/srv/irclogs.ubuntu.com/2011/07/25/#ubuntu-server.txt

=== jcastro_ is now known as jcastro
airtonixlove driveby01:04
MrUnagiI need a little help setting up a mail server with ubuntu, it seems i can log with telnet but not with a mail client, did i skip over a step?02:22
airtonixdepends02:30
airtonixMrUnagi: what steps did you follow02:30
MrUnagito be honest i have tried several including in the ubuntu docu02:31
MrUnagihttps://help.ubuntu.com/community/MailServer02:31
MrUnagiso basically my current state is i can telnet 143 and log in wit success02:34
MrUnagiwhen setting up my client, i get the certificate error as expected, but the account remains offline02:34
twbMrUnagi: https://help.ubuntu.com/10.04/serverguide/C/email-services.html is the official documentation.02:36
twbAFAIK community/ stuff is unofficial02:36
MrUnagiI've tried that guide as well02:40
MrUnagii know that i am at least communicating with dovecot because i get the certificate error02:41
twbAre you testing this with "mutt -f imaps://MrUnagi@127.0.0.1/" on the server itself?02:41
MrUnagii tested telnet locally and remotely02:41
MrUnagii am not sure what mutt is02:42
MrUnagiis it a mail client?02:42
twbAn MUA02:42
twbYes.02:42
MrUnagii have not tried it with mutt i was trying it with mail.app on os x02:42
twbPlease reproduce the problem with mutt on the server.02:43
MrUnagiinstalling now02:43
twbAlso, unless you're doing STARTTLS, there should be no TLS (a.k.a. SSL) at all on 143.02:43
MrUnagiwell that was something that popped up in my mind as well02:43
MrUnagisome error occurred and mutt quit02:45
MrUnagii have to locate the mutt log02:45
twbYou ran the command I gave you initially?02:46
twb12:41 <twb> Are you testing this with "mutt -f imaps://MrUnagi@127.0.0.1/" on the server itself?02:46
MrUnagiyes02:46
twbThe error should sit around for a few seconds unless you hit a key, so it should be easy to transcribe02:46
MrUnagiinternal error occurred02:46
twbWell that's bizarre02:46
MrUnagiserver bug referr to server log for more information02:47
twbOK, that's more reasonable02:47
twbSO now open another window and do "tail -fn0 /var/log/syslog /var/log/auth.log"02:47
twbThen when you try mutt again, it'll show you what the server-side error was02:47
MrUnagiwell thats too easy02:48
MrUnagidirectory doesn't exist02:48
twbAs in /var/mail/MrUnagi doesn't exist?02:49
MrUnagii have reverted this snapshot so many times, i am having trouble keeping track02:49
MrUnagiwell Maildir02:49
MrUnagiinteresting02:49
twbI should've had you check the logs first, I just didn't trust that it was a server-side problem at first02:49
MrUnagii can fix this no prob 1 sec02:50
MrUnagiok it appears i am logged in with mutt02:53
MrUnagiand I'm sure i don't have postfix set up right because i have not received the test email i just sent02:54
MrUnagibut being able to log in server side means dovecot is good right?02:55
philipballewwould anybody know anything about a linux network install03:07
twb!ask03:11
ubottuPlease don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)03:11
twbMrUnagi: yes re dovecot is good; re postfix, have you told it to deliver to Maildir?03:12
philipballewtwb, i neet to install ubuntu over a network.03:13
philipballewbetter03:13
twbphilipballew: OK, so what isn't working?03:13
philipballewwell. i have a laptop without a cd drive and to old to boot from usb03:13
philipballewand i need to remove microsoft and install linux, like i always do.03:14
philipballewthis time i cant use a cd03:14
twbYou're sure it can't boot from USB?  And you can't easily remove its HDD and put it in another box to do the install?03:15
philipballewi brobably could, if i get a case and some screws yeah.03:16
philipballew*pobably03:16
philipballewwhen did computers start to boot from usb?03:16
twbI don't know.  Maybe you should, you know, test USB bootin.03:18
twbI ask because if you have to PXE boot then you will need to set up a PXE server which is fiddly03:18
philipballewand i am kinda lazy03:18
qman__expensive computers started booting from USB around 200003:21
qman__it became a fairly standard feature around 0403:21
philipballew# 3 on boot order is removeable devices twb03:22
philipballewhum. this is like 200103:28
=== twb` is now known as twb
ejvevening everyone, i just installed ubuntu server 10.04 LTS on an old dell dimension desktop; I have two PCI ethernet cards, both recognized by Ubuntu, an Accton SMC2-1211TX and a 3Com Corporation 3c905B, i'm not getting an IP address (via DHCP) from my router, is there something that needs enabling?04:38
twbejv: pastebin your interfaces(5) file04:41
ejvnevermind fellas, it appears a `dhclient -r` and then a `dhclient` fixed that right up as sudoer. thank you04:41
twbRighto04:41
ejvvery weird that it wouldn't work "out of the box"04:41
ejvbrand spanking fresh installation -_-04:41
ejvok i rebooted, interfaces are gone again04:43
ejvhow do I tell dhclient to run at boot?04:43
qman__configure your interfaces to use DHCP in /etc/network/interfaces04:44
qman__see man interfaces for details04:44
