[00:00] twb: after initial installation [00:00] Dunno [00:26] ssh keys question: can i just download the server's public key and use that with putty on windows to connect to the server without password? [00:26] or i have to put the client (putty computer)'s public key onto the server [00:26] which way is it [00:27] azizLIGHTS: even if you CAN do that, you shouldn't. [00:28] whats the difference [00:28] azizLIGHTS: each host has a keypair, and each USER has a keypair. [00:28] i dont quite understand i think.. [00:28] azizLIGHTS: if you reuse the same keypair for both a host and a user, the system ends up less secure [00:28] :S i cannot undrestand that stuff twb [00:29] can u use words like server and client [00:29] in that sentence [00:29] the server and client are both hosts [00:29] the person sitting at a keyboard is a user [00:31] so if i got the server's public key, im giving access to whole server for one user on the clieint? [00:31] but u want me to do : put user@client's pub key onto server, so only the user@client can get onto server? [00:31] am i understanding [00:32] any thing like ssh keys for dummies exists? [00:32] New bug: #722386 in openssh (main) "sshd buffer overflow detected crash from certain ip addresses" [Undecided,New] https://launchpad.net/bugs/722386 [00:35] Sorry, I'm dealing with paying customers at the same time [00:36] azizLIGHTS: you don't have to do anything with the server keypair. It's exchanged automatically during an ssh login. [00:36] azizLIGHTS: if you want someone to be able to log in with a keypair, you install *their* (the user) public key in server:~/.ssh/authorized_keys [00:37] azizLIGHTS: you can also edit /etc/ssh/ssd_config with "AllowUsers user@client" to restrict access to ONLY that username from that client machine (actually, IP address). [00:38] ok so the "client" (the one who want to login) has t always put their public key onto the machine they want to access [00:38] and there is no reverse of this? [00:38] azizLIGHTS: correct. [00:39] Technically you could SSH into their machine and then set up some kind of port forward for a crappy unencrypted RPC, like say telnet or rsh. It wouldn't be very good, security-wise. [00:39] if the revese happens, it would be the same process [00:40] Right, they would need to add your public key to their .ssh/authorized_keys [00:40] ok i see it now [00:40] much better [00:40] Public key cryptography always works this way -- you publish the public key (i.e. the "lock" part), and keep the private key (the "key" part) secret. [00:41] Then, OTHER people can choose to lock up their stuff with your public key, allowing YOU to unlock it with the secret key. [00:42] Some public crypto frameworks (e.g. GPG) have a de facto mechanism to upload public keys and key revocation (burn) notices, but unfortunately SSH doesn't. [00:42] oh [00:42] You can, of course, always just email your key to people as an attachment, or put it on a public web server and have them wget it [00:43] what actually happens after you do ssh-copy-id user@host, and then do ssh user@host again, what is passed to the host [00:43] Note that the MOST IMPORTANT part of this is that you keep your private key secret. That is the weakest link in any assymetric cryptography design. [00:45] how does the host know you are user@client and that it maches the entry in its .ssh/authorized_keys [00:46] azizLIGHTS: it knows because when you do "ssh twb@example.net", user is "twb" and sshd can see that I'm coming from 203.7.155.20, which resolves to "client". [00:47] oh [00:47] THEN, it checks the key that I send against the key in ~twb/.ssh/authorized_keys [00:47] (Technically I don't send the key, but some data transformed by the key.) [00:50] k so if i do "ssh aziz@server.com" from workdesktop@client.com, server will see i am workdesktop@client.com, go check on /home/aziz/.ssh/authorized_keys for a key for workdesktop@client.com [00:50] if that makes any sense [00:51] so theres no machine wide key basically, on either side [00:54] azizLIGHTS: no, the server will see "aziz@client.com" [00:55] It's not a very intuitive way for the server to say it [00:55] i.e. from @, ssh @, sshd will see you as @. [00:56] oh === erichammond1 is now known as erichammond [02:41] hey ubuntu-server [02:41] I'm trying to setup ldap [02:41] using this guide: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html [02:42] I got to the part where I ldapadd backend.example[...] [02:42] and I'm trying to add frontend.example[...] but it's asking for LDAP admin password [02:43] I put 'durf' as the password in the backend[...].ldif [02:43] but it's failing authentication when I try to use it at the prompt [02:43] any idea what might be wrong? [02:44] It happened to me too. I think you may want to hash the backend password using slappasswd [02:44] then what? [02:44] This is the guide that I used though