[00:24] <VladGh> I installed dk-filter and opendkim and I keep getting this error Sendmail DomainKeys Filter: Unable to create listening socket on conn inet:8892@localhost / smfi_opensocket() failed
[00:24] <VladGh> it's not the first time I install this combination, but it is the first on EC2
[00:25] <VladGh> Does the EC2 Ubuntu Ami have some kind of permission for creating listening ports?
[00:36] <erichammond> VladGh: Should be same as normal Ubuntu server in this regard.  Is something already listening on that port?
[00:36] <VladGh> erichammond: netstat --listen shows nothing
[00:37] <VladGh> I just tried SOCKET="inet:54321" instead of SOCKET="inet:54321@localhost" and I think it will work
[00:43] <allowoverride> im out l8
[00:45] <VladGh> nope, without localhost postfix gives now "fatal: host/service localhost/54321 not found: Name or service not known"
[00:51] <ehcah> can Ubuntu Server be configured to match the capabilities of a product like FreeNAS?
[00:55] <twb> I'm not familiar with FreeNAS, but theoretically Ubuntu can be configured in just about any way.
[00:58] <ehcah> twb:  FreeNAS, OpenFiler, unRAID, EON are all packaged NAS solutions.
[00:59] <ehcah> I have 2 ubuntu Servers running in my basement rack already.  I'm trying to see if I could build a scalable solution using ubuntu.
[01:00] <twb> If you're just asking "can Ubuntu Server be a NAS" -- yes, it can
[01:01] <ehcah> LOL... I know it can.  I'd like to find someone who can offer some real world experience.
[01:11] <twb> I use it as an SBS replacement
[01:11] <twb> i.e. acting as a centralized auth/file/print server
[01:14] <qman__> the biggest problem I have when trying to replace windows servers is directory services
[01:15] <qman__> LDAP is such a PITA to configure and use
[01:19] <twb> qman__: and krb
[01:19] <twb> Last time I got LDAP working w/o SSL or krb.
[01:19] <qman__> yeah
[01:19] <qman__> we desperately need a ready-to-go directory services package
[01:20] <twb> That's what I liked about NIS
[01:21] <twb> It is LITERALLY just a matter of installing it and setting the domain name (which has a debconf prompt().
[01:21] <twb> For the server side, you also have to tell it to be a server in /etc/default/nis, but that's it.
[01:22] <twb> Unfortunately, you can only use NIS on "ultimately trusted" networks.
[01:49] <latenite> Hi flks, "update-grub" is not adding my custom kernel to grub2? What am i doing wrong? http://pastie.org/1283313
[02:02] <twb> latenite: if you're referring to bzImage_0 -- it's not named correctly.
[02:08] <latenite> twb, what woudl the name have to be like?
[02:08] <twb> Well, like the one that's in there
[02:09] <latenite> twb, vmlinuz-SOMETHING ?
[02:11] <twb> Just so
[02:17] <latenite> twb, thanks mn , that did the trick :)
[02:17] <twb> You should build your kernels with "make deb-pkg"
[02:17] <twb> It will generate .deb you can install.
[02:17] <latenite> now I get kernel panic "VFS: unable to mount root fs on unknown-block(2,0)"
[02:18] <twb> That's probably because you have no ramdisk.
[02:18] <latenite> I have my filesystems build in * and NO iniramfs
[02:18] <twb> Or because you didn't compile something in.
[02:18] <latenite> well what could me missing? filesystems are build in for sure :)
[02:18] <twb> You cannot use root=UUID=... or root=LABEL=... without a ramdisk.  You must pass the raw device name (e.g. /dev/sda1), which can change.
[02:20] <latenite> twb, oh, I did not know that. why is that so?
[02:22] <twb> Because they require udev
[02:22] <twb> Without a ramdisk, the only way to get to udev is via the root filesystem.  So you have a cyclic dependency.
[02:23] <latenite> twb, oh that makes sense :)... well than I just add ramdisk to my kernel?
[02:24] <twb> I suppose so.
[02:24] <twb> 13:17 <twb> You should build your kernels with "make deb-pkg"
[02:25] <latenite> twb, what is that for?
[02:25] <twb> Because I told you to
[02:26] <latenite> twb, I never had a ramdisk. How do I create one?
[02:26] <latenite>  :) ok I will
[02:26] <twb> By doing "make deb-pkg", then installing the resulting .deb.
[02:26] <twb> If you do it that way, the ramdisk will be generated automatically.
[02:27] <latenite> twb, so in /usr/src/linux/ I do "make dep-pkg && make modules_install" ???
[02:27] <twb> No
[02:27] <twb> Just "make deb-pkg".
[02:28] <latenite> twb, is there a place to read about "dep-pkg" ?
[02:28] <twb> It's DEB-PKG, not DEP-PKG
[02:28] <twb> Because Ubuntu is really rebadged Debian.
[02:30] <latenite> twb, ok id did "make deb-pkg" now whats next? there is no new vmlinuz file in /boot noe a ramdisk anywhere.
[02:31] <twb> The package will be placed in /usr/src.
[02:31] <latenite> oh then i do
[02:31] <latenite> dpkg -i $pakage ?
[02:32] <twb> Just so.
[02:32] <twb> Re. documentation, see /usr/src/linux/scripts/package/builddeb and http://kernel-handbook.alioth.debian.org/
[02:32] <latenite> twb, there is also a new "linux-firmaware-iamge.bed" what s about that?
