/srv/irclogs.ubuntu.com/2011/04/25/#ubuntu-server.txt

alan23424Right is there something for ubuntu that would have it create daily system status emails for me - like on bsd00:06
RoyKalan23424: what sort of reports?00:07
RoyKa cronjob would probably do...00:07
alan23424I have one hosted debian box, whoever built it has cron email root daily with failed ssh attempts, disk usage, net usage and other fun stuff00:09
alan23424wondered if that sounded like something obvious00:09
alan23424and not homemade00:09
RoyKalan23424: for failed ssh, denyhosts is a better approach00:30
RoyKfor net usage, find some graphing stuff like munin00:30
RoyKgetting that over email is what they did in the eightees or ninetees, current systems are better00:31
RoyKdisk usage should be monitored by something like nagios/icinga00:32
RoyKso you get an altert if it reaches a certain threashold00:33
RoyKno reason for an admin to read daily emails about 45% disk space used00:33
Alanwhat's the best way to (headlessly) boot the previous kernel in ubuntu server?01:15
=== ng_ is now known as NG_
pehdenQUESTION: postfix , dovecot , spamassasin , with procmail, I had this all set up and I had an issue with something else so i had removed postfix , well before my email would come into folder /home/pehden/mail     now it keeps going to /var/mail/pehden what do i need to do to fix this back so i can use my webmail lite to check it01:59
pehdenurgent02:01
pehdenwell great02:09
pehden256 people in here and no one real02:10
pmatulisAlan: remove the most recent kernel02:27
pmatulispehden: how can you be getting mail if you don't have an MTA (ex: Postfix) anymore?02:28
Delerium_Hi Guys, I'am having a VM (Ubuntu Server on VBox) on my Win7 PC.  My router forward port 80 to this VM.  I need to secure this VM so in case of attack, this very VM won't be able to reach my internal network.  Should I use SELinux or Iptables under Ub Server?02:28
patdk-laphmm, both?02:29
patdk-lapthey both do totally different things02:29
pehdenpmatulis i reinstalled it02:29
pmatulispehden: i guess you lost the original configuration then02:30
pehdenpmatulis i know thats why im asking what would i need for the conf to have it put the email back in that folder02:30
Delerium_patdk-lap, What are the main differences?02:32
patdk-lapone is a firewall, the other is not :)02:32
patdk-lapkind of like meat and oranges02:32
patdk-lapboth food, but nothing in common with each other otherwise02:33
Delerium_patdk-lap, K, for my congirutation, I guess I should use SeLinux?02:33
patdk-lapI have no idea02:33
patdk-lapiptables protects you from doing stupid things on the network level02:33
patdk-lapselinux stops programs from doing stupid things02:33
pmatulisDelerium_: ubuntu uses apparmor by default.  why would you also use selinux?02:34
Delerium_patdk-lap, Thanks!  That exactly the differences I want to know ;)02:34
Delerium_pmatulis, Hee... I'll check AppArmor also then.. Haven't been using Linux for a while so I'm learning all there new technology that have been added over the years02:35
osmosisim looking to do  apt-get install monodb, but it wants to install like 100 xorg dependencies with it.  its a db, not a gui app, so im not sure why this is so.04:48
osmosison lucid04:48
ScottKThere's no Ubuntu package named monodb in Lucid.04:50
ScottKIf you're installing a third party package of some kind, you'll need to ask them.04:51
osmosissorry, mongodb04:51
ScottKBecause it depends on xulrunner-1.9.2-dev04:54
osmosisis there a way to lookup the date that a package was installed?04:56
jmarsdenosmosis: look in /var/log/dpkg.log* for it05:03
goddardi want to make a complete system image backup over the network while the server is running possible?05:22
osmosisjmarsden, hrmm...dpkg.log is set with logrotate is fade away05:30
