[00:10] <jeeves_moss> how do I set up an internal DNS?
[02:29] <io_error> Good evening, do the EC2 AMI images work with pvgrub?
[03:11] <kaushal> Hi
[03:12] <kaushal> I have planned to use 10.04 LTS for setting up Gateway in my office
[03:12] <kaushal> what should be the hardware configuration and what all recommended applications are needed ?
[03:26] <io_error> Do the  official EC2 AMI images work with pvgrub?
[04:05] <axisys> how do I setup a NAS on ubuntu server? I have a 1TB WD usb storage that I attached to my ubuntu server .. I like to make it accessible from all of the other computers (mac and linux) .. kind a like a private dropbox
[04:08] <rnigam> hello everyone, I have a netperf question. I am trying to set the socket buffer size on sender and reciever side using -m and -M and the buffer size actually doubles when i run the netperf command. I am  running netperf on Maverick. Please direct me to the right channel if this should not be here. Thanks.
[04:08] <axisys> ok i mounted the usb storage like this
[04:08] <axisys> /dev/sdb1 on /mnt type vfat (rw)
[04:08] <axisys> how do I make sure it sticks a reboot?
[04:09] <io_error> axisys: Add an entry into /etc/fstab
[04:09] <axisys> in other words what should the /etc/fstab look like?
[04:09] <axisys> io_error: :-)
[04:09] <io_error> axisys: Something like this: /dev/sdb1 /mnt vfat defaults 0 0
[04:10] <axisys> io_error: thanks
[04:11] <axisys> ok so this worked ..
[04:11] <axisys> /dev/sdb1       /storage        vfat    rw      0       0
[04:11] <axisys> io_error: thanks a lot
[04:11] <io_error> axisys: as long as it works :)
[04:12] <axisys> i guess now I have to find out how to share it over the network so my mac mini to rw to it
[04:12] <io_error> axisys:  have you the GUI installed?
[04:13] <axisys> io_error: on the ubuntu server?
[04:13] <io_error> axisys: right
[04:13] <axisys> io_error: no .. just cli
[04:13] <axisys> but i can x11 over ssh if necessary .. after all they all are hanging off of my linksys router
[04:14] <io_error> axisys: hm, first need to install samba... like apt-get install samba4
[04:15] <axisys> io_error: hmm.. mac does not read nfs?
[04:15] <io_error> axisys: sure you can do NFS to the Mac, but Windoze will not like it
[04:16] <axisys> io_error: i have no windows.. just mac ppc and ubuntu
[04:16] <io_error> oh, well just set up NFS and forget about that samba junk :)
[04:16] <axisys> io_error: yep.
[04:16] <axisys> how do I share the storage folder ? in solaris i could run share
[04:17] <axisys>  /storage is where the usb device mounted
[04:17] <io_error> axisys: Add a line in /etc/exports ... example: /storage *(ro,insecure,all_squash)
[04:18] <axisys> io_error: oh ok.. thanks
[04:18] <io_error> axisys: it works pretty much the same as solaris /etc/exports
[04:20] <io_error> Does the official EC2 AMI work with pvgrub?
[04:25] <axisys> io_error: what does insecure and all_squash do?
[04:26] <shadow42085> hi
[04:26] <io_error> axisys: They're in the man page :) mainly just makes the export REALLY read-only and locks it down a bit more
[04:27] <io_error> axisys: if you want it writeable you'll have to put in different options anyway
[04:28] <shadow42085> I need to know which free control panel for websites are
[04:28] <shadow42085> ththe easiest to use
[04:28] <shadow42085> sorry bout the double
[04:30] <io_error> shadow42085: there really aren't many that are good AND free
[04:30] <shadow42085> well I was considering webmin but it's obsolete
[04:30] <io_error> shadow42085: The only free one I can think of offhand is ispconfig, but it's been a long time since I looked at that
[04:31] <shadow42085> I think i have seen it but never used it
[04:31] <io_error> shadow42085: In any case if you want to set up web hosting software, the absolute best place to go is webhostingtalk.com forum
[04:32] <io_error> cPanel is king in web hosting, because it's very good, but you also have to pay for it
[04:32] <shadow42085> i know cPanel I have used it before
[04:32] <shadow42085> when I used free hosting
[04:33] <io_error> Well I finally found the answer to my own question. The official EC2 AMI images are already using pvgrub.
[04:33] <shadow42085> but I am using an old server that I am tinkering with
[04:35] <io_error> shadow42085: I think cPanel has a free trial, but if you insist on free stuff then I suggest you check out the WHT forum for more ideas
[04:35] <shadow42085> ok
[04:55] <shadow42085> i will just go back to webmin it was the easiest
[04:55] <axisys> io_error: failing to mount it on nfs client
[04:55] <axisys> sudo mount -t nfs4 192.168.1.106:/storage /mnt
[04:55] <axisys> mount.nfs4: mounting 192.168.1.106:/storage failed, reason given by server: No such file or directory
[04:55] <io_error> axisys: Did you kick the NFS server?
[04:55] <axisys> sudo exportfs
[04:55] <axisys>  sudo exportfs
[04:55] <axisys>  /storage        192.168.1.0/24
[04:55] <io_error> axisys: Restart the nfs server, and if that doesn't work, kick it for real :)
[04:55] <io_error> Oh, and make sure /storage exists and it's mounted :)
[04:55] <axisys> sudo /etc/init.d/nfs-kernel-server restart <-- run that
[04:55] <io_error> anything in the log?
[04:55] <axisys> My Stuff
[04:55] <axisys>  /storage$ ls
[04:55] <axisys>  My Stuff
[04:57] <axisys> io_error: nfs server log
[04:57] <axisys> io_error: http://pastebin.com/iV9ZmN55
[05:03] <axisys> some people suggested to disable ipv6 during boot to fix it. from 2010
[05:03] <axisys> hmm
[05:05] <axisys> /dev/sdb1 on /storage type vfat (rw)  <-- could the vfat be a problem?
[05:05] <axisys> i am trying to nfs share the usb drive..
[05:07] <io_error> axisys: no, errno 97 is address not supported by protocol. You can try blacklisting ipv6 if you aren't using ipv6 on your home network.
[05:07] <io_error> axisys: add "blacklist ipv6" to /etc/modprobe.d/blacklist.conf and reboot
[05:14] <axisys> ok.. my irc is running on the nfs server.. any way to avoid reboot ?
[05:38] <axisys> ok i am taking the path of samba
[05:40] <axisys> i see the folder .. but cannot write to it
[05:42] <axisys> drwxr-xr-x 4 root root 16384 1969-12-31 19:00 /storage .. i think i need to change it to nobody.nogroup .. but it is failing
[05:42] <axisys> sudo chown nobody.nogroup /storage
[05:42] <axisys> chown: changing ownership of `/storage': Operation not permitted
[05:43] <axisys> this is how storage is mounted
[05:43] <axisys> /dev/sdb1 /storage vfat rw,relatime,fmask=0022,dmask=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 0
[05:43] <axisys> i guess i need to add switches in the mount option to make it nobody, ngroup
[05:51] <io_error> axisys: You'll need the uid= and gid= options in /etc/fstab, and you also need to set a user mapping in /etc/exports
[06:57] <shadow42085> I am having CA problems now
[06:58] <shadow42085> !pastebin
[07:02] <shadow42085> is there anyone still here?
[08:10] <m_tadeu> hi everyone....does anyone know how can I verify if a udp package is being forwarded from a router to a server?
[08:20] <jjohansen1> m_tadeu: any other machine on the local network can watch all the packets using packet sniffing, look at wireshark or similar tools
[08:22] <m_tadeu> jjohansen1: thanx...I'll take a look at it
[10:20] <alex88> hi guys..someone ever used portknocking?
