/srv/irclogs.ubuntu.com/2011/06/08/#ubuntu-server.txt

RoAkSoAx	kirkland: ping?	00:27
geekbri	If you've got a wildcard entry in your Bind server but you want your domain without a host (say google.com instead of www.google.com) to have an entry that doesn't redirect to the same place as the wildcard, how would you go about doing that?	01:15
=== ujjain is now known as ujjain\|afk
s0rserer	anyone know where i can find help with an ms exchange server?	02:37
twb	s0rserer: ##windows?	02:38
twb	Or your support vendor, of course	02:38
s0rserer	thanks ill give that a shot	02:39
jonesst1	evolution to exchange?	02:41
hackeron	hey, how do I go back to the previous grub behaviour? - from time to time grub detects a boot failure and shows the grub menu - I don't want this to ever happen as it involves driving 40 miles to plug in a keyboard and press enter :/	03:13
twb	hackeron: dunno; I use hpa's bootloader	03:22
hackeron	twb: what's that?	03:24
twb	isolinux	03:25
twb	The same bootloader you already use on CDs and USB keys, works on hard disks, too	03:25
hackeron	what are the advantages to grub?	03:25
twb	It's not a huge crufty monstrosity of unnecessary complexity	03:26
hackeron	does it support software raid?	03:26
twb	For example, it doesn't autodetect "modules" to compile into the MBR	03:26
hackeron	probably won't work with software raid then	03:26
twb	It supports linux md RAID 1. Not sure about 5.	03:26
twb	I would not put /boot on RAID5 anyway	03:26
hackeron	hmm	03:26
twb	In fact the last straw for me with grub was that it didn't work properly with RAID1	03:27
hackeron	:/ - I use it with md raid on all my ubuntu server boxes	03:27
hackeron	some raid1 some raid5	03:27
twb	Some motherboards will detect hda is dead and "rename" hdb to hda, so grub's device.list breaks and you can't boot	03:27
hackeron	huh? - grub's device.list uses UUIDs	03:27
twb	And for me, it wasn't a 40 mile drive -- the machines were in mines in .za	03:28
twb	hackeron: maybe it uses UUIDs now, it didn't in 8.04	03:28
twb	Actually, those boxes would've been RHEL4	03:28
twb	Er, RHEL5	03:28
twb	In any case, syslinux doesn't have that problem, because it boots off the disk that's there, end of story.	03:28
hackeron	well, this is just ubuntu's latest "feature" - far as I can tell the problem is ubuntu no longer has a time out to press esc for the grub menu - instead if instantly boots and if it fails, it marks a failboot flag and shows the grub menu on next boot - not what you want on a server :/	03:29
Sakara	Has anyone had issues getting user_dir and apache working when homes are mounted from another server?	03:29
twb	hackeron: instead of a timeout, you have to hit Shift at exactly the time between when the BIOS hands control to grub, and grub hands control to the kernel	03:29
twb	hackeron: which IME is impossible on some fast systems :-/	03:29
hackeron	twb: well, that wouldn't be a problem if it didn't force the grub menu on boot failure	03:30
twb	syslinux also fixes that -- you can use Scroll Lock instead, which stays "stuck" down, so you can hit it while still in the BIOS	03:30
twb	Sakara: mounted how, NFSv3?	03:30
Sakara	twb: NFSv4	03:30
hackeron	twb: how do I "switch" to syslinux?	03:30
twb	Sakara: I haven't tried that, sorry	03:30
twb	http://paste.debian.net/119165/	03:31
twb	hackeron: those are some notes I made for two-disk RAID1 systems back in the hardy days	03:31
Sakara	twb: Hopefully someone else has done it	03:31
twb	hackeron: unfortunately Ubuntu isn't interested in making it an install-time option, though the Debian people are working on that I believe.	03:32
twb	Sakara: could your problem simply be root_squash? Oh, are you using kerberized NFS?	03:32
Sakara	yes	03:32
Sakara	twb: that is what is happening	03:32
twb	Sakara: ah, OK, so does the apache process have the necessary krb tickets?	03:33
Sakara	I am unsure about how to authenticate and authorise the www-data user	03:33
twb	Sakara: yeah, that kind of headache is why I'm not using krb yet :-)	03:33
twb	Sakara: you might want to ask the #kerberos channel as well	03:33
Sakara	what other ways are there to centralise user accounts?	03:33
twb	I use LDAP	03:34
Sakara	ok LDAP only?	03:34
twb	And SSHFS for end users's network filesystems.	03:34
twb	NFS is there, but only on systems where I strictly control who has root, because obviously without krb, root on every system is fully trusted by the NFS server	03:35
Sakara	ok that does seem like a more appriopriate way to handle users too	03:35
owh	On a hardy server how do I implement SMTP rate control so that the number of outgoing messages to an smtp relay do not exceed 1000 per hour. I don't want to drop the excess messages on the floor or bounce them, I just want them to be queued and delivered in the next and subsequent hours. I'm using postfix to relay the mail.	03:35
Sakara	ahh ok yes tha twould be a problem	03:35
twb	Consider: even with root_squash, root can simply "su - twb -c 'cat /home/twb/.netrc'" or so	03:35
twb	owh: I don't know; you could also ask #postfix. I would probably run "postconf" and look for likely-looking options, then look them up in the reference docs.	03:36
\|rt\|	I've always been under the impression that kerbose doesn't really centralize users...it just provides a secure authentication framework	03:36
twb	\|rt\|: it can do both	03:37
owh	twb, I've been doing that for hours now. #postfix suggest using policyd which appears to be postfix-policyd, but the documentation I can find is for v2.x, not the one that comes with hardy, v1.x	03:38
jmarsden	owh: postfix-policyd is 1.82-* in everything from hardy to oneiric ... are you sure you need 2.x of it?	03:40
owh	jmarsden: I'm happy to stay with 1.82-, but the documentation on www.policyd.org is for v2. -- I cannot find docs/howtos for 1.82-*	03:41
owh	Unless I missed something somewhere?	03:41
jmarsden	/usr/share/doc/postfix-policyd/README.gz	03:44
jmarsden	owh: The docs that come in the postfix-policyd package should be sufficient... I think?	03:46
owh	jmarsden: I've read that document several times - but I might have missed something - I'm needing to limit the number of messages to a relayhost, not by sender, not by recipient, not by domain, etc.	03:47
jmarsden	Can't you just do the 'netblock' example, and make the 'netblock' match string be '%' so it matches all netblocks?	03:48
jmarsden	I have not tried it, but it looks like it ought to work for you.	03:49
owh	jmarsden: That sounds interesting. I'm also trying to track down using transport_destination_rate_delay, which appears to work within postfix, but it's unclear how it's supposed to work, since `transport` needs to be changed to the name of your transport, which would be smtp, but I cannot find how my relayhost is linked to smtp.	03:51
owh	Hmm, unless this line in master.cf is the culprit:	03:52
owh	relay unix - - n - - smtp	03:53
jmarsden	Worst case, set both smtp_destination_rate_delay and relay_destination_rate_delay and see which one works :)	03:56
owh	ROTFL	03:57
owh	Thank you, I needed that.	03:57
owh	Let me remove postfix-policyd and see if that keeps my email still working :)	03:58
Sakara	twb: Isssue with authorization and the www-data uid was resovled by creating an associated kerberos principal	04:16
twb	Sakara: nice	04:16
