[00:00] <tsrk> iarp: if you want to execute a command as root, use "sudo ...". If you want a root shell, use "sudo -i"
[00:01] <iarp> tsrk: ah ha thanks, been a while since i've had to do this.
[00:02] <_Neytiri_> iarp you can seta passeword for root, althoe its not advised
[00:08] <Corpse> tsrk: ok so all of the systems now have the same local ip's. but none of of the systems connected to the modem can ping the systems that are connected to the wifi router.
[00:09] <Corpse> but the modem shows those system in its routing table
[00:09] <Corpse> oops
[00:11] <Fross-> sorry that question from corpse was me
[00:17] <cfairles> how do you increase the maximum number of open file descriptors for a "no-login" user? I have hard/soft limits for nofile in /etc/security/limits.conf, cat /proc/sys/fs/file-max/proc shows it in the millions, yet i stress test and my service can only open the same old 1024
[00:18] <cfairles> i can't even figure out how to check, ulimits doesn't really work unless you're in a shell
[00:35] <kees> cfairles: for an upstart service, see "man 5 init" and add a "limit" line to the service's init file
[00:40] <cfairles> kees, hm. i use stop-start-daemon
[00:41] <kees> cfairles: if it's a sysvinit script, just add the call to "ulimit" in the /etc/init.d/ script
[00:41] <cfairles> kees, ah
[00:41] <cfairles> kees, yeah, maybe
[00:43] <cfairles> error setting limit, operation not permitted hrm
[00:44] <cfairles> close
[00:53] <cfairles> I keep seeing "session required pam_limits.so", I don't see this in my /etc/pam.d/common-session though ...
[00:53] <cfairles> keep seeing pam_limits.so mentioned in post about ulimits I should say
[01:38] <demonspork> Where can I find a description of what the purpose of each of the different kernels available from the repository are?  I currently have a PAE kernel that I don't need (3GB of RAM is all that is supported by this server) so I am going to move to a different kernel and I don't know which one to choose
[01:45] <blahdeblah> demonspork: I would love to hear an answer about that, too.  I've been unable to find any useful information about that.
[01:46] <blahdeblah> Yesterday i asked: "Can anyone point me to documentation about the difference between linux-image-virtual and linux-image-generic, and whether or not VMware tools is necessary when running linux-image-virtual under VMware Server?  I've searched Google and come up with no rationale for the existence of linux-image-virtual, nor any explanation of the difference between it and linux-image-generic.  I can diff the kernel config fi
[01:46] <blahdeblah> I got no response so far.
[02:46] <mobasher> i'm creating separate volumes for boot, kernel, home and swap....what is recomended for each ?
[02:53] <__Snooker__> I usually use for an installation / boot 100M, / 7G / usr 10G / var 10G / 1G swap depending on the amount of memory and / home the leftovers.
[02:54] <mobasher> it's a 250gb HD small AMD box...with 2gb memory
[02:55] <__Snooker__> sorry for english because I'm using a translator ... I do not speak English but I'm trying to learn.
[02:55] <mobasher> no problem :) thanks for the help
[02:56] <mobasher> do i need to create seperate partitions for -> var (10gig) , usr(10gig) ?
[02:57] <__Snooker__> on my laptop I used 500G / boot 120M, / 10G / 10G usr, / var 6G / 1G swap and the rest divided between / home and / srv.
[03:00] <__Snooker__> recommend using lvm and store for future use 20G
[03:14] <mobasher> okay great thank you
[04:05] <mobasher> do i have to setup networking before i install xinit package ?
[04:25] <__Snooker__> mobasher, I think not ... you may need to install before. Then regardless of how it will work set
[04:36] <headache> I'm trying to install ubuntu-server 10.04 on my atom N450 motherboard with no luck.  It doesn't recognize the external USB CD-Rom and it can't find the driver for the onboard Ethernet.
[07:01] <Datz> demonspork: I've been looking for such a description myself, but have only found an articel on the difference between the -generic and -server kernel.
[07:02] <Datz> I don't know if you've seen it.
[07:09] <_ruben> and -virtual is a stripped down version (module wise mostly) of -server, to reduce disk and memory footprint ... the 32bit -server kernel has been "replaced" by the -generic-pae kernel since the differences were too subtle to keep both around
[07:10] <_ruben> the few remaining differences (schedulers and the like) can be changed at runtime
[07:17] <twb> I don't know why people like headache are still trying to use optical media
[07:24] <_ruben> ugh .. needa get my a bluetooth headset with proper noise cancelation .. talking on your cellphone in a dc aint fun :p
[07:24] <_ruben> s/my/me
[07:25] <twb> _ruben: district of columbia?
[07:25] <_ruben> close ;) .. nah, just a noisy serverroom in a datacenter
[07:25] <twb> Oh gods, I hate trying to do that
[07:26] <_ruben> think there was a thread on nanog about headsets that'd perform good in these circumstances, doubt any "cheap" ones were listed ;)
[07:27] <twb> Actually it's worse at our prisons, because cells aren't allowed, and the on-site monkey's office is like a twenty-minute walk from the machine room, etc, etc
[07:27] <twb> s/cells/cellphones/, that is
[07:27] <_ruben> heh, no cells in a prison, that'd be odd indeed ;)
[07:29] <twb> Actually they have "cottages"
[07:57] <mr_lou> Hello all. Can anyone help me getting Freetype2 working on my recently installed Ubuntu Server? I've managed to get mySql and PHP up running, and GDlib also works, except I can't draw text, so I'm trying to install freetype without much luck.
[07:58] <mr_lou> I have no experience with server installation as such, but my boss wants this solution I'm about to start developing, to be hosted internally. So Ubuntu Server it is. Only thing I'm missing is this freetype thingy, before I can get development started.
[07:59] <mr_lou> So far I've tried apt-get install most packages that has the word "freetype" or similar. No go.
[08:11] <twb> mr_lou: it's probably libxft, but you doubtless need php5-something
[08:12] <mr_lou> It is php5 something.
[08:12]  * mr_lou tries libxft
[08:12] <twb> php-image-text
[08:12] <twb> Or php5-gd, if you don't already have that
[08:13] <mr_lou> Already install that libxft apparently. I'll try with the dev version too.
[08:13] <twb> Wrong.
[08:13] <mr_lou> GDlib works fine. I can make images using e.g. imagecreatefrompng and such. Just can't draw on them using e.g. imagefttext
[08:14] <twb> -dev packages are only needed for linking; if you need them at runtime your application is broken.
[08:15] <mr_lou> I see.
[08:15] <twb> 18:12 <twb> php-image-text
[08:15] <mr_lou> No such package.
[08:15] <twb> Actually ignore that.  php5-gd depends on libfreetyp6, so clearly it's the right package.
[08:15] <mr_lou> There's php-image-barcode though.
[08:16] <twb> If it doesn't work and php5-gd is installed, I can't help -- it becomes a PHP issue, of which I remain happily ignorant.
[08:17] <mr_lou> Must be something else. Since LAMP already sets up PHP5 + mySql + GDLib just fine, I'm betting this freetype thingy is also set up, and you're right that it could be a PHP thingy.
[08:17] <mr_lou> But the same code is running fine on 2 different external hosts.
[08:17]  * mr_lou tries rebooting the server
[08:18] <twb> "Since LAMP already..." -- do you mean the checkbox during installation (tasksel)?
[08:19] <mr_lou> yea... never tried a LAMP installation before that takes care of all those things.
[08:19] <mr_lou> I know it's been around for ages, but as I said, I'm not a sysadm as such.
[08:19] <mr_lou> But pretty neat.
[08:19] <mr_lou> And although phpMyAdmin version is only 3.2.something, it's still fine.
[08:20] <twb> OK, good.
[08:26] <mr_lou> twb: You don't like PHP? More of a Ruby guy then?
[08:26] <twb> Har fucking har.
[08:27] <mr_lou> I see you have another religion then.
[08:27] <mr_lou> Which one?
[08:27] <twb> As a sysadmin, I prefer libraries to be in C, with any glue on top in something quick-and-dirty like perl or python.
[08:28] <mr_lou> So python for webbased solution?
[08:28] <twb> As a computer scientist, I'd really like a language with FP semantics and sexpr lexicography, but the real world is just too stupid for that.
[08:29] <mr_lou> The world is too stupid for many things.
[08:29] <twb> mr_lou: IMO the whole "web" platform should FOAD.  NeWS made sense, and the whole modern browser-as-a-platform phenomenon is an idiotic attempt to reinvent NeWS on top of totally inappropriate protocols.
