=== _Techie_ is now known as _TechAway_ [03:00] I have a hardy server with 2 x 500Gb HDD configured as a software raid1 set. The drives are almost full. I need to replace them with 2 x 2Tb drives. I have 2 sata connectors. What is the smartest way to migrate? [03:00] Is there an RTFM someone might point me at? [03:00] Put all four disks in the machine, configure a four-way RAID1, then remove the old pair and grow the array [03:01] Not enough sata connectors. === _TechAway_ is now known as _Techie_ [03:01] Then one way is to degrade the array first, then do the merge one-half of old and one-half of new [03:02] Can I remove 1 x 500Gb, add 1 x 2Tb, boot from CD, then dd the data from small to large, rinse and repeat with the other two, then bring it up, then grow it? [03:03] I suppose so, but that means your machine will be offline for the entire resync [03:03] (You wouldn't use dd from one of the 2TBs to the other; you'd just assemble the array.) [03:04] Yeah, I was thinking dd from each of the 500Gb to each of the 2Tb. [03:04] It's a mirror [03:04] there's no point doing that [03:05] You're suggesting, degrade the array, shutdown, remove 1 drive, add a new drive, add the new drive to the array, resync, degrade the array again, add the other new drive - right? [03:06] shut down, replace one 500Gb with one 2TB; bootdegraded from the remaining 500GB, add the 2TB to the array, let it resync. [03:06] Right, and then rinse and repeat. [03:06] Then, shut down, replace the remaining 500GB with the second 2TB, bootdegraded from the first 2TB, add the second to the array [03:06] Finally, call mdadm with the appropriate command to say "notice that there's more space now" [03:07] that's not enough though, you still need to expand the filesystem afterward [03:07] --grow, I think. I haven't done it for a while [03:07] whcih is an offline operation [03:07] qman__: not on ext3 [03:07] in any case, it's quite time consuming [03:07] A resize2fs *grow* takes negligible time [03:08] It's probably O(n), but the k is quite small [03:08] I meant the process as a whole [03:08] Granted [03:08] And I'm partitioning the 2Tb the same as the 500Gb? [03:09] taking more space, of course [03:09] Or am I partitioning it in the way that I want it to become? [03:09] if your 500GB is one full-size raid partition, your 2TB would be one full size raid partition [03:09] No, two partitions, swap and / [03:10] I guess that's a bad way to explain it [03:10] you want the new raid partition to be the size of the new raid [03:10] And mdadm won't choke that the partitions are not the same size? [03:11] of course not [03:11] it uses the full capacity of the smallest device in the raid [03:11] owh: the partitions on the new disks should be full size [03:11] the extra space is simply wasted until you eliminate the small disk and grow the array [03:12] Yep [03:12] Excellent, seems we have a plan. Any gotchas? [03:12] owh: the case edges are probably sharp [03:12] you will not be redundant while it's resyncing [03:12] ROTFL [03:12] qman__: Yeah [03:12] so don't do something silly like wiping your 500GB drive before everything is said and done [03:13] I wasn't intending to wipe it at all - nice offline backup :) [03:14] you'd think that would go without saying, but I've seen people do it [03:14] Any merit in making home a new partition on the new large drive. [03:14] that's why I mention it [03:14] qman__: fair enough [03:14] not really [03:14] the only reason you might do that is convenience if you wipe / frequently [03:14] or if you use encrypted filesystems [03:15] No, more from a perspective that silly users cannot fill the server / and bring it down :) === MagicFab is now known as Guest62398 [03:15] that's what quotas are for [03:15] filling home will prevent users from logging on [03:15] :) [03:16] On any multi-user system, I always make user data separate from the OS [03:16] there's certainly good reasons to do it [03:17] Yeah, this is a *historic* server and I'm trying to regain some composure while attempting to avoid shooting my foot off with a large cannon. [03:17] but it's not a necessity, and it will involve more downtime [03:17] up to you [03:17] Of course, I'd also be using LVM [03:17] This will be over the weekend, so I'm expecting to at least have the server up and syncing in 48 hours, down-time over the weekend not so much an issue. [03:17] resyncing 2TB can take considerably longer than 48 hours [03:18] twb: I've been shy to use LVM, last time I used it, it ate my data. [03:18] qman__: Only 500Gb, not 2Tb. [03:18] Hi all, can