[10:38] <SpamapS> alex88: long ago I did.. had a script that would tail my deny logs.
[10:48] <alex88> SpamapS: sorry for late answer..but i'm thinking..you need to knock the right ports in the right sequence?
[10:48] <alex88> will any error need you to restart the attempt?
[10:49] <SpamapS> alex88: yeah the idea is you have a script on your laptop/phone/whatever that just hits the sequence of ports and then the FW allows traffic from your IP
[10:51] <alex88> SpamapS: yeah i know the idea..my thought was that if someone will syn scan the full port range it will hit the ports
[10:54] <SpamapS> alex88: the sequence is exact
[10:55] <SpamapS> alex88: if one port arrives that isn't in the seq, you assume that is not the right knock
[10:58] <alex88> SpamapS: so you have to restart from the beginning?
[10:59] <SpamapS> alex88: of course, otherwise as you say portscans would have a good chance of hitting your knock
[11:01] <alex88> SpamapS: that was my doubt.. thank you very much :)
[11:02] <alex88> oh, last one..how can portknocking be encrypted?
[11:02] <SpamapS> alex88: its a random sequence of numbers.. its already a key
[11:02] <alex88> i mean, if you sniff you see serveral tcp syn.. but those can be replayed..
[11:03] <SpamapS> alex88: you could use a OTP system, meaning you can only use one knock one time
[11:03] <SpamapS> and just pre-share a list of knocks
[11:03] <alex88> yeah read about that..but in this http://www.portknocking.org/view/knocklab/knock_lab it seems it just encrypt the config
[11:05] <SpamapS> alex88: I stopped using port knocking because it was a PITA to use on public terminals..
[11:06] <alex88> pita?
[11:06] <SpamapS> alex88: I found it was easier to simply carry public keys (1 privileged, one non-privileged) and disable password auth for SSH.
[11:06] <SpamapS> PITA = Pain In The Arse
[11:06] <alex88> lool ok :)
[11:07] <alex88> well sure for the ssh security :) for now i've that enabled when  you connect to vpn
[11:07] <SpamapS> same story for VPN really..
[11:07] <SpamapS> certs.. ssh.. whatever it is
[11:07]  * lool pops up
[11:13] <alex88> yup..
[14:13] <soren> ScottK: Re bug 741616.. It's already in the queue, as it turns out.
[14:13] <ScottK> soren: OK.  I'll try and have a look a bit later then.
[14:14] <soren> ScottK: Ta very much.
[14:19] <shadow42085> i can't seam to get auth login and auth=login in a dovecot-postfix setup
[14:21] <shadow42085> any ideas
[14:25] <al-maisan> hello there! I am installing ubuntu server on a system that uses LVM, what device should should I specify to grub-install?
[14:26] <al-maisan> the installer suggests "/dev/mapper" and the LV group is called "VolGroup00"
[14:26] <shadow42085> i can't seam to get auth login and auth=login in a dovecot-postfix setup any ideas?
[14:38] <shadow420> I am trying to setup a mail server using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[14:40] <shadow420> !mailserver
[14:42] <zul> hallyn: have you seen this before? with lxc and libvirt? https://bugs.launchpad.net/nova/+bug/749973
[14:45] <hallyn> zul: no.  how does it determine video type?
[14:45] <hallyn> does it try any ioctls?  I'm wondering whether the devices namespace is to blame
[14:45] <shadow420> I am trying to setup a mail server using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[14:50] <Webbb> #ubuntu-fi
[14:51] <al-maisan> when  installing ubuntu server on a LVM system: can the /boot partition be inside the the LVG as well or do I need to keep it on a normal (i.e. non-lvm) partition?
[14:55] <hallyn> zul: you know, now that i've got lxc-clone with lvm, i just can't stand the delay any more in starting cloud instances to test a bug :)
[14:59] <MTeck> I'm trying to copy only a specific set of files that could be buried pretty much anywhere. I'm trying to do it with something like this...    rsync -auz --delete --include "*/" --include "*.[Pp][Nn][Gg]" --include "*.[Dd][Oo][Cc]" --exclude "*" /source/ /dest   but that seems to grab everything
[14:59] <RoAkSoAx> morning all
[15:00] <MTeck> Any thoughts about what I'm doing wrong?
[15:07] <kirkland> RoAkSoAx: hiya
[15:07] <kirkland> RoAkSoAx: made it back okay?
[15:07] <kirkland> RoAkSoAx: how did the talk go?
[15:09] <shadow420> I am trying to setup a mail server using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[15:10] <RoAkSoAx> kirkland: it went well
[15:10] <RoAkSoAx> kirkland: yeah made it back alive... left hotel 9.30am arrived miami 10.30pm
[15:10] <RoAkSoAx> got delayed in dallas
[15:11] <hallyn> zul: (reminder) can you push the new lxc package?
[15:11] <kirkland> RoAkSoAx: bummer
[15:11] <kirkland> RoAkSoAx: we got a little feedback on cobbler ppa packages, https://bugs.launchpad.net/bugs/741661
[15:12] <shadow420> I am trying to setup a mail server using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[15:12] <kirkland> RoAkSoAx: looks like those packages are better, but there's a new exception
[15:15] <RoAkSoAx> kirkland: i'll look at it in a bit. I also have the patch for the hardlink thing, but have to test it first
[15:15] <kirkland> RoAkSoAx: i want to get something uploaded today
[15:15] <kirkland> RoAkSoAx: let's get it to a point where it's definitely better than what was there
[15:15] <kirkland> RoAkSoAx: and upload
[15:15] <kirkland> RoAkSoAx: and continue working on next issues
[15:15] <RoAkSoAx> kirkland: ok cool, I'm about to test the patch and will upload to PPA
[15:15] <kirkland> RoAkSoAx: at that point, I suggest we get that into the archive
[15:16] <kirkland> RoAkSoAx: and then keep burning down other issues incrementally
[15:17] <shadow420> I am trying to setup a mailserver using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[15:20] <RoAkSoAx> kirkland: so better, yet, upload what's in PPA now, and from there I'll apply the hardlink patch
[15:20] <RoAkSoAx> so we have something functional right now
[15:20] <th0mz_> is ther a way to reload network only on 1 interface and not all please ?
[15:21] <th0mz_> i changed a few things in the interfaces file, but ifdown & ifup doest seems to apply changes.
[15:23] <semiosis> th0mz_: i think 'service network-interface restart INTERFACE=???' will do it
[15:23] <zul> hallyn: yep
[15:24] <th0mz_> thanks semiosis
[15:26] <kirkland> RoAkSoAx: good, i agree
[15:27] <kirkland> RoAkSoAx: i might wait for SpamapS to come online this morning
[15:27] <shadow420> I am trying to setup a mailserver using postfix/dovecot but when I telnet into it and test it and don't see auth login and auth=login any ideas?
[15:27] <kirkland> RoAkSoAx: he offered on Friday to take a look and do a quick round of testing
[15:27] <RoAkSoAx> kirkland: yeah, cause the new issue that was reported on bug #741661 might also be something related to upstream?
[15:28] <shadow420> um excuse me?
[15:30] <kirkland> RoAkSoAx: right
[15:30] <kirkland> RoAkSoAx: i don't know what that error means
[15:30] <kirkland> RoAkSoAx: we might need to jump in #cobbler and ask
[15:34] <RoAkSoAx> kirkland: i think it is an issue when trying to edit kickstarts
[15:34] <kirkland> RoAkSoAx: perms/owners on a dir in /var/lib/cobbler, i bet
[15:49] <zul> hallyn: lxc-fix-3bugs lxc-clone and fix-template-syntax?
[15:50] <hallyn> zul: lxc-clone should not be in there
[15:50] <hallyn> lxc-fix-3bugs does have 3 fixes though
[15:51] <hallyn> and that's the branch, yes
[15:51] <hallyn> much as I'd like to get lxc-clone in there, I think skaet would have my head :)
[15:51] <zul> ack
[16:13] <zul> hallyn: done
[16:14] <hallyn> zul: thanks!