[08:29] <mr_lou> Luckily I don't have that many demands. :-)
[08:31] <twb> This is, obviously, dismissing the higher goal of keeping users off the network, since as we all know, THEY are the ones that break it.
[08:31] <mr_lou> I don't care about that. I'm happy doing web-solutions, so I'm not complaining. I believe it's true what they say about the future though. That apps and data of will be online.
[08:31] <mr_lou> I doubt I'll use it myself like that though.
[08:31] <mr_lou> I prefer my stuff to be local.
[08:31] <twb> mr_lou: yeah... so we're back to the original bloody batch processing paradigm with a layer on wank on top.
[08:32] <mr_lou> yup
[08:32] <mr_lou> All new inventions are slower than the older ones.
[08:32] <mr_lou> Just look at new televisions. Just switching channel on our brand new Sony flatscreen takes much longer than on our old CRT. :->
[08:37] <mr_lou> omg
[08:37] <mr_lou> twb: Fixed it. You were right. It was a PHP thingy.
[08:37] <mr_lou> Stupid
[08:37] <maedox> I have a weird index.cgi issue. They all now show as plaintext in the browser after I upgraded from Hardy LTS -> Lucid LTS. Everything checks out, +ExecCGI, perl -c = Syntax OK, files are executable, owned by www-data, nothing in the logs. Any ideas?
[08:38] <mr_lou> twb: Described here if you're curious under the headline "fontfile". http://dk2.php.net/manual/en/function.imagefttext.php
[08:39] <twb> mr_lou: freetype is usually used with fontconfig to find font files
[08:40] <twb> e.g. fc-match Monospace-24 ==> DejaVuSansMono.ttf: "DejaVu Sans Mono" "Book"
[08:40] <mr_lou> mkay
[08:40] <mr_lou> Adding this line worked: putenv('GDFONTPATH=' . realpath('.'));
[08:40] <twb> mr_lou: bleh.  So you're storing font files within the PHP code tree?
[08:41] <mr_lou> Yes
[08:41] <twb> Typical PHP suckiness
[08:41] <twb> It ought to be utilizing /usr/share/fonts
[08:41] <mr_lou> Well, initially I did it because it was hosted externally.
[08:41] <mr_lou> twb: Depends if you want it to be a solution that's easy to move or not. ;-)
[08:42] <mr_lou> Any server-setup I can avoid at a later stage, is good.
[08:42] <mr_lou> Anyway, coffee break. Thanks for the help twb.
[09:37] <kinygos> #join django
[09:37] <kinygos> lol..sorry...half asleep
[10:16] <DaveWhite> Hi guys, I'm running the latest beta of ubuntu svr on a laptop. The laptop screen blanks every 5 mins or so. Anyone know how I can change that?
[10:16] <DaveWhite> I dont *think* its a BIOS setting
[10:17] <twb> DaveWhite: at the tty?
[10:17] <twb> It's a tty setting.  Read the setterm(1) manpage
[10:18] <DaveWhite> I tried that, but it didn't seem to make a difference.  Could it be that the settings aren't set immediately but only on the next session?
[10:19] <twb> setterm affects the active tty only
[10:19] <twb> e.g. if you log into tty1, it won't affect tty2
[10:19] <twb> Also, if you're running screen, the escape codes won't propagate through it to fbcon
[10:19] <twb> Oh, and they'll be lost when you reboot, and *possibly* when you log out
[10:20] <DaveWhite> not a big deal to set them permanently, but I have to try it again to see if I'm not going crazy.  It might be a power setting on the laptop or something.
[10:23] <DaveWhite> Thanks for your help twb, at least I know I was on the right path.
[10:23] <twb> Yes, hardware could also be doing it in some way you can't get at
[10:23] <twb> Note that there is blanking and there is powering down, and they're different
[10:24] <DaveWhite> I just discovered that... I've set them BOTH to off for now, we'll see if that works
[10:24] <twb> okey dokey
[11:13] <VoiDeT> Hey everyone, is it possible to downgrade a package? I believe an upgrade to openssl is now causing my lighttpd install fail on start
[11:14] <twb> VoiDeT: officially, no
[11:14] <twb> VoiDeT: unofficially, "good luck!"
[11:15] <VoiDeT> hahaha awesome thanks twb
[11:15] <VoiDeT> is there a way to still use aptitude to upgrade lighttpd to 1.4.28 ?
[11:15] <twb> It depends largely on how "clever" the packaging is.  For example, downgrading mg would work, downgrading mysql probably wouldn't.
[11:15] <VoiDeT> woops
[11:16] <twb> 21:15 <twb> It depends largely on how "clever" the packaging is.  For example, downgrading mg would work, downgrading mysql probably wouldn't.
[11:16] <twb> lighttpd 1.4.26 is the newest release available in Ubuntu.
[11:16] <twb> There may be unsupported third-party packages
[11:16] <VoiDeT> ahh ok, i have .22 installed
[11:16] <VoiDeT> what sources should i be using to get to .26
[11:16] <twb> You shouldn't
[11:17] <VoiDeT> im on karmic
[11:17] <twb> Trying to install packages out-of-band is a good way to fuck up your system.
[11:17] <VoiDeT> true, well at the moment my sites are down, so i figured digging the hole deeper couldn't hurt
[11:18] <twb> I guess...
[11:18] <twb> I'd try downgrading openssl or whatever first
[11:19] <twb> Or, you know, working out WHY it isn't starting, and fixing that
[11:19] <VoiDeT> yeh, ive been looking around on the net a bit
[11:19] <VoiDeT> and its a bug with the new openssl and lighttpd below 26 i think
[11:39] <\sh> VoiDeT: which new openssl in karmic?
[11:39] <\sh> the latest openssl in karmic is 0.9.8g-16ubuntu3.2 (via security/updates)
[11:40] <\sh> that shouldn't crash your lighty...or you did an upgrade of openssl 0.9.8 to 1.0.0 by yourself, then you are alone
[11:56] <VoiDeT> hmmm \sh weird, Im not too sure what could of happened here
[11:59] <\sh> VoiDeT: so you have openssl 1.0.0 on the machine? I don't know what you did, but you did something wrong ;) there is no 1.0.0 release in all ubuntu releases till today...and it's a problem to upgrade to 1.0.0 without rewriting some parts of code in several apps to maintain backward compatiblity with older ssl clients
[11:59] <\sh> meeting brb
[11:59] <VoiDeT> yeh i for sure didnt do that
[12:01] <VoiDeT> i just upgraded to 10.04, issue fixed
[12:02] <VoiDeT> however i see apache2 is running now, and i try apt-get remove apache2 and nothing found
[12:11] <twb> That's probably because it's called apache2-mpm-worker or something
[12:54] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <hardfire> opennebula vm is in save_stop state how do i delete it??
[12:57] <jussi> hardfire: please dont repeat yourself
[12:58] <patdk-wk> but he needs help :)
[12:59] <_ruben> he did succeed at one thing: getting some attention ;)
[12:59] <jussi> _ruben: yeah, but can you imagine if everyone did that?
[12:59] <jussi> :D
[12:59] <patdk-wk> everyone doesn't already?
[13:00] <patdk-wk> heh, I refuse to join #ubuntu cause that goes on constantly :(
[13:01] <_ruben> #ubuntu is good for keeping your connection alive ;)
[13:01] <_ruben> but no, i dont endorse repeating or any other form of spamming
[13:17] <xfaf> morning
[13:22] <zul> ttx: did someone upload dovecot yet?
[13:23] <ttx> I saw it fixreleased
[13:24] <ttx> signed by mvo
[13:24] <zul> k
[13:27] <ttx> Daviey: for the axis2c ftbfs, should we maverick-updates-it  ?
[13:27] <ttx> That's the only remaining one on our plate, before ISO testing
[13:33] <Daviey> ttx: Well.. i think -updates makes sense
[13:33] <Daviey> it's not like fixing the FTBFS actually gives us anything better for release..
[13:33] <Daviey> ... it's an -updates issue...  IMHO...
[13:33] <Daviey> (unless doko finds a fix sooner)
[13:33] <doko> sorry, not working on this currently
[13:40] <Daviey> doko: Oh.. ok.. no problem.. Thanks for letting us know.
[13:53] <kshallid> hello all
[13:56] <kshallid> is there any how to install and running xen-server on ubuntu-server 10.4 (Lucid)
[13:58] <soren> No.