someone tell me which Firewall Jaunty came with? [03:18] katronixserf: linux only has one firewall: netfilter [03:18] oh ok, not iptables? [03:18] iptables is the UI for netfilter [03:19] and UFW is a frontend for iptables [03:19] Right [03:19] owh, I see three resync operations, 500GB to the first 2TB, 500GB to the second 2TB, and then the expansion operation [03:20] qman__: the third isn't a resync [03:20] qman__: Right, but I only need to be on-site for the first one, since I'll need to reboot before 1, between 1 and 2, the rest shouldn't affect connectivity. [03:20] does: http://pastebin.com/vKRMSptr mean nothing is blocked? [03:21] that's true, I'm forgetting this is raid 1, not raid 5/6 [03:21] katronixserf: in the filter table, yes. [03:21] I added two drives to a raid 5 and it took over three days to finish expanding [03:21] katronixserf: you could be doing something silly in the nat, mangle, raw tables, etc. [03:21] How much should I budget for the first 500Gb sync? [03:22] haven't touched it, tried running an app that connects using port 9000, and wanted to see if it was being blocked or not [03:23] katronixserf, ubuntu has, by default, an accept all policy with no rules [03:23] in essence no firewall, just the kernel modules [03:23] k [03:24] owh, that depends a lot on how fast your disks are [03:24] I'm going to take a fairly safe guess at 80MB/s [03:24] if you tweak the kernel to allow full speed syncing, that would theoretically be the same as a flat dd [03:25] quick calculator suggests about 2 hours [03:26] So, double it, add 1 for good measure, 5 - that's doable :-) [03:27] but yeah, make sure you tweak the kernel during the resync [03:27] How? [03:27] it has settings that slow it down to prevent excessive iowait during operations on an active server [03:27] Which RTFM should I consult? [03:27] http://www.cyberciti.biz/tips/linux-raid-increase-resync-rebuild-speed.html [03:28] Niice [03:29] if you just set them absurdly high it'll go full speed [03:29] no need to change any configuration, just echo to proc [03:29] It won't lock the console? [03:29] no [03:29] Excellent. [03:29] the system's actually quite responsive [03:29] * owh guesses that booting in single mode would be a GOOD IDEA. [03:30] I did on mine [03:30] Yeah, as I said, no users to worry about :) [03:30] you don't have to, but I wasn't taking any risks [03:32] I've heard suggestions, in addition to those uttered by twb to use LVM, but as I said, last time it ate my data - very, very unhappy, since it didn't eat it when I did it, just later when the users were actually using the system. As luck would have it, right before the regular backup :( [03:32] Any comments about why I should consider LVM? [03:33] Because it allows you to resize partitions on the fly, and to move them between disks -- without an outage [03:33] In particular, it allows you to allocate only (say) 2GB to / and 10GB to /home, and increase this later when the users whinge [03:34] So this would be useful in a high-availability environment, not so much in a - we can fix it on the weekend environment? [03:35] In essence, I'd be adding another layer of abstraction between the os and the drive - right? [03:38] you use LVM basically instead of partitioning, though with a RAID the order is different [03:38] in non-raid, it goes full-disk partition, LVM, filesystems [03:39] in raid, it goes full disk partition, mdadm, LVM, filesystems [03:41] I understand. I cannot do a full disk partition software raid with 2 sata connectors and only two drives - or did I miss something? [03:41] you could [03:41] but it would be very difficult to convert what you have to that [03:42] or at least a lot more difficult than if you could hook all the drives up [03:42] also of note, I normally put /boot outside any LVM or raid to avoid any hassles with grub [03:43] but 255MB off the size of the raid is insignificant with today's disk sizes [03:43] Well, theoretically I could connect the sata drives via two sata/usb adapters, but I'm not sure what that gains me, other than a slower resync. [03:44] s/slower/much much slower/ [03:44] yeah, looking at about 40MB/s if each disk is on a separate controller [03:45] In return for time, do I get some other benefits that don't appear obvious to me? [03:47] well, you don't have to open your server as many times [03:47] and normally, it would be a time saving operation [03:48] Other than that the first resync would take much longer and I'd still need to be there to do the final swap. [03:50] Well, this has been enlightening, thanks