[16:15] <zul> hallyn: have you seen this error before with lxc and libvirt before: https://bugs.launchpad.net/nova/+bug/749973
[16:16] <hallyn> zul: no.  do you know what nova does to check display?
[16:16] <hallyn> zul: my guess is it's because of the devices namespace
[16:16] <hallyn> uh, cgroup
[16:17] <hallyn> zul: can you reproduce it?
[16:17] <hallyn> if you can, try doing so with a container where all of the 'cgroup.devices.*$' entries in the config are commented out
[16:17] <hallyn> ah, no
[16:18] <Kartagis> hello
[16:18] <zul> hallyn: i havent been able to but ttx can
[16:18] <Kartagis> 2011-04-04 15:14:36 IMAP(bilgi): Error: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/bilgi
[16:18] <Kartagis> 2011-04-04 15:14:36 IMAP(bilgi): Fatal: Namespace initialization failed
[16:18] <Kartagis> 2011-04-04 15:16:21 imap-login: Info: Aborted login (auth failed, 3 attempts): user=<bilgi@bilgisayarciniz.org>, method=PLAIN, rip=184.82.40.118, lip=184.82.40.118, secured <--- could this be why I am unable to login?
[16:18] <hallyn> zul: what is major:minor for /dev/nbd12 ?
[16:18] <hallyn> zul: I suspect you need to add those to the devices cgroup
[16:18] <hallyn> (to the whitelist that is)
[16:18] <zul> ttx: ^^^
[16:19] <ttx> yep?
[16:19] <hallyn> so add something like:
[16:19] <zul> hallyn: hmm how do you do that?
[16:20] <ttx> hmm, I need to reinstall to further test. Maybe comment on the bug, the original poster might get the info to you faster than I do
[16:20] <hallyn> lxc.cgroup.devices.allow = b 43:* rwm
[16:21] <hallyn> commented
[16:22] <zul> ttx: we were just disccusing that lxc libvirt bug
[16:22] <zul> you were able to reproduce it at one point right?
[16:23] <ttx> yes.
[16:23] <ttx> before natty blew up my test laptop.
[16:23] <ttx> zul: I followed your wikipage.
[16:23] <ttx> i suspect the poster of the bug did, too.
[16:24] <ttx> zul: maybe the instructions are missing a critical step.
[16:24] <zul> hallyn: this is using libvirt exclusively
[16:25] <parkdriver> I currently have a clean install of ubuntu server 10.04.2 LTS but I read about ubuntu 11.x being released this month
[16:25] <parkdriver> worth the upgrade or should i keep the 10.04.2 LTS?
[16:27] <zul> ttx: it might be...ill try to reproduce it locally
[16:27] <ScottK> soren: Done.
[16:27] <hallyn> zul: but libvirt still uses the devices cgroup
[16:28] <hallyn> zul: where is your wiki page?
[16:28] <zul> hallyn: http://wiki.openstack.org/LXC
[17:01] <zul> kirkland: are you going to patch cobbler for the bug just opened?
[17:01] <kirkland> zul: yes, RoAkSoAx and I are working on it
[17:02] <kirkland> zul: we have a package in a PPA for testing
[17:02] <zul> k
[17:04] <RoAkSoAx> kirkland: Ok, so had to change the patch for hardlink as the hardlink we have in Ubuntu is different that the one in fedora (now testing)
[17:05] <kirkland> RoAkSoAx: k
[17:06] <Kartagis> hello
[17:06] <RoAkSoAx> kirkland: ok I'm ready to upload to ppa, do you want me to add a ~ppa2 changelog entry, or just modify the ~ppa1 and but it to ~ppa2?
[17:06] <Kartagis> can anybody be so kind to tell me why I can login to horde but to imp?
[17:06] <kirkland> RoAkSoAx: do the latter
[17:21] <RoAkSoAx> kirkland: done
[17:22] <jjohansen> hggdh: any results on the test yet?
[17:22] <hggdh> jjohansen: they failed, seemingly the same error
[17:22] <rnigam> hello everyone, I have a netperf question. I am trying to set the socket buffer size on sender and reciever side using -m and -M and the buffer size actually doubles when i run the netperf command. I am  running netperf on Ubuntu Maverick Server. Please direct me to the right channel if this should not be here. Thanks.
[17:22] <jjohansen> hggdh: hrmm interesting
[17:24] <jjohansen> hggdh: so kvm can't be launched at all or only from eucalyptus?
[17:25] <hggdh> jjohansen: I do use kvm on natty, on my laptop; on this machine it is only via euca
[17:25] <patdk-wk> Kartagis, imp uses imap auth, horde uses any auth you want
[17:25] <jjohansen> hggdh: can you try launching a plain kvm instance on the machine in question?
[17:25] <Kartagis> patdk-wk: I set horde to use IMAP auth
[17:26] <patdk-wk> are you sure the imap auth settings for horde and imp are the same?
[17:26] <patdk-wk> I would just tell horde to use imp auth
[17:26] <hggdh> jjohansen: will try; right now, though, I am in the middle of a lucid proposed kernel test (that is also failing)
[17:27] <jjohansen> hggdh: well thats not good :(
[17:27] <Kartagis> patdk-wk: yes
[17:27] <hggdh> jjohansen: heh. Tell me about it...
[17:49] <shaggy2> I need help, I am trying to set a static ip on my ubuntu server 10.10 it came out with error this error
[17:49] <shaggy2> sudo /etc/init.d/networking restart
[17:49] <shaggy2>  * Reconfiguring network interfaces...                                                                       SIOCDELRT: No such process
[17:49] <shaggy2> SIOCADDRT: No such process
[17:49] <shaggy2> Failed to bring up eth1.
[17:50] <shaggy2> when I do ifconfig I get  eth1 and eth1:2
[17:50] <pmatulis> shaggy2: maybe pastebin your interfaces file
[17:50] <shaggy2> ok whats the link for pastebin? never used it
[17:52] <webb> Hi
[17:53] <webb> Anyone here is an expert with installing WEBMIN?
[17:53] <shaggy2> http://pastebin.com/BSWTLHQN
[17:53] <SpamapS> !webmin
[17:53] <SpamapS> webb: ^^
[17:54] <SpamapS> webb: try ebox
[17:54] <SpamapS> or whatever they call it now
[17:54] <webb> Oh... ok
[17:54] <shaggy2> I have used webmin once before. search google for help thats how I done it, but yes it does fault out
[17:55] <webb> eBox is now known as Zentyal
[17:55] <shaggy2> pmatulis: http://pastebin.com/BSWTLHQN
[17:55] <SpamapS> !ebox
[17:56] <pmatulis> shaggy2: no loopback interface huh?
[17:57] <shaggy2> there is
[17:57] <pmatulis> shaggy2: i don't see it in the file
[17:57] <webb> Thanks guys
[17:58] <webb> let me give it a try
[17:58] <shaggy2> # The loopback network interface
[17:58] <shaggy2> auto lo
[17:58] <shaggy2> iface lo inet loopback
[17:58] <shaggy2> sorry missed it in the selection
[17:58] <webb> :D  I think I will be back shortly asking for help...
[17:59] <shaggy2> heng on I will pastebin the whole file
[18:00] <shaggy2> pmatulis: http://pastebin.com/czJgRvFJ
[18:01] <shaggy2> I returned it to auto to see what happened on restart with that one
[18:01] <pmatulis> shaggy2: and the result?
[18:03] <shaggy2> http://pastebin.com/VQ3VzCnJ
[18:03] <webb> anyone knows is zentyal compatible with ubuntu server 10.10?