[02:33] <twb> dpkg -I foo.deb describes packages.
[02:34] <latenite> twb, ist sais it conatisn firmware from the kernel. Do I need that? If so, what for?
[02:35] <twb> You need it if you have hardware that needs that firmware.
[02:36] <twb> The linux-firmware-image .deb will not be generated if your custom kernel has all firmware options disabled.
[02:37] <twb> Incidentally, WHY are you trying to use a custom kernel?
[02:38] <latenite> twb, because I have a soundcard that is not in the default kernel
[02:39] <twb> Please pastebin the output of "lspci -nn".
[02:41] <latenite> http://pastie.org/1283405
[02:42] <latenite> ICE1712 is what I need to build in *
[02:49] <twb> Try pasting it into http://kmuto.jp/debian/hcl/
[02:50] <twb> I'd do it myself but that site is broken in my browser :-/
[02:51] <latenite> WHAT exactly do I pate in there?
[02:51] <latenite> ICE1712 results in error
[02:54] <twb> The full output of lspci -nn, as it tells you to
[02:55] <twb> It'll tell you what kernel version (in Debian) added support.  It should be about the same for Ubuntu.
[02:58] <latenite> twb, ok. Say how would I get the kernelconfig from ubuntu custom kernel...to have a sane starting point?
[02:59] <twb> latenite: *I* would do it by copying /boot/config-X from the existing Ubuntu kernel
[02:59] <twb> Also, "make localyesconfig" will change all modules currently in use (on the build host) to =y.
[03:00] <twb> Also, "make localmodconfig" will change all modules currently UNUSED (on the build host) to =n.
[03:03] <latenite> twb, wow thats a cool way :) nice
[03:05] <twb> Yes, it is super nice
[03:05] <twb> It's not perfect, e.g. within snd-hda-intel it can't autodetect which codecs to turn on/off
[03:06] <latenite> is that debian/ubunut OR kernel way of editing .config? in other word will that work on oterh distros too?
[03:07] <twb> That's a feature of the upstream kernel
[03:07] <twb> It should work anywhere, from about .35 onwards
[03:07] <latenite> upstream?
[03:07] <twb> i.e. the mainline linus-2.6 repo
[03:07] <latenite> ahh ok
[03:11] <latenite> man thanks for al your help :) ....this ubuntu default kernel build for ever... :) I guess I ll idle for a while
[03:14] <aegis> I'm back
[03:15] <twb> Yes, the ubuntu .config is basically "all =m"
[03:16] <latenite> twb, it a killer :) oh well at least iw works :)
[03:17] <twb> Don't forget -j2, where 2 is the number of cores you have/
[03:17] <latenite> make -j deb-pkg ?
[03:17] <latenite> make -j6 deb-pkg ?
[03:17] <latenite> lik that?
[03:18] <twb> Yes.
[03:18] <latenite> man I am tored , I got to go to bed...can t evenb type right--
[03:18] <twb> Without -j it will use as many processes as it can, which will probably DOS your host
[03:18] <twb> Er, I mean -j without a number.
[03:18] <latenite> lol...that s bad :)
[03:19] <twb> I did it about three times in a row before  Irealized what happened, because I was doing the compile in a minimized window
[03:20] <latenite> still compiling...doooooo
[03:22] <latenite> any cool ubunut tweaks you can recommend?..I am setting up a desktop for my mom...
[03:26]  * Datz wonders if gnome is a tweek for ubuntu server :p
[03:27] <Datz> ubottu dict tweak
[04:07] <twb> latenite: etckeeper
[04:46] <latenite> twb, nice tool :) thanks
[05:08] <slicslak> trying to install openjdk, looks like the server is down?
[05:08] <slicslak> Err http://us.archive.ubuntu.com karmic-updates/main libcups2 1.4.1-5ubuntu2.6
[05:08] <slicslak>   404  Not Found [IP: 91.189.88.40 80]
[05:16] <twb> downforeveryoneorjustme.com
[05:17] <jetole> Does anyone know a good method to audit root bash history in a manner that can't be deleted? I need to set up a lot of systems at the data center so that we now have more administrators (as in I am not the only systems admin anymore) and I have done this all pretty well through LDAP but not sure what the best way to audit actions is
[05:19] <slicslak> twb, thx for the link.  of course a 404 means the file iteself can't be found.  so the server is up, but the file is missing.  <shrug>  i suppose it's useless to complain in irc. i just thought someone might know something or somebody and tell them to kick some script or whatever to fix it.
[05:21] <twb> slicslak: do an aptitude update?
[05:21] <slicslak> jetole, i don't think you can prevent ppl from tampering w/ their bash history.  sudo always keeps a system log though, so you could combine that w/ remote logging and audit that
[05:22] <slicslak> twb, nice, thanks.  jumping too many systems I forgot that was necessary on this box!
[05:23] <twb> slicslak: sorry, I should've thought of that before
[05:23] <jetole> slicslak: well in fact sudo mails all commands to me right now and I am looking for how to allow someone to have access to pretty much everything on the system but at the same time not to launch a shell
[05:23] <slicslak> np, i did ask the wrong question  ;)
[05:29] <jetole> don't suppose anyone has any experience with allowing sudo to run just about any command except a shell?