jmarsdenosmosis: Yes, my machine here keeps a year worth online, after that I'd need to dig out old archival backups...05:31
=== twister004_ is now known as twister004
=== twister004_ is now known as twister004
philipballewi want to set up ssh on it but i have a dynamic ip address08:10
philipballewhow can i do this08:10
jmarsdenphilipballew: Use openssh-server as normal, and use a dynamic DNS provider such as no-ip.com to provide DNS that changes when your dynamic IP changes.08:13
philipballewthats what i was gonna do. so like when i log into the server i do ssh (domain givin by the noip service) correct?08:14
philipballewhow can i find my outside ip addres on my cli system. ifconfig doesnt show it. i was just gonna sing myself down with my laptop after copying my ip address down08:15
eagles0513875hey guys how can i ensure a user has access to an nfs share08:16
eagles0513875im doing some testing on natty im not seeing any nfs group or anything08:16
eagles0513875any nfs experts in here08:20
philipballewfot this service should i give them my 192.168.whatever or my outside address; 69.whatever?08:21
eagles0513875philipballew: what are you trying to do?08:29
philipballewset up ssh on my ubuntu server with a dynamic ip08:32
eagles0513875philipballew: the easiest thing to do would sign up with dyndns to keep track of the dynamic ip and changes08:33
eagles0513875that way then you ssh using the dyndns domain you have08:33
philipballewi was gonna do no ip maybe. is that the same?08:34
philipballewbut i did not know what to put when the thing asked for my ip address? do i give them my one thats the 192.whatever or my 69.whatever?08:35
eagles0513875ya no ip is the same08:37
eagles0513875they would want your public ip08:38
eagles0513875as your internal ip they wont see it08:38
eagles0513875and im guessing you have a router as well in the setup08:38
eagles0513875I have a quick question regarding nfs. Is there an nfs group i add a particular user to to give them access to the share?08:39
philipballewi do have a router. its a 2wire08:39
eagles0513875since you have a dynamic ip you need ur router to perform NAT to share with ur internal network ur internal ip will never be seen08:45
eagles0513875so you need the external one specified08:45
philipballewalright. i was just gonna use say elinks and go to whatsmyip and copy from there08:46
philipballewbut im probably doin it wrong08:46
eagles0513875actually you can go onto ur router and find out from the routers web interface08:46
philipballewhum. but wouldnt this just make my log into my router and not my server?08:47
eagles0513875ya but you can get the public ip you have from there08:48
philipballewwhat do you mean08:48
eagles0513875you can find network information like the public ip and more08:54
eagles0513875you have the router firewall and portforwarding etc there08:54
eagles0513875so if you have your server behind the router firewall youll need to portforward08:54
eagles0513875otherwise you can throw it on the router dmz to be directly outside the network then though ull need ur server to do dhcp dns etc08:55
philipballewso when i now have givin noip my 69........ address and the damian i chose whats gonna happen when i enter ssh domain into the terminal?08:58
=== eagles0513875 is now known as zz_eagles0513875
philipballewim trying to get the ssh key onto my server via flash drive, where is the drive if ls is not showing it in media?09:24
=== NG_ is now known as ng_
=== michael is now known as Guest57950
=== zz_eagles0513875 is now known as eagles0513875
uvirtbotNew bug: #770169 in openldap (main) "package slapd 2.4.21-0ubuntu5.4 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/77016910:16
anonissimusanyone around to help me with this apache virtualhost problem, I added blog.ddomain.tld /var/www/blog to the virtualhosts but nothing loads when I navigate to blog.domain.tld10:18
