/srv/irclogs.ubuntu.com/2011/06/07/#ubuntu-server.txt

m_tadeuhi everyone....what's the best way to guarantie that a service runs no matter what? like if it dies, something to run it again, get notification for that, etc00:09
Ryan_LaneI'm trying to install libactiverecord-ruby1.8 on ubuntu 10.04 server, but apt says it doesn't exist...01:16
Ryan_Laneit's supposed to be in the universe repo, but doesn't seem to be01:16
genii-around!info libactiverecord-ruby01:16
ubottulibactiverecord-ruby (source: rails): ORM database interface for ruby. In component universe, is optional. Version 2.3.5-1.2ubuntu1 (natty), package size 4 kB, installed size 36 kB01:16
genii-aroundHm01:17
Ryan_Laneis it just missing? it definitely seems like it should be there01:26
jeremy_cI just upgraded my remote server that I have no console access to, i.e. ssh only. At the end of the upgrade it said "Upgrade complete but some errors occurred." This is 8.04 -> 10.04. I do not have the ability to scroll back and see the errors. What now?02:46
twbjeremy_c: /var/log/apt, /var/log/dpkg02:48
twbI don't follow the official upgrade procedure, so there may be other fancy-pants d-r-u logs that I don't know about.02:48
jeremy_ctwb: thanks.02:49
jeremy_ctwb: it doesn't seem to include anything about the do-release-upgrade. Last log entry is from early this morning when I did an apt-get install links02:50
twbjeremy_c: no dpkg/term.log ?02:51
twbdru may bypass apt :-/02:51
jeremy_cthere is /var/log/dpkg.log which shows install of packages from the dru but no error information.02:52
jeremy_cno /var/log/dpkg dir though.02:52
* jeremy_c is afraid to reboot :-)02:54
ScottKI would check /boot/grub/menu.lst and make sure it's set to boot a kernel that's installed (and for Lucid)03:00
twbWait, doesn't d-r-u manually run its own screen session now?03:01
twbSo he should be able to ^A[ to get to scrollback03:01
ScottKNot that I noticed.03:01
ScottKCertainly not in Lucid it didn't.03:01
twbok03:01
twbI thought it did03:01
sbeattietwb: not in lucid, but in maverick it does.03:02
=== med_out is now known as med
ScottKI'd also make sure sources.list points a lucid, apt-get update and then apt-get dist-upgrade.03:02
=== med is now known as medberry
ScottKThat'll make sure all the package upgrades are done.03:03
ScottKIf you've got all the packages upgraded and grub is set to boot the correct kernel, odds of it coming up post-boot are reasonably good.03:03
sparcIs there a way to detect the architecture of DHCP clients from ISC DHCPD ?03:10
sparcI don't see anything in the man pages, but I figure there must be a way.  I'm trying to send different 'filename' options to PXE clients, so they get the right PXELinux boot code.03:11
jeremy_cmenu.lst shows kernel 2.6.24-26 w/date/time about the time dru was run.03:21
jeremy_cScottK: in regards to Lucid, how do I tell? The titles still say "Ubuntu 8.04.4 LTS" ... I did a apt-get update && apt-get upgrade this morning in prep for this dist-upgrade tonight. The kernel versions didn't actually change from this morning.03:22
ScottK2.6.24 is a hardy kernel.03:23
ScottKDoes your sources.list say lucid?03:23
jeremy_csources.list show lucid03:23
jeremy_call hardy references are commented out in sources.list03:23
twbjeremy_c: as root, run "apt-get dist-upgrade --dry-run" and pastebin the output.03:24
twbjeremy_c: that should tell us what (if any) outstanding upgrades exist03:24
jeremy_cnot by me, seems that they were ones that existed and were commented out prior to upgrade, i.e. hardy partner, hardy main restricted.03:24
jeremy_chttp://pastie.org/2030377   ... apt-get dist-upgrade --dry-run03:26
ScottKDo you have a kernel metapackage (e.g. linux-image, linux-image-generic, linux-generic-pae) installed?03:26
ScottKIf the kernel metapackage got removed from some reason that would explain having the old kernel still03:27
jeremy_chttp://pastie.org/2030381   ... dpkg -l | grep linux03:27
jeremy_chttp://pastie.org/2030387   ... ls /boot -l03:29
twbScottK: so spamassassin is preventing him installing a newer perl (I think), but everything else is OK?03:30