[18:04] <pmatulis> shaggy2: looks good
[18:05] <shaggy2> thats on auto, I want to chagne it to static cause I am changing the network addresses on my local systems so they are not public
[18:05] <SpamapS> webb: it should be
[18:06] <SpamapS> webb: looks like they're still calling it ebox even now in natty
[18:06] <SpamapS>       ebox | 2.0.16-0ubuntu1 | natty/universe | source, all
[18:06] <shaggy2> at I have a couple of items on my network that I don't want on the public ip's and I can not manualy set the ip for them so I have to do them on dhcp on the router
[18:09] <webb> SpamapS: Have a look at http://forum.zentyal.org/index.php?topic=5443.0
[18:09] <pmatulis> shaggy2: i would configure it manually to test
[18:10] <webb> It is important to notice that all Zentyal releases are based on the Ubuntu LTS versions. Each Zentyal release is based on the Ubuntu LTS version that is available at the moment the release is launched.
[18:10] <SpamapS> webb: ahh.. so in the regard.. you're not going to get much help from upstream. :-/
[18:10] <webb> So.. it's not compatible?
[18:16] <shaggy2> pmatulis: I got it to work, I reentered all the details that I changed, and then removed the dhcp3-client and it all works fine
[18:20] <pmatulis> shaggy2: nice
[18:49] <RoAkSoAx> kirkland: ok so installing a Fedora kvm instance with koan works. The ubuntu one not quite though! Looking into that now
[18:50] <zertyui> hello
[18:50] <zertyui> is there any incoherence  when you mysql and PostgreSQL on ubuntu lucid ?
[18:50] <zertyui> i mean on a same machine
[18:50] <jcole> i have a problem with automatic nsswitch and pam management.. i currently create a config for auth-client-config, but now i have pam-auth-update trying to also manage my pam configs.. this is causing my users lots of problems
[18:50] <jcole> so, what i would like to know, which method should i use to manage nsswitch and pam? auth-client-config? pam-auth-update? auth-client-config+pam-auth-update??
[18:51] <kirkland> RoAkSoAx: sweet
[18:51] <kirkland> RoAkSoAx: i reviewed the ~ubuntu-virt ppa cobbler, looks like a vast improvement over whats in Natty right now
[18:51] <kirkland> RoAkSoAx: i'm going to upload that now
[18:52] <jcole> i am supporting hardy on up
[18:52] <kirkland> RoAkSoAx: and then sponsor the cherry pick fix for https://bugs.launchpad.net/bugs/750402
[18:52] <kirkland> did SpamapS ever come online today?
[18:53] <RoAkSoAx> kirkland: yeah that sounds like a good plan
[18:53] <RoAkSoAx> kirkland: and yeah he was online
[18:53] <RoAkSoAx> SpamapS: ping
[18:53] <jcole> cjwatson: btw, you were tright, the automated installer issue i had for sources.list was due to a buggy app borking sources.list after install
[18:53] <kirkland> SpamapS: yo
[18:53] <kirkland> RoAkSoAx: oh, hmm
[18:54] <kirkland> RoAkSoAx: looks like some cruft leaked into debian/patches
[18:54] <kirkland> dpkg-source: info: applying debian-changes-2.1.0-0ubuntu3
[18:54] <kirkland> dpkg-source: info: applying debian-changes-2.1.0-0ubuntu3~ppa1
[18:55] <RoAkSoAx> kirkland: yeah I also though the same but the diff's didn't show anything on them
[18:55] <RoAkSoAx> so I just assumed it came from before
[18:55] <kirkland> RoAkSoAx: okay, i'll prune them
[18:55] <RoAkSoAx> alrighty
[18:56] <kirkland> RoAkSoAx: please forward 35_fix_hardlink_bin_path.patch to upstream cobbler
[18:56] <RoAkSoAx> kirkland: yes will do, will also fw 31_add_ubuntu_koan_utils_support.patch and 32_fix_koan_import_yum.patch
[18:57] <kirkland> RoAkSoAx: okay, uploaded cobbler_2.1.0-0ubuntu3_source.changes
[18:57] <kirkland> RoAkSoAx: yes, please do
[18:57] <RoAkSoAx> kirkland: awesome!
[18:57] <kirkland> RoAkSoAx: i don't think i can forward 33_authn_configfile.patch upstream
[18:57] <kirkland> RoAkSoAx: that'll need to be a minor config difference between us and them
[18:58] <RoAkSoAx> yeah that makes sense
[18:58] <kirkland> RoAkSoAx: we have debconf, so we can make auth config by default
[18:58] <RoAkSoAx> kirkland: but I think that's not needed if we use the cobbler user instead of creating new users
[18:58] <RoAkSoAx> let me check
[19:01] <jcole> on the wiki, it says to use auth client here (ldap) -> https://help.ubuntu.com/community/LDAPClientAuthentication#Notes%20for%207.10%20and%20later
[19:01] <jcole> but then, it says to use pam update here (active directory) https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto#PAM
[19:01] <RoAkSoAx> kirkland: yeah maybe they are enable that in their packaging too, but maybe not, so yeah that's not worth forwarding upstream
[19:03] <jcole> seems like debian doesnt have auth client so it must be an ubuntu only thing... debian uses pam update instead... but the problem with pam update is it doesnt manage nsswitch
[19:03] <jcole> so, should i use a combination of both?
[19:08] <jcole> fyi, these are my auth client configs for ldap only and ldap+kerberos -> http://pastebin.com/X0D90cFr
[19:08] <jcole> those configs work for hardy on up
[19:09] <jcole> im also using pam_mkhomedir and pam_ccreds (for offline ldap logins)
[19:10] <zertyui> hello there
[19:10] <cjwatson> jcole: cool, thanks for following up
[19:10] <zertyui> how to grep two content on the same time ?
[19:11] <jcole> cjwatson: thanks for pointing me to the d-i logfile, i had no idea d-i saved that
[19:12] <jcole> zertyui: grep -e string1 -e string2 file.txt ?
[19:12] <zertyui> how to apt-cache search grep two content ?
[19:12] <jcole> cjwatson: now im having an issue with my users logging into their boxen :/ pam-auth-update is clobbering auth-client-updates configs
[19:13] <jcole> zertyui: you can use regex with apt-cache search
[19:14] <zertyui> how ?
[19:15] <jcole> apt-cache search string1\|string2
[19:15] <cjwatson> jcole: nothing I know about, I'm afraid
[19:15] <jcole> zertyui: or, apt-cache search "string1|string2"
[19:15] <zertyui> dklmÃ¹*
[19:17] <jcole> cjwatson: what is the preferred method to manage nsswitch and pam on an ubuntu-server? seems like managing logins methods would be a trivial thing
[19:18] <pmatulis> jcole: auth-client-config
[19:19] <zertyui> you don't get my point
[19:19] <zertyui> what i mean is :
[19:19] <jcole> pmatulis: and what about pam-auth-update clobbering my auth-client-configs
[19:19] <pmatulis> jcole: well, don't do that then
[19:20] <jcole> pmatulis: this is my auth client configs -> http://pastebin.com/X0D90cFr
[19:20] <zertyui> i simply need to grep two content  like dev and postgresql     when i do apt-cache search postgresql |grep postgresql & dev
[19:20] <pmatulis> jcole: and?
[19:20] <jcole> pmatulis: those work fine, but pam-auth-update (which debian uses) clobbers my config
[19:20] <zertyui> how to do this ?
[19:21] <pmatulis> jcole: so don't use it
[19:21] <cjwatson> jcole: not my field, sorry
[19:22] <semiosis> zertyui: if you want to grep for 'a AND b', you can pipe from one grep to another... | grep a | grep b... will show lines containing both a AND b
[19:23] <jcole> pmatulis: how do i remove it?
