/srv/irclogs.ubuntu.com/2011/07/07/#ubuntu-server.txt

goddard	craigslist is giving me some trouble	00:03
goddard	http://www.craigslist.org/about/help/generic_DNS	00:03
goddard	with my emails	00:04
goddard	I put the correct resolver in my mx records	00:04
Patrickdk	you can't send or receive emails from them?	00:04
goddard	i can recieve just not send	00:05
Patrickdk	cause you just said stuff about both	00:05
Patrickdk	and what ip are you sending from?	00:05
goddard	173.12.190.242	00:06
Patrickdk	heh, no wonder	00:06
Patrickdk	that will never ever work to send to most people	00:06
Patrickdk	you need to fix your reverse dns	00:06
Patrickdk	perferably it should match your email server name forward address	00:07
goddard	it should match the email servers domain name?	00:07
Patrickdk	no	00:08
Patrickdk	perferably it should match what you used in your mx entry, and helo name	00:08
Patrickdk	something like mine	00:09
Patrickdk	dig mx patrickdk.com	00:09
Patrickdk	dig -x 38.96.163.135	00:09
Patrickdk	they both match	00:09
goddard	hmm ok	00:09
Patrickdk	mx for patrickdk.com is kishi.patrickdk.com	00:09
goddard	i suppose i need to contact my isp then	00:09
Patrickdk	well, I have a few extra in there cause of ipv6 workarounds :)	00:10
goddard	i dont think they give control of that to me	00:10
Patrickdk	no, but normally they will change it if you ask	00:10
Patrickdk	if not, well, don't attempt to host your email there	00:10
goddard	haha	00:10
goddard	what if i have multiple domains on one server	00:11
Patrickdk	I have yet to day anything about domains	00:11
Patrickdk	does your email server have multible names?	00:11
goddard	just a few	00:11
goddard	no more then 3	00:11
Patrickdk	heh?	00:11
Patrickdk	how the hell does your email server id itself as so many names?	00:11
Patrickdk	currently, it id's itself as server2.kinggoddard.com	00:13
Patrickdk	so hopefully that is what you used in your mx entry	00:13
goddard	ok what about the TXT entry they suggest they use	00:13
goddard	http://pastebin.com/UtJPX4sb	00:13
Patrickdk	there is no law that says you must, but the more things don't match, the less likely other stricter email server will take email from you	00:13
goddard	that is my records	00:14
alamar	Patrickdk: the reverse should match?	00:14
alamar	I always thought it was only necessary to HAVE a PTR configured	00:14
alamar	not that it matches the forward entry referenced in the MX entry	00:14
goddard	i thought i had a TXT ptr setup	00:14
Patrickdk	alamar, depends on how big of a bofh the email admin is	00:14
Patrickdk	personally I configure email servers both ways, you just have a ptr, and ptr must match	00:15
goddard	no no makes sense	00:15
Patrickdk	TXT != PTR	00:15
Patrickdk	your TXT entries are spf, read up on spf, lots of info on google	00:15
goddard	ahh i see	00:16
goddard	so i should just put a ptr record in	00:16
fluvvell	I have 4 ubuntu desktops and a desktop/server at a church, I'm running apt-cacher-ng but having varying results - the cache seems to be out of date, or I get an Apt error on the desktops. Is there a better solution for caching repositories, saving bandwidth?	00:23
pmatulis	fluvvell: maybe provide the errors you're seeing	00:36
fluvvell	pmatulis, mostly apt-authentication errors on the desktops. there is a general feeling of clunkyness, or of updates not happening.	00:37
fluvvell	I'll mouse around to see if I can find a server log error	00:37
pmatulis	fluvvell: that would be best. also provide what releases are involved (desktop & server)	00:38
smoser	hggdh, the root cause is bug 784937	00:58
uvirtbot	Launchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/784937	00:58
smoser	hggdh, thank you for your help today.	01:12
Patrickdk	hmm, I have good results with apt-cacher-ng, bad with squid	01:31
=== alamar is now known as foobar123
=== foobar123 is now known as alamar
hggdh	smoser: yes, I concluded it should be this bug, and marked it in the results	02:46
hggdh	smoser: thank you for confirming it	02:46
goddard	what do professionals use to test for server security?	04:25
uvirtbot	New bug: #806782 in php5 (main) "package php5-fpm 5.3.5-1ubuntu7.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/806782	04:32
rallias	How do I install mod_gzip on apache 64bit?	04:40
twb	rallias: sure you don't mean mod_deflate?	04:57
=== medberry is now known as med_out
Hannz	greetings	07:07
acklee	hello everybody..	07:13
acklee	just want to ask about apache2 on 11.04	07:14
acklee	is it safe to chown /var/www/*.php to administrator rather than root?	07:15
twb	acklee: no.	07:16
acklee	so how could I edit or modify php files inside /var/www using Text Editor / gedit?	07:18
twb	You don't.	07:19
twb	Firstly, your server should not have a GUI. Secondly, /var/www is not FHS-compliant and you should not use it.	07:20
twb	Thirdly, best practice is to version control your code, and to only package and upload versions that pass self-tests to the server.	07:21
twb	If you aren't packaging your web app as a proper .deb, this could be achieved using rsync and ssh, with rrsync to restrict the uplaoders' privileges.	07:22