twbas far as apt is concerned, I mean03:31
ScottKWrong kernel03:31
jeremy_cshould I do a apt-get -f install ?03:32
twbDunno03:32
ScottKYes.03:32
ScottKBest case it fixes stuff, it won't break things worse.03:32
twbIf it was me, I would do it, but I can handle whatever it throws at me03:33
ScottKRead what it says it's going to do before you say yes03:33
twb+103:33
jeremy_cseems pretty benign03:33
ScottKCan you pastebin it?03:34
jeremy_chm, already started it.03:34
ScottKOK.03:34
jeremy_capt-get --dry-run dist-upgrade now shows: 524 upgraded, 165 newly installed, 6 to remove and 0 not upgraded.   linux-image-2.6.32-32-server being one of them.03:39
twbzoiks03:39
twbSo it sounds like something perl-y broke down, and now it is fixed you can carry on03:39
jeremy_cso dru or apt-get dist-upgrade?03:39
twbNot sure03:39
twbI don't trust dru to do the right thing, but I get yelled at if I tell newbies that it's junk03:40
ScottKAt this point apt-get dist-upgrade03:40
jeremy_ctwb: :-D03:40
jeremy_cScottK: OK.03:40
ScottKdru works fine but it's not designed to start from the middle.03:40
jeremy_conly has to download 1.2mb out of 622mb, so dru must have gotten most things.03:41
ScottKWhat are the 6 to remove?03:41
jeremy_cforget, but they were things I don't use, realized they were of no concern and just went on.03:42
jeremy_cI can tell you in a sec, I have it in a log, but it's unpacking/installing right now.03:43
jeremy_clibcupsys2 libdatrie0 libgems-ruby1.8 librpm4.4 python-psycopg texlive-base-bin03:43
ScottKAgreed.03:46
ScottKShould all be fine.03:46
=== ujjain is now known as ujjain|afk
JoeCoder_I did a rm /var/log/mail.*03:55
JoeCoder_and now the mail logs aren't recreated whenever something happens.03:56
JoeCoder_I can recreate them, but user/group/permissions should they have?03:56
JoeCoder_even after chmod 777'ing it, nothing is written03:59
ScottK-rw-r----- 1 syslog adm 1456 2011-06-06 13:58 /var/log/mail.log04:00
JoeCoder_thanks04:01
JoeCoder_I had tried that once already04:01
JoeCoder_I'll reboot--the fixall for the novice!04:01
JoeCoder_and now it works, and the permissions for those files ar eset04:01
=== medberry is now known as med_out
jeremy_cI am down to this error installing procps: http://pastie.org/203048504:06
jeremy_cScottK: twb any ideas about http://pastie.org/2030485 ?04:12
twbThat's weird04:13
twbKnee-jerk reaction is to blame LSM (e.g. apparmor)04:13
jeremy_cAny ideas on fixing it?04:14
ScottKYou didn't run out of space did you?04:15
ScottKIf not, I'd check and see if the backup symlink already exists.04:15
jeremy_cnope.04:15
jeremy_c62% use is the highest use disk mounted.04:16
jeremy_cI think I am done. forcing it made it pass.04:20
jeremy_cScottK: twb: 2.6.32-32-server sound OK for the kernel? They are in menu.lst as Ubuntu 10.04.2 LTS04:22
ScottK linux | 2.6.32.32.38 | lucid-updates | amd64, i38604:23
ScottKYes.04:23
NafaiHey ScottK, ltns!04:24
jeremy_cScottK: twb: Thanks! The server reboot just fine. Now reports 10.0404:27
ScottKjeremy_c: Congratulations.04:27
jeremy_cnow I guess we should continue to 11.04 :-/ I hate dist upgrades :-/04:30
twbBah04:31
twbnon-LTS can FOAD IMO04:31
jeremy_cFOAD?04:32
twb"go away"04:32
jeremy_chm, 11.04 isn't LTS?04:32
twbIt is not04:32
jeremy_cI guess I am a bit confused, is LTS software that is outdated but continuting to be supported?04:33
qman__LTS releases are supported longer than normal ones04:34
qman__normal releases are on a 6 month cycle, which is too fast for most production environments04:34
qman__LTS releases are on a two year cycle04:34
twbCanonical nominally provides support to its customers for releases.  Certain packages in LTS releases get substantially longer support than they otherwise would.04:35
twbEven if you aren't paying for Canonical support, some of that benefit rubs off because they issue e.g. security updates to everyone04:35
twbSo in short: yes, except instead of "outdated" we say "stable"04:36
jeremy_cso, in a production env I should stick w/10.04 then is what you are saying?04:40
rewtit's up to 10.04.204:44
twbYes04:56
=== cypha`` is now known as cypha