[14:00] <twb> kshallid: you mean making Ubuntu a domU?  or a dom0?
[14:00] <RoyK> kshallid: it's possible, but I'd recommend against it - use kvm instead
[14:00] <kshallid> dom0
[14:00] <RoyK> not recommended
[14:00] <RoyK> !xen
[14:00] <soren> Not supported. At all.
[14:01] <twb> kshallid: that's extremely non-trivial
[14:01] <twb> soren: are Ubuntu kernels domU-capable by default, like Debian ones?
[14:01] <kshallid> twb: that what i saw on all forums, so just want to ask
[14:01] <RoyK> kshallid: use kvm, that's simple, stable and supported
[14:01] <soren> twb: Yes.
[14:01] <twb> Good-o, that's what I thought
[14:01] <soren> They have been for years.
[14:02] <RoyK> paravirtualising ubuntu under xen is a pita, and running it hwvirtualized is a pita i/o-wise
[14:02] <kshallid> RoyK: any referencies ?
[14:02] <RoyK> kshallid: references for what?
[14:03] <kshallid> kvm
[14:03] <RoyK> !kvm
[14:03] <kshallid> RoyK: ok thx
[14:08] <ttx> JamesPage: did your Hudson autotester go through todays ISO yet ?
[14:13] <franksterville> morning all
[14:14] <twb> I'd be enthusiastic about kvm if I had a single bloody host that had VT extensions
[14:16] <franksterville> I need a donut and cofee
[14:16] <franksterville> before i can do anything  productive
[14:16] <plovs> twb virtuallbox can be ran headless as well
[14:16] <franksterville> vb needs gui i thought?
[14:17] <twb> vbox can't be run headless unless you use the non-free version or are happy to have a host you can't connect to
[14:17] <ttx> smoser: did you see with skaet for cloud image release procedure ?
[14:17] <twb> Whereas kvm can simply hook up the 80x25 VGA console and serial console to new PTYs, or to curses, or to stdio
[14:17] <plovs> twb afaik you can run headless, and use the guest to connect, remote desktop or ssh
[14:18] <twb> plovs: wrong
[14:18] <twb> The RDP server is only available in the non-Free version
[14:18] <smoser> i sent her a mail last night pointing to https://wiki.ubuntu.com/UEC/Images/Publishing and info on acl for AMI pages on amazon. opened a RT for her to have access to nectarine (which is finished)
[14:18] <smoser> ttx, ^
[14:18] <twb> So if your headless VM falls over and goes into a fsck in single-user mode, you have no way to get into it
[14:19] <plovs> twb but it should be possible to use rdp build into the windows guest, no?
[14:19] <plovs> but yes, kvm is "better"
[14:19] <qman__> that's assuming it works
[14:19] <qman__> when it breaks, you're screwed
[14:19] <patdk-wk> why not just run like xvnc or something?
[14:19] <plovs> yep
[14:19] <twb> plovs: if it was a windows guest running an RDP server, that would be just as inaccessible during a panic on the guest
[14:20] <plovs> twb yes, if it breaks, then your screwed
[14:20] <twb> Yes, if nothing goes wrong, you are fine
[14:20] <twb> But that's like putting a server in a remote rack without any kind of KVM-over-IP or LOM or what have you
[14:20] <smoser> twb, is there a way to get at serial console ?
[14:20] <franksterville> you can still give yourself shell access for emergency
[14:21] <twb> smoser: not according to the #vbox people
[14:21] <qman__> things go wrong
[14:21] <qman__> this is a given assumption when you work in the real world
[14:21] <smoser> yeah, then that really stinks.
[14:21] <twb> franksterville: how?  The guest has no networking, and you have no local head because vbox is too cheap and stupid to support serial
[14:21] <smoser> on a related note, for the cloud images, i'm thinking it would be good to have a panic mode ssh server
[14:22] <smoser> or some way to get at the instance if in fact mount / fails (but you did get to the ramdisk or other early part of boot)
[14:22] <franksterville> oh u mean shell to the virtual..  gotcha
[14:22] <franksterville> use vmware much more robust
[14:22] <twb> Har fucking har
[14:23] <ttx> smoser: skaet is with me, having trouble unencrypting your email. Could you send it to me ?
[14:23] <qman__> KVM is the supported solution for a reason
[14:23] <twb> The vmware hypervisor, maybe.  The gratis stuff like vmware server is a fucking joke
[14:23] <plovs> hypervisor is great, the free server is awful
[14:23] <franksterville> never messed with kvm
[14:23] <ttx> smoser: or send it in clear text if there isn't anything sensitive in it
[14:24] <smoser> ttx, sure. i tihnk i did encrypt with "Kate Stewart (Canonical PGP key)" C18CFBA0 . maybe error on my part.
[14:24] <smoser> ttx, there is sensitive
[14:24] <franksterville> most anything free is aweful
[14:24] <smoser> the ami pages acl
[14:24] <plovs> franksterville only if the free version is meant to advertise paid versions
[14:24] <twb> franksterville: this *is* #UBUNTU-server
[14:25] <ttx> smoser: ok, send it (encrypted) to me then
[14:25] <smoser> k
[14:25] <franksterville> twb:  and?
[14:25] <twb> franksterville: Ubuntu is gratis
[14:25] <franksterville> I happen to have one,  I am allowed to learn here?
[14:25] <franksterville> alot of the extended functionality comes at a price sometimes
[14:26] <twb> franksterville: I mean, if free stuff is awful, why aren't you in #RHEL
[14:26] <franksterville> nono I love free stuff
[14:26] <franksterville> but sometimes free isnt worth it
[14:26] <franksterville> ubuntu is tho
[14:26] <franksterville> but i dont like VB
[14:27] <twb> Mostly because they take Debian and break bits their core users don't care about, like NFS root... >duck<
[14:27] <plovs> franksterville usually free means more work, vmware hypervisor is simpler to get working, but kvm takes more time but can mostly do the same
[14:28] <franksterville> guys im here mostly to learn, was just chiming in prematurely lol
[14:28] <ttx> smoser: hang on, she did unencrypt it
[14:28] <franksterville> why would one need a virtual with linux?
[14:28] <ttx> smoser: so everything is fine
[14:28] <smoser> ok
[14:28] <smoser> my stupid encryption setup i dont have copying myself
[14:28] <smoser> so i was going to have to type it again (ie, i can't read my sent-mail folder)
[14:29] <ttx> smoser: hmm, in fact, she can't read it
[14:29] <ttx> smoser: so we are still a go ;)
[14:29] <smoser> ok. hold on.
[14:29] <qman__> franksterville, that's not important
[14:29] <qman__> someone needed it, so someone wrote it
[14:29] <qman__> and gave it to the community
[14:30] <qman__> if you take away all things that people allegedly don't "need", you don't leave much left
[14:31] <franksterville> valid point...
[14:32] <franksterville> i did consider running a windows virtual just as a print server
[14:32] <franksterville> since then there has been alot of nix printer drivers added soz no need. nix can do it
[14:47] <franksterville> Morning all
[14:49] <twb> franksterville: in my case, virtualization is useful to delegate a subset of my overall resources to an administrative zone.
[14:50] <franksterville> twb: I figured you were avoiding having a bunch of boxes.  I am learning alot here
[14:50] <twb> e.g. the buildds get at most 50% of RAM and 25% of disk I/O; apache gets an IP address and 80% of the network I/O
[14:51] <twb> Yeah, consolidation.
[14:51] <franksterville> rather than carve up a ridiculas permission scheme
[14:52] <elb0w> Anyone use imsniff?
[14:52] <twb> franksterville: it's only ridiculous until, say, you find out that e.g. your financials postgres database has lost the last week of data because /var/log and /var/lib/postgres share a filesystem, and DOS attacks filled that filesystem via /var/log/auth.log
[14:53] <franksterville> twb:  oh ^**%* yes that would be bad
[14:53] <twb> Or, say, you're hosting customers' services and want to charge them based on the bandwidth they consume
[14:54] <franksterville> twb:  i woek in a pretty small office environment,  dozen clients soz I hink in that context
[14:54] <twb> You don't want bank.example.net to get zero bandwidth because your other customer porn.example.net was uploading a new video.