twb	Finally, since a quarter to a third of ALL security issues are PHP-related, you should never use it under any circumstances, since clearly there are systematic problems with the PHP community's ability to produce secure code.	07:24
acklee	oh ok.. one more question.. if /var/www is not FHS-compliant so where is the best place to put DocumentRoot?	07:25
twb	It would make sense to separate (immutable) programs from mutable state, so e.g. /usr/share/foo-app/foo.php, reading config from /etc/foo.ini and writing data to /var/lib/foo-app/	07:26
lei_	Guys, who use ubuntu 11.04 and had installed libvirt?	07:27
twb	If it's inherited code from people who don't understand such things, putting it in /srv/foo or /srv/www would be a reasonable short-term workaround.	07:27
twb	lei_: what is your real question?	07:27
twb	acklee: oh, and /usr/share assumes your program is interpreted; if it's compiled (e.g. prayer is a web-app written in C), you would use /usr/lib instead.	07:28
twb	Actually prayer is a poor example; it has a built-in web server, so its binary is in /sbin.	07:29
lei_	I updated my system yesterday but i found that my libvirtd can not started	07:29
acklee	ok twb that's great, thanks for your suggestions, I really appreciate it..	07:29
twb	lei_: does it give an error? If so, what?	07:29
lei_	No, it just can not start, continue to restart, but when i use "ps -ef \| grep libvirtd/(or libvirt-bin)" , i can not find it	07:30
lei_	i re-install it, it can not work too...	07:31
twb	Did you check syslog?	07:31
lei_	let me check	07:32
twb	tail -fn0 /var/log/syslog /var/log/auth.log &	07:32
twb	Then "restart libvirt" or something	07:32
nonotza	I just got this error on a new install of 10.04: -bash: php: command not found	07:32
twb	nonotza: PHP is not installed by default.	07:32
nonotza	I installed php	07:32
nonotza	and I printed phpinfo	07:32
twb	nonotza: php5-cli?	07:32
nonotza	ahhh	07:32
nonotza	that's right	07:32
nonotza	thanks	07:32
nonotza	do you know the apt-get package name?	07:33
twb	nonotza: php5-cli?	07:33
nonotza	that's it	07:33
nonotza	hehe	07:33
nonotza	all good now	07:33
twb	(apt-cache search)	07:33
lei_	virt-CommandWait:1229:internal error Child process.	07:35
lei_	then libivrtd exited.	07:35
=== smb` is now known as smb
twb	OK, stop the init job, then run it by hand in the foreground	07:37
twb	Wait a minute... are you saying that libvirt doesn't start, or that your VM(s) don't start	07:37
twb	Oh, also, IIRC libvirt defaults to writing logs directly instead of using syslog(), because it's bloody stupid	07:37
twb	So you'll have to look around in /var/log, e.g. find /var/log -mtime -1 -ls	07:38
lei_	I tried it. I use "libvird -d" or "service libvirt-bin start" ,but both were failed	07:38
lei_	"ps -ef\|grep libvirt " can see libvirt	07:38
lei_	sorry can Not	07:38
Alan	How would I go about removing a massively broken package?	07:56
twb	apt-get remove	07:56
Alan	Removing hptraidconf ...	07:57
Alan	dpkg (subprocess): unable to execute installed pre-removal script: No such file or directory	07:57
Alan	this is the problem	07:57
Alan	I can't even --purge it...	07:57
Hannz	hi all, i need help. i've just installed a fresh 10.04, and i can't find eth0 anywhere. ifconfig -a returned only eth1 and lo. after restarting, it changed to eth2 and lo. another restart and it changed to eth3 and lo. i can't make the network running to connect to my router.	07:58
Hannz	note that i'm still very new in command line interface (just learn a bit from https://help.ubuntu.com/10.04/basic-commands/C/index.html). is there any other good resources for me to learn regarding to cli?	07:59
twb	Alan: pastebin output of "more /var/lib/dpkg/info/hptraidconf.p* \| cat"	08:00
twb	Hannz: apparently your network card changes its PCI address every time you reboot	08:01
twb	Hannz: is this a VM or something?	08:01
twb	!RUE	08:01
twb	!RUTE	08:01
ubottu	documentation is to be found at http://help.ubuntu.com and http://wiki.ubuntu.com - General linux documentation: http://www.tldp.org - http://rute.2038bug.com	08:01
Hannz	twb: i'm really sorry, is VM = Virtual Machine? i dunno how to answer your question, seriously. i just tried to make a network server for my upstart company's files.	08:03
twb	Hannz: yes, "virtual machine"	08:03
twb	Did you install onto a real computer that you can throw out a window, or is it a virtual computer	08:04
Hannz	no, i don't think it is a vm. i installed it to a real computer	08:04
twb	Then I dunno, your hardware is really weird	08:05
Hannz	googled for vm, and now i'm sure it's definitely not a vm	08:05
Alan	twb: http://paste2.org/p/1506845	08:07
Alan	i think it's possible that the package failed to install properly	08:08
Alan	but even so - nothing in those scripts could error because they're using rm -f, right?	08:08
twb	Alan: there's no reason that should fail	08:08
twb	Unless your root user doesn't have permission to remove files or something...	08:09
twb	If you are feeling ballsy, just rm the prerm script and try again, though this will "void your warranty", as it were	08:09
Alan	twb: http://paste2.org/p/1506848	08:10
Alan	that's the full output of attempting to remove --purge	08:10
Alan	twb: doesn't that just mean it's going to miss stuff now? :\|	08:11
twb	Alan: I don't know what's going on	08:12
twb	Alan: maybe those scripts aren't executable?	08:12
