[00:05] <knoxy> ivoks: hi
[00:06] <knoxy> ivoks: I've more problems with my mysql server ubuntu...
[00:06] <knoxy> somebody help-me... look at http://img132.imageshack.us/f/capturarod.png/
[00:06] <knoxy> the problem
[00:06] <knoxy> the load average is very high now
[00:06] <knoxy> and I dont know what is the problem..
[00:07] <knoxy> what's kblockd ?
[00:36] <DictatorZero> Hey, I was wondering if there was anyone on who wouldn't mind giving some advice on a ubuntu server install for a web server
[01:06] <pw-toxic> hi, can someone please help me to configure my samba server, so I windows7 users can access my public drives without having to prompt a username and password. I have now wasted ~1 hour configuring and reading about samba ;(
[01:06] <pw-toxic> I can already connect to ma shares with a certain user, but public shares dont work
[01:10] <pocketman> anyone have any experience with dyndns and subdomains?
[01:18] <pw-toxic> pocketman, i have a virtual host entry for each subdomain of my dyndns domain
[01:21] <pocketman> nm, got it. Thanks anyway!
[01:53] <Gadu> I changed out most of the hardware on my server machine and the new onboard LAN does not show up in 'ifconfig'. It does show up in lspci though.
[01:54] <Gadu> I tried a different LAN card and that was a no go as well (also shows up in lspci)
[01:54] <Gadu> interestingly enough, booting up a live CD with either of them plugged into a LAN cable results in it working
[01:54] <Gadu> but if I boot the Live CD with one plugged in and switch the cable to the other, it doesn't not function
[01:56] <Gadu> My assumption is that I need to change something on the currently installed OS but I'm not sure what
[01:59] <NicholasRoge> Anyone mind giving me a hand?  I"m running a server, and using ubuntu server as the OS.  But for some reason, I can't access the sql server from outside localhost.  Anyone mind helping me figure out why?  (I've already made sure to forward port 3306)
[02:08] <Gadu> nvm, the new cards are registered as eth2 and eth3 so I just changed /etc/network/interfaces and restarted networking =P
[02:09] <Gadu> NicholasRoge: did you have apache and phpmyadmin?
[02:10] <Gadu> that's probably the easiest way, and you'd just forward port 80 and not 3306
[02:10] <Gadu> then access it via <serverip>/phpmyadmin
[02:11] <Gadu> or the url if you have one
[02:13] <NicholasRoge> Sorry, had to step away from teh computer.  And I have phpmyadmin, but I'd like to be able to user MySQL Query Browser.
[02:14] <iggi> Himm, I keep getting this weird error. Whenever I install ubnutu 10.10 on a KVM guest it times out with the resolution of the repos, but continues just fine when I hit enter (which is supposed to cancel). Only happens on file 1 (looking up and retrieving) works fine for the others after I hit enter
[02:15] <Gadu> did you comment out "bind-address" in /etc/mysql/my.cnf ?
[02:16] <Gadu> make sure you set a root password for your mysql as well (if you haven't already)
[02:16] <NicholasRoge> Let me check
[02:18] <NicholasRoge> I need to comment out bind-address?
[02:18] <Gadu> yes
[02:18] <NicholasRoge> That would be the  problem.
[02:18] <NicholasRoge> Thanks.
[02:18] <Gadu> np ^_^ use sudo /etc/init.d/mysql restart after you comment it out
[02:18] <NicholasRoge> Of course.  :3
[02:18] <Gadu> XD
[02:20] <Gadu> when I started out, I rebooted a linux server for everything until I learned of the init.d magic haha
[02:20] <Gadu> so I like to include it just in case
[02:29] <Datz> ]Hi, I was wondering if anyone was here earlier when I asked about -virtual kernel?
[02:29] <Datz> my box had some issue.. and halted for about an hour..
[02:39] <Datz> eh
[02:40] <Datz> does anyone here use the -virtual kernel that could answer a few simple questions for me?
[02:46] <Datz> 1. if I use the -virtual kernel, will kernel updates be possible with aptitude safe-upgrade?