Sakara	ty for your input it really help crack that one	04:16
twb	Sakara: I thought it would be harder than just an addprin	04:16
Sakara	I'd overlooked adding it because its not a real uid I think about alot becuase its only really used on the one machine (the web server)	04:17
Sakara	cheers again	04:17
twb	np	04:18
shadow42085	I am following the doc on mail server setup at https://help.ubuntu.com/community/PostfixBasicSetupHowto i can recieve mail but I can't send any ideas?	04:29
trimeta	My server is doing the thing where landscape has its information repeated twice, and the second copy refuses to update or go away no matter how out of date it gets.	04:58
trimeta	Which file did I need to delete to force it to refresh the information?	04:58
twb	trimeta: landscape as in canonical's proprietary puppet analogue?	05:03
jonesst1	anybody used kerberos/ldap cleints on ubuntu?	05:06
uvirtbot	New bug: #781283 in mysql-5.1 (main) "mysqlreport crashed with SIGSEGV in malloc_consolidate()" [Medium,New] https://launchpad.net/bugs/781283	05:06
twb	!anyone	05:06
ubottu	A large amount of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.	05:06
jonesst1	ok so where does kerberos failures get dumped?	05:07
jonesst1	messages?	05:07
jonesst1	cd /var/log/	05:07
jonesst1	oops	05:07
jonesst1	hehehe	05:07
jonesst1	ls -l	05:08
trimeta	twb: Landscape as in the thing that collects system information into /etc/motd.	05:08
trimeta	Is there another name for that?	05:09
twb	trimeta: er, no, it isn't	05:11
owh	jmarsden: FYI, I've added smtp_destination_rate_delay to main.cf and reloaded postfix and it appears to be working. What I don't know is what side-effects this might have, but at least I've gotten one step closer -- thanks!	05:11
twb	trimeta: try :>/etc/motd and then log in again	05:11
jmarsden	owh: You're welcome :)	05:11
twb	trimeta: that's how I fixed that specific symptom on my lucid boxes (which definitely DON'T have landscape)	05:11
trimeta	Does that command replace /etc/motd with an empty file?	05:12
twb	Yes	05:12
twb	Back it up first if you don't trust me	05:12
trimeta	Right now /etc/motd is a symlink to /var/run/motd, which (according to the manpages) is created by runpart'ing /etc/update-motd.d/	05:13
trimeta	I tried moving /var/run/motd to /var/run/motd.bad, but a new /var/run/motd was created identical to the first (with the same badness).	05:13
twb	Hum	05:13
twb	Sorry, brain fart	05:14
twb	I meant :>/etc/motd.tail	05:14
trimeta	OK, that fixed it. Why does the spurious tail file get created?	05:16
shadow42085	does anybody know how to fix this I am following the doc on mail server setup at https://help.ubuntu.com/community/PostfixBasicSetupHowto i can recieve mail but I can't send any ideas?	05:19
uvirtbot	New bug: #604593 in libpam-ldap (main) "pam_unix "account" returns success on a user with an invalid shadow password." [Undecided,Confirmed] https://launchpad.net/bugs/604593	08:05
kickar	hey guys I have a database in cirilyc with encoding latin1. On my ubuntu machine it looks ok, but on my other ubuntu machine is all messed up. can anyone help me?	08:16
* negronjl is calling it a night		08:47
=== koolhead11\|afk is now known as koolhead11
kickar	hey guys, can you help me change the default charset of mysql server	09:53
uvirtbot	New bug: #794443 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/794443	10:21
=== cypha`` is now known as cypha
nigelb	Is it the update-motd package which updates the message saying X number of packages need updating and System needs reboot and all that?	11:15
twb	nigelb: try :>/etc/motd.tail	11:21
nigelb	twb: I found that file, but I'm trying to figure out what updates it	11:22
twb	I mean run the command ":>/etc/motd.tail" and the issue where you get two copies of motd will disappear	11:24
nigelb	twb: oh, ah!	11:25
nigelb	twb: hrm, I still have one file, but that's not up-to-date	11:26
twb	Damn	11:29
twb	That worked for me	11:29
twb	Try logging in again	11:29
dfgdfg	hi	11:32
dfgdfg	i belive that this is not the right channel but anyway i need helt with an easy htaccess question	11:32
=== dfgdfg is now known as xilentares
xilentares	could somebody help me ? it hast to do with url rewriting	11:34
xilentares	or recommend me another channel ?	11:34
xampart	try #apache	11:35
xilentares	i dont know why but i cant join it ive already tried it	11:36
xilentares	come on guys nobody ?	12:11
soren	You will never find answers to questions you never ask.	12:14
xampart	true dat	12:14
xilentares	hmm okay.i have a gallery that generates a link like that index.php?id=gallery&album=test know i want that the output is /gallery/test for the user. the rest of the page is already seo optimized	12:16
xilentares	my idea was : RewriteRule ^/(a-zA-Z0-9)/(a-zA-Z0-9)$ /index.php?id=$1&album=$2 [L]	12:17
xilentares	but this dosnt worked :S	12:17
xilentares	is that because the url is generated internal ?	12:17
Siekacz1	hi all! I've got a strange problem with DHCP and DNS - DHCP server (ubuntu server) doesn't send DNS addresses to windows workstations	12:18
Siekacz1	there is option domain-name-servers line in dhcpd.conf, but no workstations received DNS IPs	12:19
Siekacz1	connection works	12:22
Siekacz1	problems with bind9?	12:23
soren	xilentares: Your regexes are wrong.	12:25
soren	xilentares: You'll only ever match this url: "/a-zA-Z0-9/a-zA-Z0-9"	12:26
mncl-core	Good Day!	12:27
soren	xilentares: You want something like: RewriteRule ^/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ /index.php?id=$1&album=$2 [L]	12:28
xilentares	hmm thanks soren but it dosnt work for me :( i will experiment a bit more with it^^	12:34
soren	xilentares: It works for me.	12:35
soren	I just tested it.	12:35
xilentares	The requested URL /gallery/test/ was not found on this server.	12:35
xilentares	if i visit localhost/gallery/test it opens internal localhost/index.php?id=gallery?album=test ,right ?	12:37
uvirtbot	New bug: #636480 in postfix (main) "Postfix and PowerDNS cannot bind to IPv6-IPs on boot" [Undecided,New] https://launchpad.net/bugs/636480	12:40
xilentares	soren : thanks got in know :)	12:42
seicherlbob	hi! I'm running a server with ubuntu Lucid (server edition). On this server, there is a VM i use for testing and development. Now i wanted to simulate a loss of network connection for a program, i am developing and I closed the tap device of the guest VM on the host server (ifdown tap02). Now i can not bring it up again. ifup tap02 tells me "TUNSETIFF: Device or resource busy". Any suggestions?	12:43
seicherlbob	i think there was a tcp connection open when i teared down the interface. maybe that tcp connection keeps the device busy, although its said to be down. Is there a way to flush and close this connection manually? Rebooting is not an option.	12:45
seicherlbob	ok. got it: you can not bring up the connection, when the VM behind it is up. The VM needs to be down/stopped - then you can bring up the connection again.	13:00
sommer	good morning internets	13:02
=== ujjain\|afk is now known as ujjain
cocoa117	if ubuntu domU can't see the newly assigned memory (e.g. free -m), what's the point having the ability to do it in dom0?	13:52
cocoa117	i am using Ubuntu 10.04, and the ballon=y in the kernel	13:52
cocoa117	even after i assigned more RAM to domU ubuntu, the free -m can't see it, so i am using it won't use it	13:52