[05:29] <jetole> could maybe recommend a link or a howto
[05:32] <slicslak> jetole, they could always compile their own...
[05:33] <slicslak> it sounds like you need a pplware solution as opposed to a software solution.  chroot/jails w/ access to limited binaries is what is normally done to restrict what users can run.  but you can't exactly admin a box that way
[05:40] <jmarsden> jetole: Check whether rootsh will help you, see http://sourceforge.net/projects/rootsh/ .  For the "everything but not shells" in sudoers, try something like   %admin ALL=(ALL) ALL !SHELLS
[05:45] <jetole> there is a !SHELLS? Cool. Gotta see if that works under LDAP since sudo via LDAP has a different config but will look
[05:45] <jetole> thanks
[05:48] <jmarsden> No problem.
[05:49] <jmarsden> jetole: BTW, if someone can do sudo vi then can get a shell inside vi... lots of programs can start shells... so this restriction will not protect you from malicious users.  But malicious users should not have sudo privs in the first place...
[06:07] <chrislabeard> Hey guys anyone know of a good tutorial on how to install Suphp
[06:14] <segv`> chrislabeard: shouldn't be too hard.
[06:14] <chrislabeard> Looks like its already included in apache2?
[06:14] <SpamapS> chrislabeard: don't do it. ;)
[06:14] <chrislabeard> Why I NEEDS IT
[06:14] <SpamapS> chrislabeard: there are better ways :)
[06:14] <segv`> http://ubuntuforums.org/showthread.php?t=1516400 first google result.
[06:14] <chrislabeard> really
[06:14] <segv`> No, no one knows of a tutorial :p
[06:14] <chrislabeard> thats the one i'm on
[06:15] <chrislabeard> SpamapS so what are the other ways.
[06:15] <segv`> that's step by step, doesn't look to hard.
[06:15] <SpamapS> chrislabeard: depends on the number of users you want to support.
[06:15] <segv`> in fact, looks rediculously easy
[06:15] <SpamapS> chrislabeard: and how much you care if they run isolated.
[06:15] <chrislabeard> Yeah but the dood didn't get it to work
[06:15] <chrislabeard> SpamapS: I want it to be global
[06:15] <chrislabeard> For any of my domains
[06:16] <SpamapS> chrislabeard: how many *users* ?
[06:16] <chrislabeard> SpamapS: 3+
[06:16] <chrislabeard> min 3
[06:17] <SpamapS> three...
[06:17] <SpamapS> fastcgi
[06:17] <segv`> i do the fastcgi method myself, great performance :)
[06:17] <SpamapS> chrislabeard: just use php-fcgi and run it as each user.
[06:17] <chrislabeard> So I have to manually do add the users in
[06:18] <SpamapS> suphp is for when you want to host 500 users on one box and not let them steal eachothers' data. ;)
[06:18] <chrislabeard> Ahh i see, Is it possible to get something to just work
[06:18] <chrislabeard> Anytime I create a new user
[06:21] <segv`> chrislabeard: you can just use suexec with fastcgi
[06:22] <segv`> should be faster
[06:22] <chrislabeard> ok
[06:22] <SpamapS> chrislabeard: I used to have a script that generated a  user-php.conf for each user that was in a certain group.. would just run that after user creation.
[06:22] <chrislabeard> ahh
[06:23] <SpamapS> segv`: even suexec isn't necessary w/ fastcgi if you just run the fastcgid independent of apache. unless I'm missing something.
[06:23] <segv`> SpamapS: he wants to eliminate that 'manual' configuration.
[06:23] <segv`> fire and forget, automatically runs as said user with little or no need for him to intervein
[06:23] <SpamapS> Right, the only part that my script had to do was pick a port. I used 20000+$UID to make it easy
[06:24] <SpamapS> segv`: true and suexec is still 10 times simpler and less hacky than suphp
[06:24] <segv`> indeed
[06:24] <segv`> and fastcgi supports it out of the box heh
[06:31] <jetole> jmarsden: I was also just reading about noexec which prevents a lot of programs like vi from launching a shell
[06:31] <chrislabeard> SpamapS: Is there a tutorial for this setup? I'm new to this stuff
[06:32] <jmarsden> jetole: Yes, but test it before you rely on it.  sudo -V | grep dummy does not output anything on my machine...
[06:32] <jetole> jmarsden: you need to be root. It does on ubuntu 10.04, 8.04 (and I assume everything in between) as well as centos 5.2 and I'm about to test it
[06:33] <jetole> jmarsden: long story short, should apply to all of mine but I'm going to test it
[06:33] <jmarsden> Go for it :)
[06:35] <jetole> er, !SHELLS seems to be an issue with virsh
[06:35] <jetole> don't suppose you know how to add an exception?
[06:35] <jmarsden> SHELLS is just a Cmnd_Alias, I think... see man sudoers for how to define it, it is one of the examples there.
[06:35] <jetole> not for me
[06:35] <jetole> I'm using LDAP
[06:35] <jetole> their are no Cmnd_Alias afaik
[06:36] <jmarsden> You gave the equivalent of /etc/sudoers inside LDAP?  Hmmm.
