twb | hackeron_: no | 00:04 |
---|---|---|
twb | http://paste.debian.net/101692/ some notes I wrote on the subject | 00:05 |
=== jjohansen is now known as jj-afk | ||
fluvvell | I know there's hardly anyone around, but an opinion please: Am I better with IBM's SAS raid hardware onboard a new x 3100 M3 series (entry level) or linux raid ? Its just a simple mirror setup, and the controller seems to have been detected ok. | 01:00 |
fluvvell | I've installed linux software raid so far, but I've no idea how to compare them anyway. | 01:00 |
ivoks | do you see both disks on your controller? | 01:01 |
ivoks | in linux | 01:01 |
ivoks | advante of linux raid is that you can unplug your disks and plug it in anywhere | 01:03 |
ivoks | advantage | 01:03 |
FunkyBob | ivoks: and by "linux raid" you mean "software raid"? | 01:09 |
FunkyBob | fluvvell: hardware raid is just that -- the hardware does it, so the OS is ignorant of the fact there's more than one disc | 01:10 |
hansin | Question here: I once has U-server installed on an older small PII box (300Mhz, 512Mb RAM). It ran fine. Great little box I would just SSH into. It is a little loud so only ran when needed. When I shutdown the server (done via 'sudo shutdown -h now' when SSH'ed in), it shuts down but it doesn't full turn the computer off. I have to manually hold the power button to shut it off completely.... | 01:20 |
hansin | ...Thing is, I went ahead and installed Debian Testing and it shuts down completely. I want to go back to U-server (10.10) but would rather it just shutdown completely. As a side note, I have never run latest U-server on this. Any thoughts? Thanks. | 01:20 |
hansin | I would think if Debian could shut this down completely, Ubuntu should too. | 01:21 |
fluvvell | FunkyBob, I guess the OS knows via the SAS driver modules, but my colloquial question "better off" was meaning which will perform better, or give the biggest all around benefit. | 01:24 |
fluvvell | FunkyBob, last time I did a comparison, it was with old paradise raid controllers, and the linux community found software raid to perform better | 01:25 |
fluvvell | ivoks, yes I see both disks on the controller, and yes to the software raid. | 01:26 |
FunkyBob | fluvvell: hardware raid is generally much faster | 01:29 |
FunkyBob | "hardware assisted" raid, otoh... not always so good | 01:29 |
qman__ | real hardware raid (usually) offers better performance | 01:36 |
qman__ | linux software raid offers better compatibility and more options | 01:37 |
qman__ | which is better depends on your needs and preferences | 01:37 |
qman__ | fake raid is useless | 01:37 |
qman__ | only performs as good as software raid with the feature limitations of hardware raid | 01:37 |
qman__ | hansin, use `sudo poweroff` | 01:40 |
qman__ | if that still doesn't work, it's probably an APM/ACPI driver problem | 01:40 |
hansin | qman__: Thanks. I just wrote all that down so I can try once I install. I think I get the driver thing as well, as in if it can't communicate the the HW to power off, the OS will shut down, but the HW will still be on. I'll test it all out. | 01:46 |
hansin | Okay, one more question: I know U-Server can be updated to new releases (say 10.4 -> 10.10 -> 11.4) with 'do-release-upgrade' found in 'update-manager-core'. What I am wondering is, are there sometimes things that just can't update and get you to where you would be with a fresh install? | 01:51 |
hansin | I get that things like the files system (ext3 vs. ext4) are usually set, and often GRUB will stay at GRUB vs. GRUB2. | 01:51 |
hansin | (I don't care about these since I will install as ext4 and GRUB2). But are there other things? Like the transition from 'sysvinit' to 'upstart | 01:52 |
hansin | ', where there any issues there? Anything else that might miss out on an upgrade between releases? Thanks. | 01:53 |
qman__ | not really | 01:58 |
qman__ | the way it works is, certain packages won't be changed by default | 01:58 |
qman__ | if you want to, you can still switch to the new ones | 01:58 |
qman__ | like grub and grub2 | 01:58 |
qman__ | another one is the switch from sysklogd to rsyslog(?) | 01:59 |
qman__ | if you upgrade it won't change over automatically | 01:59 |
hansin | qman__: Thanks again. I'm going to move back to U-Server and give it another go. I just wanted to clarify the upgrade part. Knowing what you just said, I can more carefully inspect the release notes for new releases. | 01:59 |
qman__ | ubuntu has actually been using upstart since 6.10 | 02:00 |
qman__ | just in sysvinit compatibility mode | 02:00 |
qman__ | the major change recently was a bunch of services to upstart scripts | 02:00 |
qman__ | they're actually trying to phase out sysvinit now | 02:01 |
fluvvell | qman__, hardware profile says I have SAS1064ET PCI-Express Fusion-MPT SAS - driver mptsas. I'm not sure where I'll have compatibility issues, if its saying the dirver is already loaded... | 02:01 |
qman__ | fluvvell, what I mean by compatibility is, with software RAID, you can hook your array up to any computer running any recent linux kernel and access it | 02:02 |
qman__ | whereas if your hardware controller fails, you must find another compatible one to access it | 02:02 |
hansin | qman__: Okay, thanks. One example where there is an issue with Debian but not U-Server is using the Drizzle (MySQL derivative) PPA. It uses an Upstart script, yet Debian seems still stuck on Sysvinit. Anyway, I | 02:02 |
hansin | I'm going to switch back. | 02:02 |
hansin | Thanks.\ | 02:02 |
qman__ | no problem | 02:02 |
fluvvell | qman__ ; yes, I've needed to do that in the past, though had failure for unrelated reasons. But with mirrored raid, all the data is on both disks <shrug> | 02:03 |
qman__ | not disk failure, controller failure | 02:03 |
qman__ | with hardware raid, reading the data off the disks is impossible without a compatible controller | 02:03 |
fluvvell | qman__, even with mirror array? | 02:03 |
qman__ | yes | 02:03 |
qman__ | well, theoretically possible with a mirror | 02:04 |
qman__ | in practice though you'd have to test | 02:04 |
qman__ | every manufacturer does it a little differently | 02:04 |
fluvvell | they're standard SATA drives | 02:04 |
qman__ | that's not what matters | 02:04 |
qman__ | the controller still has to store RAID information on the disks | 02:04 |
qman__ | and how and where it creates the volumes | 02:05 |
qman__ | with software raid this is standard and open | 02:05 |
qman__ | but with hardware raid it isn't | 02:05 |
qman__ | a mirror should be recoverable with some analysis, even if you can't find a compatible controller, but it may not be easy | 02:06 |
fluvvell | yes, well part of my trepidation over doing the hardware raid setup was not knowing. Its all in the bios but unfamiliar to me | 02:06 |
Patrickdk | is it real hardware raid? or fake raid? | 02:06 |
qman__ | fake raid is another story | 02:06 |
fluvvell | It does seem a pity though to have a nice piece of hardware sitting there unused | 02:06 |
qman__ | since it's really just software raid, dmraid can access it even without a compatible controller | 02:07 |
Patrickdk | I like real hardware raid with bbc, makes writes really good | 02:07 |
fluvvell | the IBM has four sata quick load trays. They all go back to the PCI card | 02:07 |