http://tuxnetworks.blogspot.com/2010/06/howto-ldap-server-on-1004-lucid-lynx.html [02:44] When I didn't hash the passwords, it didn't work :| [02:46] so for olcRootPw I need to use the output from slappasswd? === warren_ is now known as Guest60662 [02:47] it should look like this? "olcRootPw: {SSHA}i8HWx5MRe4wW8e3NzhMvxC6SUrYS3jtx" [02:47] nigelb? [02:48] okay, I have a server up and running and When lets say one user moves a file to the everyone folder, another file can access it but not be able to delete or change it. I just learned of thei create mask = 0765 will that help any? [02:48] and if not how may I fix this? [02:54] marshall: yeah [02:54] marshall: (sorry, stepped away for a moment) [02:55] nigelb: ok, so what can I do now to reset the admin pw? [02:55] wel, um, the last the time I messed up I did a apt-get remove --purge and redid the instructions [02:55] but that's becasue I'm new to ldap too [02:56] ok, I'll do that, thanks :D [03:56] my server 10.04.1 isn't booting... I need help critically [03:57] even the Recovery Boot option in grub isn't working [03:57] and all I get is a blank screen with a blinking cursor [03:58] I feel like the output of the boot isn't being echo'd to the screen properly [03:58] can anyone help me diagnose this? [04:04] electrofreak: Can you boot the from a CDROM (livecd) and then examine the hard drive(s) and filesystem(s) on the server from that? [04:04] I did an fsck already [04:04] I'm booting a livecd again... wonder if initramfs is messed up... and needs updating [04:07] I don't like that ubuntu server gives nearly no output at boot [04:07] I've spent many an hour debugging the simplest crap because I got no output from the boot process [04:18] I have a scary feeling I'm going to have to reinstall :-( [04:18] I can sftp just fine, but i can't ssh, it just stops there, have waiting for upto half an hour: http://pastebin.com/HxM0yYsk [04:27] ok, figured it out. [04:27] it was trying to mount FS's that weren't there. I just commented out the lines in fstab... [04:28] but I have a MAJOR issue with that fact that it doesn' [04:28] t echo anything to the screen to tell me that [04:28] can someone offer suggestions on how to fix that? I've removed splash and quiet from the grub options. [05:26] electrofreak: Are/were your missing filesystems NFS mounted? [05:26] jmarsden: no... it was a USB drive that wasn't there anymore [05:28] OK. Then I don't know what to suggest, there are special issues for NFS mounts, the intr option and soft mounting, etc... but they are NFS-specific. [05:55] Has anyone else run "virt-install" in Maverick to boot an ISO (kubuntu-10.10-desktop-i386.iso) and seen it run *extremely* slowly? [05:55] ...using 100% cpu too? [05:58] I must be doing something wrong to cause KVM to take _30_ minutes to boot an ISO! :-( [05:58] I'll go try --sdl instead of --vnc [06:04] syb: you probably don't have hardware acceleration [06:04] syb: try -nographic or -curses if you really want it to be fast [06:05] Not that I think it's the UI that's slowing it down... [06:05] kvm-ok reports "KVM acceleration can be used" [06:05] /dev/kvm is root:root with crw-rw----+ [06:06] fwiw, I ran the virt-install command as root anyways (and root is in both kvm and libvirtd groups) === Sorcier_FXK_ is now known as Sorcier_FXK [07:18] NOTE: never name a machine 'console' and expect LVM to work when /dev/console already exists! ;-) === airtonix_ is now known as airtonix [07:19] actually, just the automated 'Guided - user entire disk and set up LVM' won't work in the installer. [07:20] when installing ubuntu server and after that apt-get install wordpress, should i not end up with an working wordpress install ? [07:26] syb: read RFC1178 [07:27] yellabs-r2: if by "working" you mean "secure" -- wordpress doesn't support that [07:27] i mean, up and running.. [07:27] that is , after the install i can login to wordpress with the web frontend [07:28] twb: *nice* article. Now I feel there are many more RFC's I should read. [07:29] The one about terminology for RFCs and FRs is good. [07:30] RFC 2119 [07:30] Most of the are more technical, e.g. defining how SMTP and HTTP work. [07:31] maybe there is some need for ' how to ' , for example turnkey is a very easy way to setup , user friendly, bitnami tries to do something simular , but that too does not end up with an working setup, and yes, for beginners its difficult, ubuntu server could fill the bill, but its complicated .. [07:40] I am not interested in making things easy for the ignorant. [07:45] twb: a global company i've worked for uses '-' to name machines with - [07:45] eg: canonical-web01 [07:45] yeah [07:45] i can understand that [07:46] but easy can also mean better, now if you see easy as better, then you would agree i think .. :) [07:47] so the 1st (test) install of UEC I'm doing in a 2 node topology, I might name "syb-euc01"; Then "syb-node01" for the first Node Controller [07:50] syb: that's a role name, and it's not appropriate for the hostname. [07:50] syb: i.e. it should be a CNAME not an A [08:08] need help, had a blackout today while I was out (UPS also failed), servers bios is set to remain in power off after loss of power server is now running again and is shown on the network, but can not access the websites via the domain name, nore can I get access to the mail server part of it [08:08] what could be causing this problem? [08:14] shaggy2: maybe log into it and find out? [08:14] !mindreader [08:14] Stupid dumb bot :-/ === jamespage is now known as jpage === jpage is now known as jamespage [08:17] Hi. I have a 3ware raid card that I would like to check S.M.A.R.T status one each individual harddrive. 3ware output S.M.A.R.T info as hex values. What program can I use to decode this? [08:18] smartctl is used to read/write SMART data [08:19] Whether it can deal with random shitty fakeraid cards, I don't know. [08:19] IME it usually can't [08:21] Blinkiz: Look at smartctl's man page. [08:21] Blinkiz: Search for 3ware. [08:23] I have logged into the server but I am not sure what I am looking for, everything seems to be ok [08:24] soren, Thanks for the tip. Searching on the Internet, it seems I need some kind of 3w-xxxx driver loaded into kernel first. [08:26] soren, Nice.. I got it to work know. Thanks! [08:31] good morning [08:34] is there a command that will start all services, or show me what servers are running and what is not? [08:35] I ment, or show me what services are running and what is not? [08:35] services service --status-all [08:35] ty [08:44] Anyone else here currently have an AMD cpu running some VM's booted via libvirt? [08:44] On Maverick? [08:45] Do you mean amd64? [08:46] twb: This box I'm on is booted to i386 running an Athlon 64 X2 CPU [08:46] Why do you care what vendor? [08:47] I'm reading on the www.linux-kvm.org/page/FAQ that if hardware virtualisation is being used then the usage count of kvm_amd kernel module will be >0 [08:47] I was complaining earlier that my VMs booted via libvirt are running very slowly. Looks like they aren't using KVM. [08:49] Hum, OK [08:49] The cause is obvious, from this log file entry: "open /dev/kvm: Permission denied". However I fail to see the permissions problem [08:50] ls -l /dev/kvm [08:50] crw-rw----+ 1 root root 10, 232 2011-02-20 13:45 /dev/kvm [08:50] Who does virtd run as? [08:50] ps auxf | pastebinit [08:51] root is running "/usr/sbin/libvirtd -d" [08:52] but user '114' is running /usr/bin/kvm [08:52] grep 114 /etc/passwd tells me "libvirt-qemu" [08:53] twb: I'm doing this testing of building VMs today using a Maverick i386 LiveDVD to boot this host machine. [08:53] Perhaps you need to wangle that, then [08:54] ...so my fail might be just the occasional weirdness of permissions/ownerships of software installed into a LiveCD session. [08:57] twb: *thankyou* for your input. I reckon I best do my experimentation with VMs from a real install of Ubuntu instead of a LiveCD boot. [08:58] Shrug [08:58] Whatever man [09:12] New bug: #722505 in openssh (main) "openssh (1:4.7p1-8ubuntu2) hardy-proposed MISSES UPDATES FROM openssh (1:4.7p1-8ubuntu1.2) hardy-security" [Undecided,New] https://launchpad.net/bugs/722505 [09:27] need help, had a blackout today while I was out (UPS also failed), servers bios is set to remain in power off after loss of power server is now running again and is shown on the network, but can not access the websites via the domain name, nore can I get access to the mail server part of it. everything that is ment to be running is running, but I can't acces the sites or mail help??? [09:27] 19:14 shaggy2: maybe log into it and find out? [09:27] Ah, you asked about that. [09:28] I imagine you would be looking at /var/log/apache2/err.log or similar, and your process tree to see if it's running, etc. [09:28] I have logged in I have done service --status-all and checked that everything in running [09:28] I know nothing of service(8); that's a RHism [09:28] how do I check process tree? [09:28] ps auxf [09:31] wait I think I know what happened [09:32] I moved house recently, got my ISP to transfer my connection to the new place, and got an e-mail stating a new IP address. I called them about it they said that my old ip address will be transfered to the new account at the time of the new account getting activated [09:32] I bet the didn't change it [09:37] shaggy2: how are you getting in if it's using the wrong IP? [09:38] hi [09:40] cause the server is on my local network [09:41] Fair enough [09:41] In that case you can easily test if the IP is buggered [09:41] yeah I have, it's the new IP witch I didn't want, but then again maybe I should keep it, might stop the DoS attacks [09:42] i have a severe problem on a production 8.04 server after performing a regular update through aptitude...it updated the kerberos libraries and after rebooting