uvirtbotNew bug: #770204 in apache2 (main) "Suggestion for improvement a2enmod "reload apache" message" [Undecided,New] https://launchpad.net/bugs/77020411:42
brontosaurusrex i have an intranet web/ftp server and i would like to do a partial mirror on the remote machine, is there a ftp flag i could use, so that users would specifically flag files that are to be synced?11:46
airtonixanonissimus: i like the detail in your request. :>11:59
anonissimusairtonix: was that ironic? I can be more specific but the domains don't really matter don't they?12:10
anonissimusI did a more descriptive one before12:11
airtonixyour virtualhost conf file matters12:16
airtonixso does your bind dns setup if you rely on it12:16
airtonixanonissimus: so pastebin : /etc/apache2/sites-available/X (where X is the virtualhost conf file for your thing)12:17
hallynDaviey: good morning - no email yet about documentation, right?13:57
anonissimusairtonix: http://pastebin.com/q6A1U25Y14:03
airtonixanonissimus: for future ref, unless your vhost needs it. get rid of lines 16 - 2214:04
airtonixanonissimus: wordpress does not need it14:04
anonissimusallright14:07
airtonixanonissimus: also, none of it looks wrong, (but this is how i would structure it : http://pastebin.com/SMkkbJz9 ) so it's up to a question of how you're domain name is resolved14:07
airtonixanonissimus: i like to keep my subdomain/intranet apps portable and self contained.14:07
anonissimuswell the point is that anonissimus.be resolves14:07
anonissimusbut the *.anonissimus.be does not14:07
airtonixanonissimus: and are you running your own dns server or is it something thats provided by another host ?14:08
anonissimusdns is provided by my host14:08
airtonixanonissimus: i assume you have a CNAME record blog CNAME anonissimus.be ?14:10
anonissimusI requested that some days ago14:10
anonissimusbut it seems that with holidays it doesnt get changed14:10
airtonixanonissimus: so it's not a dns server under your control ?14:12
anonissimusnope14:12
airtonixanonissimus: did you just ask for wildcard subdomains?14:12
anonissimusnope I asked specifically for the blog subdomain to point to the ip of my server14:13
airtonixanonissimus: you can find out if it resolves with dig or host : http://dpaste.com/535432/14:15
airtonixbut at the moment it does not14:15
anonissimushmhm so there we have the problem14:16
anonissimusa lazy admin14:16
anonissimus:D14:16
airtonixmakes me glad that i'm with webfaction14:16
anonissimuswell, it's a friend of a friend14:16
anonissimusand I barely use it14:16
anonissimusso I guess I get what I pay for14:17
airtonixthere you go14:17
anonissimusoff to some more networking fun, thanks again14:18
RoAkSoAxmorning all14:24
=== eagles0513875 is now known as zz_eagles0513875
hggdhzul: can I have the whole of the test rig?15:18
hggdhmorning, RoAkSoAx15:18
zulhggdh, yep15:19
hggdhzul: thank you15:20
RoyKtest rig?15:22
robbiewhggdh: hey...saw the comments on bug 71716615:24
uvirtbotLaunchpad bug 717166 in isc-dhcp "Broken with v4 isc-dhcp-server in Natty" [Critical,Fix released] https://launchpad.net/bugs/71716615:24
robbiewdid something get left out?15:25
* robbiew is not panicking...fwiw, just interested15:25
hggdhrobbiew: not to our knowledge -- but I just tried again with current ISO, and it failed miserably15:25
* hggdh is, OTOH, starting to panic15:25
robbiew:/15:25
RoAkSoAxhggdh: morning15:26
robbiewhggdh: heh...it's always fixable in an SRU ;)15:26
hggdhRoyK: a few systems we have where we can test some stuff without blowing everything else to hell :-)15:27
RoAkSoAxhggdh: when you free, could you pelase verify bug #64820215:28
uvirtbotLaunchpad bug 648202 in vsftpd "vsftpd started even if not in standalone mode" [Medium,Fix committed] https://launchpad.net/bugs/64820215:28
hggdhrobbiew: yeah, but it is not kosher :-(15:28