fluvvell | bbc? | 02:07 |
Patrickdk | battery backed cache | 02:07 |
qman__ | yeah, that's some serious hardware | 02:07 |
qman__ | where you really see the performance gains | 02:07 |
fluvvell | OK I'm talking sub $1K, for server and hard disks! | 02:08 |
Patrickdk | you can spend <1k on a server? without disks or raid? :) | 02:08 |
qman__ | my disks cost nearly that much | 02:08 |
fluvvell | :-) WITH both | 02:08 |
Patrickdk | fluvvell, ya, software raid is your best bet | 02:08 |
qman__ | but yeah | 02:08 |
qman__ | in that price range, the hardware is unlikely to have significant performance gains | 02:09 |
Patrickdk | ya, my disks are going start at 3k, I'm hoping for 4k though | 02:09 |
fluvvell | reliable array of inexpensive disks | 02:09 |
qman__ | to the point where the features of software raid are worth the difference | 02:09 |
Patrickdk | mediocer array of expensive disks :) | 02:09 |
fluvvell | there's only 5 staff in the building | 02:09 |
Patrickdk | doesn't matter | 02:09 |
Patrickdk | have 7 staff | 02:10 |
qman__ | my file server is consumer grade stuff | 02:10 |
Patrickdk | but we have 96 300gig sas dual channel 6g drives | 02:10 |
qman__ | and it still cost more than $1k | 02:10 |
Patrickdk | but we are running around 80 vm's loaded mainly with mssql :( | 02:11 |
qman__ | unfortunately it's failing on me | 02:11 |
qman__ | the motherboard is shot, keeps crashing | 02:11 |
fluvvell | ok just a little over $1K | 02:11 |
Patrickdk | motherboards seem to be one of the biggest failing points these days | 02:11 |
Patrickdk | it used to be psu, but now I think motherboard is worse | 02:11 |
qman__ | well, it was built on a budget | 02:11 |
qman__ | socket 939 foxconn | 02:11 |
fluvvell | by the time I put two WD Blue 1Tb 7200 drives in | 02:12 |
qman__ | when I get the money to replace it, it'll be an AM3 gigabyte | 02:12 |
fluvvell | I've never had one of the IBM mbs fail. All others I've had some failures. | 02:12 |
=== asac_ is now known as asac | ||
fluvvell | Long term, I've had heaps of gigabyte mbs fail, caps leak, weird chipset failures. | 02:13 |
Patrickdk | heh, I just replace the caps | 02:13 |
qman__ | they use japanese caps now | 02:13 |
* fluvvell lacks a good extracting temp controlled solder sucker | 02:14 | |
qman__ | so far, so good anyway | 02:14 |
SpaceBass | hey folks | 02:14 |
SpaceBass | after an upgrade, my box doesn't have a syslog file anymore... any idea how I can recreate it? | 02:15 |
fluvvell | Patrickdk, where I have replaced caps (on a graphics card) it didn't fix the failure so I gave up. Not worth it on a $60 card :( | 02:15 |
Patrickdk | oh? | 02:16 |
Patrickdk | I have fixed 13 motherboards so far that way | 02:16 |
qman__ | I actually had a VRM fry on a TV tuner, a friend replaced it and it's good as new | 02:16 |
fluvvell | I guess the caps leak might have led to failures elsewhere. | 02:16 |
Patrickdk | but for graphics cards I probably wouldn't bother | 02:16 |
Patrickdk | most of the motherboard had >13 dead caps | 02:16 |
qman__ | SpaceBass, which file are you referring to? | 02:17 |
SpaceBass | /var/log/syslog.log | 02:17 |
* fluvvell better go | 02:17 | |
qman__ | that's pretty strange, do you still have the other log files, messages, dmesg, kern, auth? | 02:17 |
SpaceBass | yep | 02:18 |
qman__ | and it's logging new data to them? | 02:18 |
SpaceBass | just checked, yes | 02:19 |
qman__ | I haven't run into that problem, I've upgraded hardy servers directly and a jaunty server -> karmic -> lucid | 02:19 |
qman__ | and on my systems it's /var/log/syslog, no .log at the end | 02:20 |
SpaceBass | likewise, never seen it myself | 02:20 |
qman__ | is it running sysklogd or rsyslogd? | 02:20 |
SpaceBass | qman__, your right, it should be /var/log/syslog | 02:20 |
SpaceBass | syslog 616 1.7 0.0 36472 1256 ? Sl Oct24 1113:04 rsyslogd -c4 | 02:20 |
qman__ | well, rsyslog uses /etc/rsyslog.conf and /etc/rsyslog.d/*.conf | 02:22 |
SpaceBass | thanks, I'll check them | 02:23 |
qman__ | my jaunty upgrade has both of them on it for some reason, rsyslogd is running but sysklogd still has cron files and init scripts | 02:23 |
SpaceBass | qman__, can you check owner and perms on your syslog file? | 02:25 |
qman__ | -rw-r----- 1 syslog adm 1007K 2010-12-06 21:25 /var/log/syslog | 02:25 |
SpaceBass | thanks | 02:26 |
SpaceBass | going to try the ole sudo touch /var/log/syslog | 02:26 |
Cygnus_Rift | Hello everyone, can someone let me know if I have everything correct to ssh to my ssh server? | 02:40 |
Cygnus_Rift | I installed sshd on my server and forwarded my selected ports from my router to my statically addressed server | 02:41 |
=== hansin__ is now known as hansin | ||
lwizardl | hello | 06:03 |
lwizardl | I was wondering how do I figure out how much of a server I need as a virtual server host? for my other servers | 06:04 |
hansin | lwizardl: I really don't know, but I am sure you need to determine first how many guests you want to run, what resources each of there need, and then what overhead exists on the host server. My guess is that you can "overprovision" the guests based on some formula, but don't know what the rule of thumb is. | 06:06 |
lwizardl | hmm ok | 06:10 |
Error404NotFound | what was the latest version having python2.5 as default python? | 06:22 |
twb | rmadison will tell you | 06:41 |
uvirtbot | New bug: #686343 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/686343 | 06:57 |
Error404NotFound | twb, found it, it was karmic, in lucid they dropped p2.5 | 07:18 |
twb | Why is /etc/init/ssh.conf "stop on runlevel S" | 07:49 |
twb | Surely it should be "stop on runlevel [06]" | 07:49 |
twb | Yep | 07:51 |
=== jj-afk is now known as jjohansen | ||
ivoks | fluvvell: so if you see both disks, then it's not hardware controller | 08:25 |
fluvvell | ivoks, you missed the part where I said I never set up the hardware controller during the installation. | 08:30 |
twb | ivoks: there are some amazingly shit controllers that IBM ship which present as separate disks to normal linux kernels | 08:31 |
twb | IIRC /dev/ccmra01 or something like that | 08:31 |
ivoks | fluvvell: could be; i was half sleeping at 2AM | 08:32 |
ivoks | twb: whenever someone says 'hardware on board controller', i just look on the other side | 08:33 |
lwizardl | hey | 09:06 |
lwizardl | anyone know of a place where I can find a list of what all games have a dedicate linux server option for hosting your own lan servers | 09:07 |
twb | update-motd provides nothing but an empty directory | 09:11 |
twb | What *invoked* update-motd? | 09:11 |
twb | pam_motd.so | 09:12 |
twb | Silly me for thinking it was generated DAILY | 09:12 |
jussi | Hi all, I just got a new vps with ubuntu, but it doesnt seem to have tab complete enabled, could someone direct me how to turn tab complete on? | 09:41 |
twb | jussi: . /etc/bash_completion | 09:41 |
twb | (Note the leading dot.) | 09:41 |
jussi | well I guess this is why its borked... | 09:42 |
jussi | jussi@vps323:~$ . /etc/bash_completion | 09:42 |
jussi | -bash: /etc/bash_completion: No such file or directory | 09:42 |
twb | Then you probably need to install it | 09:42 |
twb | That or you are not actually looking at ubuntu | 09:42 |