zul	Daviey: http://people.canonical.com/~chucks/gpxe-cobbler.patch	14:27
hallyn	cmagina: after pushing multipath-tools to oneiric last night, it occurred to methat the 'add\|change' rule in kpartx.udev is idiotic - it just modprobes dm-multipath. Which doesn't exist.	14:31
hallyn	think i'll open a bug to remove all dm-multipath references, which should amount to changes to 3 files	14:31
cmagina	hallyn: sounds like a good idea. i haven't looked at all those bits, but if you want another set of eyes on any of this, just toss it my way	14:34
hallyn	cmagina: cool, thanks. more eyes++	14:34
tyreza	hello there	14:35
tyreza	how to perform a complete hardware check on a server ?	14:35
patdk-wk	flashlight and paper pad?	14:38
tyreza	?	14:39
Pici	tyreza: What exactly were you hoping to accomplish?	14:41
tyreza	i simply want to make a complete hardware check	14:42
Pici	I don't know what that means.	14:43
Pici	What are you checking?	14:43
tyreza	my system reboot automatically	14:45
tyreza	when i m working on it	14:45
tyreza	so i need to make a complete check	14:45
tyreza	so my question how ?	14:46
tyreza	? anyone there	15:07
tyreza	i can't see the difficulty on my question ?	15:08
guillemhs	hi!	15:08
guillemhs	it is easier to speak directly to a person	15:08
greppy	guillemhs: just ask your question, if someone knows, they'll respond.	15:11
kaushal	Hi	15:16
pmatulis	hi	15:16
kaushal	pmatulis: Any idea about the availability of JAVA6 U26 ?	15:17
kaushal	on Ubuntu Server 10.04 LTS	15:17
pmatulis	kaushal: i'm sorry, i don't know what JAVA6 U26 is	15:17
kaushal	ok	15:18
hallyn	cmagina: nm, i guess we should support custom kernels :) leaving that alone	15:19
cmagina	hallyn: ah, yeah, didn't think about that	15:21
cmagina	hallyn: good catch	15:21
uvirtbot	New bug: #656421 in samba (main) "No DNS Updates on Domain-Registered Server in Win2k8R2 enviroment" [Undecided,New] https://launchpad.net/bugs/656421	15:27
cthompson	hello, how can I show what partition / is on? it doesn't show up in df or fstab.	15:43
genii-around	cthompson: mount ?	15:50
cthompson	well, it looks like I had to edit fstab to allow the kernel to mount / on a raid partition /dev/md0, after that: df: /dev/md0 on / (all good)	15:55
cthompson	thanks though	15:56
* genii-around sips his coffee and ponders if cthompson has raid modules in his initrd		15:59
Daviey	ho.	16:53
RoAkSoAx	Daviey: hu	16:59
Daviey	RoAkSoAx: o/	16:59
RoAkSoAx	Daviey: o/ how's it going today man?	16:59
Daviey	RoAkSoAx: not so good.. primary laptop power cable busted.	17:02
Daviey	Yourself sir?	17:02
=== koolhead11 is now known as koolhead11\|afk
lynxman	Daviey: darn :/	17:12
TREllis	doo-do-be-do	17:13
TREllis	afternoon	17:13
lynxman	TREllis, RoAkSoAx, zul, negronjl	17:13
lynxman	talk is about squid-deb-proxy + cobbler on orchestra	17:13
lynxman	orchestra has some cobbler snippets and a mini.iso importer for new distros	17:13
lynxman	RoAkSoAx: you were saying? :)	17:13
lynxman	zul: you pointed it needed to work with debian and d-i instead of kickstart, right?	17:13
lynxman	hey Daviey o/	17:13
zul	right because thats what we use	17:15
TREllis	cobbler uses debmirror to do repository mirroring, at the moment we use deb-squid-proxy as a cache instead	17:15
RoAkSoAx	TREllis: debmirror works now	17:16
* zul lunches		17:16
RoAkSoAx	TREllis: the only thing, is you want to install anything using that local mirror	17:16
lynxman	zul: bon appetit!	17:16
RoAkSoAx	s/is/if	17:16
RoAkSoAx	you need to tell the preseed that the mirror is there	17:16
TREllis	RoAkSoAx: yeah you'd need to tweak the preseed	17:16
RoAkSoAx	TREllis: yeah, so using snippets we can do that automatically, but we need to find a way of doing so :)	17:16
RoAkSoAx	TREllis: that's why I was saying, whenever there's a local mirror for a profile, use that snippet/preseed/wathever	17:17
TREllis	RoAkSoAx: so basically, we need a snippet that checks if a mirror is present and uses it if it is, otherwise use the proxy	17:17
RoAkSoAx	TREllis: if there's not, and we now that we are using squid-deb-proxy, use the preseed for that purpose	17:17
RoAkSoAx	TREllis: correct	17:17
TREllis	my working with cheetah is quite limited, you can probably do it though	17:17
lynxman	RoAkSoAx: you want to take that as an action item?	17:17
lullabud	got a weird problem with ubuntu 11 and vmware fusion. after upgrading to 11, my terminal does not work at all. i can still ssh in, but the local terminal is just blank.	17:18
lullabud	no X. the VM has been upgraded through a few versions of ubuntu.	17:18
lullabud	oh, wait, there's simply a blinking cursor up in the top left now. sometimes it's there, sometimes it's not.	17:18
lynxman	RoAkSoAx: where are we keeping track of the actions items for this btw :>	17:19
lullabud	ok, now i see that it's simply defaulting to tty7, which is blank.	17:19
RoAkSoAx	lynxman: sure, I'm currently finishing the repository thing when adding an ubuntu mini.iso.... and checking the debmirror stuff is working well	17:21
lynxman	RoAkSoAx: excellent :)	17:21
RoAkSoAx	then I'll document the preseed changes needed to use the local mirror	17:21
RoAkSoAx	lynxman: and we can get the snippets after that	17:21
TREllis	sounds good	17:21
lynxman	RoAkSoAx: sounds good, you're the best... arooound	17:22
lynxman	RoAkSoAx: sorry, grew up in the 80ies	17:22
RoAkSoAx	other than that, mini.iso import detection should be done automatically this cycle, as cjwatson agreed on providing us with something to allow detection	17:22
RoAkSoAx	so we can drop having to manually specify breed, os version, etc	17:22
lynxman	RoAkSoAx: that would mean submitting a patch for cobbler, the way it's detected now is through the directory structure	17:23
lynxman	RoAkSoAx: it's easy to patch, I can do that even :)	17:23
RoAkSoAx	lynxman: yeah I'll take care of that too	17:23
lynxman	RoAkSoAx: rocking	17:23
RoAkSoAx	lynxman: the idea is to submit to upstream most of the stuff we do here	17:23
RoAkSoAx	off course, not the orchestra part but cobbler itself	17:23
lynxman	RoAkSoAx: that's always the idea :)	17:23
RoAkSoAx	lynxman: what else is worrying you?	17:24
RoAkSoAx	:)	17:24
lynxman	RoAkSoAx: we decided at UDS that we would use a bit more the cobbler API in order to store somewhere hardware profiles for the hardware in the orchestra server network	17:25
SpamapS	lynxman: +1 .. have you guys had a chance to see if thats even feasible ?	17:26
lynxman	RoAkSoAx: would like to get your initial ideas about how to attack that, I know this is a long term project thinking, but wanted to know your ideas	17:26
RoAkSoAx	lynxman: i believe that would be using the "System" concept in cobbler	17:26
lynxman	SpamapS: not yet, we're knee deep into making all the parts work well for our demo at Structure in 2 weeks :)	17:26
SpamapS	indeed	17:26
RoAkSoAx	lynxman: have you guys looked into the "Systems"	17:27
lynxman	RoAkSoAx: not yet, that's why I wanted your initial ideas, so I know where to look in ;)	17:27
RoAkSoAx	lynxman: http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.3/html/Reference_Guide/s1-cobbler-addsystem.html	17:28
RoAkSoAx	provides a brief, understandable introduction to it :)	17:28
lynxman	RoAkSoAx: thanks :)	17:28
lynxman	bookmarks it	17:28
