=== System is now known as Guest9939 [01:02] New bug: #764094 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/764094 [01:02] New bug: #764096 in postfix (main) "DNS hostname lookups fail in chroot after natty upgrade" [Undecided,New] https://launchpad.net/bugs/764096 === dendro-afk is now known as dendrobates === dendrobates is now known as dendro-afk [03:31] hello, I've just finished installing LAMP in my server [03:32] what I need to do next? [03:34] van7hu: that rather depends what you want to achieve. [03:35] twb:I just want to develop a local website to test [03:35] twb: How could I do that [03:36] twb: if I want to test whether my website is working, localhost? [03:36] I imagine so. [03:36] Or if your server and desktop are separate systems (as we recommend), it would be http:// [03:37] twb: I am in a LAN network [03:38] I don't see how that matters. [04:08] how to I install LAMP in a command? [04:08] sudo tasksel? [04:10] ah yeah [04:10] thanks [04:15] twb: sorry [04:15] but what I need to do [04:16] it shows me an select, but how could I select, what button to use? [04:16] There should be a LAMP option there [04:16] yes [04:16] So pick it [04:16] but I could not select it [04:20] bump, what button should I use to choose it [04:20] space? [04:20] Dunno, I don't use that stuff [04:20] ah, thanks [04:20] I check all keyboard, except it [04:21] hi, does anyone know how to clear the mailqueue on courier [04:21] ? [04:24] The_Kernel: is there a mailq or postqueue command or similar? [04:25] I found it [04:25] The_Kernel: maybe dpkg -L courier-thingy | grep sbin -OK [04:25] jsut had to figure out how to ask google properly [04:30] I want to update qemu-kvm package from default version 0.12.5 to the latest 0.14.0 without breaking any other dependencies on ubuntu-server maverick. I see that Natty has 0.14 version. Can someone here tell me how can i do it in maverick. Thanks [04:32] KVM version appears to be 1:84+dfsg-0ubuntu16+0.12.5+noroms+0ubuntu7.2 [04:32] Do you mean the 0.12.5 part of that ? [04:33] Ah, I guess you mean the qemu-kvm source package. [04:33] yes twb [04:33] qemu-kvm | 0.12.5+noroms-0ubuntu7 | maverick | source, amd64, i386 [04:33] qemu-kvm | 0.14.0+noroms-0ubuntu4 | natty | source, amd64, i386 [04:34] Unless there's already a reliable backport, you will want to roll your own. This is not something inexperienced packagers should do. [04:34] :( [04:35] That, or upgrade your system to natty. IIRC that hasn't been released, so that wouldn't be a good idea either. [04:36] cant i do manual install of the new package with all the dependencies ? and then use the absolute path to run kvm? [04:37] If you're happy to make your system less reliable, maintainable, and secure -- sure. [04:38] :( [04:38] Why do you want the newer qemu-kvm? [04:41] so the newer kvm supports a feature called vhost which improves network throughput between kvm guests ! [04:42] well, natty IS about to release, so if you can wait a week or two, do that [04:43] otherwise, I agree, rolling your own package is the best option [04:43] everything else is too messy [04:44] Unless you're burning for that feature, I advise you to wait [04:44] IMO backporting like that is only worth it to get show-stopper bugfixes/features/security patches. [04:45] e.g. I do it for openldap because otherwise I can't use sudo-ldap and users can't reset their own passwords. [04:46] That and eatmydata, because lucid's dpkg is particularly silly wrt I/O [04:57] ok I am very desperate to test this out ! today or tomorrow. [04:58] I think I will go for Natty.. Can I download beta yet? [04:59] are there any issues that I should be worried about while swithcing to the beta? [05:18] I don't know. I only run LTS releases [05:18] IMO non-LTS releases are ALL flaky [05:42] no trying out unity for you? [05:42] I don't use GUIs [05:43] hardcore [05:43] Not my fault if normals are weak [05:43] I couldn't do that. I need some GUI for web browsing [05:43] what do you use? lynx, links? [05:44] I do launch X on demand for web banking ("xinit /usr/bin/opera http://bank.example.net/") [05:44] For normal browser I use emacs-w3m and w3m [05:44] They support inline images, which is about the only "GUI-y" feature I really need for browsing [05:44] humm, haven't tried emacs-w3m [05:44] humm [05:44] emacs-w3m is more-or-less just w3m inside emacs [05:45] It's not actually *implemented* that way, but that's what the users see [05:45] humm [05:45] I know not of this [05:45] looks interesting though [05:46] The real kicker is to use intelfb to get native resolution on the framebuffer, and kbd+console-setup to get nice small terminus 12x6 font [05:46] Oh, and setterm to get nice colours [05:46] yea, doesn't sound like a hassel or anything :P [05:46] Shrug [05:46] hehe [05:47] It's no harder than xf86.conf used to be [05:47] ah, haven't really had to deal with that sutff [05:47] THese days xorg.conf isn't needed, it's all auto-detected [05:48] ten years ago, not so much [05:48] but I'm sure it's great once it's all configured [05:48] um hum [05:48] you use emacs for irc as well then? [05:48] For me, fbcon