/srv/irclogs.ubuntu.com/2010/11/30/#ubuntu-server.txt

zacharynweb	cool	00:00
zacharynweb	I'm making these two files	00:00
IrishWristwatch	ok	00:00
IrishWristwatch	do you know how to use nano?	00:00
IrishWristwatch	Nano is good beginner command line text editor	00:00
IrishWristwatch	I assume you do, since you've edited some files already.	00:01
zacharynweb	I used wget to download the .txt file from that link	00:01
zacharynweb	cp to rename it from the .txt file	00:03
IrishWristwatch	there is an easier way you can do it over putty	00:04
IrishWristwatch	just do	00:04
IrishWristwatch	sudo nano /etc/default/deluge-daemon	00:04
IrishWristwatch	with putty, you just right-click to paste	00:04
IrishWristwatch	then ctrl+o to save, ctrl+x to exit	00:04
zacharynweb	IrishWristwatch: I haven't been able to right click to paste.. I've tried.	00:06
zacharynweb	rather not bother you with my stupidity there if it does work	00:06
zacharynweb	either way, files are there	00:06
zacharynweb	deluge-daemon started	00:06
zacharynweb	IrishWristwatch: Awesome, I now have a web UI.	00:07
IrishWristwatch	with putty, there should be an option then, honestly I don't know why you can't	00:07
IrishWristwatch	awesome	00:07
IrishWristwatch	:D	00:07
zacharynweb	oh..	00:08
zacharynweb	IrishWristwatch: ...wtf	00:08
IrishWristwatch	password is deluge	00:08
zacharynweb	IrishWristwatch: Right clicking at all in putty just pasted everything.	00:08
IrishWristwatch	lol yeah	00:08
IrishWristwatch	you are supposed to copy the text from the website, then rightclick into nano	00:08
IrishWristwatch	but whatever	00:08
zacharynweb	could of sworn I'd tried to copy paste already, and it didn't work, and ctrl + v didn't work either	00:09
zacharynweb	I even tried going to the upper left and clicking "file, edit... no paste...?"	00:09
zacharynweb	lol	00:09
zacharynweb	anyway	00:09
zacharynweb	logged into webui	00:09
zacharynweb	IrishWristwatch: do you have any tips about usint the deluge client?	00:12
IrishWristwatch	the webui is technically the client	00:14
IrishWristwatch	but, if you mean the gui client you download, it's pretty much a great replacement for utorrent	00:14
IrishWristwatch	As for the webui, just go to the options and specify the directory you want the files to download to	00:15
IrishWristwatch	and make sure those directories are owned by the user deluge is running under	00:15
IrishWristwatch	Also, make an autoadd directory, then make sure that directory is shared over a samba/nfs share	00:16
IrishWristwatch	that way you can easily add torrents just by saving them into that directory	00:16
IrishWristwatch	if you have windows, you can even set up a drive map (which is basically giving a network share/ samba share a drive letter)	00:17
=== jjohansen is now known as jj-afk
IrishWristwatch	So that way you can just access that drive letter, and you'll be at your Samba share.	00:17
zacharynweb	I don't have that working yet	00:17
zacharynweb	IrishWristwatch: Are you feeling patient enough to tell me about that?	00:18
IrishWristwatch	Have you set up Samba yet?	00:18
zacharynweb	no	00:20
zacharynweb	definitely not	00:20
IrishWristwatch	ok well	00:20
zacharynweb	I discovered linux a couple weeks ago.	00:20
IrishWristwatch	I can tell you how to setup a simple share, but I won't go into too much detail about the entire range of stuff you can do with samba	00:20
IrishWristwatch	since there are like a bajillion things	00:21
draven_sol	is there a reason that apt-get upgrade is holding back my kernel on 10.04 server?	00:21
zacharynweb	have accessible network drive storage from windows?	00:21
zacharynweb	that sounds awesome.	00:22
IrishWristwatch	yeah	00:22
IrishWristwatch	Samba is tailored towards windows	00:22
IrishWristwatch	NFS is tailored towards unix	00:22
IrishWristwatch	and ubuntu can do both so take your pick	00:22
IrishWristwatch	If you're one windows, do Samba shares	00:23
IrishWristwatch	on*	00:23
zacharynweb	sounds good	00:23
zacharynweb	what would you suggest?	00:23
zacharynweb	you can tell me to use google	00:24
zacharynweb	if you'd like.	00:24
IrishWristwatch	Are you using windows or ubuntu as your main desktop?	00:24
draven_sol	zacharynweb, for a nix to nix share i use NFS	00:24
zacharynweb	windows as my main computer	00:24
draven_sol	zacharynweb, to share to windows pc's i use samba	00:24
IrishWristwatch	Then use Samba shares	00:24
zacharynweb	will	00:24
IrishWristwatch	yeah what draven_sol said	00:25
zacharynweb	I'll look it up	00:25
draven_sol	https://help.ubuntu.com/community/Samba	00:25
IrishWristwatch	zacharynweb, are you using server 10.04 or 10.10>?	00:25
IrishWristwatch	Just curious.	00:26
smoser	jiboumans, sorry, i'm out now. i'll maybe be back in sometime tonight, failing that, tomorrow	00:26
zacharynweb	the latest one I think	00:26
zacharynweb	this is weeks old	00:26
jiboumans	smoser: sure thing. also, note that one of the mirrors is having checksum errors (see paste above)	00:26
jiboumans	catch you later/tomorrow	00:26
IrishWristwatch	Ah, you should use 10.04 LTS in the future.	00:27
IrishWristwatch	Simply because Canonical will support it until 2015	00:27
IrishWristwatch	Whereas 10.10 will only has an 18-month support lifetime.	00:27
smoser	jiboumans, we're hoping thats in the progress of being fixed...	00:27
zacharynweb	Yeah, 10.10	00:27
smoser	per canonical IS ticket	00:28
zacharynweb	huh what?	00:28
jiboumans	smoser: ta... cloud-config chokes on that btw and aborts =/	00:28
smoser	jiboumans, which region ?	00:28
jiboumans	us-east-1	00:28
jiboumans	smoser: ^	00:28
IrishWristwatch	yeah zacharynweb, just something to remember in the future	00:28
zacharynweb	IrishWristwatch: what do you mean support?	00:28
smoser	yeah, thanks.	00:28
zacharynweb	IrishWristwatch: remember what? What's the problem?	00:28
IrishWristwatch	Support, meaning, security updates and package updates	00:28
IrishWristwatch	Patches, fixes, etc	00:29
IrishWristwatch	Read this, zacharynweb https://wiki.ubuntu.com/LTS	00:30
zacharynweb	ah, so I should keep to the LTS	00:31
IrishWristwatch	for servers, I would.	00:31
zacharynweb	more support	00:31
zacharynweb	understandable	00:31
IrishWristwatch	Just for the convenience of not having to upgrade	00:31
zacharynweb	I will in the future	00:31
IrishWristwatch	however, there are sometimes benefits of having a later version of Ubuntu, like 10.10 or other future release, simply because they might have features that aren't on the LTS	00:32
IrishWristwatch	so you should research it before you install	00:32
twb	IMO the rule of thumb is "if this host is mission critical, it should run LTS"	00:32
zacharynweb	IrishWristwatch: I undestand, I'll kep that in mind for the future.	00:36
IrishWristwatch	:]	00:36
SpamapS	IrishWristwatch: backports are a way to have the best of both worlds in that case.	00:37
wqapol	How aboutmanually updating to the latest version while keeping up ith LTS?	00:37
IrishWristwatch	I'm wary of backports.	00:37
SpamapS	wqapol: that can get ugly because libraries might have to be upgraded.	00:37
wqapol	I mean manually updating only the packages deemed necessary.	00:37
wqapol	SpamapS: Libraries in the sense?	00:38
SpamapS	IrishWristwatch: you should be. But its a way to introduce only a little bit of the newer, less-tested releases into an LTS.	00:38
IrishWristwatch	linux programs use system libraries	00:38
IrishWristwatch	if you have a newer program, but an old library, it can cause unexpected results	00:38
IrishWristwatch	is basically the gist of it	00:39
wqapol	Hmm I see.	00:39
IrishWristwatch	This is kind of less common if you use apt-get, since it will tell you if you have a missing or outdated dependency, but yeah	00:40
IrishWristwatch	Skaag: interesting.	00:40
Skaag	what is?	00:40
IrishWristwatch	The backports.	00:40
Skaag	I just arrived here...	00:40
Skaag	you sure you mean me?	00:41
Skaag	:)	00:41
IrishWristwatch	Oh, I meant SpamapS	00:41
Skaag	haha :)	00:41
IrishWristwatch	Whoops. :P	00:41
Skaag	I'm trying to find out if the LSI2008 SAS Controller is supported in Ubuntu Server. I read somewhere in Google an old post from 2009 about it being supported in Ubuntu Desktop but not in Ubuntu Server.	00:41
Skaag	But that's probably just outdated, and from before the Lucid times... how do I find out for sure?	00:42
Skaag	Personally, I see no logic in it being supported in Desktop, but not in Server...	00:42
IrishWristwatch	If it works on Desktop, chances are it works on Server	00:43
Skaag	that's what I thought, too	00:44
Skaag	I guess worse case, I'll use them JBOD	00:44
IrishWristwatch	Are you doing RAID 0, 1, or other?	00:44
Skaag	and then either try to compile a kernel with a port of the driver from Redhat or SuSE (those are officially supported), or wait for someone else to do it ;-)	00:45
Skaag	Raid 5 I guess	00:45
IrishWristwatch	Plus, I think Ubuntu Server might be able to do a software raid 5	00:46
IrishWristwatch	but don't quote me on that.	00:46
Skaag	of course it can	00:46
Skaag	I did that many times	00:46
IrishWristwatch	Well alright then :P	00:47
=== squishy is now known as rbniknej
nickmoeck	Considering that it has a RHEL 5 driver, I see no reason that it wouldn't work in Ubuntu. Might have to prod the manufacturer for the driver source or a .deb package for Ubuntu	00:47
Skaag	right	00:48
zacharynweb	IrishWristwatch: If you'd like to see some of what I'm doing with my server...	00:48
Skaag	I will write them back with that response	00:48
IrishWristwatch	zacharynweb, do you need help with something?	00:48
zacharynweb	IrishWristwatch: http://beyond-sight.com/photography/ http://beyond-sight.com etc	00:48