jussi | jussi@vps323:~$ lsb_release -a | 09:44 |
jussi | Distributor ID: Ubuntu | 09:44 |
jussi | Description: Ubuntu 10.04.1 LTS | 09:44 |
jussi | and so, you were right, it wasnt installed. thanks" | 09:45 |
jussi | right, so one more quick thing, Im migrating servers now, how do I pull mysql DB's out and plug them into the new server? | 09:46 |
tonyyarusso | jussi: Google for "Wordpress database backup restore" | 09:47 |
jussi | tonyyarusso: ok :D (its not for wordpress, but still I guess its the same) | 09:47 |
tonyyarusso | first two links | 09:47 |
al | why don't you just copy the datafiles, jussi? | 09:47 |
tonyyarusso | jussi: It's just that the WordPress people have a pretty good no-nonsense writeup on the matter. | 09:47 |
jussi | al: because I have no idea I can! | 09:47 |
al | well, you can | 09:47 |
jussi | where are they likely to be located? | 09:48 |
al | /var/lib/mysql? | 09:48 |
al | maybe /var/db | 09:48 |
jussi | ooh! | 09:48 |
jussi | hrrr... someone remind me of the tar command that actually makes a tar.gz file? my combinations fail... | 09:51 |
al | tar cvzf your.tar.gz stuff/ to/ back/ up/ | 09:52 |
tonyyarusso | tar cz...bah | 09:52 |
al | or, well, czf will do ;) | 09:52 |
al | create, zip, file <filename> | 09:52 |
al | but for server migrations i find rsync -az --delete much more convenient | 09:53 |
al | (resp. without the --delete ;) | 09:54 |
jussi | Im still having issues with it downloading the index.php not loading it - any ideas? | 09:58 |
twb | al: the z is actually for gzip | 10:00 |
tonyyarusso | jussi: s/it/something useful/ | 10:00 |
tonyyarusso | g | 10:01 |
al | twb, yea, so? | 10:01 |
twb | You said zip, is all | 10:01 |
al | twb, which is still correct | 10:01 |
twb | zip and gzip both use the Lempel-Ziv algorithm, but they are not interachangable. | 10:01 |
al | i didn't mean to imply that | 10:02 |
twb | Okey dokey. | 10:02 |
=== ihCiFriS is now known as SirFiChi | ||
njin | bug 588993 | 10:42 |
uvirtbot | Launchpad bug 588993 in linux "mcelog does not work due to lack of kernel support" [Undecided,New] https://launchpad.net/bugs/588993 | 10:42 |
* SpamapS curses the baby for waking him up at 2am | 10:49 | |
Jeeves_ | :) | 10:51 |
ruben23 | hi guys where do i can edit the iptables rules on my ubuntu server..? any idea where is it localted like on centos its localted on---> .etc/sysconfig/iptables <-------------for ou ubuntu server where is it...? | 11:00 |
ruben23 | any idea guys..? | 11:02 |
Jeeves_ | ruben23: How did you configure your firewall untill now? | 11:04 |
ruben23 | i just put it on my /etc/rc.local/ teh ruesl i set like masquerade since this box is set to be router. | 11:05 |
twb | SpamapS: that's what I'd call a disproportionate response | 11:06 |
ruben23 | Jeeves_:..? | 11:06 |
Jeeves_ | ruben23: So, just keep editing that? | 11:16 |
Jeeves_ | Or use ufw | 11:16 |
twb | iptables rules should be loaded during rcS, not rc.local. | 11:17 |
twb | Otherwise, you are in "allow all" mode for the entire init process. | 11:17 |
twb | Note that (usually) iptables rules can be loaded before any network devices exist. | 11:18 |
ruben23 | Jeeves_: how to used ufw...? on ubuntu-server...? | 11:19 |
Jeeves_ | ruben23: https://help.ubuntu.com/community/UFW | 11:19 |
twb | Blergh | 11:20 |
twb | diff -u <(w3m -dump https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html) <(w3m -dump https://help.ubuntu.com/10.10/serverguide/C/kerberos-ldap.html) | 11:20 |
twb | ...zero changes to that section in six months. | 11:20 |
ruben23 | Jeeves_: but there is no config file that i can put rules and edit directly on ufw..? | 11:22 |
Jeeves_ | ruben23: See /etc/ufw | 11:22 |
twb | ruben23: if you are capable of writing complex netfilter rules, you probably don't want ufw | 11:32 |
twb | http://paste.debian.net/101737/ is such a firewall I set up, using the iptables-persistent package. | 11:33 |
twb | Oops, the first file is http://paste.debian.net/101738/ | 11:33 |
ruben23 | twb: this is the script of the iptables..? - it just im more compatible like editing the iptables config file itself- adding rules on it. | 11:34 |
twb | ruben23: I don't understand the question. | 11:35 |
ruben23 | twb: sorry , i sued to do firewall with centos and i just edit the file iptables and add rules in there and apply whihc is more simple- its juts im not familiar how is it with debian. | 11:38 |
ruben23 | or ubuntu server.. | 11:38 |
Zumu | yo | 12:05 |
Zumu | I just made "apt-get upgrade" on 2.6.32 server | 12:06 |
Zumu | upgrade had grub-pc in it, but rootfs is on raid1 .. | 12:06 |
Zumu | should I worry that it won't boot? | 12:07 |
=== pthsWork_ is now known as pthswork | ||
=== jjohansen is now known as jj-afk | ||
patdk-wk | zumu nope | 13:09 |
Zumu | patdk-wk: but it asked where to install boot loader | 13:35 |
patdk-wk | yep, install it to the root of the raid | 13:36 |
patdk-wk | then it will get written to both drives, and your good | 13:36 |
Zumu | the choice was to install to sda or sdb.. | 13:36 |
Zumu | I killed that post-install trigger | 13:37 |
patdk-wk | guess your using softraid, or it would be so complicated | 13:37 |
patdk-wk | mine has 3 options /dev/sda, /dev/sdb, /dev/mapper/...... | 13:38 |
jdstrand | ruben23: there is a file you can edit directly with ufw. they are in /etc/ufw/*.rules. you probably want /etc/ufw/before.rules. see 'man ufw' and 'man ufw-framework' for details | 13:45 |
jdstrand | ruben23: but you are right, there is not one firewall system for Debian. ufw is on all Ubuntu installations, but it is opt in and you still have the choice of everything that is in Debian (or writing your own) | 13:46 |
lau | how can I handle https://bbs.archlinux.org/viewtopic.php?pid=606993 on ubuntu-server machine ? | 13:48 |
uvirtbot | New bug: #676508 in samba (main) "Lucid won't share printers via samba" [Undecided,Incomplete] https://launchpad.net/bugs/676508 | 13:51 |
stanman246 | hi, i've got a stuck mysqld, anyone know how to fix this? I can't reboot | 14:15 |
aliverius | since i am not familiar with how ubuntu and esp lts versions deal with package updates... | 14:39 |
aliverius | how is it decided if a pkg is updated or not? | 14:40 |
TeTeT | aliverius: you want to read about the SRU (stable release update process) on wiki.ubuntu.com | 14:49 |
TeTeT | aliverius: besides SRU there are also security updates | 14:49 |
aliverius | ok | 14:51 |
aliverius | so it seems that if an application was accepted in the repos when it was at an early stage of its development, | 14:57 |
aliverius | and now there is a release with more features that actually makes it more useful. then i will have to wait for another ubuntu release... | 14:58 |
aliverius | except,of course, if i build a package myself or use a package from another ubuntu release | 15:00 |
resno | aliverius: whats your question? | 15:01 |
aliverius | [16:38:58] <aliverius> how is it decided if a pkg is updated or not? | 15:02 |
aliverius | i see quassel-core irc client is stuck at 0.6.1 | 15:03 |
aliverius | 0.7.1 has important security additions (not a security update) | 15:03 |
aliverius | and in the end i am wondering how i can use the latest release | 15:04 |