looks pretty much identical to X+ratpoison+xterm [05:48] Datz: yes [05:48] ah [05:48] cools [05:48] Try "emacs -f irc" [05:48] haven't tried that out, pretty used to irssi [05:49] hey look it autoconnects to freenode [05:49] is that the -f ? [05:49] No -f is like M-x [05:49] humm [05:50] so.. I don't know how to use it anyway :) [05:50] Without configuration, M-x irc should connect you to #emacs on freenode automatically [05:50] Or maybe #rcirc, I forget. [05:50] oh.. I see it's just working [05:50] That's only one of the IRC clients, though [05:50] test [05:50] heh [05:50] Emacs also ships with M-x erc, and there are a handful of others to install [05:50] ah [05:51] "darcs get http://cyber.com.au/~twb" for my dotfiles, if you feel like looking around them [05:51] maybe I'll have to look into emacs irc a bit more [05:52] thanks, I'll have a look [05:52] Damn, permissions are broken on that [05:52] ah [05:53] You can hit individual files in there, but autoindexing is disabled [05:53] So e.g. http://cyber.com.au/~twb/.profile [05:54] humm [06:00] OK, *now* "darcs get" should work. === TheKernel is now known as Guest83425 === dendro-afk is now known as dendrobates [09:56] Is someone familiar here with tomcat clustering? [10:13] adac: I've done a bit in the past; might be a bit rusty - whats your question? [10:14] jamespage, I was wondering how seesion replication works with simple: "" flag? [10:14] do you know whcih port is used for to exange the sessions? [10:14] Wow, already I'm glad I don't know [10:15] adac: http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html - should have all the information you need [10:16] jamespage, I know that page already ;) [10:17] adac: "The TCP port listening for replication messages is the first available server socket in rangeĀ 4000-4100" [10:18] adac: I think that multicast is just used for control across the cluster - the TCP port is used for replication [10:18] jamespage, oh i see [10:18] adac: so more that likely it will be port 4000 - but it might not be :-) [10:19] jamespage, hehe [10:19] lets try it out [10:20] there are only a hundred possibilities right? =) [10:20] no but maybe I can fix his port somehow [10:20] set it by default [10:23] adac: org.apache.catalina.tribes.transport.nio.NioReceiver is the configuration element that will probably do this for you [10:23] jamespage, yes you right this looks like the place to set this port [10:26] adac: http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-receiver.html - more info [10:28] adac: autoBind="0" might do the job - worth testing though. [10:29] jamespage, still no luck... with 4000, lets try with autobind="0" [10:31] New bug: #764391 in cobbler (universe) "cobbler fails to manage bind9 " [Undecided,New] https://launchpad.net/bugs/764391 [10:35] jamespage, still does not work even with autobind=0. This is wath i have on both tomcat servers now (two own server): http://pastie.org/1806441 [10:38] adac: what behaviour are you actually seeing? [10:38] balancing is fine, it switches when one tomcat goes down. but the session is lost, jamespage [10:38] so when one tc goes down, and i reload the page a new session appears [10:40] adac: have you set the flag in the web application web.xml? [10:40] jamespage, yes i did [10:41] adac: anything that might indicate that its not working in the tomcat logs? [10:43] wait a second jamespage I will check that [10:50] jamespage, hmm on starting up tomcat 2 says: Apr 18, 2011 11:46:43 AM org.apache.coyote.AbstractProtocolHandler init [10:50] INFO: Initializing ProtocolHandler ["http-bio-8080"] [10:50] Apr 18, 2011 11:46:43 AM org.apache.coyote.AbstractProtocolHandler init [10:50] INFO: Initializing ProtocolHandler ["ajp-bio-8009"] [10:50] Apr 18, 2011 11:46:43 AM org.apache.catalina.startup.Catalina load [10:50] INFO: Initialization processed in 2983 ms [10:50] Apr 18, 2011 11:46:43 AM org.apache.catalina.core.StandardService startInternal [10:50] INFO: Starting service Catalina [10:50] Apr 18, 2011 11:46:43 AM org.apache.catalina.core.StandardEngine startInternal [10:50] INFO: Starting Servlet Engine: Apache Tomcat/7.0.11 [10:50] Apr 18, 2011 11:46:43 AM org.apache.catalina.ha.tcp.SimpleTcpCluster startInternal [10:50] INFO: Cluster is about to start [10:50] Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.transport.ReceiverBase bind [10:50] INFO: Receiver Server Socket bound to:/188.40.170.187:4000 [10:50] Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket [10:50] INFO: Setting cluster mcast soTimeout to 500 [10:50] Apr 18, 2011 11:46:44 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers [10:50] INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 [10:50] Apr 18, 2011 11:46:45 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers [10:50] INFO: Done sleeping, membership established, start level:4 [10:50] Apr 18, 2011 11:46:45 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers [10:50] INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 [10:50] Apr 18, 2011 11:46:46 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers [10:50] INFO: Done sleeping, membership