twb	Alan: or could be a biarch issue, that gives funny errors.	08:13
Alan	well it seems to have gotten everything plus what's listed in the prerm script...	08:13
twb	Like it says "file not found" instead of "I can't execute 64-bit binary in 32-bit kernel"	08:13
Alan	twb: there's no chance of that kind of error	08:14
Alan	I'm not sure what screwed up there - removing the script "fixed" it...	08:14
Alan	i do know that the package never installed properly in the first place...	08:14
Alan	yay, now i can do updates again	08:15
Alan	every time i went to do updates it was trying to complete the installation of that broken package...	08:15
Alan	well thanks for your help twb :)	08:16
Hannz	twb: i tried to reboot (sudo shutdown -r now) again, and it changed to eth4 now -.-	08:22
twb	18:01 <twb> Hannz: apparently your network card changes its PCI address every time you reboot	08:22
Hannz	i guess i'll just try to re-install it from scratch	08:22
twb	Hannz: as a workaround you can remove the persistent-net-GENERATOR script from /etc/udev/rules.d/	08:22
twb	Though this can cause problems if you ever have >1 NIC	08:23
Alan	heh, i remember the days before persistent network device names...	08:23
Alan	you update your kernel and BAM no network	08:23
Hannz	i do have 2 nic, but i disabled 1 of them from bios settings. could it be the problem?	08:24
Alan	"What do you mean eth0 is now my firewire port?"	08:24
twb	Hannz: the problem is almost certainly SOMETHING in the BIOS	08:24
Hannz	twb: would reset the defaults in the bios fix that something?	08:24
Hannz	*resetting	08:25
twb	That depends on what the BIOS defaults to.	08:25
Hannz	hmm.. i'll just try something.. thanks for your help :)	08:27
lodott	Hi all, I have a dual-boot issue on an EFI system (Lenovo S205): win installs and boots, but grub in the Server install messes up the boot sequence.	08:34
Hannz	twb: i'm currenty reinstalling, is it okay to have the network configured with dhcp? or should i go back and configure manually?	08:35
EricJ	lodott: are you installing both windows & ubuntu on the same harddrive?	08:35
twb	Hannz: DHCP is fine, as long as you are on a trusted network and the DHCP server is well-behaved	08:35
lodott	EricJ: yes, windows has sda1/2, Ubuntu sda3	08:36
lodott	It probably has to do with the EFI thing, which have not really yet a handle on	08:37
twb	In theory, as long as you install win first and linux second, it should Just Work	08:37
twb	But I haven't dealt with such a system in a looong time	08:38
lodott	yeah, I hoped so too.	08:38
lodott	I followed instructions in the help page "RecoveringUbuntuAfterInstallingWindows" but after "overwriting the MBR" the system does not boot up	08:38
EricJ	I've had some problems setting up dual-boot, but that was splitting win & ubuntu onto different disks.	08:38
EricJ	lodott: you don't even boot into grub?	08:39
lodott	nope, I get into a reboot loop and have to switch off/boot from CD	08:39
EricJ	meh	08:39
lodott	I can get windows back to work by fixing the mbr with the install disk	08:40
rurufufuss	what's the easiest and most secure way to set up a user with root priviledges?	08:41
rurufufuss	I just set up a ubuntu server, probably not a good idea to run around as root eh?	08:41
EricJ	rurufufuss: I'd add him to the sudoers.	08:42
rurufufuss	the user's not set up yet, IIRC there was a command to set up the user, including his home page etc	08:42
rurufufuss	I was wondering if that's correct?	08:42
lodott	Another attempt was to use EasyBCD to boot Ubuntu via Windows, but no luck	08:43
lodott	About the EFI: in the windows install it apparently made a difference if I let the system find the CD or if I manually selected the CD. I am not sure why that should be but could that have an effect on where Ubuntu puts the MBR data?	08:47
lodott	With system finding the CD, windows creates a boot entry on the BIOS level, otherwise installs to the MBR normally	08:49
lodott	With this specific Lenovo the MBR install is needed, otherwise the installed system has problems with shutdown (lenovo bug)	08:51
=== koolhead11\|Afk is now known as koolhead11
acklee	lodott: afaik, you can sacrifice the powers of Grub and shift to Windows Boot Loader to boot you into Linux..	09:12
jibel	On Oneiric Alpha2 ISO testing, RAID1 and UEC install are untested	09:14
jibel	http://iso.qa.ubuntu.com/qatracker/test/5890	09:15
jibel	http://iso.qa.ubuntu.com/qatracker/test/5889	09:15
jibel	Anyone to give them a try ?	09:15
lodott	acklee: how would I do that? I tried the EasyBCD tool which is supposed to do just that, but maybe you have a better alternative.	09:15
lodott	acklee: the EasyBCD tool actually located the GRUB2 partition on its own, so my fear is that it has to do with installing the MBR somehow.	09:18
acklee	lodott: http://www.supergrubdisk.org/ provides a specialized rescue disk to restore Windows/Linux.. I haven’t used it anytime though..	09:31
Hannz	hello, i have a problem with ethernet settings. it seems that my ethx keeps changing its name (eth1 to eth2 to eth3 and so on), and apparently the hwaddr is also changing its mac address everytime i reboot the server.	09:34