hggdhRoAkSoAx: did you also change from egrep to 'grep -E'? egrep is the obsolete form, and it is not generically portable15:29
RoAkSoAxhggdh: not I didn't change anything I just got the patches that were there already and put them together as they all work and the fixes are in Maverick15:32
hggdhRoAkSoAx: OK. I will test it as soon as possible on lucid15:38
RoAkSoAxhggdh: awesome, thank you!15:38
robbiewhggdh: I'm going to release note bug 717166, given we won't have it fixed in the ISO...and if you discover a workaround, we can update the bug and release notes15:41
uvirtbotLaunchpad bug 717166 in isc-dhcp "Broken with v4 isc-dhcp-server in Natty" [Critical,Fix released] https://launchpad.net/bugs/71716615:41
hggdhrobbiew: perfect, thank you. I am updating the bug stating that we are seeing problems, but do not know yet what is causing them15:42
RoAkSoAxkirkland: howdy!! How was PowerNap's testing?15:47
kirklandRoAkSoAx: productive15:48
kirklandRoAkSoAx: howdy :-)15:48
RoAkSoAxkirkland: how much powersavings were seen?15:48
=== zz_eagles0513875 is now known as eagles0513875
SpamapSI'm starting on the RAID tests w/ 20110425 .. are there any respins scheduled?16:12
RoyKhggdh: heh - I have a couple of those at work as well...16:13
RoyKmostly for openindiana/zfs testing, though16:13
RoAkSoAxSpamapS: howdy!!16:29
RoAkSoAxSpamapS: quick question about upstart!. I want a job to only start after *all* the interfaces are up. Is this possible?16:29
RoAkSoAxSpamapS: or all the interface sin /etc/network/interfaces16:30
SpamapSRoAkSoAx: start on started networking will start after all *static* interfaces are up16:31
SpamapSRoAkSoAx: so that should achieve what you want16:31
SpamapSRoAkSoAx: and likely will be the default for runlevel 2 in 11.10 and later16:32
RoAkSoAxSpamapS: cool thanks16:33
SpamapShallyn: ping?16:37
amerois there way to set a limit on amount of cpu usage allowed for any single processes?16:55
RoyKamero: ulimit16:58
amerowhat's this supposed to mean: The maximum amount of cpu time in seconds17:04
RoyKyes17:04
RoyKthere's no way to limit the percentage of cpu usage17:04
RoyKbut you can set the priority on the pid, of course17:04
RoyKman renice17:05
amerooh what does that option do then. it limits how long a process could use a cpu?17:06
RoyKyes17:06
ameroeven it uses 1%, the limit will still kick in?17:06
RoyKwhen the cpu time spent reaches the limit17:07
RoyKsee 'top' or 'ps' - it shows you how much cpu time is spent by each process17:07
SpamapSRoAkSoAx: hmm.. I may have told you wrong.. it may actually be 'start on stopped networking' .. which I know.. is very confusing.17:08
RoAkSoAxSpamapS: uhmmm but why would it be "on stopped"?17:09
SpamapSRoAkSoAx: because started will happen as soon as it forks/execs ifup -a ..17:09
SpamapSRoAkSoAx: stopped comes after ifup -a has exitted17:10
SpamapSRoAkSoAx: because it is a "task"17:10
RoAkSoAxSpamapS: indeed confusing17:10
SpamapSRoAkSoAx: yeah I'm just now realizing I've been confused about it up until this point17:10
RoAkSoAx:/ I'll write the upstart job for keepalived and test17:11
RoyKamero: the linux process scheduler can't share just a fraction of its time for a process. Some OSes, such as AIX, can virtualise parts of a CPU, but Linux can't17:11
ameroRoyK: looks like my only option now is renice. do we have a renice daemon or something will monitor and auto nice a process?17:34
bastidrazorhow do i get reverse mapping to work correctly? i get things like "Apr 25 12:37:47 servitude sshd[8779]: reverse mapping checking getaddrinfo for dynamic-76.72.201.232.tvscable.com [76.72.201.232] failed17:39
bastidrazor- POSSIBLE BREAK-IN ATTEMPT!"17:39
bastidrazorwhen anyone tries to ssh into my server.17:39
anonissimusairtonix:17:41
anonissimusdns got edited but now I get broken a broken link error17:42
RoyKamero: the renice won't stay after a reboot, so rather rewrite the init script to start it with lower priority17:46