zacharynweb	IrishWristwatch: Nothing else more so far. Thank you so much for helping me so far.	00:49
IrishWristwatch	this is being hosted from your server?	00:49
zacharynweb	IrishWristwatch: Yes.	00:49
IrishWristwatch	Cool	00:49
IrishWristwatch	Skaag, what is the full model name of that card?	00:50
=== rbniknej is now known as jenkinbr
=== jenkinbr is now known as squishy
IrishWristwatch	zacharynweb, looks good. :]	00:51
zacharynweb	IrishWristwatch: currently http://beyond-sight.com is down	00:51
zacharynweb	IrishWristwatch: That was my very first webpage, however, I poorly programmeed the php, so the paths need to be rewritten to work with linux paths and directories	00:52
zacharynweb	IrishWristwatch: it looks much nicer	00:52
Skaag	IrishWristwatch: I don't know yet... didn't buy the machine	00:53
Skaag	all I know is that the chip is: LSI2008 chip	00:53
IrishWristwatch	Question Skaag , what's a pretty reputable brand of RAID controllers for Linux/Ubuntu	00:54
Skaag	3Ware and MPT, I guess?	00:55
Skaag	MPT comes with IBM Hardware	00:55
Skaag	and 3Ware is a pretty decent raid controller	00:55
eriksson25	Hi, anyone using rtorrent and know how you make it to create folders with diffrent permissons.	00:56
zacharynweb	IrishWristwatch: Samba looks like a doozy to configure. No questions yet though, our linux god-tier hero, you. lol	00:57
IrishWristwatch	oh please.	00:57
SpamapS	I had an 8 port 3ware SATA card that I used to run a giant (for the time) RAID 5+0	00:57
Skaag	9503?	00:57
IrishWristwatch	Skaag, I've always wanted to make a RAID config	00:57
IrishWristwatch	but I'm always too damn cheap to buy 4 hard drives	00:57
Skaag	well, a good raid config can give you a serious performance boost or reading data very quickly.	00:58
IrishWristwatch	Yeah I bet	00:58
IrishWristwatch	since it's all parallel access	00:58
Skaag	and the controller does much of the work, if the driver is well written.	00:59
Skaag	and 3Ware adapters have a memory module that can be upgraded	00:59
IrishWristwatch	zacharynweb, it can be pretty crazy at first	01:00
IrishWristwatch	but if you want to setup a simple share and skip all of the other stuff for later	01:00
IrishWristwatch	then it's pretty easy	01:00
zacharynweb	IrishWristwatch: How would I do that?	01:00
IrishWristwatch	eh, I guess I'll just PM you the commands	01:00
zacharynweb	IrishWristwatch: and truthfully I consider myself a technician with windows	01:01
zacharynweb	but anything server wise or outside windows, I'm a newb	01:02
IrishWristwatch	don't worry	01:02
IrishWristwatch	Linux is easier to learn than windows.	01:02
datz	Yea, it's all just point click :P	01:22
datz	having joins,parts,quits ignored really messes up my sense of passed time	01:23
UndiFineD	datz, http://ubuntuforums.org/showthread.php?t=315262	01:33
datz	humm, well.. I'm not using gnome, or xchat, and my joins,parts,quits are already hidden. :P	01:34
datz	but not I know. ;)	01:34
datz	It's easier to leave leave your irc client up all the time and follow what's going on if there isn't semi useless join/part spam. :)	01:36
datz	irssi ftw btw	01:36
UndiFineD	indeed	01:36
Patrickdk	heh, you need useless join/part spam, to break up the conversations	01:36
datz	hahah	01:36
datz	it does serve to do that. But I if you can distinguish one conversation from another, you'll be fine too.	01:37
datz	-I	01:37
twb	In dhclient.conf, is this an ubuntuism? send host-name "<hostname>";	02:18
twb	Because it works on my lucid hosts but not my squeeze hosts	02:18
twb	If I replace <hostname> with a literal hostname, it works on both	02:18
twb	Apparently it IS a tiny ubuntu-specific patch	02:34
twb	Dunno why it wasn't pushed upstream...	02:35
IrishWristwatch	zacharynweb, how'd it go?	02:37
=== BullyBee_ is now known as BullyBee
laxa8831	hi	04:13
laxa8831	can i set a folder within a samba share to read only when the entire share it r/w?	04:14
laxa8831	i have a folder withing a drive id like to protect, but maintain r/w access to the rest of the drive	04:14
UndiFineD	laxa8831, you could: chmod 755 the directory	04:21
UndiFineD	only owner would have rwx capabilities	04:21
laxa8831	can the owner be multiple people, or would i have to set up a group	04:22
UndiFineD	you set a group for that	04:23
laxa8831	ok	04:23
UndiFineD	<ubottu> An explanation of what file permissions are and how they can be manipulated can be found at https://help.ubuntu.com/community/FilePermissions	04:24
laxa8831	and system permissions take precendence over samba, correct?	04:25
laxa8831	im having a bit of trouble with this	04:33
laxa8831	ive set the owner of the test folder to ABCD	04:34
laxa8831	and chmod to 755, but still everyone on network can create and delete files in that folder	04:34
UndiFineD	maybe samba is running as ABCD	04:43
UndiFineD	and therefore has all the right on that directory	04:43
laxa8831	im using ls -l	04:44
laxa8831	and can see the rights on the folders	04:44
laxa8831	but i cant change them from drwxrwxrwx	04:45
laxa8831	ive made a folder called test to play with	04:45
laxa8831	ie, sudo chmod 755 test	04:47
laxa8831	and the permissions dont change	04:47
laxa8831	the owner is root	04:49
laxa8831	cant seem to change that either	04:49
laxa8831	ok, this is interesting	04:49
laxa8831	when i created a folder from a network share, it appears to be owned by root	04:49
laxa8831	is that supposed to happen?	04:50
laxa8831	is there something im missing for chmod directory functions?	04:55
laxa8831	this is a real head scratcher lol	04:57
laxa8831	feel a bit like homer simpson...	04:57
laxa8831	and when i try ls -l /test	05:00
laxa8831	it cant find the directory	05:00
draven_sol	laxa8831, are you locally on the machine?	05:06
draven_sol	laxa8831, the command to change owner is: chown <user> <group> <filename>	05:06
draven_sol	laxa8831, to change the owner of a file which is owned by root you'll need to use: sudo chown ...	05:07
laxa8831	ok, i dont think ive set up groups yet, just individual users	05:18
UndiFineD	!addgroup	05:21
UndiFineD	ubottu does not know	05:21
ubottu	Error: I am only a bot, please don't think I'm intelligent :)	05:21
KB1JWQ	I promise I'm not trolling-- but why would I use ubuntu server over debian?	05:51
twb	KB1JWQ: predictable release dates, better security	05:52
twb	KB1JWQ: also, my customers know of Ubuntu, so they sometimes ask for it.	05:53
KB1JWQ	twb: Security is something of a nebulous concept; how're you measuring it?	05:53
twb	KB1JWQ: default options in GCC is the most obvious one	05:53
twb	KB1JWQ: ubuntu also ships with some apparmor profiles enforced by default	05:53
twb	KB1JWQ: there was an LWN article recently about the former, and Debian was pretty much the worst of the five-or-so distros profiled.	05:54
twb	KB1JWQ: https://wiki.ubuntu.com/Security/Features	05:54
KB1JWQ	Reading	05:54
KB1JWQ	I do find Upstart to be annoying.	05:54
twb	Me too	05:55
twb	KB1JWQ: try #ubuntu-hardened if you want to discuss security more	05:55
KB1JWQ	Past the obnoxious startup magic, it seems almost like they'd handle roughly the same way?	05:56
twb	Well, they're closer to one another than they are to, say, RHEL or Solaris	05:57
KB1JWQ	I can do RHEL, CentOS, or Debian in my sleep.	06:01
KB1JWQ	Ubuntu's still something of a strange animal.	06:01
twb	For most purposes you can treat Ubuntu as Debian	06:01
cappicard	hey folks. i'm trying to get bridged networking working, but i'm seeing DHCP packet received on vnet0 which has no address	06:05
cappicard	this is kvm	06:06
cappicard	xp running inside kvm.	06:06
twb	cappicard: on the host, pastebin "ip l; ip a; ip r; brctl show"	06:08
twb	Also pastebin the kvm command you're running, or the libvirt config file if you're using libvirt.	06:08
cappicard	http://pastebin.com/JFdhMMvB	06:09
twb	Well the first problem is that you don't have any VM ifaces attached to your bridges	06:10
cappicard	http://pastebin.com/1CsVGNwd	06:10
veovis_muaddib	I'm running Ubuntu server 10.04 as a multi-purpose home server, how would I go about getting it to go into a low power mode when unused, and wake again when I need it. I enabled WoL in my BIOS, but neither my computer nor my phone seem to be able to wake it with magic packets	06:14
veovis_muaddib	Whoops, period instead of question mark	06:14
KB1JWQ	veovis_muaddib: Onboard NIC?	06:15
veovis_muaddib	KB1JWQ: Yeah, I'm using the onboard NIC, I don't have a PCI NIC in there	06:15
twb	veovis_muaddib: install sleepd or similar	06:16
twb	veovis_muaddib: note that the magic packets usually need to originate on the same ethernet segment	06:16
twb	veovis_muaddib: i.e. no wireless	06:16
veovis_muaddib	twb: trying now.	06:16
twb	sleepd just makes it go to sleep, not wake up	06:16
veovis_muaddib	twb: I can't send a magic packet FROM wireless? That could kill it for me	06:16
twb	veovis_muaddib: I don't think so	06:17
veovis_muaddib	twb: crap.	06:17
twb	veovis_muaddib: you could ssh into your WRT and have IT send the actual frame, I guess	06:17
twb	I started looking into that but lost interest when dinner arrived or something	06:17
veovis_muaddib	twb: lol.	06:18
KB1JWQ	Frames actually will traverse wireless.	06:18
KB1JWQ	So it shouldn't be an issue provided that the originating point can SEND a wake packet.	06:18
twb	If you say so	06:19
veovis_muaddib	KB1JWQ: If they will go over wireless, then I wonder what my problem is.... I've sent magic packets from Wake for iOS and WakeUp for OS X. Come morning I can test from a Windows 7 or Arch Linux machine, but they're not always available	06:29
veovis_muaddib	twb: The sleepd man page says nothing about waking from anything other than keyboard and mouse, and Google's failing me. Do you know if it can, or even better, how to do it?	06:32