acklee	I don't know the answer to your question, but one way to search for text in files is this: "sudo find /etc\|xargs grep eth20" could you pastebin the output of that?	09:41
acklee	Hannz: pastebin for sudo find /etc\|xargs grep eth20	09:42
jamespage	jhunt: thanks for taking a look at my upstart query yesterday - turns out I was being a dunce :-)	09:45
Hannz	i'm currently on another notebook so i can't pastebin it. but it returned 20+ lines, all ended with 'Permission denied'.	09:45
jhunt	jamespage: np. If there is some way we can improve the man pages/cookbook to avoid confusion though, let me know.	09:46
acklee	I discovered that others had experienced similar problems with ASUS boards with nVidia NICs, changing their MAC addresses..	09:47
drj_	Hi all. is there a way to "unencrypt" an ecryptfs-encrypted homedir other than copying everything and restoring afterwards?	09:47
acklee	Hannz: Looks like Gigabyte and ASUS have been shipping invalid MAC addresses on some of their boards..	09:47
Hannz	i'm using gigabyte board and its onboard nic	09:48
acklee	Hannz: it just generates a new (valid yet) random MAC address..	09:48
Hannz	acklee: so i have to switch my mainboard?	09:49
acklee	Hannz: cat /etc/udev/rules.d/70-persistent-net.rules	09:49
Hannz	or can we find a way to stop it from generating new mac addresses?	09:50
acklee	Hannz: it would be nice if you can show me the output..	09:51
acklee	Hannz: no, last option is disable your obloard nic in the BIOS..	09:51
Hannz	acklee: i think the 70-persistent-net.rules is making new lines of rules everytime i reboot the box. i checked it before boot and after boot, it just adds a new # PCI device	09:52
acklee	Hannz: and put your new nic to PCI slot..	09:52
uvirtbot	New bug: #806887 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/806887	10:02
rurufufuss	what is the proper way to start a persistent process on a server?	10:39
rurufufuss	assuming that " ./someprocess &" is actually not the right way	10:40
rurufufuss	that process being one of my binaries made from gcc that is	10:41
lodott	acklee: thanks, I will have a look later	10:43
RoyK	rurufufuss: ./someprocess & will start it well, but unless the process traps SIGHUP, a logout will then stop it	11:37
RoyK	rurufufuss: nohup ./someprocess & will trap SIGHUP	11:38
RoyK	the best way would be to trap SIGHUP from the process itself and perhaps fork in the background also from the process	11:38
knowtheledgeee	I cant seem to be able to call g++ using the exec() function in php, any ideas?	11:42
rurufufuss	RoyK: thanks, I suppose if you trap sighup the process will then have to be killed manually huh	11:55
uvirtbot	New bug: #806930 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 100" [Undecided,New] https://launchpad.net/bugs/806930	12:02
uvirtbot	New bug: #806911 in nova "Split nova-compute into nova-compute-{kvm,xen,etc.}" [Undecided,New] https://launchpad.net/bugs/806911	12:06
Ursinha	good morning teammates	12:08
jamespage	morning Ursinha	12:11
lynxman	Ursinha: o/	12:19
lynxman	jamespage: o/	12:19
zul	yo	12:20
lynxman	zul: o/	12:20
zul	hey lynxman	12:20
Daviey	ls	12:24
Daviey	bah	12:24
Daviey	hello Ursinha !	12:24
lynxman	$ ls	12:25
lynxman	porn	12:25
lynxman	Daviey: :)	12:25
Daviey	lynxman: :o	12:25
serge_	SpamapS: around?	12:25
Daviey	serge_: he's away this week.	12:25
lynxman	Daviey: hehe, still need to send you the pics!	12:25
lynxman	Daviey: and the video	12:25
serge_	Daviey: yeah, but i thought he said he might be on and off around :)	12:26
serge_	Daviey: i gather jameshunt is out too	12:26
Daviey	lynxman: oh dear!	12:27
Daviey	serge_: hmm, i spoke with jhunt yesterday.	12:27
lynxman	Daviey: there's some very scary ones	12:27
* koolhead11 looks at lynxman		12:28
* lynxman feels stared at		12:29
serge_	Daviey: yeah, i'm pinging him on #upstart, thx	12:29
Daviey	groovy	12:30
koolhead11	lynxman, i thought i joined some other channel :D	12:36
koolhead11	hey Daviey	12:36
lynxman	koolhead11: heh :)	12:36
lynxman	zul: I have a new version of mcollective (1.2.1) ready for you if you fancy :)	12:45
zul	lynxman: sure ill take a look this afternoon	12:46
lynxman	zul: cool, thx	12:46
jibel	jamespage, do you know what's the status of Ubuntu Server EC2 HVM testing ? There's no result on the tracker.	13:19
zul	hggdh: lemme know when i can use the test rig	13:44
hggdh	zul: as soon as UEC testing ends	13:45
* Daviey imagines it'll end abrubtly		13:47
zul	wouldnt have it any other way ;)	13:48
serge_	zul: i want to sync the latest (non-release) lxc for oneiric. Do you have any reason for me to wait?	13:51
zul	serge_: nope	13:51
serge_	k	13:51
serge_	it'll be a kick-ass update :)	13:51
zul	although /dev/pts doesnt seem to get mounted in the container under libvirt	13:52
stgraber	serge_: I guess with everything that went in git recently it's probably worth trying to convince Daniel to just release ;)	13:52
serge_	stgraber: i've asked him, can you also ask him?	13:52
stgraber	serge_: sure	13:52
serge_	i agree, 0.7.5 seems worth yagginh	13:52
serge_	tagging, even	13:52
serge_	thx	13:52
RoyK	rurufufuss: not really - read up about unix and signals	14:21
rurufufuss	RoyK: so you mean if I have a C program, do signal(SIGHUP, whatverfunction)	14:22
rurufufuss	and whatever function just does nothing	14:22