=== RefaelAlats is now known as FernandoTertius
=== FernandoTertius is now known as FernandoTertiary
=== RefaelAlats is now known as FernandoTertius
=== FernandoTertius is now known as FernandoTertiary
=== cerber0s is now known as cerberos
=== smb` is now known as smb
=== fenris is now known as Guest8457
Davieylynxman, Hah!  I had no idea you had created a meta data service for orchestra.  Nice one :)09:46
lynxmanDaviey: yeah it's just a very limited easy one09:46
Davieywell yeah, but it's *something* :)09:46
lynxmanDaviey: definitely =)09:47
amitknewbie ec2 question: How does one make the instance of ubuntu ec2 images persistent? i.e. If I install some apps, then terminate my instance I want to be able to restart the instance and find the apps installed.09:58
lynxmanamitk: you have a couple of ways for that, you can use EBS as your root fs (there's AMIs that implement that) or you can just make an AMI once you're happy with how the server looks and be able to spawn new instances09:59
lynxmanamitk: both have different usage scenarios so make sure the one you choose fits what you need09:59
amitklynxman: I've already downloaded the ubuntu 10.04 EBS image to use with the free AWS offer. Can I customize that and make it peristent?10:04
lynxmanamitk: that is already persistent, if you terminate the instance your disk remains as an EBS volume, you just need to start a new instance pointing at that ebs vol10:05
amitklynxman: hmm, how do I point to the ebs volume?10:05
lynxmanamitk: a quick Google showed up this http://serverfault.com/questions/234061/re-gaining-root-access-to-an-ec2-ebs-boot-image10:07
amitklynxman: aah thanks. I've been googling for an hour with no result. I was missing the right language (keywords) to google.10:08
lynxmanamitk: no worries =)10:09
amitkand how does 'snapshots' figure into this? I thought I had to snapshot the instance to be able to persist10:11
lynxmanamitk: a snapshot is your base image for the AMI10:11
lynxmanamitk: so an AMI will always use a snapshot to spawn an EBS volume to boot from10:12
laenWhen i initiate an apt-get upgrade, and it upgrades apache, it _changes_ the permissions on the already available /var/www folder. It shouldn't, and it's a bad practice of doing so. Even though Ubuntu developers apparently can't be trusted with creating proper packages, what other ways are there to prevent permission changes on folder /var/www?10:15
lynxmanlaen: as far as I know it's bad practice to change the permissions of a directory created by a package :)10:17
laenI'm looking for a generic solution, not a per-server btw.10:17
laenCause apt-get is always right, right?10:17
laenI didn't make up the permissions, we're talking about a professional environment i have to suppoirt, and didn't create.10:18
sorenlaen: What exactly changed?10:18
soren(Although I do wonder why you're asking advice from people you don't trust)10:19
laenOw apparently, i head now, it was the permissions on /var/log/httpd10:19
laenCause i have to support Ubuntu, even though i don't want to.10:19
soren/var/log/httpd ?10:19
sorenWe don't use /var/log/httpd10:19
lynxmansoren: I think he means /var/log/apache210:19
sorenThen he should say that instead.10:19
sorenlaen: Which is it? httpd or apache2?10:20
laenRight, something like that. It was indeed log files beeing stored in /var/log/apache2 by the customer.. (and that is bad practice as well, i know, not my idea, and don't agree).. once the permissions change the customer apache instance can't store apache2 log files anymore.10:20
sorenWell, the generic, not per-server solution is to fix the problem, not the symptoms.10:21
sorenHence, I'd like to know exactly what changed so that I can try to work out why it happened.10:22
sorenLooking at apache's postinst, it should only be setting ownership on initial installs, never on upgrades.10:23
sorenOr not.10:26
soren*shrug*10:26
TheAshManI recently changed the IP of one of my servers and whenever I log in it displays two versions of the "welcome" screen. The second version has the old IP on it. How do I remove it?10:30
