known as Snadder
twbHowever, all packages you install via the package manager should already be configured to "autostart", as it were.09:11
kucumberblahdebblah excellent, thank you09:12
_chris_twb, nvm already got it, stupid me ^^09:15
uvirtbotNew bug: #655039 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/65503910:27
kinygoshi...my pre-installed server seems to have been configured in a way that's not recommended...it had one user account, root.  so, to correct this, i've created a new user, but when i try to add that user to a group admin, i'm told group 'admin' does not exist...10:48
kinygosdoes this mean i need to manually add my user to the sudoers list???10:48
kinygos(i want my user to have the ability to elevate its privileges with sudo)10:49
twbCorrect; there is no "admin" group.10:53
twbThere is a "sudo" group, but it is probably not allowed to sudo by default.10:53
twbYou can check by examining /etc/sudoers for a %sudo entry (% denotes a group match).10:53
kinygostwb: my /etc/sudoers file contains 2 lines, Defaults env_reset and root ALL=(ALL) ALL...10:55
kinygostwb: everything else (including the entry you mention) are commented out10:55
kinygostwb: could you spare 1 minute and check the 3 commands in the snippet http://dpaste.com/253304/..basically making /etc/sudoers writable, then adding a single line, then removing write from the file...is this a safe way to give a user the ability to elevate their privileges?10:58
twbTry "%sudo ALL=(ALL) ALL"10:59
twbUse visudo to edit it10:59
twbsudoers should NOT be writable.10:59
kinygostwb: thanks, i thought it was a bit hacky :) does the entry you suggest mean any user can elevate their privileges, but must enter their password first?11:00
twbModulo your wishy-washy terminology: yes.11:02
kinygostwb: thanks :)11:02
uvirtbotNew bug: #655058 in clamav (main) "freshclam apparmour error : type=1502 operation="inode_permission" requested_mask="r::" denied_mask="r::" name="/proc/28071/status" " [Undecided,New] https://launchpad.net/bugs/65505811:11
=== [1]iclebyte is now known as iclebyte
=== [1]iclebyte is now known as iclebyte
kinygoshi..may a noob ask a question? i've followed the disk partitions my isp created in their standard build of my server...my /home partition has the majority of space...i will be hosting a database backed web application on the server (postgresql/apache2)...i'm reading seemingly conflicting statements about /home online...i'd like to put my application database and source in directories in /home...is this a bad ide12:10
kinygosalternatively, should i re-partition my disk so that /var contains the majority of space?12:15
kinygosi'm looking for best-practice really as i'm a developer learning on the job trying to set up a server for my app12:16
RoyKkinygos: shouldn't matter where it is12:24
RoyKkinygos: I think I would have repartitioned /home and made most of it a separate fs for /var12:25
RoyKjust my thought, though12:25
kinygosRoyK: that's what i'm thinking now...just feels wrong having data directories in /home alongside user directories (not that i'm gonna have many user directories)12:25
RoyKas in - set a root password, login as root directly to avoid keeping files open on /home, move any data on /home somewhere else, repartition, create new filesystems for the new /home and /var partitions, rsync the old /var to the new one, mv /var /oldvar, mkdir /var, mount /dev/asdf /var12:26
RoyKmore or less12:26
RoyKthat is, rsync _after_ you have mounted /var (obviously)12:26
kinygosRoyK: awesome, i see where you're going with that...thanks again :)12:28
jo-erlendgood reason to use lvm.12:30
kinygosjo-erlend: i've realised that now too...i had enough drama installing RAID remotely :)12:31
jo-erlend:)12:32
kinygosRoyK: erm...sorry to bother you again, but what device is /dev/asdf?  i don't have it mounted at the moment..i have a RAID partition mounted on /var12:44
_Techie_anyone in here know their way around the exim configuration files?12:44
RoyKkinygos: :)12:47
RoyKkinygos: /dev/asdf was meant as /dev/something12:47
RoyKhttp://asdf.com/whatisasdf.html12:48
kinygosRoyK: lol :)12:49
RoyK_Techie_: not really - I use postfix :þ12:50
kinygosRoyK: reminds me of a riddle...i am h i j k l m n o but only 5 letters...what am i?12:50
_Techie_RoyK, darnit, i need to enable exim to suthenticate without tls, and the debian way of doing the config files is extremely confusing12:51
RoyKkinygos: no idea :)12:53
kinygosRoyK: i'll tell you later :)12:53
=== rgreening_ is now known as rgreening
raubvogelQuick bind9 question: how does it load named.conf.default-zones?13:34
DrPoOwhat do you guys recommend for a backup solution for 10 servers? I have a storage array, but should i just write a bash script to run rsync? or is there something more sophisticated that I could do?13:37
qman__raubvogel, the files are included from named.conf13:42