SpamapSwhat is the thing that puts the system load  /  stats in motd? landscape-client ? It should totally put a "your RAID device X is degraded" message in too17:50
zulupdate-motd i think17:51
RoyKSpamapS: for software or hardware raid?17:51
SpamapSwell ideally any, but specifically the simplest one to solve is software17:51
SpamapShmmmm...17:51
SpamapSmdadm did not start on boot17:51
* RoyK uses icinga (former nagios) for that sort of stuff17:52
RoyKsends me an sms if something goes wrong17:52
SpamapSRoyK: I'm not saying its best practices to log in and look for problems17:52
SpamapSRoyK: monitoring is by far the right way to do this. :)17:53
SpamapSRoyK: I'm saying.. if we're going to display system load.. we should also include obvious problems.17:53
RoyKSpamapS: true :)17:53
* SpamapS is a belt and suspenders kind of guy17:53
AphisOneI've been looking for documentation or a tutorial on common practices on how to handle CVE corrections with Ubuntu Server, but have yet to run across anything.  Any links or suggestions are welcome and needed, please.  Thanks!18:01
pehdenok this is getting old im not sure what doing it but the server has had to be rebooted in the morning and now its up and running but this cycle is getting old18:07
kirklandRoAkSoAx: ping19:21
kirklandRoAkSoAx: negronjl has some questions about using Cobbler to provision into KVMs19:22
=== Compilr^revision is now known as The-Compiler
RoAkSoAxkirkland: sure19:28
RoAkSoAxnegronjl: i'm here19:28
negronjlhi RoAkSoAx19:29
kirklandRoAkSoAx: can you walk us through deploying a kvm through cobbler?19:29
RoAkSoAxnegronjl: sure19:29
RoAkSoAxlet me get my cobbler server up19:29
kirklandRoAkSoAx: negronjl is running his cobbler (orchestra) server in a vm too, all in virt-manager19:29
RoAkSoAxkirkland: so you guys want NQA right?19:30
kirklandRoAkSoAx: sure19:30
RoAkSoAxkirkland: ok give me a sec19:31
negronjlkirkland had to step out for a minute...19:31
negronjlI have a virtual ( or trying to set up ) where I have a cobbler server.19:32
negronjlI need that cobbler server to be able to pxe boot other instances.19:32
negronjlRoAkSoAx:  Any chance of continuing this on Skype?19:32
RoAkSoAxnegronjl: sure, or mumble19:32
=== ng_ is now known as NG_
uvirtbotNew bug: #770454 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/77045420:11
smoserjamespage, still around?20:11
Chromag9does anyone have any experience on running Ubuntu server on Amazon EC2?20:38
hallynChromag9: lots of ppl here do it.  if you have questions ask away20:43
Chromag9I was interested in looking into it via their AWS Free Usage Tier20:49
Chromag9it looks like there was some question, initially, about it actually being "free" because the official Ubunti AMI's were all 15gb, which is over the free 10gb EBS emoung20:50
Chromag9*amount20:50
SpamapSChromag9: I believe they were dropped to 8GB to work w/ that20:51
SpamapSsmoser: ^^20:52
Chromag9after poking around it looks like they (being Canonical) changes the official AMI's to be 8GB?  can someone confirm this?  for example: US-East-AMI ami-688c780120:52
Chromag9ahh, well that would be a confirmation, thanks!20:52
Chromag9looks like I can safely check it out at no charge to see whether I want to use it20:53
smoserChromag9, ami-688c7801 is not an ebs root image20:53
smoserso it will not be free20:53
smoserpick from the list at http://uec-images.ubuntu.com/releases/maverick/release-20101225/20:53
smoserand use an 'ebs' one. those will have 8G root filesystems.20:53
Chromag9wait, I clicked on an ebs one in the list to copy the AMI number20:54
smoserwhat list ?20:54
smoserthat is most definitely not ebs20:54
Chromag9http://uec-images.ubuntu.com/releases/maverick/release/20:54
smoseryeah... those links are bad :-(20:55
Chromag9ahh20:55
Chromag9ami-cef405a720:55