TREllis	lynxman: system profiles in general are cool, as long as you have the mac address of a system, you can assign a kickstart/preseed for it to use	17:28
RoAkSoAx	TREllis: you cannot use cobbler deploy though to deploy a machine AFAIK	17:29
Daviey	hey lynxman o/	17:29
lynxman	TREllis: the idea was to have a specialized mini boot image that would just boot up, compile system information and report back then shut down	17:29
TREllis	RoAkSoAx: yeah, uses the fence tools right?	17:29
TREllis	lynxman: that's a neat idea, I've seen a similar thing used in a bank before	17:29
RoAkSoAx	oh btw.. fence-agents have been already uploaded and are in the NEW queue	17:29
RoAkSoAx	so we should see them next week	17:29
lynxman	then once we got the info we can just install the basic image and from there take a logical decision towards what kind of application can be fit in the hardware	17:29
RoAkSoAx	TREllis: yes and no... the "deploy" feature has been disabled upstream	17:29
RoAkSoAx	TREllis: "This feature was removed from Cobbler 2.0 and may be present in a future release. It is not yet implemented in the code as I wanted to revisit and rewrite much of the core implementation -- Michael"	17:30
TREllis	lynxman: is there going to be somewhere to store that data in orchestra then?	17:30
RoAkSoAx	in https://fedorahosted.org/cobbler/wiki/DeployFeature	17:30
TREllis	RoAkSoAx: fair enough	17:30
lynxman	TREllis: that's another different dimension :)	17:30
lynxman	TREllis: I reckon we'll store it in mysql or such, but at some point we want that to evolve into the metadata service	17:30
Daviey	lynxman: if the debmirror local mirror is presented over http... squid-deb=proxy could use that as it's upstream mirror. Perhaps wasteful.. but easier to implement, and the autodiscovery magic would still work.	17:31
TREllis	RoAkSoAx: and since that was michael, we can assume it's been disabled for a while then and hasn't been looked at	17:31
RoAkSoAx	TREllis: indeed!	17:31
lynxman	Daviey: very good point!	17:31
TREllis	Daviey: duplicate data though?	17:31
RoAkSoAx	Daviey lynxman yeah but that would be using snippets to tweak it anyway	17:31
TREllis	Daviey: ie you need twice the storage, once for the mirror once for the cache	17:31
Daviey	lynxman: I have a python script for adding new hardware to cobbler btw	17:32
Daviey	i need to add facter output to it.	17:32
lynxman	Daviey: oooh, can we see it somewhere?	17:32
RoAkSoAx	TREllis: yeah	17:32
RoAkSoAx	Daviey: if we have a local mirror, then ew don't really need squid-deb-proxy	17:32
TREllis	RoAkSoAx: well, unless you are doing deployments over long distance links, mirror in one DC, cache in the other	17:33
lynxman	RoAkSoAx: what we like about squid-deb-proxy is proxy auto discovery	17:33
RoAkSoAx	lynxman: yeah	17:33
Daviey	lynxman: it's only simple atm, i was using it to experiement with the RPC api. Seems to work well. It's for the auto discovery WI	17:33
RoAkSoAx	TREllis: yeah but AFAIK, for that reason you;d have a second cobbler server/mirror	17:33
RoAkSoAx	TREllis: that's the whole point of having a local mirror :)	17:34
RoAkSoAx	not use long distance links :)	17:34
TREllis	RoAkSoAx: you'd only get the hit on the cache once :)	17:34
TREllis	I know plenty of people who do that	17:34
Daviey	TREllis: in that example, the squid-deb-proxy cache size could be tweaked to be very minimal.. perhaps 0. However, TBH, for a base install - we are not talking about that much TBH.	17:34
TREllis	Daviey: yeah, very true	17:35
lynxman	calling mvo into this, maybe he has some good ideas	17:35
Daviey	I think we should have a call about this soon..	17:35
Daviey	ideally this week.	17:35
Daviey	who wants to be on it?	17:35
RoAkSoAx	TREllis: right, but in that case we have a server for solely be a mirror cache	17:36
lynxman	Daviey: me :)	17:36
TREllis	RoAkSoAx: true. I like the idea of the snippet determining if you have a mirror or cache setup	17:36
RoAkSoAx	TREllis: yeah	17:37
lynxman	TREllis: indeed, it should be smart enough	17:37
lynxman	now my main concern is the cobbler mirroring + squid-deb-proxy integration	17:38
lynxman	or if we should just scratch squid-deb-proxy from orchestra and go straight for cobbler mirroring	17:38
SpamapS	If cobbler is a local mirror, why do you need s-d-p ?	17:38
TREllis	Daviey: would love to listen in, but heading to the IoW festival :-)	17:38
SpamapS	s-d-p is for when you don't want a local mirror	17:38
lynxman	SpamapS: exactly what I was asking :)	17:38
lynxman	TREllis: that's what you cool kids call it now? :D	17:39
Daviey	TREllis: slack.	17:39
lynxman	Daviey: he totally is	17:40
TREllis	/part	17:40
TREllis	:-)	17:40
lynxman	TREllis: you had one space in front of that part	17:40
Daviey	/kick TREllis too slack for here.	17:40
TREllis	SpamapS: agreed, guess that leaves it up to the snippet then: if debmirror is installed, point to it; else use s-d-p	17:40
lynxman	TREllis: yeah but s-d-p is installed by default on the client side, how we can take a smartz decision like that from the package?	17:41
TREllis	Daviey: it's a hard live, but someone has to do it	17:41
Daviey	I'd like to hear mvo's view.. but i'd like to experiement with have s-d-p as the primary interface.. With either a local mirror (debproxy) or primary external mirror providing it.	17:41
Daviey	TREllis: indeed.	17:41
TREllis	s/debproxy/debmirror ?	17:42
TREllis	since that's what cobbler uses by default	17:42
lynxman	Daviey: messaged mvo, I think it's doable...	17:42
Daviey	lynxman: can you ask him to join here, so we can all jump on him?	17:42
Daviey	:)	17:42
RoAkSoAx	Daviey: right, but using s-d-p when we have a local mirror doesn't really make sense	17:42
lynxman	Daviey: I did that 10 mins ago, I guess he's afraid... or having dinner. I'll go with afraid	17:42
TREllis	are we pulling in debmirror 2.7 to oneiric? has a kickass feature --debmarshal	17:43
RoAkSoAx	cause you'd be cashing, what we already have "cached" locally	17:43
SpamapS	Why would I want to go ->squid->debmirror ?	17:43
Daviey	RoAkSoAx: no.. it doesn't make lots of sense.. but if it's our primary interface it should be investigated IMO.	17:43
lynxman	SpamapS: it's just that we install s-d-p-client as default on the orchestra client, we were seeing a smart way to be able to use either debmirror or s-d-p as required	17:44
Daviey	TREllis: don't complicate things with asking for debmarshal support :)	17:44
lynxman	Daviey: we want debmarshal support hides	17:44
negronjl	I agree with the keeping it simple part.	17:44
lynxman	negronjl: +1	17:44
TREllis	Daviey: hehe, <3 debmarshal	17:44
Daviey	Grr.	17:45
TREllis	Daviey: although I moved my local mirror to reprepro anyway	17:45
zul	lynxman: about the hardware profiles cobbler has couchdb support but its not secure at all ust yet	17:45
Daviey	TREllis: sane here :)	17:45
Daviey	Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhh!	17:45
lynxman	zul: maybe it would just be easier to have a mysql plugin? it's extra easy	17:45
lynxman	TREllis: stop scaring Daviey please	17:45
zul	lynxman: ergh...	17:45
Daviey	couchdb keeps me awake at night.	17:46
SpamapS	Since cobbler is going to seed the thing.. s-d-p client is actually, IMO, kind of unnecessary.	17:46
lynxman	zul: I know you like it, but couchdb... bleh	17:46
negronjl	zul, lynxman: mysql +1	17:46
