[00:27] <RoAkSoAx> kirkland: ping?
[01:15] <geekbri> If you've got a wildcard entry in your Bind server but you want your domain without a host (say google.com instead of www.google.com) to have an entry that doesn't redirect to the same place as the wildcard, how would you go about doing that?
[02:37] <s0rserer> anyone know where i can find help with an ms exchange server?
[02:38] <twb> s0rserer: ##windows?
[02:38] <twb> Or your support vendor, of course
[02:39] <s0rserer> thanks ill give that a shot
[02:41] <jonesst1> evolution to exchange?
[03:13] <hackeron> hey, how do I go back to the previous grub behaviour? - from time to time grub detects a boot failure and shows the grub menu - I don't want this to ever happen as it involves driving 40 miles to plug in a keyboard and press enter :/
[03:22] <twb> hackeron: dunno; I use hpa's bootloader
[03:24] <hackeron> twb: what's that?
[03:25] <twb> isolinux
[03:25] <twb> The same bootloader you already use on CDs and USB keys, works on hard disks, too
[03:25] <hackeron> what are the advantages to grub?
[03:26] <twb> It's not a huge crufty monstrosity of unnecessary complexity
[03:26] <hackeron> does it support software raid?
[03:26] <twb> For example, it doesn't autodetect "modules" to compile into the MBR
[03:26] <hackeron> probably won't work with software raid then
[03:26] <twb> It supports linux md RAID 1.  Not sure about 5.
[03:26] <twb> I would not put /boot on RAID5 anyway
[03:26] <hackeron> hmm
[03:27] <twb> In fact the last straw for me with grub was that it *didn't* work properly with RAID1
[03:27] <hackeron> :/ - I use it with md raid on all my ubuntu server boxes
[03:27] <hackeron> some raid1 some raid5
[03:27] <twb> Some motherboards will detect hda is dead and "rename" hdb to hda, so grub's device.list breaks and you can't boot
[03:27] <hackeron> huh? - grub's device.list uses UUIDs
[03:28] <twb> And for me, it wasn't a 40 mile drive -- the machines were in mines in .za
[03:28] <twb> hackeron: maybe it uses UUIDs now, it didn't in 8.04
[03:28] <twb> Actually, those boxes would've been RHEL4
[03:28] <twb> Er, RHEL5
[03:28] <twb> In any case, syslinux doesn't have that problem, because it boots off the disk that's there, end of story.
[03:29] <hackeron> well, this is just ubuntu's latest "feature" - far as I can tell the problem is ubuntu no longer has a time out to press esc for the grub menu - instead if instantly boots and if it fails, it marks a failboot flag and shows the grub menu on next boot - not what you want on a server :/
[03:29] <Sakara> Has anyone had issues getting user_dir and apache working when homes are mounted from another server?
[03:29] <twb> hackeron: instead of a timeout, you have to hit Shift at exactly the time between when the BIOS hands control to grub, and grub hands control to the kernel
[03:29] <twb> hackeron: which IME is impossible on some fast systems :-/
[03:30] <hackeron> twb: well, that wouldn't be a problem if it didn't force the grub menu on boot failure
[03:30] <twb> syslinux also fixes that -- you can use Scroll Lock instead, which stays "stuck" down, so you can hit it while still in the BIOS
[03:30] <twb> Sakara: mounted how, NFSv3?
[03:30] <Sakara> twb: NFSv4
[03:30] <hackeron> twb: how do I "switch" to syslinux?
[03:30] <twb> Sakara: I haven't tried that, sorry
[03:31] <twb> http://paste.debian.net/119165/
[03:31] <twb> hackeron: those are some notes I made for two-disk RAID1 systems back in the hardy days
[03:31] <Sakara> twb: Hopefully someone else has done it
[03:32] <twb> hackeron: unfortunately Ubuntu isn't interested in making it an install-time option, though the Debian people are working on that I believe.
[03:32] <twb> Sakara: could your problem simply be root_squash?  Oh, are you using kerberized NFS?
[03:32] <Sakara> yes
[03:32] <Sakara> twb: that is what is happening
[03:33] <twb> Sakara: ah, OK, so does the apache process have the necessary krb tickets?
[03:33] <Sakara> I am unsure about how to authenticate and authorise the www-data user
[03:33] <twb> Sakara: yeah, that kind of headache is why I'm not using krb yet :-)
[03:33] <twb> Sakara: you might want to ask the #kerberos channel as well
[03:33] <Sakara> what other ways are there to centralise user accounts?
[03:34] <twb> I use LDAP
[03:34] <Sakara> ok LDAP only?
[03:34] <twb> And SSHFS for end users's network filesystems.
[03:35] <twb> NFS is there, but only on systems where I strictly control who has root, because obviously without krb, root on every system is fully trusted by the NFS server
[03:35] <Sakara> ok that does seem like a more appriopriate way to handle users too
[03:35] <owh> On a hardy server how do I implement SMTP rate control so that the number of outgoing messages to an smtp relay do not exceed 1000 per hour. I don't want to drop the excess messages on the floor or bounce them, I just want them to be queued and delivered in the next and subsequent hours. I'm using postfix to relay the mail.
[03:35] <Sakara> ahh ok yes tha twould be a problem
[03:35] <twb> Consider: even with root_squash, root can simply "su - twb -c 'cat /home/twb/.netrc'" or so
[03:36] <twb> owh: I don't know; you could also ask #postfix.  I would probably run "postconf" and look for likely-looking options, then look them up in the reference docs.
[03:36] <|rt|> I've always been under the impression that kerbose doesn't really centralize users...it just provides a secure authentication framework
[03:37] <twb> |rt|: it can do both
[03:38] <owh> twb, I've been doing that for hours now. #postfix suggest using policyd which appears to be postfix-policyd, but the documentation I can find is for v2.x, not the one that comes with hardy, v1.x
[03:40] <jmarsden> owh: postfix-policyd is 1.82-* in everything from hardy to oneiric ... are you sure you need 2.x of it?
[03:41] <owh> jmarsden: I'm happy to stay with 1.82-*, but the documentation on www.policyd.org is for v2.* -- I cannot find docs/howtos for 1.82-*
[03:41] <owh> Unless I missed something somewhere?
[03:44] <jmarsden> /usr/share/doc/postfix-policyd/README.gz
[03:46] <jmarsden> owh: The docs that come in the postfix-policyd package should be sufficient... I think?
[03:47] <owh> jmarsden: I've read that document several times - but I might have missed something - I'm needing to limit the number of messages to a relayhost, not by sender, not by recipient, not by domain, etc.
[03:48] <jmarsden> Can't you just do the 'netblock' example, and make the 'netblock' match string be '%' so it matches all netblocks?
[03:49] <jmarsden> I have not tried it, but it looks like it ought to work for you.
[03:51] <owh> jmarsden: That sounds interesting. I'm also trying to track down using transport_destination_rate_delay, which appears to work within postfix, but it's unclear how it's supposed to work, since `transport` needs to be changed to the name of your transport, which would be smtp, but I cannot find how my relayhost is linked to smtp.
[03:52] <owh> Hmm, unless this line in master.cf is the culprit:
[03:53] <owh> relay     unix  -       -       n       -       -       smtp
[03:56] <jmarsden> Worst case, set both smtp_destination_rate_delay and relay_destination_rate_delay and see which one works :)
[03:57] <owh> ROTFL
[03:57] <owh> Thank you, I needed that.
[03:58] <owh> Let me remove postfix-policyd and see if that keeps my email still working :)
[04:16] <Sakara> twb: Isssue with authorization and the www-data uid was resovled by creating an associated kerberos principal
[04:16] <twb> Sakara: nice
[04:16] <Sakara> ty for your input it really help crack that one
[04:16] <twb> Sakara: I thought it would be harder than just an addprin
[04:17] <Sakara> I'd overlooked adding it because its not a real uid I think about alot becuase its only really used on the one machine (the web server)
[04:17] <Sakara> cheers  again
[04:18] <twb> np
[04:29] <shadow42085> I am following the doc on mail server setup at https://help.ubuntu.com/community/PostfixBasicSetupHowto i can recieve mail but I can't send any ideas?