qman__ and twb, much appreciated. === _Techie_ is now known as _TechAway_ === _TechAway_ is now known as _Techie_ === Pilif12p is now known as Pilif12p|afk [04:48] which package provides cmp? === _Techie_ is now known as _TechAway_ [04:54] katronixserf: diff [04:55] katronixserf: dpkg -S or apt-file will tell you [04:55] twb: dpkg will only tell if you have it already installed. === _TechAway_ is now known as _Techie_ [04:59] owh: hence apt-file [05:01] twb: Fair enough :) [05:10] If I have a hardy NFS server and a bunch of harder workstations, and I want user quotas, do I need to install "quota" on the client machines? [05:10] IIRC I only need to install it on the server itself, and that's only to modify/inspect quotas -- the actual quota enforcement is entirely done in the kernel. === _Techie_ is now known as _TechAway_ [06:46] hello [06:46] I'm having an issue with the installer cd getting stuck at "Configuring linux-image-2.6.35" [06:46] did a verification and the cd integrity said perfect [06:47] this is the 10.10 edition [06:49] * RoyK += 0xc0ffee [07:02] i am trying to generate a multidomain ssl, but when i visit second domain firefox reports that cert is only valid for domain1, http://pastebin.com/1ANmNUKY === twister004_ is now known as twister004 === _TechAway_ is now known as _Techie_ [07:08] even tried with: http://pastebin.com/pXV5krTk (new conf at bottom) [07:11] updated pastebin: http://pastebin.com/Cwq89rRX [07:21] further updated: http://pastebin.com/7gz03Mrt seems like method 1 doesn't work at all [07:43] anyone here work with sheepdog ? === _Techie_ is now known as _TechAway_ [08:32] what is the best place to add a location to path for all users? [08:43] <\sh> a_ok: /etc/login.defs ? [08:45] \sh: well accourding to the documentation I just found /etc/envirionment. never knew of login.defs [08:46] <\sh> a_ok: yes that's also possible...depending on when and where you want to use the paths [08:47] a_ok, environment is the recommended place, there are other places as well, but conventionally /etc/environment has been used to define global settings such as PATH, HTTP_PROXY, JAVA_HOME, etc [08:48] \sh: when do I want to use login.defs? === Barre_ is now known as Barre === MenZa is now known as lhavelund [09:36] can anyone point me to the location upstart logs process output to by default? [09:36] I can't seem to find this anywhere [09:47] hello, I have ubuntu-server 8.10 installed and configured on server, and I moved the os disk to another server and it's not working, when the kernel starts it ends up with errors in modprob and starts initramfs, any help what to do ? === _TechAway_ is now known as _Techie_ [10:18] hi all [10:18] I can't make samba with printer to work [10:18] I am running on ubuntu 10.04 [10:19] I have strange this error: [10:19] [2010/10/27 11:17:06, 0] smbd/server.c:1115(main) [10:19] standard input is not a socket, assuming -D option [10:19] any idea? [10:22] hi guys.. during ubuntu 10.04 server installation, i selected 'do not update'and now, when i do an 'apt-get install ', it gives the following errors: "Couldn't find the package".. please advise if there is anything i can do to prevent this [10:23] i have uncommented entries in the sources.list file [10:25] is there anyway i can see how much data my server has transfered to a certain ip === _Techie_ is now known as _TechAway_ [10:27] <_bt> twister004: suso apt-get update [10:27] <_bt> sorry "sudo" [10:29] i did that [10:31] i get errors... Failed to fetch http://us.archive.ubuntu.com.......... Hash Sum mismatch [10:35] twister004: Are you behind a proxy? [10:35] no [10:35] i did a apt-get clean [10:36] and ... apt-get update && apt-get upgrade [10:36] seems to be downloading something [10:39] twister004: Try: sudo apt-get -o Acquire::http::No-Cache=true update [10:40] yes.. i did that [10:40] With the No-cache flag/ [10:42] yes [10:42] Righto. [10:42] it's downloading some stuff now... [10:42] ill try downloading the app and check [10:42] thanks a lot!!! === NG_ is now known as ng_ [11:32] http://lackrack.org/ [11:32] haha, this is nice idea ;) === ng_ is now known as NG_ [12:21] I have a 10.04 with snmpd on it. every time there's a request from another machine, the snmpd daemon writes a log entry "Connection from UDP etc etc". how can I disable that? [12:41] cemc: http://raetsel.wordpress.com/2008/02/15/snmpd-filling-up-varlogmessages/ [12:41] cemc: alternatively filter these messages in your syslog daemon [12:43] joschi: mhm, thanks. found it in the meantime [12:44] running cap deploy, it asks for my git