awanti | I wan to configure samba server in my office. In our office their is 4 department like Sales, Marketing, Data-base, Finance. There are 25 users in our office and have to add those users in their respective departments. But here my question is i have to give different permission for particular users in department. So plz. help me to configure this! | 15:07 |
pmatulis | aliverius: an application's major version does not change in the course of a release's lifetime | 15:08 |
pmatulis | !info quassel-core | 15:08 |
ubottu | quassel-core (source: quassel): distributed, KDE/Qt-based IRC client - core/server component. In component universe, is optional. Version 0.7.1-0ubuntu1 (maverick), package size 270 kB, installed size 1068 kB | 15:08 |
pmatulis | !info quassel-core lucid | 15:09 |
ubottu | quassel-core (source: quassel): distributed, KDE/Qt-based IRC client - core/server component. In component universe, is optional. Version 0.6.1-0ubuntu1.1 (lucid), package size 261 kB, installed size 1028 kB | 15:09 |
pmatulis | aliverius: so use maverick | 15:09 |
awanti | is any buddy can help regarding samba (acl) | 15:10 |
aliverius | i will use maverick's quassel pkg. i chose lucid cause it is an LTS afterall! | 15:10 |
aliverius | or can i use the source pkg and build it on lucid? dependency wise it should be feasible, but i am comming from the archlinux world so i dont know how packages work here! | 15:13 |
pmatulis | aliverius: yes, you can build your own package | 15:14 |
aliverius | can i just download a buildscript and run it? | 15:14 |
pmatulis | aliverius: no. it's more involved. you can either build an actual .deb file or use the PPA system (send changed source and build info to launchpad) | 15:15 |
pmatulis | aliverius: you will need to do some reading | 15:16 |
aliverius | ok | 15:16 |
pmatulis | aliverius: i would say that PPA is easiest | 15:16 |
pmatulis | aliverius: as there are multiple ways/tools to build a .deb (confusing) | 15:17 |
pmatulis | aliverius: see #launchpad for LP-related questions | 15:17 |
aliverius | ok ty. i will do some research 1st | 15:18 |
uvirtbot | New bug: #686607 in openssh (main) "ssh client should mention ssh-keygen on mismatched keys" [Undecided,New] https://launchpad.net/bugs/686607 | 15:22 |
JoeyJoeJo | I've just installed ubuntu-server to a dell poweredge and all it's running is samba. What else can I run? | 15:30 |
pmatulis | JoeyJoeJo: what release did you install? | 15:31 |
JoeyJoeJo | 10.04 | 15:31 |
pmatulis | JoeyJoeJo: here: https://help.ubuntu.com/10.04/serverguide/C/index.html | 15:31 |
JoeyJoeJo | pmatulis: Thanks, that was a great link | 15:35 |
pmatulis | JoeyJoeJo: you're welcome | 15:35 |
MWelchUK_work | I'm having a bit of trouble configuring the DHCP server in Ubuntu 10.04. Specifically, PXE booting. | 15:54 |
MWelchUK_work | I have a set of host sections, each specifying a filename. The config worked in Ubuntu 8.04, but isn't working for devices using the Intel Boot Agent on 10.04 | 15:55 |
MWelchUK_work | It seems that the file and sname don't get set in the response if the DHCPDISCOVER provides a Parameter Request List. | 15:56 |
MWelchUK_work | I've tried setting option bootfile-name in the host sections, but this doesn't work - it only seems to work as a global option. Any ideas? | 15:57 |
MWelchUK_work | Hey jono | 15:57 |
jono | hey MWelchUK_work | 15:58 |
MWelchUK_work | I assume the weather is a bit warmer with you :-) | 15:58 |
=== xfaf is now known as zul | ||
uvirtbot | New bug: #686627 in samba (main) "Samba server crashes on file read." [Undecided,New] https://launchpad.net/bugs/686627 | 16:07 |
kirkland | JamesPage: hey, can you join us in #ubuntu-meeting? | 16:12 |
JamesPage | kirkland: yep - just seen the time... | 16:13 |
=== jj-afk is now known as jjohansen | ||
mpavel | I have an old computer that I want to setup as server and play about with it while in university | 16:45 |
mpavel | I'm using dyndns to use a free domain name and point that to my router which will point to my server | 16:46 |
mpavel | is there a way to setup subdomains so that I can have different websites on each running on the server? | 16:46 |
disposable | i've just installed 10.04.1 on a system with 2 disks creating software raid. I created 3 raid1 MD devices in the installer. i formatted md0(/), md1(/var) and left md2 alone so that i could play with it later. when i do fdisk -l now, i don't see just /dev/md2, i get md2p1 md2p2 and md2p3. what are they? http://pastebin.com/8seZdjWr | 17:21 |
RoAkSoAx | kirkland: still around? | 17:38 |
kirkland | RoAkSoAx: in a meeting | 17:39 |
RoAkSoAx | kirkland: ok. no worries then | 17:39 |
RoyK | hm... pbpool 514K 97.2T 66.1K /pbpool | 17:40 |
* RoyK has room for some pr0n | 17:40 | |
Wh1teL0tus | hi all , i installed a LAMP server yesterday but i'm new into it and i was wondering where to find the folder to put your web pages in ? | 17:42 |
=== jeremy is now known as Guest54520 | ||
=== Guest54520 is now known as jeremyA | ||
uvirtbot | New bug: #686671 in openssh (main) "ssh-copy-id assumes $HOME" [Undecided,New] https://launchpad.net/bugs/686671 | 17:46 |
jeremyA | hello. I've recently upgraded from 8.04.01 LTS to 10.04.01 LTS. I'm experiencing hard hangs -- which is new. This is a server running 2.6.32-26-server, without X started. I do use virt-manager over ssh-tunneled X. Nothing is logged in /var/log/messages or /var/log/kern.log | 17:46 |
jeremyA | amd64 architecture, 8gb of ram. SATA storage in softraid 1 setup. | 17:47 |
jeremyA | dual-core athlon X2 5400+. | 17:47 |
jeremyA | where should I start looking? | 17:47 |
jeremyA | I can induce hard system hangs predictably by installing an OS on a virtual machine -- this affects VirtualBox and KVM both (I switched to KVM thinking VBox was the culprit) | 17:50 |
cokegen | dmesg ? | 17:51 |
jeremyA | nothing shown | 17:51 |
jeremyA | just the standard iptables kernel logging bits. | 17:51 |
cokegen | hardware could fail at all times | 17:51 |
cokegen | I'd not discard hardware so fast | 17:52 |
jeremyA | I ran the identical hardware quite hard with 8.04.01 LTS for several years -- running both vmware server 1.0.6 and VirtualBox. This never happened before. | 17:53 |
jeremyA | which is not to say it can't be hardware. | 17:53 |
jeremyA | since nothing is getting logged to dmesg, any tips for isolating the hardware? | 17:58 |
cokegen | memtest + cpuburn | 17:59 |
mpavel | Wh1teL0tus: /var/www/ | 17:59 |
cokegen | doesn't hurts to turn off the machine for half an hour to test it | 17:59 |
jeremyA | roger. I'll try cpuburn now, then rebooted into memtest this afternoon | 18:00 |
RoyK | cokegen: I somehow think the machine is hard to test while it's off :þ | 18:00 |
* RoyK ducks | 18:01 | |
cokegen | RoyK, :D | 18:02 |
cokegen | I have my methods ... | 18:02 |
cokegen | jeremyA, I'm booting a system rescue cd to see if it actually has cpuburn in it | 18:03 |
jeremyA | thx | 18:03 |
* RoyK just booked a long weekend in Reykjavík to thaw a bit | 18:04 | |
cokegen | mprime could be another option | 18:06 |
jeremyA | cpuburn has run for 8 minutes now, and temperature on the cpu is stable at 32C | 18:10 |
cokegen | what is exactly what you define as a "hard hang" man ? | 18:12 |
jeremyA | video goes blank. keyboard mouse unresponsive. system no longer responds to pings or any network traffic | 18:12 |