[04:58] <trimeta> My server is doing the thing where landscape has its information repeated twice, and the second copy refuses to update or go away no matter how out of date it gets.
[04:58] <trimeta> Which file did I need to delete to force it to refresh the information?
[05:03] <twb> trimeta: landscape as in canonical's proprietary puppet analogue?
[05:06] <jonesst1> anybody used kerberos/ldap cleints on ubuntu?
[05:06] <twb> !anyone
[05:07] <jonesst1> ok so where does kerberos failures get dumped?
[05:07] <jonesst1> messages?
[05:07] <jonesst1> cd /var/log/
[05:07] <jonesst1> oops
[05:07] <jonesst1> hehehe
[05:08] <jonesst1> ls -l
[05:08] <trimeta> twb: Landscape as in the thing that collects system information into /etc/motd.
[05:09] <trimeta> Is there another name for that?
[05:11] <twb> trimeta: er, no, it isn't
[05:11] <owh> jmarsden: FYI, I've added smtp_destination_rate_delay to main.cf and reloaded postfix and it appears to be working. What I don't know is what side-effects this might have, but at least I've gotten one step closer -- thanks!
[05:11] <twb> trimeta: try :>/etc/motd and then log in again
[05:11] <jmarsden> owh: You're welcome :)
[05:11] <twb> trimeta: that's how I fixed that specific symptom on my lucid boxes (which definitely DON'T have landscape)
[05:12] <trimeta> Does that command replace /etc/motd with an empty file?
[05:12] <twb> Yes
[05:12] <twb> Back it up first if you don't trust me
[05:13] <trimeta> Right now /etc/motd is a symlink to /var/run/motd, which (according to the manpages) is created by runpart'ing /etc/update-motd.d/
[05:13] <trimeta> I tried moving /var/run/motd to /var/run/motd.bad, but a new /var/run/motd was created identical to the first (with the same badness).
[05:13] <twb> Hum
[05:14] <twb> Sorry, brain fart
[05:14] <twb> I meant :>/etc/motd.tail
[05:16] <trimeta> OK, that fixed it. Why does the spurious tail file get created?
[05:19] <shadow42085> does anybody know how to fix this I am following the doc on mail server setup at https://help.ubuntu.com/community/PostfixBasicSetupHowto i can recieve mail but I can't send any ideas?
[08:16] <kickar> hey guys I have a database in cirilyc with encoding latin1. On my ubuntu machine it looks ok, but on my other ubuntu machine is all messed up. can anyone help me?
[08:47]  * negronjl is calling it a night
[09:53] <kickar> hey guys, can you help me change the default charset of mysql server
[11:15] <nigelb> Is it the update-motd package which updates the message saying X number of packages need updating and System needs reboot and all that?
[11:21] <twb> nigelb: try :>/etc/motd.tail
[11:22] <nigelb> twb: I found that file, but I'm trying to figure out what updates it
[11:24] <twb> I mean run the command ":>/etc/motd.tail" and the issue where you get two copies of motd will disappear
[11:25] <nigelb> twb: oh, ah!
[11:26] <nigelb> twb: hrm, I still have one file, but that's not up-to-date
[11:29] <twb> Damn
[11:29] <twb> That worked for me
[11:29] <twb> Try logging in again
[11:32] <dfgdfg> hi
[11:32] <dfgdfg> i belive that this is not the right channel but anyway i need helt with an easy htaccess question
[11:34] <xilentares> could somebody help me ? it hast to do with url rewriting
[11:34] <xilentares> or recommend me another channel ?
[11:35] <xampart> try #apache
[11:36] <xilentares> i dont know why but i cant join it ive already tried it
[12:11] <xilentares> come on guys nobody ?
[12:14] <soren> You will never find answers to questions you never ask.
[12:14] <xampart> true dat
[12:16] <xilentares> hmm okay.i have a gallery that generates a link like that index.php?id=gallery&album=test know i want that the output is /gallery/test for the user. the rest of the page is already seo optimized
[12:17] <xilentares> my idea was : RewriteRule ^/(a-zA-Z0-9)/(a-zA-Z0-9)$ /index.php?id=$1&album=$2 [L]
[12:17] <xilentares> but this dosnt worked :S
[12:17] <xilentares> is that because the url is generated internal ?
[12:18] <Siekacz1> hi all! I've got a strange problem with DHCP and DNS - DHCP server (ubuntu server) doesn't send DNS addresses to windows workstations
[12:19] <Siekacz1> there is option domain-name-servers line in dhcpd.conf, but no workstations received DNS IPs
[12:22] <Siekacz1> connection works
[12:23] <Siekacz1> problems with bind9?
[12:25] <soren> xilentares: Your regexes are wrong.
[12:26] <soren> xilentares: You'll only ever match this url: "/a-zA-Z0-9/a-zA-Z0-9"
[12:27] <mncl-core> Good Day!
[12:28] <soren> xilentares: You want something like: RewriteRule ^/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ /index.php?id=$1&album=$2 [L]
[12:34] <xilentares> hmm thanks soren but it dosnt work for me :( i will experiment a bit more with it^^
[12:35] <soren> xilentares: It works for me.
[12:35] <soren> I just tested it.
[12:35] <xilentares> The requested URL /gallery/test/ was not found on this server.
[12:37] <xilentares> if i visit localhost/gallery/test it opens internal localhost/index.php?id=gallery?album=test ,right ?
[12:42] <xilentares> soren : thanks got in know :)
[12:43] <seicherlbob> hi! I'm running a server with ubuntu Lucid (server edition). On this server, there is a VM i use for testing and development. Now i wanted to simulate a loss of network connection for a program, i am developing and I closed the tap device of the guest VM on the host server (ifdown tap02). Now i can not bring it up again. ifup tap02 tells me "TUNSETIFF: Device or resource busy". Any suggestions?
[12:45] <seicherlbob> i think there was a tcp connection open when i teared down the interface. maybe that tcp connection keeps the device busy, although its said to be down. Is there a way to flush and close this connection manually? Rebooting is not an option.
[13:00] <seicherlbob> ok. got it: you can not bring up the connection, when the VM behind it is up. The VM needs to be down/stopped - then you can bring up the connection again.
[13:02] <sommer> good morning internets
[13:52] <cocoa117> if ubuntu domU can't see the newly assigned memory (e.g. free -m), what's the point having the ability to do it in dom0?
[13:52] <cocoa117> i am using Ubuntu 10.04, and the ballon=y in the kernel
[13:52] <cocoa117> even after i assigned more RAM to domU ubuntu, the free -m can't see it, so i am using it won't use it
[14:27] <zul> Daviey: http://people.canonical.com/~chucks/gpxe-cobbler.patch
[14:31] <hallyn> cmagina: after pushing multipath-tools to oneiric last night, it occurred to methat the 'add|change' rule in kpartx.udev is idiotic - it just modprobes dm-multipath.  Which doesn't exist.
[14:31] <hallyn> think i'll open a bug to remove all dm-multipath references, which should amount to changes to 3 files
[14:34] <cmagina> hallyn: sounds like a good idea.  i haven't looked at all those bits, but if you want another set of eyes on any of this, just toss it my way
[14:34] <hallyn> cmagina: cool, thanks.  more eyes++
[14:35] <tyreza> hello there
[14:35] <tyreza> how to perform a complete hardware check on a server ?
[14:38] <patdk-wk> flashlight and paper pad?
[14:39] <tyreza> ?
[14:41] <Pici> tyreza: What exactly were you hoping to accomplish?
[14:42] <tyreza> i simply want to make a complete hardware check
[14:43] <Pici> I don't know what that means.
[14:43] <Pici> What are you checking?
[14:45] <tyreza> my system reboot automatically
[14:45] <tyreza> when i m working on it
[14:45] <tyreza> so i need to make a complete check
[14:46] <tyreza> so my question how ?
[15:07] <tyreza> ? anyone there
[15:08] <tyreza> i can't see the difficulty on my question ?