Chromag9that's the one I was looking at - for whatever reason the link goes to the wrong page20:56
smoserhttps://forums.aws.amazon.com/message.jspa?messageID=21052120:56
smoserChromag9, ^ is why the page you see when you click it is out of date.20:56
smoserwe're not able to update it any more.20:56
smoseramazon basically abandoned that stuff.20:56
smoseri should probably make the index pages not link there.20:56
smoserbut, ack, that what you do want is20:57
smoserami-cef405a720:57
smoserus-east-1 ami-cef405a7 canonical ebs/ubuntu-maverick-10.10-amd64-server-2010122520:57
Chromag9yep, that's the one I was looking at20:57
smoserChromag9, you might want to try natty though20:57
Chromag9yeah20:57
smoserif you're not going to pick LTS (lucid), then natty will release in 3 days.20:57
Chromag9ahh natty is being released in 3 days?20:58
smoserfor playing, i'd suggest grabbing a natty daily ami.20:58
smoseryes, natty will arrive thursday20:58
smoserif you grab today's ami's http://uec-images.ubuntu.com/server/natty/20110425/ it will be virtually inditinguishable20:59
SpamapSand then you wont have to worry about chulu eating yee20:59
smoserexactly20:59
Chromag9can I freely drop the daily ami instance and create a new one when the final is released thursday?20:59
Chromag9or will that cost me?20:59
smoserChromag9, you can... you may end up getting charged for 1 hour, if you stopped and started in the same hour21:00
smoseri'm not sure how their charging works exactly21:00
smoserbut that would be $0.0221:00
Chromag9haha me either - I really should make sure I understand it - but a few cents here and there is no big deal21:01
smoserso i'd buy you a stick of gum if we ever meet and you're charged that.21:01
Chromag9I'm just paranoid that I'll do something wrong and next thing ya know they're billing me $50021:01
smoserwell, you would actually be hard pressed to run up a bill over $100 in a month if you use a t1.micro size21:01
Chromag9sweet!  well at least I'll get a piece of gum out of the deal21:01
smoserie, if you did something like 'ssh host cat /dev/zero'21:02
smoseryou might see some large network charges21:02
smoserbut other than that...21:02
Chromag9yeah I'm not planning on doing that :)21:02
smoserif you pick a natty daily and apt-get dist-upgrade and reboot, its the same as current21:04
smoserChromag9,21:04
Chromag9smoser: oh Thursday when the final version comes out?21:04
Chromag9*on21:04
smoseryes.21:05
Chromag9I didn't think of that - I'm really behind on upgrades21:05
Chromag9I have two standalone Ubuntu server boxes at work right now, both running 10.0421:05
Chromag9updates, I should say21:05
robbiewSpamapS: ping21:06
SpamapSrobbiew: pong21:09
robbiewSpamapS: hey hey :)21:10
=== negronjl is now known as negronjl_lunch
=== NG_ is now known as ng_
hggdhhallyn: why would a amd64 image fail with "error : qemudWaitForMonitor:1886 : internal error process exited while connecting to monitor: qemu: at most 2047 MB RAM can be simulated"?23:28
hallynhggdh: is this non-accelerated i386 maybe?23:29
hallynhggdh: or maybe you were just out of ram?23:29
hggdhhallyn: bloody hell :-(23:30
hallynhggdh: it used to be non-kvm qemu didn't support ram > 4G.  2047 sounds weird23:30
hggdhI have been looking for a red herring since the morning... trying to run a 64-bit image on i386 :-(23:30
hallyndoh23:31
hallynis that what this is?23:31
hggdhhallyn: yes, I remember this error on i386. I was swearing I was running on a 64 host23:31
hallynmight be worth a bug about bad error reporting23:31
hggdhtime to get a double shot of wisky23:31
hggdhyeah23:31
hallynsounds tasty23:32
hggdh:-) at least some good news today, I *know* where I got it wrong23:32
hggdhanyway, lost by one, lost by one thousand. I will try a i386 image just for spite23:33
=== ng_ is now known as NG_

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!