cokegen | tried noacpi ? | 18:13 |
cokegen | and that kind of parameters booting the kernel ? | 18:13 |
jeremyA | I have not yet tried noacpi. I can give that a shot. | 18:13 |
* jeremyA drops off channel to reboot the gateway (which is the server in question) | 18:14 | |
cokegen | jeremyA tried something already | 18:23 |
cokegen | ? | 18:23 |
jeremyA | rebooted with noacpi in place, I thought.... | 18:24 |
jeremyA | shouldn't the "noacpi" show up in /proc/cmdline then? | 18:24 |
cokegen | I think it should | 18:24 |
jeremyA | must not have taken it. better go plug a monitor into this and force it from the grub command line. | 18:25 |
jeremyA | bbiab | 18:25 |
cokegen | k | 18:25 |
donspaulding | ssh-keygen -t rsa -C "tekkub@gmail.com" | 18:25 |
donspaulding | <forehead slap> | 18:26 |
donspaulding | aka <facepalm> | 18:26 |
cokegen | jeremyA, yes it should (confirmed) | 18:26 |
Wh1teL0tus | thanks mpavel ! | 18:29 |
jeremyA | yep, acpi SHOULD show up in /proc/cmdline | 18:29 |
jeremyA | it does now | 18:29 |
cokegen | yep | 18:30 |
cokegen | jeremyA, acpi=off could be too | 18:32 |
jeremyA | neither were there, I must not've updated grub. | 18:32 |
ZacLnxNewb | hello | 18:32 |
cokegen | I'd search the kernel docs for the kernel version you have there | 18:32 |
jeremyA | anything in particular I should be looking for, cokegen? | 18:33 |
ZacLnxNewb | I have a server, beyond-sight.com | 18:33 |
jeremyA | when I drop off next time, it'll be due to server crash... | 18:33 |
ZacLnxNewb | and I have utterly no idea how to configure webpage hosting for multiple web pages on the same server, other.beyond-sight.com versus beyond-sight.com | 18:34 |
cokegen | k | 18:34 |
cokegen | hopefully not ... | 18:34 |
jeremyA | Zac: name-based virtual hosting! | 18:34 |
Pici | ZacLnxNewb: You'd need to setup virtual hosts in your apache config and on your dns records. | 18:35 |
jeremyA | when I get back from lunch, I can help you with that ZacLnxNewb | 18:35 |
jeremyA | but someone here will probably beat me to it | 18:35 |
cokegen | jeremyA, I think most of the commands are there when you boot an install | 18:35 |
ZacLnxNewb | jeremyA: Awesome. :D | 18:35 |
cokegen | noacpi is one and there could be others of relevance | 18:35 |
cokegen | just saying that if I were you I'd try those parameters ... | 18:35 |
ZacLnxNewb | Pici: DNS records how? I have a DNS updater, I need to add that to update the dns network? | 18:36 |
ZacLnxNewb | Pici: and then Apache config for name based virtual hosts? | 18:36 |
mpavel | does anyone know of a good guide on how to do name based virtual hosts? | 18:38 |
smoser | i dont knwo what that would mean. "name based virtual hosts" | 18:39 |
Pici | ZacLnxNewb: You'll need to setup a new A record for the subdomain. | 18:39 |
smoser | oh.. apache. | 18:39 |
smoser | sorry, i was thinking the other type of "virtual" (lxc/kvm/xen) | 18:40 |
Pici | ZacLnxNewb: And then something like the following in your apache site configruation: http://paste.ubuntu.com/540727/ | 18:41 |
jeremyA | some sample configs for you, ZacLnxNewb, at http://ccis2122.linux-classes.com/week12/ | 18:43 |
ZacLnxNewb | Thank you | 18:43 |
Pici | ZacLnxNewb: I guess you could use a CNAME instead of an A record if your subdomain is being served off of the same IP as the main domain. | 18:43 |
ZacLnxNewb | jeremyA: Pici I'm trying to figure out how to make a new A record... | 18:43 |
ZacLnxNewb | Pici: Same IP, same server hosting two web sites. :p | 18:43 |
mpavel | Pici: is there a way to do that through a free domain from dyndns? | 18:44 |
Pici | mpavel: I'm really not sure, but I'd guess no. | 18:44 |
mpavel | probably that's why I wasn't able to do it so far :) | 18:44 |
mpavel | it should work with users (maybe?) | 18:45 |
mpavel | i couldn't get php scripts to execute though like that - but it could've been a php thing | 18:45 |
Pici | mpavel: I'm just thinking out loud here, but you might be able to setup a new virtualhost for a different dyndns domain that points to your same IP> | 18:45 |
mpavel | hmm | 18:46 |
mpavel | Pici: never thought of that | 18:46 |
elnur | Hi. Is there a trend about grub and xen fuckup in latest days? | 18:48 |
jeremyA | ZacLnxNewb: http://ccis2122.linux-classes.com/week3/ | 18:48 |
jeremyA | my lecture on Bind | 18:48 |
jeremyA | sorry the notes aren't more explanatory | 18:48 |
ZacLnxNewb | jeremyA: So I think I've set up the A records, subdomains with "a record" settings at the name hosting site | 18:48 |
pmatulis | !language | elnur | 18:49 |
ubottu | elnur: Please watch your language and topic to help keep this channel family-friendly, polite, and professional.. | 18:49 |
ZacLnxNewb | jeremyA: my guess is I need to set the DNS updater to update those A records to point to my server's ip addrtess? | 18:49 |
elnur | * Hi. Is there a trend about grub and xen problem in the latest days? | 18:49 |
Pici | ZacLnxNewb: Indeed. | 18:49 |
mpavel | what would be the best solution to have multiple websites on same server? | 18:49 |
ZacLnxNewb | That's currently what I'm tackling | 18:50 |
mpavel | would the easiest thing to do just be that I have a SITE_PATH variable in php and put websites in sub directories? | 18:50 |
ZacLnxNewb | mpavel: ^ | 18:50 |
mpavel | ZacLnxNewb: I thought so :) | 18:50 |
mpavel | ZacLnxNewb: me too ... for a few weeks now | 18:50 |
ZacLnxNewb | mpavel: PHP does have that, but I think there's something that's cleaner and easier, and less hacky, hopefully. | 18:51 |
mpavel | ZacLnxNewb: I have one server (old computer) to play with and would like to setup multiple websites | 18:51 |
i0nic | Hi, I was thinking of using amazons S3 service for server backups, what do you guys think about this? | 18:51 |
mpavel | ZacLnxNewb: what do you think that is? | 18:51 |
ZacLnxNewb | mpavel: Same | 18:51 |
guillaume_ | hi all | 18:51 |
Pici | Using Apache's virtualhosts is really easy as long as you can easily change your dns records. | 18:51 |
guillaume_ | i have a good question for you | 18:51 |
i0nic | I have always used dedicated boxes and setup incremental rsync scripts to backup my data to the box. | 18:51 |
i0nic | So this amazon cloud thing is very living on the edge for me, just wanted to get some input. | 18:52 |
Pici | s/is/are/ | 18:52 |
guillaume_ | i am using ubuntu 10.04 server for proxy with squid + dansguardian everything fine except i need ncsa auth and i am unable to make it working and i have already tried most of the how to on the net any idea ?? | 18:52 |
mpavel | Pici: I'm just thinking (i'm very unexperienced in servers stuff) that working with the dns and apache vhosts would be much easier if I'd have a full domain name | 18:53 |
mpavel | Pici: and a static IP address :) | 18:53 |
Pici | mpavel: It would indeed. | 18:53 |
cokegen | i0nic, S3 just works | 18:53 |
i0nic | what about redundancy | 18:53 |
i0nic | ? | 18:54 |
cokegen | they handle it | 18:54 |
cokegen | you don't have to worry about your data | 18:54 |
i0nic | uh | 18:54 |
cokegen | that's with S3 | 18:54 |
cokegen | EC2 could have more failures | 18:54 |
i0nic | but im essentially on a cloud | 18:54 |
i0nic | so would i need to encrypt my data? | 18:54 |
cokegen | but haven't seen one myself yet | 18:54 |
cokegen | I think S3 has something regarding that | 18:55 |