[15:08] <guillemhs> hi!
[15:08] <guillemhs> it is easier to speak directly to a person
[15:11] <greppy> guillemhs: just ask your question, if someone knows, they'll respond.
[15:16] <kaushal> Hi
[15:16] <pmatulis> hi
[15:17] <kaushal> pmatulis: Any idea about the availability of JAVA6 U26 ?
[15:17] <kaushal> on Ubuntu Server 10.04 LTS
[15:17] <pmatulis> kaushal: i'm sorry, i don't know what JAVA6 U26 is
[15:18] <kaushal> ok
[15:19] <hallyn> cmagina: nm, i guess we should support custom kernels :)  leaving that alone
[15:21] <cmagina> hallyn: ah, yeah, didn't think about that
[15:21] <cmagina> hallyn: good catch
[15:43] <cthompson> hello, how can I show what partition / is on? it doesn't show up in df or fstab.
[15:50] <genii-around> cthompson: mount       ?
[15:55] <cthompson> well, it looks like I had to edit fstab to allow the kernel to mount / on a raid partition /dev/md0, after that: df: /dev/md0 on /   (all good)
[15:56] <cthompson> thanks though
[15:59]  * genii-around sips his coffee and ponders if cthompson has raid modules in his initrd
[16:53] <Daviey> ho.
[16:59] <RoAkSoAx> Daviey: hu
[16:59] <Daviey> RoAkSoAx: o/
[16:59] <RoAkSoAx> Daviey: o/ how's it going today man?
[17:02] <Daviey> RoAkSoAx: not so good.. primary laptop power cable busted.
[17:02] <Daviey> Yourself sir?
[17:12] <lynxman> Daviey: darn :/
[17:13] <TREllis> doo-do-be-do
[17:13] <TREllis> afternoon
[17:13] <lynxman> TREllis, RoAkSoAx, zul, negronjl
[17:13] <lynxman> talk is about squid-deb-proxy + cobbler on orchestra
[17:13] <lynxman> orchestra has some cobbler snippets and a mini.iso importer for new distros
[17:13] <lynxman> RoAkSoAx: you were saying? :)
[17:13] <lynxman> zul: you pointed it needed to work with debian and d-i instead of kickstart, right?
[17:13] <lynxman> hey Daviey o/
[17:15] <zul> right because thats what we use
[17:15] <TREllis> cobbler uses debmirror to do repository mirroring, at the moment we use deb-squid-proxy as a cache instead
[17:16] <RoAkSoAx> TREllis: debmirror works now
[17:16]  * zul lunches
[17:16] <RoAkSoAx> TREllis: the only thing, is you want to install anything using that local mirror
[17:16] <lynxman> zul: bon appetit!
[17:16] <RoAkSoAx> s/is/if
[17:16] <RoAkSoAx> you need to tell the preseed that the mirror is there
[17:16] <TREllis> RoAkSoAx: yeah you'd need to tweak the preseed
[17:16] <RoAkSoAx> TREllis: yeah, so using snippets we can do that automatically, but we need to find a way of doing so :)
[17:17] <RoAkSoAx> TREllis: that's why I was saying, whenever there's a local mirror for a profile, use that snippet/preseed/wathever
[17:17] <TREllis> RoAkSoAx: so basically, we need a snippet that checks if a mirror is present and uses it if it is, otherwise use the proxy
[17:17] <RoAkSoAx> TREllis: if there's not, and we now that we are using squid-deb-proxy, use the preseed for that purpose
[17:17] <RoAkSoAx> TREllis: correct
[17:17] <TREllis> my working with cheetah is quite limited, you can probably do it though
[17:17] <lynxman> RoAkSoAx: you want to take that as an action item?
[17:18] <lullabud> got a weird problem with ubuntu 11 and vmware fusion. after upgrading to 11, my terminal does not work at all.  i can still ssh in, but the local terminal is just blank.
[17:18] <lullabud> no X.  the VM has been upgraded through a few versions of ubuntu.
[17:18] <lullabud> oh, wait, there's simply a blinking cursor up in the top left now.  sometimes it's there, sometimes it's not.
[17:19] <lynxman> RoAkSoAx: where are we keeping track of the actions items for this btw :>
[17:19] <lullabud> ok, now i see that it's simply defaulting to tty7, which is blank.
[17:21] <RoAkSoAx> lynxman: sure, I'm currently finishing the repository thing when adding an ubuntu mini.iso.... and checking the debmirror stuff is working well
[17:21] <lynxman> RoAkSoAx: excellent :)
[17:21] <RoAkSoAx> then I'll document the preseed changes needed to use the local mirror
[17:21] <RoAkSoAx> lynxman: and we can get the snippets after that
[17:21] <TREllis> sounds good
[17:22] <lynxman> RoAkSoAx: sounds good, you're the best... arooound
[17:22] <lynxman> RoAkSoAx: sorry, grew up in the 80ies
[17:22] <RoAkSoAx> other than that, mini.iso import detection should be done automatically this cycle, as cjwatson agreed on providing us with something to allow detection
[17:22] <RoAkSoAx> so we can drop having to manually specify breed, os version, etc
[17:23] <lynxman> RoAkSoAx: that would mean submitting a patch for cobbler, the way it's detected now is through the directory structure
[17:23] <lynxman> RoAkSoAx: it's easy to patch, I can do that even :)
[17:23] <RoAkSoAx> lynxman: yeah I'll take care of that too
[17:23] <lynxman> RoAkSoAx: rocking
[17:23] <RoAkSoAx> lynxman: the idea is to submit to upstream most of the stuff we do here
[17:23] <RoAkSoAx> off course, not the orchestra part but cobbler itself
[17:23] <lynxman> RoAkSoAx: that's always the idea :)
[17:24] <RoAkSoAx> lynxman: what else is worrying you?
[17:24] <RoAkSoAx> :)
[17:25] <lynxman> RoAkSoAx: we decided at UDS that we would use a bit more the cobbler API in order to store somewhere hardware profiles for the hardware in the orchestra server network
[17:26] <SpamapS> lynxman: +1 .. have you guys had a chance to see if thats even feasible ?
[17:26] <lynxman> RoAkSoAx: would like to get your initial ideas about how to attack that, I know this is a long term project thinking, but wanted to know your ideas
[17:26] <RoAkSoAx> lynxman: i believe that would be using the "System" concept in cobbler
[17:26] <lynxman> SpamapS: not yet, we're knee deep into making all the parts work well for our demo at Structure in 2 weeks :)
[17:26] <SpamapS> indeed
[17:27] <RoAkSoAx> lynxman: have you guys looked into the "Systems"
[17:27] <lynxman> RoAkSoAx: not yet, that's why I wanted your initial ideas, so I know where to look in ;)
[17:28] <RoAkSoAx> lynxman: http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.3/html/Reference_Guide/s1-cobbler-addsystem.html
[17:28] <RoAkSoAx> provides a brief, understandable introduction to it :)
[17:28] <lynxman> RoAkSoAx: thanks :)
[17:28] <lynxman> *bookmarks it*
[17:28] <TREllis> lynxman: system profiles in general are cool, as long as you have the mac address of a system, you can assign a kickstart/preseed for it to use
[17:29] <RoAkSoAx> TREllis: you cannot use cobbler deploy though to deploy a machine AFAIK
[17:29] <Daviey> hey lynxman o/
[17:29] <lynxman> TREllis: the idea was to have a specialized mini boot image that would just boot up, compile system information and report back then shut down
[17:29] <TREllis> RoAkSoAx: yeah, uses the fence tools right?
[17:29] <TREllis> lynxman: that's a neat idea, I've seen a similar thing used in a bank before
[17:29] <RoAkSoAx> oh btw.. fence-agents have been already uploaded and are in the NEW queue
[17:29] <RoAkSoAx> so we should see them next week
[17:29] <lynxman> then once we got the info we can just install the basic image and from there take a logical decision towards what kind of application can be fit in the hardware
[17:29] <RoAkSoAx> TREllis: yes and no... the "deploy" feature has been disabled upstream
[17:30] <RoAkSoAx> TREllis: "This feature was removed from Cobbler 2.0 and may be present in a future release. It is not yet implemented in the code as I wanted to revisit and rewrite much of the core implementation -- Michael"
[17:30] <TREllis> lynxman: is there going to be somewhere to store that data in orchestra then?