raubvogel qman__, this is the 4th time I looked at that file and the first time I noticed default-zones is there as the last entry. Thanks! I feel better now.13:44
ttxDaviey: are you on that axis2c i386 build failure ?14:04
ttxAlso if you can't reproduce it I'll drop Bug 653154 from server-mrs14:05
uvirtbotLaunchpad bug 653154 in dovecot "package mail-stack-delivery (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [High,Incomplete] https://launchpad.net/bugs/65315414:05
=== luis__lopez is now known as luis_lopez
dokohttp://imgs.xkcd.com/comics/golden_hammer.png14:36
njinHello to all; I've a bug report about a IBM x3560 that don't boot from MM CD. I'm not expert in server side. At wich package assign ? https://bugs.launchpad.net/ubuntu/+bug/65493614:38
uvirtbotLaunchpad bug 654936 in ubuntu "Maverick 10.10 server RC does not boot on IBM x3650 M2" [Undecided,New]14:38
njinThanks in advance14:38
elb0wI want to mount a windows share from shell, how should I do it?14:49
kinygosRoyK: water...and the groans begin :)14:49
frankstervilleMounting unprotected (guest) network folders14:51
frankstervilleAssumed that:14:51
frankstervilleNetwork connections have been configured properly.14:51
frankstervilleThe Windows computer name is servername, this can be either an IP address or an assigned name.14:51
frankstervilleThe name of the share is sharename.14:51
frankstervilleYou want to mount the share in a folder mountname.14:51
frankstervilleFirst, let's create the mount folder. You will need a separate folder for each mount.14:51
frankstervillesudo mkdir /media/mountname14:51
frankstervilleThen edit your /etc/fstab file (you need root privileges) to add this line:14:51
franksterville/servername/sharename  /media/mountname  cifs  guest,uid=1000,iocharset=utf8,codepage=unicode,unicode  0  014:51
frankstervilleWhere14:51
frankstervilleguest indicates you don't need a password to access the share,14:51
frankstervilleuid=1000 makes the Linux-user with specified uid or username owner of the mounted share, thereby allowing that user to rename files,14:51
frankstervillethe combination iocharset=utf8,codepage=unicode,unicode allows access to files with names in non-English languages. This doesn't work with shares of devices like the Buffalo Tera Station, or Windows machines that export their shares using ISO8895-15. With these the codepage argument has to be codepage=cp850, otherwise characters like the German 'Umlaute' are displayed as garbage.14:51
frankstervilleAfter you added the entry to /etc/fstab type:14:51
frankstervillesudo mount -a14:51
RoAkSoAx!paste | franksterville14:51
ubottufranksterville: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.14:51
frankstervillehttps://wiki.ubuntu.com/MountWindowsSharesPermanently?highlight=(Samba)14:52
frankstervillesorry lol14:52
frankstervillemy god that was hidioud14:52
elb0wfranksterville, cifs did not work14:53
elb0wit says wrong fs14:53
RoAkSoAxelb0w: try smbfs ?14:54
frankstervilleye smbfs14:54
elb0wbut then I have to mount as root14:54
elb0wI want a normal user to have write priv14:54
RoAkSoAxelb0w: I think that in that case you need to specify mount options to allow the user to have access to the mount point14:55
elb0wI have not done this much mounting, would you happen to know the option?14:55
RoAkSoAxelb0w: in your command line "man mount", then look for "The non-superuser mounts."14:57
elb0wI have to do it in the fstab then?14:58
elb0wI didnt have to do all this last time14:59
RoAkSoAxelb0w: you can still do it from the command line afaik, look in the man page...15:00
RoAkSoAx:)15:00
RoAkSoAxelb0w: prolly something like mount.smbfs /source /dest -o rw,user,noauto etc etc15:03
elb0wwhen I do a sudo mount it makes everything owned by the root15:04
elb0wwith those options15:04
RoAkSoAxelb0w: well an awful hack would be to change the permisions to mount15:05
RoAkSoAxelb0w: I can't really help you miuch more given that I don't have any samba share to test15:06
RoAkSoAxelb0w: but I'll prolly do it in /etc/fstab for automounting15:07
elb0wyeah, I like keeping it seperate15:07
=== jeipur is now known as jaypur
gskercan someone help me with a simple postfix problem?16:01
gskerI need some postfix help on ubuntu. I can't seem to get smtpd_sender_restrictions=check_sender_access map:/etc/postfix/regexp to work16:09
sorensmoser: You probably know this.. Does Eucalyptus update console output in real time or does it do what EC2 does?16:11
hggdhsoren: it should get the last 64k, but there was a bug on it (from smoser), and I have not checked lately16:37
=== ivoks-afk is now known as ivoks
smosersoren, it updates in real time16:51
smoserwhich is nice, but probably not going to scale well (i've always assumed scalability is why it is as it is on ec2)17:01
jjohansensmoser, ttx: I am probably missing the meeting today, I am still pretty sick17:01
smoserbummer dude.17:01
smosercan i get one question in ?17:02
jjohansenI didn't have anything to bring up, should I get another kt member to cover17:02