TheAshManthe second one also says "System information as of Fri May 13 15:32:01 BST 2011"10:30
xampartTheAshMan: possibly /etc/motd.tail10:31
TheAshMando I just empty the file?10:32
TheAshManapparently so10:33
TheAshManThanks :)10:33
=== jibel_ is now known as jibel
amitkis this the right way to mount an EBS volume as the root device? ec2-run-instances ami-2ec83147 --instance-type t1.micro --region us-east-1 --key amit -b '/dev/sda=snap-foobar'11:32
amitkit mounts /dev/sda and creates another /dev/sda1 EBS for me11:33
amitkI'm trying to figure out the simplest way to have my Ubuntu 10.04 64-bit instance kept up to date (persistent)11:34
amitklynxman: ^11:35
TeTeTamitk: I believe you need to use a special EBS root AMI that you can stop rather than terminate if not needed11:35
TeTeTamitk: the EBS space will cost some money, but the instance can be stopped and started at will11:36
lynxmanamitk: TeTeT is right, you need to start the instance from an EBS AMI, then stop, detach the created image and attach yours, I know its not the most elegant but... that's the only way I know11:36
amitkTeTeT: aah, so I shouldn't be terminating. Only starting and stopping?11:37
TeTeTamitk: try this one, not sure if it's lucid, but should be ebs backed: ami-9d4ba5f411:37
TeTeTamitk: yes, regular instances can only be started and terminated and rebooted, ebs root instances can also be stopped11:37
amitkEBS space is free (10Gb) with the AWS free tier11:38
TeTeTdidn't know that11:38
amitkall documentation points to terminate11:39
amitkTeTeT: I believe that ami-2ec83147 is an official Ubuntu 10.04 64-bit EBS-backed AMI11:39
iam3funhello11:40
iam3fun;]]]11:40
amitkso I'm only trying to get my changes to be persistent11:41
laensoren: sorry was in a meeting, but i'll find a solution, thanks though12:07
sveinseI have added "manual" to a service in /etc/init, but after this, upstart wont recognize the service at all. Does anyone have any examples of how to use a manual service?12:52
sommermorning all13:14
=== ujjain|afk is now known as ujjain
zullynxman: this one? mcollective-server-provisioner14:05
lynxmanzul: yessir14:07
zullynxman: ok first it should be in a bzr branch again14:12
lynxmanzul: there's one :)14:12
zullynxman: can you use quilt for the patch14:12
lynxmanzul: hm?14:13
zullynxman: you modified the source can we have a clean source and then you apply the patch again14:13
lynxmanzul: that'll be fairly difficult :/14:13
lynxmanzul: the changes are enormous14:13
zullynxman: why?14:13
lynxmanzul: and they'll be merged upstream next week14:13
zullynxman: k14:14
lynxmanzul: would it be possible to get this one rolling and then I'll generate a new version as soon as the changes are in?14:14
zullynxman: yeah14:14
lynxmanzul: thanks ^^14:14
zullynxman: also the plugins dont work with out the mcollectiver-server-provisioner do they?14:14
lynxmanzul: they do, there's a plugin for the provisioner in the package14:15
lynxmanzul: but all the rest are operationally independent14:15
zullynxman: ok just making sure14:15
lynxmanzul: each agent should be able to stand on its own, and each have its own Requires14:16
zullynxman: for the postinst you probably want service mcollective restart || true14:16
zullynxman: get rid of the watch file14:16
lynxmanzul: cool, same as always :) doing those changes nao14:17
zullynxman: in the upstart put the start on, stop on repsawn before the pre-start block14:17
kickarhey guys can someone assist me to convert mysql from latin1 to utf8?14:21
kickarand very wierd one of my ubuntu servers is actually reading the database good14:21
kickarthe other one is messed up14:21
kickaranyone can help me?14:21
Picikickar: #mysql might be a better place to ask if you anre't getting help here. also, try to be patient, you just ask your question.14:22
kickarit is weird14:23
kickarmaybe it is a apache setting?14:23
kickarcause my one machine is OK, but theother one not14:23
lynxmanzul: changes in repo, new package building14:40
zulk14:41
teaforthecathello I am trying to create a raid1 from a single disk. after $ sfdisk -d /dev/sda | sfdisk /dev/sdb  /dev/sdb2 has only one block so I can't format it. thanks.14:57