[06:36] <jetole> no. I am using sudo-ldap, sudo gets it's rules from ou=SUDOers
[06:37] <jetole> well so yes and no
[06:38] <jetole> for example I have cn=defaults for the default rules, cn=sysadmin for the sysadmin sudo rule which applies to cn=sysadmin,ou=groups,dc=example,dc=com
[06:39] <jmarsden> So... ./sudoers2ldif /etc/sudoers  doesn't change if you add Cmnd_Alias stuff into /etc/sudoers ??  There's just no way to put that info into LDAP?  Seems odd.
[06:39] <jetole> I didn't say that, I just said I don't have any cmnd_alias atm
[06:40] <jmarsden> Well, so add one to /etc/sudoers and then run the command to generate the .ldif file from it, and import that... right?
[06:40] <jetole> although there are some odd things about ldap which are different for example, if I have cn=sysadmin,ou=SUDOers which can run all commands, there IS NOT a way for me to allow a user who qualifies for that match to run another command !authenticate
[06:40] <jetole> jmarsden: perhaps. let me look into it
[06:41] <jetole> jmarsden: how do I see what it currently uses though if it's not defined as a rule in sudo already though?
[06:41] <jmarsden> If you didn't define it, it is probably empty?
[06:42] <jmarsden> Or it may pick up vaules from /etc/shells or something.
[06:43] <jetole> no, I think it's empty, I just tried it with cat and date and neither one would run
[06:46] <wizzor> Hey, does anyone know answers to the following, regarding UEC:
[06:47] <wizzor> 1) What happens to images being run on a NC when an NC crashes?
[06:47] <jmarsden> jetole: Ok, so copy the example one from the man page into your /etc/sudoers, edit it to include teh right shells for your machine(s), run sudoers2ldif, import the resulting LDIF file into LDAP, and retest.
[06:47] <wizzor> 2) What if the cluster controller crashes?
[06:48] <wizzor> Do the NCs continue operation as usual, but without ability to start new nodes, or does the entire cloud become inoperable?
[06:49] <jmarsden> wizzor: for #2, see https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/497087
[06:49] <wizzor> We're obviously talking about a private cloud with more then one NC
[06:50] <wizzor> Hmm, so does that mean the entire cloud becomes inoperable if the CC is down? I thought the bug was about having the option for multiple CCs?
[06:51] <jetole> jmarsden: I appreciate the help, so you know I don't have to worry about the sudoers2ldif as their really isn't a cmnd_alias in sudo for ldap as I can have multiple people and multiple commands in a single role but you've helped me figure out what it is I need to setup so thanks
[06:51] <jmarsden> jetole: OK, you're welcome.
[06:53] <jmarsden> wizzor: As I understand it, the CC currently is not ever supposed to go down :)  But hey, you said this is for a private cloud, so you can easily test this for yourself and see what happens.
[06:54] <wizzor> jmarsden: Thanks, I think I might try that (or ask the support team to), it'd be interesting. Any idea about the NC going down?
[06:55] <jmarsden> wizzor: Not really, I'd think you lose the running images from that NC, and when you restart it you can restart those images... in other words, I don't think UEC has a lot of protection from failing machines built into it yet.  But I am a LONg way from being an expert!
[06:56] <jetole> jmarsden: one last thing, as far as I can tell, I need full path names. How do I stop a user from copying bash to his /home, tmp, /dev/shm, etc
[06:56] <wizzor> Hmm, well, it's probably just as easy to try that if we ever get around to building a test cloud
[06:58] <jmarsden> jetole: You don't... I think the man page says: ... these kind of restrictions should be considered advisory at best
[06:58] <jmarsden> wizzor: Right.
[06:58] <jetole> jmarsden: so uh, is there a way for me to prevent a user from running bash that isn't advisory?
[06:59] <jmarsden> Well, a *user*, sure.  A user who can sudo and copy files and compile and link programs... probably not.
[06:59] <jmarsden> Why would you trust a user to run, say emacs or vi as root, but not trust them with bash??
[07:00] <jetole> jmarsden: who says I trust anyone. I'm being told by the boss to make it so
[07:00] <jetole> lol
[07:01] <jmarsden> Then your spec is flawed... well, you could remove bash from the machine, then they'd have to compile their own copy before they could run it :)
[07:01] <jetole> yeah but thats hardly a deterent
[07:01] <jetole> I doubt it would happen but I really don't want to just assume it won't
[07:01] <jmarsden> If the people involved are malicious, you are dead anyway.
[07:02] <jetole> or if they are too stupid to have this access in the first place which several of them are, on the other hand I have known a couple from years before I worked here who are very good but may just object to being audited in their actions. as far as I can tell though, I'm kinda dead in the water
[07:02] <jmarsden> There is a difference between "just assume" and "make it a policy, tell people they will be fired if they do it, etc"
[07:03] <jmarsden> People problems rarely have 100% technical solutions.
[07:03] <jetole> wish I could but if I do I am in trouble for lying
[07:03] <jetole> heh. I'm screwed
[07:03] <jmarsden> jetole: Get your boss to make that the policy, ...
[07:04] <jetole> well at least with no shell and sudo always mailing (and they don't have access to the ldap server) I will at least have more logs
[07:06] <jetole> jmarsden: thanks again for the help
[07:07] <jmarsden> No problem.
[07:28] <twb> Does kexec-tools work for anybody on lucid?
[07:55] <chrislabeard> Is there such a thing as linking to mysql databases together?
[07:55] <chrislabeard> On different servers?