[14:54] <franksterville> lololol
[14:55] <plovs> franksterville we used to run our backup domaincontroller virtualized
[14:55] <twb> It also makes backups and migrations easier
[14:55] <plovs> and two applicationservers
[14:56] <franksterville> twb: I use amazon s3 for backups as well as a local raid
[14:56] <plovs> that is two less boxes less ports in the switch, less electricity etc
[14:56] <franksterville> twb: sounds like u have a much larger situation than i do
[14:57] <franksterville> the green aspect is huge
[14:57] <twb> franksterville: well, my office network is actually a mess.  We have more mission-critical hosts than staff, and our most powerful box is running PPPoE and nothing else
[14:57] <twb> franksterville: but I also babysit a bunch of customers, including a couple of multinationals.
[14:57] <elb0w> Anyone know any software for monitoring AIM for linux? My companies compliance needs something to monitor the devs
[14:58] <franksterville> twb:  mostly web services?
[14:58] <twb> No, systems administration.
[14:58] <twb> elb0w: AIM as in the AOL IM protocol?
[14:58] <franksterville> twb: soz i get stuck i can hire you to fix it lol
[14:58] <elb0w> twb, correct
[14:59] <twb> elb0w: ask "apt-cache search".  Probably libpurple (pidgin, finch, bitlbee) can speak it.
[15:00] <twb> franksterville: or you could just ask here, if you're prepared to put up with me explaining how stupid you are when you do something dumb and need help fixing it
[15:01] <franksterville> twb:  well, that comes with doing something stupid.  On occation it will be so stupid that I am willing to pay for privacy LOL
[15:02] <franksterville> twb:  It took me 2 years to talk my company to ditch windows and now that they finally listened its my head
[15:03] <plovs> franksterville you have replaced all your windows servers?
[15:03] <franksterville> yes
[15:03] <franksterville> file, print,  web
[15:04] <plovs> wow, do you use centralized authentication? i quite liked AD
[15:04] <franksterville> windows makes me ill
[15:04] <plovs> AP+exchange+outlook is hard to replace
[15:04] <franksterville> spent more time locking people out of everything so they couldnt mess it up
[15:04] <twb> plovs: I bet he doesn't
[15:05] <franksterville> I use OPen Dir
[15:05] <twb> Yeah, developers are nearly as bad as engineers when it comes to fucking up their unix workstations
[15:05] <franksterville> lol
[15:05] <plovs> and developers are harder to lock down
[15:05] <franksterville> i am talking receptionists and costomer service reps
[15:06] <twb> "My pineal gland told me that upgrading GCC would make my fortran code marginally faster, so I tried to sudo make install..."
[15:06] <franksterville> lolololol
[15:06] <Pici> !ot
[15:07] <plovs> franksterville is open dir an active directory replacement running on ubuntu?
[15:08] <twb> Pici: sorry.
[15:08] <franksterville> whatever ubuntus stock AD replacement is
[15:09] <twb> franksterville: there isn't one.
[15:09] <franksterville> there is a lugin
[15:09] <franksterville> plugin
[15:09] <franksterville> i rem setiing it up
[15:09] <twb> OpenLDAP does some of it, and Samba4 does some, but it isn't production-ready
[15:09] <franksterville> my google fu is good
[15:09] <franksterville> yeyey LDAP
[15:10] <franksterville> i used a tutorial top to bottom the first time and i try not to mess with anything
[15:10] <twb> plovs: I guess he's referring to Sun OpenDS (java) or Apple Open Directory (OS X)
[15:12] <plovs> twb ok, but those are not cheaper then AD, and ldap on ubuntu is not something i want to risk my job over :-(
[15:13] <twb> I run OpenLDAP on hardy, but I ran out of budget before I got SSL or Kerberos or NFSv4 working on top.
[15:14] <franksterville> twb: since i am noob and really shouldnt sudo anything i try to just let the thing run.  I only apt-get upgrade every 6 mo
[15:14]  * plovs hopes samba4 will solve this hurdle
[15:14] <franksterville> my first streach i went 500 days without reboot
[15:14] <franksterville> but then kernal needed reboot
[15:15] <franksterville> just distro upgraded to 10.04
[15:15] <franksterville> cant beleive it still works lol
[15:15] <twb> I believe d-r-u is recommended over dist-upgrade'ing
[15:16] <franksterville> again google is my admin lol
[15:16] <twb> !do-release-upgrade
[15:16] <twb> Hm, maybe I forget it's name
[15:16] <Pici> There isn't a factoid for it.
[15:16] <Pici> !upgrade
[15:17] <twb> Okey dokey
[15:17] <Pici> But yes, its the recommended way.  There are some quirks that d-r-u can fix that can't be handled by dpkg/apt.
[15:17] <franksterville> did these:  sudo apt-get install update-manager-core, sudo do-release-upgrade
[15:18] <Pici> Thats fine :)
[15:18] <franksterville> kept my ftp, dhcp, sambap, user configs
[15:18] <plovs> if possible, a clean install is best for servers imho, and just restore configs from backup later
[15:19] <franksterville> i plan to do clean install in Dec
[15:19] <franksterville> replace HDs etc
[15:20] <franksterville> use the leaf blower
[15:20] <franksterville> with todays internet speeds i was considering an instance on S3
[15:20] <franksterville> and forget local
[15:42] <smoser> ttx, so should we be starting iso testing ?
[15:42] <smoser> should i have tracker populated with 20101006 ?
[15:43] <ttx> smoser: I'd rather wait for the server ISO generation and trigger the cloud image generation after that
[15:44] <ttx> should arrive in a few
[15:45] <smoser> ttx, where there packages spun explicitly for ?
[15:45] <smoser> (how about that for yoda speak)
[15:45] <ttx> smoser: I don't think so
[15:46] <ttx> smoser: but ideally we would take the same publisher run :)
[15:57] <jeiworth> interesting, anyone using otrs as ticket system? i'd like to try the new 3.0b4 and funny enough it's available only in 2 different rpm falvours, for suse and redhat? anyway, using alien to convert shouldn't be a problem so can anyone recommend either flavour? i don't really think it matters but better ask.. ;)
[16:01] <jeiworth> ...oO(hmm supose i could just install a centos vm and be done with it...)
[16:01] <franksterville> lol ye i always cronge when using alwin
[16:01] <franksterville> alien
[16:01] <franksterville> *
[16:02] <plovs> jeiworth better download the tar-ball and create a deb from it with checkinstall
[16:07] <jeiworth> plovs: that works with otrs? because it's not source code, it's well more like e.g. the joomla-tarball that you just extract into /var/www/ and take it from there...
[16:08] <jeiworth> otrs is just a bit of a pita because you have to manually install all required dependancies and set up the db with sql-scripts etc...
[16:08] <jeiworth> s/dependancies/dependencies
[16:09] <plovs> jeiworth you might mail the maintainer of otrs2 and ask if he is working on otrs3? it looks not taht  simpe to make a deb
[16:10] <jeiworth> plovs: hmm, otrs3 is still in beta, i am not sure but one can always ask ;) thanks
[16:29] <coxn> I'm looking at https://help.ubuntu.com/10.04/serverguide/C/jeos-and-vmbuilder.html and wondering what the best approach is to push an SSH key to the default user
[16:29] <ttx> smoser: you can spin the cloud images -- server ISOs are being regenerated as we speak
[16:30] <coxn> ahh! I see --ssh-key and --ssh-user-key now
[16:30] <coxn> nevermind
[16:43] <smoser> ttx, so, i can spin, yes
[16:43] <smoser> but if there is no package difference from last nights' i'd just prefer to use last nights
[16:43] <smoser> as publish process is multi-hour
[16:43] <ttx> smoser: any way to compare current status ?
[16:43] <ttx> smoser: there were quite a few bugs squashed, some of them affecting us
[16:43] <smoser> i can hack somethign together. just go through manifest and check archive data.
[16:44] <ttx> smoser: we had Bug 653362 and Bug 641259 fixed recently
[16:45] <smoser> grub does affect me.
[16:45] <smoser> so i should get that
[16:45] <ttx> smoser: so I'm pretty sure it would end up being different
[16:46] <smoser> ok. respin.
[17:00] <smoser> kirkland, can you sponsor upload of https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/649591 to lucid
[17:43] <RoAkSoAx> kirkland: howdy!! I was wondering if the monitoring of a service you were talking about the other day was cloud related?
[17:46] <ttx> Looks like we'll have a respin
[17:47] <kirkland> RoAkSoAx: yeah, sort of ;-)
[17:48] <SpamapS> ttx: release the hounds?!