smoserregardin g the t1.micro and java bug. any progress there ?17:02
smoserjjohansen, ^17:03
jjohansensmoser: no I haven't looked at it all17:03
jjohansensorry17:03
* jjohansen has been learning the dm/scsi layer and having fun with that :(17:04
smoserok.  I think that would be the biggest issue from our perspective plaging kernel right now.17:04
smoserthe other one being the still delinquent proc/loadavg bug17:05
istevenmonis there a package for vrrpd or do i need to compile it from source?17:08
leonidusneed a web editor for ubuntu equivalent to dreamweaver pls17:09
istevenmoni think there is a bluefish project17:09
leonidusam running ubuntu server, lamp on my machine17:09
* kinygos thinks dreamweaver is evil17:12
kinygosi wish i had the time to develop a dreamweaver type app for ubuntu...would be an awesome project imho17:14
leonidusyes it is17:14
kinygossomething like that could be a killer app for ubuntu-desktop17:15
uvirtbotNew bug: #655215 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/65521517:16
maswanSince this is #ubuntu-server, I'm going to suggest vim. :P17:16
=== [1]iclebyte is now known as iclebyte
=== jjohansen is now known as jj-afk
uvirtbotNew bug: #655220 in bacula (main) "Bacula Installation Failure" [Undecided,New] https://launchpad.net/bugs/65522017:21
kinygosmaswan: :)17:21
=== cs278| is now known as cs278
RoAkSoAxjiboumans: ping17:43
mdlueckI make use of a Perl CPAN module which is not packaged in the Ubuntu repos: Devel::Trace. 1) How can I install is so that is available to all users and 2) how could I request it be packaged?17:44
panfistfor right now, i have a server that provides many services on my network, but i don't want to configure all my clients to point to myserver.mydomain for every service; how can it be configured so that mail.mydomain, psql.mydomain, www.mydomain point to the same host (for now)17:48
qman__set those records up in your name service17:50
qman__all pointing to your server17:50
ChmEarlmdlueck, apt-cache show dh-make-perl17:52
mdlueckChmEarl: Sounds excellent, thanks!18:00
mdlueckChmEarl: Are perl modules x32 / x64 cross platform? Can I build it on my x32 test server and then install it on an x64 server?18:01
RoyKChmEarl: nice - I didn't know the show argument :)18:01
=== martin- is now known as martinp
RoyKmdlueck: perl modules are written in perl, a script language, so as long as the underlying library is compatible, the module will be18:02
RoyKmdlueck: and I guess some 95%+ of the current code is quite compatible between x86 and x6418:03
RoyKmdlueck: there's no such thing as x32, btw, it's the old x86, which is 32bit18:03
mdlueckRoyK: Very good. Yes in fact the Ubuntu version is identical between test and prod, just the x32 / x64 difference.18:03
=== martinp is now known as martin-
RoyKI'd use the same platform for test/prod if I were you, though, at least if the platform is business critical18:04
mdlueckRoyK: Me knods about x86 = x3218:04
mdlueckRoyK: Can't run x64 code at present in the test environment. Best I can do.18:05
RoyKwell, most stuff will probably work18:05
mdlueckSurprisingly well in Ubuntu land! :-)18:06
RoyKI don't think I've seen _any_ 32/64 bit incompatibilities yet...18:06
RoyKwe're running ubuntu on 20+ servers at work, most of them on 10.04 atm, and mostly on x6418:07
hey_pigQuestion: Ever sence I "upgraded" to 10.04.01 when I SSH into my box, i loose all my samba shares for about 1 minnet , then they fix themselves. I tried purgeing and re-installing the SSH stuff, deleteing the config file and everything, and it still semi-nukes my serve every time i atempt to ssh in.... any suggestions?18:08
RoyKhey_pig: samba and ssh aren't related18:08
simplexiohey_pig: only related on netstack level.18:10
hey_pighmmm18:11
simplexiohey_pig: one reason could be some strange firewall rule18:11
simplexiohey_pig: and if it cut connection dmesg should show them if reason is on kernel level18:11
simplexiothat was good english :)18:13
hey_pigthanks simplexio ill check dmesg18:15
simplexiohey_pig: and check firewall rules on both machines18:22
kucumberif i password a web directory using .htaccess on my server, if I connect to a media file locally via mplayer and point to my server directory would it just deny access or ask for a password for that directory?18:36
doubleDPoint throught the webserver ? Yes... Accesing the file on disk directly, no18:39
kucumberno pointing though to the webserver directory to "stream" the file via mplayer18:40
doubleDLike mplayer /var/www/file.avi ?18:42
Laverneyou can use http://username:password@domain.com/filename.avi18:43
=== harrisonk is now known as harrisonk_away
kucumberdoubleD - yes18:45
kucumberLaverne - in what way? Oh you mean once the .htaccess password is set18:45
Laverneit wont ask for a password, the .htaccess file is only read/used by apache18:45
Laverneif you access it locally, then the permissions on the directory/file are only taken into account18:46