the system cant find libkrb* (ls libkrb* gives a no such file or directory when resolving the symlinks to the actual versions) ... any idea how to recover? === ogra_ is now known as ogra [09:47] nope, sorry [09:47] i would say that i need to identify the exact package the contains kerberos libraries and try to update again, in case something went wrong while updating.... can someone point to a direction about finding this package? [09:47] shaggy2: just find out, "ip address" [09:48] shaggy2: that is, run the command ip with the argument address [09:49] vagy: libkrb53. rmadison -s hardy-updates libkrb53 outputs: libkrb53 | 1.6.dfsg.3~beta1-2ubuntu1.8 | hardy-updates | amd64, i386 [09:51] jmarsden: thanx man, i am on it [09:52] vagy: You're welcome [09:55] jmarsden: hm do you think this error (while running apt-get) is related to a filesystem crash? EXT3-fs error (device sda1): ext3_free_blocks: freeing blocks not in datazone [09:56] and the last error: EXT3-fs error (device sda1) ... : Journal has aborted ... oh my [09:56] hello [09:57] I have a locale prob with some � instead to have a correct caracter, what shloud I enter please? [09:57] vagy: I don't know, but that doesn't sound good to me... at all... but it is 2am here, I need to get some sleep, hopefully someone else can help you troubleshoot that. [09:57] jmarsden: ok, thanx a bunch! [09:57] vagy: No problem. === fceccon is now known as fceccon|a [10:53] hi again [10:54] for some filesystem crash reasons, i have trouble executing apt-get or aptitude (for instance /var/lib/dpkg/status cant be parsed, coz its damaged) .. is there a way to re-install apt-get and its dependencies for ubuntu 8.04 server? [11:02] okok [11:02] ubuntu dev's here? [11:02] lasst chance to comment on that https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/719333 [11:02] Launchpad bug 719333 in lvm2 "CLVM not locking LV's properly even when set to "exclusive"" [Undecided,Confirmed] [11:02] otherwise ubuntu is no server OS anymore [11:02] and i have to switch to RHEL or sth [11:02] unluckily [11:16] update: /var/lib/dpkg/status is backed up in /var/backups so using that resolves the broken status file problem (pheww) [11:18] hello. I wonder why ubuntu 8.04 and 10.04 have different hash functions to store same password on /etc/shadow . And still I can move users from one OS to the other without problemes, or I'll find in trouble one of this days? [11:25] update: my /var/lib/dpkg is severly f*ed up, now i have a missing available file .. which is repaired using this: sudo dpkg --clear-avail && sudo apt-get update [11:34] What would be the best way to block an IP? [11:37] nvm... ufw works [11:43] Hi. I would like to put in a Deny rule in ufw before my allow lines. Currently my new "deny" line is last in the chain and do nothing. Is it a way to put a rule line at the beginning of rule sets without deleting the pre existing ones? [11:52] MTecknology, put that ip on /etc/hosts.deny [11:52] marcriera: turns out that doesn't work; the binary isn't using libwrap.sop [11:53] Blinkiz: i made a nice little one liner for this :) [11:53] MTecknology, which binary? [11:53] while read ip; do ufw insert 1 deny from $ip to any; done < /etc/nginx/ips [11:53] marcriera: nginx [11:55] MTecknology, I do not use nginx myself, but this can be useful for you => http://www.cyberciti.biz/faq/linux-unix-nginx-access-control-howto/ [11:55] TWB: if you are still there just thought I would let you know that my ISP has corrected the issue and given me the IP Subnet mask I bought 2 years ago. bloody idiots [11:55] O [11:55] *OK [11:56] marcriera: i had been doing that; but i'm looking for higher than nginx level now - and i think ufw will work for this [11:57] I have a remote server with 10.04, is there any way to snapshot the HD before I do an upgrade , to be able to rollback in case some package like mysql does not upgrade well? [11:58] MTecknology, I can share my iptables management script with you if you want [11:58] my list of blocked ip's it getting a bit long... http://mteck.pastebin.com/ZJnF6YW0 [11:58] MTecknology, i never like 'Uncomplicated' stuff. It's like dreamweaver, is easy but you'll never know what its doing [11:58] marcriera: sure [11:58] could be fun [11:58] I used to do the iptables rules myself but just got kidna sick of it [11:58] let me 2 secs [11:59] hello world [11:59] is it posisble to set up ubuntu server using a network install? [12:00] !install [12:00] Ubuntu can be installed in lots of ways. Please see https://help.ubuntu.com/community/Installation for documentation. Problems during install? See https://wiki.ubuntu.com/CommonProblemsInstall - Don't want to use a CD? See http://tinyurl.com/3exghs - See also !automate [12:00] thanks [12:06] bye [12:07] MTecknology, I just opened a private session to send the files. [12:07] lovely - the installation from knoppix page was what I Was looking for [12:07] marcriera: I can't accept dcc connections [12:21] MTecknology, then, let me clean the script. ;) [12:24] MTecknology, http://paste.ubuntu.com/570021/ here it goes [12:27] does anyone know how to configure wireless net on a ubuntu headless server. i have the card installed but thats it [12:32] does anyone here know how to configure wireless on a headless ubuntu server === Kiall is now known as Kiall|AFK === Kiall|AFK is now known as Kiall === airtonix is now known as airtonix-compute === airtonix-compute is now known as airtonix === Kiall is now known as Kiall|AFK [13:19] hello === Kiall|AFK is now known as Kiall [13:20] i have one problem with ltsp, ubuntu server and AD [13:21] when i try to log in on the thin client and do mistake in password or user name (using AD user) the login screen show me something like that [13:21] basas@10.10.100.183's password: [13:22] it looks like the server searching a local account [13:24] can someone help me with this ? [13:26] i think that it can be done in pam.d but i dont know how [13:27] basas_: you see user@address onscreen only when you make a mistake in password? it's not clear [13:28] no i see this on every time when i put wrong user name or password [13:28] for example [13:28] good user name nad password everything works fine [13:29] good user name and wrong password i see basas@10.10.100.183's password: [13:29] and then if i put right password i can log in but system hang up on black screen (i think because i dont have this account localy) [13:30] basas_: so, yes, i believe you need to change PAM file(s) [13:31] i want to log in only with AD users [13:31] basas_: you should also look in /var/log/auth.log for guidance [13:31] can you help me what i should change in pam.d ? [13:32] basas_: it seems common, did you google 'pam active directory' [13:32] yes i google for two days and dont find answer [13:33] basas_: strange [13:33] here is solution but [13:33] https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto [13:33] i use likewise to connect to domain [13:33] not winbind [13:34] basas_: likewise is supposed to work [13:36] yes and it work but i dont want see this line basas@10.10.100.183's password [13:37] when student do mistake in username or password i want to back to login screen without this check of local user [13:38] basas_: but it doesn't work, you get a black screen when you put in correct credentials [13:40] yes but only if i put good user name next first time wrong password and second time good password [13:41] because i dont have this account locally [13:41] and then i have black screen [13:41] but when i put good user name and good password for first time everything works fine [13:46] ok i must go thank you for your help and i will be continue with pam and i've hope that i figure out this :) [13:46] bb [13:46] New bug: #722594 in puppet (main) "tlsv1 alert decrypt error" [Undecided,New] https://launchpad.net/bugs/722594 [13:46] basas_: like i said, i would do another test and check the logs to see what is happening, then look at pam [13:47] ok [13:47] ty you again [13:47] basas_: np, come back and let me know [13:48] smoser: around? [13:54] hi.. attempting to run Ubuntu under lxc, but are having problems with udev not being removable due to upstart depending on it.. (through mountall) [13:54] are there any workaround? [13:59] rawler: if you're on maverick or natty, you can leave udev in [14:00] rawler: if lucid, then the workaround is to install an upstart job which fakes the udev signals [14:00] new distro under lxc is maverick, upgraded from lucid.. (host is lucid) [14:00] if host is lucid, then you need the workaround [14:00] but look at /usr/lib/lxc/templates/lxc-ubuntu [14:00] it does the workaround you need [14:00] problem is that the apt-upgrade to maverick failed since udev is not allowed to create it's devices.. [14:00] yes [14:01] apart from pinning the udev package, i don't know the best solution [14:01] so ATM, I can't finish the upgrade due to "mknod: `/lib/udev/devices/ppp': Operation not permitted" [14:01] crap.. :S [14:01] well, well.. the container was pretty vanilla so I guess I can try to reinit it from Maverick.. [14:01] look up how to pin package versions, that should let you skip udev [14:02] rawler: yes, the reason it's not a big deal to ppl is that continers are usually somewhat throwaway, just xfer your data [14:02] but, it isn't possible to remove it? it seems superfluous to have udev and plymouth installed, when its never, ever used? [14:02] i don't know how to do it [14:02] oki.. [14:03] you might ask on #ubuntu or #ubuntu-devel (or keep asking here, someone else might know) [14:03] rawler: (but it is a holiday in the US) [14:03] rawler: btw, there is a #lxcontainers channel you might join too [14:03] yes.. I'll hold here, I think.. seems like mostly a server question.. [14:04] oh? on FreeNode? I did search for such group earlier when