teaforthecatam I doing the right thing to create a raid1?14:58
pmatulisteaforthecat: raid1 on one disk is questionable15:00
pmatulisteaforthecat: hm, ok, you mean 2-disk array based on a single non-raided disk15:00
teaforthecatyes15:00
teaforthecatI understand I create a degraded array first, copy the data over, then add the original disk to the array15:01
Ddordawhere phpmyadmin keep its logs?15:02
teaforthecat Ddorda: Open /etc/php.ini file and find error_log15:04
teaforthecatI created a gist that shows the confounding error at the bottom: https://gist.github.com/101233015:14
uvirtbotNew bug: #792713 in samba (main) "package winbind 2:3.5.8~dfsg-1ubuntu2.1 failed to install/upgrade: subprocess dpkg-deb --fsys-tarfile returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/79271315:16
=== cerber0s is now known as cerberos
m_tadeuI need something to start services if they go down, and get notification when that happens....what do you guys suggest?16:18
koolhead11m_tadeu, check monit16:20
axisyswhat updates the following files ?16:32
axisys/var/lib/apt/update_success /var/lib/apt/periodic/update-stamp /var/lib/apt/lists/lock16:32
axisysand I have this script  http://pastebin.com/q81uZk7X  that alerts if they are newer than 7 days.. trying to find out what is the significance of that16:33
axisyss/that alerts if they are newer than 7 days/that alerts if they are older than 7 days/16:33
=== koolhead11 is now known as koolhead11|afk
RoAkSoAxzul: ping?16:52
zulRoAkSoAx: whats up?16:52
RoAkSoAxzul: so wanted to discuss some cobbler stuff with you, free?16:52
zulRoAkSoAx: sure16:53
RoAkSoAxzul: 1st: When we import the mini.iso it will create a Repo for main/universe, and another one for security16:53
zulRoAkSoAx: okies16:54
RoAkSoAxzul: the repos by default are disabled so if we run cobbler reposyng it will not sync the archives16:54
RoAkSoAxzul: so anyways, I'm guessing that the behaviour is desired, correct?16:54
zuli believe so16:54
RoAkSoAxzul: ok, so now, the thing is how can I automatically determine the country and stuff to set the repo16:55
RoAkSoAxzul: if we are in the us, use us.archive if we are in Italy, us it.archive16:55
RoAkSoAxetc etc16:55
RoAkSoAxany ideas?16:55
zulRoAkSoAx: iirc there is a way to determine which mirror you can use with apt, check with mvo16:56
RoAkSoAxzul: cool16:56
RoAkSoAxzul: 2nd: TYo be able to use the repo and stuff, we need to tweak the preseed... should we just document that or should we make that happen automatically?16:57
zuldocument it for now16:57
RoAkSoAxzul: ok thanks ;)16:57
RoAkSoAxzul: ahh I think we cannot use apt to determine which archive repo to use in case we submit it upstream, otherwise it wouldn't work on non-debian machines16:58
zulRoAkSoAx: assuming that they have /etc/apt/sources.list setup properly on the cobbler server why not gleeem it from there16:59
tdelamhi guys, is jaunty 9.04 no longer supported? my apt-get update gives me all 404's16:59
zultdelam: its not16:59
tdelamzul: Hm, what could the reason for those 404's be?16:59
adam_g/win/j #ubuntu-meeting17:00
zultdelam: its not supported17:00
tdelamoh17:00
tdelamhow can I upgrade now that apt is dead?17:00
RoAkSoAxzul: ok17:00
jdstrandtdelam: http://old-releases.ubuntu.com/releases/17:01
tdelamah :/17:02
jdstrandtdelam: I would recommend using: 'sudo do-release-upgrade' and upgrade to 9.10. then do it again to get to 10.04. both 9.04 and 9.10 are not supported (but 10.04 is because it is an LTS)17:03
tdelamno easy way to do this I guess. Server is 4000 miles from me serving about 200 web sites.17:03
tdelamoh17:03
jdstrandtdelam: 9.10 hasn't been moved to old-releases yet. you should be able to upgrade in the manner I described17:03
tdelamAn upgrade from 'jaunty' to 'lucid' is not supported with this tool.17:04
jdstrandtdelam: no. LTS to LTS is supported or release to the next release. jaunty wa not LTS, so you must go through 9.10 (karmic)17:04
tdelamjdstrand: Oh I see, can I specify that with this command?17:05
jdstrandtdelam: it can detect it. 'sudo do-release-upgrade' is all you need to do. you'll do that (it is cli) and it will upgrade, then reboot. then you'll do it again17:06