user pass twice, then just goes "Password:" and no matter what I type in I get permission denied [12:44] any ideas as of what I'm doing wrong? :| === MagicFab is now known as Guest84101 [13:42] hi, i'm having a problem destroying a machine; it says it times out. [13:42] what do i do to kill it? [13:43] i'm using libvirt's virsh with kvm [13:43] AndyGrayBeal: A virtual one? [13:43] Ah [13:43] yes, no power button on this guy [13:44] AndyGrayBeal: I'm having issues shuting down the machine, not destroying it [13:44] yea, i can't connect, shutdown or destroy :( [13:44] if there was a virtual knife ..... [13:44] AndyGrayBeal: No idea. Are you controlling a remote kvm or local one? [13:44] local [13:45] the other virtual machines are running just fine [13:45] AndyGraybeal: ps -ef|grep kvm [13:45] :D [13:46] and how you kill processes? [13:46] AndyGrayBeal: You can destroy them using virt-manager [13:47] k5673: i've tried tht too.. it acts the same as virsh [13:47] and yup with virt-manager you can see their console as well [13:47] binBASH: i can't connect to it [13:47] you can't connect to it with virt-manager? [13:47] weird ;) [13:48] yea, virt-viewer doesn't work either [13:48] or do you mean, virt-manager is unable to connect to your libvirt daemon? [13:48] So, there's your problem [13:49] virt-manager connects to libvirt fine, i can connect to my other machines just fine. they are all running just fine. [13:49] AndyGraybeal: can you see anything running virsh --connect qemu:///system list [13:49] AndyGraybeal: ? [13:49] yes, that works stupendously. [13:49] ok [13:49] AndyGraybeal: OK [13:49] it's specifically one machine that times out [13:49] binBASH: i will try to destroy the process now [13:49] yup [13:50] try it [13:50] then restart the machine in virt-manager and open the console [13:50] maybe you can see what's the issue [13:51] that appears to have worked. [13:51] hey all anyone here use virt-manager and know the trick to getting a virt-manager graphical console to the dom0 is? just simply instaling a vnc server on dom0? something else? Ubuntu 10.04 for virt-manager but Debian Lenny dom0's [13:51] AndyGraybeal: Maybe is an issue with the ACPI support for your guests [13:51] k5673: i'm not sure, it's ubuntu 10.04 on ubuntu 10.04 [13:51] morning [13:52] morning [13:52] AndyGraybeal: It can be possible [13:52] AndyGraybeal: May be. [13:53] AndyGraybeal: Remember. The destroy feature lis like unplugging the power cord from the wall. Or pressing the power button for 4 seconds. That behavior is controlled by ACPI [13:53] well it has worked fine until today [13:53] this morning [13:54] AndyGraybeal: Can you see ACPI errors in dmesg | more, inside your guest? [13:54] lemme look [13:54] AndyGraybeal: Ah [13:54] AndyGraybeal: It's just an idea... [13:54] nope no errros in dmesg [13:55] AndyGraybeal: Mmmmmmm [13:57] it's working now, killing the process allievated whatever issue was happening. [13:57] :) [14:05] AndyGraybeal: What process? KVM? [14:11] New bug: #667269 in samba (main) "winbind crashes" [Undecided,New] https://launchpad.net/bugs/667269 [14:22] Anyone ever bought a SSL certificate? I bought one yesterday from Godadddy but its PENDING. Anyone know how long it takes till i can use this SSL certificate on my server? [14:36] garymc: i want to buy some from startssl [14:37] pending? what kind of cert did you get? normally it's like a few min [14:37] unless you get one that needs some kind of background check [14:39] I got the best one they did [14:39] they say they are doing checks [14:39] taking ages pissing me right off === oubiwann is now known as oubiwann-away === oubiwann-away is now known as oubiwann [15:57] I accidentally chmod -R 777 / [15:57] am I fucked? :| [15:57] use the undo command :) [15:57] sorry, what? [15:58] I have nothing that runns from 'undo' [15:58] I'm joking [15:58] :| [15:58] pretty much, going be annoying as hell to fix [15:59] chmod SHOULD have an undo command :P [15:59] that would be your filesystem :) [16:05] (I did the same some 9 years ago on a live production system.) Did the command complete, or did you interrupt? [16:07] it completed === oubiwann is now known as oubiwann-away === oubiwann-away is now known as oubiwann [16:24] how can I get a user to have access to raw disks? [16:25] I added the user to the disk group, but it's just not going === NG_ is now known as ng_ [16:36] MrWise: i recommend a re-install [16:37] ah fixed it, had to reloging to notice the new group [16:57] does anybody know if the pure-ftpd package is still in a repository? [16:57] I