kucumberso setting a password via htaccess is still vulnerable?18:46
kucumberits not accessing it locally18:46
kucumberit's streaming from my server and just saving on space...18:47
elb0wDoes anyone know of any nice mysql query guis for ubuntu? I used to use heidisql. Looking for something similar18:50
=== xfaf is now known as zul
doubleDMysql-query-browser?19:02
ChmEarlmdlueck, did you build libdevel-trace-perl yet?19:14
mdlueckChmEarl: Currently working through it...19:14
ChmEarlmdlueck, call dh-make-perl as user, not root19:15
mdlueckChmEarl: Indeed I did19:16
mdlueckChmEarl: Working through fixing up the files in ~/Devel-Trace-0.10/debian   then to start looking for how to build a .deb19:16
ChmEarlmdlueck, this worked dh-make-perl -e 'Joe Hacker <joe@hacker.com>' --build --cpan Devel::Trace19:17
mdlueckChmEarl: Any suggestions how to package.... oh, I guess I will start over with that more verbose syntax...19:18
ChmEarlno need to touch ./debian19:18
kinygosdoes anyone know where the command to start postgresql automatically at boot time is in ubuntu-server 10.04?19:18
ChmEarlafter running that cmd, a DEB was found in ~19:18
kinygosmy google searching fails miserably :(19:18
mdlueckChmEarl: Cool!!! :-)19:19
frankstervilleprob in the init script19:19
mdlueck@kinygos: Really, in 10.04? I do not happen to use postgresql, but am surprised that with the packages properly installed it would not auto-start.19:20
kinygosmdlueck: apologies...it does autostart, i just want to modify the options it starts with19:21
mdlueck@kinygos: No problem... for example back in 9.04, one package installed itself as a service, just would not auto-start the service. That was corrected in 9.10.19:22
kinygosi looked in the /etc/init.d/postgresql-8.4 script, which itself runs /usr/share/postgresql-common/init.d-functions which is a long script that i can't believe i need to edit, so i'm convinced i'm doing something wrong :(19:24
SpamapSkinygos: it probably also sources /etc/default/postgres-8.4 or something like that too.19:25
frankstervillewebmin really saves my bacon on stuff like this19:29
mdlueckChmEarl: I see libdevel-trace-perl_0.10-1_all.deb at long last!19:29
frankstervilleslight gui without actual hardware access needed19:29
RoyK!webmin19:29
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.19:29
frankstervillehmmm no more webbmin?19:30
frankstervilleoh noooos im doomed19:30
RoyK!ebox19:30
ubottuebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox19:30
frankstervillelooking now19:30
kinygosRoyK: water btw (h..o) :)19:31
aegisGuys, I just restored my server from backups...  There was one folder I found (/var/cache/man) that had the permissions messed up.  However, everything else seems to be running perfectly.  Can any of you reccomend a "stress test" of sorts that might let me know if I'm having other problems of which I'm not aware (yet)?19:31
frankstervillehmmm seriously19:31
frankstervilleebox?19:31
RoyKkinygos: Dihydrogen monoxide is bad for you19:32
kinygoskinygos: lol..the epic hoax :)19:34
kinygoswth???19:34
kinygosRoyK: there's even a wikipedia article on that hoax19:34
RoyKI know :)19:34
RoyKit's a pretty neat hoax, though19:34
kinygosRoyK: indeed :)19:36
frankstervilleso the webmin issues stem from needing an old perl module?19:36
RoyKfranksterville: afaik the webmin issues are bound to redhat/fedora linking of config files19:39
frankstervilleso ubuntu is okee?19:39
RoyKfranksterville: but then, I don't use web-based configs, so I might be wrong19:39
frankstervillewell i use it as a crutch...  trying to ween myself to terminal only19:40
RoyKfranksterville: no, webmin uses redhat/fedora-style configs, that are incompatible with debian/ubuntu19:40
frankstervilleahhh so why is this an issue in 10.0419:40
frankstervilleworked perfectly in8.0419:40
RoyKfranksterville: I only know what's been told me, that webmin isn't designed for debuntu, but for rpm-based distros and later ported, for what I hear, erronumous, to dpkg-based distros. It might work, but AFAIK it's not well supported19:42
frankstervilleRoyk:  gotcha.... any experience with ebox?19:43
RoyKfranksterville: as I said, no, I use the commandline19:44
n3klHow can I tell libvirt to use my manually configured bridge instead of hacking up the 192.168 network that it does?19:48
aegisGuys, I just restored my server from backups...  There was one folder I found (/var/cache/man) that had the permissions messed up.  However, everything else seems to be running perfectly.  Can any of you reccomend a "stress test" of sorts that might let me know if I'm having other problems of which I'm not aware (yet)?19:51
demonsporkI have had dpkg stop functioning 3 different times while running apt-get to install something. What steps can I take to begin troubleshooting this, because it feels dangerous to kill it in the middle of installing a package19:58
n3klwhat is the something?20:13