ejvi have auto dhcp and iface eth0 inet dhcp04:45
ejvin /etc/network/interfaces04:45
ejv(seperate lines)04:45
ejvpardon me auto eth004:45
qman__well, if eth0 is the one that's plugged in, it's correct04:46
qman__but since you have two, it's possible the one you're using is actually eth104:46
ejvahh04:46
ejvok i will add a second identical line04:46
ejvthere's two because i was thinking one card was faulty, if i can get this working i'll pluck it right out04:47
ejvqman__: if you're still around, im not familiar with this new version of grub, how do I tell the boot sequence to not be "quiet" but "verbose" ? :)04:49
qman__short answer is, you don't04:50
qman__it's possible to get the verbose kernel messages back but not without hacking up plymouth04:50
qman__since that's what suppresses them, not grub04:51
ejvhmm alright, thx for the input04:51
U256Hello everyone05:23
U256I need some help from anyone who is bored and might want to help05:23
lickalottask05:28
twbOfftopic: is there a channel where I can ask about forcing lucid gvfs to mount FAT floppies with different mount options, and actually get a useful response?  Note: this rules out #ubuntu and irc.gnome.org06:01
twb(Yes, 3.5" floppies.  One of my prisons still uses them because, unlike USB keys, they can't be smuggled through checkpoints up your arse.  Sigh.)06:02
twbScratch that, I'm not even sure it's gvfs.  Whatever nautilus is running.  Apparently gvfs is a nest of ELF binaries and no documentation or configuration or --help.  Sigh.06:12
* twb RTFS's06:13
kuralhello would linux-image-virtual contain XEN privileged guest support ?06:21
twbIIRC Xen isn't supported as at Lucid06:34
=== smb` is now known as smb
smbOne can run Lucid generic-pae / server kernels as pv guest in Xen. Though it has not been the main target. There are linux-ec2 kernels which are maintained for running under xen.07:15
twbsmb: well, sure, domU is mainline07:16
=== kim0|vacation is now known as kim0
uvirtbot`New bug: #815760 in nut (main) "2.6.1-2ubuntu1 FTBFS on i386" [Medium,In progress] https://launchpad.net/bugs/81576008:57
uvirtbot`New bug: #815776 in php5 (main) "Unit tests inside PEAR packages need to go into /usr/share/php-test, not /usr/share/php/tests" [Undecided,New] https://launchpad.net/bugs/81577609:47
alainghow can i check what character set my server is using?10:56
photonenv | grep LANG10:59
alaingI'm trying to setup zenphoto on my server and it says the following message11:01
alaingIf your server filesystem character set is different from ISO‑8859‑1 and you create album or image filenames names containing characters with diacritical marks you may have problems displaying the names.11:01
alaingCurrently my server is reporting back that its using utf811:02
photonWell, the message is pretty much self-explanatory11:03
alaingcould my web server be setup to use ISO?11:03
photonI guess, but that would be like asking if you could install Windows 95 instead. Unicode is pretty much the standard these days. I'd rather figure out how to install zenphoto with utf8.11:04
alaingsetup i meant reporting thats its ISO instead of UTF811:04
alaingafter that message it says "Change the filesystem character set define to" followed by a drop down list of character sets and an apply button and then goes on to say "If you do not know the character set try "UTF-8""11:06
alaingI selected UTF-8 and clicked apply but it doesn't work it just reports the same error message. Perhaps its a permissions on the php script that runs11:06
alaingor could it be somethign else?11:07
photonI don't know, sorry, I never used zenphoto.11:08
photonmaybe there's a chat room for that, or a forum?11:08
alaingthanks anyway11:09
alaingmuch appreciated11:09
CatFishsee him walking11:09
CatFishkraak mie dan11:09
CatFishie crack ue head boy11:10
CatFisheffuh put friend11:10
CatFishut need n11:10
CatFishheur hem kraake dan gek11:11
_rubenaww .. clusterstack stuff in the servergu.. err .. better check the most recent version of it before i finish that sentence12:10
_rubendoh, and forgot the "no" part as well12:10
_rubenah, only drbd under the clustering part :/12:11
=== bigjools is now known as bigjools-afk
hallyncan anyone who is using multipath under lucid test the proposed fix for bug 690387, just to verify that it doesn't break your setup?12:50
uvirtbot`Launchpad bug 690387 in multipath-tools "udev block naming breaks failover and sd kref release cycle" [High,Fix committed] https://launchpad.net/bugs/69038712:50
=== bigjools-afk is now known as bigjools
uvirtbot`New bug: #815865 in apache2 (main) "Cookie variable in Apache LogFormat outputs incorrect value" [Undecided,New] https://launchpad.net/bugs/81586513:01
=== med_out is now known as medberry
=== bdmurray_ is now known as bdmurray
hallynjdstrand: on bug 524447, it sits for 7 days, but as it's been verified, you can push your security changes on top of it right?14:32
uvirtbot`Launchpad bug 524447 in qemu-kvm "virsh save is very slow" [Medium,In progress] https://launchpad.net/bugs/52444714:32
jdstrandhallyn: can you poke pitti or SpamapS to process it?14:39