got smbd INTERNAL ERROR: Signal 11 I tried to get a gdb backtrace of the smbd process [16:57] i clearly installed universe, but it gives me a cant find package error [16:57] http://dpaste.com/265175/ but i am not familiar with those symbols [16:57] http://paste-it.net/public/p84f849/ === rmaccloy_ is now known as rmaccloy [16:57] Reyuken: did you try packages.ubuntu.com ? [16:58] hmm [16:58] ill try adding that one [16:58] no check the http://packages.ubuntu.com [16:58] how intensive is it for rsync to sync a directory of thousands of files to an ftp every 5 seconds or so? [17:00] Reyuken, I found pure-ftpd package in lucid/universe [17:01] i Think i added that one [17:01] as shown in the paste-it above [17:02] anyone? we are doing something similar on windows with a 3rd party utility, and we know the rsync algo is pretty fast. [17:02] just not sure how well it handles large batches of < 1KB files. [17:03] etcetera, depends [17:04] it syncs millions of files for me pretty damned quick [17:04] it's harddrive intensive though, if all those files metadata doesn't fit in ram [17:05] patdk-wk: yea, not near millions of files. [17:05] we clear out stuff older than a day every day. [17:05] maybe thousands, < 100K / day. [17:05] Reyuken, you try 'sudo apt-get update && sudo apt-get upgrade' after adding them? [17:05] what I don't know is exactly how much bandwidth that will use up [17:06] using unison instead, will keep bandwidth down to basically nothing, if files don't change === rbnicknej is now known as jenkinbr [17:15] patdk-wk: right we are only syncing new files. [17:16] doesn't matter if you sync only new or not [17:16] it still has to check the metadata to know what is new or not [17:17] right, obviouly you're IO bound. [17:20] na, I'm not io bound, my metadata fits in ram nicely, and stays there :) [17:21] patdk-wk: how does it get disposed? [17:21] disposed? [17:21] it's cache data, if the system needs the ram for something else, out it goes === jenkinbr is now known as rbniknej [17:28] WTH.... i just had a db consultant tell one of my clients that Ubuntu is not good for a MySQL environment [17:29] most people are stupid, let the benchmarks speak for your specific use case. [17:29] etcetera: this was Percona.... the "MySQL Experts" [17:36] LowValueTarget, BestPractical uses latest Ubuntu to host their site (rt3 authors) [17:38] everyone has their own agenda [17:43] Reyuken, you try 'sudo apt-get update && sudo apt-get upgrade' after adding them? [17:43] hah that, works, thanks alot! [17:44] im such a newbie when it comes to linux [17:48] where should i write about wrong information in ubuntu server guide? [17:48] LowValueTarget: who cares? [17:48] I plan on using postgres + ubuntu on the server. [17:49] and Windows on the web server. [17:49] ciastek: is it on the wiki? [17:49] etcetera: just bothers me [17:49] it's appropriate for my use case and by budget. [17:49] you can just fix it [17:49] let them show you why. [17:49] we deploy hundreds of ubuntu servers [17:49] i just called them asking for benchmarks... none [17:49] must be the consultants personal pref [17:49] ciastek: asommer can help you but we're at UDS this week so not on irc so much. If it's on the wiki and wrong dive in and fix it. :) [17:50] When i try to do /oper on my ircd-hybrid server i always get wrong password even if i wrote right password, someone had this problem before? [17:50] jcastro: it's not wiki, but i've found launchpad page for ubuntu-docs, so i fill a bug here [17:50] jcastro: thank you [17:50] LowValueTarget: what do they prefer? [18:02] can i ask an openssl related question here? [18:27] I would like to install a mailserver (pop3, smtp), what is the best way to do it? [18:29] tax, https://help.ubuntu.com/10.04/serverguide/C/email-services.html [18:30] k5673: thnak you for your help yesterday, i succeeded in my firewall made of squid firestarter and dansguardia [18:30] tax, i think dovecot is the most popular for an MDA, i dont really know though, i use postfix for an MTA [18:33] is anyone using zimbra on ubuntu? [18:33] the server component. [18:39] hey, i'm looking for a torrent client for on my server, so it needs an webinterface. but google isn't really helping, any ideas? [18:39] lieuwe: mldonkey [18:40] cfairles: can you have the same users on the both of them? [18:41] lieuwe: transmission-daemon provides a web interface. [18:44] does anyone know how to use exim? [18:46] tax:OK [18:52] hi people. I upgraded libc6 from backports, but now I want to downgrade. when I say "apt-get remove libc6" ubuntu