[17:30] <RoAkSoAx> in https://fedorahosted.org/cobbler/wiki/DeployFeature
[17:30] <TREllis> RoAkSoAx: fair enough
[17:30] <lynxman> TREllis: that's another different dimension :)
[17:30] <lynxman> TREllis: I reckon we'll store it in mysql or such, but at some point we want that to evolve into the metadata service
[17:31] <Daviey> lynxman: if the debmirror local mirror is presented over http... squid-deb=proxy could use that as it's upstream mirror.  Perhaps wasteful.. but easier to implement, and the autodiscovery magic would still work.
[17:31] <TREllis> RoAkSoAx: and since that was michael, we can assume it's been disabled for a while then and hasn't been looked at
[17:31] <RoAkSoAx> TREllis: indeed!
[17:31] <lynxman> Daviey: very good point!
[17:31] <TREllis> Daviey: duplicate data though?
[17:31] <RoAkSoAx> Daviey lynxman yeah but that would be using snippets to tweak it anyway
[17:31] <TREllis> Daviey: ie you need twice the storage, once for the mirror once for the cache
[17:32] <Daviey> lynxman: I have a python script for adding new hardware to cobbler btw
[17:32] <Daviey> i need to add facter output to it.
[17:32] <lynxman> Daviey: oooh, can we see it somewhere?
[17:32] <RoAkSoAx> TREllis: yeah
[17:32] <RoAkSoAx> Daviey: if we have a local mirror, then ew don't really need squid-deb-proxy
[17:33] <TREllis> RoAkSoAx: well, unless you are doing deployments over long distance links, mirror in one DC, cache in the other
[17:33] <lynxman> RoAkSoAx: what we like about squid-deb-proxy is proxy auto discovery
[17:33] <RoAkSoAx> lynxman: yeah
[17:33] <Daviey> lynxman: it's only simple atm, i was using it to experiement with the RPC api.  Seems to work well.  It's for the auto discovery WI
[17:33] <RoAkSoAx> TREllis: yeah but AFAIK, for that reason you;d have a second cobbler server/mirror
[17:34] <RoAkSoAx> TREllis: that's the whole point of having a local mirror :)
[17:34] <RoAkSoAx> not use long distance links :)
[17:34] <TREllis> RoAkSoAx: you'd only get the hit on the cache once :)
[17:34] <TREllis> I know plenty of people who do that
[17:34] <Daviey> TREllis: in that example, the squid-deb-proxy cache size could be tweaked to be very minimal.. perhaps 0.  However, TBH, for a base install - we are not talking about that much TBH.
[17:35] <TREllis> Daviey: yeah, very true
[17:35] <lynxman> calling mvo into this, maybe he has some good ideas
[17:35] <Daviey> I think we should have a call about this soon..
[17:35] <Daviey> ideally this week.
[17:35] <Daviey> who wants to be on it?
[17:36] <RoAkSoAx> TREllis: right, but in that case we have a server for solely be a mirror cache
[17:36] <lynxman> Daviey: me :)
[17:36] <TREllis> RoAkSoAx: true. I like the idea of the snippet determining if you have a mirror or cache setup
[17:37] <RoAkSoAx> TREllis: yeah
[17:37] <lynxman> TREllis: indeed, it should be smart enough
[17:38] <lynxman> now my main concern is the cobbler mirroring + squid-deb-proxy integration
[17:38] <lynxman> or if we should just scratch squid-deb-proxy from orchestra and go straight for cobbler mirroring
[17:38] <SpamapS> If cobbler is a local mirror, why do you need s-d-p ?
[17:38] <TREllis> Daviey: would love to listen in, but heading to the IoW festival :-)
[17:38] <SpamapS> s-d-p is for when you don't want a local mirror
[17:38] <lynxman> SpamapS: exactly what I was asking :)
[17:39] <lynxman> TREllis: that's what you cool kids call it now? :D
[17:39] <Daviey> TREllis: slack.
[17:40] <lynxman> Daviey: he totally is
[17:40] <TREllis>  /part
[17:40] <TREllis> :-)
[17:40] <lynxman> TREllis: you had one space in front of that part
[17:40] <Daviey>  /kick TREllis too slack for here.
[17:40] <TREllis> SpamapS: agreed, guess that leaves it up to the snippet then: if debmirror is installed, point to it; else use s-d-p
[17:41] <lynxman> TREllis: yeah but s-d-p is installed by default on the client side, how we can take a smartz decision like that from the package?
[17:41] <TREllis> Daviey: it's a hard live, but someone has to do it
[17:41] <Daviey> I'd like to hear mvo's view.. but i'd like to experiement with have s-d-p as the primary interface.. With either a local mirror (debproxy) or primary external mirror providing it.
[17:41] <Daviey> TREllis: indeed.
[17:42] <TREllis> s/debproxy/debmirror ?
[17:42] <TREllis> since that's what cobbler uses by default
[17:42] <lynxman> Daviey: messaged mvo, I think it's doable...
[17:42] <Daviey> lynxman: can you ask him to join here, so we can all jump on him?
[17:42] <Daviey> :)
[17:42] <RoAkSoAx> Daviey: right, but using s-d-p when we have a local mirror doesn't really make sense
[17:42] <lynxman> Daviey: I did that 10 mins ago, I guess he's afraid... or having dinner. I'll go with afraid
[17:43] <TREllis> are we pulling in debmirror 2.7 to oneiric? has a kickass feature --debmarshal
[17:43] <RoAkSoAx> cause you'd be cashing, what we already have "cached" locally
[17:43] <SpamapS> Why would I want to go  ->squid->debmirror ?
[17:43] <Daviey> RoAkSoAx: no.. it doesn't make lots of sense.. but if it's our primary interface it should be investigated IMO.
[17:44] <lynxman> SpamapS: it's just that we install s-d-p-client as default on the orchestra client, we were seeing a smart way to be able to use either debmirror or s-d-p as required
[17:44] <Daviey> TREllis: don't complicate things with asking for debmarshal support :)
[17:44] <lynxman> Daviey: we want debmarshal support *hides*
[17:44] <negronjl> I agree with the keeping it simple part.
[17:44] <lynxman> negronjl: +1
[17:44] <TREllis> Daviey: hehe, <3 debmarshal
[17:45] <Daviey> Grr.
[17:45] <TREllis> Daviey: although I moved my local mirror to reprepro anyway
[17:45] <zul> lynxman: about the hardware profiles cobbler has couchdb support but its not secure at all ust yet
[17:45] <Daviey> TREllis: sane here :)
[17:45] <Daviey> Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhh!
[17:45] <lynxman> zul: maybe it would just be easier to have a mysql plugin? it's extra easy
[17:45] <lynxman> TREllis: stop scaring Daviey please
[17:45] <zul> lynxman: ergh...
[17:46] <Daviey> couchdb keeps me awake at night.
[17:46] <SpamapS> Since cobbler is going to seed the thing.. s-d-p client is actually, IMO, kind of unnecessary.
[17:46] <lynxman> zul: I know you like it, but couchdb... bleh
[17:46] <negronjl> zul, lynxman:  mysql +1
[17:46] <zul> lynxman: sqlite database would be easier
[17:46] <Daviey> i swear there is a couchdb hiding under my bed.
[17:46] <SpamapS> The advantage of s-d-p is just that its specifically only allowing proxying of ubuntu.
[17:46] <lynxman> zul: don't get me started on sqlite
[17:46] <RoAkSoAx> Daviey: but that's the thing, whenever someone doesn't want to have the local mirror in full... there's no need to do so and we can use s-d-p for that
[17:46] <lynxman> SpamapS: exactly
[17:46] <negronjl> adding couchdb would add more complexity plus pretty much everyone already knows mysql
[17:46] <RoAkSoAx> Daviey: but if someone *wants* to have their own local mirror
[17:46] <lynxman> zul: just trying to think 2 steps forward towards the metadata service
[17:46] <RoAkSoAx> Daviey: then they should be able to without having the hasle of installing s-d-p client
[17:47] <SpamapS> And why again aren't we just using the data storage capabilities built into cobbler?