[19:23] <semiosis> zertyui: if you want to grep for 'a OR b', you need to use the grep regexp for OR, which is vertical-bar |, so it needs to be escaped so the shell doesnt interpret it as a pipe... grep a\\\|b
[19:23] <pmatulis> jcole: the package?
[19:26] <zertyui> ok working
[19:26] <jcole> pmatulis: "apt-get remove --purge libpam-runtime" tries to remove "at* cron* gdm-guest-session* libpam-ck-connector* login* lsb-core* network-manager-pptp* network-manager-pptp-gnome* pppconfig* pppoeconf*  pptp-linux* ubuntu-desktop* ubuntu-standard*"
[19:26] <zertyui> thanks semiosis
[19:26] <semiosis> yw
[19:26] <jcole> pmatulis: i have it disabled in debconf also
[19:26] <zul> SpamapS: can you put openvpn on your list to upstartify for natty+1
[19:27] <pmatulis> jcole: boy, how did you come up with that command?
[19:27] <jcole> pmatulis: dpkg -S /usr/sbin/pam-auth-update
[19:27] <pmatulis> jcole: did you install it manually?
[19:27] <SpamapS> zul: That one seems like it could be very tricky..
[19:28] <SpamapS> zul: not that its simple w/ sysvinit.. but there are a number of ways openvpn is used.
[19:28] <zul> SpamapS: yeah i looked at it before and shudder
[19:28] <pmatulis> jcole: why not just leave it alone?
[19:28] <zul> SpamapS: i was just looking at bugs and there are bugs like openvpn is started after x
[19:29] <zertyui> is it possible to pickup a command from history ?
[19:29] <jcole> pmatulis: my users are getting libpam-runtime installed by default and pam-auth-update is borking their pam configs which are suppoe
[19:29] <jcole> bleh
[19:30] <SpamapS> zul: right.. there's really no reason to delay openvpn after its networking is available. The issue is that it sometimes needs a particular interface.. so we may need to be very smart and try starting it multiple times.
[19:30] <pmatulis> jcole: so stop using the command.  i don't get your problem really
[19:30] <zul> SpamapS: totally agreed
[19:30] <pmatulis> SpamapS: yes, like a bride, notably
[19:30] <pmatulis> heh
[19:30] <pmatulis> bridge
[19:30] <SpamapS> hahahaha
[19:31] <SpamapS> zul: do we have a server team idea pool yet?
[19:31] <jcole> pmatulis: im not using pam auth update it gets automatically ran when some libs are installed (like ldap, krb, etc.)
[19:31] <zul> SpamapS: nope afaik
[19:32] <jcole> libpam-runtime	libpam-runtime/override	boolean	false
[19:32] <jcole> pmatulis: that is the debconf value for disabling it ^^
[19:33] <pmatulis> jcole: that's weird - the interference, i've never seen it
[19:33] <SpamapS> pmatulis: meaning it creates a bridge, or needs a bridge before it starts? Therein lies the rub.. because its hard to know which.
[19:34] <jcole> pmatulis: tell you what, try this on your box: apt-get install krb5-config krb5-user ldap-utils libnss-db libnss-ldap libpam-ccreds libpam-krb5 libpam-ldap nss-updatedb
[19:34] <pmatulis> SpamapS: AFAIK, 'needs a bridge', but there is also the tap stuff that can screw things up
[19:35] <jcole> pmatulis: i support hardy on up, and some ubuntus dont have pam update, so you need a newer ubuntu
[19:35] <pmatulis> jcole: ah ok, "some ubuntus don't have pam update"
[19:36] <pmatulis> jcole: which release is borked?
[19:36] <jcole> pmatulis: now the problem is many of my users cant log into their boxen now
[19:36] <jcole> pmatulis: their pam config are all scerwed up
[19:37] <SpamapS> pmatulis: right, so I'm thinking we may need to really tightly integrate openvpn w/ upstart and run one upstart job per physical interface that comes up.
[19:37] <SpamapS> Which.. at that point, sounds like ifup-post.d
[19:38] <jcole> pmatulis: it looks like ldap/krb libs have config scripts for pam-auth-update so that must be why pam-auth-update is invoked
[19:38] <pmatulis> jcole: which release is borked?
[19:38] <jcole> pmatulis: i know at least lucid and maverick
[19:39] <pmatulis> jcole: er, these releases have both pam-auth-update and auth-client-config ?
[19:39] <SpamapS> hallyn_afk: ping re bug #574665
[19:39] <jcole> pmatulis: its not all my users... i think a pam-auth-update debconf box popped up for many of my users and they just hit enter or something
[19:40] <jcole> pmatulis: yes
[19:40] <pmatulis> jcole: best do a test yourself to make sure what the problem is
[19:41] <jcole> pmatulis: just install those packages above that i told you about and you will see pam-auth-update prompt to run
[19:41] <pmatulis> jcole: b/c such a thing would have caused an outrage.  i've been using ldap and kerberos lately and it 'just works'
[19:41] <hallyn_afk> SpamapS: yes?
[19:41] <jcole> pmatulis: try to revert/remove it (-r) and see what happens
[19:41] <pmatulis> jcole: why do you say the prompt is due to pam-auth-update?
[19:45] <jcole> pmatulis: im thinking maybe because im disabling pam-auth-update in debconf ("libpam-runtime libpam-runtime/override boolean false") there is no "bare" pam config being generated
[19:46] <pmatulis> jcole: you did that before experiencing any grief?
[19:46] <jcole> pmatulis: so, running auth-client-config does create a "bare" config for my users.. now, if they reverted auth-client-config, there is no "bare" config to go back to because pam-auth-update never created one in the first place
[19:48] <jcole> pmatulis: try to revert you auth-client-config (-r) and then try to login locally
[19:48] <jcole> pmatulis: chance is, you dont have a bare pam config that will work
[19:48] <pmatulis> 14:45 <     jcole> pmatulis: im thinking maybe because im disabling pam-auth-update in debconf ("libpam-runtime libpam-runtime/override boolean false") there is no "bare" pam config        Brumle
[19:48] <jcole> pmatulis: this is what i think the problem is
[19:48] <pmatulis>                    being generated                                                                                                                                                           c0nv1ct_
[19:48] <pmatulis> bleh
[19:49] <pmatulis> jcole: did you make the debconf change before things went pear-shaped?
[19:51] <jcole> pmatulis: there is a debconf prompt that asks you if you want pam-auth-update to manage you pam configs, setting that debconf value disables it
[19:51] <jcole> pmatulis: i am having auth-client-config manage my pam configs
[19:53] <pmatulis> jcole: well, like you hypothesize, it looks like these tools are inter-dependent
[19:53] <jcole> pmatulis: did you try to -r your auth-client-config and check if you can still login?
[19:53] <pmatulis> jcole: i'm not doing any tests right now
[19:56] <jcole> pmatulis: well, it seems i should use pam-auth-update to mange pam since all ubuntu/debian auth packages (ldap/krb/etc) now include configs for pam-auth-update
[19:56] <pmatulis> jcole: probably if you let the system do what it wants you should be good but that doesn't help you now does it?
[19:57] <jcole> pmatulis: i was using auth-client-update at first because the ubuntu wiki talks about it here -> https://wiki.ubuntu.com/AuthClientConfig
[19:58] <jcole> pmatulis: but, if its not the standard for ubuntu/debian packages then it doesnt make sense to use it anymore, especially after the issues im having
[19:58] <wwwd> Hey all! I used $useradd to create a user. When I try and log in I am getting a blank background with no control or desktop. The messages are: Could not update ICEauthority file /home/user/.ICEauthority, Ther is a problem with the configuration server (/usr/lib/libconf-2-4/config-sanity-check-2 exited with status 256). I have tried adding user to group and asigning privlidges. Any idea why this is happening?