[02:47] <Gadu> Datz: I can't imagine a reason to prevent kernel updates through safe-upgrade with the -virtual kernel
[02:48] <Gadu> as long as you got the -virtual kernel from a repository, you'll get updates for it
[02:49] <Datz> Gadu: thanks, aptitude search shows a later -virtual kernel version than I have. and aptitude update/safe-upgrade both are up to date.. so to speak
[02:49] <Datz> thinks may not be installed as they should be on the box though
[02:50] <Gadu> install the later version via aptitude install for now
[02:50] <Gadu> if it continues to go up in version without updating, something is wrong indeed
[02:51] <Datz> the stange thing(or normal?) I noticed is if I purge the -server kernel package instead or "remove" it, I get kernel panic when the -virtual kernel is installed.
[02:57] <Gadu> try purging -server and installing the newer -virtual at once
[02:58] <Datz> ok, I can try that. Tried before and that's what gave me panic, but I'll create a snapshot and try again :)
[02:58] <Gadu> sudo aptitude purge linux-image-<version>-server ; sudo aptitude install linux-image-<version>-virtual
[02:59] <Gadu> doing it in 1 line will probably help
[02:59] <Datz> humm, ok let me try
[02:59] <Datz> so just leave the current -virtual installed?
[03:00] <Gadu> yes, until the new version is installed and tested
[03:00] <Datz> ok
[03:01] <Gadu> if I don't reply in a reasonable amount of time, just say my name (playing minecraft =P)
[03:01] <Datz> hehe, np thanks
[03:05] <Datz> ok, that worked, now let me try removing the old -virtual kernel
[03:08] <Datz> ok, purged the old virtual kernel too, everything is working
[03:09] <Datz> I don't know why this worked now, perhaps purging -server and installing the newer -virtual at once like you said?
[03:09] <Datz> anyway, thanks. :)
[03:11] <Gadu> more than likely and anytime XD
[03:12] <Gadu> if no1's around in here, try me in PM, might be on haha
[03:12] <Gadu> for the furture
[03:42] <Bilge> If I do `ufw deny from 74.115.0.0/24`
[03:43] <Bilge> Why can 74.115.0.10 still connect
[03:50] <jmarsden> Bilge: Is ufw enabled? :)
[03:54] <Bilge> Of course
[03:55] <Bilge> Is it possible that the allow rules are taking priority?
[03:56] <Bilge> Like being allowed to connect to a service from anywhere is given priority of being denied everything from somewhere
[03:56] <Bilge> It's definitely not working
[03:58] <Bilge> :(
[03:58] <Bilge> Someone is fucking hacking my shit and I can't ban them and it's quite frustrating
[03:59] <Bilge> I can keep banning each IP address one at a time but I'll have to do it 255 times before I've plugged it entirely
[03:59] <Bilge> Why is ufw being useless
[04:00] <Bilge> Or 253 or something since 0 and 255 are special I believe
[04:00] <Bilge> Some asshole owns an entire /24 subnet and I can't do anything about it immediately
[04:01] <iggi> Bah, I'm running into some issues with bad/hard to understand documentation for UEC
[04:02] <iggi> for the most part it is accurate, but it changes termonoligy it seems
[04:06] <jmarsden> iggi: File bugs against the docs.
[04:06] <Bilge> jmarsden: why might it not be working?
[04:07] <Bilge> This guy is totally taking the piss and hacking one of my services using every possible IP
[04:07] <Bilge> It's 4am and I am going to be up all night manually banning each IP
[04:07] <jmarsden> Bilge: Hard to know without a lot more work... what does  sudo ufw status     output (pastebin it)
[04:08] <Bilge> OK
[04:11] <iggi> jmarsden: Will do, it's a small name switch between a node and controller, but threw me for a loop
[04:12] <Bilge> /Noticed it
[04:12] <Bilge> I'm running the latest LTS
[04:12] <Bilge> ufw 0.30pre1-0ubuntu2
[04:13] <Bilge> Can't tell you how much I want to go to sleep right now, I'm supposed to be moving house tomorrow :(
[04:13] <jmarsden> BTW, to add 255 rules for all IPs in a Class C (which you should not need to do) would be a one line command: for i in $(seq 1 255) ; do sudo ufw deby 74.115.0.$i ; done   # or something close
[04:13] <Bilge> In bash you can do something like 1..255 and it expands it also
[04:13] <Bilge> But I don't have time to relearn all that
[04:14] <Bilge> And I would do it into my service's IP ban file (which can only ban one IP at a time) since ufw clearly isn't working anyway
[04:14] <jmarsden> Looks like the rule order may be the issue, to me.  ufw is working, you just don't understand it fully yet.