[17:48] <ttx> yes, respin in progress
[17:48] <RoAkSoAx> kirkland: because to be able to provide HA, OCF Agents will have to be created to be able to monitor the service, which I believe would be kinda the same of what you were looking into...
[17:48] <ttx> zul, JamesPage ^
[17:49] <RoyK> ttx: respin?
[17:49] <zul> ttx: ack
[17:49] <ttx> RoyK: new Server ISOs candidates for final Maverick generated
[17:49] <RoyK> ah
[17:49] <RoyK> ok
[17:49] <ttx> RoyK: that affects testing
[17:49] <ttx> @ http://iso.qa.ubuntu.com/qatracker/build/ubuntuserver/all
[17:49] <RoyK> k
[17:49] <ttx> we need to reset the testing efforts
[17:50] <RoAkSoAx> kirkland: so I was wondering if you planned already how to do that, or if you wanted that for HA clustering environments ... or that sort of stuff?
[17:52] <kirkland> RoAkSoAx: yeah, i have a patch
[17:52] <kirkland> RoAkSoAx: let me show you ...
[17:52] <kirkland> RoAkSoAx: it would totally be useful, I think, for HA environments
[17:54]  * SpamapS is quite interested as well
[17:54] <kirkland> RoAkSoAx: http://paste.ubuntu.com/507383/
[17:54] <kirkland> RoAkSoAx: this is the "quick and dirty" solution
[17:55] <kirkland> RoAkSoAx: patching /usr/sbin/service
[17:55] <ttx> 20101006.3 is up
[17:55] <kirkland> RoAkSoAx: at UDS, i want to talk to keybuk and try to convince him to build this into upstart
[17:55] <ttx> Roll you r ISO testing engines, gentlemen
[17:55] <kirkland> RoAkSoAx: because upstart's current "status" action is pretty much worthless
[17:57] <delimiter> anyone know if there is a package for Lucid containing the Auth::GnuPG perl module?
[18:00] <Pici> delimiter: The closest I see is libcrypt-gpg-perl, but thats Crypt::GPG.  Also, I'm not a perl guy so I have no idea if thats way off.
[18:01] <RoAkSoAx> kirkland: haha indeed!! but for HA environments we could either use simple upstart status, or actually testing that the service is running such as doing requests to http services and stuff like that , which would be usefull in cloud environments
[18:02] <SpamapS> delimiter: if nobody has needed it as a dependency, then its less likely it will be packaged. dh-make-perl usually does a pretty good job of making CPAN modules into .deb's ... You could even try to get it uploaded into debian, and then request a backport for lucid. ;)
[18:02] <kirkland> RoAkSoAx: with this patch, you could just use the service(8) command to ask for status
[18:02] <kirkland> RoAkSoAx: if packages have "smarter" ways of determining if the service is actually up, then those scripts just need to be installed in /usr/lib/sysvinit/status.d
[18:02] <SpamapS> kirkland: It needs to be called something other than status...
[18:02] <kirkland> RoAkSoAx: and exit 0 for success, non-zero for not
[18:03] <SpamapS> kirkland: status is "the service is running" .. it doesn't speak to the health of the service.
[18:03] <kirkland> SpamapS: you are my favorite bikeshedder of all time
[18:03]  * kirkland hugs SpamapS 
[18:03]  * SpamapS has a blackbelt in bikeshed
[18:03] <smoser> kirkland, did you see my 'please sponsor' request above
[18:03] <smoser> please
[18:03] <smoser> with a cherry on top
[18:03] <kirkland> smoser: no, i'll do that now
[18:03]  * kirkland gives 100% attention to smoser 
[18:04] <RoAkSoAx> kirkland: Yes indeed it would help for HA environments. For example, in HA, OCF resource agents support "start", "stop", "status", "monitor". The "status" action can simple check if the pid is running or use those scripts you talking about, however, the "monitor" action will actually check if the database is up and running and received request, or if HHTP server if receieving request, and so on
[18:04] <Datz> delimiter: tried cpan?
[18:04] <kirkland> smoser: hmm, did you use my nick in that request?
[18:04] <smoser> yes
[18:04] <kirkland> smoser: i don't see it in my history
[18:05] <delimiter> Datz: I will if needed
[18:05] <smoser> [12:00] <smoser> kirkland, can you sponsor upload of https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/649591 to lucid
[18:05] <SpamapS> kirkland: i'm actually planning on working w/ keybuk on some best practices for upstart jobs and on using upstart jobs in maintainer scripts... one of the issues is that start/stop's return codes are meaningless in upstart, you have to use the status command....
[18:05] <RoAkSoAx> kirkland: so probably, if your patch goes trhu, we might not even have to provide an OCF RA for UEC, and just use the actual upstart RA, which uses upstart to determine service status
[18:05] <Datz> delimiter: ok, just doing aptitude search libcrypt-* I didn't see something too close
[18:05] <smoser> i have a response following that from uvirtbot, so it *did* get to the channel (i had questioned network here)
[18:05] <kirkland> smoser: hrm
[18:05] <kirkland> smoser: weird, not in my history
[18:06] <SpamapS> kirkland: so, letting the service define what it thinks status should return makes some sense, but I'd want to have that discussion at the same time.
[18:07] <RoAkSoAx> kirkland: and we will just simple provide those scripts you talking about by default for monitoring. But we'll hve to see how good that will work for HA Environments
[18:07]  * SpamapS would like to note that while he is an excellent bike shedder, this actually is relevant and has nothing to do with the color of the shed. ;)
[18:08] <SpamapS> RoAkSoAx: I always liked the way heartbeat's scripts worked .. they were fine as init.d, but offered more if you needed it.
[18:08]  * RoyK wants native ZFS for linux :þ
[18:08] <kees> SpamapS: actually, "status" was already doing smart checks. it's upstart that broke "status", so if you want a command for "is the process there", _it_ should be named something other than "status"
[18:09] <SpamapS> RoyK: excellent, maybe you can explain to me why ZFS is really as cool as they say it is.
[18:09] <kees> SpamapS: with sysvinit, "status" already has a meaning, and that includes smart checks
[18:09] <ttx> "status-that-works"
[18:10] <RoyK> SpamapS: scan through this one - it won't take long and it's quite desriptive http://hub.opensolaris.org/bin/download/Community+Group+zfs/docs/zfslast.pdf
[18:10] <SpamapS> kees: really, upstart's start/stop/status commmands are all just named too closely to sysvinit arguments.. when they don't really implement the same interface.
[18:10] <kees> ttx: no, "status" should remain status. and upstart's nearly useless check should be named something else :)
[18:10] <kirkland> SpamapS: i previously considered calling it "status+", but kees provided some very compelling arguments otherwise, and i agree with him -- "status" should encompass all of that
[18:10] <kees> SpamapS: exactly. except that "start" and "stop" _do_ do the same thing (provided the upstart conf for the service was ported sanely)
[18:10] <ttx> hehe
[18:11] <SpamapS> kees: the return codes of start/stop cannot be duplicated from what I have seen.
[18:11] <kees> SpamapS: there is clearly a need for whatever upstart's "status" command does, but it should not be called "status" as it conflicts with the actual prior functionality of sysvinit "status", whereas start/stop don't.
[18:11] <SpamapS> kees: and restart is.. nearly impossible to do other than with $0 stop;$0 start
[18:11] <kirkland> smoser: http://pastebin.ubuntu.com/507393/
[18:12] <SpamapS> kees: I think they all may benefit from wrappers.
[18:12] <kees> SpamapS: "start" needs to dtrt and give a sane exit code.
[18:12] <kees> SpamapS: that's likely. but in that case, I would argue all the commands should go away and we can rely on "service" again.
[18:13] <SpamapS> kees: the problem I've seen is that start really only returns whether or not it told the job to start.
[18:13] <hggdh> smoser: are the UEC images ready?
[18:13] <kees> SpamapS: right; which is totally wrong.
[18:13] <RoAkSoAx> SpamapS: indeed, but currently is the same idea. Cluster can monitor a service either with the sysvinit Resource Agent, which uses the sysvinit scripts, or upstrat RA, or even legacy heartbeta RA's, and off course, the OCF RA's, which are now preferred if you actually need to do "in-depth" monitoring on the service to decide wether or not to failover:)
[18:13] <RoAkSoAx> SpamapS: and inded it was simple to actually use the current init.d script, but they don't provide the monitoring of the service that is needed in critical HA applications
[18:13] <smoser> hggdh, no. spinning.