[07:58] <twb> Never mind, I forgot KEXEC_LOAD=true in /etc/default/kexec-tools
[08:46] <chrislabeard> If I wanted to sync my phpmyadmin db to another phpmyadmin
[08:46] <chrislabeard> do I need to open the 3306 port on my local server?
[08:51] <zealiod> I have a lite weight server I am putting on a small harddisk, how can I stop logging so that i don't chew up all my hard disk space over time?
[08:56] <twb> zealiod: uninstall rsyslog
[08:56] <twb> You could also make /var/log a tmpfs, with a little work
[08:59] <JanC> a tmpfs is only useful is you reboot it often
[09:00] <JanC> well, depending on how much RAM is available maybe
[09:03] <twb> It's also an easy way to cap /var/log at 8m
[09:04] <twb> My netbook had 1GB of RAM and 4GB of disk, so it was much easier to do that than piss about with
[09:04] <twb> LVM
[09:46] <ruben23> hi guys any idea on how to install on JRE and the Java Plugin on ubuntu 10.10 maverick
[09:49] <twb> ruben23: apt-get install openjdk?
[09:49] <twb> It has either "openjdk" or "icedtea" in the name, as at 10.04.
[09:59] <ruben23>  twb: thanks
[10:25] <freepenguin0> hi, does exist an Apache Server monitor for Debian based distros?   an equivalent of Mysql-Administrator for Mysql
[10:27] <twb> freepenguin0: I don't know what an "apache server monitor" is.
[10:27] <twb> freepenguin0: nor do I know what "mysql-administrator" is.
[10:28] <freepenguin0> mysql admin is a tool by which configure
[10:28] <freepenguin0> mysql server, see the connections
[10:28] <freepenguin0> make backup/restore etc.
[10:28] <twb> So it's a GUI?
[10:29] <freepenguin0> yes
[10:29] <twb> Here, we encourage people to learn proper CLI tools.
[10:29] <freepenguin0> i would know if exist a tool like this for apache server (to see connections etc.)
[10:29] <twb> There may be such a GUI tool; I don't know of one.
[10:30] <RoyK> freepenguin0: really, as twb say, try to spend a few hours learning the CLI - you'll get things done better that way - and over time, much, much faster
[10:34] <freepenguin0> RoyK, sure, I knew Rapache but it's no more supported by ubuntu
[11:07] <eagles0513875|2> hey guys i just setup dovecot+ postfix
[11:07] <eagles0513875|2> i am able to send outgoing email but i cant recieve any incoming from the outside such as gmail
[11:07] <eagles0513875|2> i get this error Technical details of permanent failure:
[11:07] <eagles0513875|2> DNS Error: Domain name not found
[11:46] <Myx0x3> i have some problems.. ive just install ubuntu-server and i get IP and everything but it does not ping my router or my computer! the router is the DHCP server also..
[11:47] <Myx0x3> it says the destination host is unreachable..
[11:51] <twb> Myx0x3: did you configure your ubuntu server to be a DHCP client?
[11:51] <Myx0x3> no, i did only install smb and openssh
[11:52] <Myx0x3> it gets a correct IP and the router finds it on the dhcp table
[11:53] <Myx0x3> and it does not ping google ie
[11:56] <Myx0x3> anyone got any ide?
[11:59] <twb> Sounds like something is wrong with your router.
[12:00] <Myx0x3> its not, my computer works fine?
[12:00] <Myx0x3> its on the same router
[12:00] <twb> If on the Ubuntu server, "ip address" and "ip route" and "cat /etc/resolv.conf" report correct information, then the problem is not on your server.
[12:01] <Myx0x3> whats ip route?
[12:34] <pmorris> Why am I getting tons of errors like: named[1336]: error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
[12:34] <twb> Myx0x3: a tool to set/get the route tables.
[12:36] <pmorris> Nothing appears to be failing network wise
[12:37] <twb> pmorris: do you use IPv6?
[12:38] <_ruben> looks like a broken ipv6 config indeed
[12:39] <pmorris> Only happened since I migrated from 8.04 LTS to 10.04 LTS
[12:39] <pmorris> I don't know how to fix it
[12:39] <pmorris> I also thought it was something to do with IPv6 when I saw AAAA resolution
[12:39] <pmorris> But I also have some errors like this:
[12:39] <pmorris> named[1336]: error (network unreachable) resolving 'ns3.afraid.org/A/IN': 2001:500:b::1#53
[12:40] <pmorris> Is this still IPv6 related?
[12:40] <shauno> 2001:500:b::1#53 is still an ipv6 address
[12:41] <pmorris> Aye
[12:41] <pmorris> So what would be the best thing to do in this situation?
[12:42] <pmorris> Obviously it's not really a problem, just a notification, but should I disable IPv6 somewhere or just disable the logging somehow?
[12:42] <pmorris> At the moment it pollutes the syslog
[12:45] <h4p0z3u> anybody here can help me with ubuntu ec2 configuration?
[12:46] <maedox> h4p0z3u: depends on your question. I've played with it a bit.
[12:47] <h4p0z3u> my cloud:  (public ip) --- (cloud front end) --- (private network) --- (cloud background VM's), ok it?
[12:48] <h4p0z3u> http://imagebin.org/122489
[12:49] <maedox> Do you mean using Ubuntu in Amazon EC2 or setting up your own cloud with Ubuntu?