established, start level:8 [10:50] ouch sorry [10:51] Apr 18, 2011 11:49:38 AM org.apache.catalina.ha.session.DeltaManager startInternal [10:51] INFO: Starting clustering manager at localhost#/cluster [10:51] jamespage, ^^ this one [10:51] Apr 18, 2011 11:49:38 AM org.apache.catalina.ha.session.DeltaManager getAllClusterSessions [10:51] INFO: Manager [localhost#/cluster]: skipping state transfer. No members active in cluster group. [10:52] adac: it looks like the cluster manager is binding to localhost rather than the real IP of the server [10:54] jamespage, ok I will ahve anotehr look on the config [10:54] adac: once your tomcat instances are started take a look and see where they are binding to [10:55] if you see port 4000 on localhost you might need to use the 'address' parameter in the configuration [10:55] i.e. auto might not be working quite as expected! [10:58] jamespage, http://pastie.org/1806506 thist is the startup [10:58] message [10:59] adac: just spotted you are using Tomcat 7 [10:59] * jamespage goes to see if anything is differnt [11:00] jamespage, shoudn't be that different [11:00] :) [11:00] adac: it would appear so [11:00] bu maybe there is a tiny tiny little thing [11:00] like ession replication [11:00] that is different hehe [11:01] !pastebin [11:01] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [11:02] adac: well it could be - it would appear that the two nodes are not forming a cluster - this is done over the multcast address [11:02] adac: assume that is consistent between the two nodes? [11:02] jamespage, taht was exactyl the nextquestion I wanted to ask you [11:02] thsi mulitcast thing [11:03] is this soemthing tomcat internal [11:03] or is this a real network adress? [11:03] ip adress [11:04] adac: its not tomcat internal - http://en.wikipedia.org/wiki/Multicast [11:04] adac: its a nice efficient way of getting information to a large number of nodes without sending it to each individually. [11:05] adac: the two nodes in your cluster need to use the same multicast IP address AND port number. [11:05] I see so this is a network setup [11:05] adac: you should not need todo anything else to your systems network configuration [11:06] no? [11:06] only give this ip that the tomcat docs suggest? [11:06] within the server.xml [11:08] ^^jamespage [11:08] adac: Error: "^jamespage" is not a valid command. [11:08] hehe [11:09] adac: you should only need to specify this in the server.xml [11:10] adac: if you execute 'ifconfig -a' you should see that 'MULTICAST' is mentioned in the output for your network adapters. [11:12] jamespage, http://pastie.org/1806558 this is what ifconfig -a gives me [11:13] so it seems that multicast is missing... [11:13] right? [11:14] adac: yes - no multicast no cluster comms :-( [11:14] adac: are you running this in a container? [11:14] this is a openvz container, yes jamespage [11:14] hehe [11:14] adac: thought so [11:15] but all fine now I finall know what is wring [11:15] wrong [11:15] adac: great - glad I could help :-) [11:15] thank you a lot jamespage!! [11:15] adac: np [11:25] Daviey: as I'm fixing up the bind9 integration for cobbler do you think bind9 should be added to suggests? [12:16] jamespage, suggests sounds safe. [12:16] jamespage, suggests doesn't add much value... but is logical. [12:21] Daviey: ack [12:51] command: "brctl addbr vzbr0" error: "add bridge failed: Package not installed" Do you guys have an idea? The package is installed [12:52] does the kernel not know how to handle it maybe? [12:57] I've tried a few times and failed. How would I write a .htaccess file to redirect my /map/ to my map subdomain? [13:06] hello, i would like to add a site in apache2 for wildcard subdomains. kinda like *.dev.domain > /var/www-dev/* can anyone help me with it please, i use the lamp package which comes with ubuntu server [13:16] is it possible to restrict access to a certain account over ssh for 1 ip? [13:17] or does adding ip limitation apply to all accounts? [13:19] m|kael: you'll need something like this: http://httpd.apache.org/docs/2.2/rewrite/vhosts.html [13:20] JanC: thank you, ill check it out [13:21] JanC: so its not possible to add a site in /etc/apache2/sites-available ? [13:22] eh, you *have* to [13:23] JanC: kk [13:28] morning [13:34] jamespage, is your cobbler branch good to go? [13:34] Daviey: just testing now [13:34] cool [13:39] anybody here used varnish? I have installed varnish on http://www.bitesource.com/ and enabled detailed headers according to http://www.varnish-cache.org/trac/wiki/VCLExampleHitMissHeader. Problem? Its a MISS for everything and X-Cacheable is always NotCacheable for some reason [13:44] Daviey: cobbler branch now GTG if you would like to sponsor :-) [13:44] jamespage, you rockstar [13:46] jamespage, Maybe next cycle the bind binary could be a config option, and we could submit that upstream [13:46] Daviey: that would be a good idea; more time than we have ATM but def next cycle [13:47] jamespage, agreed [14:02] kirkland: ping [14:03] anyone up for a challenge? http://ubuntuforums.org/showthread.php?t=1725957 [14:03] Or so it seems by the lack