veovis_muaddib	*I'm probably failing to supply Google with the right keywords, but still.....	06:32
UndiFineD	http://gsd.di.uminho.pt/jpo/software/wakeonlan/mini-howto/wol-mini-howto-3.html	06:33
twb	veovis_muaddib: sleepd has ONE JOB -- when it decides the system is idle, it runs a command -- usually pm-suspend, which places the system in suspend-to-ram state.	06:37
twb	WAKING from that state is not something sleepd is involved in	06:37
veovis_muaddib	twb: Ah, yeah, now I remember you saying that earlier... Sorry	06:37
twb	For a desktop, you have something like gnome-power-manager instead of sleepd	06:38
veovis_muaddib	So I have sleepd installed, and am working on configuring it. Do you know if it will wake on ssh or smb activity?	06:39
twb	It doesn't "wake"	06:39
twb	But you can tell it not to sleep when there is network activity, IIRC	06:40
KB1JWQ	I'm weird; I like my servers to be "up."	06:40
twb	Re ssh, -w If set, sleepd will also check idletime based on utmp. This will prevent the system from sleeping while remote connections are active. It uses the time limit from -u.	06:40
KB1JWQ	You can quiesce the disks, you can turn off peripherals, but I want to be able to hit it.	06:40
twb	KB1JWQ: you would freak out when you saw the crazy stuff in Apple's current NICs	06:41
veovis_muaddib	KB1JWQ: I'm at a friend's house with it, and they're demanding that it be in low power mode when not in use	06:41
KB1JWQ	twb: I'm experiencing those issues now. I assure you I know. :-)	06:41
twb	KB1JWQ: it'll power down the whole device, except for the NIC, which will respond to a different MAC and handle the start of, I don't know, the TCP handshake -- and then it'll start up the "real" machine to deal with the actual request	06:41
twb	I read about that and went ".... GTFO"	06:42
veovis_muaddib	twb: What?	06:42
veovis_muaddib	twb: That's nuts	06:42
KB1JWQ	twb: That's insane.	06:42
veovis_muaddib	twb: Mostly the change MAC part	06:42
veovis_muaddib	I'd be troubleshooting that for days	06:42
twb	Yup	06:43
veovis_muaddib	Glad my mac is my client and not my server. I'd give up on getting that working	06:43
twb	I think it was mostly their embedded gank, not workstations	06:44
veovis_muaddib	ah	06:44
cappicard	is kvm capable of doing remote sound or is RDP to the guest the only way?	06:49
cappicard	kvm is living on my headless server	06:49
twb	cappicard: kvm is not a remove framebuffer protocol	06:49
twb	I imagine you could arrange something using pulseaudio or nas, but I've never tried it. Neither X11 nor RFB (VNC) support remote audio.	06:50
veovis_muaddib	cappicard: I have yet to find anything that will allow remote audio in any way. If you find something, I'd appreciate a link.	06:51
veovis_muaddib	looking at pulse and nas now though	06:51
twb	In theory you could even just tunnel /dev/dsp over ssh or something	06:52
UndiFineD	veovis_muaddib, how about a phone ? :P	06:53
veovis_muaddib	UndiFineD: lol	06:53
veovis_muaddib	UndiFineD: Though, on that topic, that is a device I'd like to pipe audio to...	06:54
syn-ack	Derek.	06:54
syn-ack	veovis_muaddib, Pulse Audio does.	06:55
syn-ack	supposedly.	06:55
veovis_muaddib	syn-ack: Yeah, twb mentioned it, so I'm looking at it now. All Google is showing are people having problems with it	06:55
syn-ack	I've never used it in such a fashion, myself, so...	06:56
twb	I saw it done once with asterisk, I think	06:56
syn-ack	interesting.	06:56
syn-ack	I never even thought about doing that with Asterisk.	06:56
twb	I don't mean using asterisk to tunnel the noises	06:57
twb	I mean he used pulseaudio to tunnel noises asterisk made/received/something	06:57
syn-ack	No, the hold music, right?	06:57
syn-ack	ah	06:57
syn-ack	twb, That's still an interesting take on it, though...	06:57
cappicard	hmm...	06:58
UndiFineD	o/ nigelb	06:59
nigelb	haha	07:00
alcy	anyone deploying a mysql cluster on 10.04 around here ? can't seem to find the right way to setup 'em up. don't want to use mysql binary packages, but ubuntu's are not reliable either.	07:00
twb	Define "not reliable"	07:00
alcy	...not not reliable per se, but its broke...there are open bugs with high priority but the maintainer hasnt replied.	07:01
alcy	this is the bug https://bugs.launchpad.net/ubuntu/+source/mysql-cluster-7.0/+bug/576528 ... but it doesn't seem serious functionality wise.	07:04
uvirtbot	Launchpad bug 576528 in mysql-cluster-7.0 "auto-install-tester can not install/remove this package: trying to overwrite '/usr/bin/my_print_defaults', which is also in package mysql-server-core-5.1 0:5.1.41-3ubuntu12" [High,Confirmed]	07:05
alcy	hence, the important query. :) is anyone deploying them on 10.04 ? if yes, are they using the repo packages ?	07:05
SpamapS	alcy: who is the "maintainer" ?	07:06
SpamapS	alcy: looks like that package does need some love. ;)	07:07
alcy	SpamapS: zul	07:07
SpamapS	alcy: how is zul the maintainer of mysql-cluster-7.0 ?	07:07
alcy	"Original Maintainer: Chuck Short <zulcss@ubuntu.com>" ...zul on irc :)	07:09
SpamapS	alcy: but thats not really "the maintainer" ;) MOTU is as much responsible as anyone else	07:09
SpamapS	alcy: that High confirmed bug seems like a duplicate of another one..	07:10
SpamapS	alcy: anyway, I would agree with you that it needs some love.	07:13
alcy	SpamapS: meanwhile, at my machine installation "hangs" at this "/etc/init.d/mysql: line 116: /etc/mysql/debian-start: No such file or directory invoke-rc.d: initscript mysql, action "start" failed." there's a defunct mysql process. got a clue ?	07:14
alcy	actually not a mysql process, its apt only.	07:16
SpamapS	alcy: weird	07:17
alcy	anyway, i am copy-pasting that file from another machine	07:17
SpamapS	alcy: I'm getting close to pass-out level of exhaustion.. so I'm not feeling all that clever right now	07:17
alcy	SpamapS: heh, thanks for the help anyway :)	07:18
nigelb	31	07:18
nigelb	gah	07:18
Psi-Jack	Is there no package in Ubuntu 10.04.1 that has dlm_controld.pcmk for pacemaker's dlm?	07:20
twb	apt-file will tell you	07:21
Psi-Jack	I used apt-file to search for it, with no results, which seems a little odd to me.	07:21
SpamapS	Psi-Jack: Psi-Jack what is the file?	07:22
Psi-Jack	dlm_controld.pcmk	07:22
SpamapS	Psi-Jack: cman has /usr/sbin/dlm_controld	07:22
SpamapS	I have no idea what a pcmk is	07:22
Psi-Jack	Pacemaker	07:22
Psi-Jack	cman's dlm_controld is compatible with RHCS, where dlm_controld.pcmk is compiled for pacemaker.	07:23
TeTeT	wasn't there a PPA for all of the high availability stuff? That might contain working packages	07:30
nigelb	https://launchpad.net/~ubuntu-ha/+archive/ppa	07:31
Psi-Jack	Hmmm.. A testing PPA, deb http://ppa.launchpad.net/ubuntu-ha/lucid-cluster/ubuntu lucid main	07:35
uvirtbot	New bug: #683007 in openvswitch (universe) "openvswitch-datapath-dkms binary package contains object files" [Undecided,New] https://launchpad.net/bugs/683007	08:36
zacharynewb	hello	08:37
uvirtbot	New bug: #683008 in openvswitch (universe) "debian/patches/debian-changes-1.1.0~pre2-5ubuntu3 is unnecessary" [Undecided,New] https://launchpad.net/bugs/683008	08:46
=== jj-afk is now known as jjohansen
ttx	zul: late pong	10:35
[diablo]	morning	10:55
[diablo]	anyone recommend the best clustering FS to use for the following please:	10:55
[diablo]	I have 2 x machines running Ubuntu Server 10.10, with KVM/libvirt	10:55
[diablo]	for storage I have an iSCSI LUN made available to (currently) one machine	10:56
[diablo]	the KVM machine slices the LUN (/dev/sdb) into partitions with LVM	10:56
[diablo]	so each guest is on a physical partition	10:57
[diablo]	well, lvm partition I should say	10:57
[diablo]	I am looking for a method to migrate a guest from one machine to the other... seems clustering is needed	10:58
fale	hi	11:00
fale	I'm looking for the meta package ubuntu-server, but I can't find it :( any suggestions about where I can find it?	11:01
joschi	fale: what does this package provide in your opinion?	11:41
fale	joschi: the list of the packages that is needed to be installed to have the ubuntu-server cd ;)	11:43
joschi	fale: try ubuntu-standard	11:43
fale	joschi: are you sure that is the server list?	11:43
joschi	fale: no, but that's the package installed. of course there's also the task list 'server', but that's no single package ;)	11:44
joschi	fale: `man tasksel`	11:44
fale	joschi: that's interesting :) I'll look into it, thanks :)	11:46
alcy	wonder why mysql is ignoring some settings in my.cnf. can't get around debugging this, any clue ?	11:47
alcy	afaik, the configuration directives are under the right sections	11:48
alcy	to be specific, the master-host dire3ctive for implementing replication is not getting changed.	11:48
fale	joschi: I wonder why some things are made with meta-package (like ubuntu-desktop...) and other with tasksel :/	11:48
intheloopback	Does somebody has experience with backuping a VM? Do you backup a stopped or running VM? Which method do you use?	11:55
Error404NotFound	how can i force a specific PHP version to be used for a vhost? I have compiled php5.2.14, enabled fastcgi and my vhost configuration is at http://pastebin.com/jB0AbK7Z but for some reason if i don't use php5 module, php5.3.3 is used. I want to use php5.3.3 for all other stuff while php5.2.14 only for this vhost.	11:59
Error404NotFound	intheloopback, if vm is hosted on a lvm volume, you can take snapshot while vm is running, i believe.	11:59
jussi	is this still the correct way to install lamp (10.04) "sudo tasksel install lamp-server" - the docs on h.u.c are very old (talk about 7.04)	12:05
Error404NotFound	jussi, thats correct way as long as tasksel is present on system :)	12:05