[12:49] <h4p0z3u> set my cloud with ubuntu
[12:50] <maedox> ok I see, sorry, then I'm not your guy. Haven't gotten that far yet. I've been using Amazon's EC2 for a little while.
[12:50] <h4p0z3u> hum... thx
[12:55] <mgolisch> doesnt their documentation tell you how to do that?
[12:59] <h4p0z3u> yes, but not rich like others doc's
[13:01] <mgolisch> the documentation on http://open.eucalyptus.com/ covers the basics of most stuff
[13:05] <h4p0z3u> I configured the system but now I want know if I did correct and start my instances... but I don't understand well about access the instances... like a ssh access on Xen VM's... you understand?
[13:06] <patdk-wk> pmorris, sounds like you have an ip6 on your computer
[13:06] <patdk-wk> what does 'ip addr show' look like?
[13:10] <jpds> patdk-wk: Like 'ip addr show' .
[13:10] <patdk-wk> only for english speaking people :)
[13:29] <maedox> How can I redirect requests to certain domains through a proxy server? Command line only.
[13:30] <twb> maedox: set $no_proxy
[13:31] <twb> Assuming you mean HTTP
[13:31] <twb> e.g. export http_proxy=http://127.0.0.1:8080/ no_proxy=.lan,.local,fs,127.0.0.1
[13:32] <twb> ...will cause everything to go through the proxy, unless its IP is 127.0.0.1, it's hostname is fs, or its FQDN ends in .lan or .local
[13:32] <maedox> twb: yeah, I started out with squid, but it will be a bottle neck if I redirect everything there. I only want to proxy w3c.org and java.sun.com.
[13:32] <maedox> twb: not possible to do it the other way around?
[13:32] <twb> I don't know.
[13:32] <maedox> alright, thanks.
[13:33] <maedox> I guess my quest continues :)
[13:33] <twb> The only way I can think of that doesn't involve proxy.pac (a.k.a. javascript) is transparent proxying
[13:34] <twb> Hmm, I suppose you might also do it by making w3c.org and java.sun.com resolve to the local host, then effectively having a reverse-proxy listening on 127.0.0.1:80
[13:35] <maedox> very weird that it should be so difficult. in any browser it's very easy.
[13:35] <twb> maedox: it's not easy in w3m
[13:35] <maedox> mainstream browsers :D
[13:35] <twb> Or indeed any other well-behaved browser that uses $http_proxy and $no_proxy instead of trying to NIH the proxy configuration
[13:35] <twb> maedox: w3m is the default browser on Debian.
[13:37] <maedox> I just find it curious that there should not be some kind of service for it with a config file where you can specify proxy nothing, except these domains.
[13:38] <twb> maedox: "service" implies it's a proxy
[13:38] <twb> Obviously you can tell squid to only CACHE some domains...
[13:40] <maedox> twb, yes, I know, but what I would like is in essence the inverse of no_proxy.
[13:41] <maedox> but I guess I could use no_proxy to at least have it not go through squid for LAN IP's.
[13:41] <maedox> I think I will do that for now, and see if I can figure it out down the road.
[13:42] <twb> What client(s) are you using?
[13:42] <twb> HTTP clients, I mean
[13:42] <maedox> It's maven running from Hudson CI
[13:42] <twb> Do you have any evidence it honours $http_proxy?
[13:43] <twb> It's purely a convention
[13:43] <maedox> It should be possible to configure env vars in the job in Hudson, but it doesn't seem 100 % stable sometimes.
[13:43] <twb> (Hint: anything using libcurl gets $http_proxy support "for free")
[13:43] <maedox> It seems to be honoring http_proxy, but I don't know about no_proxy.
[13:43] <maedox> Ḯ'll test it out to see what happens
[13:43] <twb> Yeah
[13:44] <twb> app authors are pretty stupid; they might not even know about $no_proxy
[13:44] <maedox> The Hudson server is controlling nodes on other servers and http_proxy works for jobs but not for the whole node if you don't put it on every single job.
[13:45] <twb> I'm glad I Don't Do JavaTM
[13:47] <maedox> hah, yeah, me too, I'm just here to keep the network and servers secure and running.
[13:48] <maedox> Ah, there is a Java env.var. http.noProxyHosts  because it seems java doesn't honor no_proxy. We are one step closer :D
[13:49] <maedox> system property* not env.var.
[13:57] <jpds> twb: ™
[13:58] <twb> Oh, you want τεχ?
[13:59] <twb> (Yes, my IRC client (Emacs) has TeX and SGML input methods.)
[13:59] <jpds> And much more I guess.
[13:59] <twb> Oh sure.
[14:25] <eagles0513875> hey guys are there any postfix experts in here i need some help fixing an issue with my mail server
[14:27] <lamont> eagles0513875: you'll find better luck if you just ask the question (or describe the problem) rather than asking if you can ask a question
[14:27] <eagles0513875> ok
[14:28] <eagles0513875> my question is this i am currently able to send emails from my server to my gmail for example but i cant send from my gmail to my server
[14:28] <eagles0513875> i get this message
[14:28] <eagles0513875> Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <jonathan@eagleeyet.net>: Relay access denied (state 14).