hallynjdstrand: what do you mean by process it?14:39
hallynSpamapS' last comment was that it has to wait 7 days in quarantine, now that it is verified.14:40
jitshi guys .. i have a ubuntu gateway which is allowing only google and some other sites to go thru .. everything else keeps waiting ... need help on how to go about digging it ..14:42
SpamapSjdstrand: needs 5 more days14:42
jdstrandhallyn: if it is verification-done, and past 7 days, then it should move to -updates14:44
jdstrandhallyn: based on SpamapS' comment, I'm confused though14:44
jdstrand(7 days vs 5 days left)14:44
hallynjdstrand: it was pushed to -proposed on the 22nd14:45
hallynsupposed to sit there for 7 days14:45
jdstrandhallyn: I am preparing for a phone call atm. can we talk about this a bit later?14:45
hallynjdstrand: absolutely14:45
jitshi guys .. i have a ubuntu gateway which is allowing only google and some other sites to go thru .. everything else keeps waiting ... need help on how to go about digging it ..14:55
hallynjits: what were you wanting it to do, and how did you go about it?14:57
jitshallyn: i expect all sites to be accessible from client machines which have ubuntu server as gateway14:57
jitsif i set the gateway to a router then everything works fine :-|14:58
hallynjits: we'll need more information about how you set it and the network up.  but if you can get to the sites from the gateway itself, but not the clients, then I'd look at iptables output and the resolv.conf you're sending to the clients15:04
jitshallyn: I can get to any site from the gateway ..15:04
jitsiptables output here http://paste.ubuntu.com/651802/15:06
jitsthe clients are all static ip .. configured to use gateway as dns .. the lookup works fine.. traceroute is also fine :-s ..15:07
hallyniptables -t nat -L15:07
jitshallyn: http://paste.ubuntu.com/651804/ .. here it is15:08
jitsanything ?15:16
hallynjits: nope.  i don't see any forwarding rules.  but since you say google works, i dunno.15:20
hallynjits: how is it set up?  When I do this to share wireless, I use a custom networking.conf entry with a post-up job that runs dnsmasq and iptables.  what are you using?15:21
RoAkSoAxsmoser: howdy15:21
smoserhey15:21
=== Kiall is now known as Kohana-CI
=== Kohana-CI is now known as Kiall
RoAkSoAxsmoser: ready for the presentation...anything I should know ?15:21
jitshallyn: no wireless .. its all physical connection ... has 50 odd clients in the vlan with one dhcp server cum gateway for other clients... one particular client is on this ubuntu gateway ..15:22
=== Kiall is now known as Kohana-CI
=== Kohana-CI is now known as Kiall
smoserRoAkSoAx, well... i'm going to get started on putting together what i want to say15:22
smoseri' think i'm going to basically just introduce what "cobbler-devenv" is15:23
smoserbasically covering how it sets up a secluded network and builds a cobbler server to run in it.15:23
RoAkSoAxsmoser: ok, cool. Will it install the webdav and stuff?15:23
smoserdoes it ?15:23
smoseri will check that...15:23
RoAkSoAxsmoser: no I mean if it already does15:24
hallynjits: maybe vlan is segragating traffic?  anyway, hopefully someone else will see your info and have an idea15:24
jitshallyn: yeah hope so .. thanks..15:26
smoserRoAkSoAx, i think it does...15:28
smoserbut i haven't verified that it works15:28
RoAkSoAxsmoser: ok I'll go over allk that stuff15:30
RoAkSoAxsmoser: as well as the preseed your devenv installs15:30
RoAkSoAxto get it to work with ensemble15:30
smoserhm..15:31
smoserso what should i talk about ?15:31
smoser:)15:31
RoAkSoAxsmoser: though you were gonna explain how the cobbler devenv works :)15:32
smoseryeah.15:36
RoAkSoAxsmoser: ok so I will explain how ensemble works with orchestra and how your devenv is used to test "hardware" deployments15:37
* kirkland listens to RoAkSoAx's explanation :-)15:37
RoAkSoAxkirkland: hehe will also send an email on how to do it later today15:39
kirklandRoAkSoAx: cool -- to where?  ubuntu-server maybe?15:39
RoAkSoAxkirkland: to our private ML, cc'ing you if you are not there anymore15:40
zulwouldnt ubuntu-server be a better idea?15:42
RoAkSoAxzul: Idk... it is stil a proof of concept that hasn't really been tested on real hw yet and I think it should probably be officially announced past the sprint in Austin, where I expect to have it working15:46
RoAkSoAxfully15:46
zulRoAkSoAx: ah ok15:46
uvirtbot`New bug: #815968 in samba (main) "SWAT doesn't allow admin login after install" [Undecided,New] https://launchpad.net/bugs/81596815:47
zulwho in the hell still uses swat15:47
RoAkSoAxlol15:47
xibalbahey folks, i wwas wondering if anyone here is familiar with nic-bonding and could help me out with my config ? http://paste.ubuntu.com/651826/15:50
ppetrakixibalba, looks plausible :) what's the outcome?15:52
ppetrakixibalba, oh, you need to define an alias for bond1 too upfront15:53
xibalbappetraki , mmm taking a look15:54
xibalbappetraki , i believe i did define one in bonding.conf for bond1 too, but i see i made it netdev instead. i will set them the same and reboot15:54