jussi	thanks!	12:06
=== jjohansen is now known as jj-afk
pmatulis	intheloopback: it depends what you want to back up	12:57
=== wieshka is now known as wieshkalv
intheloopback	pmatulis: ideally the entire vm from the host systems, but I think that this can produce an inconsistent copy. But at least I need to backup home directories, web server and a MySQL database	13:20
pmatulis	intheloopback: so shut down the guest and copy it's file image (or lvm volume) somewhere	13:23
mdlueck	We have been having difficulties attaching USB HDD's to our servers since upgrading to 10.04 LTS. https://bugs.launchpad.net/bugs/645211 Using the work-arounds to get the drives to show up connects them as if at USB 1.1 speed which is unacceptable. Suggestions?	13:26
uvirtbot	Launchpad bug 645211 in linux "USB HDD and Flash Drives no longer recognized" [Undecided,New]	13:26
=== oubiwann is now known as oubiwann_
=== oubiwann is now known as oubiwann_
=== oubiwann is now known as oubiwann_
Slyboots	Hello	13:35
Slyboots	im curious; anyone able to suggest a decent web-based system manager for Ubuntu server? Right now I have to ssh in and do everything via the CLI.. but since Im building a NAS server its preferable to have control over a web-interface	13:36
Psi-Jack	Slyboots: Webmin	13:37
Slyboots	I thought that was incomptable with Ubuntu	13:37
Psi-Jack	Personally I've found OpenSUSE makes a better NAS server than Ubuntu.	13:37
Psi-Jack	Slyboots: No, #ubuntu doesn't support it. Webmin supports Ubuntu, however.	13:37
Slyboots	Mm	13:38
l3dx	Psi-Jack: why do you prefer opensuse?	13:44
Psi-Jack	l3dx: Simplified, secure, yast2 can configure... practically almost anything from GUI, TUI, and cli.	13:47
pmatulis	has anyone used the phoronix test suite with lucid? i've found that their tests don't build at all	14:07
TheNetuno	hola como esta too aka?	14:43
uvirtbot	New bug: #673654 in clamav (main) "Upcoming clamav release with security fixes" [Undecided,New] https://launchpad.net/bugs/673654	14:52
=== unreal_ is now known as unreal
kirkland	smoser: hey	15:53
kirkland	smoser: I'm trying to launch a desktop image from http://uec-images.ubuntu.com/desktop/natty/current/	15:54
kirkland	smoser: first, I note that the "current" symlink is pointing to 11/26	15:54
kirkland	smoser: but second...	15:55
kirkland	kirkland@x201:~$ ec2-run-instances ami-a7a650ce --instance-type t1.micro --region us-east-1 --key ec2-keypair	15:55
kirkland	Client.AuthFailure: Not authorized for images: [ami-a7a650ce	15:55
smoser	1129 is failed build	15:55
kirkland	smoser: 'sup with that?	15:55
kirkland	smoser: okay ... and my failure?	15:55
smoser	kirkland, i'll look at it in a bit. "that should'nt happen" :)	15:56
kirkland	smoser: k	15:56
hggdh	isn't there a meeting now?	16:03
=== __Techie__ is now known as _Techie_
zul	yes	16:05
hggdh	where?	16:05
Daviey	hggdh: yes, previous overunning	16:05
hggdh	oh, OK	16:05
=== jj-afk is now known as jjohansen
uvirtbot	New bug: #683198 in bacula (main) "package bacula-director-mysql 2.4.4-1ubuntu5 failed to install/upgrade: el subproceso post-installation script devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/683198	16:16
smoser	kirkland, i have no idea what went wrong there.	16:22
smoser	those ids do exist, they just have no attributes	16:23
phretor	the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?	16:23
kirkland	smoser: okay	16:23
kirkland	smoser: i was able to start a maverick instance and try x2go	16:23
smoser	it seems to me it has to be an issue on the amazon side	16:23
smoser	note, that you cant boot an i386 natty instance anyway (bug 669496)	16:24
uvirtbot	Launchpad bug 669496 in linux "natty fails ec2 boot on i386 or t1.micro" [Critical,Confirmed] https://launchpad.net/bugs/669496	16:24
=== kim0_ is now known as kim0
b0gatyr	morning, can someone explain to me how or in what way having multiple DNS 'A' records that point to a single IP can help a webserver?	16:27
patdk-wk	heh?	16:27
patdk-wk	if one of your webservers is down	16:27
c0nv1ct	b0gatyr, so it works with www.domain.com as well as domain.com?	16:30
smoser	kirkland, i swear that is ec2 failure	16:31
smoser	the us-west-1 amis for that build are good	16:31
smoser	but other regions disappeared.	16:31
kirkland	smoser: okay	16:31
smoser	its not like my scripts make up numbers.	16:31
smoser	they register, and check exit codes of 'ec2-register' and the like. i've never seen this before.	16:31
phretor	any idea about my logrotate question?	16:36
ikonia	phretor: what was the question, I missed it	16:36
phretor	ikonia: the logrotate process was <defunct> on one of my systems, so I just `sudo logrotate /etc/logrotate.conf` to see if it restarted. Now it disappeared from the proc table: how can I check if logrotate is in a sane status?	16:37
b0gatyr	c0nv1ct: well not sure, but if you do a 'dig' on wikileaks.org for example the query returns multiple A records pointing at the same IP	16:37
ikonia	phretor: if it's defunct it's probably dead/zombied	16:37
ikonia	phretor: if it's not showing that state, it's probably running fine (at a basic level)	16:38
c0nv1ct	b0gatyr, oh, in that case i have no idea how that is useful	16:38
ikonia	phretor: on ubuntu logrotate is launched from cron I think so it shouldn't be running all the time	16:38
ikonia	not %100 certain though	16:38
phretor	ikonia: I see, so it might be running fine. I will check tomorrow if rotate logs exist.	16:38
b0gatyr	c0nv1ct: the IPs do resolve to amazon EC2 .. maybe using elastic IPs?	16:39
=== SirFiChi is now known as ihCiFriS
smoser	JamesPage, i would like to get some of your time at some point... i'd like to have our ec2 tests into hudson, but really have no idea what that would mean.	16:49
smoser	s/mean/entail/	16:50
JamesPage	smoser: no problem; I'm intending spending some time this week on test automation	16:50
zacharynewb	hi guys	16:55
zacharynewb	can someone help me set up a samba share?	16:55
T3CHKOMMIE	hey guy, need help finding an old bash command i forgot.	16:57
uvirtbot	New bug: #683222 in php5 "php-fpm children constantly exiting (immediately)" [Undecided,New] https://launchpad.net/bugs/683222	16:57
T3CHKOMMIE	the command runs a dos-like gui tool on ubuntu server that lets you select server roles and such	16:57
T3CHKOMMIE	its much like when you install the server you can hit space bar and select ldap server lamp server printer server... etc	16:58
TeTeT	T3CHKOMMIE: tasksel maybe	16:59
zacharynewb_	Hhi guys	16:59
zacharynewb_	can someone help me setup a samba share?	16:59
=== TheNetuno is now known as Guest66364
T3CHKOMMIE	TeTeT, thanks i think thats it lemme give it a shot.	16:59
TeTeT	zacharynewb_: probably this will help: https://help.ubuntu.com/10.04/serverguide/C/samba-fileserver.html	17:00
zacharynewb_	thanks, I'll look	17:02
T3CHKOMMIE	zacharynewb_, samba is pretty simple i can help you if you get stuck.	17:02
zacharynewb_	T3CHKOMMIE: I appreciate it.	17:03
zacharynewb_	T3CHKOMMIE: I followed those instructions	17:13
zacharynewb_	T3CHKOMMIE: and I can see that there's a "share" and now my server is showing up on the windows network, but my login is being rejected	17:13
T3CHKOMMIE	have you messed with the config file?	17:14
T3CHKOMMIE	/etc/samba/smb.conf	17:14
zacharynewb_	T3CHKOMMIE: Yes, I did. I figured it out though	17:14
slyboots	Hello again :)	17:14
aljosa	i have a big folder (~75GB) filled with 1kb files and i need to delete folder or everything inside. rm -rf big_folder would take a long time and occupy cpu, any suggestions on howto remove big_folder fast?	17:14
zacharynewb_	T3CHKOMMIE: When I first installed Samba, it said "enter new samba password"	17:14
T3CHKOMMIE	zacharynewb_, great. thats about all you need	17:14
zacharynewb_	and I gave it a password	17:15
zacharynewb_	It's not using my login password for my user account on the server	17:15
T3CHKOMMIE	oh, interesting. never had a set up a smb password	17:15
slyboots	This might be rather simple; but it has me puzzled.. "Got Ubuntu setup as a NAS with several services downloading files for me and placeing them into folders and whatnot.. What I want to have happen is when it create files in certain folders for thsoe files to inheret certain permissions	17:15
T3CHKOMMIE	are you running ubuntu server?	17:15
zacharynewb_	yeah, the guy who told me about it said it was weird too	17:15
slyboots	Mainly Group Read/Write	17:15
zacharynewb_	T3CHKOMMIE: Yes, GUIless Ubuntu 10.10	17:15
slyboots	I think this can eb done by Umask? Im just not sure how	17:15
T3CHKOMMIE	how did you install samba?	17:16
zacharynewb_	slyboots: sudo chmod g+s or something like that, it makes it so anything new created in the folder inherits that parent folders' permissions.	17:16
slyboots	And thats a permanent effect?	17:17
slyboots	Mm.. (s) Set user/Group ID on execution	17:18
zacharynewb_	slyboots: So I've read.	17:20
slyboots	Sounds perfect	17:20
zacharynewb_	T3CHKOMMIE: I installed with "sudo apt-get install samba"	17:20
zacharynewb_	slyboots: Please do go check it first, I'm new to linux, but I had to address that same issue	17:20
zacharynewb_	slyboots: I was having issues where the folder, that belonged to the user, wasn't letting them write to it, turns out the child files/folders didn't have the same permissions	17:21
zacharynewb_	sudo chmod made it so they inherit automatically, but like I said, new to linux. I'm a computer technician with windows and hardware, but not linux and mac	17:22
slyboots	hmm	17:23
zacharynewb_	T3CHKOMMIE: I can't create files or folders using the samba share	17:23
zacharynewb_	I can view the files in the shared folder with a password	17:24