of response... [14:07] jfb_h20, this is ubuntu server, not ubuntu or ubuntu laptop help [14:08] patdk-wk: thanks. I know, seems though that folks here are a little more focused... a lot of noise on #ubuntu, but i'll give it a ping over there if you think it's better. [14:09] patdk-wk: I guess though, given it's a GPU issue, 'server' might not be the best place ;) === mjeanson_ is now known as mjeanson [14:54] jamespage, I just wnated to let you now there is a new mechanism with memcached for the session replication: http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration [14:55] morning all [14:58] adac: thanks for the pointer - looks interesting [14:58] adac: considering looking at packaging tomcat7 next cycle and this might make a nice supplement. [14:58] jamespage, I knew you would like it [14:58] :) [15:06] what was that software that was around the kernel level for keeping file systems in sync across disks? [15:07] mdadm? [15:07] er.... across different systems.. [15:08] heh, nothing stopd mdadm from doing radi1 between systems :) [15:08] drbd? [15:08] THAT! [15:08] Thanks :D [15:09] hmm, raid1 two iscsi mounts :) [15:10] which would also work great; not for me - someone on cheap hardware that thinks they're going to do a high availability setup; sounds like that's what they're looking for [15:46] patdk-wk: what sort of iscsi target? [15:46] any, I was just saying it is easy to setup mdadm to use disks across different physical systems [15:59] Daviey, i un-milestoned bug 745930 [15:59] Launchpad bug 745930 in cloud-init "cloud-init timeout waiting for metadata service on EC2" [Low,New] https://launchpad.net/bugs/745930 [16:00] smoser, why? [16:00] because its not a bug. its hardware failure. [16:01] hardware, or platform, or *something* failure. [16:01] i can't fix amazon's platform bug. === rpinson_ is now known as raphink [16:21] smoser, you should. [16:27] New bug: #745008 in samba (main) "Files left behind on upgrade from Maverick" [Undecided,New] https://launchpad.net/bugs/745008 [16:30] patdk-wk, have you ever actually deployed that setup, without corrupting your data? [16:32] never said it was very sane :) [16:32] and drbd defently doesn't protect you from data corruption [16:32] * SpamapS stretches [16:32] morning people [16:32] drbd is an availability solution, not a backup solution. :) [16:32] busy studing xkcd today [16:33] drbd, in mode C, with a battery backed cache is extremely reliable [16:34] yes, as an availability solution. :) [16:34] sure [16:34] your DB could still mangle all the data due to a bit error [16:34] if it does, then it's a bug in drbd [16:34] snapshots, transaction logs, offsites ... backups will never go out of style. :) [16:34] or the drive is bad [16:35] that's why it's recommended to use a smart raid in such a deployment [16:35] what is "smart raid" ? [16:36] * SpamapS guesses its the kind where the pirates don't get drunk before they land [16:36] no idea, cause I have had raid cards freak out, and cause the drive array to go nuts [16:36] something that checks your disk's integrity on a regular schedule [16:36] though DRBD has a verify feature too [16:37] having said all of that, I'd much rather prefer a good SAN [16:38] What would you use as a SAN head? [16:38] :P [16:38] an FT machine like a Stratus box [16:39] ppetraki: how does it know what the integrity of MySQL tables is? [16:39] a SAN is not an availability solution. :) [16:39] SpamapS, it doesn't, but in mode C, it can't complete the IO unless it receives verification from the other side [16:39] ppetraki: I'm well aware of how drbd works, having been a user since 2000. :) [16:40] SpamapS, :) [16:40] ppetraki: I still copied everything to tapes once a day. :) [16:40] SpamapS, never said it was a backup replacement [16:41] Right, somebody asked if drbd protects you from data corruption. [16:41] emphatically, *no* [16:41] SpamapS, I simply wanted to emphasis that DRBD is better suited for "raid 1 over the network" than iSCSI/MDADM [16:41] ppetraki: But, with 3-way replaction with DRBD (as disaster recovery) might be cofused as backups [16:42] actually the question was what replicates filesystems across disks [16:42] RoAkSoAx, well, the 3 way sometimes makes good sense if the third node is the backup server [16:42] it wasn't till later the question was modified to across servers [16:42] SpamapS: indeed, but that's why we use fencing, but even drbd has its own preventing methods, but of course, those are not a complete solution [16:43] ppetraki: indeed, but the idea of the 3-way replication was specifically use it as a backup server [16:43] SpamapS, nothing perfect, but with battery backed storage controllers, UPS, and proper fencing you can get close [16:43] ppetraki: however, it is now used as site replacation [16:43] ppetraki: and some sense of a 4 node cluster [16:44] or 4 way replication [16:44] s/way/node [16:45] there's also some FS's now that replicate across network instead of using block level replication [16:46] glusterfs is pretty cool.. ceph will follow btrfs into the mainstream and should be pretty awesome [16:46] DRBD