/srv/irclogs.ubuntu.com/2011/07/26/#ubuntu-server.txt

qman__	upstart, by design, fires everything up simultaneously as soon as it can, unless configured dependencies preclude it	00:05
qman__	so if you depend on something having already been done, you need to configure that in your script	00:05
SpamapS	samuelkadolph: startup is emitted at the very very very beginning of pid 1's existence	00:07
SpamapS	samuelkadolph: you need to 'start on filesystem' .. not startup	00:07
samuelkadolph	That fixed it, thanks qman__ and SpamapS. I am curious about why trying to redirect the io breaks it but not launching the server itself.	00:11
minashokry	hello everyone, my box has many domains and subdomains on it, I have jenkins running on port 8081. I want jenkins to be accessible only using jenkins.domain.com so that I can set up authentication on this subdomain. I am using apache proxy module for this. now I want to disable accessing it using any other domain by using 8081 port. how can I do this?	00:17
samuelkadolph	If you are using ProxyPass then just block 8081 with your firewall or bind jenkins to 127.0.0.1 so only apache can access it	00:19
minashokry	how can I do any of these? I tried many things but still failing	00:20
samuelkadolph	Stop unblocking the port with your firewall and if you don't have a firewall, get one.	00:21
minashokry	I prefer the second solution	00:24
minashokry	when I bound jenkins to 127.0.0.1, it became not-accessible even from apache	00:24
samuelkadolph	Then you are using the wrong url	00:25
samuelkadolph	If it's http://localhost:8081/ change it to http://127.0.0.1:8081/	00:25
minashokry	this isn't what I want to do. I want it to be accessible only by using subdomain.domain1.com and not by anything else like domain2.com:8081	00:26
samuelkadolph	Then you have to block external access to 8081 and ProxyPass to localhost:8081 from that domain only	00:28
minashokry	in my virtual host file of subdomain.domain1.com, I have PassProxy / http://127.0.0.1:8081, and jenkins is bound to 127.0.0.1. now, I see a blank page when requesting subdomain.domain1.com	00:31
minashokry	the good news is domain2.com:8081 is giving nothing	00:31
samuelkadolph	Having a trailing slash with ProxyPass is very important	00:31
minashokry	I have it on file, sorry for forgetting it here	00:33
samuelkadolph	What does the error_log say?	00:36
=== medberry is now known as med_out
=== kentb is now known as kentb-out
=== Refael is now known as FernandoTertiary
=== RudyValencia- is now known as RudyValencia
twb	Is it possible to have mlocate scan the local filesystems daily, but only scan remote (i.e. NFS) filesystems on a Sunday, when the bandwidth spike won't be noticed?	03:59
=== cerber0s is now known as cerberos
philipballew	i was unable to configure my dchp during the install as i was offline. how can i do that now that i am connected?	05:57
Diee	hi	06:14
=== cerber0s is now known as cerberos
=== smb` is now known as smb
jits	hi guys . i have a dual nic system .. one nic is connected to a network with multiple vlans, and other nic is the internet connection .. when the request comes without vlan then it gets to intenret fine, but requests from vlan are not working on most sites..	08:20
jits	i believe most sites are not responding to requests with vlan id .. so we need to strip it for requests going out to internet .. how do i do that ?	08:21
jits	where do i set vlan=no for internet connection ?	08:25
greppy	c	08:55
uvirtbot`	New bug: #816313 in openssh (main) ""ssh -b x.x.x.x" or "ssh -o BindAddress=x.x.x.x" does not work." [Undecided,New] https://launchpad.net/bugs/816313	09:16
* twb bets triangle routing		09:30
twb	Oh, or he's just not untagging correctly..	09:30
tixo5	hi, just wondering if anybody has used iRedMail? have any opinions on it ?	10:49
tixo5	as i am struggling to setup mailserver a little, i mean its running fine but i want virtual users etc	10:53
tixo5	anyone around that can help with taking a server snapshot ?	11:12
alamar	tixo5: what do you mean by that?	11:39
tixo5	like some shared hosting providers, allow a server snapshot, like a full image of the server	11:40
tixo5	im setting up a VPS for first time, and would like to do something similar	11:40
tixo5	possible to take a full image via shell ?	11:40
overrider_	I am going to install a minimal x server with fluxbox on my server - is there any way i can prevent apt-get from pulling all the xorg-drivers except the one i really need (intel)? Is that even benefitial in order to keep thinks as light as possible or should i just do the old sudo apt-get install xserver-xorg xserver-xorg-core fluxbox	11:46
smb	zul, Whenever you get online, could you ping me?	11:50
zul	smb: ping i saw the depwait for ipxe i just added it to the seeds	11:51
smb	zul, Ah ok, then that get sorted already. The other thing I wanted to chat about is your thoughts on the grub config idea	11:52
zul	smb: sure	11:52
zul	smb: what was the idea again	11:53
tixo5	whats the best packaged backup solution for ubuntu ?	11:53
smb	Well basically to have two distinct sets of command line arguments for dom0 kernels and "normal" kernels	11:53
smb	an not the same being used for both as currently	11:54
zul	ok..	11:54
smb	At least I (not sure that is common though) have the problem of using two different console definitions for both	11:54
smb	When I start a normal kernels console=ttyS1 and for xen dom0 its console=hvc0	11:55