zacharynewb_	but I can't write	17:24
slyboots	Yea thats not working anyway	17:24
T3CHKOMMIE	zacharynewb_,	17:24
T3CHKOMMIE	its a permissions issue.	17:24
slyboots	New files inside the folder dont inherent the permissions	17:24
T3CHKOMMIE	you can chmod your folders	17:24
T3CHKOMMIE	or you can change your smb.conf file to allow read/write	17:25
zacharynewb_	slyboots: New files that are created inherit permissions automatically, from what I read.	17:25
qman__	by default, new files that are created get permissions based on the user that created them	17:26
zacharynewb_	slyboots: There was another seperate command, to recursively go through the folders and sub folders and files to change all their permissions to match the parent, but I forget it	17:26
slyboots	Yea chmod -R	17:26
qman__	if you want to set other permissions, see the "create mask" "force user" and "force group" directives	17:26
slyboots	But I want this to happen automatically..	17:26
qman__	slyboots, ^	17:27
* slyboots blinks		17:27
Psi-Jack	And it's directories. Not folders. :p	17:33
zacharynewb_	similar	17:33
Psi-Jack	How is a graphical icon similar to a directory containing files?	17:33
Psi-Jack	man ls, what's "NAME" say about it?	17:34
Psi-Jack	ls - list directory contents	17:34
zacharynewb_	damn it	17:35
Psi-Jack	Show me 1, just 1 manpage that refers to directories as "folders", and I will pay you $20 for it.	17:35
zacharynewb_	The folders are owned by "zacharyguest" to limit privleges	17:35
zacharynewb_	slyboots: What's the command to manually take ownership everything in a folder?	17:37
slyboots	chown user:group -R foldername will do it	17:37
Psi-Jack	directory.	17:37
zacharynewb_	lol	17:37
zacharynewb_	FOLDER	17:38
Psi-Jack	d, i, r, e, c, t, o, r, y, simple.	17:38
zacharynewb_	not as simple as "folder"	17:38
slyboots	Why is it so complicated to have inheretered permissions	17:38
Psi-Jack	As I said, show me 1 single manpage that talks about directories as if "folders", $20.	17:38
zacharynewb_	directory uses more awkward keys and more of them, thus, more complicated.	17:38
Psi-Jack	Shorthand is dir.	17:38
zacharynewb_	yeah..	17:39
zacharynewb_	well	17:39
Psi-Jack	Wanna talk complicated, you.	17:39
zacharynewb_	GRR	17:39
zacharynewb_	I'm a windows user	17:39
zacharynewb_	You should see my battlestation.	17:39
slyboots	Or like.. having two groups with two differet permissions.. that seems to be actually impossible	17:40
* Psi-Jack holds back his laughter, only for a second.		17:40
Psi-Jack	Okay, guys, wanna learn something?	17:40
Psi-Jack	ACLs!	17:40
slyboots	ACL's are not fun	17:40
Psi-Jack	yes, Linux has them for every native filesystem.	17:40
slyboots	I'ave already tried that	17:40
Psi-Jack	Hell, even nautilus and dolphin have support for gui-enabled ACL editing.	17:41
zacharynewb_	OMG IT WORKS	17:41
zacharynewb_	I LOVE ALL OF YOU	17:41
datz	even me?	17:42
zacharynewb_	MY SAMBA SHARE IS BEAUTIFUL	17:42
zacharynewb_	YES, EVEY YOU, SMALLS	17:42
zacharynewb_	even*	17:42
* datz got a free ride		17:42
zacharynewb_	my beautiful server	17:42
zacharynewb_	and the printers are showing too	17:42
zacharynewb_	I love you linux	17:42
Psi-Jack	zacharynewb_: Now, try setting up two servers with DRBD drive replication, iSCSI exporting multiple lvm logical volumes with pacemaker's cluster stack. clvm, dlm, and iscsi-tgtd or iet.	17:43
zacharynewb_	what do you guys think about wikileaks?	17:43
zacharynewb_	Psi-Jack: WTF are you saying?	17:43
Psi-Jack	Oh, and a VIP for the active one of the replication.	17:43
zacharynewb_	Psi-Jack: SPEAKEH ENGLISH, mother tucker	17:43
zacharynewb_	Psi-Jack: what is drbd drive replication?	17:43
Psi-Jack	It's perfect English. Just wayyyy over your head, folder-speaking varmint.	17:44
zacharynewb_	Psi-Jack: yes, advanced linux work is indeed over my head	17:44
slyboots	Good to see the rude linux guru is alive and well :P	17:44
zacharynewb_	Psi-Jack: html, php, batch, basic TIBASIC, javascript, java, VB, are not over my head. :D	17:44
Psi-Jack	zacharynewb_: DRBD is where you have a two physically different systems replicating the same device, partition, or volume.	17:44
Psi-Jack	Over the network.	17:45
Psi-Jack	Like Raid1 over the wire.	17:45
zacharynewb_	Psi-Jack: sharing the same device between both of them?	17:45
zacharynewb_	Psi-Jack: that doesn't sound too hard	17:45
* Psi-Jack chuckles.		17:45
* zacharynewb_ can chuckle too		17:45
Psi-Jack	And no, not sharing the same device.	17:45
=== zacharynewb_ is now known as linuxnewb
Psi-Jack	Two seperate devices sharing the /exact/ same content.	17:45
Psi-Jack	Mirrors.	17:46
Jon__	dumb question, where can i find a trustworthy ubuntu 10.10 aws ami with < 10gb file size	17:46
linuxnewb	seriously doesn't sound hard.	17:46
Psi-Jack	Jon__: aws ami?	17:46
Jon__	ami for amazons ec2 free tier	17:46
Jon__	they only let u use 10gb for free	17:46
Jon__	and ubuntu only does 15gb ami's	17:46
linuxnewb	Psi-Jack: Btw, do you by chance know the 72 character long key for the latest wikileaks file?	17:46
Psi-Jack	No clue. Don't use Amazon EC2,.	17:46
Psi-Jack	I run my own equivalent of EC2, out of my home.	17:47
=== linuxnewb is now known as zacharynewb
zacharynewb	:D	17:47
Jon__	your own equivelent being vmware or what	17:47
Psi-Jack	kvm, of course.	17:47
Jon__	nice	17:47
Psi-Jack	Vmware by itself sucks.	17:47
zacharynewb	Psi-Jack: Can I share a samba share over the internet using my domain name/	17:47
zacharynewb	?	17:47
Psi-Jack	And it's extremely too hardware dependant.	17:47
Jon__	yeah im on comcast so to host games im using vps's and amazon right now	17:47
Psi-Jack	I'm on Brighthouse, yet, I have business class service for only $8 more a month than normal.	17:48
Psi-Jack	With 5 IPs.	17:48
Jon__	geez, nice deal	17:48
zacharynewb	Actually, one reason I was setting up my server is so that other people coule use it	17:48
Psi-Jack	I'm about to upgrade to their Lightning service, which is 40 MBit down, 5 MBit up.	17:48
zacharynewb	I'm on verizon fios, decent 3 MB/s connection with low ping	17:48
Jon__	fios = comcast at basic package	17:49
Psi-Jack	Which even beats Fios.	17:49
zacharynewb	um	17:49
Jon__	yeah that lightning service would be nice	17:49
zacharynewb	Comcast fucking sucks	17:49
Psi-Jack	zacharynewb: LANGUAGE!	17:49
zacharynewb	sorry	17:49
Jon__	Comcast is actually pretty good in my opinion	17:49
* Psi-Jack gets his wooden stick out, ready.		17:49
Derek	i'm having trouble setting up a KVM of lucid that i can just SSH into as soon as it's created	17:49
Jon__	and its speeds are exactly the same as fios at the basic package	17:49
Jon__	if you pay extra then yes fios will be faster	17:49
zacharynewb	using comcast, we were throttled, they blocked torrent traffic, iffy connections, customer suppoer was terrible	17:50
zacharynewb	high ping	17:50
Jon__	verzion doesnt?	17:50
zacharynewb	Not that I've noticed	17:50
zacharynewb	or not enough that I've cared to notice	17:50
Jon__	i try to stay under my 250gb cap with comcast	17:50
Jon__	thats the only downside	17:50
Psi-Jack	Blocked torrent traffic to known obvious illegal sites, you mean.	17:50
Jon__	yeah comcast isnt blocking my private trackers at all	17:51
Jon__	and when i was hosting games they wernt blocking all the random connections to my house	17:51
zacharynewb	Jon__: Psi-Jack When I was room mating last year, we had two fios connections into our house	17:51
Jon__	although technically i am break tos when i use it to host my website or games	17:51
Psi-Jack	Doesn't block legit trackers, either, like the one OpenOffice used to be on, before Oracle owned them.	17:51
zacharynewb	Psi-Jack: Jon__ We ran servers on one, a room mate was a security clearance web administrator, had his own setup as well	17:52
Jon__	nice zach	17:52
Psi-Jack	zacharynewb: Uh huh.. Not impressive at all.	17:52
zacharynewb	on the other fios connection, we gamed, netflix, movies, PS3, Xboxs, hosting things. Pretty awesome	17:52
smoser	kirkland, ping	17:52
zacharynewb	Psi-Jack: Hey, our setup was prety awesome	17:52
Psi-Jack	I doubt it.	17:52
kirkland	smoser: pong	17:52
smoser	i just put a "package" of my bug 625364 hack together	17:52
uvirtbot	Launchpad bug 625364 in pm-utils "lenovo/thinkpad T400[s]/T500/W500/X60 suspend fails" [Critical,Confirmed] https://launchpad.net/bugs/625364	17:52
smoser	https://launchpad.net/~smoser/+archive/ppa/+packages	17:53
smoser	should i put a link to that in the bug ? or does that ultimately not useful	17:53
Psi-Jack	Oh dang, I thought this was ##Linux for some reason. ;)	17:53
* Psi-Jack chuckles.		17:53
kirkland	smoser: i don't see a pm-utils build in that ppa	17:53
smoser	no pm-utils	17:53
smoser	lp-625364-hack - 0.1	17:53
Psi-Jack	But still.	17:53
Derek	anyone know how to KVM of lucid that i can just SSH into as soon as it's created, i've tried the --addpkg and --ssh-key builder options and neither lets me ssh in once done	17:53
kirkland	smoser: wow, that's the name of the package?	17:54
smoser	yes.	17:54
kirkland	smoser: well, that's not how I would have done it :-) but okay...	17:54
smoser	why not ?	17:55
zacharynewb	Psi-Jack: Why do you doubt me?	17:55
smoser	if i build a pm-utils package, then pm-utils gets reved and my package removed, and your thinkpad overheats	17:55
Psi-Jack	zacharynewb: 2 servers, hardware Raid10 6-drive setups running DRBD replication, exporting iSCSI volumes for kvm servers and shared storage for clustered virtual kvm webservers, including replicated LDAP servers for centralized authentication. 4 physical servers, 2 of which running the actual active-passive failover routing of the network, also the host systems running multiple kvm servers,	17:55