[04:15] <Bilge> OK but I wasn't aware that I could specify the order
[04:15] <Bilge> So to me that isn't working
[04:15] <Bilge> It just keeps appending new rules to the end
[04:15] <Bilge> Presumably giving earlier rules precendence; which is a weird system if that is how it is actually working
[04:16] <jmarsden> Rules are numbered, use sudo ufw status numbered to see that... sounds like you have not yet read the ufw man page??
[04:18] <jmarsden> "First rule that matches gets applied" is pretty common logic in firewall filters, isn't it?
[04:18] <Bilge> I've inserted it at the top now
[04:18] <jmarsden> OK, does it work better now?
[04:19] <Bilge> Time will tell
[04:19] <Bilge> Just banned about the 30th IP manually heh
[04:20] <jmarsden> Remove all the single ip rules and see if the rule order was the issue; if it was, you can relax and get some sleep.
[04:20] <Bilge> The single IP rules are in the service being attacked
[04:20] <Bilge> I turned to ufw to cut his range off since this crappy app only lets me ban single addresses
[04:21] <Bilge> Then was dismayed to realise it didn't work
[04:21] <Bilge> RTFM is a bit late when you're already being attacked heh
[04:21] <jmarsden> OK, so read your log files to see whether ufw (iptables) is now blocking the packets...
[04:21] <Bilge> Is it possible to configure `ufw status` to always output the rule number? It seems like a convenient and short piece of information, especially for deleting rules if not inserting them in the right order as well
[04:22] <Bilge> Which log file would tell me this?
[04:22] <Bilge> Looks like it is working now because he hasn't shown up again since inserting at the top
[04:23] <jmarsden> OK... you did do sudo ufw logging on, right?
[04:24] <jmarsden> If you did, the log entries should be in /var/log/messages by default (I think... my setup here is ... a little modified)
[04:25] <Bilge> I think logging is off
[04:25] <Bilge> That file is just full of --MARK-- lines
[04:26] <jmarsden> You are running a production server and "think" that logging is off? :)
[04:27] <jmarsden> sudo ufw loggin on    # will be a start
[04:27] <jmarsden> sudo ufw logging on    # will be a start  (with the g)
[04:30] <Bilge> Well I did `ufw logging` and it wouldn't tell me whether it was on or not
[04:30] <Bilge> So how am I supposed to check?
[04:30] <jmarsden> Just turn it on :)
[04:30] <Bilge> I've never had to mess about with ufw; I just use it to map services that I deploy
[04:31] <Bilge> And for that purpose it has worked adequately up until now
[04:31] <Bilge> I imagined that firewall logs would be verbose as hell
[04:31] <Bilge> Just a waste of disk space
[04:31] <Bilge> Anyway, is it possible to attach a note with rules so that I remember why I banned this subnet?
[04:32] <jmarsden> No, ufw is simple and small and doesn't easily let you do that.
[04:32] <Bilge> Shame
[04:35] <jmarsden> You can just add a short note about firewall configuration (and the output of sudo ufw status numbered) to your system admin log (assuming you keep one) for that server.  I suspect you could add a comment to the /etc/ufw/ufw.conf file, but that assumesyou will remember where that file is next time around :)
[04:38] <Bilge> lol yes
[04:38] <Bilge> I can see loglevel=off in that file
[04:38] <Bilge> What does it get set to if I just specify "on"
[04:38] <Bilge> It seems to expect low medium or high
[04:40] <jmarsden> low, I think.  try it :)
[04:40] <Bilge> Yes
[04:41] <Bilge> Don't see anything in /var/log/messages though
[04:42] <Bilge> I would extend ufw to support comments
[04:42] <Bilge> It would be useful for all rules
[04:42] <jmarsden> Go for it, it is open source :)
[04:43] <Bilge> Well I was looking to you obviously since even if I did modify the source it would only benefit me
[04:43] <jmarsden> No, you could upload the changes to bzr on Launchpad and request a merge in the usual way.