[17:47] <zul> thats what i said
[17:47] <Daviey> RoAkSoAx: it's installed by default via the client package.
[17:48] <Daviey> SpamapS: have you used that?
[17:48] <negronjl> What is the *main* reason for having s-d-p/debmirror in orchestra ?
[17:48] <lynxman> negronjl: not having n-hundred machines pulling packages
[17:48] <RoAkSoAx> Daviey: I know :) but still if someone wants to sync the whole mirror for one release, they should be able to do so
[17:48] <lynxman> negronjl: so reduce bandwidth consumption drastically
[17:48] <negronjl> ok....so, find the simplest way to accomplish *that*
[17:48] <RoAkSoAx> Daviey: but if they do so and use it, s-d-p client has no point
[17:48] <negronjl> it seems that the conversation is going in multiple directions at the same time :/
[17:48] <lynxman> negronjl: *g*
[17:49] <Daviey> RoAkSoAx: ack, i'm not disagreeing with that
[17:49] <SpamapS> Daviey: IIRC, it is just json files on disk. But the point is that its already got a database of machines that I am provisioning. To have two databases of machines I'm provisioning, instead of enhancing the first.. seems a bit failure prone.
[17:49] <lynxman> negronjl: it is
[17:49] <RoAkSoAx> Daviey: yeah that';s why we should keep both as options and make sure they both work well :)
[17:49] <Daviey> SpamapS: hmm. i'm not sure i follow.
[17:49] <SpamapS> I agree with negronjl
[17:49] <lynxman> SpamapS: Daviey: So how about we see the different approach scenarios for the hardware database and we all decide which one is the one we should proceed forward with?
[17:49] <SpamapS> two conversations are intermingled
[17:49] <SpamapS> a) proxying/mirroring
[17:50] <SpamapS> b) metadata
[17:50] <SpamapS> lets just wrap up the a) before talking about b
[17:50] <zul> c) hardware database and then c
[17:51] <SpamapS> zul: thats the same thing as metadata
[17:51] <Daviey> Okay.. I am proposing that we investigate always using squid-deb=proxy.  The parent mirror can either be a local archive, or a public shared one.
[17:51] <Daviey> Yes, there is potentially a wasteful extra layer in the stack.
[17:51] <Daviey> However it should make things simplier to construct.
[17:52] <lynxman> Daviey: could this be useful you think in order to let the user decide if they want s-d-p or a full mirror?
[17:52] <Daviey> lynxman: Well i am proposing that we always using s-d-p, regardless of what feeds it.
[17:52] <SpamapS> I can see an advantage where the clients will pull updates from any s-d-p on the network going forward too.
[17:53] <SpamapS> And we're basically just talking about the *default* seed .. it will be highly configurable.
[17:53] <Daviey> Chaps.. i need to stop for food right now.  I'll catch up on scrollback on my return.
[17:53] <lynxman> SpamapS: I do agree that keeping s-d-p in the loop is a good idea, I like s-d-p and mvo has done some amazing work
[17:53] <RoAkSoAx> Daviey: right, but if we do so.. we end up having a local mirror + local cache = double storage usage
[17:54] <RoAkSoAx> Daviey: one of the reasons debmirror was not specifically used as the *only* solution is because it consumes much more storage space than using s-d-p
[17:54] <lynxman> RoAkSoAx: I'm pretty sure mvo knows a way where s-d-p will just read the local mirror if needed
[17:54] <SpamapS> its squid
[17:54] <SpamapS> land of 1000 config options
[17:54] <lynxman> RoAkSoAx: so we can just use a debconf to say "use local mirror" or "use cache"
[17:55] <lynxman> SpamapS: exactly, it can do whatever we want :)
[17:55] <tucemiux> hey anyone here use apcupsd ?
[17:55] <RoAkSoAx> lynxman: yeah
[17:55] <SpamapS> So, disable caching of the local mirror on disk (still put it in RAM, should speed things up)..
[17:56] <SpamapS> that should be pretty easy.
[17:56] <lynxman> SpamapS: yeah, I think that's easily doable through debconf, we've started to introduce debconf hooks to s-d-p
[17:56] <lynxman> tucemiux: ask your question and see if someone can answer, fishing will just take longer :)
[17:57] <negronjl> should we just have a separate orchestra-caching server where all of these config questions can be asked?
[17:57] <lynxman> negronjl: that's part of the provisioning server
[17:57] <lynxman> negronjl: I would rather not make a caching server tbh, makes no sense to make it in a different machine than the provisioner
[17:57] <negronjl> lynxman:  it is now, but with n-hundred servers pulling off of it, it could become overwhelmed
[17:57] <lynxman> negronjl: you think so? hmm
[17:58] <negronjl> lynxman:  it could yes
[17:58] <lynxman> negronjl: I'd rather jump that hurdle when we get to it
[17:58] <TREllis> negronjl: possibily, of course those systems would only be pulling at the same time for updates, not building (unless you enjoy building 100 servers at once o_O)
[17:59] <lynxman> negronjl: since if we start observing that scenarios now, we can say the same for the monitoring, for the logging, etc
[17:59] <SpamapS> squid can take thousands of concurrent requests
[17:59] <lynxman> SpamapS: that is also true
[17:59] <SpamapS> I'd suspect cobbler would have a harder time serving up the pre-seeds before a single squid instance would have any trouble
[18:00] <SpamapS> at the point where you need to install more than say, 500 machines at once, you can figure out the load balancing yourself
[18:00] <SpamapS> orchestra is "make it easy to install ubuntu server" not "make it easy to build skynet"
[18:00] <SpamapS> thats ensemble ;)
[18:00] <lynxman> SpamapS: it's even on the roadmap
[18:01] <TREllis> lol
[18:01]  * TREllis --> food
[18:02] <lynxman> SpamapS: in all fairness, skynet is also on the orchestra roadmap for the P cycle
[18:02] <lynxman> :)
[18:02]  * SpamapS orders another pallet of canned food for his bunker
[18:02] <SpamapS> noted
[18:02] <lynxman> rofl
[18:03] <negronjl> SpamapS, lynxman:  we can then have both Skynet bots battle it out like the old computer chess programs used to do.
[18:03] <lynxman> negronjl: I see it more as "two skynets going to Jeopardy" scenario
[18:03] <SpamapS> Hah yeah, Orchestra's hardware vs. Ensemble's endless scalability
[18:03] <lynxman> "I'll take doomsday scenarios caused by computers for $200 Alex"
[18:03] <tucemiux> i'm wondering if it's safe to install apcupsd and configure it remotely with the UPS connected ?
[18:04] <SpamapS> hopefully world domination isn't I/O bound or ensemble is *SCREWED*
[18:04] <lynxman> tucemiux: you need to be very very careful of course, but you can try :)
[18:04] <lynxman> tucemiux: I would personally not do it unless you have someone at the other side
[18:05] <shauno> ditto.  I've not had a problem with it, but wouldn't want to tempt fate
[18:05] <tucemiux> lynxman: i dont have anyone in the other side, I guess I'll wait until i'm next to the server then :-(
[18:05] <lynxman> shauno: my experience with it is very good as well
[18:06] <lynxman> tucemiux: would be the careful thing to do, specially if your job/money/girlfriend/dog depends on the server running
[18:07] <tucemiux> lynxman: its my own server where I keep my hilton videos, I'm just worried I'll burn the house down or something
[18:07] <lynxman> tucemiux: worst case scenario the APC will shot down the server, no burning house down scenario
[18:07] <lynxman> s/shot/shut/
[18:08] <lynxman> Daviey: so let's schedule a call for next week? TREllis, SpamapS, negronjl, RoAkSoAx, zul okay with it?