i0nic | okay | 18:55 |
cokegen | anyway I'd recommend to encrypt and upload and forget about any problems | 18:55 |
i0nic | are large enterprises adopting the cloud as a backup solution? | 18:55 |
jeremyA | ZacNwbLnx: yes | 18:55 |
cokegen | amazon recently made available a new API to work with their services | 18:56 |
cokegen | had a friend that was playing with it but I can't say much about that | 18:56 |
cokegen | apparently works like a charm | 18:56 |
elnur | http://paste.ubuntu.com/540735/ -- anyone knows how to solve this? | 18:57 |
elnur | This 'ignoring' stuff shouldn't be there, I guess. | 18:58 |
jeremyA | cokegen: looks like noacpi MIGHT have done it. Just installed a VM successfully | 19:00 |
mpavel | Pici ZacLnxNewb: I will give another try to users approach | 19:01 |
mpavel | you can basically have your.free.domain/~user/ | 19:01 |
mpavel | and I was thinking to create different users for each website and access it like that | 19:01 |
jeremyA | ZacLnxWeb: the server at linux-classes.com actually has several names | 19:02 |
Pici | mpavel: Setup mod_userdir: http://httpd.apache.org/docs/2.2/howto/public_html.html | 19:02 |
jeremyA | ZacLnxWeb: I have multiple CNAMEs and A Records pointing to it's IP | 19:02 |
mpavel | Pici: exactly :) | 19:02 |
jeremyA | ZacLnxWeb: then I just map each name to a different dir using vhosts | 19:02 |
ZacLnxNewb | Pici: jeremyA I'm setting up DDclient to update the A records. | 19:03 |
ZacLnxNewb | Pici: jeremyA I appreciate your help so far. :D | 19:04 |
cokegen | jeremyA, good thing to hear then | 19:04 |
cokegen | I had only one or two machines in my life that required noacpi ... | 19:04 |
mpavel | Pici: any idea if that solution would stop php scripts from running? | 19:04 |
Pici | mpavel: It shouldn't. | 19:05 |
mpavel | Pici: or would there be a need to alter something in php.ini ? | 19:05 |
mpavel | if for example the user directories are in /home/~user1/ /home/~user2/ and php is not set to execute scripts from /home/* | 19:05 |
mpavel | or something ... just thinking :-/ | 19:05 |
Pici | mpavel: But remember that www-data would need to be able to access the php files, so you'll need to make sure that is the case. | 19:06 |
mpavel | so include each user in the www-data group | 19:07 |
Pici | mpavel: Thats one way to do it. | 19:07 |
mpavel | Pici: that's the only way I know. but I can search online for alternatives | 19:07 |
Pici | mpavel: No, thats a fine way (in my opinion), but there are a whole bunch of options on how you'd want to do this depending on how restrictive you want your security policy to be. | 19:08 |
jeremyA | cokegen: yeah, this machine didn't need noacpi under 8.04.01, but new kernels == new features, new problems. At least I'm off vmware server and virtualbox now | 19:09 |
mpavel | Pici: cool. not really interested in security right now for this kind of setup. i'm just looking for easier ways to setup a working testing/playing-about environment for some projects | 19:10 |
cokegen | sure ... a bit of testing is due when you switch versions | 19:10 |
mpavel | Pici: thanks for all your help! | 19:12 |
jeremyA | anyone using iptables with bridged traffic? | 19:13 |
jeremyA | I'm getting a lot of logs like this: | 19:13 |
jeremyA | Dec 7 13:13:49 localhost kernel: [ 2791.493463] IN=br0 OUT=br0 PHYSIN=vnet0 PHYSOUT=eth0 SRC=192.168.15.17 DST=224.0.0.251 LEN=115 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=95 | 19:13 |
jeremyA | my bridge device is br0, the physical device is eth0, and I want my LAN to be able to talk to my virtual machines as if they were on the same network segment | 19:14 |
jeremyA | (like they used to be on vmware) | 19:14 |
cokegen | jeremyA, the other day I was here and a guy solved his problems with ebtables (which I didn't know it existed) | 19:15 |
jeremyA | okay, cool, thanks | 19:15 |
cokegen | to work with bridged stuff like you | 19:16 |
* jeremyA nods | 19:16 | |
cokegen | just saying you should look into that | 19:16 |
jeremyA | I've been meaning to learn ebtables for about 9 years now | 19:16 |
jeremyA | googling now | 19:16 |
cokegen | never needed to work with bridges but it's a must when working with all that virtualized stuff | 19:18 |
jeremyA | have I mentioned I dislike virtualization in general? too much extra work ;) | 19:19 |
jeremyA | keeps the electrical bill lower, tho, I guess | 19:20 |
cokegen | have to buy a VT-x capable processor | 19:20 |
jeremyA | they're sub-$100 now. | 19:20 |
jeremyA | :) | 19:20 |
cokegen | want to try how well it runs win | 19:20 |
cokegen | not here (argentina) | 19:21 |
jeremyA | oh, I bet. | 19:21 |
ZacLnxNewb | jeremyA: Pici I'm having trouble adding servers to ddclient | 19:24 |
jeremyA | ZacLnxNewb: I use ipupdate.pl for freedns.afraid.org, or adjust the DNS manually, I'm afraid :( | 19:26 |
guillaume_ | some of you well knoe squid+dansguardian config ? | 19:33 |
jeremyA | sorry, guillaume, I know nothing about that | 19:33 |
guillaume_ | lol | 19:33 |
guillaume_ | thanks for answering | 19:34 |
guillaume_ | it seem to be hard to find pepole who know | 19:34 |
jeremyA | bridging with kvm needs no ebtables, only iptables: iptables -I FORWARD -i br0 -o br0 -j ACCEPT where br0 is your bridge device | 19:44 |
* RoyK books a trip to Reykjavík to thaw up a bit | 19:45 | |
fluvvell | I really need to get this cpu fan under control, the heatsink is stone cold, but the fan constantly speeds up and slows down. sensors is alleging that fans are at 0RPM. pwmconfig alludes to increasing the fan divisors, I have no idea what that is and I cant find the doc | 20:31 |
fluvvell | ok found the doc. | 20:32 |
* RoyK hands fluvvell a screwdriver | 20:43 | |
fluvvell | he he, disconnect the fan? | 20:43 |
qman__ | well, you want to make sure it's all PWM equipment, I've got some older stuff that was pre-PWM and is not compatible | 20:46 |
fluvvell | qman__, na its brand new - four wire fan to cpu. | 20:47 |
qman__ | ok | 20:47 |
fluvvell | ive found the fan divisor setting, I think, but pwmconfig still finds current speed of 0 for all fans | 20:48 |
* fluvvell is wondering where to find hwmon0/device/pwm1 ? | 20:48 | |
fluvvell | weird. Now its all quiet! | 20:49 |
* RoyK takes his screwdriver back | 20:50 | |
* fluvvell frequently leaves screwdrivers behind clients servers and finds them on later visits | 20:52 | |
RoyK | fluvvell: the leftover screws goes into the pocket, eh? | 20:53 |
fluvvell | RoyK, I have dozens of little snap lock bags with screw selections in them :) and bitz containers on the window sill! | 20:55 |
i0nic | I'm trying to setup key authentication for ssh | 20:56 |
i0nic | and it keeps asking for the password | 20:56 |
i0nic | what am I doing wrong? | 20:56 |
RoyK | i0nic: well, I guess that depends on what you are doing..... | 20:56 |
i0nic | RoyK: is there a program to shoot my sshd_config to a pastebin program? does ubuntu provide one of thes in the repos? | 20:59 |
guntbert | !info pastebinit | i0nic | 21:03 |
ubottu | i0nic: pastebinit (source: pastebinit): command-line pastebin client. In component universe, is optional. Version 1.1-2 (maverick), package size 22 kB, installed size 404 kB | 21:03 |
i0nic | ah thanks | 21:03 |
i0nic | here is a copy of my sshd_config | 21:03 |