[18:13] <SpamapS> kees: yeah, so we should have the 'service' command's start do   start && status to give the right return code.
[18:14] <hggdh> smoser: roj, thank you
[18:14] <smoser> hggdh, will appear at http://uec-images.ubuntu.com/server/maverick/20101006.1 hopefully by 20:00
[18:14] <ttx> hggdh: he said 4 hours, 90 min ago. Calculate ETA.
[18:14] <\sh> can't we just revert upstart back to sysvinit for servers? ;) it would make things very much easier for all of us ;)
[18:15] <ttx> \sh: coming to UDS ?
[18:15] <SpamapS> kees: I look forward to having this discussion at UDS :)
[18:15] <\sh> ttx: no..it's US <- no way, and I don't have the time
[18:15] <ttx> we plan a flash mob there.
[18:15] <kees> SpamapS: keybuk will just slap us all :)
[18:15] <hggdh> \sh: pity, I was looking forward to talk with you again :-(
[18:15] <\sh> ttx: oh well, should I send you our team internal clue bat? ;)
[18:16] <SpamapS> kees: maybe we should throw him off by starting off with a big group hug.
[18:16] <ttx> \sh: if it's accepted in hand luggage, yes
[18:16] <kees> SpamapS: hehe
[18:17] <\sh> ttx: hehe...it's a soft one, but hurts ;) so it looks like a normal baseball bat for kiddies :)
[18:17] <\sh> hggdh: next time again :)
[18:17] <hggdh> indeed, next one should be in Europe :-)
[18:18] <\sh> hggdh: well, I hope my company will sponsor a trip to XXXX again :)
[18:19] <hggdh> they will, they will... have faith :-)
[18:19] <SpamapS> \sh: I think upstart can eventually be preferred for servers. We just need to push the servers' needs into upstart.
[18:19] <\sh> btw...does anyone know a good python implementation of the stomp protocol? python-stompy is not good enough, stomp.py  is crashing on me and carrot doesn't work with activemq because of no ampq implementation
[18:20] <SpamapS> I've oft wondered if we couldn't pipe the output of upstart -v into plymouth's status messages.
[18:20] <ttx> SpamapS: ahh! the voice of reason
[18:20] <SpamapS> \sh: stomp has problems in every language from what I've seen.
[18:21] <ttx> SpamapS: "well volunteered" as our fearless leader would say.
[18:21] <\sh> SpamapS: if you can explain our foundations team, that some things which do work on desktops are not so good for servers? I mean, nothing against upstart or systemd, but it makes more problems on servers which is more a conservative work environment
[18:21] <SpamapS> ttx: indeed! I'd love to grab upstart by the horns and get some of this stuff into it. :)
[18:21] <ttx> SpamapS: you might get that opportunity sooner than you'd think.
[18:22] <\sh> SpamapS: I was hoping that I could use activemq (because this is our std broker) and python-carrot, but it looks like that activemq doesn't have any ampq implementation yet
[18:22] <ttx> \sh: I think they are aware of it. Just having resource issues
[18:22] <SpamapS> \sh: it also solves a lot of problems too. In production environments, for a long time, I've used daemontools to do what upstart does with respawn. The difference is, that one was written for servers, so the 'svc' command it uses provides predictible exit codes and doesn't try to be like sysvinit.
[18:23] <SpamapS> and daemontools has logging built in, which is another thing I'd like to add to upstart.
[18:23] <\sh> ttx: well, it looks like that most activemq users are java users...I will give python-activemq a try...or I have to tell our devs to switch from activemq to rabbitmq ;)
[18:23] <SpamapS> ttx: if its not in the next 6 weeks, I'd be very sad. ;)
[18:23] <ttx> SpamapS: did I ever disappoint you ?
[18:24] <\sh> SpamapS: yes...I used daemontools in the 1990ties...I think it was in combination with qmail or so
[18:24] <SpamapS> \sh: stomp is a really simple protocol.. is python-stompy written in all python or c+python ?
[18:24] <SpamapS> ttx: once, but I forgave you because it was Bastille day.
[18:25] <ttx> ah!
[18:25] <SpamapS> no frenchman is in his right mind on Bastille day
[18:25] <\sh> SpamapS: both python libs are pure python
[18:25] <SpamapS> ;)
[18:25] <ttx> Daviey: where are your network cables, dude
[18:25] <\sh> whereas stomp.py (http://code.google.com/p/stomppy/) is much better then python-stompy
[18:26] <ttx> Ng: cables !
[18:26] <SpamapS> \sh: I was trying to use Stomp from PHP and C .. it didn't go well... for such a simple protocol, every implementation seems to be total crap.
[18:26] <ttx> Ng: I can't leave this place before I did complete at least one ISO test :)
[18:26] <\sh> but eventually I'm crashing it because I push too fast into the queue or something else happens, which I can't debug right now, because of it reports only "Errno 32: broken pip"
[18:26] <\sh> +e
[18:27] <SpamapS> ttx: should we begin iso tests now or wait for the respin?
[18:27] <ttx> it's respun already
[18:27] <SpamapS> \sh: the throttling that activemq does is very confusing for the libraries.
[18:27] <ttx> see: <ttx> 20101006.3 is up
[18:27] <ttx> SpamapS: go wild !
[18:27] <SpamapS> ttx: woot
[18:27]  * SpamapS zsyncs like he just don't care
[18:28] <\sh> SpamapS: yes..but actually I need a messaging solution, I need to create ssl keys+certs for hosts for puppet, which have to be delivered to a puppetmaster ( or more then one) and I came up with a nice solution (hopefully I'll blog about in the next few days when I find time)
[18:29] <SpamapS> \sh: oh you're not tied to activemq?
[18:30] <SpamapS> \sh: I am a huge fan of (and a contributor to) gearmand ;)  www.gearman.org
[18:30] <\sh> SpamapS: well, we are using activemq in our product backend...and I wouldn't like to introduce another message broker
[18:30] <SpamapS> \sh: the difference in bloat vs. simplicity is staggering when you compare activemq to gearman
[18:30] <kirkland> cjwatson: so I uploaded smoser's mountall fix to lucid-proposed ....
[18:31] <kirkland> cjwatson: am I also supposed to push the merge to lp:ubuntu/lucid/mountall ?
[18:31] <SpamapS> \sh: ahh
[18:31] <kirkland> cjwatson: or do i just let launchpad sort that out?
[18:31] <SpamapS> kirkland: I believe launchpad's package importer does that
[18:33] <smoser> the package importer does do it
[18:33] <smoser> but in theory you can do it also
[18:33] <smoser> its supposed to handle noticing "already done"
[18:33] <smoser> but i've seen it fail sometimes.
[18:34] <smoser> ie, the fact that i had to add the previous security release myself
[18:35] <cjwatson> kirkland: lp:ubuntu/lucid-proposed/mountall, I think - but it might not let you.  probably just let it do it.
[18:35] <ttx> Closing for the day, see you tomorrow
[18:36] <kirkland> cjwatson: ack;  will do;  i have had pushes rejected when i've tried to lp:ubuntu/lucid-proposed/*
[18:36] <\sh> SpamapS: I'll have a look at gearman...eventually it's a solution for my problem :)
[18:39] <SpamapS> \sh: you can disable activemq's throttling too
[18:39] <SpamapS> \sh: last I checked, you had to disable it "instance wide" though.
[18:40] <\sh> SpamapS: as said, I'll give python-activemq lib a try and if nothing helps I write my own message broker ;)
[18:40]  * SpamapS watches his macbook struggle to keep up with 3 vms hitting the disk at once and wonders if he'd have better performance w/ an array of USB flash drives...
[18:45] <alex88> hi, i'm setting up key auth to remove pass auth into my server..i've created key pair in client, copied in server ~/.ssh/authorized_keys
[18:46] <alex88> now to set key auth as only login type in sshd_conf?
[18:49] <RoyK> alex88: vi sshd_config?
[18:50] <alex88> true..but, is there something to change?
[18:50] <alex88> i want to completely disable password auth for ssh
[18:51] <RoyK> from man sshd_config:        PasswordAuthentication           Specifies whether password authentication is allowed. The default is yes. This option applies to both protocol versions 1 and 2.
[18:51] <alex88> oh k, so PasswordAuthentication no..
[18:51]  * RoyK kindly asks alex88 to RTFM :þ
[18:52]  * alex88 will remember that next time
[18:53] <RoyK> just remember to test key auth before you disable password auth :þ
[18:54] <alex88> already done.. now disabled and worked fine..thank you
[18:57] <Guest66942> Anyone know why when copying using NFS the load average would spike to 8?