[19:59] <wwwd> By the  way I also tried using the GUI >admin>users and groups...same
[19:59] <pmatulis> jcole: btw, you should have confirmed the proper way and then force that on your clients.  never let users configure that kind of stuff
[19:59] <jcole> pmatulis: i dont let my users configure there nss/pam
[20:00] <pmatulis> jcole: didn't you say that?
[20:00] <jcole> pmatulis: i have these configs that do it for them -> http://pastebin.com/X0D90cFr
[20:00] <jcole> their*
[20:00] <david5345> My Linux server clock is drifting too much. Both on 10.04 and 8.04 LTS I loose a lot of time. I found one server last week that lost 500 seconds in the space of 30 days. Why are my Ubuntu boxes having such a hard time keeping the time ?
[20:00] <pmatulis> 14:39 <     jcole> pmatulis: its not all my users... i think a pam-auth-update debconf box popped up for many of my users and they just hit enter or something
[20:01] <jcole> pmatulis: right
[20:01] <pmatulis> jcole: well, that's what should be avoided
[20:02] <jcole> pmatulis: i cant remove the package that has pam-auth-update
[20:02] <jcole> pmatulis: if i could, i would add a "conflicts" for it to my control file
[20:03] <pmatulis> jcole: how/why did such a thing run for them?
[20:03] <jcole> pmatulis: like i told you above, its after installing the krb/ldap libs
[20:04] <jcole> pmatulis: ubuntu/debian krb/ldap libs have configs included in them by default for pam-auth-update, so pam-auth-update prompts to run
[20:04] <pmatulis> jcole: right, so they should never install such packages
[20:05] <jcole> pmatulis: what?
[20:05] <SpamapS> hallyn: so, that package hasn't been uploaded to lucid-proposed yet, has it?
[20:05] <jcole> pmatulis: i want to enable ldap logins, so i need the ldap libs
[20:06] <pmatulis> jcole: it sounds like you're migrating existing systems so you should get into a management tool (puppet) or create a custom package that automates things
[20:06] <jcole> pmatulis: what is the alternate package for libpam-ldap that does not include pam-auth-update configs?
[20:06] <jcole> pmatulis: or libpam-krb?
[20:08] <jcole> pmatulis: is that on the ubuntu wiki/docs somewhere for managing logins?
[20:10] <kirkland> Daviey: zul: not much activity in #cobbler-devel, huh?
[20:10] <pmatulis> jcole: there are no alternate packages like that
[20:11] <zul> kirkland: more activity on the cobbler ml
[20:12] <kirkland> zul: i see
[20:12] <jcole> pmatulis: you suggested me not to install those libs so my users wouldnt get that prompt
[20:12] <jcole> pmatulis: those are the libs that enable ldap/krb in pam
[20:13] <pmatulis> jcole: you deliver them in another way i meant
[20:13] <jcole> pmatulis: apt-get install ?
[20:13] <pmatulis> jcole: no
[20:13] <hallyn> SpamapS: should'nt have been
[20:13] <hallyn> SpamapS: i don't know if it has been today, but don't think so
[20:13] <pmatulis> jcole: i gave you 2 ideas above
[20:15] <SpamapS> hallyn: I'm asking because verification-* usually has special meaning regarding testing the packages in -proposed
[20:15] <jcole> pmatulis: what im doing is very simple, manage nss/pam with a config file for auth-client-config, that's it
[20:15] <hallyn> SpamapS: then I goofed
[20:15] <pmatulis> jcole: how did modify debconf for these packages?
[20:16] <hallyn> SpamapS: i thought verification-needed/done were with respect to SRU process before going into -proposed
[20:16] <hallyn> SpamapS: pls to remove that tag :)
[20:16] <SpamapS> hallyn: ok, well it sounds like its ready for upload to -proposed. You have per-package upload on it right?
[20:16] <pmatulis> jcole: pam, ldap, kerberos is not simple i'm afraid.  especially when end users are doing the configuring
[20:17]  * hallyn tilts his head
[20:17] <jcole> pmatulis: in my package, i have depends on those krb/ldap libs above, an auth-client-config file and a debconf value that tells pam-auth-update "No" for managing pam
[20:17] <pmatulis> jcole: ah, so you have a custom package then
[20:17] <SpamapS> hallyn: ok so you should upload your package to lucid-proposed then and ask Richard to test again if he can from -proposed. ;)
[20:17] <hallyn> sigh, what's the bug# again.  this thing doesn't color usermsgs on playback
[20:18] <jcole> pmatulis: the problem is not with the krb or ldap config files themselves
[20:18] <SpamapS> bug #574665
[20:18] <hallyn> ah there it is
[20:18] <hallyn> thanks :)
[20:18] <SpamapS> hallyn: np. :)
[20:18] <hallyn> SpamapS: will do
[20:18] <hallyn> takes my mind off of the painful multiple-patch backport iw as trying to do
[20:18] <jcole> pmatulis: the problem is with the tools that are managing pam configurations
[20:19] <hallyn> also for lucid libvirt
[20:19] <pmatulis> jcole: did you roll out any clients with your package before users got involved?
[20:20] <jcole> pmatulis: you are telling me now to write a puppet system for managing pam configs instead of pam-auth-update or auth-client-config
[20:20] <pmatulis> jcole: no, it's just an idea that's related
[20:21] <pmatulis> jcole: i believe custom packages is the best solution for existing systems
[20:22] <hallyn> zul: is https://launchpadlibrarian.net/68220165/buildlog_ubuntu-natty-armel.lxc_0.7.4-0ubuntu4_FAILEDTOBUILD.txt.gz something you've seen before?
[20:23] <jcole> pmatulis: are you saying to create my own pam management system?
[20:23] <zul> hallyn: yep
[20:23] <pmatulis> jcole: no, AFAICT, you have modified packages that you're having users run.  that seems the best way
[20:24] <hallyn> zul: is it a transient error?  or a bug in the packaging?
[20:24] <jcole> pmatulis: im not modifying any packages
[20:24] <zul> hallyn: no i think its autoconf not recognizing arm ill look at it
[20:24] <jcole> pmatulis: i have a simple package that depends on those krb/ldap libs above, an auth-client-config file and a debconf value that tells pam-auth-update "No" for managing pam
[20:25] <hallyn> zul: thanks!
[20:25] <jcole> pmatulis: i could even put that in a shell script in 3 lines
[20:25] <jcole> pmatulis: its not complicated
[20:25] <pmatulis> jcole: fine, fine.  did you test it?
[20:26] <hallyn> SpamapS: oh maste,r what do you recommend?  Merging the bzr tree, or dputing a source package, for lucid-proposed?
[20:26] <jcole> pmatulis: yes, applying the auth-client-config works
[20:26] <jcole> pmatulis: it works perfectly
[20:27] <pmatulis> jcole: so, how does it go pear-shaped?
[20:27] <jcole> pmatulis: reverting the auth-client-config
[20:27] <pmatulis> jcole: why revert then?
[20:27] <Daviey> kirkland, seems not
[20:28] <SpamapS> hallyn: whatever results in the exact same package as your PPA had being uploaded. :)
[20:28] <SpamapS> hallyn: IMO, dput is probably simpler.. but merging *should* result in the same thing.
[20:28] <Daviey> kirkland, seems you and zul are most active :)
[20:29] <hallyn> SpamapS: all right i'll give UDD a sporting chance
[20:29] <jcole> pmatulis: many reasons, because some users want to remove the package or they dont want ldap logins, etc.
[20:29] <pmatulis> jcole: ah!
[20:29] <jcole> pmatulis: i think the reverted configuration is not bare enough to even allow local logins
[20:30] <jcole> pmatulis: sine pam-auth-update never runs
[20:30] <jcole> since*
[20:30] <jcole> pmatulis: so, im wondering if the recommended way on ubuntu is to use *both* pam-auth-update and auth-client-config
[20:30] <soren> ScottK: Wicked, thanks.