ppetrakixibalba, so it would be: alias bond0 bonding alias bond1 bonding15:54
xibalbappetraki , in one line or two?15:54
ppetrakiwhat really matters is the max bonding,15:55
ppetrakiseparate lines15:55
ppetrakioptions bonding max_bonds=515:55
xibalbamax bonding ? i heard about that before but i can't find a doc on configing it15:55
ppetrakiwill let you create up to 5 bonds15:55
xibalbappetraki , does that go into bonding.conf ?15:55
ppetrakixibalba, no, modprobe15:55
ppetrakixibalba, http://lxr.linux.no/linux+v3.0/Documentation/networking/bonding.txt15:56
ppetrakixibalba, its all there15:56
xibalbappetraki , forgive me if this is newbish, but i put it under bonding.conf under modprobe.d15:56
xibalbaoh ok i will take a look15:56
uvirtbot`New bug: #798878 in nova "nova.conf should not be world-readable" [High,Confirmed] https://launchpad.net/bugs/79887815:57
xibalbappetraki , i owe you a beer if this works15:58
ppetrakixibalba, bonding is pretty easy, just remove and install the module again15:58
xibalbai guess going forward i should search linux specific, not ubunut specific information15:58
kim0Howdy folks, Ubuntu cloud days starting in #ubuntu-classroom on the hour .. see you there15:58
xibalbai'm not familiar with removing/installing modules in ubuntu. i come from BSD, use to maintaining freebsd mostly, just getting into ubunutu15:59
ppetrakixibalba, modprobe -r bonding && modprobe bonding15:59
ppetrakixibalba, :)15:59
jamiemillFor PCI compliance I need to update to latest PHP/Apache on my Ubuntu Lucid - but apt has only updated to 2.2.14 - does that mean I have to update to Natty to get latest apache?16:27
jamespagejamiemill: you might want to challenge on 'latest' - my experience of PCI compliance was that you needed to prove that your software install is secure rather than at the latest version16:33
jamespageyou should be getting updates for security vulnerabilities on lucid which should be enough IMHO16:34
xibalbappetraki , hey are you still around?16:34
jamiemilljamespage: The scan report requests at least version php 5.3.6 and apache 2.2.17, both newer than in the Lucid repositories according to this page http://distrowatch.com/table.php?distribution=ubuntu16:36
jamespagejamiemill: does you scan provide reasons for these minimum version numbers? its normally todo with security vulnerabilities that have been found in lesser versions16:40
jamiemilljamespage, yes it is. 72 failures individually itemised with the version of php and/or apache they say fixed it. That was before i updated today, so some will go away on the next scan, but some need newer versions that I can get from lucid repos.16:41
jamiemilljamespage. But I'm going to disable sending the server signature in apache, so once I've done that I don't know how they'll know the version ...16:42
jamespagejamiemill: there are other ways....16:43
jamiemilljamespage Like adding other repos ?16:43
jamiemilljamespage or building from src16:43
jamespagesorry - I mean't of detecting which apache version you are running16:43
jamiemilljamespage Oh! how?16:43
jamespagejamiemill: so I would go back again to which specific vulnerabilities they are looking for version upgrades to fix16:43
jamespagejamiemill: http://tinyurl.com/6ferf8p details the updates to 2.2.14 since Lucid was released.16:45
jamespagethat might help16:45
jamiemilljamespage: one example: "Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities" CVE: CVE-2010-1452 NVD: CVE-2010-1452 -> "Apache addressed these issues in 2.2.16. Upgrade to the latest supported version of Apache."16:45
uvirtbot`jamiemill: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)16:45
uvirtbot`jamiemill: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)16:45
jamiemilloh! thanks uvirtbot`16:46
jamiemillclever bot16:46
jamespagefixed in 2.2.14-5ubuntu8.416:46
jamespagejamiemill: Upgrade to the latest supported version of xxx16:47
jamespageis a standard response - however most linux distros don't upgrade the version - they backport security fixes plus critical bugs16:47
jamiemilljamespage - OK that's what I was assuming actually. So I wonder how I get to pass this damn test16:47
jamespagejamiemill: do you have a human to talk to or is it the automated test?16:48
jamiemilljamespage I'm not sure, I was just passed the results. It's "Trustwave", recommended by PayPal I believe16:49
jamespagejamiemill: so it is acceptable to identify false positives during PCI scanning - it covers this exact scenario16:50
jamespagewhere the scan says something bad - but you can prove otherwise16:50
jamespagehowever you will need to get whomever has to accepted the test results to agree16:50
jamiemilljamespage - OK I need to get in touch with them because I don't want to run around trying to prove this to them. There must be a process.16:50
jamespagenormally its about having a sensible conversation about what you are running your infrastructure on16:51
jamiemillOn another note, I'm perfectly happy to update to natty actually, so might just do that.16:51
jamespagejamiemill: OK - but please be aware that its not an LTS release16:51