troubleshooting a different question.. [14:05] soren: ping [14:05] strange.. I search for *lxc* in all channels.. well, well.. :) [14:12] Anyone using openipmi? [14:15] raubvogel, many people use openipmi. [14:16] Daviey, I would expect so. I wanted to know how to enable it. What I am finding is that you have to manually do modprobe the required stuff even though it is officially supported by canonical [14:17] Also, it seems that openpmi has its own gui and command line interface and yet all examples I find through google show people using ipmitool [14:18] raubvogel, yes - that seems to be the case for me aswell. :/ [14:18] Makes me feel something is missing here [14:20] Or I am doing something wrong [14:21] hggdh: You rang, sir? [14:23] Daviey, which modules do you load? [14:24] * Daviey checks [14:26] raubvogel, hmm, something looks broken on mine... http://pb.daviey.com/WZzk/ [14:26] hmm, might be correct [14:26] You know more than I do ;) [14:26] i'll try another server in a bit. [14:27] Thanks [14:27] hallyn, Are you working on the libvirt and multipath-tools merge? [14:29] linuxtech: re mailman> should be today [14:29] ttx, Are you still tracking tomcat? [14:31] New bug: #722619 in ethtool (main) "Sync ethtool 1:2.6.37-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/722619 [14:31] New bug: #722621 in mailman (main) "Sync mailman 1:2.1.14-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/722621 [14:32] Hmm.. [14:32] Ah, I've just been reading netstat, Noticed that "Privoxy" is making a LOT of loopback connections on my server (all Time_wait) [14:32] Like.. 50-60+ [14:33] This seems to be new and.. kind of weird behavior [14:33] Perhaps some kind of configuration error ro..? [14:37] jdstrand, RE: mailman, is that a security update for lucid to close CVE-2011-0707 ? [14:37] Daviey: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707) [14:39] Daviey: hardy - maverick, yes. mdeslaur is working on it if you need more details [14:40] Daviey: oops. dapper - maverick [14:40] jdstrand, Oh no.. just wanted to check that one was in safe hands. :) [14:40] Daviey: yes, and CVE-2010-3089 also [14:40] mdeslaur: Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3089) [14:40] lovely... [14:48] soren: you are the admin for the server-qa team, and my membership is expiring... would you mind? [14:50] Daviey: a bit. But James does too. [14:51] Daviey: why? [14:52] ttx, I wondered if you were still active in debian maintainership. [14:53] Noticed a new upstream release in Debian, and wondered if you knew if it was 'risky' [14:53] jamespage, ^^ same question to you. [14:53] (tomcat6) [14:54] * jamespage takes a look at the detail [14:55] super [14:57] Daviey, is there a way in openipmi/ipmitool to identify a power supply if you have more than one? [14:57] redundant psus? thats always nice [14:58] compdoc, agreed. It took me a while to convince the powers-to-be that was a nice thing to have [15:00] I have a server I need to sell that has the ability, but I dont have a 2nd psu [15:01] its a monster sized box [15:01] Daviey: having trouble seeing *.apache.org at the moment for detail of upstream change logs [15:01] raubvogel, good question... I've never needed to do that... TBH, my ipmi usage is normally limited to power control and serial console.. I could look into it, currently really busy tho :( [15:02] jamespage, I struggle to see upstream changelogs for all apache projects.. that is nothing new :( [15:03] jamespage, axis2c is another good example :) [15:04] Daviey: no, holiday [15:04] Daviey: jdstrand gave me some feedback on the changelog. I'll hand it back to him after I integrate those [15:04] Daviey: he'll upload it hopefully tomorrow [15:05] as for multipath-tools, I have a package merged from unstable but would like it tested first [15:05] hallyn: I'm here today, so if you give it to me, I should be ablt to provide feedback, testing, etc [15:06] jdstrand: won't have it today, sorry [15:06] hallyn: but being it is a holiday, if it isn't ready, I'll still do it tomorrow like I said [15:06] sure [15:06] (but hopefully I"ll get my *&%( laptop doing ad-hoc networks) [15:06] Daviey: then again, maybe we should just uplaod the multipath-tools merge, and fix up bugs as they come... [15:06] Daviey: if you have time to review the merge, that'd be great [15:07] Daviey: it's at people.canonical.com/~serge/mp-sources.tgz (and mp-merge-sid.tgz for some built .debs) [15:08] hallyn, Totally forgot it was a holiday, sorry! [15:09] hallyn, If you have it in bzr, fancy pushing it there if you have a few moments? [15:11] can I use debootstrap to install ubuntu server? [15:11] what is the current code name then? [15:18] Daviey: it's at lp:~serge-hallyn/ubuntu/natty/multipath-tools/merge-sid/ [15:20] hggdh: Oh, sure. [15:22] hallyn, you are a rock star [15:22] hallyn, will have a look shortly... now get back to holidaying :) [15:22] jamespage, I