wants to remove half of my server. any suggestions, please? === _TechAway_ is now known as _Techie_ === _Techie_ is now known as _TechAway_ [18:56] progre55, disable backports and may be try apt-get install --reinstall, not sure if that will work or not [18:57] progre55, using backports/proposed on production environments is really a good idea btw === _TechAway_ is now known as _Techie_ [18:59] thanks, I'll try that [19:02] Error404NotFound: now when I open the link, it's offering me the php file to download.. I think I've broken some config files.. [19:03] it's actually a phtml file [19:03] progre55, which link? [19:04] progre55, webserver? make sure you have php module loaded, try apache2ctl -l, that small "L" [19:05] Error404NotFound: actually, I have the php mod enabled, just forgot to add .phtml to AddType in the apache conf file =) [19:05] progre55, that was "apache2ctl -t -D DUMP_MODULES" to list all modules [19:05] progre55, aah, great [19:06] so it works now? [19:06] sec, let me try restarting it now [19:10] Error404NotFound: well, still now working === _Techie_ is now known as _TechAway_ [19:10] and there is php5_module loaded [19:16] progre55, are you using userdir? [19:16] in apache? [19:16] progre55, yes [19:17] Error404NotFound: no [19:17] progre55, what if you try with a .php instead of .phtml? [19:19] Error404NotFound: oh, it's working.. I guess it was my browser cache =) [19:19] when I opened it with a different browser, it works fine [19:19] progre55, good.. [19:19] Error404NotFound: pardon my ignorance =) [19:19] Error404NotFound: thanks a lot for the support [19:19] progre55, at these times using Incognito/private browsing mode, thats good for testing [19:20] I'll consider that, thanks [19:52] is ubuntu one really running on IIS? [19:53] i got IIS's error at one point [19:53] it's powered by 7digital, so i guess it's their server [20:04] when i do usermod -d it strangely tells me the user is currently logged in [20:05] but the who command only shows root as logged in ? [20:06] is it possible to set up an samba share so that it's password protected? [20:08] heh? you can password protect stuff? [20:08] normally you just limit users to shares, then the user is required to enter their password, therefor protected === _TechAway_ is now known as _Techie_ [20:10] patdk-wk: indeed, but there are three shares. two of which should only be accessible to the lan, one of which should be public and have a pw [20:10] so? [20:10] patdk-wk: i don't want the two lan shares to have a password [20:11] lieuwe: still running with security = share? [20:11] RoyK: yes, my parents need to acces it and they forget passwords like shit [20:11] lieuwe: you can't combine share security with authentication [20:11] RoyK: sure? no way to do something like this? [20:11] but you can easily make a guest user :) [20:11] not that I know about [20:11] FFFUUU [20:12] RoyK: thanks :-3 [20:12] lieuwe: create a user guest passwd guest [20:12] allow that user access to the 'public' areas [20:12] set security = user [20:12] case closed [20:12] this is where I don't know about samba that much [20:12] RoyK: too difficult for my peeps :-/ [20:12] but can you limit a user login to source ip's? or share access based on ip? [20:12] that would fix it up fine [20:12] bad user = guest [20:12] lieuwe: just save the password on their boxes while mapping the shares [20:13] allways use security = user [20:13] hmehhhmmmmmpfffffffffffff [20:13] patdk-wk: you can only allow/disallow from IPs [20:13] RoyK: ip ranges? [20:13] I know, but he wants to allow/disallow shares [20:13] the shares that have guest [20:14] so that would work [20:14] <_Techie_> does samba allow for authentication on a per IP basis? [20:14] ivoks: he was on some time back and wanted to know how to share to everyone in the household, so I told him security = share will _turn_off_ auth, which was what he wanted at that time [20:14] unless the allow/disallow is samba global [20:14] _Techie_: not that I know [20:14] RoyK: even that's bad [20:14] RoyK: vista and 7 probably won't work with that setup [20:14] ivoks: it's a choice [20:15] ivoks: it does [20:15] map to guest = Bad User [20:15] if you have a share that need auth [20:15] and a share that doesn't need it [20:15] then set up security = user [20:15] and for public shares add [20:15] map to guest = Bad User [20:15] that's it [20:15] hmm [20:15] ivoks: samba will still ask for auth for those connections [20:15] it won't [20:16] maybe I am reading this wrong [20:16] so: [20:16] "but there are three shares. two