is neat, but the supporting community is too small to get real free help [16:47] I can remember several instances where I've gotten responses that basically said "if you only had a support contract" [16:47] ppetraki: those are the sales guys lol [16:47] ppetraki: but anyways, they do have good documentation [16:47] RoAkSoAx, nope, it was the head devs [16:48] ppetraki: fghaas, lge? [16:48] RoAkSoAx, I used to maintain a branch of DRBD internally for a time. Miserable work [16:48] ppetraki: hehe well from my point of view they have to make money out of something, otherwise there wouldn't even be a DRBD [16:49] With something like DRBD .. you really should be ready to pay a little. [16:49] indeed [16:49] SpamapS: so how's it going today man? [16:49] I tell people, think of DRBD like a "virtual SAN", and budget accordingly [16:50] I learned that w/ MySQL .. paying percona for 8 hours of consulting did fantastic things for the response time of our queries. :) [16:50] RoAkSoAx: I am sore in almost every muscle and bone of my body.. but good. :) [16:50] SpamapS: hehe too much alcohol or too much working out? [16:52] RoAkSoAx: 3 hour karate test [16:53] 3 hours of kicking, punching, spinning, sparring, "HIIIYYAAAHHH"'ing, and pushups.. soo.. many.. pushups [16:53] SpamapS: oh wow! that definitely hurts... I run yesterday after more than 1 year with absolutely no excercise (post surgery) and I'm sore, but feel better than ever [16:59] RoAkSoAx: I'm drinking green tea and eating flax seed oatmeal.. hopefully the omega 3's and anti-oxidants will do their pseudo-science-certified dance and make me feel better soon [17:02] hi, in 10.10 there's a /etc/default/rsyslog but it's not read by the upstart script. The argument now is written directly in /etc/init/rsyslog.conf is it correct? [17:13] Anyone know how to determine what is currently set as the admin password or admin email of an Ubuntu enterprise cloud? [17:17] Delemas: not sure, but you can probably reset it via dpkg-reconfigure eucalyptus-cc [17:19] hmm no luck there... [17:22] bummer [17:23] kirkland: ping, Delemas is trying to figure out how to reset his admin account on UEC.. any ideas? [17:23] Daviey: ^^ [17:24] SpamapS: if he set his email address when he first logged in, just reset password [17:24] SpamapS: if not, i have no idea [17:24] I tried the recover password route but no email was sent out... I obviously tried all the accounts I thought that should work but the web interface is accepting nothing and emailing nothing... [17:25] kirkland: btw I just tried out the nested byobu fix. Much smoother. :) [17:25] kirkland: next step is to just have it open as a new window inside your existing byobu. [17:26] Nevermind, after a restart it let me login. Not sure what that was about... Thanks anyways... === dendrobates is now known as dendro-afk [17:50] SpamapS, you want to read bug 740390 for me ? [17:50] Launchpad bug 740390 in dbus "libdbus-1-3 upgrade does not respawn init, resulting in unclean shutdown" [Undecided,New] https://launchpad.net/bugs/740390 [17:51] i'm asking you because the bug-opener mentions bug 672177 [17:51] Launchpad bug 672177 in sysvinit "libc6 upgrade causes umount to fail on shutdown because init cannot be restarted" [Critical,Fix committed] https://launchpad.net/bugs/672177 [17:59] smoser: reading [18:01] smoser: you missed his point, on reboot it probably would actually have to fsck / [18:01] oh wait [18:01] no you didn't [18:01] haha I should read the whole thing [18:02] smoser: yes touching /var/run/init.upgraded is actually probably something we should do on all libs that init dynamically links [18:03] i did almost miss the point SpamapS [18:04] smoser: let me try this on an up to date natty system.. the key is whether or not you get orphaned inodes in the dmesg on reboot [18:05] * SpamapS is always shocked when he sees how many updates accumulate for a bare bones VM in one week of release freeze [18:05] SpamapS, there were 42 in the 36 hours prior to me coming in this morning [18:09] we almost need to create a trigger for upstart on /lib === dendro-afk is now known as dendrobates [18:14] smoser: ok I marked that one Triaged and High. The next upgrade to dbus really should handle the init.upgraded thing unless we've put the trigger in place for upstart. [18:14] Though there is some hope that upstart will be able to re-exec itself without losing state when upstart 2 comes out === schmidtm_ is now known as schmidtm [18:22] hallyn: ping [18:23] zul: hey [18:31] hello, how do disable internet/network access for some linux users, are there special groups? [18:34] user5v: you can disable access for local users yes.. [18:34] * SpamapS isn't sure how to do it w/ ufw tho [18:34] SpamapS: whats the keyword to google? [18:35] don't bother looking, ufw doesn't have that via the cli. any iptables-style stuff can be added to /etc/ufw/*rules of course [18:35] jdstrand: ahh thats how. :) [18:36] user5v: man iptables, search for 'owner' [18:38] SpamapS: does NX or VNC work for this user after disabling internet access? [18:43] user5v: depends on how you "disabled" the