[18:58] <Guest66942> home 192.168.1.1/24(rw,no_root_squash,async)
[18:58] <Guest66942> is the export
[18:59] <Guest66942> 192.168.1.1:/public /public nfs rw,hard,rsize=32768,wsize=32768,timeo=14,intr 0 0
[18:59] <Guest66942> Is the fstab
[18:59] <Guest66942> 100 MB full duplex
[19:04] <kucumber_> I get "broken pipe" when I leave my connection idle a while, is there a way to stop this?
[19:04] <Brot1> Hi, I'm using Ubuntu 10.04 LTS on a vServer. But there are some services not starting after a reboot. (e.g: cron, dovecot) what's wrong with this vServer or Ubuntu 10.04?
[19:04] <kucumber_> perhaps leave a torrent client running?
[19:07] <RoyK> Brot1: anything in the logs?
[19:09] <j3ckyl> Any know why the load average would spike to 8 when transferring via NFS
[19:09] <j3ckyl> export is
[19:09] <j3ckyl> rw,no_root_squash,async
[19:09] <j3ckyl> fstab is
[19:09] <j3ckyl> rw,hard,rsize=32768,wsize=32768,timeo=14,intr 0 0
[19:09] <j3ckyl> media is 100 Full Duplex
[19:10] <RoyK> j3ckyl: s/hard/soft/ ?
[19:10] <Brot1> j3ckyl, in which file should I look? I couldn't find something in /var/log/messager or /var/log/syslog
[19:10] <RoyK> Brot1: I guess that was to me - check /var/log/daemon.log first - also check that these services are set to autostart
[19:11] <j3ckyl> It's a dell dual pentium III with 2 gig memory running 10.04 LTS
[19:11] <j3ckyl> load typcialy runs at .60
[19:12] <j3ckyl> It's a USB drive that is mounted, I am thinking the problem is i/o but iostat doesn't reflect a problem
[19:12] <RoyK> j3ckyl: pastebin `ps fax` and install sysstat (and enable it)
[19:13] <Brot1> j3ckyl, I don't know where I should like if cron is configured to autostart. but dovecot is enabled in /etc/default/dovecot
[19:13] <RoyK> j3ckyl: erm - usb is quite slow on the i/o, especially with that sort of hardware - probably usb1, which is dead slow
[19:13] <Brot1> j3ckyl, i read that this could be a problem with upstart and ubuntu 10.04?
[19:14] <j3ckyl> Well, I know it's probably a io issue , I know USB 1 is slow
[19:14] <RoyK> Mass storage usb on a PIII is asking for trouble
[19:14] <j3ckyl> but a load of 8? really?
[19:14] <j3ckyl> is there an NFS mount export that can nice it?
[19:14] <Brot1> it's seams a little bit weird that cron isn't starting after startup?
[19:14] <RoyK> j3ckyl: with waits for i/o, the load is bound to be high
[19:15] <j3ckyl> rw,hard,rsize=32768,wsize=32768,timeo=14,intr 0 0
[19:15] <j3ckyl> So would going to lower chunk sizes help?
[19:15] <RoyK> j3ckyl: you said so, thrice, the problem is probably the i/o bottleneck to the usb device
[19:16] <j3ckyl> Yes, but it should be able to be throttled
[19:16]  * RoyK hands j3ckyl a soldering iron and some usb2 chips
[19:16] <j3ckyl> heh
[19:17] <RoyK> sorry about the sarcasm, but usb1 is NOT a good candidate for mass storage
[19:18] <RoyK> j3ckyl: better stick an usb2 card in the pci bus - it'll be way faster
[19:18] <j3ckyl> Yeah, but given that, in NFS you can control that to some extent
[19:18] <RoyK> not really
[19:18] <j3ckyl> I know I can remove async
[19:18] <j3ckyl> I don't need a reason to check the bits
[19:18] <RoyK> still, the load average will be reflected by the number of processes waiting for i/o
[19:19] <j3ckyl> I can probably lower the chuck size
[19:19] <RoyK> it won't help much
[19:19] <j3ckyl> Give it less to read at one time
[19:19] <RoyK> but then, a high load average won't kill you
[19:20] <j3ckyl> Well, at 8, it turns the cli into mud
[19:20] <RoyK> slow i/o => high load average
[19:20] <RoyK> it's one of Linux' infamous 'features'
[19:20] <RoyK> linux doesn't deal well with slow i/o
[19:20] <j3ckyl> but, it's a transfer
[19:20] <j3ckyl> this is not a / drive
[19:21] <j3ckyl> it's simply an ext4 that's for storage
[19:21] <RoyK> j3ckyl: there are several (kernel) processes waiting for i/o - that keeps parts of the system busy
[19:21] <j3ckyl> so I should be able to control the feed using nfs to match the io speed
[19:21] <j3ckyl> yes?
[19:21] <RoyK> beleive me - get a new usb board or even a SATA disk instead
[19:21] <RoyK> or an old IDE drive
[19:22] <RoyK> I don't know how well the usb1 drivers handle DMA (or at all)
[19:22] <j3ckyl> Really don't need that. It's a media drive that feeds mediatomb
[19:22] <j3ckyl> Do I don't need io speed except for initial media transfers
[19:22] <j3ckyl> I would just like to tune it better
[19:22] <RoyK> well, it was only a mere suggestion - I've only worked with operations for 15 years or so...
[19:23] <j3ckyl> I hear ya
[19:23] <j3ckyl> I know there are a lot of NFS tweaks though
[19:23] <j3ckyl> It's defaintely not optimized
[19:23] <RoyK> it doesn't matter if there are nfs tweaks around if the block level sucks
[19:24] <RoyK> or block layer
[19:24] <RoyK> even
[19:24] <j3ckyl> I did have a cisco 5200, I could run weights red on nfs
[19:24] <j3ckyl> err weighted red
[19:25] <j3ckyl> limit the speed across line
[19:25] <\sh> RoyK: even nfs from usb device is not that good, use local SAS storage or if you need more use a storage box as direct attached or actually use a SAN ;)
[19:25] <j3ckyl> that was kinda a last resort
[19:26] <j3ckyl> Long long time ago when I was working for a financial, we use to run thinnet across a solaris star
[19:26] <j3ckyl> all NFS mounts
[19:27] <j3ckyl> The primary server had similiar problems
[19:27] <RoyK> \sh: heh - I use zfs on osol/nexenta/something for nfs servers :þ
[19:29] <\sh> RoyK: I'm running here a 2x HP dl365 G5 with 10 nics, 2x 4nics as port channel bonds, bonded together as active/passive bonds...inside the hp dl365 there is an p800 smartarray and attached to this controller there are 2x msa 70 with sas hds :) rock'n'roll
[19:30] <Brot1> I think I found the bug I'm having with my installation: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/543506. But why the hell is this bug open since 2010-03-21??
[19:31] <RoyK> \sh: nice - I just ordered a couple of (net) 120TB systems with 10Gbps connectivity :D
[19:32] <\sh> RoyK: netapps or hps or emcs? ;)
[19:32] <RoyK> \sh: nexentacore on supermicro hardware :)
[19:32] <RoyK> FAR cheaper
[19:33] <RoyK> and with SSD caching, it will probably do about the same performance-wise
[19:33] <\sh> argl...supermicro
[19:33] <RoyK> nah - works well
[19:36] <\sh> RoyK: http://www.welt.de/multimedia/archive/00251/Rechenzentrum_DW_Wi_251366p.jpg :) former company, 635 supermicro machines, 16 500GB sata hds, 2x dual core amd opteron cpus 16GB ram...I know all about supermicro boards :)
[19:41] <RoyK> \sh: I've only had a few of boxes running stably for a year or so
[19:42] <\sh> RoyK: for the raid6 stuff we used, we had a areca raid controller inserted...and this version was very fast, but had a unreliable backplane...every day, at least 50 disks were reporting a failure
[19:42] <RoyK> ouch
[19:42] <kucumber_> people, I can't for the life of me seem to get .htaccess working to password a folder on my server
[19:42] <RoyK> we haven't had any problems with the backplanes
[19:42] <RoyK> kucumber_: AllowOverride AuthConfig
[19:44] <kucumber_> AllowOverride AuthConfig in the .htaccess file?