zul	lynxman: sqlite database would be easier	17:46
Daviey	i swear there is a couchdb hiding under my bed.	17:46
SpamapS	The advantage of s-d-p is just that its specifically only allowing proxying of ubuntu.	17:46
lynxman	zul: don't get me started on sqlite	17:46
RoAkSoAx	Daviey: but that's the thing, whenever someone doesn't want to have the local mirror in full... there's no need to do so and we can use s-d-p for that	17:46
lynxman	SpamapS: exactly	17:46
negronjl	adding couchdb would add more complexity plus pretty much everyone already knows mysql	17:46
RoAkSoAx	Daviey: but if someone wants to have their own local mirror	17:46
lynxman	zul: just trying to think 2 steps forward towards the metadata service	17:46
RoAkSoAx	Daviey: then they should be able to without having the hasle of installing s-d-p client	17:46
SpamapS	And why again aren't we just using the data storage capabilities built into cobbler?	17:47
zul	thats what i said	17:47
Daviey	RoAkSoAx: it's installed by default via the client package.	17:47
Daviey	SpamapS: have you used that?	17:48
negronjl	What is the main reason for having s-d-p/debmirror in orchestra ?	17:48
lynxman	negronjl: not having n-hundred machines pulling packages	17:48
RoAkSoAx	Daviey: I know :) but still if someone wants to sync the whole mirror for one release, they should be able to do so	17:48
lynxman	negronjl: so reduce bandwidth consumption drastically	17:48
negronjl	ok....so, find the simplest way to accomplish that	17:48
RoAkSoAx	Daviey: but if they do so and use it, s-d-p client has no point	17:48
negronjl	it seems that the conversation is going in multiple directions at the same time :/	17:48
lynxman	negronjl: g	17:48
Daviey	RoAkSoAx: ack, i'm not disagreeing with that	17:49
SpamapS	Daviey: IIRC, it is just json files on disk. But the point is that its already got a database of machines that I am provisioning. To have two databases of machines I'm provisioning, instead of enhancing the first.. seems a bit failure prone.	17:49
lynxman	negronjl: it is	17:49
RoAkSoAx	Daviey: yeah that';s why we should keep both as options and make sure they both work well :)	17:49
Daviey	SpamapS: hmm. i'm not sure i follow.	17:49
SpamapS	I agree with negronjl	17:49
lynxman	SpamapS: Daviey: So how about we see the different approach scenarios for the hardware database and we all decide which one is the one we should proceed forward with?	17:49
SpamapS	two conversations are intermingled	17:49
SpamapS	a) proxying/mirroring	17:49
SpamapS	b) metadata	17:50
SpamapS	lets just wrap up the a) before talking about b	17:50
zul	c) hardware database and then c	17:50
SpamapS	zul: thats the same thing as metadata	17:51
Daviey	Okay.. I am proposing that we investigate always using squid-deb=proxy. The parent mirror can either be a local archive, or a public shared one.	17:51
Daviey	Yes, there is potentially a wasteful extra layer in the stack.	17:51
Daviey	However it should make things simplier to construct.	17:51
lynxman	Daviey: could this be useful you think in order to let the user decide if they want s-d-p or a full mirror?	17:52
Daviey	lynxman: Well i am proposing that we always using s-d-p, regardless of what feeds it.	17:52
SpamapS	I can see an advantage where the clients will pull updates from any s-d-p on the network going forward too.	17:52
SpamapS	And we're basically just talking about the default seed .. it will be highly configurable.	17:53
Daviey	Chaps.. i need to stop for food right now. I'll catch up on scrollback on my return.	17:53
lynxman	SpamapS: I do agree that keeping s-d-p in the loop is a good idea, I like s-d-p and mvo has done some amazing work	17:53
RoAkSoAx	Daviey: right, but if we do so.. we end up having a local mirror + local cache = double storage usage	17:53
RoAkSoAx	Daviey: one of the reasons debmirror was not specifically used as the only solution is because it consumes much more storage space than using s-d-p	17:54
lynxman	RoAkSoAx: I'm pretty sure mvo knows a way where s-d-p will just read the local mirror if needed	17:54
SpamapS	its squid	17:54
SpamapS	land of 1000 config options	17:54
lynxman	RoAkSoAx: so we can just use a debconf to say "use local mirror" or "use cache"	17:54
lynxman	SpamapS: exactly, it can do whatever we want :)	17:55
tucemiux	hey anyone here use apcupsd ?	17:55
RoAkSoAx	lynxman: yeah	17:55
SpamapS	So, disable caching of the local mirror on disk (still put it in RAM, should speed things up)..	17:55
SpamapS	that should be pretty easy.	17:56
lynxman	SpamapS: yeah, I think that's easily doable through debconf, we've started to introduce debconf hooks to s-d-p	17:56
lynxman	tucemiux: ask your question and see if someone can answer, fishing will just take longer :)	17:56
negronjl	should we just have a separate orchestra-caching server where all of these config questions can be asked?	17:57
lynxman	negronjl: that's part of the provisioning server	17:57
lynxman	negronjl: I would rather not make a caching server tbh, makes no sense to make it in a different machine than the provisioner	17:57
negronjl	lynxman: it is now, but with n-hundred servers pulling off of it, it could become overwhelmed	17:57
lynxman	negronjl: you think so? hmm	17:57
negronjl	lynxman: it could yes	17:58
lynxman	negronjl: I'd rather jump that hurdle when we get to it	17:58
TREllis	negronjl: possibily, of course those systems would only be pulling at the same time for updates, not building (unless you enjoy building 100 servers at once o_O)	17:58
lynxman	negronjl: since if we start observing that scenarios now, we can say the same for the monitoring, for the logging, etc	17:59
SpamapS	squid can take thousands of concurrent requests	17:59
lynxman	SpamapS: that is also true	17:59
SpamapS	I'd suspect cobbler would have a harder time serving up the pre-seeds before a single squid instance would have any trouble	17:59
SpamapS	at the point where you need to install more than say, 500 machines at once, you can figure out the load balancing yourself	18:00
SpamapS	orchestra is "make it easy to install ubuntu server" not "make it easy to build skynet"	18:00
SpamapS	thats ensemble ;)	18:00
lynxman	SpamapS: it's even on the roadmap	18:00
TREllis	lol	18:01
* TREllis --> food		18:01
lynxman	SpamapS: in all fairness, skynet is also on the orchestra roadmap for the P cycle	18:02
lynxman	:)	18:02
* SpamapS orders another pallet of canned food for his bunker		18:02
SpamapS	noted	18:02
lynxman	rofl	18:02
negronjl	SpamapS, lynxman: we can then have both Skynet bots battle it out like the old computer chess programs used to do.	18:03
lynxman	negronjl: I see it more as "two skynets going to Jeopardy" scenario	18:03
SpamapS	Hah yeah, Orchestra's hardware vs. Ensemble's endless scalability	18:03
lynxman	"I'll take doomsday scenarios caused by computers for $200 Alex"	18:03
tucemiux	i'm wondering if it's safe to install apcupsd and configure it remotely with the UPS connected ?	18:03
SpamapS	hopefully world domination isn't I/O bound or ensemble is SCREWED	18:04
lynxman	tucemiux: you need to be very very careful of course, but you can try :)	18:04
lynxman	tucemiux: I would personally not do it unless you have someone at the other side	18:04
shauno	ditto. I've not had a problem with it, but wouldn't want to tempt fate	18:05