access [18:44] user5v: if you say iptables -A OUTPUT -m owner --uid-owner baduser -j DROP .. then they will have no ability to do any kind of network communication. [18:46] SpamapS: the user should be able to log in with NX but shoudn't download anything inside of the nx session a. e. wget [18:47] user5v: so then allow the NX port first, but drop everything else. [18:54] SpamapS: i have done this: [18:55] SpamapS: iptables -A OUTPUT -m owner --uid-owner test -p tcp --dport 22 -j ACCEPT [18:55] SpamapS: iptables -A OUTPUT -m owner --uid-owner test -j DROP [18:55] now nx doesn't work [18:56] ssh works [18:57] because.. you used port 22 [18:57] you're allowing 22 *out* there btw [18:57] i suspect you want something different [18:59] SpamapS: should I allow 22 IN, too? [18:59] user5v: you can't control incoming ports per user [19:00] SpamapS: what's the problem with 22 === tschundeee_ is now known as tschundeee [19:00] user5v: I'm sorry.. this is a *really* advanced topic, and I don't think IRC is an appropriate way to try and learn this. [19:01] SpamapS: thank you, but how to delete the two rules? [19:02] using ubuntu-server on VMWare locally, is there any way to use "real world" URL's to visit sites on the local server? or do you know if I'm stuck with just using my network's IP address as the URL as i develop locally? (--- recommend any google search phrases for reading on this topic?) [19:04] user5v: just do '-D' instead of '-A' [19:05] hi all [19:05] user5v: your next best way to learn this is to read up on iptables as a whole system, so you can understand how INPUT/OUTPUT work together [19:05] someone may help me plz [19:05] im new to ubuntu server and im so dammed confused with this one [19:05] i have a attansic technology co device 1062 (rev c0) driver problem [19:05] MetaJake: you could put the "real world" hostnames in /etc/hosts [19:06] MetaJake: if you're on windows.. thats not the right file.. its like.. C:\windows\lmhosts or something like that [19:06] * SpamapS hasn't had to do that in a long... long time [19:06] pethkaqeni: whats a "co device" ? [19:06] SpamapS, I see. heh. [19:07] thanks i'll toy with that. [19:07] MetaJake: there are also some firefox plugins that let you spoof the Host: header.. that helps if thats the thing you need to fix. [19:08] alrighty. [19:11] SpamapS: ping [19:12] Hi guys, my backup servers inodes are full, even though I still have 43 gigs free disk space [19:12] RoAkSoAx: rama lama ping pong [19:12] any ideas how to resolve that? [19:13] adac: heh, too many tiny files. [19:13] adac: IIRC, ext4 can't expand the inode pool without creating a new FS [19:13] SpamapS: if you free, could you take a look to cluster-agents which I just uploaded to maverick-proposed :)? [19:13] it's an SRU [19:13] RoAkSoAx: sure, I'm planning a run through the -proposed queue in a bit [19:13] SpamapS, arrg.... [19:13] SpamapS: cool, thanks! === bsd123123 is now known as alanr [19:14] RoAkSoAx, what is cluster-agents? [19:14] adac: the package that contains the resource agents for cluster environments [19:14] adac: resource agents as in scripts that help manage services in terms of HA Clustering (pacemaker/heartbeat/corosync/etc) [19:15] RoAkSoAx, and for which clustering? [19:15] mean wich software to cluster [19:15] adac: HA Clustering -> pacemaker based [19:15] let me google that [19:15] either pacemaker/corosync stack or pacemaker/heartbeat stack [19:15] adac: RHCS resource agtents should be pacemaker compatible in newer versions (post natty) [19:17] adac: http://www.linux-ha.org/wiki/Resource_Agents [19:18] RoAkSoAx, sounds interesting [19:18] I will mkae ma note and read through once I have solved my indodes problem ;) [19:18] *indes [19:18] inodes [19:18] hehe cool [19:20] SpamapS, what ths standard indode number? [19:20] zul: YUCK. can't run debootstrap inside a lxc container bc it wants to read /dev/kcore and such [19:20] adac: there's no standard. When you create filesystems, you need to have some idea of how many files/inodes you will consume [19:21] adac: I'm guessing you're using something that creates a lot of hard links to files when they haven't changed, right? [19:21] hallyn: kcore?! [19:22] SpamapS, well this host is a backup host [19:22] I have backuppc running on it [19:22] and it couls be that there are a loot files [19:22] *lot [19:24] adac: you might be able to shrink your current filesystem, and create a new one with a lot more inode space [19:24] adac: thats tough if you just have "one big /" [19:24] SpamapS, yes that is my plan, but I might install it from scratch [19:24] again [19:24] since backup is relatively new [19:25] adac: I'm not entirely sure if the installer lets you tweak these things easily. I hope it does [19:25] Lets hope [19:25] hallyn: why would you want to do that? [19:25] adac: you may want to just create a minimal system partition and put all the backups in a specialized /var/lib/backuppc that you create after the fact. [19:25] otherwise I do it manually, aye exactly [19:25] reiserfs shhould be good dealing with lots of small files [19:26] just read it in the intenets [19:26] SpamapS: /dev/core [19:26] zul: it only does it if you do --arch= [19:26] zul: presumably trying to verify [19:27] adac: you'll want to read 'man mkfs.ext4' when doing it manually.. -i in particular is what you want. [19:27] SpamapS, kk, thank you for the hints! [20:09] Daviey: i suppose someone is going tohave to do the maverick fix for open-vm-tools [20:12] hallyn, I don't think it needs to be a priority atm, it only affects -backport repository, right? [20:13] if it is easy enough to backport the natty package, then shoot for it i guess. [20:16] Daviey: that's what i did, but i don't know for sure that it'll work. Guess we'll see what the guy says [20:16] maybe i wasn't clear enough that he shoudl try those packages [20:16] hallyn, rocking [20:17] hallyn, we'll see - btw, are you familiar with https://help.ubuntu.com/community/UbuntuBackports#Technical%20Information%20for%20Ubuntu%20Developers ? [20:22] Daviey: no [20:41] zul: ping [20:42] RoAkSoAx: what up? [20:42] zul: are server ISO's the only ones that can be used with cobbler. Or Desktop ISO's can also netinstall (or can we netboot in this case) [20:43] RoAkSoAx: desktop or server afaik [20:43] zul: ok thanks. I guess I'll have to give it a try [20:43] I netinstall server and desktop [20:43] never used cobbler though [20:45] patdk-nb: thanks for the info [20:48] patdk-nb: by any chance you have a Debian source/mount/iso/CD or anything? [20:50] heh? [20:50] I just copy the netboot code into my pxe tftp folder and add it to my pxe boot menu [20:52] patdk-nb: oh ok. Never mind then :) [21:08] Daviey: so, if the natty open-vm-tools package works fine for maverick... i don't suppose there still would be any chance of sru'ing that to maverick? :) [21:09] SpamapS: ping [21:14] hallyn, if open-vm-tools works with the natty-updates kernel, there is really no desire to SRU it IMO. [21:14] hallyn, AIUI, the kernel in -backports doesn't work with open-vm-tools, so open-vm-tools should go into -backports pocket. [21:34] Daviey: (sorry i didn't see you'd replied) not sure what you were saying. But maverick package is broken too (at last there are duped bugs for it) [21:35] robbiew: pong, sup? [21:36] Daviey: so i'm saying that the newest open-vm-tools package appears to work fine with maverick's kernel. It's a huge delta though [21:45] kirkland: i know you had some experience with likewise-open - just wondering, have you looked at, or were you planning to look at bug 655533? [21:45] Launchpad bug 655533 in likewise-open "[master] package likewise-open 5.4.0.42111-2ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,Confirmed] https://launchpad.net/bugs/655533 [21:46] oh, nm [21:47] i see, that thinks it has beenf ixed [22:02] anyone had any problems running ddr3 with ubuntu 10.10 LTS ? [22:02] my box seems to freeze after a couple days of operation [22:12] hello everyone im having problems getting my x11 to work with putty on a windows machine. can anyone help me figure out why the tutorials arent getting me where i wanna go? [22:13] T3CHKOMMIE: what sort of problems? [22:15] guntbert im trying to configure my mythtv backend via ssh.... when i enable x11 forwarding it tells me it cannot open the display its a GTK+ error [22:15] T3CHKOMMIE: you have to run an X server on the windows machine [22:16] T3CHKOMMIE: have a look at MobaXTerm [22:17] im running cygwin. [22:17] T3CHKOMMIE: just as well (cygwin/X I suppose), did you tell putty to forward X? [22:18] yes [22:18] so i have x server running. should i ssh from that window? [22:18] or just use putty in windows like usual? [22:20] both ways normally work, at first start something simple - like xeyes [22:20] ok so xserver is running on win machien i used ptty with xll forward and ssh to target box. [22:20] i ran "startx" and it gave me a fatal sever error. [22:21] "server is already active for display 0 [22:21] T3CHKOMMIE: NOOOO, startx is wrong, you start single applications [22:21] oh [22:22] try with xeyes - its a little fun [22:22] ah /user/bin/mythtv-setup [22:22] thats working. [22:22] suuuuuuuuppper slow. [22:22] is that normal? [22:23] T3CHKOMMIE: depends on the machines and on the network, you can enable compression though [22:24] guntbert, it looks like it is working. very slowly. i clicked on a yes/no box and its taking about 2 minutes and nothing else has popped up. does that sound about right? [22:25] T3CHKOMMIE: as I said, it can happen, but try to enable compression [22:25] can i enable compression on the fly or should i kill the command and start the seesion over again=? [22:29] guntbert, i would give you some gold stars if i could. thanks for helping me figure that out. it has taking me months to finally get it working! thanks! [22:30] T3CHKOMMIE: glad to help - have fun :-) [22:33] guntbert compression helped out aLOT!!! [22:52] Daviey: so the poster rolled their own for bug 746152. Don't know how that should be classified. (not 'fix released') [22:52] Launchpad bug 746152 in open-vm-tools "open-vm-dkms fails to build with officially backported kernel" [Low,Confirmed] https://launchpad.net/bugs/746152 === dendrobates is