jdstrandtdelam: it should be stated that doing this has an element of risk17:06
tdelamjdstrand: Yea, that's what i did and got back that error message.17:07
jdstrandtdelam: with you being 4000 miles away, if something goes wrong or the system is unbootable, then you are in trouble17:07
jdstrandtdelam: you got the 404 message?17:07
tdelamjdstrand: http://pastie.org/203302417:07
jdstrandhmm17:08
jdstrandit didn't like that karmic is eol too17:08
jdstrandtdelam: you have to do jaunty -> karmic the hard way17:08
tdelamjdstrand: can you direct me to how to it the hard way without apt?17:09
jdstrandtdelam: update /etc/apt/sources.list to substitute all occurences of 'jaunty' with 'karmic'. then do 'sudo apt-get update && sudo apt-get dist-upgrade'17:09
tdelamoh17:09
tdelamthats not so hard :)17:09
jdstrandtdelam: please note, this method of upgrading is not at all as well tested and that 'do-release-upgrade' has special logic to make sure that things go smoothely17:10
tdelamok17:10
jdstrandtdelam: there is more risk with this method. you may want to start sshd manually to listen on a different port, then login via that port and do 'sudo -i' before the upgrade so you have a root prompt17:11
jdstrandtdelam: in case anything goes wrong17:11
jdstrandtdelam: once you upgrade to karmic, reboot, then you can use do-release-upgrade17:11
tdelamok17:11
jdstrandtdelam: good luck (and make backups if possible)17:11
tdelamDi have automated ones, for years now17:12
tdelamin /mnt/disk2 :)17:12
jdstrandtdelam: you know17:13
jdstrandtdelam: you should probably do the 'sudo apt-get  update && sudo apt-get dist-upgrade17:13
jdstrand' in the speciall sshd17:13
tdelamalright17:13
tdelami am getting that going now17:13
jdstrandin cause the one that is upgraded goes down17:13
jdstrands/cause/case/17:14
jdstrandtdelam: good luck :)17:14
tdelamthanks :D17:14
tdelamnote to self -- stay on top of upgrades17:14
=== Corey__ is now known as Corey
tdelamjdstrand: on karmic now do-release-upgrade started.17:38
jdstrand\o/17:38
tdelamso far so good. I don't want to jinx myself though17:38
tdelamall webservices are running smoothly too.17:38
tdelamminus the mini downtime for rebooting :)17:38
tdelamhad to be done though17:39
m_tadeukoolhead11|afk: thanx a lot17:39
j1mcsommer: i should have a test build of the server docs in that new layout available within the next few days.17:50
sommerj1mc: sweet that'd be awesome17:51
=== NG_ is now known as ng_
j1mci'll let you know when it's ready. :)17:51
sommerj1mc: sounds good, thanks for your help!17:51
j1mcyou are very welcome! : )17:52
j1mcsommer: we have a docs team meeting set for this sunday at 20:00 UTC. just an FYI in case it is convenient for you.17:52
j1mcit's 3:00pm central time17:52
sommerj1mc: ya, I'll try to be there, but I'm not sure what I have going this weekend.17:53
j1mcno worries17:53
j1mc:)17:53
maccam94i'm trying to enable TLS secured replication in openldap, following the ubuntu 10.04 server guide. when i try to modify the ldap config to add the certificates on the slave, i get the following error: ldap_modify: Inappropriate matching (18) additional info: modify/add: olcTLSCACertificateFile: no equality matching rule18:20
maccam94i'm getting the error on step 6 here: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html#openldap-tls-replication18:20
sommermaccam94: what command are you entering?18:23
maccam94it's on step 6 in the section of the page i linked, it's a slapd command followed by adding stuff to the tree18:25
maccam94sommer: i can paste what i'm running to pastebin, but it looks almost exactly the same as what's on page18:25
maccam94i just changed the hostname for the keys18:25
sommermaccam94: so you have the olcTLSCACertificateFile setup?18:25
maccam94i have the files in /etc/ssl/certs and /etc/ssl/private, yes18:26
maccam94it doesn't look like it's even trying to load them though18:26
sommermaybe try adding the CA entry by itself, then try adding the entries for the server's cert and key18:26
=== JGJones is now known as Nintendo