rurufufuss	you mean that's actually not enough?	14:22
RoyK	rurufufuss: basically, yes	15:07
RoyK	rurufufuss: and the signals have different meanings, different use etc	15:08
RoyK	for instance, HUP is sent when a terminal is closed, TERM is the basic signal sent by kill(1), some signals shouldn't be trapped (for example SIGSEGV) and others can't be trapped (SIGKILL)	15:09
alamar	advanced programming in the unix environment is a good lecture fo stuff like this (if a library of yours has it you should take a look)	15:10
alamar	lecture? I mean reference Ithink	15:11
rurufufuss	hmm ic	15:11
rurufufuss	I mean, I just want a program of mine to not terminate	15:11
rurufufuss	like, I want to log in to a remote box, run it, and log off	15:11
rurufufuss	(it's a fastcgi application)	15:11
rurufufuss	I suppose using nohup suffices huh	15:11
alamar	you could run it in screen, with nohup or disown	15:11
alamar	or do signal handling yourself. if you want it to act like a daemon there is a good entry in the unix programming faq for that	15:11
alamar	http://www.unixguide.net/unix/programming/1.7.shtml if you're interested	15:12
rurufufuss	thanks	15:12
rurufufuss	when you said with screen, nohup or disown	15:12
rurufufuss	that's "either screen, nohup, or disown", not "with screen AND either nohup or disown" right?	15:13
RoyK	rurufufuss: man screen etc	15:13
RoyK	either one will do	15:13
rurufufuss	cool, thanks!	15:13
RoyK	there's usually some 10+ ways to do things :)	15:13
rurufufuss	what's the chances handling a signal to SIGHUP and doing nothing on the handler will also work?	15:13
rurufufuss	I would test this myself if I could, but its not compiled yet :/	15:14
RoyK	that'll trap SIGHUP, yes	15:14
rurufufuss	sweet	15:14
RoyK	and ignore it	15:14
RoyK	but if something sends it a SIGTERM, it'll die	15:14
RoyK	unless that's trapped as well	15:14
rurufufuss	but if I run it with & it wont get sigterm would it?	15:14
rurufufuss	well, I suppose I could just test when I get the chance to	15:15
RoyK	nohup is the only wrapper I know that traps signals - & is only to background it, and that one doesn't trap anything	15:15
RoyK	you could write a trapeverything wrapper, but normally you want software to stop when it's told to	15:16
RoyK	or if it crashes	15:16
RoyK	trapping SIGSEGV could lead you into interesting times indeed	15:16
uvirtbot	New bug: #807038 in dbconfig-common (main) "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Undecided,New] https://launchpad.net/bugs/807038	15:16
=== Ursinha is now known as Ursinha-lunch
=== NG_ is now known as ng_
=== JanC_ is now known as JanC
RoAkSoAx	adam_g: ping	16:01
Daviey	everyhting seems oddly quiet... has disaster hit?	16:11
RoyK		16:18
serge_	zul: oh, silly me. we're in soft freeze	16:20
stgraber	serge_: not anymore. Got lifted this morning (european time)	16:21
serge_	ah, cool, thx	16:22
TheEvilPhoenix	this channel is always quieter than some of the other ubuntu channels :P	16:23
TheEvilPhoenix	question. any idea why Server won't install correctly on a Dell POweredge 2600 in hardware RAID5?	16:23
TheEvilPhoenix	i end up with an infinite boot loop	16:23
genii-around	TheEvilPhoenix: Did you set up the raid array in the hardware before installing?	16:30
TheEvilPhoenix	yeah	16:31
genii-around	TheEvilPhoenix: Is grub entry using the uuid of the array, or sdaX type entry for loading the kernel from?	16:35
TheEvilPhoenix	i'll have to check, i'm not at the system atm.	16:36
uvirtbot	New bug: #807091 in nova (universe) "error: internal error character device (null) is not using a PTY" [Undecided,New] https://launchpad.net/bugs/807091	16:36
TheEvilPhoenix	i'll come back once i got that info	16:36
adam_g	RoAkSoAx: hey	16:39
=== Ursinha-lunch is now known as Ursinha
RoAkSoAx	adam_g: hey, never mind :)	17:02
uvirtbot	New bug: #807110 in nmap (main) "Sync nmap 5.21-1.1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807110	17:06
smoser	Daviey, around ?	17:57
smoser	Ben is still utlemming? he's not here.	17:58
Daviey	smoser: ack	17:58
smoser	http://uec-images.ubuntu.com/releases/oneiric/ has 'alpha-2' and 'alpha-2a'	17:58
smoser	on nectarine 2a has been deleted.	17:58
smoser	i'm going to run 'trigger-sync' there, which will delete from uec-images also	17:59
smoser	they seem to have identical content, but didn't know what 2a was and wanted to check before i cleaned there.	17:59
Daviey	utlemmin	17:59
Daviey	smoser: I just pinged him on another irc network, think he should be here soon.	18:00
Daviey	]	18:00
* Daviey spots utlemming's irc failure.		18:02
* utlemming was on other irc channels		18:07
* utlemming but is now in the right spot		18:08
zul	soren: ping	18:23
soren	zul: 'sup?	18:46
zul	soren: why do you want to break up nova-compute?	18:46
uvirtbot	New bug: #807153 in bind9 (main) "named does not shut down after "service bind9 stop"" [Undecided,New] https://launchpad.net/bugs/807153	18:46
soren	zul: I thought I explained in the bug?	18:47
zul	soren: right it looks overly complicated i think	18:48
soren	How so?	18:48
soren	zul: I thought you of all people would be happy with an easy way to use Xen or LXC with nova without mucking around with config files.	18:49
zul	nm...im not thinking today	18:50