now known as dendro-afk [22:55] kim0: thanks for drafting the trusted cloud blueprint - great info in the whiteboard, too. [22:55] hallyn: cool :) [22:56] New bug: #765224 in cobbler (universe) "import from mini.iso fails" [Undecided,New] https://launchpad.net/bugs/765224 === dendro-afk is now known as dendrobates [23:13] Hey folks, I've got a host with a number of KVMs running on it, and I'd like to use the Hosts firewall to protect all the guests. That firewall is currently ufw, and works perfectly in that it doesn't allow access to the guests. [23:13] Rather than none, I'd like to have controlled/restricted access. [23:16] you need to put the kvm's on a bridge interface [23:16] and control routing from the host interface to the bridge [23:16] done this many times, but I normally use shorewall to do it, instead of ufw and manual [23:16] New bug: #765249 in samba (main) "tarmode exclude no longer working" [Undecided,New] https://launchpad.net/bugs/765249 [23:16] lots of examples on the shorewall website [23:17] RoAkSoAx: i can't reproduce your results on bug 760288 [23:17] Launchpad bug 760288 in ubuntu "JeOS is oversized" [Low,Confirmed] https://launchpad.net/bugs/760288 [23:17] hallyn: yeah... we discovered that when installing with TestDrive the installation ends up with 533M, and when using virt-manager is less than 500 [23:18] i was just using kvm [23:18] hallyn: not a big fan of shorewall. [23:18] hallyn: that's weird then... jamespage also found the same as me. Installing with TestDrive results oversized [23:18] RoAkSoAx: i've not tried testdrive [23:18] you don't have to be a fan, to get ideas on how to get it setup from the examples :) [23:18] RoAkSoAx: should we refile it as a bug against testdrive then? [23:19] installing jeos in vmware was 532megs for me also [23:19] hallyn: ^^ [23:19] * hallyn frowns [23:19] hallyn: i don't really think is TestDrive but rather something else... [23:19] what is the size of your /lib/modules? [23:19] hallyn: could it be something with the type of disk image? [23:20] it could... [23:20] hallyn: let me check [23:20] you are giving the result of 'df -h' right? [23:20] hallyn: yes [23:21] RoAkSoAx: we could just compare results of 'du -sh /*' and walk down the tree to find the disrepancies, if you have a few minutes? [23:21] patdk-nb: or you [23:21] mine was df -h [23:21] I can't access it from here at the moment :( [23:21] I know the /lib/modules was small, like 26megs I think [23:22] patdk-nb: thanks (mine was 22M) [23:22] hallyn, going off memory :) [23:22] so don't quote me :) [23:23] but it was in the 2x range [23:23] close enough on tax day [23:24] hallyn: http://me.roaksoax.com/results.png -> du -sh /* results [23:27] RoAkSoAx: same as mine. makes no sense. (add those up :) [23:27] RoAkSoAx: oh, df -h /boot? [23:27] and, i guess, cat /proc/swaps? [23:28] nm on swaps [23:29] RoAkSoAx: ext4fs, and you chose non-lvm? [23:30] hallyn: http://me.roaksoax.com/results2.png [23:30] mine, I do 8gig drive, guided partition, no lvm [23:31] well, i did a 2G raw partition. RoAkSoAx is doing 5.5G. I wonder if its' all metadata [23:31] RoAkSoAx: can you try to reproduce with a 2G root? I'll try with a 6G [23:31] might be [23:31] hallyn: ok will do with a 2g [23:32] I only do 8gig cause that is vmware default :) [23:32] mind you i'm running a server iso grabbed today, so it's possible it's just that the bug has been fixed ;) [23:32] but let's try this for kicks [23:32] ok, downloading ISO now [23:34] hallyn: might indeed be the disk size as the one that I'm installing with virt-manager is with a 2G disk, while TestDrive is a 6G disk [23:45] RoAkSoAx: CONFIRMED [23:46] (sorry, little blakes7 zen moment) [23:46] hallyn: so it is metadata then [23:47] if i knew a lick about ext4 (other than to avoid it) i'd know how to double-check [23:47] heheh [23:47] RoAkSoAx: 'du -shx /' gives me 394M [23:48] RoAkSoAx: maybe that is how we should have people check, rather than using df -h [23:48] hallyn: yeah I think that the test case should probably be updated then [23:48] hggdh: ^^ [23:50] hallyn: and what does 'df -h' return? [23:50] hggdh: in my case 533M [23:50] RoAkSoAx: and 'du -shx'? [23:50] the point is I would like to have both values from the same install [23:51] hggdh: 'du -shx /' returns 394 [23:51] RoAkSoAx: tune2fs -l /dev/sda1... [23:51] yeah [23:51] RoAkSoAx: yes, we will update the test to request 'du -shx' [23:52] New bug: #765275 in eucalyptus (main) "metadata server cannot be contacted when deploying new instances on EUC" [Undecided,New] https://launchpad.net/bugs/765275 [23:53] 4 times as many inodes, [23:53] RoAkSoAx: hggdh : ok so the bug should be marked invalid? [23:54] hallyn: yes, please mark it invalid. 'df -h' does have a large, er, error [23:54] more than 10x as many blocks [23:54] hggdh: (or we could mark it against e2fsutils :) [23:56] RoAkSoAx: you have that (updating the test case) under control? [23:57] hallyn: I will check [23:57] hallyn: yeah I'm on it [23:58] RoAkSoAx: awesome, thanks [23:58] all right i think i'm stopping for the day. see ya'll tomorrow [23:58] hallyn: see ya