maccam94i had a problem with permissions on the master initially, where slapd wouldn't start because it didn't have permissions to read them, but this error occurs right when i commit the change, it won't accept it18:27
maccam94sommer: and it fails when i enter just that first section18:27
sommermaccam94: strange, I've never seen that particular error... on sec18:27
maccam94i feel like i must be missing something in my tree18:28
=== Nintendo is now known as JGjones
=== JGjones is now known as JGJones
sommermaccam94: can you do replication without TLS?18:29
maccam94sommer: yes, it is currently replicating18:29
sommermaccam94: that's good :-)18:29
maccam94though i'm not sure it was configured following the same methods as in the server guide18:29
sommerare you using natty or maverick?18:30
maccam94lucid18:30
sommershould work for both... oh one sec18:30
maccam94the guide page is for lucid as well18:30
sommerright, should work for lucid too, heh18:31
sommermaccam94: maybe try adding "TLS_REQCERT allow" to your /etc/ldap/ldap.conf file (no quotes)18:32
sommerthen do the modify command18:32
maccam94sommer: i did it and restarted slapd and now it works18:34
maccam94thanks!18:34
sommerno prob... it's an issue with self-signed certs I guess18:34
maccam94ah18:35
sommermight need to make a note of that in the docs :-)18:35
maccam94:-)18:40
SpamapSsmoser: re bug #765843 .. you said you pulled it into your upstream branch.. are you planning to upload that to oneiric soon?18:53
uvirtbotLaunchpad bug 765843 in cloud-initramfs-tools "Intermittent mount failure after growroot" [Undecided,Confirmed] https://launchpad.net/bugs/76584318:53
maccam94how can i confirm that my two ldap servers are indeed communicating via TLS/SSL?18:54
sommermaccam94: I use wireshark to snoop ldap traffic then do a change on the master18:54
maccam94:-( that's not really feasible for me...18:56
maccam94sommer: should they be communicating on port 636?18:57
sommermaccam94: nope 636 is for SSL, using TLS uses 389... at least that's my understanding18:57
maccam94ok18:58
sommermaccam94: you could also use tcpdump to capture traffic18:58
maccam94actually i guess i don't need promiscuous mode for that...18:59
maccam94(it's a vm)18:59
jcastroSpamapS: a bunch of server related videos are just now hitting the youtube channel if you wanna tweet some of that action19:02
hggdhsmoser: hardy current amd64 ran fine19:04
hggdhsmoser: I think we are good to go19:05
maccam94now that i have starttls enabled, will my ldap servers allow non-TLS/SSL connections?19:21
sommermaccam94: yeppers, you can connect both ways19:22
maccam94hm, i probably want to restrict it to SSL/TLS only. will all of the clients need keys/certs to be able to connect securely?19:23
sommerI think you can do that via ACLs, but I've never implemented it myself.  Don't think the clients will need certs, but they may have to adjust the TLS settings to allow a self-signed one from the server19:25
maccam94k19:35
maccam94thanks for the help, sommer19:35
sommermaccam94: you're welcome :-)19:35
codiAnyone able to help me out with some preseeding i'm trying to do? Not having any luck recreating an iso for use in virtualbox with a preseed.cfg.19:43
codiSpecifically for the 11.04 server install.19:44
RoAkSoAx!ask | codi19:55
ubottucodi: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)19:55
RoAkSoAxzul: I guess I'll do some python-apt stuff to get the mirror automatically, if not, just hardcode one20:05
zulRoAkSoAx: cool...i have a half assed gpxe thing going on20:07
RoAkSoAxzul: hehe good luck w/that20:08
earthwormhello,20:10
earthwormdoes somebody know how to start into runlevel 3, not into runlevel 5?20:10
earthwormis this possible ? there is no inittab at /etc ?20:13
Pici!upstart | earthworm20:15
ubottuearthworm: Upstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/20:15
earthworm@pici so upstart is the parent of all processses... interesting...20:16
earthworm@pici do you mean i should remove S from init.d/20:18
earthworm@pici or would this be the wrong way...20:19
Piciearthworm: I believe that upstart will still fire scripts in /etc/init.d/20:19