[04:43] <Bilge> And I think it makes sense to include the rule number in the status output by default and an option to enable or disable it by default instead of having separate command (parameters) for that
[04:44] <Bilge> Reason being that it conveys the importance of rule precedence more intuitively and makes rule deletion easier
[04:45] <Bilge> For your consideration; I'm going to sleep :)
[04:45] <jmarsden> OK.  Ah, try /var/log/ufw.log   when you wake up :)
[04:45] <Bilge> No such file
[04:47] <jmarsden> OK.  There's one here, and a few older rotated and compress versions of it, but that might be a local change I made, I forget.
[04:54] <atari2600a> hey
[04:54] <atari2600a> what's up w/ vbox support
[04:55] <atari2600a> When I realized the installer had a vm guest option, I tried it out & now I get dropped to initramfs
[04:55] <atari2600a> *BusyBox
[04:55] <atari2600a> whichever you prefer to call it
[04:55] <jmarsden> atari2600a: I have a feeling that options is for KVM virtualization, not Virtualbox, but I am not sure.
[04:56] <jmarsden> A normal Ubuntu server install should work fine inside virtualbox.
[04:57] <atari2600a> the wiki said the option's for most popular VM's, so I would assume vbox would count as that
[04:58] <atari2600a> & the Ubuntu-server as a guest OS entry, complete w/ vbox installation instructions is there too, including instructions to install as a VM guest from the bootloader
[04:58] <knoxy> hi all.. How the more recommended version of kernel to ubuntu as virtual machine (VMware ESXi) ? 2.6.x.x-server or 2.6.x.x-virtual ?
[04:59] <jmarsden> atari2600a: OK... I've just used the "regular" server install in virtualbox and had no issues... maybe wasting a little RAM, I suppose.
[04:59] <patdk-lap> knoxy, doesn't really matter, -virtual if it exists, for lucid though, it will just use -server though
[05:00] <knoxy> patdk-lap: Thanks
[05:00] <atari2600a> wait, found the problem, appearantly the minimal VM kernel doesn't support SATA
[05:00] <atari2600a> oops?
[05:00]  * atari2600a reconfigures
[05:01] <atari2600a> & I'm actually going for saving some RAM :P
[05:01] <atari2600a> poor, stuck w/ 2GB of DDR2
[05:01] <Datz> Gadu: thanks man, will do
[05:04] <atari2600a> ffffuuuuuuuuuuuu
[05:05] <atari2600a> why isn't nano installed by default
[05:05] <atari2600a> not everyone has the patience to boot into Vi D:
[05:16] <iggi> my server installs have nano by default and vi, but not vim. I cant use vi efficently, but vim, yes. First apt-get right there.
[06:08] <iggi> Can anyone help me with a UEC ssh key problem?
[06:35] <[biabia]> in unattended upgrades seems like it would be a good idea to automatically remove unused dependencies but the default is false.  also, by default it only dl's security updates, and doesnt reboot when needed unless enabled.  ok to change those 3?
[12:00] <RoyK> The short story "When sysadmins ruled the earth" from http://craphound.com/overclocked/download/ is a must for all good sysadmins :)
[12:22] <pw-toxic> hi,  i want my samba server to allow guest logins
[12:22] <pw-toxic> can someone please help me?
[12:22] <pw-toxic> i have wassted several h urs for this
[16:16] <bau-> hi all, i have a problem: i'm trying to install ubuntu server, but i can't connect to the internet with my wifi board (dlink)... any suggestion?
[16:54] <HalbergM> Hey everyone!
[16:55] <HalbergM> I have a very quick question if anyone would be so kind to answer. How do I find the public IP address for my server?
[17:02] <iggi> Anyone able to help me resolve a UEC key issue
[17:05] <NicholasRoge> If I CHMOD a directory to 777, is it possible for someone outside my website to upload things to it?
[17:36] <jmarsden> world-writeable directories are generally a bad idea from a security point of view.  You should not need to do that for a web directory.
[17:38] <EvilPhoenix> ^
[17:39] <thesheff17_> So I see this article w/ holes in the ubuntu kernel. http://www.zdnet.com.au/ubuntu-peppered-with-holes-339310663.htm  I patched my the server but the kernel version is  2.6.32-29-server...does this version patched for these problems?  The article recommends linux-image-2.6.35-25-server 2.6.35-25.44~lucid1.
[17:39] <EvilPhoenix> thesheff17_:  which distro you running?