of which should only be accessible to the lan, one of which should be public and have a pw" [20:16] [global] [20:16] security = user [20:16] that mean two for local network with guest access, and one world accesable? [20:16] [private_share] [20:16] guest ok = no [20:16] [public_share] [20:16] guest ok = yes [20:17] map to guest = Bad User [20:17] ivoks: that will still ask for authentication [20:17] patdk-wk: no, the two lans should be without pass, and the global one with [20:17] depends on your client [20:17] ivoks: also, please use a pastebin for that sort of multiline output [20:17] lieuwe, yes, but what is the definition of GLOBAL? [20:17] world wide over the internet? [20:17] depending on the policy set, many versions of windows will simply auth as guest [20:17] cause that doesn't work [20:17] patdk-wk: world wide [20:17] won't work [20:17] which has caused me all sorts of trouble in the past [20:17] use a vpn [20:17] patdk-wk: why wont it work? [20:17] yeah, you can't use samba over the net directly [20:18] * RoyK wonders what some people in here are smoking [20:18] it's not a routable protocol [20:18] wtf [20:18] hehe [20:18] why not? seems awfully limited [20:18] most isp's block the ports samba uses, for good purpose [20:18] well, it is routable, but yeah [20:18] <_Techie_> qman__, i could prolly get samba working on the net, but have no needd for it [20:18] the name service isn't [20:18] <_Techie_> quite easily [20:18] and most places block it [20:19] <_Techie_> port 445 [20:19] qman__: netbeui is not routable, but samba uses this protocol called IP, see, so it's routable [20:19] * patdk-wk doesn't use winserv [20:19] http://pastebin.com/3A3gv5sk [20:19] this works [20:19] those that don't belive, read smb.conf or try [20:19] of course, add other variables [20:19] ivoks, yes, but that doesn't answer his question :) [20:20] getting that public share to work with user auth, over the internet :) [20:20] over the internet? [20:20] yep [20:20] smb over the internet? [20:20] do not do that [20:20] even if you could, it's still a bad idea [20:20] period. [20:20] use sftp [20:20] okay, i get the point, never mind :P [20:20] if you need something like that, setup webdav [20:20] i better just host some files using apache then... [20:21] * patdk-wk just uses ipsec/openvpn/.... [20:24] hi guys. [20:24] what's the "right" way to install an init script ? [20:24] SMB/CIFS over the internet is a PITA - the protocol is so chatty it'll slow down your multimegabit connection down to a single B-channel ISDN link for random access [20:24] I'm reading insserv manual, and I don't see examples of usage. [20:25] is insserv "the" way ? or update-rc.d ? [20:25] (I'm on 10.04) === zul__ is now known as zul [20:25] well, 10.04 is most of the way changed over to upstart [20:25] qman__: so ... what do I do ? [20:25] so only a few straggling init scripts left [20:25] sobersabre: copy it in /etc/init.d/ and then update-rc.d [20:26] ivoks: but I looked in /etc/rc2.d and it has SO few scripts in there. [20:26] so, I assume more scripts have been invoked, because of some changes. [20:26] and I haven't been in sync with this. [20:26] sobersabre: ubuntu is moving to upstart [20:26] sobersabre: those are in /etc/init/ [20:27] ivoks: so what do I do, how do I use upstart ? [20:27] I ran insserv, and got many warnings, loops, etc. [20:27] the entire sysvinit in 10.04 is just compatibility [20:27] does anybody know how to create a user with ftp access to / ? [20:27] i administred debian/ubuntu systems for more than a decade [20:28] i've never used insserv :) [20:28] i know i shouldnt change a users home directory to / [20:28] you shouldn't be using ftp [20:28] never used insserv also [20:28] ivoks: I am running the script as S99 and it's supposed to be the last. [20:28] but it IS NOT running the last. [20:28] sobersabre: it's not the last [20:28] sobersabre: Why does it need to be last? [20:28] especially if you're not locked down to a chroot [20:28] sobersabre: i told you, ubuntu is moving to upstart [20:28] i just want something to move files over easily to my server [20:28] upstart works differently [20:29] ivoks: I'm at its homepage. [20:29] ftp would be a good option imo [20:29] Reyuken, use sftp [20:29] it's part of SSH, which you probably have anyway [20:29] sobersabre: look at some examples in /etc/init/ [20:29] how do I upstart myself ? :) [20:29] and, FTP is never a good option [20:29] init! [20:29] ok. [20:29] moment. [20:29] sobersabre: figure out what your program requires to start [20:29] sobersabre: Again, why