i0nic | http://pastebin.ubuntu.com/540785/ | 21:04 |
i0nic | not sure why its still asking for a password | 21:04 |
guntbert | i0nic: do you want to disable password based login completely? | 21:05 |
cokegen | you need to cat the public key to the machine's ~/.ssh/authorized_keys2 | 21:06 |
cokegen | and then provide ssh with the key | 21:06 |
cokegen | when connecting I mean | 21:06 |
cokegen | like this | 21:06 |
i0nic | guntbert: yes | 21:07 |
i0nic | to roots /.ssh/authorized_keys2 ? | 21:07 |
cokegen | ssh -p 22 -i /path-to-private-key/machine-key root@111.222.333.444 | 21:07 |
i0nic | i put the public key in the users .ssh/ | 21:08 |
cokegen | and you could generate your keys like this | 21:08 |
i0nic | that should be all it needs? | 21:08 |
i0nic | i put the public key in the users .ssh/ | 21:08 |
cokegen | ssh-keygen -t rsa -b 4096 -f /path-to-private-key/machine-key | 21:08 |
cokegen | you get 2 files with that last command | 21:08 |
cokegen | one is the private key and the other the public key (.pub) | 21:09 |
cokegen | that .pub you need to cat to the target machine's authorized_keys2 | 21:09 |
cokegen | i0nic, hope I was clear enough ;-) | 21:09 |
guntbert | i0nic: it is .ssh/authorized_keys by now (no 2), does key based login work at all or does it ask for password anyway? | 21:09 |
cokegen | no, just connect | 21:10 |
i0nic | guntbert: it asks for the password | 21:10 |
cokegen | but you have to provide ssh with your identity (private key) | 21:10 |
i0nic | guntbert: so apart from being in userhomedir/.ssh/ it also needs to be in /root/.ssh/authorized_keys ? | 21:10 |
guntbert | i0nic: listen to cokegen too | 21:10 |
i0nic | i am | 21:11 |
i0nic | im just trying to understand whats going on before i use the steps he gave me | 21:11 |
i0nic | cokegen: gotcha.. i am adding it now.. | 21:11 |
i0nic | cokegen: does it need to be in usershomedir/.ssh/ as well? the pub key? | 21:12 |
cokegen | think so | 21:12 |
cokegen | I just placed always into the /root dir | 21:12 |
cokegen | so I can't tell, but I'd expect to be for the user I'm trying to conect to | 21:13 |
i0nic | cokegen root doesnt have a .ssh dir | 21:15 |
i0nic | just create it? | 21:15 |
cokegen | create it | 21:15 |
fluvvell | i0nic, it depends who you are going to log in as. Best practise would be to log in as your privileged user, and sudo any root commands. In that instance, you'd ssh-copyid to the user@host | 21:15 |
i0nic | k | 21:15 |
cokegen | yep | 21:15 |
cokegen | ssh-copyid is the best method, but if you have ssh running in a non-standard port it fails | 21:15 |
cokegen | and I don't know if it has a port parameter (last time I checked I think it hasn't) | 21:16 |
fluvvell | i0nic, but on the machines where I have root login, I have removed the root password after setting up ssh keys. | 21:16 |
cokegen | probably could work with "oPort=non-standard-port-number" but I don't know | 21:16 |
fluvvell | cokegen, you can setup ports for each host in your .ssh/config file | 21:17 |
cokegen | what do you mean by each host ? | 21:18 |
fluvvell | the format is Host=hostname.org then next line port=# | 21:18 |
cokegen | I like to connect to IP addresses, but cool to know | 21:19 |
fluvvell | eg, I've got a dozen machines I regularly ssh into, there is a Host=hostname.org entry for each of them naming the non standard port I use. | 21:19 |
fluvvell | cokegen, yes but your hosts have names eventually, you could add them in your hosts file. I've got dns set up for all of them, dyndns.org for the ones on dynamic ips. | 21:20 |
i0nic | its still asking for the password, cokegen | 21:20 |
cokegen | how are you trying to connect i0nic | 21:20 |
i0nic | cokegen: ssh as a user. | 21:21 |
cokegen | ssh -i /path/key root@ip | 21:21 |
cokegen | did you cat'ed the key to authorized_keys2 ? | 21:21 |
i0nic | i did it to authorized_keys | 21:21 |
cokegen | cat keyfile >> ~/.ssh/authorized_keys2 | 21:21 |
i0nic | yah | 21:22 |
i0nic | keys2? | 21:22 |
cokegen | yep | 21:22 |
cokegen | 2 | 21:22 |
cokegen | on my machine works without the 2, but don't know why | 21:22 |
cokegen | could be keys of SSH1 ? | 21:22 |
cokegen | don't know really, but do the cat to the authorized_keys2 | 21:23 |
guntbert | cokegen: the '2' *was* necessary, they switched back since | 21:23 |
cokegen | ok, good | 21:23 |
i0nic | so, the owner of these files needs to be root? | 21:23 |
cokegen | if you're trying to connect with root, I think yes | 21:24 |
guntbert | i0nic: on the target server? yes, if you want to connect as root | 21:24 |
fluvvell | cokegen, I've just set it up on a machine without half of the complexity you've suggested. | 21:24 |
i0nic | still not working | 21:24 |
cokegen | half ? share with us please | 21:24 |
cokegen | ;-) | 21:25 |
i0nic | guntbert: no im connecting with users, I just want key authentication setup. | 21:25 |
fluvvell | http://www.linuxconfig.org/Passwordless_ssh gives the method | 21:25 |
guntbert | i0nic: the auth..keys file must be in .ssh of the user you want to connect as | 21:25 |
fluvvell | the only pre-requisite is the same user exists on both machines | 21:26 |
cokegen | fluvvell: I didn't told him more than what that webpage says | 21:26 |
cokegen | maybe added the port parameter to some of the commands etc etc | 21:26 |
cokegen | it's the same | 21:26 |
guntbert | fluvvell: why is that? | 21:26 |
fluvvell | cokegen, sorry it was guntbert | 21:27 |
cokegen | ahhh ok ;-) | 21:27 |
fluvvell | guntbert, for the method shown on the linuxconfig | 21:27 |
fluvvell | not in general, but it de-confuses a bit. | 21:27 |
fluvvell | guntbert, ssh-copy-id copies the auth keys over | 21:28 |
guntbert | fluvvell: ok, I obviously didn't see the complete context -- ignore me please :-) | 21:28 |
cokegen | mind that ssh-copy-id doesn't works on non-standard ports | 21:29 |
fluvvell | cokegen, it does if you add the hostname into your .ssh/config file. I think ip address will work as well | 21:29 |
i0nic | so what does the command ssh-copy-id do, because it works now that I've used this command? | 21:30 |
fluvvell | sorry ~/.ssh/config | 21:30 |
cokegen | fluvvell: now I get it | 21:31 |
fluvvell | :-) | 21:31 |
cokegen | anyway, still prefeer doing it manually | 21:31 |
cokegen | do you know a good method to manage a good number of those keys ? | 21:32 |
fluvvell | i0nic, ssh-copy-id copies the public key into the authorized_keys file in one command. It does simply, what guntbert described (I think was the old way) | 21:32 |
fluvvell | cokegen, its my key being copied onto the server at the other end. ssh agent allows for the revocation of keys from specific servers I believe. | 21:33 |
fluvvell | so one key to rule them all ;-) | 21:34 |
guntbert | fluvvell: for administration of several servers I use just one key (with a *very good passphrase* ™ ), and I call ssh with -A for agent forwarding | 21:36 |
=== SirFiChi is now known as ihCiFriS | ||
cokegen | didn't investigated that, but I will | 21:40 |
fluvvell | guntbert, yes I never could get around the having to type my passphrase into my machine first when I opened a new shell. I ended up typing it in over and over, negating the passwordless access to the servers. hints? | 21:41 |