[20:32] <pmatulis> jcole: in my travels i have never seen the need to disable anything using debconfg
[20:33] <pmatulis> jcole: so i guess the answer to your wondering is 'yes'
[20:34] <jcole> pmatulis: youve never seen seeded debconf to configure/disable applications?
[20:35] <jcole> pmatulis: you can either do it manually with dpkg-reconfigure or with debconf-set-selections or a preseed file in a package
[20:38] <pmatulis> jcole: i meant in ldap/krb situation
[20:38] <jcole> pmatulis: dpkg-reconfigure krb5-config
[20:39] <pmatulis> jcole: "in my travels i have never seen the need to disable anything using debconf when using ldap/krb"
[20:42] <jcole> pmatulis: if pam-auth-update uses that debconf value to determine if it should manage pam configs or not, then how else should i tell pam-auth-update to not manage pam configs besides updating that debconf value?
[20:43] <jcole> pmatulis: thanks for the food for thought... im going to use a hybrid method
[20:44] <pmatulis> jcole: that's the thing, you *don't* tell it not to manage pam
[20:45] <pmatulis> jcole: basically i see your issue an 'overengineered problem'
[20:46] <jcole> pmatulis: how do you suggest to manage pam configs?
[20:47] <kirkland> Daviey: heh
[20:48] <jcole> pmatulis: i hardly see an auth-client-update config file or an pam-auth-update config file as "over-engineering"
[20:48] <RoAkSoAx> kirkland: so It seems that once I finish patching koan to install Ubuntu KVM's, using the NQA pressed is going to be trivial
[20:48] <kirkland> Daviey: I'd rather just talk to zul in #ubuntu-server then :-)
[20:49] <kirkland> RoAkSoAx: neat
[20:49] <adam_g_> hi--does anyone know if there has been any progress or news regarding this issue, other than what is on the ticket? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/666211 -- ive been running into the same issue between different filesystems and block device flavors repeadetly over the last 1.5 weeks on ec2
[20:55] <pmatulis> jcole: over-engineering by disabling stuff.  you don't need to do that
[20:55] <pmatulis> jcole: and as you see, it messes things up
[20:57] <smoser> adam_g_, i think, unfortunately, the bug has the right status
[20:57] <smoser> i do not htink that smb has been able to make any progress on it.
[20:58] <smoser> but having an easy recreate would be helpful
[20:59] <jcole> pmatulis: disabling pam-auth-update and using auth-client-config, is like disabling exim so you can use postfix
[20:59] <adam_g_> smoser: i wouldn't say i can reliably reproduce on-demand, but i come across it frequently enough.
[21:14] <pmatulis> jcole: that's your assumption.  it may not be correct.  and like i said, i never needed to do such a thing and i never had such a problem
[21:32] <io_error> Hello! I am about to install 10.04 LTS on a private KVM virtual machine. Should I: "Install Ubuntu Server" or "Install Ubuntu Enterprise Cloud"? What's the difference?
[21:33] <lenios> io_error, you should install server
[21:34] <io_error> lenios: Thanks. But what's the difference?
[21:34] <io_error> The website is so full of marketing buzzspeak that I can't tell what's really going on
[21:35] <RoAkSoAx> io_error: it says it there "Ubuntu Enterprise Cloud"
[21:35] <RoAkSoAx> io_error: Install Ubuntu Server installs only the server compoennets
[21:35] <lenios> if you want to create your cloud using ubuntu, you'll use "install ubuntu enterprise cloud"
[21:35] <RoAkSoAx> to run whatever you want
[21:35] <io_error> lenios: OK, so it installs the tools you would build a private cloud with?
[21:35] <RoAkSoAx> while the other than installs a server, but with the software package for Eucalyptus based Cloud
[21:35] <lenios> yes
[21:36] <io_error> RoAkSoAx, lenios: Ah, now I get it. Thanks :) Not building any private clouds today...
[21:37] <io_error> Just want a local build environment so I don't have to pay for a bunch of extra EC2 instances :)
[21:51] <kirkland> RoAkSoAx: i just uploaded another cobbler fix
[21:52] <kirkland> RoAkSoAx: you want to put together an upload with an nqa preseed?
[22:33] <ghostrocket> hi all - when i run a full-upgrade on my ubuntu ami box, is that the equivalent of using the latest daily build?
[22:58] <RoAkSoAx> hallyn: ping?
[22:58] <hallyn> RoAkSoAx: yeah?
[22:58] <RoAkSoAx> hallyn: howdy! I was wondering if you know how does libvirt treat ubuntu distros?
[22:59] <RoAkSoAx> hallyn: cause I'm working on cobbler, and it throws this:  virtinst library does not understand variant natty, treating as generic
[23:00] <hallyn> virtinst != libvirt
[23:00] <hallyn> isn't it part of virt-tools?
[23:00] <hallyn> mdeslaur does more with that than I do (and much appreciated by me, too)
[23:01] <RoAkSoAx> argh right, just noticed :)
[23:01] <RoAkSoAx> hallyn: alright, I'll nag him
[23:01] <RoAkSoAx> thanks :)
[23:10] <shaiguit1r> Hey, I read https://help.ubuntu.com/10.04/serverguide/C/postfix.html but I'm a bit stuck when I telnet to port 25 (postfix master running there) it hangs on CLOSED tcp
[23:11] <raphink_> shaiguit1r: is postfix running?
[23:11] <shaiguit1r> CLOSE_WAIT that is
[23:11] <shaiguit1r> raphink_: yeah
[23:11] <raphink_> ps axuww | grep postfix
[23:12] <shaiguit1r> shai@Ubuntu-1004-lucid-32-minimal ~ $ sudo lsof -i:25
[23:12] <shaiguit1r> COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
[23:12] <shaiguit1r> master  14056 root   12u  IPv4 331903      0t0  TCP *:smtp (LISTEN)
[23:12] <shaiguit1r> master  14056 root   13u  IPv6 331905      0t0  TCP *:smtp (LISTEN)
[23:12] <shaiguit1r> ai@Ubuntu-1004-lucid-32-minimal ~ $  ps axuww | grep postfix
[23:12] <shaiguit1r> root     14056  0.0  0.1   5812  1792 ?        Ss   Apr04   0:00 /usr/lib/postfix/master
[23:12] <shaiguit1r> postfix  14360  0.0  0.1   5828  1692 ?        S    00:07   0:00 pickup -l -t fifo -u -c
[23:12] <shaiguit1r> postfix  14361  0.0  0.1   5872  1720 ?        S    00:07   0:00 qmgr -l -t fifo -u
[23:12] <shaiguit1r> postfix  14376  0.0  0.1   5824  1708 ?        S    00:08   0:00 proxymap -t unix -u
[23:12] <raphink_> do you have a local firewall?
[23:12] <shaiguit1r> hmm yes
[23:13] <raphink_> sudo iptables -L
[23:13] <shaiguit1r> That might be crapping things, but TBH I'm pretty n00b with iptables, so not sure
[23:13] <shaiguit1r> sec
[23:13] <shaiguit1r> ta!
[23:13] <shaiguit1r> raphink_: http://pastie.org/pastes/1756312/text?key=mpwx9lk5fcuxpqmrmtoya
[23:14] <shaiguit1r> line 8 has smtp
[23:14] <shaiguit1r> open
[23:14] <shaiguit1r> If I got it right :P
[23:15] <raphink_> looks good to me
[23:15] <shaiguit1r> Hmm, OK
[23:15] <raphink_> what do you see in /var/log/mail.log when you try to telnet localhost 25 ?