[18:08] <zul> yep
[18:08] <tucemiux> lynxman: ahhh in that case I can go ahead and do it, if the server shut down my irssi connection goes down, no biggie, no trades or email messages will be lost o.O
[18:08] <Daviey> Chaps... i was just thinking.  If the avahi support is added to debmirror, -provisioning-server could Recommend: squid-deb-proxy <pipe> debmirror-avahi
[18:08] <Daviey> (forgive the <pipe>, not sre where it is on this whizzy keyboard)
[18:08] <tucemiux> I'm ok with it !
[18:09] <lynxman> Daviey: | <-- cut and paste
[18:09] <Daviey> lol
[18:09] <lynxman> tucemiux: have fun then :)
[18:09] <tucemiux> lynxman: thanks! let me get to it, have you ever configured an apcupsd ?
[18:11] <lynxman> tucemiux: yes, but it was with a very very very old APC, one of those that had a lever and a horse running in circles around it
[18:11] <lynxman> Daviey: I think that would be a very cool and scalable solution
[18:12] <tucemiux> lynxman: well too bad I didnt have the pleasure to have a lever on mines :-(
[18:12] <Daviey> lynxman: make it so :)
[18:12] <RoAkSoAx> zul: how does hits looks to you: http://paste.ubuntu.com/621892/ basically, if the host is a debian/ubuntu it should obtain the mirror from python-apt and create the repo pointing to that mirror when importin mini.iso
[18:12] <lynxman> tucemiux: the problem wasn't the lever, it was the horse
[18:13] <zul> checking
[18:14] <zul> RoAkSoAx: looks good
[18:15] <RoAkSoAx> zul: cool. It's ubuntu specific for now, but once I get the change to install debian I'll test it as well so that we cna forward that upstream
[18:15] <zul> cool beans
[18:16] <Daviey> RoAkSoAx: Why not just check the python-apt stuff before assuming the dist is ubuntu?
[18:18] <RoAkSoAx> Daviey: technically it should work with bot debian/ubuntu, but I need to test it in debian first before I assume that it works with it as well
[18:19] <tdelam> I've been hacked, I fixed some of the issues but I still see a lot of outgoing network traffic from various Ukraine IP's using nethogs. How can I dig even deeper to see what this traffic is and where it is coming from on my server?
[18:26] <RoAkSoAx> Daviey: note that this only happens to set the same archive that the host uses foreach repo created when importin a mini.iso
[18:35] <tucemiux> lynxman: hey, I just configured my apcupsd, do I have to reboot or something ?
[18:36] <lynxman> tucemiux: if the service is running, it's all done and sweet
[18:37] <tucemiux> lynxman: how do I check to see if the server is running? lsmod?
[18:38] <lynxman> tucemiux: service apcupsd status i guess
[18:38] <lynxman> tucemiux: check the logs as well
[18:38] <tucemiux> lynxman: Error contacting apcupsd @ localhost:3551: Connection refused
[18:38] <lynxman> tucemiux: then it's not running, check logs and see why
[18:38] <lynxman> tucemiux: rinse, repeat
[18:38] <RoAkSoAx> lynxman: do you have a cobbler server running atm?
[18:39] <lynxman> RoAkSoAx: I think negronjl does
[18:39] <lynxman> RoAkSoAx: but not on my side
[18:39] <lynxman> RoAkSoAx: although if you want one, apt-add-repository ppa:orchestra/ppa then install ubuntu-orchestra-server
[18:39] <RoAkSoAx> lynxman: i do have one already :)
[18:39] <RoAkSoAx> lynxman: just wanted to check something but no worries :)
[18:39] <lynxman> RoAkSoAx: you hogger :P
[18:41] <RoAkSoAx> zul: when you hvae the time, could you try importing a debian ISO? I think it's not adding a distro/profile when doing so
[18:41] <tucemiux> lynxman: how do I add acpdusbd to my /etc/hosts.allow ??
[18:43] <tucemiux> lynxman: sudo service apcupsd start
[18:43] <tucemiux> service apcupsd status
[18:43]  * RoAkSoAx lunches
[18:44]  * Daviey ponders what RoAkSoAx is having.
[18:45] <tucemiux> how do I check what services are scheduled to be runned automatically ?
[18:45] <SpamapS> tucemiux: if its installed, it will be started
[18:46] <SpamapS> tucemiux: unless you manually disabled it
[18:46] <tucemiux> SpamapS:  well I just installed apcupsd and I'm trying to figure out if it's scheduled to run at boot up time,I had to manually start it
[18:47] <RoyK> SpamapS: the ones using upstart, I don't know, perhaps service --status-all - the ones not using upstart will be listed under /etc/rc2.d
[18:48] <RoyK> tucemiux: wrong answer - the ones running aren't necessarily the ones scheduled for start - in case something goes wrong and a service fails to start
[18:49] <SpamapS> tucemiux: sometimes a service needs to be configured/enabled .. but usually they should just start
[18:49]  * SpamapS hates that we have two init systems. :-P
[18:49] <tucemiux> RoyK: yeah, i figured that much, if I manually start a service it doesnt mean it will automatically start at boot up, how do I check if a service is scheduled to start at boot up?
[18:50]  * SpamapS is trying to type a succinct answer and there isn't one. :-P
[18:50] <SpamapS> tucemiux: if there's a /etc/init/apcupsd.conf , look in there for any reasons it might not have started. Otherwise /etc/init.d/apcupsd
[18:50] <SpamapS> tucemiux: you may have a file, /etc/default/apcupsd that you have to edit to enable it at boot time.
[18:51] <SpamapS> tucemiux: this info *should* be documented in /usr/share/doc/apcupsd/README.Debian
[18:51] <tucemiux> SpamapS: so basically, services that run at boot up are configured in "/etc/default/[]"
[18:52] <SpamapS> tucemiux: its not that simple
[18:52] <SpamapS> tucemiux: SOME services are disabled because they require you to configure them before starting automatically.
[18:54] <tucemiux> SpamapS: so that's why ISCONFIGURED needs to say yes, is that how a service is enabled/disabled in /etc/default/?
[18:55] <SpamapS> tucemiux: they're all different unfortunately.
[18:55] <SpamapS> would be really nice if they weren't
[18:56] <tucemiux> SpamapS: ok well at least I got apcupsd up and running, I'll reboot my server when I get home to find out if the service repawns on a reboot
[18:59] <tucemiux> hey is it safe to test a UPS by unplugging it from the outlet ?
[19:00] <SpamapS> tucemiux: many of them have test buttons ;)
[19:00] <SpamapS> tucemiux: but if it doesn't, then yes
[19:00] <SpamapS> tucemiux: just make sure its charged
[19:04] <tucemiux> SpamapS: yeah, it's charged, I was setting up the thing and wanted to place it somewhere else, I unplugged it and the thing was still on with plenty of juice so I'm like... ok well at least I know that works he he he
[19:20] <adam_g> lynxman: ping
[19:21] <MrBIOS> hey folks, ogra over in #ubuntu-arm just sent me this way. I'm looking for anybody who considers themselves part of the "arm server team"
[19:21] <kirkland> RoAkSoAx: pong
[19:27] <adam_g> kirkland: hey, maybe you know.. do the orchestra mcollective plugins need anything special in terms of puppet class paramters to get things deployed via the 'role' fact?
[19:27] <adam_g> would something like this work, or would it need to be simplified? http://paste.ubuntu.com/621948/
[19:27] <SpamapS> MrBIOS: there's no "ARM server team".. just "server team". :)
[19:30] <MrBIOS> SpamapS, understood, then "people interested in ARM who are on the server team"
[19:31] <SpamapS> MrBIOS: Lots of us. Did you have some hardware for us? ;)
[19:36] <kirkland> adam_g: really a question for negronjl and lynxman
[19:38] <negronjl> adam_g:  looking at your pastebin....can you elaborate a bit on what you are trying to do here?
[19:39] <RoAkSoAx> kirkland: o/ what do you think: http://paste.ubuntu.com/621958/
[19:40] <kirkland> RoAkSoAx: nice
[19:40] <kirkland> RoAkSoAx: looks good
[19:41] <RoAkSoAx> kirkland: though, just realized that it does not handle reconfiguration
[19:41] <adam_g> negronjl: openstack on a single node
[19:42] <Daviey> MrBIOS: can we help?