jamespagejamiemill: you may still have to prove that your software is up-to-date and addresses the required security vulnerabilities16:52
jamespagehowever if you have a handy IT Security guy around he might help out with that :-)16:53
jamiemilljamespage - yes I am aware of that, LTS sounded nice at the beginning when they released it, but now I'm not sure what the advantage is knowing that packages lag behind (in terms of version numbers, even if not security)16:54
jamiemilljamespage - we're a small team and like to be on the latest, only using apache, php and git on AWS so I don't imagine much will break on a newer version16:55
dori922setting up a UEC front end server can i run another cloud OS type  the nodes? (ie Xen or debian or the like?)16:55
jamespagejamiemill: well its not for everybody16:55
jamespagejamespage: good luck with PCI certification on AWS :-)16:56
jamiemilljamespage: hmm - thanks - well we don't store CC data, only transfer it, so I hope we'll be ok16:56
jamespagejamiemill: exempts you from a few parts of the spec then16:57
jamespagejamiemill: but its still a PITA16:57
jamespagehmm - just realised I wished myself goodluck rather than jamiemill - doh!16:58
jamiemillha ha - didn't notice16:59
xibalbahey folks, would any of you have a moment to help me out with a bonding issue?17:00
xibalbamy bonds are finally showing in ifconfig thanks to ppetraki , however the status is showing down.17:00
=== medberry is now known as med_out
ppetrakixibalba, well, what does ifenslave say about it?17:11
xibalbayou know i haven't installed that yet, let me reconfig eth3 and install that17:12
xibalbappetraki , ok time to figure out how to use this17:17
xibalbaresetting the box , since i reconfigured eth3 to have a WAN ip so i can route out17:17
xibalbai'm hitting this box via ipmi only right now17:17
ppetrakixibalba, you need that to make bonding function....17:18
xibalbahey ppetraki , sorry i just lost internet. had to run downstairs and fix it17:25
xibalbappetraki , oh i wans't aware you actually needed ifenslave to make the bonding work, i thought it was only for admining, and was required on version of ubuntu older than 10.0.417:26
xibalbahey ppetraki , where can i ship a case of beer to you "?17:29
ppetrakixibalba, it's really nothing.17:30
xibalbanot to me buddy :)17:30
xibalbathank you thank you, many times17:30
xibalbabeen at this for a week17:30
MrUnagiwhen sending mail to an account on my server i get mail undeliverable, how do i troubleshoot this18:27
=== Ursinha is now known as Ursinha-lunch
CrazyGirhello!18:40
CrazyGirI have a vm server I would like to forward certain ports to specific vms sitting on an internal subnet. would this be donw with ufw? or ufw & iptables?18:41
patdk-wkufw is nothing more than a simple iptables rule maker18:42
CrazyGirsure, so I guess my question is.. can ufw be used for NAT definitions, or do you have to get dirty with IP Tables?18:44
alamariptables are dirty?18:44
CrazyGiralamar: have you ever used pf?18:44
alamaryes18:44
CrazyGirso you should know what I'm referring to :)18:44
jdstrandCrazyGir: ufw can be used for NAT, just not with the cli command, so you need iptables knwledge. see 'man ufw-framework' for details18:44
alamarI still don't think of iptables as dirty18:44
CrazyGirufw exists for the same reason :P18:44
alamarI do not care about strange abstractions I have no use for :p18:45
CrazyGirsure, masochism is acceptable, I have no issue with that, but not my choice ;)18:45
CrazyGirI'll take a read jdstrand, thanks18:45
CrazyGiralamar: these conversations usually include some element of straight up opinion, but I don't think there is an interface/system in linux that is as complex and UNREADABLE as iptables (with the same breadth of use)18:48
alamarwell I do not think of it as unreadable18:48
alamarand I think everything about desktops today is way more complex18:48
alamar(at least for me)18:49
CrazyGirhah18:49
CrazyGirI would prescribe OpenBSD to you for a good year ;)18:49
CrazyGirthat'd fix you right up :)18:49
alamarI don't have any use for openbsd18:49
CrazyGirsure, you are probably being paid to keep things complex18:49
alamaropenbsd just lacks a lot of commonly used things18:50
alamarand as I mentioned desktops are complicated - iptables is easy18:50
alamarand layering ufw above iptables just causes problems when the setups gets more complicated and you have to manually intervene18:50
CrazyGiralamar: really? like what?18:50
alamarlike virtualization?18:50
CrazyGirsounds like you are going along with what folks "say"18:51
CrazyGirI would agree with you there, but I agree with their reasons for doing so, and honestly, not using virtualization keeps life simple18:51
CrazyGiranything other than virtualization?18:52
alamarit does not. it keeps the costs high and causes more complexity for keeping things separated18:52
CrazyGirsure, so you have setup VM clusters, more than 2 node? on a budget without FC?18:53
CrazyGirand you would agree that is simple?18:53
CrazyGirand again, anything other than virtualization?18:53