[14:28] <eagles0513875> i have an mx entry in godaddy which is the following
[14:28] <eagles0513875> 0 @ @ where @ is pointing at my ip address
[14:28] <eagles0513875> port 25 is unblocked
[14:28] <eagles0513875> my isp though doesnt allow relaying off their MX server
[14:28] <eagles0513875> is it possible to setup my own mx server on my own machine
[14:29] <lamont> whatever machine returned the error to google is not configured to relay or accept email for eagleeyet.net - assuming that gmail was able to reach your machine, it needs to be told that eagleeyet.net is a local destination
[14:30] <lamont> (fwiw, pri 0 mx hosts make me cry a little, simply because there's no way to inject one of higher priority later)
[14:30] <eagles0513875> lamont: its probably my isp
[14:30] <eagles0513875> as they dont allow MX relaying
[14:30] <eagles0513875> whats funny i can send from my domain to gmail
[14:31]  * lamont fires a test email
[14:32] <eagles0513875> email to test with is jonathan@eagleeyet.net
 host eagleeyet.net[213.165.178.234] said: 554 5.7.1
[14:32] <lamont>     <jonathan@eagleeyet.net>: Relay access denied (in reply to RCPT TO command)
[14:32] <eagles0513875> bah now squirrel mail is proken
[14:32] <lamont> so... that IP is the one bitching
[14:32] <eagles0513875> broken
[14:32] <eagles0513875> O_o
[14:32] <eagles0513875> thats my ip
[14:32] <lamont> congratulations.
[14:33] <eagles0513875> humm
[14:33] <eagles0513875> oh snap
[14:33] <eagles0513875> wait
[14:33] <lamont> either pastebin your main.cf, or email it to lamont@ubuntu.com?
[14:33] <eagles0513875> hold on
[14:35] <yann2> any idea where I can download etherboot - 5.4.4-1ubuntu3  as mentioned in https://bugs.launchpad.net/ubuntu/+source/etherboot/+bug/617316 ?
[14:35] <eagles0513875> http://pastebin.com/if37pwDw lamont
[14:35] <_ruben> eagles0513875: apparently eagleeyet.net isn't configured as a local domain on your postfix instance
[14:36] <eagles0513875> O_o
[14:36] <eagles0513875> _ruben:
[14:36] <_ruben> add eagleeyet.net to mydestination
[14:36] <eagles0513875> doh
[14:38] <eagles0513875> done and postfix restarted just sent test email
[14:38] <lamont> it should work better now. :-D
[14:38] <lamont> (got distracted there for a minute)
[14:39] <eagles0513875> yay
[14:39] <eagles0513875> :)
[14:39] <eagles0513875> that did it
[14:39] <eagles0513875> always with me its something small
[14:41] <eagles0513875> woot
[14:57] <yann2> hallyn, any update on https://bugs.launchpad.net/ubuntu/lucid/+source/etherboot/+bug/570870 ? Am still unable to pxe boot on e1000 with lucid, tried the -proposed, no luck...
[15:06] <hallyn> yann2: supposed to be fixed, near as I can tell
[15:06] <hallyn> yann2: what exactly happens when you try?
[15:06] <yann2> doesnt get a DHCP address
[15:06] <yann2> just worked with packaged from maverick
[15:07] <yann2> I mean, installed etherboot and kvm-pxe from maverick, it worked.. lucid's proposed, not
[15:07] <hallyn> yann2: that's interesting, but it sounds like a different bug.
[15:07] <hallyn> yann2: in taht bug, pxe boot was never attempted.  it hung on 'Seabios" msg
[15:07] <yann2> there were 2
[15:08] <hallyn> yours tries but fails to get ip from dhcp, right?
[15:08] <yann2> there were a few duplicates
[15:08] <yann2>  https://bugs.launchpad.net/ubuntu/+source/etherboot/+bug/617316  have a look here
[15:08] <hallyn> i don't condone multiple bugs per bug :)
[15:08] <hallyn> one sec
[15:08] <yann2> yeah, there was taht bug, then a fix, and the fix brought up this second bug, was in the comments...
[15:09] <yann2> I needed it working right now, but happy to test future ppas
[15:10] <hallyn> checking the lucid source for my fix
[15:16] <hallyn> yann2: well, i don't know what happened there.  the fix is definately not there
[15:16] <hallyn> i'm wondering whether kirkland's fix usurped mine
[15:16] <hallyn> doh
[15:17] <hallyn> all right, we need to nominate this for sru.
[15:18] <yann2> ;)
[15:19] <hallyn> yann2: sorry about that, will get that done, but it's likely to be a slow process
[15:19] <yann2> do you need to formally report somewhere, like add a comment or so?
[15:19] <yann2> hallyn, I dont care, It works with maverick's
[15:19] <yann2> so as long as it can boot I'm a happy man :)
[15:19] <hallyn> cool :)
[15:20] <hallyn> yeah, i have to update the description and subscribe a team, but i'm trying to figure out whether they will 'just know' how to cherrypick the right debdiff, or if i have to build a new package for it
[15:21] <yann2> also, it boots well with the rtl8139, just of course I need it for freebsd :P
[15:22] <yann2> btw hallyn you wouldnt happen to know how much of a risk I would take installing a lucid kernel on a hardy server would you - ie if it's safe, not safe, or absolute madness?