[19:42] <RoAkSoAx> Daviey: i had "Aji de Gallina" typical plate from Peru
[19:43] <Daviey> RoAkSoAx: sounds tasty!
[19:43]  * RoAkSoAx , lucky him... he found a peruvian restaurant right accross the street!
[19:43] <RoAkSoAx> Daviey: yeah it is :D
[19:46] <Daviey> adam_g: I assume those values won't be put into a apackage?
[19:47] <adam_g> Daviey: no, that would be an upper level class that someone can construct to make use of the nova module
[19:48] <Daviey> adam_g: ok, super
[19:50] <adam_g> negronjl: https://github.com/gandelman-a/puppetlabs-nova/tree/dev/nova if you are interested in looking at the entire module
[19:51] <Daviey> github makes me cry
[19:51] <adam_g> yeah. :(
[19:53] <negronjl> adam_g:  what's the name of the file you pasted on pastebin ?
[19:54] <Daviey> /nova/test/ubuntu/* ?
[19:55] <adam_g> negronjl: nova/tests/ubuntu/all.pp
[19:56] <negronjl> Daviey, adam_g:  thx.  reading now
[19:56] <zul> adam_g: you know we are using kvm on nova right? :)
[19:58] <adam_g> zul: yes, why do you ask?
[19:58] <zul> adam_g: it seems to be using xen
[19:58] <adam_g> no, it uses kvm/libvirt default
[20:00] <negronjl> adam_g:  I don't see anything that seems wrong ( didn't test the regexes in puppetlabs-nova / nova / lib / puppet / provider / nova_config / parsed.rb though )
[20:01] <adam_g> zul: one of the other people working on it is going to be using xenserver for compute.  there are some optional config parameters for that.
[20:01] <negronjl> adam_g:  all.pp seems to be right as well.
[20:02] <zul> ok cool..thats probably going to be an ubuntu patch ;)
[20:03] <adam_g> zul: the module should support both just fine wihtout patches
[20:03] <zul> good good
[20:08] <adam_g> that reminds me
[20:09] <adam_g> http://blog.xen.org/index.php/2011/06/05/xcp-on-ubuntu/
[20:10] <adam_g> zul: ^ we'll probably have xenserver on ubuntu as compute nodes at some point in the future.
[20:10] <zul> adam_g: the community xen.org version probably yes
[20:11] <adam_g> its the bleeding edge of the commercial version. or has something changed since citrix opensourced it last year? i haven't followed too closely
[20:12] <RoyK> adam_g: we have a xenserver setup - five nodes - I haven't gotten around to find out how to easly setup a pvm on that with ubuntu yet
[20:12] <zul> adam_g: i havent really looked at the xenserver bits its kind of like fedora
[20:12] <adam_g> zul: right
[20:13] <zul> adam_g: we are focusing on xen.org bits though
[20:15] <adam_g> in any case, XCP/xenserver on ubuntu rather than centos 5.4 would be great.
[20:15] <RoyK> kvm works well too
[20:16]  * RoyK just setup his first kvm vm in production at work
[20:17] <RoyK> some idiot at ittvis.com found that redhat was the perfect linux platform for IDL, so IDL didn't install on ubuntu, so I setup a CentOS VM for it :P
[20:18]  * negronjl is getting food
[20:19] <Daviey> SpamapS: Have you been able to find a sponsor for txzookeeper into Debian?
[20:34] <queso> Is there a way to search all cron jobs (in /etc/ and for all users) at once?
[20:42] <RoyK> queso: user's cronjobs are under /var/spool/cron/cronjobs
[20:42] <RoyK> users', even
[20:55] <tucemiux> ok im still a nuub, im just wondering how to ban china, I see failed login attempts from 111.178.*
[20:55] <remix_tj> tucemiux: i can suggest you to do this
[20:55] <remix_tj> whois 111.178.xyz.abc
[20:55] <remix_tj> (the ip with failed logins)
[20:56] <remix_tj> in the whois you can find the net you need to ban
[20:56] <remix_tj> with
[20:56] <littlebearz> tucemiux: just deny ALL:ALL and allow certain IPs
[20:56] <remix_tj> iptables -A INPUT -s 111.178.xyz.abc -j DROP
[20:57] <remix_tj> (for example)
[20:57] <Pici> remix_tj: It might be more prudent to install something like fail2ban, so that multiple failed login attempts are automaically blocked, from any ip.
[20:57] <tucemiux> ahhh so I hav to do it with iptables? I cant do it with fail2ban or some other utility?
[20:57] <remix_tj> or use the littlebearz solution. but is pretty difficult if you want to connect from dynamic ip
[20:57] <remix_tj> Pici: good idea :-)
[20:58] <remix_tj> tucemiux: install fail2ban, it will iptable for you :-)
[20:58] <Pici> tucemiux: ^
[20:58] <Pici> Sorry, I missed who was actually asking the question ther.e
[20:58] <tucemiux> Pici: it was mua
[20:58] <littlebearz> remix_tj: i never knew about fail2ban, I was thinking of putting the ip into a mysql and send it to my cellphone for verification
[20:59] <tucemiux> someone from 111.178.146.* tried to login as root, how can I check if fail2ban blocked him?
[20:59] <littlebearz> tucemiux: log file
[21:00] <littlebearz> tucemiux: erm I mean from iptables
[21:00] <tucemiux> littlebearz: which one? there's a bunch of them o.O
[21:00] <remix_tj> tucemiux: logfile or iptables -L
[21:00] <remix_tj> littlebearz: you can set fail2ban to execute something other instead of banning with iptables
[21:01] <Pici> tucemiux: /var/log/fail2ban.log
[21:01] <tucemiux> i guess im going to have to learn iptables then
[21:01] <littlebearz> tucemiux: i usually use firestarter or somesort of GUI for it, it's too much typing
[21:01] <tucemiux> and im going to have to learn how to use SASL-tor if I want to use freenode on my server
[21:01] <tucemiux> Pici: you have a server that's alwyas logged on to freenode?
[21:02] <jcastro> kirkland: nice interview
[21:02] <kirkland> jcastro: thanks dude
[21:02] <jcastro> kirkland: is there a PPA for orchestra, or is it all oneiric-only?
[21:02] <Pici> tucemiux: Yes. My VPS (Linode) is always connected. I'm running irssi within screen.
[21:02] <kirkland> jcastro: ppa:orchestra/ppa
[21:02] <jcastro> ta
[21:02] <kirkland> jcastro: moving quickly, but if you get around to testing it, let us know
[21:03] <jcastro> you might want to put the PPA link on lp.net/orchestra
[21:03] <kirkland> jcastro: where are the UDS videos?
[21:03] <kirkland> jcastro: ta
[21:03] <tucemiux> WARNING [ssh] Ban 111.178.146.*
[21:03] <jcastro> kirkland: I'm looking for something to do this weekend
[21:03] <kirkland> jcastro: heh, cool
[21:03] <tucemiux> WARNING [ssh] Unban 111.178.146.*
[21:03] <jcastro> kirkland: http://www.youtube.com/user/ubuntudevelopers
[21:04] <tucemiux> jcastro: you can be my singer, im looking for a singer :-)
[21:04] <kirkland> jcastro: hmm, the interviews with the novacut guys and akgraner?
[21:04] <jcastro> they're in there
[21:04] <kirkland> jcastro: got 'em, thanks
[21:10] <littlebearz> anyone can test if http://xxw.ca/texting-for-free/ gives ssl warning?