alamarCrazyGir: yes I have setup virtualization clusters with more than 2 nodes. and yes it is simple18:54
alamarand I was not talking about clustering18:54
CrazyGir*vm clustering18:54
alamar(I don't know if openbsd has any clustering capabilities)18:54
CrazyGirwhat did you do for storage?18:55
alamardepends18:55
CrazyGirI would be thrilled to hear about your "simple" setup :)18:55
CrazyGiras I was beginning to believe there wasn't one :)18:55
CrazyGirback to ubuntu for a moment: if you update /etc/ufw/before.rules, how do you make them take effect?18:55
jdstrandsudo ufw reload18:56
CrazyGirw00t18:56
CrazyGiralamar: no? I'm really not being feticious, I am really looking for something simple there19:00
CrazyGirhonestly, I have yet to find an OS that was as simple to setup, as clean and uniform to admin, and a joy to work with, all while being truly open, free, and secure, as OpenBSD19:01
CrazyGirso I don't try to incite rioting, but I am really left scratching my head when someone says iptables is simple or readable19:02
alamarCrazyGir: simple for what? distributed storage? iscsi or fc - clustering? pacemaker - virtualization? depends. And yes most of this stuff is easy to deal with.19:09
zulSpamapS: can you accept the landscape-client sitting in proposed for lucid19:10
=== med_out is now known as medberry
SpamapSzul: will take a look shortly19:33
zulSpamapS: thanks19:33
alamarCrazyGir: other things openbsd lacks are besides the very minimal amount of software in the base system, the limited maintained amount of ports and things like long support cycles (5 to 9 years) - technically there are things missing like drbd, i don't know how the situation is with fc or iscsi or how good the capabilities of a logical volume manager are, high availability clustering and of course virtualization - which really is a big deal, ...19:53
alamar... virtualization is really necessary for a whole lot of reasons (saving space, power, hardware ressources(or using them more effeiciently), reduced managing costs, security considerations among many many others). openbsd does not even have a good os-level virtualiziation which is a really nice thing if you want to really separate services on your system.19:53
CrazyGiralamar: that would be because the devs know the inherent security risks virtualization poses, see their write ups for details19:59
CrazyGirand I'd be curious what storage clustering tech (low-budget, no FC) you found so simple20:00
alamarCrazyGir: why low budget? you can use drbd for example. you conveniently dismiss other points. and why openbsd does not have any virtualization is none of my interest. it does not offer any capabilities for virtualization which is what counts.20:03
CrazyGirI don't have 20k for FC :)20:04
alamarchange your job then. use iscsi, drbd or nfs or whatever fits your usecase20:04
CrazyGiri didn't find drdb reliable or easy to configure20:04
alamarit really is easy to configure20:05
alamarand depending on the protocol you use it IS reliable20:05
CrazyGiragain, my "standards" for these things are set from having used BSD for so long20:05
alamaryou can use it with etherchannel/trunking20:05
CrazyGiralamar: split brains are too easy to trip20:05
alamarwith multiple links it is very unlikely20:06
CrazyGirand you are correct about iSCSI in OpenBSD, but that is because no one has really forked up the hardware to make it happen20:06
alamaralso you can use drbd with pacemaker to deal with split brain situations20:06
CrazyGirwe were20:06
alamarCrazyGir: the reasons do not matter. what matters is the lack of something.20:06
CrazyGirthe lack of something?20:06
CrazyGirI'm not sure I'm following you there20:06
alamarlack of virtualization for example.20:06
CrazyGiroverall I think we agree, except on what we consider simple or reliable20:07
CrazyGireg, I imagine you consider the linux kernel as something reliable20:07
alamarCrazyGir: what is unreliable about it20:07
CrazyGiralamar: I could list off quite a few things I imagine all of us have faced, but it is like asking a windows guy if windows is reliable, they'll tell you either yes or mostly. But until their perspective has been broadened to include experience with systems that are more reliable, they won't see it otherwise20:09
alamarCrazyGir: I ran openbsd for many years20:10
CrazyGirI would not consider the linux kernel something I want to rely on (which makes virtualization all the better)20:10
alamarlinux even longer20:10
alamarI really do not know what you mean by unreliable20:10
alamarI experienced the environments rhel or sles give me as very reliable20:10
CrazyGirthat was my point, we have different concepts of these things (reliability & simplicity)20:11
alamarso please elaborate what you mean by reliability20:11
alamarand why or what part of linux kernel is not20:11
CrazyGirI do not trust the linux development cycle, eg look at the number (and severity) of bugs that come out on a new release20:11
CrazyGirthis even spills over into distro's dev cycles and practices20:12
alamarCrazyGir: do you use -current on a server?20:12
alamar(production)20:12