outer_space	how can ubuntu render php files instead of downloading them, latest ubuntu with tasksel lamp installed	18:55
jeeves__	is anyone here today? I'm getting "rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=199, length=20" and I'm trying to figure out why	19:00
=== jeeves__ is now known as jeeves_moss
jamespage	jibel: I believe the HVM AMI's are broken ATM - utlemming or smoser would be able to confirm	20:07
utlemming	Yes the HVM AMI's are broken. We are working with Amazon to address the problem	20:07
jamespage	thanks utlemming - I thought that was the case	20:08
utlemming	https://bugs.launchpad.net/ubuntu/+source/linux/+bug/791850	20:08
uvirtbot	Launchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,Confirmed]	20:08
jamespage	ta	20:08
jeeves__	do I have to make a new entry into the client.conf file for each access point I need access to my FreeRadius server for?	20:19
=== med_out is now known as medberry
lifeless	serge_: hi :)	20:26
jeeves__	lifeless, hey	20:31
lifeless	hi?	20:32
serge_	lifeless: hey	20:40
lifeless	serge_: would you like a new lxc script that takes a shutdown container, makes an aufs overlay and starts it up	20:40
serge_	lifeless: yeah	20:41
lifeless	ok, ew have one, I'll see about generalising	20:41
lifeless	we	20:41
lifeless	on the cgroup-bin thing	20:41
serge_	lifeless: cool, thanks. should we integrate that into lxc-start you think?	20:41
serge_	lxc-start -a for aufs?	20:41
lifeless	making everyone that wants to use lxc manually mount the filesystem seems ugly	20:41
lifeless	I replied to the bug	20:41
serge_	lifeless: we don't make everyone	20:41
lifeless	but as its closed you might not see it ;)	20:41
serge_	what's the bug# again?	20:42
BrixSat	hello, i have a site and it has a lot of users and it makes the machine not respond to all with all the accesses (overloaded) how can i make with a second machine reduce the overload of the first one?	20:42
lifeless	serge_: bug 800456	20:42
uvirtbot	Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456	20:42
lifeless	BrixSat: what sort of site?	20:42
BrixSat	it is a radio network site	20:43
lifeless	I mean, is it a website? static content or dynamic?	20:43
BrixSat	dynamic	20:43
serge_	lifeless: what exactly does a 'Suggests' entry do then? pop up a msg while installing?	20:43
lifeless	serge_: nothing, but its one of the first places people look when something doesn't work.	20:44
BrixSat	lifeless: dynamic website	20:44
serge_	I'm fine adding a suggests now that cgroup-bin plays nice :)	20:44
lifeless	serge_: recommends or stronger would be better	20:44
serge_	lifeless: ok	20:44
serge_	wonder how i can gauge whether users would be annoyed by that	20:44
lifeless	serge_: http://www.debian.org/doc/debian-policy/ch-relationships.html#s-binarydeps	20:45
serge_	th	20:45
lifeless	serge_: if cgroups-bin can be disabled	20:45
serge_	x	20:45
lifeless	serge_: then users who want to do it manually could disable	20:45
serge_	well i suppose a .override file should work, if those are in upstart now	20:45
lifeless	though recommends is the usual place to put 'you should have this but can decide not to if you want'	20:45
lifeless	'The Recommends field should list packages that would be found together with this one in all but unusual installations.'	20:46
BrixSat	lifeless: any ideia?	20:46
serge_	right but we treat Recommends as stronger than debian does right	20:46
serge_	?	20:46
uvirtbot	New bug: #807222 in tomcat6 (main) "Sync tomcat6 6.0.32-5 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807222	20:46
lifeless	serge_: nope, we, like debian, install recommends by default but allow it to be removed (or not installed if the user toggles the option)	20:47
lifeless	BrixSat: if its a dynamic site, do you know if the database is overloaded, or your (php\|perl\|python) code, or the memory use on the machine?	20:47
serge_	lifeless: and if existing users do an upgrade, will it auto-install a new recommends?	20:47
lifeless	BrixSat: the solutions are different based on the actual problem :)	20:48
serge_	stgraber: if you still ahve that source tree handy,	20:48
lifeless	serge_: yes; but we're going to have more users eventually than we have today, so upgrades are a consideration not an overriding rule :)	20:48
BrixSat	lifeless: well the machine just can hang thousands of connections per seconds	20:48
stgraber	serge_: yep, it's still there	20:48
lifeless	serge_: oh, let me rephrase - if you dist-upgrade I think it installs new recommends, a daily upgrade won't.	20:49
serge_	do you mind adding cgroup-bin to the Recommends? :)	20:49
serge_	stgraber: for bug 800456	20:49
uvirtbot	Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456	20:49
lifeless	BrixSat: for that, I suggest rate limiting in your front end	20:49
BrixSat	rate limiting? humm	20:50
BrixSat	lifeless: whtat would that consist?	20:50
lifeless	BrixSat: determine what concurrent request count your server can serve without bogging down,and then configure apache\|haproxy\|squid\|varnish - whatever you have as your entry point - to only forward that many connections to your dynamic code at once	20:50
stgraber	serge_: uploaded	20:50
lifeless	it will stop the machine hanging, though it won't add capacity.	20:51