[19:45] <RoyK> no, in the apache config
[19:45] <RoyK> that allows overriding authconfig in the directory given
[19:46] <kucumber_> ah - where might be the location?
[19:46] <yann2> hello, is /srv/ commonly used on ubuntu? I've rarely seen documentation referring to it
[19:46] <RoyK> kucumber_: probably in <Directory>
[19:46] <yann2> is it good practice to put ftp files, webpages, etc in there?
[19:46] <yann2> may I get in trouble with apparmor? :)
[19:46] <RoyK> yann2: /var/www is mostly used for web stuff
[19:47] <RoyK> yann2: /srv is mostly a Solaris thing AFAIK
[19:47] <yann2> I know being confused by https://lists.ubuntu.com/archives/ubuntu-users/2009-March/176239.html
[19:47] <kucumber_> RoyK: <Directory> sorry, where is this - n00b here
[19:47] <RoyK> kucumber_: read the apache docs :þ
[19:47] <yann2> am working on a bazaar server and wondering where I should put the bazaar project files
[19:47] <Amgine> What's the best cantrip for archiving a remote folder and copying it to the local machine? scp -rp user@host:/path -| tar -cvf - | gzip -c backup ??
[19:49] <\sh> rsync ?
[19:49]  * RoyK votes for rsync
[19:50] <\sh> RoyK: /src is a debian thing, /opt is a solaris thing, and /var/www/ is mostly used on debian systems for files which are served via apache/lighty
[19:50] <RoyK> \sh: /srv is a solaris thing iirc
[19:50] <RoyK> /src is something else
[19:51] <\sh> aeh /srv i mean...I never saw it on solaris these early days..
[19:52] <\sh> and rsync with -e "ssh" is a good way to go :)
[19:52] <RoyK> \sh: you may be right - can't find /srv on these old sunos boxes...
[19:52] <yann2> so, shouldnt use /srv on ubuntu?
[19:53] <yann2> and use /var instead?
[19:53] <RoyK> yann2: yes
[19:53] <RoAkSoAx> kirkland: btw.. where you able to take a look to my PowerNAP additions?
[19:53] <yann2> ok, thanks
[19:53] <\sh> yann2: /var/www is your way to deploy web stuff
[19:54] <yann2> and for a ftp server, for example, where to put the files served?
[19:54] <yann2> /var/ftp ?
[19:55] <\sh> yann2: tbh, I didn't use ftp anymore since 1998
[19:56] <yann2> ok so I have 10 projects with 10 bzr repositories on a vm that will only do version control where should I put them ? :)
[19:56] <yann2> I was thinking of /srv/bazaar, hence the question
[19:56] <\sh> yann2: that you do...you need to set the correct user permissions then :)
[19:56] <yann2> yeah that'll be fun :)
[19:57] <yann2> thanks for your time
[20:00] <alex88> connection refused mean that server send a REJECT packet right? So it's not filtered
[20:00] <alex88> *dropped
[20:02] <RoyK> reject, yes
[20:02] <alex88> damn..probably my parallels firewall is conflicting with mine..because i'm on vps..
[20:02] <alex88> thanks RoyK
[20:07] <RoyK> alex88: either iptables -j REJECT or the host doesn't listen to that port (which will send the same ICMP message)
[20:08] <alex88> i've setup csf firewall, there are only DROP or ACCEPT
[20:14] <alex88> seems that parallels firewall check for open ports and the other are closed
[20:15] <alex88> debugging with tcpdump
[20:18] <alex88> how do i use tcpdump to extract syn packets received from a host?
[20:24] <KB1JWQ> alex88: http://packetlife.net/blog/2008/oct/18/cheat-sheets-tcpdump-and-wireshark/
[20:31] <alex88> KB1JWQ: got it, it respond with reject..damn..
[20:32] <alex88> KB1JWQ: http://pastebin.com/HTNpbs6G can you have a look here? iptables rules
[21:11]  * RoyK can't wait to get his 120TB boxes
[21:15] <alex88> there is a user "list" running some python scripts..is that normal?
[21:16] <RoyK> alex88: download chkrootkit and run it]
[21:16] <RoyK> s/\]//
[21:17] <alex88> it's runnin process: /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start
[21:18] <alex88> with child procs: var/lib/mailman/bin/qrunner --runner=ArchRunner, BounceRunner, CommandRunner, IncomingRunner, NewsRunner and others 3
[21:19] <RoyK> mailman installed?
[21:19] <alex88> oh..it's http://www.gnu.org/software/mailman/index.html...
[21:19] <alex88> well, i've installed virtualmin.. but i haven't specified to install that too
[21:21] <demonspork> I have had dpkg stop working 4 times now while installing various packages (called by apt-get) and the process refuses to die. I literally have to just let it sit for like 8 hours before it will disappear and then I can install stuff again.  I get a thing repeating in dmesg while dpkg is sitting there doing nothing: http://pastebin.com/umJbJU5c
[21:22] <alex88> sudo kill -kill dpkg-pid?
[21:22] <demonspork> yeah, does nothing
[21:22] <demonspork> tried kill -9
[21:22] <demonspork> nothing
[21:23] <alex88> same thing.. :/ semms like a segfault
[21:23] <demonspork> so how do I resolve this?
[21:23] <demonspork> it has only happened to dkpg, nothing else seems to be suffering
[21:23] <alex88> open a bug ticket?
[21:24] <alex88> i don't know what to do in those cases
[21:24] <guntbert> demonspork: could it be that you have a failing drive? (just a guess)
[21:24] <demonspork> what type of diagnostics can I run? This is a RAID 5 on an HP SmartArray 5i
[21:26] <demonspork> I checked the diagnostics that the hpacucli gives on the drives, and the only drive with errors is drive 3, which isn't even built into the array, it is currently marked as a spare and won't even spin up until it is needed
[21:28] <guntbert> demonspork: no idea to be honest, but what about a file system check? the lines with io... and wait... gave me the idea
[21:29] <wmorri> Hi, I am wondering where the sendmail.mc file is stored?
[21:32] <wmorri> I am new to setting up a mail server with ubuntu
[21:35] <guntbert> wmorri: no need for sendmail - use postfix instead
[21:35] <guntbert> wmorri: see https://help.ubuntu.com/10.04/serverguide/C/email-services.html
[21:40] <cfairles> Anyone know how to globally disable editing with "less"? I want to add it to /etc/sudoers with NOPASSWD but in a "read-only" mode
[21:48] <demonspork> so how can I kill this dpkg process. It is driving me insane - I need to do some other stuff and I can't reboot
[21:49] <guntbert> demonspork: you should try to find out what is the cause...
[21:50] <demonspork> yeah, I want to use it with a trace, and dig through that trace/submit it
[21:50] <demonspork> but I can't do that until I can run it again
[22:12] <demonspork> this is getting extremely aggravating
[22:12] <demonspork> :(
[22:12] <demonspork> how can it be impossible to kill a process
[22:18] <X-Sleepy-X> demonspork: how are you trying to kill it?
[22:18] <demonspork> kill -9, among other kill signals
[22:18] <demonspork> it has no parent
[22:18] <demonspork> it isn't a zombie
[22:18] <X-Sleepy-X> hmm
[22:18] <demonspork> it is just a dpkg process that won't die
[22:18] <demonspork> this is the 4th time it has happened
[22:19] <demonspork> I usually just have to wait several hours
[22:19] <X-Sleepy-X> weird
[22:19] <demonspork> I have to leave now
[22:19] <demonspork> :(
[22:19] <X-Sleepy-X> k
[22:19] <demonspork> be back in like 4 hours
[22:19] <X-Sleepy-X> ill be sleepin by then
[22:19] <demonspork> lol
[22:20] <demonspork> anyone with suggestions, post it in here _AND_ pm it to me if you can
[22:42] <hggdh> did we drop the option to reinstall GRUB from the ISO?
[23:03] <hggdh> mathiaz: the server ISO does not offer anymore rescue/Reinstall GRUB?
[23:03] <mathiaz> hggdh: hm - I don't know
[23:03] <mathiaz> hggdh: I haven't tested that lately
[23:03] <mathiaz> hggdh: you may wanna ask cjwatson about that feature
[23:04] <hggdh> mathiaz: I cannot find it there on either amd64 or i386, and charlie-tca just confirmed to me that the alternate ISOs have it
[23:04] <hggdh> cjwatson: ^
[23:28] <kucumber_> I'm getting "broken pipe" when I leave my dedicated server on a while
[23:28] <kucumber_> how can I stop this/