demonsporkfirst time it was mrtg20:14
demonsporksecond time I don't remember20:14
n3klare you out of disk space?20:14
demonsporkthis time it is a package meant for jaunty, so a little bit risky to begin with20:14
demonsporklol, no20:14
demonsporkI have a 550GB array20:14
n3klWhy are you installing packages from another release?20:15
demonspork5 drives in RAID 5 with spare20:15
n3klDid you check backports?20:15
n3klthe size of the array says nothing of the filesystem that you are installing to20:15
demonsporkyeah, it is an HP support package I had to download from HP20:15
n3klWhat does it do?20:15
demonsporkit is a small repository of packages to monitor the hardware of my server, including a server management homepage20:16
n3klI see20:16
n3klDoes it contain kernel modules?20:17
demonsporkthe majority of the packages installed successfully, and I don't think that the package I am currently installing is the issue seeing as dpkg is doing this recuring20:19
n3klAny information in your logs?20:19
demonsporkwhat logs should I check20:19
osmosisany kvm virt experts in the house?  how come win2k3 worked great on hardy, but fails horribly on lucid?20:19
n3klprolly /var/log/syslog and /var/log/dpkg.log20:19
n3klosmosis: I wish there were some in the house, cause I could use one also20:20
n3klaegis: you run an fdisk?20:22
osmosisn3kl, whats your issue?20:22
demonsporkhttp://pastebin.com/qGeqdiQs20:23
n3klI have manuallly configured a bridge in my interfaces file and I can't get my vmbuilder build vms to use it.20:23
n3klosmosis: I fail to understand why when I remove the symlink for the default network and restart libvirt, the iptables rules and second bridge is created.20:24
n3klosmosis: I just want to have all my vms use the bridge I provide them, with --bridge=br0 somewhere inthe command line or something20:25
osmosisn3kl, dunno that one, sorry20:26
demonsporkosmosis, did you see my pastebin link?20:26
delimiterI'm seeing abnormally high query times in mysql slow-query log on lucid...example Query_time: 18446744073709.55078120:28
demonsporkand the Putty window just timed out20:31
CharlieSuI just changed some limits in "/etc/security/limits.conf", how do i reload that configuration without restarting?20:51
keesCharlieSu: that file is only processed during user login through PAM, so just log in again20:51
demonsporkI can't kill a dpkg process, it doesn't seem to be a zombie (it has no parent) and sudo kill -9  doesn't even force it to die. This is the third time it has happened, and this is not a computer I can restart without considerable preparation20:52
keesdemonspork: does anything show up in dmesg to indicate it getting stuck? unkillable usually means stuck I/O20:53
demonsporkso how do I check that?20:53
CharlieSukees: thanks for the help.. not sure it worked..  can you look here?   https://gist.github.com/0717e4d2b18fa7249e0f20:53
kinygosi'm looking for best-practice/recommendation again...i'm about to install django on my ubuntu server...should i install the package in my /home partition and create a symlink to it in /usr/local/lib/python2.6/dist-packages...or should i just install it there?  the people in #django were busy discussing other stuff20:53
guntbert!crosspost | demonspork20:54
ubottudemonspork: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.20:54
* kinygos hides cos he just did the same thing20:54
keesdemonspork: dunno, does dmesg have any clues?20:55
demonsporkI have no idea, I am seeing some stuff about  INFO: task mandb:25191 blocked for more than 120 seconds. followed by a bunch of lines of jibberish20:56
keesdemonspork: yeah, sounds like bad disk or RAM, off hand. but try "ubuntu-bug linux" and get it reported into LP for people to look at20:56
keesCharlieSu: trying it locally, one sec20:57
demonsporkwell crap20:57
CharlieSukees: yeah i tried.. but it doesn't persist when i logout and login again.20:58
keesCharlieSu: works fine for me.20:58
keesCharlieSu: you can't sudo though, that has a separate PAM config without pam_limits, IIRC20:58
keesCharlieSu: e.g. it comes from pam_limits.so, which is in /etc/pam.d/sshd20:59
keesCharlieSu: but sudo is handled by /etc/pam.d/sudo20:59
demonsporkone thing I am worrying about right now is inodes. I have an application that is generating thousands if little bitty files, but it only is using about 500MB of space with those files20:59
CharlieSuahh that is why20:59
keesCharlieSu: oddly, pam_limits is listed in sudo ....20:59
keeshmm20:59
* kees switch to #ubuntu-devel20:59
istevenmonwhat would happen if i connect a laptop with dhcp if i have two DNS servers running in the same network segment, two different ip range pools, the only difference would be the default gateway?21:00
frankstervilleistevenmon:  why is my question21:02
istevenmonsorry DHCP servers21:03
fluvvellfranksterville, I've used webmin a bit with ubuntu - mainly because I converted from fedora about 4 1/2 years ago - were you asking about webmin?21:05