serge_	stgraber: remind me to buy you a beer at the sprint	20:51
serge_	thanks, gnight	20:51
BrixSat	lifeless: cant i have a second host able to do the same as the first host?	20:51
lifeless	separately, if you need more capacity, you need to determine what you need more capacity of - database, frontend, bandwidth - and cluster-or-increase that somehow	20:51
lifeless	BrixSat: yes, but if you don't manage the concurrent work, it will still overload and fail and then that will cascade across your whole cluster.	20:52
lifeless	BrixSat: the very first thing you need is a concurrent work limiter, it makes everything else -much- easier to tackle	20:52
lifeless	we use haproxy for launchpad.net, for instance.	20:52
BrixSat	haproxy does that?	20:53
* patdk-wk is just using ipvs these days		20:53
lifeless	serge_: thanks!	20:53
patdk-wk	the linux firewall can do that :)	20:53
lifeless	BrixSat: yes,	20:53
lifeless	patdk-wk: not as nicely (for users that exceed the limits)	20:54
BrixSat	if server1 fails will the second one be able to reply?	20:54
patdk-wk	ya, defently doesn't give you a nice error though :)	20:54
lifeless	patdk-wk: also things like persistent connections aren't handled by iptables solutions, it can't tell 'possible work' vs 'actual work'. haproxy can be configured to do that.	20:54
lifeless	BrixSat: not for the failed request. For subsequent requests, yes.	20:54
BrixSat	nice :)	20:55
BrixSat	thanks	20:55
patdk-wk	heh? possible vs actual?	20:55
patdk-wk	any request that hits the server is actual work	20:55
=== utlemming is now known as utlemming_lunch
uvirtbot	New bug: #807233 in mcollective (universe) "mcollective not working with rabbitmq" [Undecided,New] https://launchpad.net/bugs/807233	21:06
uvirtbot	New bug: #807240 in rrdtool (main) "Please merge rrdtool 1.4.3-3.1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/807240	21:16
lifeless	patdk-wk: yes, but tcp connection != http request	21:17
lifeless	patdk-wk: so http persistent connections will sit idle for (usually) up to 30 seconds	21:18
lifeless	patdk-wk: if you say 'machinehas 4 cores, can handle 4 requests concurrently, and then limit to 4 http connections, you'd lost 30 seconds of processing per core per connection	21:19
lifeless	patdk-wk: if you fudge it and multiply out to get a guesstimate, then a bunch of near-simultaneous requests coming in can flood the server and bog things down	21:20
=== ng_ is now known as NG_
jeeves__	why does my server keep trying to use "::1..." (the local ipv6 address) and NOT 127.0.0.1?	21:48
cloakable	check /etc/hosts	21:50
WMP	hello	21:51
WMP	how to build package with my, modyfited kernel?	21:52
=== utlemming_lunch is now known as utlemming
MACscr	which is the name of the kernel that i should be running for 10.4 LTS. Is it kernel 2.6.32-32-server?	22:01
MACscr	this is a xen guest. The xen kernels i guess arent used anymore	22:02
patdk-lap	that is not a xen kernel	22:02
patdk-lap	2.6.32-316-ec2 is	22:02
MACscr	that doesnt seem right. why the -ec2?	22:04
MACscr	i thought the paravirt drivers were included after 2.6.27	22:04
MACscr	whats the difference between -server and -generic	22:07
WMP	server have other kernel timing	22:08
patdk-lap	depends	22:08
WMP	generic is to desktop	22:08
patdk-lap	tz clock rate, pae enable, ...	22:08
WMP	yes	22:08
WMP	server is to server ;)	22:09
MACscr	hmm, well i upgraded a xen guest (whihc is being used as a web server) which was Ubuntu 8.04.3 LTS, kernel 2.6.24-25-xen to 10.4 LTS, but it only seemed to install the generic kernel	22:09
MACscr	and it didnt even touch menu.1st. So luckily i caught that before rebooting or else it wouldnt have even booted since the xen kernel isnt compatible with 10.4	22:10
patdk-lap	last time I did that, the guest was trashed	22:10
MACscr	this a 64bit system mind you	22:10
patdk-lap	so was mine	22:10
patdk-lap	so I use the -ec2 kernel now	22:11
patdk-lap	looks like kernels since 2.6.23 have included xen stuff	22:11
MACscr	well i have another system that is runnng 10.4 LTS with 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux	22:11
MACscr	and its fine, but wasnt sure if that was still the correct way to go	22:11
cb1609	is there a good logging program for ubuntu-server? all my users are logging in via ssh.	22:12
MACscr	grr, my timing is off again though on that working system.	22:14
lifeless	serge_: where should I get the source for your current lxc package?	22:14
patdk-lap	hmm, looks like the kernel should work	22:20
patdk-lap	guess my issue was the xen blkdev is a module and wasn't in initrd correctly	22:21
smoser	it was today	22:21
serge_	lifeless: it's in the oneiric archive	22:25
serge_	(i dont' have my own lp branch for the latest)	22:25
lifeless	kk	22:25
adam_g	smoser: W: Failed to fetch bzip2:/var/lib/apt/lists/partial/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_natty-updates_universe_binary-i386_Packages Hash Sum mismatch , any idea?	22:27
BrixSat	hey	22:38
BrixSat	i have a questioni have a site wich is often confronted with high bandwidth and cpu, will ubuntu cloud and 2 servers make a kind of load balance?	22:39
WMP	anybody know how to in make-kpkg make tiny and nice kernel name?	22:39