[15:23] <hallyn> i think plenty of ppl are dong it
[15:23] <hallyn> doing it
[15:23] <hallyn> oh,
[15:23] <hallyn> i misread.  i thought you meant a lucid kvm VM on hardy host
[15:24] <hallyn> i'd recommend asking on #ubuntu-kernel, bc i have no idea...
[15:26] <yann2> thanks, will do
[16:39] <DodgeThis> how can i replicate a server to another computer?
[16:41] <SpamapS> DodgeThis: can you define "replicate" ?
[16:41] <SpamapS> DodgeThis: do you want it to keep "replicating" or do you want to clone it one time?
[16:42] <DodgeThis> +/- cloning
[16:42] <DodgeThis> i want to pass all the confis and db to another server running ubuntu
[16:44] <SpamapS> DodgeThis: one time only, or every time you change the source server?
[16:44] <DodgeThis> one time only
[16:45] <SpamapS> DodgeThis: you can probably just boot the destination box in a recovery console/live CD, mount its hard drives, and use rsync.. then chroot into the root filesystem and update-initramfs/grub-install.
[16:46] <TeTeT> DodgeThis: if they are of the same make, you might want to try clonezilla
[16:46] <DodgeThis> exemple: i have a server running in virtual box and want to transfer all the stuff db,configs etc to a real server
[16:46] <SpamapS> DodgeThis: of course, that may result in a corrupted DB unless you shut down the source box.
[16:47] <SpamapS> DodgeThis: if you haven't done a ton of system configuration, you could just install the new machine, and rsync the data to it.
[16:47] <TeTeT> hmm, virtual box should rule out clonezilla, sorry
[16:48] <DodgeThis> SpampaS do you have some tut that i can follow?
[17:05] <SpamapS> DodgeThis: I wrote one up *a long time ago* .. I don't know how much is relevant.
[17:07] <SpamapS> DodgeThis: hrm, no the tutorial I wrote is for switching local disks.
[17:08] <SpamapS> DodgeThis: Since you're changing hardware, I would suggest just backing up the *data* and copying it to the new machine.
[17:28] <zealiod> i was hoping this rule would log all port traffic.... it doesnt log anything... what am i missing?
[17:28] <zealiod> sudo ebtables -A FORWARD --in-interface eth1.11 --protocol ipv4 --ip-protocol tcp --log-level notice --log-prefix ASH
[17:33] <tomsdale_> I have added 'user1' with p.rimary group 'group1' to an additional group 'group2'. Why is user1 not able to view a folder with the group restrictions set for group2
[17:33] <tomsdale_> it's like the additional groups don't count.
[17:34] <shauno> tomsdale_: silly question, but has the user logged out yet?
[17:34] <shauno> I don't believe changes to groups are 'noticed' until the next login
[17:34] <tomsdale_> shauno: handpalm ...
[17:35] <tomsdale_> shauno: yes - that's exactly it. thank you.
[17:36] <RoAkSoAx> /w/win 2
[17:36] <RoAkSoAx> arrggh...
[18:06] <cubmike> greetings I am new to ubuntu
[18:06] <highvoltage> greetings, cubmike
[18:07] <cubmike> I want to know if there is any advantage of installing the 10.10 server edetion vs the desktop and the 32 vs the 64
[18:07] <cubmike> ty
[18:10] <SpamapS> mathiaz: its 18:10 UTC .. do you know where your meeting is?
[18:10] <mathiaz> SpamapS: which meeting?
[18:11] <SpamapS> server team?
[18:11] <SpamapS> was it cancelled w/o an announcement?
[18:11] <mathiaz> SpamapS: hm - I don't know if we're gonna have a meeting this week
[18:12] <mathiaz> SpamapS: given that half of the team is at the OpenStack summit
[18:12] <mathiaz> SpamapS: and they're having lunch right now
[18:12] <mathiaz> SpamapS: so JamesPage, you and me are the only one around right now
[18:12] <SpamapS> I will postpone to 19:00 UTC and see if anyone shows up, since the time was listed as 19:00 UTC (but last tuesday) until a few minutes ago
[18:13] <mathiaz> SpamapS: yeah - it's the time change thinggy
[18:13] <mathiaz> SpamapS: we'll have to reconsider the time of the meeting now that both europe and north-america have switch hours
[18:13] <mathiaz> SpamapS: and google calendar is also confusing when it comes to DST
[18:14] <JamesPage> mathiaz: time change is on the list of items for discussion.....
[18:15] <SpamapS> Agreed, the fridge calendar doesn't even have our meeting on it
[18:15] <mathiaz> JamesPage: yeah - it's a good moment for discussin time changes given that 1. time change in both Europe and North America and 2. the new composition of the team
[18:15]  * JamesPage nods
[18:17] <s3hh> so we decided no mtg today?
[18:19] <s3hh> SpamapS: ^
[18:19] <SpamapS> s3hh: meeting is moved to 1900
[18:19] <SpamapS> s3hh: so, stick around for 20 minutes and we'll give it another shot
[18:23] <s3hh> SpamapS: so otherwise it would move with dst, eh?  silly
[18:24] <SpamapS> s3hh: I don't know, that will be discussed. I think its less confusing to go with UTC, but many may prefer that it stays at the same time locally for them.
[19:56] <RoAkSoAx> SpamapS: when I get back home i'll point you to a diff ;)
[21:11] <squidly> what does everyone recomend for an ipv6 dhcp server that will auto update bind9 with rdns and AAAA recoards?