earthwormokay20:19
earthworm@pici okay20:19
earthworm@pici i found a script called : rc-sysinit.conf20:21
earthworm@pici i'm on the right way... ?20:21
Piciearthworm: Indeed.20:21
earthworm@pici you're a fine tutor ... aren't you ;) thx20:22
earthwormgonna reboot and see ...20:24
earthwormthx20:24
codiOk, my question is. I have the server iso downloaded from ubuntu.com and a preseed.cfg. Should that preseed.cfg just go in the root of the disc image?20:30
=== ng_ is now known as NG_
earthworm@pici ;)20:40
earthwormthere is an entry with runlevel = 220:40
earthwormi tried to change this to 3 but nothing happens, everything is as before20:40
=== lullabud is now known as warzauwynn
RoyKeagles0513875: standard runlevel is 220:47
RoyKwhy would you change that?20:47
PiciRoyK: Yes gone.20:48
Picier, Hes.20:48
RoyKoh20:50
RoyKyes20:50
* RoyK wants native zfs on linux20:50
Guest24499hi - just installed natty server.  how come ctrl-alt-f2 through f6 don't work?  what can I do to make it work?21:06
Guest24499if I start X, even ctrl-alt-f1 don't work (can't get to a text console)21:07
RoyKdoes anyone use X on a server?21:07
Guest24499X server :P21:08
RoyKthat's for workstations21:08
Guest24499i know21:08
Guest24499I wanted to start from a minimal install.  but basic question is still - how come ctrl-alt-f2 don't work?21:08
RoyKalt+left/right should work well21:09
RoyKor alt+f[1-6]21:09
RoyKctrl+alt is only needed if on X21:09
RoyKwhich you usually don't do on a server21:09
Guest24499alt-f2 doesn't work.21:09
Guest24499alt-right arrow does work (thanks!)21:10
* RoyK doesn't use non-LTS releases for server installs21:10
Guest24499this is not a real server.  I'm doing a minimal install so that I can pull down lxde (don't like gnome)21:11
RoyKok21:11
Guest24499so, any idea why alt-f2 wouldn't work, but alt-right arrow would?21:12
eagles0513875RoyK: think u highlighted wrong person21:47
raubvogelDoes anyone know why there are missing releases in http://archive.ubuntu.com/ubuntu/dists ?22:08
Piciraubvogel: What releases are 'missing'?22:08
ajmitchraubvogel: releases that are end-of-life go to http://old-releases.ubuntu.com/ubuntu/dists/22:09
raubvogelPici, I do not know their names, but it goes from hardy to karmic22:10
raubvogelor dapper to hardy22:10
Piciraubvogel: Then read what ajmitch just said.22:10
Pici!edgy22:10
ubottuUbuntu 6.10 (Edgy Eft) was the fifth release of Ubuntu. End Of Life: April 25th, 2008. See !eol for more details.22:10
Pici!feisty22:10
ubottuUbuntu 7.04 (Feisty Fawn) was the sixth release of Ubuntu. End Of Life: October 19th, 2008. See !eol and !upgrade for more details.22:10
PiciEOL releases are no longer housed on the normal archives.22:11
PiciMinus 1 release though, so Karmic is still there even though it is EOL.22:11
ajmitchmostly because the mirror space required would be excessive, old-releases doesn't get mirrored afaik22:11
raubvogelSo, if I have a 8.04 LTS machine, how to upgrade it?22:12
Piciraubvogel: You can upgrade from one LTS to the next, so you can go directly to 10.04 LTS22:12
raubvogelOk22:12
ajmitchthe command 'do-release-upgrade' should manage that for you22:13
ajmitchyou may need to install update-manager-core first, details are on http://www.ubuntu.com/download/ubuntu/upgrade22:13
quesoWhere is the log for openssh-server?22:32
SpamapSqueso: /var/log/syslog and/or /var/log/auth.log22:34
SpamapSqueso: there's an awesome program called 'logwatch' that will summarize it daily for you.22:35
=== medberry is now known as med_out
quesoSpamapS: nice, thank you22:36
JasonnAWAYHi, how can I raid 2 servers together with ubuntu (program)22:52
SpamapSJasonnAWAY: "RAID" is "Redundant Array of (Inexpensive|Independent) Disks" ..22:52
JasonnAWAYHmmm22:53
SpamapSJasonnAWAY: do you want to replicate data accross two servers?22:53
JasonnAWAYNo22:53
JasonnAWAY I want to put 2 hdds together so they act as 122:53
SpamapSAh, but on one server?22:53
JasonnAWAYyes22:53
SpamapShttps://help.ubuntu.com/10.04/serverguide/C/advanced-installation.html22:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!