frankstervillewell they say since 10.04 not working and no support21:05
frankstervilleworking fine here21:06
frankstervillewondering whats up21:06
fluvvellAh, well I've not tried it in lucid.21:07
guntbertfranksterville: thats a long story and not since 10.04 only, essentially all debian based distros have their config files organized in a way so that webmin might mess them up21:07
frankstervilleguntbert:  would a purge of webmin be advisable?21:08
guntbertfranksterville: no need to purge it, if you just use it to view config details it will do no harm, but be warned (ebox is in no way an alternative)21:09
frankstervilleguntbert:  so ebox=fail lol...  Well I do mess with perms and shares on occasion with webmin.  I suppose I should go terminal only...21:11
guntbertfranksterville: seems advisable :-), I only use it for squid, dhcp and so on where the config follows standards21:13
frankstervilleguntbert:  just file/print server here so gui helps with printers...21:13
=== istevenmon_ is now known as istevenmon
guntbertfranksterville: I'd say read up on the issues (iirc there *are* steps to get it back to debian/ubuntu but...)21:15
frankstervilleguntbert:  dont NEED it just like it.  I like well running server better LOL21:16
demonsporkgaaaah, I still can't kill that process - this is driving me insane21:16
demonsporklast time I just left it for 24 hours and it vanished21:17
istevenmonhow can i preserve vrrpd configuration over reboot ?21:21
n3klistevenmon: just curious, what are you doing with vrrpd?21:23
n3klistevenmon: and you could use puppet to restore a configuration file if you needed.21:24
istevenmonn3kl: doing gateway redundancy21:24
n3klistevenmon: is that box your most external facing?21:24
istevenmonyes21:25
istevenmonbut the configuration is not done with a config file21:25
istevenmonbut with comands21:25
n3klAhh21:25
n3kllame21:25
n3klis there a "write me" command21:25
n3kl?21:25
istevenmoni dont know, i think i will create a startup script with the commands to be run21:26
baggar11is booting to software raid5 possible with either 10.04 or 10.10?21:31
n3klI doubt it21:33
n3klraid 5 boot issues have plauged linux for a long time21:33
n3klbaggar11:what I do is boot a usb stick as my root, then mount /var and /usr from the raid to speed up applications.  Works like a charm.  Then I have only one array, and if the usb ever dies, debootstraping a new one is easy21:34
panfistif anyone is familiar with the request tracker package...i keep trying to install it with a postgres db configuration, but it keeps using sqlite21:35
baggar11thanks, just checking21:35
matasomeonehere?21:46
guntbertmata: many :-)21:47
matai have an ubuntu server, and i dont know how to compile an pvpgn 199 with mysql21:47
matai mean is the first time using the ubuntu server21:47
mata??21:49
guntbert!copmpile | mata21:50
guntbert!compile | mata21:50
ubottumata: Compiling software from source? Read the tips at https://help.ubuntu.com/community/CompilingSoftware (But remember to search for pre-built !packages first)21:50
=== ivoks is now known as ivoks-afk
matais hard, my first time, someone can help me_21:53
mata?21:53
demonsporkmata, try it out and ask specific questions about what you are having issues with22:02
keesCharlieSu: you need explicit lines for root in your limits.conf.  root isn't included in "*"22:02
_Neytiri_how do i setup a vpn server and have the remote clients use that mahcines internet connection22:26
iarp_Neytiri_: have you tried ssh tunneling or do you need local network access as well22:27
_Neytiri_local network access22:30
iarp!vpn | _Neytiri_22:30
ubottu_Neytiri_: For more information on vpn please refer to https://wiki.ubuntu.com/VPN22:30
_Neytiri_i have been there and was havineg issues with that tutorial22:31
_Neytiri_i need to get it to run over a ssh connection tho22:31
_Neytiri_the way our servers are sewtup is that they all have a private address on the lan i am trying to get to.22:32
_Neytiri_our public ip's are 1 to 1 natted to the private addresses22:32
tsrkHow can I change the SSH banner "SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4" so that it doesn't include the "Debian-3ubuntu4"?22:33
RoyK_Neytiri_: most servers listen to ssh22:33
RoyKtsrk: why?22:33
tsrkRoyK: My PCI compliance scan considers it to be OS disclosure22:34
RoyKtsrk: AFAIK that's compiled into sshd22:34
_Neytiri_RoyK| i know that i need to vpn over that and have remote and local network access22:34
tsrkRoyK: Unless it's getting the OS from SSH somewhere else... is there somewhere else it's "disclosing the OS"?22:34
RoyKtsrk: you shouldn't be afraid of disclosing your OS, you should secure it22:35
tsrkRoyK: I'm not, but I need to follow PCI policy, and they consider it an unnecessary risk.22:35
RoyKtsrk: there are people around that think disclosing the OS is a security breach, but it's not, the security breach is not securiing the OS22:35