was just looking at jython, were you planning a merge of this? [15:24] Daviey: jython -> antlr3.2 -> maven (MIR 70+) so not this cycle - see Java Library Housekeeping blueprint [15:24] jamespage, ahh, i think you did mention that one previously. [15:24] maybe once :-) [15:24] or thrice [15:27] Daviey: re tomcat6 - there is quite alot of upstream change between .28 and .32 (especially .30). [15:28] jamespage, sounds a little risky... did you find a changelog? [15:28] Daviey: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html [15:28] oo, thanks [15:31] Daviey: there are a couple of minor version upgrades on dependencies in .30 which make me a little uncomfortable. [15:31] jamespage, many bug fixes, but are you as scared by the size of it as i am? [15:31] Daviey: yep - its all good stuff but I'm not sure that its the right time in the release cycle to include the upgrade [15:32] jamespage, sounds good to me... (stay with current) [15:32] * jamespage notes that Debian have only just uploaded to unstable [15:32] yeah [15:33] sync early next cycle would be better me thinks [15:33] jamespage, agreed.. super, thanks for looking at it [16:05] marcriera: neat [16:07] hello! [16:07] can some one tray to help me with openvpn? [16:08] MTecknology, if you make improvements, remember to send them back :) [16:09] marcriera: sure thing [16:10] i'm using 8.04.3 server version since '06 [16:10] and i can connect without problem until maverick (client) [16:10] usseldridge: Impossible. 8.04 didn't come out until 2008. [16:11] Do you mean 6.06 instead? [16:11] before i use 6.04 [16:11] Okay :) [16:12] now, with nm i can connect but no ping (destination host unreacheble) [16:13] syslog on client report this: [16:13] http://usseldridge.pastebin.com/jeFcFe9J [16:19] and openvpn.log on the server report this: [16:19] http://usseldridge.pastebin.com/N7NMCvin [16:25] Daviey: hows you cloud-init? [16:26] jamespage, acceptable.. i've toyed with it, but i don't claim to be an expert [16:26] jamespage, Whyda ask? [16:26] Daviey: so I just need a guide on how todo something with it (have been looking at the ec2 automated testing today) [16:27] (as you probably guess, smoser is probably on a beach somewhere) [16:27] yep - no pong from him earlier - then I remembered.... [16:27] jamespage, We have some cloud-init recipies in awstrial.. perhaps that would be a good start? [16:27] Yep - started there - really helpful [16:27] awesome [16:28] jamespage, are you using boto or txAWS? [16:28] Daviey: boto - I really like it :-) [16:29] jamespage, yeah, boto is REALLY easy to get started with... the proof of concept for awstrial was really quick to hack together against my local Euca cloud [16:29] apparently txAWS is better, but boto i found easier to get started [16:29] Basically I want to run x python unit tests once the required packages have been installed; I can't figure out which option lets me drop a file into the instance without actually running it! [16:29] seems to do the job. [16:29] hi again - can anyone walk me through a grub installation? in the past I have tried it numerous times but it never worked. However now I want to have a system as close as possible to standard ubuntu and I am stuck on the knoppix install where setting up grub is in order. grub-install says "/dev/hda1 does not have any corresponding BIOS drive" so I ran grub-install --recheck /dev/hda1 which gave me a "no drive found, is /dev mo [16:29] so I am out of ideas. any help is appreciated [16:30] jamespage, hmm.. one moment [16:31] jamespage, can't you just cat it? [16:31] jamespage, ie, http://bazaar.launchpad.net/~awstrial-dev/awstrial/trunk/view/head:/awstrial/templates/cloud-init/personal-hello [16:31] Well I could.... - just looking for a neater way to drop this payload onto the server [16:32] jamespage, wget ? [16:33] jamespage, you could grab the file from the hudson server? [16:33] Daviey: I could also stick them in a bzr branch I guess [16:33] that is potentially cleaner, actually [16:33] especially if multiple files [16:33] trying not to tie it to much into Hudson - means you can run the test standalone before full automation [16:33] easier to track changes etc [16:34] * Daviey +1's a bzr branch [16:34] well its the way I want to take the iso testing - tests in a separate branch to the codebase. [16:34] OK - I'll take that approach then. [16:35] jamespage, hmm, pushing results back to hudson - how are you going to control credentials? [16:36] I'm gonna pull them - I generate a new key-pair for each test run so I can access the server over SSH. [16:36] I guess I could push the python, execute and then collate resilts. [16:37] jamespage, ahh, the tests publish their results in a YAML file or something - and you scp them? [16:37] That sounds secure and clean. [16:37] xml - so Hudson can parse it. [16:37] oh aye. [16:38] Sounds good to me! [16:38] so any recommendations for using