guntbert | fluvvell: usually ssh-agent is running, you can add a key any time you want with ssh-add <path-to-key-file> | 21:42 |
fluvvell | I would recommend that i0nic not leave a root password on the server though | 21:47 |
eriksson26 | Hi, how do I set up remote desktop to a computer that I only have ssh acc to? I am admin. | 21:51 |
FunkyBob | eriksson26: do you need a full remote desktop? or just access to X apps running on it? | 21:57 |
MeltingK33board | ok so i have ssh-copy-id'ed my key to my server, and then tried to log in, and it still asks me for the password of my user on the server... why? | 22:23 |
MeltingK33board | did somebody just try to answer me? 'cause my tab just closed when i got the notification... | 22:26 |
RoyK | MeltingK33board: did you copy the key to ~/.ssh/authorized_keys? | 22:31 |
RoyK | MeltingK33board: also keep in mind that the .ssh dir and its contents should not be readable by everyone, chmod -R go-rwx .ssh is a good start | 22:31 |
MeltingK33board | yep | 22:31 |
MeltingK33board | it is in there | 22:31 |
MeltingK33board | I checked | 22:32 |
MeltingK33board | ok | 22:32 |
MeltingK33board | i will check the permissions | 22:32 |
=== shennyg_ is now known as shennyg | ||
MeltingK33board | RoyK: does my client machine need to be in the known_hosts file? | 22:38 |
=== jeremy is now known as Guest93269 | ||
=== Guest93269 is now known as jeremyA | ||
jeremyA | cokegen: so much for noacpi doing it. Is noacpi still supported, or with kernel-2.6.32-26 should I be saying "acpi=off" ? | 22:40 |
fluvvell | MeltingK33board, this discussion happened about an hour ago, have you seen http://www.linuxconfig.org/Passwordless_ssh gives the method | 22:41 |
MeltingK33board | yeah | 22:47 |
MeltingK33board | fluvvel: i was watching the conversation | 22:47 |
i0nic | anyone have a suggestion for a server monitoring program | 22:54 |
i0nic | for 5 servers? | 22:54 |
MeltingK33board | how about Untangle? | 22:55 |
MeltingK33board | they are a pretty robust solution... but perhaps not the right one for your needs | 22:55 |
SpamapS | i0nic: nagios has been hugely popular for a long time now | 22:56 |
SpamapS | though I believe it is forked now into something else | 22:57 |
MeltingK33board | you can also check out the monitoring section of the Server Guide... it talks about nagios and munin | 22:57 |
SpamapS | Icinga is the name | 22:58 |
jeremyA | I love nagios. | 23:00 |
jeremyA | I use it all the time. | 23:00 |
SpamapS | Yeah, its a really nice piece of software | 23:02 |
SpamapS | Icinga's just trying to modernize it a bit | 23:02 |
SpamapS | the Nagios devs have kind of gone "open core" lately where all the good stuff is in the enterprise version | 23:02 |
JanC | there is also zabbix for monitoring | 23:05 |
i0nic | SpamapS: nagios seems way intens | 23:08 |
i0nic | e | 23:08 |
dragoon123 | I am currently having problems resolving the ca.archive.ubuntu.com repo for apt-get | 23:09 |
dragoon123 | i can ping it, but it will not connect any ideas? | 23:09 |
MeltingK33board | is it in your sources.list? | 23:09 |
dragoon123 | Temporary failure resolving 'ca.archive.ubuntu.com' | 23:09 |
MeltingK33board | ah so it is a dns issue perhaps... | 23:10 |
MeltingK33board | in the ping can you see the IP? | 23:10 |
dragoon123 | hmm | 23:11 |
dragoon123 | wont ping acutally | 23:11 |
baggar11 | dragoon123: try hard setting some DNS servers in your /etc/resolv.conf file | 23:11 |
MeltingK33board | ah | 23:11 |
dragoon123 | baggar11: I did that recently and restarted the networkmgr | 23:11 |
dragoon123 | same result :/ | 23:12 |
MeltingK33board | so you did try setting dns servers recently? | 23:12 |
dragoon123 | no | 23:12 |
MeltingK33board | ok, try that | 23:12 |
dragoon123 | ? | 23:12 |
dragoon123 | do you mean the /etc/resolve.conf? | 23:12 |
MeltingK33board | it sounds like there is no dns for your system... yes resolve.conf | 23:12 |
dragoon123 | yes, like I just said I already inputted that | 23:13 |
dragoon123 | confused me for a sec heh | 23:13 |
MeltingK33board | gotcha | 23:13 |
FunkyBob | when did it grow the extra 'e'? :P | 23:13 |
baggar11 | no, it's resolv.conf | 23:13 |
baggar11 | it's in /etc | 23:13 |
dragoon123 | i know | 23:13 |
MeltingK33board | hehe... | 23:13 |
baggar11 | can you ping IP's outside your subnet? | 23:13 |
dragoon123 | yea | 23:13 |
dragoon123 | It just wont resolve hosts | 23:13 |
baggar11 | try pinging your DNS servers that you manually set in resolv.conf | 23:14 |
dragoon123 | works | 23:14 |
dragoon123 | 64 bytes from 192.168.1.1: icmp_req=6 ttl=64 time=0.303 ms | 23:14 |
dragoon123 | hmm | 23:14 |
baggar11 | 192.168.1.1 is your DNS server? | 23:14 |
baggar11 | is it broke? | 23:15 |
dragoon123 | nope lol, its my router | 23:15 |
dragoon123 | Its working fine as i am currently using my laptop with ssh conc to my server | 23:15 |
baggar11 | using dhcp or static? | 23:16 |
dragoon123 | static | 23:16 |
baggar11 | does dhcp work? | 23:16 |
MeltingK33board | why not try useing openDNS in resolv.conf: 208.67.222.22 and 208.67.220.220 | 23:16 |
dragoon123 | on router yes | 23:16 |
dragoon123 | acutally | 23:16 |
dragoon123 | lemme try inputting my isp dns | 23:17 |
dragoon123 | sec | 23:17 |
baggar11 | MeltingK33board: that's kind of what I'm getting at :) if 192.168.1.1 isn't giving out good DNS info... | 23:17 |
MeltingK33board | nope... | 23:18 |
guntbert | MeltingK33board: opendns creates weird results sometimes (for non existing domains and for "inappropriate" ones) | 23:18 |
dragoon123 | is there a single cmd for restarting networkmanager w/o using ifdown & ifup? | 23:18 |
MeltingK33board | yes | 23:18 |
MeltingK33board | guntbert: only if you configure your network in their system | 23:18 |
baggar11 | dragoon123: service networking stop/start | 23:18 |
MeltingK33board | otherwise it is only a dns server | 23:18 |
guntbert | MeltingK33board: no, I believed that too, but then I got results for nonexisting domains, and... | 23:19 |
dragoon123 | yey | 23:19 |
dragoon123 | that did it lol | 23:19 |
MeltingK33board | great | 23:20 |
MeltingK33board | guntbert: interesting... good to know | 23:20 |
i0nic | guntbert: does each server need a key generated to talk to each other? there is 5 servers on the network | 23:20 |
i0nic | guntbert: i have key authentication working for users, but they cannot scp files between servers w/o passwords | 23:20 |
baggar11 | dragoon123: was it your ISP DNS or using DHCP? | 23:22 |
guntbert | i0nic: ssh? you can either use the same key on all of them or generate different ones - scp works like ssh (including keys) | 23:22 |
dragoon123 | baggar11: I just appended my isp dns to resolv.conf | 23:23 |
MeltingK33board | nice... glad it worked | 23:23 |
i0nic | guntbert: so i need to generate the cert on one server and use it on all? | 23:23 |
i0nic | guntbert sorry i mean key | 23:24 |
guntbert | i0nic: ssh keys are for users, so you generate it at one place (your workstation), copy the public key into all .ssh/atuhorized_keys, add that key to ssh-agent on your workstation (using ssh-add) and call ssh -A .... (to forward agent authenification) | 23:25 |
uvirtbot | New bug: #686805 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/686805 | 23:56 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!