CrazyGirno, release + patches20:12
alamarCrazyGir: so does nobody with linux20:12
CrazyGirI have _no_ idea how a ubuntu system can be automatically updated, reboot, and reliable break grub20:12
alamarrhel has 5-7 years support time and stays with the same kernel20:13
alamar(it backports a lot of stuff of course but it remains the same kernel)20:13
CrazyGirI'm not talking about distros, we were talking about the reliability of the linux kernel itself20:13
alamarwell then again openbsd-current is not reliable20:13
CrazyGirit is far more reliable than linux dev trees, but AGAIN, we're considering kernel RELEASES20:14
CrazyGirnot rc or betas20:14
CrazyGirin anycase, we're seeing these things differently20:14
CrazyGirit has been good talking, and I agree with many of your points, but I think we give a different level of care to these things. I must get back to work20:15
alamarCrazyGir: nobody uses all the new releases on a production server. (just because they pump out a new version once in a while does not mean everybody runs and uses them - after a considerable amount of time though distributors will consider them for a release after they have proven reliable and stable)20:15
alamarit's like -current but from time to time they take snapshots and call them 2.6.xy or 3.x in the future20:16
alamar(actually one might argue that this is actually providing better reliability because after a kernel was released it will be used by millions of people who run rollingrelease or desktop distributions before it will ever get into server-distributions ;) with openbsd you are more or less forced after 1(!) year (IIRC) to use a newer release (or run without security updates))20:20
alamarCrazyGir: I enjoyed it too, but I still don'T consider openbsd fit as serversystem. I like it as a router though (when I have to use softwarerouter)20:24
astrostlopenbsd is still my favorite unix-like os.  i don't care about it not being a vm hypervisor, as the 'real' ones (vmware, xenserver, etc.) bring their own along.20:37
alamarastrostl: short support periods also suck and I mentioned a few other things20:38
=== maxforti_ is now known as maxforti
astrostli can understand not wanting to constantly feel behind the 8-ball in terms of upgrades.20:39
astrostlBUT, i ran a production server from 2.x through 3.x without ever rebuilding it.  years and years of the same system.20:40
astrostlRHEL 3 to 4 is basically a gut rebuild, so is 4 to 5, so is 5 to 6.20:41
astrostlubuntu LTS has in-place and very manual major version upgrades, but i found it painful and that it left a lot of cruft.20:42
alamarastrostl: this is something I also do not like (having practically to do a new install when moving from X to Y) but the long support time remedies this20:42
astrostlall my obsd upgrades were done with a trivial shell script that fetched tarballs and extracted them live on the fs.20:42
astrostland it's easy to diff the tarball contents against present fs contents to detect cruft.20:43
astrostlso in practice, running a supported system for years on end was something i found easier with obsd than rhel.20:43
astrostl(and ubuntu, although the last in-place upgrade i did was 6 to 8 so it may have improved)20:43
alamarI didn't do any real lts->lts upgrades as of yet (lots will happen next year) (so I'm excited how that will go)20:44
astrostlif my experience was any guide, get ready for about 1000 interactive prompts :)20:44
alamarit will be a fun year.. or NOT ;)20:45
astrostlcurrent org did an 8 -> 10 migration and it was a straight up reload20:45
astrostlwe have hundreds of ubuntu LTS workstations/servers20:45
ScottKYou can use preseeding to avoid most of the prompts. If you have a lot of systems, it's worth it to invest in figuring out how to do this up front.20:49
RoAkSoAxzul: writing the email now20:58
=== mike is now known as Guest59162
Guest59162hello everyone, could someone help me with a combining NAT and SOCKS?21:10
=== Guest59162 is now known as mike_w
=== mike_w is now known as mike_wi
=== 64MAAX8N0 is now known as chknstrp
RoAkSoAxzul: email sent21:32
RoAkSoAxhave fun21:32
zulRoAkSoAx: cool beans...21:32
CrazyGiram i correct in my understanding that the following line added to /etc/ufw/before.rules would forward tcp traffic received on br0:9000 --> 192.168.1.10? -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.1021:44
=== Ursinha-lunch is now known as Ursinha
CrazyGirmaybe?22:03
xibalbawhat is UFW ?22:05
xibalbai only use pf22:05
=== quentusrex_ is now known as quentusrex
CrazyGirxibalba: yea, I sometimes wish pf were available on linux22:09
xibalbawhat're you trying to do?22:09
CrazyGirbut that would conflict with too much22:09
xibalbapf > iptables in my opinion22:09
CrazyGirxibalba: forward port X from a VM server to VM Y22:09
xibalbais this passing on a bridge or router or ....22:10
CrazyGirit wouldn't be fair to compare pf & iptables22:10
=== skrewler_ is now known as skrewler
xibalbano, but i started in the bsd world so to me anything bsd > linux =P22:10
CrazyGirxibalba: no, it's port X on the VM SERVER to one of its VMs22:10