SSH with python? I could drop to direct execution of commands but... [16:39] Paramiko is nice. [16:40] !info python-paramiko [16:40] python-paramiko (source: paramiko): Make ssh v2 connections with Python. In component main, is optional. Version 1.7.6-2 (maverick), package size 800 kB, installed size 7804 kB [16:40] jamespage, if you are just scp'ing one file - i'd probably shell out tbh [16:41] but otherwise, as Pici said - paramiko [16:41] cool - thanks for the advice; I need to monitor for the presence of the /tmp/done file as well so I'll take a look and see [16:42] jamespage, actually, seems there is a scp python module [16:43] hmm.. but not installed by default. [16:51] New bug: #722698 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.4-1ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/722698 [16:52] Daviey: how's usage on the test rig? [16:56] hggdh, would you be angry if i said i hadn't got to using it yet? [16:56] Daviey: not at all :-) [16:57] hggdh, oh good... well, i have to admit, i haven't got to it yet. [16:57] Daviey: no prob. Can I have one of the machines? [16:57] (I put the five of them for you) [16:58] hggdh, oh feel free - if two are still remaining that is enough for me. [16:58] hggdh, i don't want to block you, with my experimentations :) [16:58] Daviey: OK, I will take over sapodilla and soncoya; you can have (at least for now) mabolo, marula, and santol [16:59] hggdh, super, thanks [17:30] anybody tried today's ISO? [17:31] Hudson shows them all as failures, and -- trying manually -- I get "no kernel modules found" on start of d-i [17:37] hggdh, That can indicate the kernel is newer than the modules, which means that the iso was rolled before the modules were published in the archive [17:37] hggdh, I wouldn't worry too much, use the previous build; if the same happens with the build tomorrow - start worrying :) [17:38] Daviey: indeed, this seems to be it. I will wait for tomorrow before I yell [18:26] hey guys, are there any backports from Natty to Maverick, for php5? [18:26] looking for the compiled-in pcntl support that natty has for it's PHP5 deb [18:58] is /var/log/subsys a redhat thing or does ubuntu also have it? [19:17] raubvogel: never seen that on ubuntu === thesheff17|AFK is now known as thesheff17 [19:18] thesheff17, that's what I was thinking [19:28] how can I check to see if there are any backports from natty to maverick, for php5? [19:29] check the backports maverick depo [19:30] bah, the updated natty php hasn't been backported (checked using packages.ubuntu.com) [19:51] New bug: #722770 in openipmi (main) "openipmi: change lock file path since /var/lock/subsys/ does not exist" [Undecided,New] https://launchpad.net/bugs/722770 [20:04] Daviey, could I take a look at (a defanged version of) your ipmitool config file? [20:17] is there a program or script that will monitor the memory usage and display it as a line graph for a remote server? [20:18] I would like to store this info for a few days [20:19] realmatt: I have used zabbix.org for this. It is a huge monitoring tool but does work for what you are asking. [20:25] realmatt: munin, mrtg take your pit [20:28] I'm trying to configure our Postfix/Dovecot mail server for an SSL connection on the outgoing and incoming. I have a working configuration in the clear. [20:28] gethostbyname failure [20:28] connect:errno=0 [20:28] I get the above error when trying to openssl the mailserver:995 [20:28] thoughts? [20:29] can't lookup the dns name mailserver [20:29] it works if I use localhost [20:29] you really called your computer mailserver? [20:29] hmmm.. [20:30] it works if i use the domain but not the subdomain mail.us.com [20:30] heh? [20:31] no.. i abbreviated! hahah [21:17] New bug: #722815 in ntp (main) "apparmor prevents ntp from reading gpsd" [Undecided,New] https://launchpad.net/bugs/722815 [21:45] If I am running ipmitool locally, do I need to specify username and password? [22:01] how do I choose the fastest package mirror from the command line? [22:08] help im trying to setup l2tp over ipsec vpn server on ubuntu 10.04 with http://riobard.com/blog/2010-04-30-l2tp-over-ipsec-ubuntu/ can someone tell me that no [OK] for NAT/masquerading means FAIL? http://pastebin.com/d0kbNhZH [22:11] also, after installing sshd, I keep having ssh switch between providing two different ssh keys... does the system use a different key depending on the hostname used to access it or something? [22:14] Anyone know any good guides for setting up Cups? [22:14] I've got one of those Epson Photosmart MFD's and I would love to get network SCanning/printing going [22:18] Kind of a SOB thoug.. cant find much of anthing on the printer [23:28] I have a work network without domains. Just pcs with work groups. Working with a Windows 2003 Server. The server is old and I'm disliking windows. I want to upgrade the server. I'm looking at Ubuntu Server. Any thoughts?