MACscr	patdk-lap: i still wonder though if the ec2 kernel is a bit more optimized and might be a little faster/leaner than the -server kernel	22:39
MACscr	update-grub still doesnt work on a xen guest either =/	22:40
WMP	BrixSat: hmmm, maybe nginx? but nginx havent loadbalancing per bandtwitch	22:40
BrixSat	WMP: is it diferent having ubuntu-server or ubuntu-cloud? will i notice diferent performances?	22:41
WMP	i don't know ubuntu-cloud	22:41
WMP	all servers i make in ubuntu-server	22:41
BrixSat	WMP: the problem is one of my servers get a lot of ddos	22:42
patdk-lap	there is no thing as ubuntu-cloud	22:42
patdk-lap	unless you mean ubuntu-uec	22:42
patdk-lap	and yes, you will see a difference	22:43
MACscr	patdk-lap: also, are you doing anything special to get your ubuntu guests to keep the correct date/time?	22:43
BrixSat	patdk-lap: if a server get a ddos atack will all the cloud stop?	22:43
patdk-lap	macscr, nope	22:43
WMP	BrixSat: you shoud invest in hardware firewall	22:44
MACscr	patdk-lap: are you by chance using pvgrub or pygrub though?	22:44
patdk-lap	brixsat, depends on the ddos	22:44
BrixSat	WMP: cant afford it	22:44
patdk-lap	macscr, nope	22:44
BrixSat	patdk-lap: ddos (udp flood=	22:44
patdk-lap	ddos can be hundreds of thousands of things	22:44
patdk-lap	all it means is you have too much from too many places at once	22:44
BrixSat	patdk-lap: usualy from 3 or 4 ip's	22:45
patdk-lap	what udp services do you provide?	22:45
patdk-lap	that is hardly a ddos, that is much more a dos	22:45
patdk-lap	and easy to block using simple firewall rules	22:45
BrixSat	patdk-lap: none, i have no udp	22:45
patdk-lap	then how the hell could a udp flood take you down?	22:46
BrixSat	cause thousands of connections per second	22:46
patdk-lap	udp doesn't make connections	22:46
patdk-lap	therefor that isn't the issue	22:46
BrixSat	the machine was goind up and down no network availiable	22:46
patdk-lap	do you have stats on incoming/outgoing packet counts?	22:46
BrixSat	sim	22:47
BrixSat	yes	22:47
patdk-lap	how many packets in and out?	22:47
patdk-lap	hmm, actually might of been icmp replies, so probably wouldn't help	22:47
patdk-lap	you need to configure a firewall desperately	22:47
patdk-lap	be it soft, hard, or other	22:48
BrixSat	patdk-lap: i was having 11mpbs of network load	22:48
patdk-lap	but a crapload of udp shouldn't be able to take down a server	22:48
patdk-lap	expecually at 11mbit	22:48
patdk-lap	I have handled that much ntp traffic without an issue	22:49
BrixSat	but in my case the server stops reacting and crashes	22:49
BrixSat	or i shutit down first	22:49
patdk-lap	so you say	22:50
patdk-lap	therefor I don't believe it was udp traffic that did this	22:50
BrixSat	my datacenter said it was	22:50
patdk-lap	well, you have two solutions	22:51
ahs3	what kind of udp traffic? ntp? icmp? dns? there are all sorts of dns attacks in the wild	22:51
patdk-lap	get a firewall to reject stuff, and hopefully ban ip's that do that	22:51
patdk-lap	or get your datacenter to do it for you	22:52
patdk-lap	he said he wasn't running a udp server, so it shouldn't matter what type	22:52
BrixSat	ahs3: it was icmp, and ntp	22:52
patdk-lap	what ip address?	22:52
BrixSat	the source?	22:53
BrixSat	or my machine?	22:53
patdk-lap	the ip address on your machine they where attacking	22:53
BrixSat	79.143.184.210	22:54
patdk-lap	hmm, that seems good atleast	22:54
patdk-lap	there are craploads of really bad ntp stuff, that when it doesn't get a reply, it hammers the server harder	22:55
BrixSat	patdk-lap: yes now it is i had to replace the ip	22:55
patdk-lap	heh?	22:55
BrixSat	it was before .209	22:55
patdk-lap	I asked what ip they attacked	22:55
patdk-lap	not what you have now	22:55
patdk-lap	no difference	22:56
BrixSat	hoo it is a 79.143.184.209	22:56
BrixSat	that is not assigned to anything now (only dns resolution)	22:56
patdk-lap	ya, you badly need to fix your firewall	22:58
patdk-lap	install a firewall on that box, and set it to DROP everything	22:58
patdk-lap	that will kill the icmp stuff	22:58
patdk-lap	and should kill the load you had	22:58
patdk-lap	I also see all kinds of fun stuff open, like dns, you said you where not running udp services	22:59
alamar	BrixSat: you get a "ddos" from 3 or 4 ips?	22:59
patdk-lap	also your x11 ports are exposed	22:59
BrixSat	yes	22:59
BrixSat	american ips	22:59
BrixSat	x11 ports?	22:59
patdk-lap	http://pastebin.com/AQN6GLKj	23:00
patdk-lap	those closed ports, should say stealth instead	23:00
alamar	well if they are static you could just block them using netfilter. (or even ask upstream to do it for you)	23:00
patdk-lap	alamar, and if he just didn't produce icmp replies to every packet, he probably wouldn't have to block them	23:00
alamar	patdk-lap: having icmp work is not a bad thing per se	23:01
patdk-lap	I didn't say break icmp	23:01
patdk-lap	but have icmp not reply with port closed	23:01
alamar	but you should probably rate limit it if it causes problems	23:01
BrixSat	alamar: how can i do it?	23:02
alamar	there is an iptables module for that. google icmp rate limiting. but it's probably the easiest way to just nullroute or filter the source addresses that cause your problems in general	23:05
BrixSat	thks	23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!