[17:39] <EvilPhoenix> s/distro/version/
[17:39] <thesheff17_> lucid
[17:40] <thesheff17_> 10.04 LTS
[17:41] <EvilPhoenix> uhm...
[17:41] <iggi> If you need that kernel, 10.10 is on 2.6.35.25 if upgrading is plausable
[17:42] <EvilPhoenix> ^
[17:42] <EvilPhoenix> yeah, that kernel isnt on 10.04 LTS
[17:42] <thesheff17_> I need to stick w/ LTS
[17:42] <EvilPhoenix> or if it is, i dont see it in the list
[17:42] <thesheff17_> I see linux-image-2.6.35-25-server in the packages...but wondering if I should hold back.
[17:43] <EvilPhoenix> i'd say this: "Do you ABSOLUTELY NEED that kernel"?
[17:43] <EvilPhoenix> if no, then dont worry about it
[17:43] <RoyK> iggi: 2.6.35 is in Lucid
[17:45] <thesheff17_> I did apt-get install landscape-common linux-headers-server linux-image-server linux-server this doesn't get that latest version?
[17:45] <RoyK> seems linux-image-2.6.35-27-generic is the latest - couldn't find a -server package
[17:45] <thesheff17_> ah ok
[17:45] <RoyK> thesheff17_: apt-get update && apt-get dist-upgrade
[17:45] <Datz> thesheff17_: have you had a look here? http://www.ubuntu.com/usn
[17:45] <RoyK> the upgrade won't install 2.6.35, though
[17:52] <Datz> that's odd.. looks like 10.04 is abandoning the 2.6.32 kernel, or at least not providing fixes for it? http://www.ubuntu.com/usn/usn-1083-1
[17:58] <thesheff17_> So I just did apt-get install linux-image-2.6.35-25-server and uname -a uses Linux vm020 2.6.35-25-server any reason not to do this?   Is there a reason there is a miss match?
[17:58] <RoyK> thesheff17_: if you're already in 2.6.35, never mind
[18:04] <Datz> RoyK: does that mean that 10.04 users should upgrade to the 2.6.35 kernel?
[18:05] <RoyK> Datz: AFAICS, yes
[18:05] <Datz> ah, k thanks
[18:05] <RoyK> Datz: and AFAICS the article at ubuntu.com says this is done automatically
[18:05] <EvilPhoenix> RoyK, i wish, it hasnt been done yet to my servers running 10.04 :/
[18:05] <Datz> ok, well I'll have to wait and see, as I haven't see that yet
[18:06] <RoyK> EvilPhoenix: try an apt-get upgrade && apt-get dist-upgrade
[18:06] <RoyK> the dist- part will take it to a new subversion, which may help
[18:06] <EvilPhoenix> cant.  upstream issues from my current locatoin to my server cant let me ssh in
[18:06] <EvilPhoenix> ah... i see...
[18:23] <iggi> I'm trying to setup UEC, and I followed the documentation, but something seems to be wrong with the key setup. I get the error "INFO: We expect all nodes to have eucalyptus installed in //var/lib/eucalyptus/keys for key synchronization." followed by errors stating node-cert.pem, cluster-cert.pem, and node-pk.pem are missing. I looked and cannot find where in the documentation it mentions
[18:23] <iggi> setting up any of these keys.
[18:26] <Datz> RoyK: apt-get upgrade && apt-get dist-upgrade doesn't have any new updates for me. :|
[18:27] <Datz> oh well :P
[18:27] <Datz> I guess I could always install the 2.6.35 kernel manually :)
[18:42] <RoyK> Datz: try that
[18:50] <Datz> will do, thanks
[18:54] <thesheff17_> Datz: any reason that 2.6.35 isn't set to the latest kernel for lucid?
[18:56] <thesheff17_> I also just tried ksplice...which seems nice but also reports 2.6.32-29.58-server is the latest version
[18:56] <Datz> thesheff17_: I was wondering that myself actually
[19:14] <pmatulis> Datz + thesheff17_: the 2.6.35 kernel is not a lucid kernel.  it's the maverick kernel that people have the *option* to install
[19:15] <thesheff17_> pmatulis: This article recommends linux-image-2.6.35-25-server for lucid which is confusing... Does the latest kernel for lucid address these problems in this article? http://www.zdnet.com.au/ubuntu-peppered-with-holes-339310663.htm
[19:17] <RoyK> thesheff17_: those are fixed in 2.6.35
[19:18] <thesheff17_> RoyK which is only for maverick?