kirkland	smoser: yeah, agree with that	17:56
Psi-Jack	clustered and live-migratable between any 4 physical servers, on demand, manually, or on failover.	17:56
Psi-Jack	2 Physical systems running dedicated mysql, replicating with active-failover.	17:56
kirkland	smoser: i'd probably just a) put your script in people.canonical.com/~smoser	17:56
Psi-Jack	2 physical systems running dedicated postgresql, also replicating with active warm standby for failover.	17:56
kirkland	smoser: and put the 1-line needed to sudo wget that script to the right location	17:56
zacharynewb	Psi-Jack: See, individual systems is my thing, I have little experience with anything outside a basic network	17:57
Psi-Jack	zacharynewb: And that's just the start of what I have, at home, live. ;)	17:57
zacharynewb	Psi-Jack: I bet you can't hack my server	17:57
* Psi-Jack just shakes his head. "Grow up, moron."		17:57
smoser	kirkland, meh... this way i can actually deliver an update with a fix.	17:58
smoser	but the point is the same.	17:58
Psi-Jack	I can program, as in hack, all day long, perfectly good interfaces for management of such things.. Which ironically, I am. ;)	17:58
smoser	is it even helpful to make it easier for people to get a hack, not a real fix.	17:58
kirkland	smoser: as could you re-upload to people.canonical.com	17:58
smoser	yes, but then someone would have to know they should go get it	17:58
smoser	we have this network aware archive management thingy	17:58
smoser	called 'apt' and it runs and pulls down packages and installs them.	17:59
smoser	its really nice	17:59
kirkland	smoser: hmm, yeah, but I'm not going to leave your ppa in my sources.list	17:59
smoser	:)	17:59
Psi-Jack	smoser: Like, Bacula?	17:59
kirkland	smoser: i have no idea what kind of crack you're putting in there	17:59
Psi-Jack	Oh, no. LOL	17:59
smoser	oh, i have lots of crack there.	17:59
kirkland	smoser: and if i add your ppa, i've essentially given you root on my box	17:59
smoser	most of it just waiting to root kirkland's machine.	17:59
Psi-Jack	kirkland: But hey, at least it's all GPG signed.	18:00
kirkland	$ grep smoser /etc/apt/sources.list; echo $?	18:00
kirkland	1	18:00
smoser	if grep kirkland /etc/passwd; then sudo -Hu kirkland ssh-import-id smoser && email smoser ip-address; done	18:00
Jon__	im very proud of myself	18:00
Jon__	i can download via console with wget now	18:01
kirkland	smoser: heh	18:01
zacharynewb	Psi-Jack: I made my server to serve me, to do things, and to learn	18:01
zacharynewb	Psi-Jack: If someone can hack my server, I'd like to learn about it.	18:01
kirkland	cat /etc/hosts.deny	18:01
kirkland	ALL: PARANOID	18:01
kirkland	smoser: :-)	18:01
smoser	yeah, i could have dropped the 'sudo'	18:02
zacharynewb	if learning about it takes someone screwing with my server, awesome. :D	18:02
smoser	as it runs as a post script, so as root anyway	18:02
kirkland	smoser: okay, so the fact that you packaged your fix is "nice", but i'm just saying not necessary	18:02
Jon__	ive been lucky no1's tryed to mess with mine	18:02
smoser	but my question remains.	18:02
zacharynewb	Jon__: thats no fun	18:02
Jon__	it is when ure learning like me	18:03
kirkland	smoser: which is... should you drop a link to it in that bug?	18:03
smoser	does it "help" anything, or does it actually hurt it.	18:03
smoser	right.	18:03
zacharynewb	Jon__: learning through harsh hilarious examples is fun	18:03
Jon__	lol true	18:04
Jon__	so in the interest of securing my servers and not running as root	18:04
Jon__	i created a user and gave him a pass	18:04
zacharynewb	you get to see how water drowns your base and all of your workers	18:04
Jon__	then logged in as him	18:04
zacharynewb	Jon__: Ever played Dwarf Fortress? Dying is called "fun"	18:04
zacharynewb	or how a golbin squad comes in and kills you	18:04
Jon__	however when i try to use sudo he isnt in the sudo list	18:04
Jon__	how do i do that	18:04
Jon__	i tryed df i couldnt get into it, people i play with on minecraft love talking about df	18:04
kirkland	smoser: meh, i don't think it hurts; but i don't think it necessarily helps either	18:05
kirkland	smoser: sorry to be non-committal	18:05
zacharynewb	Jon__: Dwarf fortress has a crappy user interface	18:05
smoser	well, i tihnk it does help. since i split up the fix into 2 comments...	18:05
zacharynewb	Jon__: but it's a lot of fun	18:05
smoser	ie, one that has the fix, and one that says "oh that didn't work, put it in a different location" :)	18:05
smoser	anyway	18:05
jiboumans	smoser: hi	18:05
smoser	i have other things to do. that package is there.	18:05
kirkland	smoser: that's fair	18:05
smoser	jiboumans, hey	18:06
zacharynewb	Jon__: Also, you HAVE to have a graphics pack, or you'll be stuck with the original crappy ascii art pictures	18:06
jiboumans	smoser: got a moment to look into this cloud-init business?	18:06
Jon__	ah	18:06
smoser	yeah	18:06
Jon__	yeah i had no graphics pack	18:06
Jon__	and it all looked identical	18:06
jiboumans	smoser: awesome. i have an instance running that exhibits the problem and i can reproduce it	18:06
kirkland	smoser: the one thing I would do, though, if you do point to a package in that bug is create a new ppa under your name just for this hack	18:06
jiboumans	it looks like the 'runcmd' sections make it onto the instance jsut fine and if i run it manually it does what i expect, but i can't see any evidence of it being run by cloud-init	18:06
jiboumans	smoser: what info do you want/need to debug it?	18:07
zacharynewb	Jon__: Dwarf fortress is like minecraft, except MUCH larger, you have other fortresses working against you, and you're god controlling a bunch of miners under you to build an entire economy	18:07
kirkland	smoser: so that people adding your ppa to get the package get only this package, and not all of your other crack	18:07
smoser	what is "it" ?. do you have a user-data file ?	18:07
=== Jon__ is now known as Jon-afk
smoser	you should have something in /var/lib/cloud/data/scripts called 'runcmd' (i think thats its name)	18:07
jiboumans	smoser: it's sent as data as part of a boto call to launch instances	18:07
jiboumans	smoser: yup, i have that	18:08
smoser	i'm guessing this is 10.04 ?	18:08
zacharynewb	I seriously want that key to wikileaks	18:08
jiboumans	smoser: you got it :)	18:08
smoser	if you have that runcmd script, then i would surely think that it does get run	18:08
smoser	whats the ami ?	18:08
=== Jon-afk is now known as Jmainguy
jiboumans	smoser: it's not being run as far as i can tell. is there an artifact in the logs that shows me that it ran?	18:09
jiboumans	smoser: ami-0e1bec67	18:09
smoser	jiboumans, testing a script here really quick to make sure it "works for me"	18:10
smoser	you do know, though, that that is a daily, and might jsut be deleted tomorrow, right ?	18:11
jiboumans	smoser: eh.. no	18:11
jiboumans	damn it, did i look at the wrong list?	18:11
jiboumans	i wanted latest updated release by you	18:12
smoser	http://uec-images.ubuntu.com/server/releases/lucid/	18:12
smoser	but, with better machine formated at http://uec-images.ubuntu.com/query/	18:12
smoser	specifically http://uec-images.ubuntu.com/query/lucid/server/released.current.txt	18:13
smoser	ok, but on to your problem...	18:13
jiboumans	smoser: thanks for catching that	18:14
* jiboumans updates his scripts		18:14
smoser	/var/lib/cloud/data/scripts/runcmd is written by cloud-init (/etc/init/cloud-config-misc.conf)	18:15
smoser	and is executed by /etc/init/cloud-run-user-script.conf	18:15
jiboumans	http://nopaste.snit.ch/26298 # this is mine	18:15
smoser	its output will go to the ec2 console	18:15
smoser	hm..	18:16
jiboumans	i'm not seeing the 'hello world', there's no /etc/hostname.userdata and the hostname is set to the ec2 default	18:16
jiboumans	so none of those 3 seem to have actually run	18:16
jiboumans	is there something in the losg that tells me that cloud-run-user-script has run?	18:16
smoser	so if you run: sudo cloud-init-run-module once-per-instance user-scripts execute run-parts --regex '.*' /var/lib/cloud/data/scripts	18:17
zacharynewb	I've set up a samba share, can I access it over the internet via my domain name?	18:17
smoser	what do you see (that is taken from cloud-run-user-script)	18:17
zacharynewb	if I can, what ports does it need, and what security issues should I worry about?	18:18
jiboumans	smoser: privmsg'ing output	18:18
smoser	ok, given "already run" indicates it already ran	18:19
smoser	:)	18:19
smoser	you probably have a marker file in /var/lib/cloud/sem/user-scripts.i-*	18:19
smoser	which is what is written when it runs	18:19
smoser	remove that and try above again	18:19
jiboumans	smoser: after running it (even though it said 'already ran'), the /etc/hostname file is updated and the /etc/hostname.userdata file exists with the new hostname	18:20
patdk-wk	heh, it's not all about being able to access >2-3gigs of cache ram? :)	18:21
patdk-wk	oh opps	18:21
smoser	hm.. it doesn't seem likely... you're sure that wasn't the case before ? you can look at the code path in /usr/bin/cloud-init-run-module	18:22
smoser	it doesn't seem likely to me that it would run that and also say that it already ran	18:22
smoser	if cloud.sem_has_run(semname,freq):	18:22
smoser	sys.stderr.write("%s already ran %s\n" % (semname,freq))	18:22
smoser	sys.exit(0)	18:22
jiboumans	smoser: i can fire up another instance and just give you access if you like	18:23
jiboumans	smoser: yes, i'm sure, i checked both files before	18:23
jiboumans	i didn't check the marker files	18:23
smoser	jiboumans, sure	18:24
jiboumans	smoser: http://nopaste.snit.ch/26300	18:24