tsrkRoyK: Try telling that to PCI22:36
RoyKPCI?22:36
tsrkRoyK: https://www.pcisecuritystandards.org/22:36
RoyKtsrk: if that is a risk, add a firewall in front22:36
tsrkRoyK: For transmitting/storing CC info22:36
tsrkRoyK: It's a remote machine, so I need remote SSH access22:37
RoyKto be quite honest, security by obscurity is no way to go22:37
tsrkRoyK: Would limiting it by IP be the best solution?22:37
RoyKeven if you remove that from ssh, I can find the OS with an nmap scan22:37
tsrkRoyK: How's that?22:37
RoyKnmap uses tcp fingerprinting, unique to the OS22:38
RoyKand can detect OSes quite nicely22:38
tsrkRoyK: I think that was one of the things that I already had to disable22:38
RoyKjust beleive me - don't go for obscuring your system, just secure it22:38
jpdstsrk: nmap -O your-server-ip22:38
tsrkRoyK: It's not my choice... Visa/MasterCard will fine me broke if I don't do what they want me to22:39
shaunotcp fingerprinting isn't something you can really avoid.  it uses tiny differences in how different network stacks handle things22:40
shaunoif I had to come up with an analogy, it'd be accents rather than replies22:40
RoyKtsrk: then add a firewall in front22:41
tsrkRoyK: Ok, I guess that'll work22:41
RoyKtsrk: it'll work if the firewall adds proxies for the apps like ssh and apache22:42
tsrkRoyK: I was thinking just block SSH from everywhere except where I need access from22:42
RoyKwell, that works too22:42
RoyK/etc/hosts.deny etc22:43
RoyKsshd reads tcpwrapper files22:43
tsrkRoyK: Oh yeah, that'd be simpler... forgot about those files22:43
RoyKor use iptables/ufw if you like to22:43
\shtsrk: read http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-02/0757.html about that issue22:43
tsrkRoyK: oh, what do the hosts.... files apply to?22:44
RoyKtsrk: I think \sh's answer is better22:45
tsrkRoyK, \sh, Ok, thanks, I'll read that thread22:45
RoyKtsrk: still, security should be on the host, not trying to camuflage the host22:45
\shtsrk: the version banner is within the protocol spec. you can just change it in the sourcecode, but you need to provide at least the default stuff...22:45
tsrkRoyK: I know, I don't do this on any of my other servers, but I need to on this one because it handles CC data22:46
* RoyK wonders why anyone would add it as a so-called security arrangement to disallow the version of the OS22:46
\shthe important message is http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-02/0770.html in this thread...it says all you need to know about that matter...tell your PCI it's not worth a dime ;) close the port via port filter from the outside allow ssh logins only from trusted ips eventually only via vpn22:47
RoyKI don't care - any OS should be secured, never mind its version22:47
RoyKssh is a sort of vpn22:48
\shRoyK: yes...vpn was more in the meaning of a trusted access point to your inner network...eventually do the jumphost game22:49
tsrkRoyK: I think these standards are designed for people running MS software... one of the requirements is running anti-virus software22:49
RoyKtsrk: hehe22:50
* RoyK isn't running anti-viral software and doesn't have to22:50
* \sh runs anti-vir software all the time...it's a good tool...named Ubuntu/Fedora/OpenSUSE/Gentoo/etc ;)22:51
jo-erlendwhat Windows users call antivirus, is not really antivirus. They scan for trojan horses, etc, which are not unique to Windows.22:51
tsrkRoyK: also, I had to make apache and PHP hide their versions because the scan was detecting the old version numbers and telling me to upgrade, not taking into account of course the backported patches that ubuntu (and I assume everyone else) uses22:51
jo-erlendwe do have antirootkitscripts, etc.22:52
tsrk\sh: unfortunately I don't think that'd count if they audited me22:52
\shtsrk: it's a problem with those companies...they don't care about distros but only about upstream versions22:52
tsrk\sh: so I installed clamAV and hope that it counts22:52
tsrk\sh: yep22:53
tsrkPCI should just have one requirement that says "don't be a moron" and be done with it22:53
\shtsrk: our pentest company did the same, and then I gave them a shell on a honeypot server they tried to break into the systems in the backend...they failed22:54
tsrk\sh: heh yep.... stuff is a lot more secure these days than it used to be I guess22:55
_Neytiri_how do i setup a vpn server and have the remote clients have local and remote netwrok access over a ssh connection22:55
\shthe only mistake I made was to provide an uudecode tool..so they pushed their pentest software (shared linked as I saw later) and uudecoded the binary..but invane, our libs etc. were incompatible with their apps...and they weren't able to static link them, because of "no clue about static linking" ;)22:56
tsrk\sh: hah nice!23:03
\shnow end of business for today..heading home :)23:08
Frank__Oh nice irc from my iPhone23:11
tsrkFrank__: I just wish a network with decent coverage had the iPhone :)23:11