xibalbaexcept the driver devleopment122:10
CrazyGirhah22:10
CrazyGirxibalba: sure, that would be due to corporate investment though22:10
xibalbaCrazyGir , i think you should take a look at virtualizing pfSense on your VMWARE box22:10
CrazyGirand yea, I would agree, though I started with linux and then went to BSD22:10
xibalbaand using that to control the natting to your VM environment22:10
xibalbai've seen alot of peopledo it and have had good luck with it22:11
CrazyGirI didn't say VMWare at all22:11
CrazyGirthat isn't what I'm trying to do22:11
CrazyGirI'm simply trying to ensure specific ports on the vm server go to specific IPs (the server's vms)22:11
CrazyGirit doesn't need to be more complicated than that22:12
xibalbahmm after i write tihs email i can pay attention22:12
xibalbahang on22:12
CrazyGirha :)22:12
CrazyGirI'll be here22:12
xibalbaso you have a VM box, running some sort of hyper-visor and virtual mahcines under neath the hyper-visor22:14
xibalbayeah?22:14
xibalbaforgive me if i'm delayed, i'm at work too22:14
CrazyGirdon't worry22:15
CrazyGirthis is really a more simple question, you can easily ignore the VM bits22:15
CrazyGirthe VM bits mean that doing something like pfsense is unnecessary22:16
CrazyGirwhat I need to do is forward tcp from port X on an interface (on a ubuntu server) to another ubuntu server (specific IP)22:16
xibalbaoh like Redirect ?22:16
xibalbayou know to be honest with you i'm thinking pf syntax when you're describing this, i wont be of any help w/iptables22:17
CrazyGir:P22:18
CrazyGirI'm asking mostly for confirmation (to any gurus who would know) as what I'm seeing is not what I would expect22:18
CrazyGirbut I'm unsure, it could be something else22:19
quentusrexAnyone know where mdadm logs to?22:27
qman__it doesn't log, that I'm aware22:28
qman__the current status is always in /proc/mdstat22:28
qman__and it will email root on failures22:28
quentusrexI have what appears to be a device failing, and resyncing22:29
quentusrexbut I am getting no messages from mdadm.22:29
qman__then root's mail is probably not set up to mail to you22:29
qman__or you may not have an MTA installed22:30
qman__personally, I don't wait on mdadm to fail a disk, I have smartmontools mail me whenever bad sectors show up22:31
quentusrexqman__, I'm trying to track down a high load on idle issue22:31
quentusrexand it seems I'm getting millions of ahci interrupts22:31
quentusrexand the only thing I can think of that causes that many interrupts in a short span is a drive resyncing.22:31
qman__cat /proc/mdstat22:32
qman__it will tell you if it is22:32
qman__and if it has failed any disks22:32
quentusrexit reports everything is fine, but the disk order on a raid 1 array has changed.22:32
xibalbaadios ppz, and thanks for the help ppetraki22:32
qman__disk order isn't important, that's just whatever order it happened to load them in22:33
qman__though it is possible you have a failing disk22:33
qman__mdadm doesn't fail a disk until it simply can't write to it anymore22:33
quentusrexI'm getting about an 8 load on idle, with the only thing I can track down as active are the disk interrupts.22:33
qman__install smartmontools if you haven't already and do a smartctl -a on each disk to check for bad sectors22:33
qman__also check dmesg for disks doing weird stuff on a kernel level22:34
quentusrexyeah, nothing in that file after boot22:34
quentusrexhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/81554022:35
uvirtbot`Launchpad bug 815540 in linux "Server becomes unresponsive after spawning 16 ksoftirqd processes" [Undecided,Confirmed]22:35
quentusrexI have two servers nearly identical setup. One works great the other... doesn't.22:35
quentusrexThe only difference hardware wise is the size of the partitions, and the failing one has a seagate drive and two WD drives, where the working on has 3 WD drives.22:36
quentusrexqman__, http://paste.ubuntu.com/652024/22:38
qman__brand really isn't important, all the manufacturers make crap these days22:38
quentusrexRaw Read Error rate seems a bit worrisome.22:39
qman__if my seagate is any indication, you have nothing to worry about there22:45
qman__1 Raw_Read_Error_Rate     0x000f   047   045   006    Pre-fail  Always       -       7051658722:45
fluvvellIts the interpretation of the figures that is important. The Desktop Disk Utility has a nice page for a clear view of smart data.22:48
qman__said drive has a power on time of ~3.9 years22:48
=== nandemonai is now known as Guest91417
=== nandemonai_ is now known as nandemonai
fluvvellqman__, I've yet to really figure out the significance of normalised and worst. e.g. One of my drives has 3.7 years of on time, normalized and worst are both 56. Is that years??23:06
=== Refael is now known as FernandoTertiary
samuelkadolphAnyone familiar with upstart? I'm wondering when exactly startup is emitted because I'm writing a script and it works until I add >>/var/log/foo.log to the exec line. My guess is that the fs isn't ready yet but I doubt that.23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!