[19:21] <pmatulis> thesheff17_: don't believe everything you read
[19:21] <pmatulis> thesheff17_: just upgrade to the latest .32 kernel and you'll be fine
[19:23] <thesheff17_> pmatulis: haha ok good :)
[19:24] <pmatulis> thesheff17_: most of those things are even covered by the .31 kernel
[19:24] <pmatulis> thesheff17_: see http://www.ubuntu.com/usn/usn-1074-2
[19:37] <Datz> pmatulis: this seems to suggest to update to 2.6.35 http://www.ubuntu.com/usn/usn-1083-1
[19:41] <Datz> or is that if you are already using 2.6.35...
[19:41] <Datz> that might make sense :)
[19:44] <pmatulis> Datz: you have to actually read the page.  see what is affected
[19:45] <Datz> well yea
[19:55] <Datz> I'm still not 100% clear :P
[20:09] <iggi> anyone know how to change the port eucalyptus uses for rsync/scp/ssh? I don't use a standard port and it is failing every time.
[20:11] <thesheff17_> iggi: wish I just had hardware to test eucalyptus :-/
[20:12] <iggi> thesheff17: 1 virtualization enabled computer. e.g.- $200 AMD Athlon X2. CC goeso n a vm inside node.
[20:16] <thesheff17_> iggi: so the virtualization of the processor will carry over through the virtual machine?  Are you using virsh?
[20:17] <iggi> thesheff17_: I have a correct setup, but you can test it by throwing down a machine with ubnutu+kvm-qemu+libvirtd then run the CC on a vm
[20:23] <thesheff17_> iggi: did you have to do something special for it?  I just got This hardware does not support virtualizatoin acceleration.  This is on the virtual machine.
[20:23] <thesheff17_> iggi: ah the install just continued on..cool
[21:34] <pmatulis> Datz: what's your question then?
[22:16] <iggi> Anyone know why I would get a internal server error when I go to http://<cloud-ip-address>:8773/services/Eucalyptus on my UEC server? I get the error: "16:55:25 ERROR [NioServerHandler:New I/O server worker #1-10] Internal Error. com.eucalyptus.ws.server.NoAcceptingPipelineException"
[22:21] <iggi> appears to bea similar bug here: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/519062
[22:43] <rnigam> hello
[22:43] <rnigam> test 123
[22:44] <guntbert> rnigam: don't test here please, there exists #test
[22:45] <rnigam> Just installed ubuntu server on the latest Dell boxes with new AMD Opterons
[22:45] <rnigam> Planning to create a virtualized environment.
[22:45] <rnigam> Any suggestions on tools?
[22:45] <iggi> kvm, libvirt, eucalyptus
[22:46] <rnigam> what about virt-install?
[22:47] <rnigam> I am not sure which package has it on the server version or if it is still supported
[22:47] <rnigam> apt-get install python-virtinst returns nothing
[22:48] <rnigam> oh yes i have decided to use KVM and already have kvm and libvirt
[22:51] <rnigam> any word on  virt-inst package anyone?
[22:55] <Datz> pmatulis: I was unsure after reading http://www.ubuntu.com/usn/usn-1083-1 whether or not I should upgrade to 2.6.35-* from 2.6.32-29
[22:55] <Datz> or if 2.6.32-29 is patched and safe to use. That is all. ;)
[22:58] <rnigam> iggi: what is the best tool to create kvm virtual machines?
[22:59] <jmarsden> rnigam: https://help.ubuntu.com/community/KVM/CreateGuests
[23:01] <rnigam> jmarsden: Thanks. That should get me going for now.
[23:01] <jmarsden> rnigam: You're welcome.  It is part of a whole set of KVm related wiki pages, see the nav items under the main title on that page.
[23:08] <iggi> rnigam: virt-manager?
[23:09] <rnigam> jmarsden: Yes I see that. Thanks Again. The only problem is that While i was going through the KVM wiki I came across a tool called virt-install which turned out to be obsolete in this server version. I have decided to go by the last edited time on every page from hereon.