shaunothey do :)  lots of them.  just not in the US :p23:12
Frank__True I know but AT&T actually been pretty good for me23:12
tsrkshauno: yeah, the US is a little bit slow on these technologies23:12
Frank__Freaking dems taking all the r and d cash23:13
tsrkFrank__: i go enough places that they don't cover that it'd be a problem23:13
shaunoI'm not sure slow is the right term.  I imagine blanketing every city in ireland was a significantly easier task23:13
tsrkshauno: yeah, but still23:13
tsrkshauno: sorta unrelated but look at the freaking measurement system23:13
tsrkshauno: americans don't like change, be it measurements or cell phone tech23:14
Frank__Lol I love starting an argument23:14
tsrkFrank__: i started the argument!23:14
shaunoI'm not arguing :)  I've lived in the US, so I've seen both sides.23:15
shaunothe grass is only greener here because it never stops raining :)23:15
_Neytiri_how do i setup a vpn server and have the remote clients have local and remote netwrok access over a ssh connection23:15
tsrkshauno: i live here now and everyone is stupid23:15
shaunoI've discussed this with someone before.  that is something I found very curious23:16
shaunoI found very, very few americans I didn't like.  but their "hive mind" is something completely different.  I'm still not sure how that works23:16
shauno(way off-topic, I know)23:17
tsrkshauno: hive mind?23:20
shaunothe group-think doesn't seem to match the individuals, at all23:22
tsrkshauno: can you give an example? i still don't understand23:23
tsrkshauno: i probably suffer from this hive mind you speak of23:23
shaunoit is odd to explain.  I found you could have a perfectly reasonable conversation about politics with one or two people, and it be fine23:24
shaunoyou get a group of them, and suddenly you're terrified of being the foreigner that's criticizing their country23:24
_Neytiri_can someone tell me how to route all traffic over a ssh tunnel?23:24
shaunoI think all traffic would be difficult; ssh will tunnel individual ports.  you'd likely want a http or socks proxy on the other end, depending on the actual application23:25
shaunoif you actually want to set the tunnel as a route, you're probably better looking into vpns23:26
_Neytiri_shauno: i have tired vpns wint no luck23:26
tsrkshauno: i think i see what you mean.... i've never seen anything different though so i guess it seems normal to me, but i think it's just the majority being the majority and acting based on what they have in common23:27
_Neytiri_i also have a limeted number of ports that are poked through the firewall23:27
frankstervilleVpns alway make me crazy from slowness23:28
shaunoI use ssh & tinyproxy for http; I really can't think of a sensible way to send literally everything23:28
tsrkshauno: can't you dynamically forward using socks?23:29
tsrklike ssh -D 1080 ...23:29
tsrkand locally connect to port 1080 as a socks proxy?23:29
shaunoI assume socks would work because it's targetted as a single port, rather than a host/route.  but that I haven't tried23:30
shauno(it's not a no, just a genuine "I've no idea how to create a new route without having it exposed to the OS as a network interface@)23:31
tsrkI found an awesome explanation of PCI requirements: https://www.pcisecuritystandards.org/about/pcidss_rocks_video.shtml23:38
_Neytiri_well is there a way i can do a vpn over 22?23:40
FrossHey, I have a modem with 4 wired ports on it. one of the ports connects to a wireless router, which also has 4 wired ports. The computes hooked to the wireless router can ping computers on the modem ports, but the modem ports cannot ping the computers on the wirless ports. Is that even possible?23:42
franksterville22 is sftp23:43
tsrkFross: the router is NAT'ing the computers connected to it23:43
tsrkFross: (most likely)23:43
frankstervilleIs the wireless bridged or sep nw23:44
tsrkFross: if you want them to be on the same network as the ones connected to the modem, you should disable the router's DHCP server and connect the modem to a standard port on the router (rather than the WAN one)23:44
Frosstsrk: thank ill try that out quick23:45
FrossShould the router still have the wireless capabilitys with this configuration?23:49
tsrkFross: yes23:54
osmosisanyone else want to help give me ideas on how to troubleshoot failing win2k3 guest instances using qemu-kvm on ubuntu 10.04?23:56
iarpWho's password is required for straight 'su' command? All i'm getting is 'Authentication Failure'. I'm trying to access a folder which i'm denied from (/var/lib/folder/).23:58
hggdhiarp: for 'su', the target's password23:58
hggdhfor 'sudo', your password23:59
CorpseOk now my system that is connected to the wireless router port has the same local ip as the modem, but i still can not ping the system23:59
tsrkiarp: by default, there's no password that works with Ubuntu's "su" command (since root has no password)23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!