smoser	or, if you dont have anything private in user-data, you can just give me what you had there.	18:24
smoser	and i can launch my own	18:24
jiboumans	let me double check	18:25
smoser	jiboumans, i suspect that something is blocking run-user from running	18:26
smoser	and it always would have run, just very late in the game and you were always looking before it did run	18:27
jiboumans	smoser: the only private section is our puppet section	18:27
jiboumans	i'm removing that, but i'm not sure if it would affect anything, so i'm letting you know	18:27
smoser	well, that should be unrelated. you can just remove it. yeah.	18:27
smoser	oh	18:27
smoser	that is it	18:27
jiboumans	hmm?	18:27
smoser	that user script will now block on the puppet portion being consumed	18:28
smoser	it wont run until puppet stuff is finished	18:28
jiboumans	what is 'finished'?	18:28
zacharynewb	What ports do I need enabled to access my samba share?	18:28
jiboumans	smoser: just until /etc/init.d/puppet start has returned?	18:29
smoser	/etc/init/cloud-run-user-script.conf has 'start on (stopped rc RUNLEVEL=[2345] ... and stopped cloud-config-puppet ... )'	18:29
smoser	look in /usr/share/pyshared/cloudinit/CloudConfig.py for what puppet does. but i suspect that htat is what is blocking..	18:30
smoser	maybe we're running down a rathole, but try removing the puppet section and running it.	18:30
smoser	i think you'll get your runcmd stuff run	18:30
jiboumans	i'll give that a go... and puppet does take some time to set up	18:31
jiboumans	hmm	18:31
smoser	then, add it back in, and i thikn that when you ssh in, you'll see a process 'cloud-init-cfg config-puppet' running	18:31
smoser	this would explain why that change magically happened even though it was "already run"	18:32
smoser	(ie, the timing was just right)	18:32
jiboumans	that would make sense	18:32
jiboumans	let me go give that a try	18:32
jiboumans	smoser: indeed, upon login the cloud config for puppet is running	18:36
jiboumans	let's see what happens when that's done	18:37
jiboumans	smoser: there's a few minutes between when the puppet timestamp and the runcmd timestamp are put in place though:	18:41
jiboumans	-rw-r--r-- 1 root root 13 2010-11-30 18:40 user-scripts.i-efda9282	18:41
jiboumans	-rw-r--r-- 1 root root 13 2010-11-30 18:36 config-puppet.i-efda9282	18:41
jiboumans	and from the ps output during that time, nothing cloud-config/init related appears to be running	18:41
=== NG_ is now known as ng_
smoser	well its waiting on something	18:42
smoser	it could be waiting on "stopped rc RUNLEVEL=[2345]"	18:43
jiboumans	nods so it introduces a few minutes of lag but it does all run	18:44
jiboumans	looks like about 6'ish from the timestamps	18:44
jiboumans	smoser: thanks for looking into it with me though	18:46
smoser	you can try each of those dependencies in turn	18:46
smoser	i wonder if puppet ens up causing 'rc' to hang	18:47
smoser	s/ens up/ends up/	18:47
smoser	jiboumans, note, that you can 'rm -Rf /var/lib/cloud' and reboot, and it will think its first boot (other than your non-local stuff)	18:47
smoser	so do that, edit the dependencies in that upstart job, and try rebooting	18:48
jiboumans	smoser: i'm happy to know what's going on and the only fix on my side is to delay monitoring by a few mins	18:52
jiboumans	smoser: if it's helpful to trace this down i'm happy to share my userdata of course	18:52
smoser	i'm not sure what would be delaying the output of that job.	18:54
smoser	one thing you could do	18:54
smoser	launch an instance	18:54
smoser	ssh in	18:54
smoser	then run something like	18:54
newb	could someone help me a bit with accessing a samba share over the internet?	18:54
smoser	jiboumans,	18:59
smoser	ujobs=$(cd /etc/init && ls \| sed -n 's,.conf$,,p') ; while sleep 2; do for j in ${ujobs}; do status ${j}; done > status-$(date +%s).log 2>&1; date; done	18:59
smoser	that would, very hackily, watch that status of upstart jobs, then diffing them over time you could see what is taking so long	18:59
=== TheNetuno is now known as Guest40440
Derek	do you have to have a gui to do a first sign into a kvm linux?	19:17
zul	kirkland: where is mathias diagram again?	19:23
kirkland	zul: in the spec	19:23
zul	thanks	19:24
toddnine	Hi guys. I'm trying to create a runit file for a plain java program and not having a lot of luck. https://gist.github.com/3d9524579fdb41306351 I need to change directories then execute the java program. This works in a bash script but not runit	19:48
smoser	cjwatson, around ?	19:50
newbish	hey, could someone help me?	19:52
aetaric	!ask \| newbish	19:53
ubottu	newbish: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)	19:53
newbish	I have installed deluge, and ufw seems to be blocking torrents	19:53
newbish	how would I add a rule to ufw allowing deluge to download?	19:54
newbish	I've already tried sudo ufw allow deluge	19:54
newbish	and deluged	19:54
jdstrand	newbish: if this is the client, then do:	19:55
jdstrand	sudo ufw allow 6881:6891/tcp	19:56
newbish	this is the daemon on the server	19:56
newbish	jdstrand: ^	19:56
jdstrand	I don't know offhand what port it listens on	19:56
newbish	isn't there a way to set ufw just to allow the program deluge to connect to the internet?	19:57
newbish	it's easy to allow ports	19:58
newbish	and I'm sure I can set specific ports	19:58
newbish	for deluge	19:58
jdstrand	newbish: no, it doesn't work like that. you need to either know the port/protocol, the service name as in /etc/services or use an application profile. in the case of deluge (eg sudo ufw allow OpenSSH), there isn't an application profile	19:58
jdstrand	at least that I am aware of	19:59
jdstrand	'sudo ufw app list' will give you a list of application profiles	19:59
jdstrand	that are on your system	19:59
newbish	jdstrand: I might be able to find the service name	20:01
jdstrand	http://dev.deluge-torrent.org/wiki/Faq#WhichportsshouldIuse has some info	20:01
newbish	How would I access my samba share over the internet?	20:11
RoyK	newbish: it's possible, using the ip address given the needed ports are open, but I wouldn't recommend it - the SMB protocol sucks rather badly over a high-latent link	20:17
qman__	newbish, it's also a Very Bad Idea (TM) from a security standpoint, and many ISPs block it on this basis	20:18
newbish	qman__: RoyK I was thinking about it, but you're probably right	20:19
qman__	for simple file transfer, SFTP is an easy and secure way	20:20
RoyK	newbish: if not considering security, the SMB protocol is extremely chattery, so each request will make a bunch of hi, ho, yes, no, sure?, well, really?, dunno, well - check, can I?.........	20:20
qman__	if you need the functionality of samba, go for a VPN instead	20:20
* slyboots brain melts into goo trying to figure out the firewall		20:20
RoyK	qman__: the chatting will still be a problem if not on a low-latency link	20:20
qman__	yeah	20:21
slyboots	Using ufw.. does this ruleset make sense for the following case: Allow machines on the local network access port 53; and deny everyone else	20:21
slyboots	127.0.0.1 53 ALLOW 192.168.1.0/24 53	20:21
slyboots	53 DENY Anywhere	20:21
slyboots	Thats To / Action / From	20:22
qman__	no	20:22
qman__	machines on the local network will not contact 127.0.0.1	20:22
qman__	they will contact your interface's IP	20:22
slyboots	So I have to give the servers IP address	20:22
qman__	e.g. 192.168.1.1	20:22
slyboots	Okay; so if I fix that.. that ruleset works?	20:22
slyboots	Its all NAT'ed off anyway.. but it doesnt hurt	20:22
qman__	get rid of the second rule	20:22
RoyK	slyboots: you'll soon find out if you try	20:22
qman__	and just change to a default drop	20:22
slyboots	RoyK: That seems like a terrible way to test	20:23
robbiew	smoser: am I right to assume bug 669496 only affects ec2 images, not the ISOs?	20:23
uvirtbot	Launchpad bug 669496 in linux "natty fails ec2 boot on i386 or t1.micro" [Critical,Confirmed] https://launchpad.net/bugs/669496	20:23
jdstrand	slyboots: you can a) not give anything at all and just use 'from', b) give the server's address for 'to' or c) specify the interface	20:23
newbish	where can I view the system log?	20:23
RoyK	slyboots: only way to test	20:23
smoser	robbiew, correct. only i386 and t1.micro. the isos should boot.	20:23
RoyK	newbish: dmesg or /var/log/*	20:23
slyboots	RoyK: I prefer the "Ask about to see if it make sense before lowering it into the pit of lions"	20:23
RoyK	slyboots: you can't really get to the lions with that sort of stuff	20:24
robbiew	smoser: thnx... skaet_ was freaking me out there for a minute :P	20:24
slyboots	So if I just say allow all from $localnet/53 without stating a to.. that'll work also?	20:24
RoyK	slyboots: remove the DENY rule, that's implicit by default	20:24
qman__	slyboots, the second rule will probably prevent your server from making DNS requests	20:24
jdstrand	slyboots: assuming you have a default deny policy (the default in Ubuntu, and can be seen with 'sudo ufw status verbose'), then only one rule is required	20:24
RoyK	qman__: not really, those rules are in the INPUT table	20:25
slyboots	Well currently I have it set to allow all at the moment	20:25
jdstrand	well, probably not-- all is allowed on loopback and these are incoming rules	20:25
qman__	ah	20:25
slyboots	But thats so it wont kill my SSH :P	20:25
smoser	well, she should freak out, and kick those kernel developer bums in the rear	20:25
smoser	:)	20:25
slyboots	Its a hour's drive away so that would be.. annoying	20:25
RoyK	slyboots: you'll have to add an explicit rule to deny ssh to kill it	20:25
jdstrand	slyboots: sudo ufw allow OpenSSH	20:25
slyboots	I want to keep SSH going lol	20:25
RoyK	jdstrand: allow ssh	20:25