[23:15] <raphink_> you're supposed to see something like
[23:15] <raphink_> Apr  5 00:14:48 jonah postfix/smtpd[18408]: connect from localhost.localdomain[127.0.0.1]
[23:15] <raphink_> Apr  5 00:14:53 jonah postfix/smtpd[18408]: disconnect from localhost.localdomain[127.0.0.1]
[23:16] <shaiguit1r> oh wow that's lame
[23:16] <shaiguit1r> http://pastie.org/private/mpwx9lk5fcuxpqmrmtoya
[23:16] <shaiguit1r> raphink_: ^
[23:17] <raphink_> hehe
[23:17] <shaiguit1r> Sorry I'm pretty new at this
[23:17] <patdk-lap> yep, if there is any config issue, smtpd wil lbomb
[23:17] <raphink_> the fatal lines don't look too good ;-)
[23:17] <shaiguit1r> that's weird though, I followed:
[23:17] <shaiguit1r> https://help.ubuntu.com/10.04/serverguide/C/postfix.html
[23:17] <shaiguit1r> on 10.04 ubuntu
[23:17] <raphink_> let's see, you're missing aliases.db
[23:17] <shaiguit1r> there's no mention of /etc/aliases.db
[23:17] <raphink_> try
[23:18] <raphink_> sudo touch /etc/aliases
[23:18] <raphink_> sudo newaliases
[23:18] <patdk-lap> aliases comes in by default
[23:18] <patdk-lap> normally setup by the installer
[23:18] <shaiguit1r> root@Ubuntu-1004-lucid-32-minimal ~ # ls /etc/aliases.db
[23:18] <shaiguit1r> ls: cannot access /etc/aliases.db: No such file or directory
[23:18] <shaiguit1r> root@Ubuntu-1004-lucid-32-minimal ~ # ls /etc/aliases
[23:18] <shaiguit1r> /etc/aliases
[23:18] <shaiguit1r> root@Ubuntu-1004-lucid-32-minimal ~ # cat /etc/aliases
[23:18] <shaiguit1r> # See man 5 aliases for format
[23:18] <shaiguit1r> postmaster:    root
[23:18] <raphink_> sudo service postfix restart
[23:18] <raphink_> then you're just missing "sudo newaliases" shaiguit1r
[23:18] <shaiguit1r>  sudo touch /etc/aliases &&  sudo newaliases &&  sudo service postfix restart
[23:19] <shaiguit1r> ?
[23:19] <raphink_> yes
[23:19] <raphink_> the touch is not necessary since you already have the file
[23:19] <shaiguit1r> root@Ubuntu-1004-lucid-32-minimal ~ # sudo newaliases
[23:19] <shaiguit1r> postalias: fatal: open database /etc/aliases.db: Permission denied
[23:20] <shaiguit1r> Need to touch the db file first?
[23:20] <raphink_> huhu
[23:20] <raphink_> is your filesystem OK ? ;-)
[23:20] <shaiguit1r> oh dont' get me worried :)
[23:21] <patdk-lap> newalias doesn't careabout timestamps
[23:21] <patdk-lap> it updates it, no matter what
[23:21]  * shaiguit1r straces it
[23:21] <red2kic> I have a question about whois.net -- Am I allowed to contact the owner? I hate lawyer jargons.
[23:21] <raphink_> patdk-lap: I had recommended the touch in case the file didn't exist, not because of the timestamp
[23:21] <patdk-lap> I know
[23:22] <patdk-lap> but he seems to be stuck on timestamps
[23:22] <shaiguit1r> hmm, weird!
[23:22] <shaiguit1r> even after touching the file, it doesn't open it, and I'm root.
[23:22] <raphink_> red2kic: the owner of whois.net ? or the owner of a domain?
[23:23] <red2kic> raphink_: The owner of a domain name.
[23:23] <raphink_> red2kic: if you've got the address, what prevents you from writing to someone?
[23:23] <raphink_> shaiguit1r: did you check that your partition is not mounted read-only?
[23:24] <red2kic> raphink_: I pretty much have little next to zero experiences with websites.
[23:25] <patdk-lap> people call me from my whois info all the time
[23:26] <patdk-lap> the usa spammer that did it, has moved to china though
[23:26] <shaiguit1r> raphink_: I can touch and rm the file, so I doubt it.
[23:26] <raphink_> by the way red2kic, there's a `whois` command that does the same as whois.net
[23:27] <raphink_> shaiguit1r: do you have selinux set up on this box?
[23:27] <shaiguit1r> root@Ubuntu-1004-lucid-32-minimal ~ # touch /etc/aliases.db && rm /etc/aliases.db && echo $?
[23:27] <shaiguit1r> 0
[23:27] <shaiguit1r> nope, don't think so
[23:27] <red2kic> raphink_: Ah. That's a cool command!
[23:28] <raphink_> shaiguit1r: you could still check
[23:28] <raphink_> ps axZ | grep postfix
[23:28] <raphink_> to see if it's confined
[23:28] <shaiguit1r> bah!
[23:28] <shaiguit1r> raphink_: my bad, /etc/aliases was owned by www-data!
[23:28] <shaiguit1r> for some reason
[23:28] <shaiguit1r> say, all of /etc/ should be owned by root, is that correct?
[23:29] <raphink_> that shouldn't prevent root from writing to /etc/aliases.db
[23:29] <shaiguit1r> newaliases just worked
[23:29] <shaiguit1r> it did
[23:29] <raphink_> really
[23:29] <shaiguit1r> -rw-r--r-- 1 www-data www-data 51 2011-04-05 00:19 /etc/aliases
[23:29] <shaiguit1r> other doesn't have w
[23:29] <shaiguit1r> but yeah,that's weird.
[23:29] <raphink_> that said, it's a better idea to give /etc/aliases to root than www-data ;-)
[23:29] <shaiguit1r> :)
[23:29] <shaiguit1r> right
[23:29] <raphink_> given your system conffiles to apache's user is usually a bad idea for other reasons ;-)
[23:30] <shaiguit1r> thanks. So all of /etc/ can safely be moved to root right?
[23:30] <raphink_> let's see
[23:30] <raphink_> in general, yes, but not always
[23:30] <raphink_> sudo find /etc/ -not -user root -exec ls -l {} \;
[23:30] <raphink_> I've got a few files that don't belong to root
[23:31] <shaiguit1r> which pacakges?
[23:31] <raphink_> openfire configurations for example
[23:31] <raphink_> but that's not standard confs
[23:31] <raphink_> in general, everything belongs to root there
[23:31] <shauno> I've only got one, bind/rndc.key is bind:bind.  a fair few which aren't root's group tho
[23:31] <shaiguit1r> oh which?
[23:32] <shaiguit1r> ah for DNS
[23:32] <shaiguit1r> nothing else?
[23:33] <raphink_> sudo find /etc/ -not -user root -exec ls -l {} \;
[23:33] <raphink_> will list the files that don't belong to root
[23:37] <shauno> http://paste.ubuntu.com/589454/   that's a fairly boring box, mail & dns.  group ownerships seem to be used in a fair few places tho
[23:37] <shauno> root:root is a sane plan if your ownerships are seriously messed up, but there will be cleaning up to do
[23:37] <shauno> (enough cleaning up that it wouldn't be my Plan A)
[23:41] <patdk-lap> heh, my list of not root is much much larger
[23:41] <patdk-lap> and my system isn't screwed up :)
[23:42] <shaiguit1r> heh
[23:42] <shaiguit1r> I did that chown to www-data in the past, it was my bad.
[23:42] <patdk-lap> couchdb, quagga, ssl, shadow, cups, backuppc, munin
[23:43] <patdk-lap> seems to be the big offenders
[23:43] <shaiguit1r> chowne dit back to root, we'll work our way through problems next up.
[23:44] <shaiguit1r> OK, so the postfix works great, thanks for the help!
[23:44] <shaiguit1r> Great community.
[23:44] <shaiguit1r> ta.