tucemiux	lynxman: i dont have anyone in the other side, I guess I'll wait until i'm next to the server then :-(	18:05
lynxman	shauno: my experience with it is very good as well	18:05
lynxman	tucemiux: would be the careful thing to do, specially if your job/money/girlfriend/dog depends on the server running	18:06
tucemiux	lynxman: its my own server where I keep my hilton videos, I'm just worried I'll burn the house down or something	18:07
lynxman	tucemiux: worst case scenario the APC will shot down the server, no burning house down scenario	18:07
lynxman	s/shot/shut/	18:07
lynxman	Daviey: so let's schedule a call for next week? TREllis, SpamapS, negronjl, RoAkSoAx, zul okay with it?	18:08
=== Corey is now known as Corey_
zul	yep	18:08
tucemiux	lynxman: ahhh in that case I can go ahead and do it, if the server shut down my irssi connection goes down, no biggie, no trades or email messages will be lost o.O	18:08
Daviey	Chaps... i was just thinking. If the avahi support is added to debmirror, -provisioning-server could Recommend: squid-deb-proxy <pipe> debmirror-avahi	18:08
Daviey	(forgive the <pipe>, not sre where it is on this whizzy keyboard)	18:08
tucemiux	I'm ok with it !	18:08
=== Corey_ is now known as Corey
lynxman	Daviey: \| <-- cut and paste	18:09
Daviey	lol	18:09
lynxman	tucemiux: have fun then :)	18:09
tucemiux	lynxman: thanks! let me get to it, have you ever configured an apcupsd ?	18:09
lynxman	tucemiux: yes, but it was with a very very very old APC, one of those that had a lever and a horse running in circles around it	18:11
lynxman	Daviey: I think that would be a very cool and scalable solution	18:11
tucemiux	lynxman: well too bad I didnt have the pleasure to have a lever on mines :-(	18:12
Daviey	lynxman: make it so :)	18:12
RoAkSoAx	zul: how does hits looks to you: http://paste.ubuntu.com/621892/ basically, if the host is a debian/ubuntu it should obtain the mirror from python-apt and create the repo pointing to that mirror when importin mini.iso	18:12
lynxman	tucemiux: the problem wasn't the lever, it was the horse	18:12
zul	checking	18:13
zul	RoAkSoAx: looks good	18:14
RoAkSoAx	zul: cool. It's ubuntu specific for now, but once I get the change to install debian I'll test it as well so that we cna forward that upstream	18:15
zul	cool beans	18:15
Daviey	RoAkSoAx: Why not just check the python-apt stuff before assuming the dist is ubuntu?	18:16
RoAkSoAx	Daviey: technically it should work with bot debian/ubuntu, but I need to test it in debian first before I assume that it works with it as well	18:18
tdelam	I've been hacked, I fixed some of the issues but I still see a lot of outgoing network traffic from various Ukraine IP's using nethogs. How can I dig even deeper to see what this traffic is and where it is coming from on my server?	18:19
RoAkSoAx	Daviey: note that this only happens to set the same archive that the host uses foreach repo created when importin a mini.iso	18:26
tucemiux	lynxman: hey, I just configured my apcupsd, do I have to reboot or something ?	18:35
lynxman	tucemiux: if the service is running, it's all done and sweet	18:36
tucemiux	lynxman: how do I check to see if the server is running? lsmod?	18:37
lynxman	tucemiux: service apcupsd status i guess	18:38
lynxman	tucemiux: check the logs as well	18:38
tucemiux	lynxman: Error contacting apcupsd @ localhost:3551: Connection refused	18:38
lynxman	tucemiux: then it's not running, check logs and see why	18:38
lynxman	tucemiux: rinse, repeat	18:38
RoAkSoAx	lynxman: do you have a cobbler server running atm?	18:38
lynxman	RoAkSoAx: I think negronjl does	18:39
lynxman	RoAkSoAx: but not on my side	18:39
lynxman	RoAkSoAx: although if you want one, apt-add-repository ppa:orchestra/ppa then install ubuntu-orchestra-server	18:39
RoAkSoAx	lynxman: i do have one already :)	18:39
RoAkSoAx	lynxman: just wanted to check something but no worries :)	18:39
lynxman	RoAkSoAx: you hogger :P	18:39
RoAkSoAx	zul: when you hvae the time, could you try importing a debian ISO? I think it's not adding a distro/profile when doing so	18:41
tucemiux	lynxman: how do I add acpdusbd to my /etc/hosts.allow ??	18:41
tucemiux	lynxman: sudo service apcupsd start	18:43
tucemiux	service apcupsd status	18:43
* RoAkSoAx lunches		18:43
* Daviey ponders what RoAkSoAx is having.		18:44
tucemiux	how do I check what services are scheduled to be runned automatically ?	18:45
SpamapS	tucemiux: if its installed, it will be started	18:45
SpamapS	tucemiux: unless you manually disabled it	18:46
tucemiux	SpamapS: well I just installed apcupsd and I'm trying to figure out if it's scheduled to run at boot up time,I had to manually start it	18:46
RoyK	SpamapS: the ones using upstart, I don't know, perhaps service --status-all - the ones not using upstart will be listed under /etc/rc2.d	18:47
RoyK	tucemiux: wrong answer - the ones running aren't necessarily the ones scheduled for start - in case something goes wrong and a service fails to start	18:48
SpamapS	tucemiux: sometimes a service needs to be configured/enabled .. but usually they should just start	18:49
* SpamapS hates that we have two init systems. :-P		18:49
tucemiux	RoyK: yeah, i figured that much, if I manually start a service it doesnt mean it will automatically start at boot up, how do I check if a service is scheduled to start at boot up?	18:49
* SpamapS is trying to type a succinct answer and there isn't one. :-P		18:50
SpamapS	tucemiux: if there's a /etc/init/apcupsd.conf , look in there for any reasons it might not have started. Otherwise /etc/init.d/apcupsd	18:50
SpamapS	tucemiux: you may have a file, /etc/default/apcupsd that you have to edit to enable it at boot time.	18:50
SpamapS	tucemiux: this info should be documented in /usr/share/doc/apcupsd/README.Debian	18:51
tucemiux	SpamapS: so basically, services that run at boot up are configured in "/etc/default/[]"	18:51
SpamapS	tucemiux: its not that simple	18:52
SpamapS	tucemiux: SOME services are disabled because they require you to configure them before starting automatically.	18:52
tucemiux	SpamapS: so that's why ISCONFIGURED needs to say yes, is that how a service is enabled/disabled in /etc/default/?	18:54
SpamapS	tucemiux: they're all different unfortunately.	18:55
SpamapS	would be really nice if they weren't	18:55
tucemiux	SpamapS: ok well at least I got apcupsd up and running, I'll reboot my server when I get home to find out if the service repawns on a reboot	18:56
=== med_out is now known as med
=== med is now known as medberry
tucemiux	hey is it safe to test a UPS by unplugging it from the outlet ?	18:59
SpamapS	tucemiux: many of them have test buttons ;)	19:00
SpamapS	tucemiux: but if it doesn't, then yes	19:00
SpamapS	tucemiux: just make sure its charged	19:00
tucemiux	SpamapS: yeah, it's charged, I was setting up the thing and wanted to place it somewhere else, I unplugged it and the thing was still on with plenty of juice so I'm like... ok well at least I know that works he he he	19:04
adam_g	lynxman: ping	19:20
MrBIOS	hey folks, ogra over in #ubuntu-arm just sent me this way. I'm looking for anybody who considers themselves part of the "arm server team"	19:21
kirkland	RoAkSoAx: pong	19:21
adam_g	kirkland: hey, maybe you know.. do the orchestra mcollective plugins need anything special in terms of puppet class paramters to get things deployed via the 'role' fact?	19:27