does it need to be last? [20:30] soren: I don't have time to investigate who it depends upon. [20:30] sobersabre: What is it? [20:31] if it runs manually after the system has been up [20:31] soren: it's a secret :) [20:31] it brings up a bridge and nas interface [20:31] sobersabre: But if you don't know what it depends on, put it in S99, add a "sleep 3600" to the top, and you should be fine. [20:31] Reyuken, http://mywiki.wooledge.org/FtpMustDie [20:31] then it starts after networking [20:31] Probably. [20:31] I assume it should be after $network. [20:31] heh [20:31] start on started networking [20:31] done [20:31] OK... I'll copy from ssh. [20:32] ssh doesn't start after network [20:32] cause ssh is smart; it detects network changes :) [20:32] oh my, using my root account details via sftp brings me to the root directory automaticly [20:32] problem solved i guess [20:32] /* [20:33] or, created :) [20:33] ivoks: yep. so assuming I did modify ssh.conf to this thing, do I need to install anything, or is it supposed to work as soon as this script has been created ? [20:34] sobersabre: restart ssh [20:34] <_Techie_> Reyuken, rm -R /* [20:34] <_Techie_> JK [20:34] ivoks: no, it's not ssh :) [20:34] btw, what's the best place to learn how to write upstart files? [20:34] lol [20:34] then start your_service [20:34] yep. [20:34] now, questions... [20:34] expect fork. I don't run daemon... I removed this. OK ? [20:34] respawn, don't run daemons. [20:35] removed. [20:35] im still incapable of changing home directories though, usermod just keeps telling me that the user in question is logged in :/ [20:35] sobersabre: http://upstart.ubuntu.com/wiki/Stanzas [20:35] <_Techie_> Reyuken, usually if you have the godly root access, then it shouldnt matter [20:35] yann2: start with existing jobs in /etc/init/ and look at http://upstart.ubuntu.com/wiki/Stanzas [20:36] btw. soren good tip with that cloud stuff, I didn't buy many servers now :D But it took 4 weeks to adopt software :) [20:36] i kinda prefer to put everything under a ftp folder of some kind [20:36] instead of lots of folders in home [20:36] OK. [20:36] bookmarked, cheers, that'll be useful :) [20:51] is there no longer a #ubuntu-virt room? [20:51] No. [20:51] (and they're called channels) [20:52] I'm trying to find a good example of how to take advantage of qemu overlays, but I'm not using virt-manager [20:53] I created the virtual machine with vmbuilder and I use virsh to manage it === _Techie_ is now known as _TechAway_ === luis__lopez is now known as luis_lopez [20:59] Yo! [21:00] soren: vmbuilder can not build maverick guests in lucid. ALready updated the packages. [21:00] Why?! [21:00] Because it sucks. [21:01] :) [21:04] hi, i've setup the vsftp server, i'm in a folder owned by user, connected as user.. but it says permission denied for upload (i can connect and download) [21:05] how do i troubleshoot this? [21:07] no one? [21:08] vsftpd.conf [21:12] oh..write_enable was default.. === ng_ is now known as NG_ === rhys_ is now known as rhys [23:21] if i have a libvirt/qemu/kvm system with a couple of virtual machines, what is the best way to peridocly backup the guest systems to a remote server? [23:26] or is there any other way then to transfer the disc images as they are? [23:26] im hoping for a incremental backup alternative [23:32] benedikt: Well, you can backup from within the guest using rsync. Alternatively you can shutdown/suspend the guest and backup the disc image. I'm using OS X as my host with a sparse-bundle disk image where all my virtual machines are stored. Time machine (rsync gui) does the differential backup, since the sparse-bundle is a collection of disk blocks in a directory structure. [23:32] I've also heard of LVM snapshots being used for this purpose, but I have no experience with it. [23:32] owh: but the problem is that I dont have access to all of the guest systems [23:33] (but they are not mission critical anyways) [23:33] so regular backup it is [23:33] You could store all the images for each machine on an LVM volume and snapshot that, but I have no personal experience with that. [23:34] neither do i [23:34] im not even using lvm [23:34] Google: http://tldp.org/HOWTO/LVM-HOWTO/snapshots_backup.html [23:35] More: http://rhcelinuxguide.wordpress.com/2006/06/03/what-is-a-logical-volume-manager-lvm-snapshot-and-how-do-i-use-it/ [23:42] hey, i have inherited a network that has 10 vlans on eth.111, eth.112, etc - I want them all to share a common subnet - how can this be made possible? [23:44] and what is a proxy network?