slyboots	Okay.. give me a sec	20:25
jdstrand	slyboots: do that before enabling the firewall and you should be fine	20:25
cjwatson	smoser: on holiday, but SMS me (number in directory) if I'm urgently needed	20:25
RoyK	not OpenSSH	20:25
smoser	cjwatson, not quite that urgent. :)	20:26
smoser	i'll open you a bug for your reading	20:26
jdstrand	RoyK: ssh will work, but there is an application rule for sshd (see ufw app list)	20:26
newbish	I can't figure out what's keeping deluge from downloading	20:26
RoyK	jdstrand: and what does that include that /etc/services doesn't?	20:26
jdstrand	RoyK: also, /etc/services has both udp and tcp listed for ssh, which is less precise than required	20:26
newbish	it's showing a large number of seeders and peers	20:27
* slyboots grrs		20:27
slyboots	The Syntax on ufw is.. so weird -.-	20:27
RoyK	jdstrand: well, indeed, but who listens to 22/udp anyway :P	20:27
jdstrand	RoyK: in the case of OpenSSH, it will do ssh/tcp	20:27
RoyK	slyboots: try manual iptables syntax :)	20:27
newbish	but it's giving me an error in downloading	20:27
slyboots	RoyK: I actaully did a course in linux networking.. but that was years ago and I've pretty much forgot it all	20:27
slyboots	lol	20:27
RoyK	ufw is a frontend to iptables - it simplifies stuff and adds a truckload of rules you wouldn't have thought of	20:28
newbish	RoyK: I've just looked in the download folder for deluge. There aren't any files or folders, so I suspect that deluge isn't being allowed to create the file to download to.	20:28
jdstrand	slyboots: see the ufw man page. there is a simple syntax (ufw allow foo) and an extended syntax based on BSD's PF (ufw allow in on eth0 from 192.168.0.1 to any port 22 proto tcp)	20:28
slyboots	Okay; so teh new rule is now.. Anywhere ALLOW 192.168.1.0/24 53	20:29
newbish	RoyK: I have it set so that deluge is run as my username	20:29
cjwatson	smoser: ok	20:29
=== TheNetuno is now known as Guest26471
RoyK	newbish: can that user write to the given directory?	20:29
slyboots	That should be OK?	20:29
newbish	RoyK: I think so, I also chowned it.	20:29
jdstrand	slyboots: no, you are allowing 192.168.1.0/24 from port 53	20:29
jdstrand	slyboots: you want:	20:29
RoyK	newbish: test it	20:29
newbish	sudo chown zachary -R /folder/	20:30
jdstrand	sudo ufw allow from 192.168.1.0/24 to any port 53	20:30
newbish	it's still not downloading	20:30
jdstrand	slyboots: please see the man page. it should help make everything clear	20:30
newbish	oh what do you know	20:30
newbish	RoyK: It started just now	20:30
slyboots	Okay okay; so.. 53 ALLOW 192.168.1.0/24	20:31
slyboots	think I'm getting it now	20:31
jdstrand	slyboots: the basic idea is there is a 'to' clause and a 'from' clause	20:31
slyboots	I've the man page on another screen; its just not making a hell of a lot of sense.. But I think I have it now	20:31
jdstrand	either can be omitted depending on the rule...	20:31
slyboots	The new rule allows any trafic from the local LAN on port 53; to port 53 on the server only	20:31
jdstrand	slyboots: I wouldn't word it that way	20:32
slyboots	As apposed to allowing said trafic to ANY port on the server.. as long as it was over port 53?	20:32
slyboots	*source port was 53	20:32
jdstrand	slyboots: it allows hosts in the local LAN to connect to this host on port 53	20:32
jdstrand	slyboots: well, I am not sure what rule we are talking about any more :)	20:33
jdstrand	(I described '53 ALLOW 192.168.1.0/24')	20:33
slyboots	Yes; Thats the rule I have now	20:33
jdstrand	hosts in the 192.168.1.0/24 network are allowed to connect to port 53 on the machine you added the rule on	20:34
slyboots	:)	20:35
qman__	that's effectively enough provided everything else is working	20:37
qman__	there are some spoofing attacks under certain cirumstances where that would allow more than you want	20:37
qman__	but if your DNS server is not your gateway/router, you don't have to worry about it	20:37
slyboots	Cool	20:38
jdstrand	fyi, the default Ubuntu kernel uses rp_filter for source address verification	20:40
MuSh	hi	20:40
RoyK	10Gbps network, check, 10Gbps NICs, check, SAS 6gbps controllers, check, but no mapping between physical location of drive and the device name :(	20:40
slyboots	Im tstarting to think just using iptables woudl be simpler	20:40
slyboots	:P	20:40
jdstrand	actually, that is overstated. the kernel doesn't, but a default Ubuntu install sets that in /etc/sysctl.d/10-network-security.conf	20:41
jdstrand	slyboots: if you are going to set it up yourself, you might want to check out all the stuff ufw is doign behind the scenes in /etc/ufw so that you have everything you need	20:42
jdstrand	and by 'it', I mean 'just use iptables'	20:42
MuSh	jdstrand, why ufw is inactive at system startup?	20:44
MuSh	i have used sudo ufw enable and i tryed sudo sysv-rc-conf ufw on	20:45
MuSh	but it's inactive at system startup...why?	20:45
jdstrand	MuSh: sudo ufw enable is enough to both start it now and enable it on boot. When it doesn't start on boot it is almost always because there is another firewall program or script that runs after it and flushes ufw	20:46
slyboots	haha	20:47
slyboots	sound.. fun :)	20:47
qman__	I'm fairly impressed with UFW	20:47
qman__	it provides 90% of the functionality in an easy to use way	20:48
jdstrand	qman__: glad to hear. I would like to add qos and FORWARD support, but haven't been able to get to it yet	20:48
qman__	good to know	20:49
jdstrand	it would also be fun to have network-manager integration and firewall profiles so that when say you are at home the firewall is more open and when you are on the road very closed	20:50
jdstrand	(obviously configurable)	20:51
qman__	yeah, definitely a good idea	20:51
MuSh	jdstrand, for example? i haven't idea	20:51
jdstrand	MuSh: well, you could start with 'dpkg -l\|grep -i fire' and see if anything jumps out at you	20:52
qman__	yeah, and if you've done any other firewall-related configuration on it, look there	20:53
qman__	such as iptables-save	20:53
jdstrand	MuSh: beyond that, a 'grep -r iptables /etc' might give details	20:53
jdstrand	s/details/hints/	20:53
jdstrand	MuSh: is this perchance on a virtualized hosted server?	20:55
MuSh	with "dpkg -l\|grep -i fire" the output is "ii ufw 0.30.0-1ubuntu2 "	20:55
MuSh	jdstrand, no	20:56
lithpr	hello. When installing 10.10 server, i am prompted as to whether i want to install a LAMP stack bundle. In the server guide, i see info on installing each of these seperately. Where can i learn more about the bundle it is offering to install?	20:57
qman__	lithpr, it installs just the basic LAMP, apache httpd, php5 as an apache module, and mysql	20:58
MuSh	jdstrand, http://pastebin.ubuntu.com/538423/	20:58
lithpr	okay, thanks. i'll give it a try.	20:59
qman__	effectively the same as installing apache2, libapache2-mod-php5, and mysql-server	20:59
lithpr	excellent, thanks guys!	21:00
jdstrand	MuSh: based on your version of ufw, it looks like you are running ubuntu 10.10	21:00
jdstrand	MuSh: ufw in 10.10 uses upstart, and so the sysv-rc-conf command is not needed	21:01
jdstrand	MuSh: what are the contents of /etc/init/ufw.conf?	21:02
MuSh	jdstrand, http://pastebin.ubuntu.com/538428/	21:03
jdstrand	that looks fine	21:03
jdstrand	MuSh: can you give the output of:	21:04
jdstrand	sudo /lib/ufw/ufw-init stop	21:04
jdstrand	sudo /lib/ufw/ufw-init start	21:04
MuSh	http://pastebin.ubuntu.com/538431/	21:05
jdstrand	MuSh: can you paste your /etc/ufw/before.rules file? if you don't want it public, feel free to privmsg me	21:05
jdstrand	but based on that, it looks like something in there has a bad netmask	21:06
=== ng_ is now known as NG_
=== NG_ is now known as ng_
uvirtbot	New bug: #682593 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subproces installed post-installation script gaf een foutwaarde 1 terug" [Undecided,New] https://launchpad.net/bugs/682593	21:13
ScottK	SpamapS: Would you be able to prepare an SRU for Hardy for Bug 551655? I'd be glad to upload it.	21:19
uvirtbot	Launchpad bug 551655 in spamassassin "open-whois.org is cybersquatted and its rules should be removed from Spamassassin" [Undecided,Fix released] https://launchpad.net/bugs/551655	21:19
RoyK	LEGO ftw! http://www.youtube.com/watch?v=6LHdGIBSq9s	21:27
SpamapS	ScottK: re spamassassin bug, I'd be happy to. Who can accept it for Hardy?	21:53
ScottK	SpamapS: It'll be ~ubuntu-sru, but I can upload it to the queue.	21:53
SpamapS	ScottK: as of right now I can't assign it to myself.	21:53
SpamapS	I mean I can assign the main task, but it has not been accepted for hardy yet.	21:53
ScottK	I can do that.	21:54
ScottK	SpamapS: All approved and pointed at you now.	21:55
SpamapS	ScottK: sweet.. building a hardy chroot now, but probably won't have it done till tomorrow or Thursday.	21:56
ScottK	OK.	21:56
SpamapS	If my wife would let me work on ubuntu all 18 hours a day that I'd need to to keep up with the SRU load.. things would be different. ;)	21:57
ScottK	Right. I'm married too, so I won't question that prioritization.	21:57
GCS	Hi all!	22:08
=== FireCrotch is now known as nickmoeck
=== TheNetuno is now known as Guest26057
Callum__	okay, my print server can print anything, but jobs that have Japanese characters in them	23:32
Callum__	seriously, anything thats completely in English is fine, and even Arabic and Chinese work fine	23:32
Callum__	but Japanese, makes my printers freeze up and the job doesn't get done	23:32
Callum__	I'm thinking its font related, any ideas? I have the ttf-msttcorefonts packages installed on the computers that I am printing from	23:33
=== ng_ is now known as NG_

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!