adam_g	would something like this work, or would it need to be simplified? http://paste.ubuntu.com/621948/	19:27
SpamapS	MrBIOS: there's no "ARM server team".. just "server team". :)	19:27
MrBIOS	SpamapS, understood, then "people interested in ARM who are on the server team"	19:30
SpamapS	MrBIOS: Lots of us. Did you have some hardware for us? ;)	19:31
=== NG_ is now known as ng_
kirkland	adam_g: really a question for negronjl and lynxman	19:36
negronjl	adam_g: looking at your pastebin....can you elaborate a bit on what you are trying to do here?	19:38
RoAkSoAx	kirkland: o/ what do you think: http://paste.ubuntu.com/621958/	19:39
kirkland	RoAkSoAx: nice	19:40
kirkland	RoAkSoAx: looks good	19:40
RoAkSoAx	kirkland: though, just realized that it does not handle reconfiguration	19:41
adam_g	negronjl: openstack on a single node	19:41
Daviey	MrBIOS: can we help?	19:42
RoAkSoAx	Daviey: i had "Aji de Gallina" typical plate from Peru	19:42
Daviey	RoAkSoAx: sounds tasty!	19:43
* RoAkSoAx , lucky him... he found a peruvian restaurant right accross the street!		19:43
RoAkSoAx	Daviey: yeah it is :D	19:43
Daviey	adam_g: I assume those values won't be put into a apackage?	19:46
adam_g	Daviey: no, that would be an upper level class that someone can construct to make use of the nova module	19:47
Daviey	adam_g: ok, super	19:48
adam_g	negronjl: https://github.com/gandelman-a/puppetlabs-nova/tree/dev/nova if you are interested in looking at the entire module	19:50
Daviey	github makes me cry	19:51
adam_g	yeah. :(	19:51
negronjl	adam_g: what's the name of the file you pasted on pastebin ?	19:53
Daviey	/nova/test/ubuntu/* ?	19:54
adam_g	negronjl: nova/tests/ubuntu/all.pp	19:55
negronjl	Daviey, adam_g: thx. reading now	19:56
zul	adam_g: you know we are using kvm on nova right? :)	19:56
adam_g	zul: yes, why do you ask?	19:58
zul	adam_g: it seems to be using xen	19:58
adam_g	no, it uses kvm/libvirt default	19:58
negronjl	adam_g: I don't see anything that seems wrong ( didn't test the regexes in puppetlabs-nova / nova / lib / puppet / provider / nova_config / parsed.rb though )	20:00
adam_g	zul: one of the other people working on it is going to be using xenserver for compute. there are some optional config parameters for that.	20:01
negronjl	adam_g: all.pp seems to be right as well.	20:01
zul	ok cool..thats probably going to be an ubuntu patch ;)	20:02
adam_g	zul: the module should support both just fine wihtout patches	20:03
zul	good good	20:03
adam_g	that reminds me	20:08
adam_g	http://blog.xen.org/index.php/2011/06/05/xcp-on-ubuntu/	20:09
adam_g	zul: ^ we'll probably have xenserver on ubuntu as compute nodes at some point in the future.	20:10
zul	adam_g: the community xen.org version probably yes	20:10
adam_g	its the bleeding edge of the commercial version. or has something changed since citrix opensourced it last year? i haven't followed too closely	20:11
RoyK	adam_g: we have a xenserver setup - five nodes - I haven't gotten around to find out how to easly setup a pvm on that with ubuntu yet	20:12
zul	adam_g: i havent really looked at the xenserver bits its kind of like fedora	20:12
adam_g	zul: right	20:12
zul	adam_g: we are focusing on xen.org bits though	20:13
adam_g	in any case, XCP/xenserver on ubuntu rather than centos 5.4 would be great.	20:15
RoyK	kvm works well too	20:15
* RoyK just setup his first kvm vm in production at work		20:16
RoyK	some idiot at ittvis.com found that redhat was the perfect linux platform for IDL, so IDL didn't install on ubuntu, so I setup a CentOS VM for it :P	20:17
* negronjl is getting food		20:18
Daviey	SpamapS: Have you been able to find a sponsor for txzookeeper into Debian?	20:19
queso	Is there a way to search all cron jobs (in /etc/ and for all users) at once?	20:34
RoyK	queso: user's cronjobs are under /var/spool/cron/cronjobs	20:42
RoyK	users', even	20:42
tucemiux	ok im still a nuub, im just wondering how to ban china, I see failed login attempts from 111.178.*	20:55
remix_tj	tucemiux: i can suggest you to do this	20:55
remix_tj	whois 111.178.xyz.abc	20:55
remix_tj	(the ip with failed logins)	20:55
remix_tj	in the whois you can find the net you need to ban	20:56
remix_tj	with	20:56
littlebearz	tucemiux: just deny ALL:ALL and allow certain IPs	20:56
remix_tj	iptables -A INPUT -s 111.178.xyz.abc -j DROP	20:56
remix_tj	(for example)	20:57
Pici	remix_tj: It might be more prudent to install something like fail2ban, so that multiple failed login attempts are automaically blocked, from any ip.	20:57
tucemiux	ahhh so I hav to do it with iptables? I cant do it with fail2ban or some other utility?	20:57
remix_tj	or use the littlebearz solution. but is pretty difficult if you want to connect from dynamic ip	20:57
remix_tj	Pici: good idea :-)	20:57
remix_tj	tucemiux: install fail2ban, it will iptable for you :-)	20:58
Pici	tucemiux: ^	20:58
Pici	Sorry, I missed who was actually asking the question ther.e	20:58
tucemiux	Pici: it was mua	20:58
littlebearz	remix_tj: i never knew about fail2ban, I was thinking of putting the ip into a mysql and send it to my cellphone for verification	20:58
tucemiux	someone from 111.178.146.* tried to login as root, how can I check if fail2ban blocked him?	20:59
littlebearz	tucemiux: log file	20:59
littlebearz	tucemiux: erm I mean from iptables	21:00
tucemiux	littlebearz: which one? there's a bunch of them o.O	21:00
remix_tj	tucemiux: logfile or iptables -L	21:00
remix_tj	littlebearz: you can set fail2ban to execute something other instead of banning with iptables	21:00
Pici	tucemiux: /var/log/fail2ban.log	21:01
tucemiux	i guess im going to have to learn iptables then	21:01
littlebearz	tucemiux: i usually use firestarter or somesort of GUI for it, it's too much typing	21:01
tucemiux	and im going to have to learn how to use SASL-tor if I want to use freenode on my server	21:01
tucemiux	Pici: you have a server that's alwyas logged on to freenode?	21:01
jcastro	kirkland: nice interview	21:02
kirkland	jcastro: thanks dude	21:02
jcastro	kirkland: is there a PPA for orchestra, or is it all oneiric-only?	21:02
Pici	tucemiux: Yes. My VPS (Linode) is always connected. I'm running irssi within screen.	21:02
kirkland	jcastro: ppa:orchestra/ppa	21:02
jcastro	ta	21:02
kirkland	jcastro: moving quickly, but if you get around to testing it, let us know	21:02
jcastro	you might want to put the PPA link on lp.net/orchestra	21:03
kirkland	jcastro: where are the UDS videos?	21:03
kirkland	jcastro: ta	21:03
tucemiux	WARNING [ssh] Ban 111.178.146.*	21:03
jcastro	kirkland: I'm looking for something to do this weekend	21:03
kirkland	jcastro: heh, cool	21:03
tucemiux	WARNING [ssh] Unban 111.178.146.*	21:03
jcastro	kirkland: http://www.youtube.com/user/ubuntudevelopers	21:03
tucemiux	jcastro: you can be my singer, im looking for a singer :-)	21:04
kirkland	jcastro: hmm, the interviews with the novacut guys and akgraner?	21:04
jcastro	they're in there	21:04
kirkland	jcastro: got 'em, thanks	21:04
littlebearz	anyone can test if http://xxw.ca/texting-for-free/ gives ssl warning?	21:10
lynxman	adam_g: pong :)	21:23
adam_g	lynxman: hi, i was just trying to find out if orchestra/mcollective plugins have any requirements in terms of class paramters for the classes it deploys	21:27