[21:23] <lynxman> adam_g: pong :)
[21:27] <adam_g> lynxman: hi, i was just trying to find out if orchestra/mcollective plugins have any requirements in terms of class paramters for the classes it deploys
[21:27] <lynxman> adam_g: hmm they're not related at all, they can (by choice) get facts from facter, but that's it, nothing else
[21:27] <lynxman> adam_g: unless I don't get what you're talking about :)
[21:28] <RoAkSoAx> lynxman: ok. so here's the deal, when we import an ubuntu server iso for example, we need to do something similar to the preseed: http://paste.ubuntu.com/622033/ (between #mirror comments)
[21:29] <lynxman> RoAkSoAx: sounds like a good move :) very awesome stuff
[21:29]  * lynxman likes cobbler more each day
[21:29] <RoAkSoAx> lynxman: the IP in the hostname is the cobbler server IP, and the directory is where the archive is
[21:30] <RoAkSoAx> lynxman: so we need to adapt that for when we have a repo's synced
[21:30] <adam_g> lynxman: i was looking at orchestra-puppet-recipes/puppet/manifests/node.pp  .. where are the $1, $2, etc. arguments coming from? i had assumed an mcollective agent?
[21:30] <RoAkSoAx> lynxman: or for when we import a full server iso
[21:31] <lynxman> adam_g: ah that's not related to mcollective, that's parameters from the role fact from facter
[21:31] <adam_g> lynxman: ah, i see. thanx
[21:31] <lynxman> RoAkSoAx: let's try to go that way and see how it ends up, I think it's quite good
[21:33] <MrBIOS> Daviey back at my desk now
[21:34] <MrBIOS> SpamapS I had a question about apache performance on ARM, seems like I may be hitting an SMP bug or something odd
[21:34] <RoAkSoAx> lynxman: yep, so yes we need to have a separate preseed for when we have a mirror, and one for when we have the full server iso, and one more for when we have repositories... though all will be handled via de snippets
[21:35] <lynxman> RoAkSoAx: sounds amazing, it's further than where we got, we just decided to go with the mini iso
[21:35] <jcastro> kirkland: all the mcollective-server- stuff appears uninstallable
[21:35] <lynxman> RoAkSoAx: I would like to keep that logical decision up to some point though
[21:36] <lynxman> jcastro: hey Jorge *waves*
[21:36] <lynxman> jcastro: it's in the Queue, waiting to be uploaded
[21:36] <jcastro> hi!
[21:36] <lynxman> jcastro: you're looking for mcollective-plugins-*
[21:36] <lynxman> jcastro: the only server is the provisioner :)
[21:36] <jcastro> ok
[21:36] <lynxman> jcastro: but yeah, waiting on the Oneiric queue still :)
[21:37] <jcastro> wow, he wasn't kidding when he said fast moving
[21:37] <lynxman> jcastro: we try to :)
[21:41] <SpamapS> MrBIOS: What sort of ARM are you running on?
[21:54] <kirkland> jcastro: i know; blocking on jdstrand's review of the new queue :-/
[21:54]  * jdstrand not the only archive admin which could review it
[21:55] <jdstrand> I've made a note to look at it, but I won't get to it today (patch piloting)
[22:00] <g-hennux> hi!
[22:02] <g-hennux> i'm on ubuntu 10.04 lts and i wonder why installing the solr-jetty package pulls that many dependencies, in particular some X packages, e.g. x11-common xfonts-encodings xfonts-utils
[22:03] <g-hennux> i'm actually not willing to install X libraries on my database machine; any suggestions from you?
[22:09] <g-hennux> ok, so solr-common depends on java6-runtime-headless (note: headless) and libcommons-csv-java, among others. now libcommons-csv-java depends on openjdk-6-jre or java2-runtime (note: no headless)
[22:10] <g-hennux> and this in turn pulls libgtk, libcairo, libxinerama, ...
[22:10] <g-hennux> now: does anyone use libxinerama on his solr server? ;-)
[22:27] <zaclnxnewb> how do I purge all of the configuration and settings that a program has over my server?
[22:27] <zaclnxnewb> I want to reinstall samba, but the settings from the previous installation remain
[22:31] <zaclnxnewb> ??
[22:31] <g-hennux> something like dpkg --purge or so
[22:31] <zaclnxnewb> I tried that
[22:31] <zaclnxnewb> sudo apt-get purge samba
[22:31] <g-hennux> no, that will fail if samba is not installed ;)
[22:32] <zaclnxnewb> tried it to begin with
[22:32] <g-hennux> ah ok, then apt-get --purge remove
[22:32] <g-hennux> or apt-get --purge --reinstall install samba
[22:34] <zaclnxnewb> I'll try them, thank you
[22:42] <zaclnxnewb> finally logged back into the server
[22:42] <bencc> do I need to reboot after changing /etc/security/limits.confg and /etc/pam.d/su ?
[22:42] <bencc> I'm raising the file descriptors limit for a server
[22:42] <zaclnxnewb> samba was also providing the "computer name" to the router, which was being used to route ip and similar
[22:43] <zaclnxnewb> made it much harder, very suddenly to log back into ZACSERVER lol
[22:43] <bencc> not sure if it's enough to restart a service to use the new fd limit: /etc/init.d/nginx restart
[22:44] <zaclnxnewb> g-hennux:  unfortunately, no that didn't work
[22:45] <zaclnxnewb> g-hennux:  all configurations remain
[22:45] <g-hennux> did you reinstall or remove?
[22:45] <zaclnxnewb> reinstall
[22:46] <g-hennux> and it's really the old configuration you're seeing, not the newly installed one?
[22:46] <zaclnxnewb> g-hennux:  my same note #ZAC to denote changes I made to the defaults.
[22:47] <g-hennux> can you --purge remove and check what remains?
[22:47] <g-hennux> does the config maybe belong to a different package, like smb-common or so?
[22:51] <zaclnxnewb> g-hennux: I ah, I see
[22:51] <zaclnxnewb> for some reason smbd worked but not samba
[22:52] <zaclnxnewb> g-hennux:  sudo apt-get purge smbd
[22:52] <g-hennux> isn't it apt-get --purge remove?
[23:04] <zaclnxnewb> I'm having one more problem
[23:04] <zaclnxnewb> permissions in samba
[23:07] <zaclnxnewb> I have a torrenting daemon that downloads various files
[23:07] <zaclnxnewb> and then I have the files available on the network via samba share
[23:07] <zaclnxnewb> problem is that files created by deluge (torrenting) aren't deletable by myself through samba
[23:12] <virusuy> zaclnxnewb:
[23:13] <virusuy> create mask = 777
[23:13] <virusuy> on smb.conf,
[23:13] <virusuy> where is defined your shared folder
[23:13] <virusuy> that means, apply 777 to any files or folder in shared folder
[23:14] <zaclnxnewb> virusuy: is create mask = 0777 alright?
[23:18] <virusuy> it's
[23:31] <virusuy> zaclnxnewb: worked ?
[23:31] <zaclnxnewb> one moment sorry, distracted by something important
[23:39] <zaclnxnewb> virusuy:  the deluge torrentor is a daemon on the same server
[23:39] <virusuy> that doesn't matter
[23:40] <zaclnxnewb> it doesn't put files into the samba share through the samba daemon, thus the files aren't changed to 777?
[23:40] <zaclnxnewb> well, the folders all belong to owner "deluge"
[23:40] <zaclnxnewb> and I can't delete them
[23:40] <zaclnxnewb> from within samba
[23:40] <virusuy> no matter who puts those files in it.. samba will change permissions to 777
[23:41] <zaclnxnewb> virusuy:  even if they aren't put there through samba?
[23:41] <virusuy> zaclnxnewb: yeap
[23:41] <zaclnxnewb> samba just shares the already made folder, I can see the daemon changing permissions as files are sent to it, but deluge basically puts files into the folder under it directly through the os
[23:41] <zaclnxnewb> alright
[23:42] <virusuy> oh, obviously deluge must have permissions on that folder
[23:42] <virusuy> IMO, if is a home share, just change folder's permission to 777
[23:43] <virusuy> and comment create mask line in smb.conf
[23:44] <zaclnxnewb> virusuy: How do I change the folder permissions?
[23:44] <zaclnxnewb> chmod?
[23:48] <virusuy> chmod -R 777 FOLDER
[23:55] <WMP> hello
[23:56] <WMP> i have compilled my own kernel and i havent file include/linux/autoconf.h
[23:56] <WMP> how to make this file?