lynxman	adam_g: hmm they're not related at all, they can (by choice) get facts from facter, but that's it, nothing else	21:27
lynxman	adam_g: unless I don't get what you're talking about :)	21:27
RoAkSoAx	lynxman: ok. so here's the deal, when we import an ubuntu server iso for example, we need to do something similar to the preseed: http://paste.ubuntu.com/622033/ (between #mirror comments)	21:28
lynxman	RoAkSoAx: sounds like a good move :) very awesome stuff	21:29
* lynxman likes cobbler more each day		21:29
RoAkSoAx	lynxman: the IP in the hostname is the cobbler server IP, and the directory is where the archive is	21:29
RoAkSoAx	lynxman: so we need to adapt that for when we have a repo's synced	21:30
adam_g	lynxman: i was looking at orchestra-puppet-recipes/puppet/manifests/node.pp .. where are the $1, $2, etc. arguments coming from? i had assumed an mcollective agent?	21:30
RoAkSoAx	lynxman: or for when we import a full server iso	21:30
lynxman	adam_g: ah that's not related to mcollective, that's parameters from the role fact from facter	21:31
adam_g	lynxman: ah, i see. thanx	21:31
lynxman	RoAkSoAx: let's try to go that way and see how it ends up, I think it's quite good	21:31
MrBIOS	Daviey back at my desk now	21:33
MrBIOS	SpamapS I had a question about apache performance on ARM, seems like I may be hitting an SMP bug or something odd	21:34
RoAkSoAx	lynxman: yep, so yes we need to have a separate preseed for when we have a mirror, and one for when we have the full server iso, and one more for when we have repositories... though all will be handled via de snippets	21:34
lynxman	RoAkSoAx: sounds amazing, it's further than where we got, we just decided to go with the mini iso	21:35
jcastro	kirkland: all the mcollective-server- stuff appears uninstallable	21:35
lynxman	RoAkSoAx: I would like to keep that logical decision up to some point though	21:35
lynxman	jcastro: hey Jorge waves	21:36
lynxman	jcastro: it's in the Queue, waiting to be uploaded	21:36
jcastro	hi!	21:36
lynxman	jcastro: you're looking for mcollective-plugins-*	21:36
lynxman	jcastro: the only server is the provisioner :)	21:36
jcastro	ok	21:36
lynxman	jcastro: but yeah, waiting on the Oneiric queue still :)	21:36
jcastro	wow, he wasn't kidding when he said fast moving	21:37
lynxman	jcastro: we try to :)	21:37
SpamapS	MrBIOS: What sort of ARM are you running on?	21:41
kirkland	jcastro: i know; blocking on jdstrand's review of the new queue :-/	21:54
* jdstrand not the only archive admin which could review it		21:54
jdstrand	I've made a note to look at it, but I won't get to it today (patch piloting)	21:55
g-hennux	hi!	22:00
g-hennux	i'm on ubuntu 10.04 lts and i wonder why installing the solr-jetty package pulls that many dependencies, in particular some X packages, e.g. x11-common xfonts-encodings xfonts-utils	22:02
g-hennux	i'm actually not willing to install X libraries on my database machine; any suggestions from you?	22:03
g-hennux	ok, so solr-common depends on java6-runtime-headless (note: headless) and libcommons-csv-java, among others. now libcommons-csv-java depends on openjdk-6-jre or java2-runtime (note: no headless)	22:09
g-hennux	and this in turn pulls libgtk, libcairo, libxinerama, ...	22:10
g-hennux	now: does anyone use libxinerama on his solr server? ;-)	22:10
zaclnxnewb	how do I purge all of the configuration and settings that a program has over my server?	22:27
zaclnxnewb	I want to reinstall samba, but the settings from the previous installation remain	22:27
=== medberry is now known as med_out
zaclnxnewb	??	22:31
g-hennux	something like dpkg --purge or so	22:31
zaclnxnewb	I tried that	22:31
zaclnxnewb	sudo apt-get purge samba	22:31
g-hennux	no, that will fail if samba is not installed ;)	22:31
zaclnxnewb	tried it to begin with	22:32
g-hennux	ah ok, then apt-get --purge remove	22:32
g-hennux	or apt-get --purge --reinstall install samba	22:32
zaclnxnewb	I'll try them, thank you	22:34
zaclnxnewb	finally logged back into the server	22:42
bencc	do I need to reboot after changing /etc/security/limits.confg and /etc/pam.d/su ?	22:42
bencc	I'm raising the file descriptors limit for a server	22:42
zaclnxnewb	samba was also providing the "computer name" to the router, which was being used to route ip and similar	22:42
zaclnxnewb	made it much harder, very suddenly to log back into ZACSERVER lol	22:43
bencc	not sure if it's enough to restart a service to use the new fd limit: /etc/init.d/nginx restart	22:43
zaclnxnewb	g-hennux: unfortunately, no that didn't work	22:44
zaclnxnewb	g-hennux: all configurations remain	22:45
g-hennux	did you reinstall or remove?	22:45
zaclnxnewb	reinstall	22:45
g-hennux	and it's really the old configuration you're seeing, not the newly installed one?	22:46
zaclnxnewb	g-hennux: my same note #ZAC to denote changes I made to the defaults.	22:46
g-hennux	can you --purge remove and check what remains?	22:47
g-hennux	does the config maybe belong to a different package, like smb-common or so?	22:47
zaclnxnewb	g-hennux: I ah, I see	22:51
zaclnxnewb	for some reason smbd worked but not samba	22:51
zaclnxnewb	g-hennux: sudo apt-get purge smbd	22:52
g-hennux	isn't it apt-get --purge remove?	22:52
=== ng_ is now known as NG_
zaclnxnewb	I'm having one more problem	23:04
zaclnxnewb	permissions in samba	23:04
zaclnxnewb	I have a torrenting daemon that downloads various files	23:07
zaclnxnewb	and then I have the files available on the network via samba share	23:07
zaclnxnewb	problem is that files created by deluge (torrenting) aren't deletable by myself through samba	23:07
virusuy	zaclnxnewb:	23:12
virusuy	create mask = 777	23:13
virusuy	on smb.conf,	23:13
virusuy	where is defined your shared folder	23:13
virusuy	that means, apply 777 to any files or folder in shared folder	23:13
zaclnxnewb	virusuy: is create mask = 0777 alright?	23:14
virusuy	it's	23:18
virusuy	zaclnxnewb: worked ?	23:31
zaclnxnewb	one moment sorry, distracted by something important	23:31
zaclnxnewb	virusuy: the deluge torrentor is a daemon on the same server	23:39
virusuy	that doesn't matter	23:39
zaclnxnewb	it doesn't put files into the samba share through the samba daemon, thus the files aren't changed to 777?	23:40
zaclnxnewb	well, the folders all belong to owner "deluge"	23:40
zaclnxnewb	and I can't delete them	23:40
zaclnxnewb	from within samba	23:40
virusuy	no matter who puts those files in it.. samba will change permissions to 777	23:40
zaclnxnewb	virusuy: even if they aren't put there through samba?	23:41
virusuy	zaclnxnewb: yeap	23:41
zaclnxnewb	samba just shares the already made folder, I can see the daemon changing permissions as files are sent to it, but deluge basically puts files into the folder under it directly through the os	23:41
zaclnxnewb	alright	23:41
virusuy	oh, obviously deluge must have permissions on that folder	23:42
virusuy	IMO, if is a home share, just change folder's permission to 777	23:42
virusuy	and comment create mask line in smb.conf	23:43
zaclnxnewb	virusuy: How do I change the folder permissions?	23:44
zaclnxnewb	chmod?	23:44
virusuy	chmod -R 777 FOLDER	23:48
WMP	hello	23:55
WMP	i have compilled my own kernel and i havent file include/linux/autoconf.h	23:56
WMP	how to make this file?	23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!