zul	oh this is the serial console stuff?	11:55
zul	right	11:55
smb	right	11:56
zul	yeah im all for it, if you can give me a debdiff for it :)	11:56
smb	zul, That should be possible. :-P	11:56
smb	Have not prepared one yet. But basically running it in locally modified environment	11:57
zul	smb: sweet....go for it then	11:58
tixo5	best backup solution for ubuntu server?	12:16
tixo5	rsnapshot?	12:17
WinstonSmith	http://duplicity.nongnu.org/	12:18
tixo5	ok thanks ill take a look	12:23
tixo5	beta software?	12:24
tixo5	ideally i would like to take the backup via SSH to my local machine	12:25
WinstonSmith	they have a stable release	12:25
WinstonSmith	and it supports ssh, ftp, DAV, etc	12:26
tixo5	ok	12:26
alamar	tixo5: you want a snapshot of the vps?	12:26
WinstonSmith	you can also use it with duply http://duply.net/ which is a console frontend	12:26
tixo5	yes basically	12:26
alamar	you could just use lvm snapshots or depending on the vps technology you use vzdump/vzsnapshot for example if it is openvz	12:27
tixo5	before i wipe it and start again, incase i mess up etc	12:27
tixo5	yes its openvz	12:27
tixo5	doesnt my provider need to support that ?	12:27
jane-	my router says Primary DNS Server 119.159.255.37 Secondary DNS Server 203.99.163.240 , how can i know which public dns the ip refers, whats the name of that dns 2. how can i make my own dns and get the list of all the websites of the world?	12:27
alamar	tixo5: .. I thought you were the provider	12:27
tixo5	jane-: #dns	12:27
jpds	jane-: A list of all the websites in the world?	12:28
tixo5	no alamar i have a VPS container, i have setup everything else myself	12:28
tixo5	but being the first time i am worried i have done a few things a little messy, so want to start from scratch	12:28
tixo5	i am unable to take a snapshot or use the snapshot without my provider supporting that right ?	12:29
jane-	jpds yes. webs and ips, thats what dns do.	12:32
jpds	jane-: Why would you want that?	12:32
WinstonSmith	JanC:	12:32
WinstonSmith	ermm	12:32
jane-	i want to make my own dns	12:32
tixo5	jane, you need BIND DNS running	12:32
tixo5	with a master zone	12:32
WinstonSmith	jane-: whois 119.159.255.37 for ex. ?	12:32
tixo5	then add A records and such	12:33
jpds	jane-: But you want your own DNS records for every website in the world?	12:33
jane-	jpds yes.	12:34
tixo5	what are you on about	12:34
tixo5	lol	12:34
shauno	that's "you're crazy" territory. usually for sites you don't handle, your dns server would query upstream & cache. trying to take a snapshot of every site in existance would be exceptionally difficult (even if you're google)	12:36
tixo5	WinstonSmith: that duplicity is meant to backup local systems to another server?	12:37
jane-	how public dns work then. they have a list. dont they?	12:37
tixo5	not sure if im right, but all zones are hosted by many servers all over the work	12:38
tixo5	so com will be hosted	12:38
jpds	jane-: No, they query other DNS servers.	12:38
WinstonSmith	tixo5: not the whole system ( well not partitions) only files. and it can backup locally or remotely (ssh, ftp, dav, etc)	12:38
tixo5	then the (.)	12:38
tixo5	WinstonSmith: i sort of want to take a snapshot, is this impossible without support from the VPS provider?	12:39
WinstonSmith	tixo5: can't help you there, never used VPS.	12:39
jpds	jane-: They don't have their own copies for every DNS record in existance.	12:39
jane-	jpds then who does	12:40
jpds	jane-: Noone.	12:40
jamespage	Daviey: ack a sync for me? (https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/816393)	12:40
uvirtbot`	Launchpad bug 816393 in tomcat7 "Sync tomcat7 7.0.19-1 (universe) from Debian unstable (main)" [Wishlist,New]	12:40
jane-	if my router states pri dns and sec dns. that means it goes to that ip and fetchs ips of websites according to their names.... doesnt it ?	12:41
jpds	jane-: Yes.	12:41
GreenDance	Hi	12:41
jpds	jane-: And those DNS servers, will forward requests they don't know the answers to, to other DNS servers.	12:41
tixo5	ya	12:42
tixo5	each zone jane- is hosted by another server	12:42
tixo5	(www)(.)(domain)(.)(com)	12:42
tixo5	not always but u get the idea	12:42
jane-	jpds ok. and those others dns servers can be any in world.. ? isnt there a main one dns serveR that has all ?	12:42
jpds	jane-: No, they send DNS requests down the chain.	12:43
jane-	jpds how many are there any way. any gues?	12:43
jpds	jane-: . nameservers, go to .com nameservers, which go down to ubuntu.com nameservers, etc.	12:43
GreenDance	Hi, I have a server which is shared between me and others, (my server), I allow them http://mydomain/theirsite, but how can I stop the users from looking at eachothers files, uploading a php directory listings allows access to others files /site1/ /site2/ etc.	12:43
jpds	jane-: What exactly are you trying to accomplish?	12:44
tixo5	GreenDance: are you using virtualhosts?	12:44
GreenDance	tixo5 yes	12:44
tixo5	each user is a unix system user?	12:45
tixo5	or all the same user	12:45
tixo5	as thats probably your issue	12:45
jane-	jpds just studing, and may be ill make my own dns	12:45
jane-	small one	12:45
GreenDance	tixo5, same users	12:45
jane-	are they all legitimate dns servers, and what if i want to make my own, bind dns resolver ? ill need a list of ip names and corresponding names , how can i get it ?	12:46
GreenDance	tixo5, same user*	12:46
jane-	jpds ^	12:46
GreenDance	apache:apache	12:46
GreenDance	i think	12:46
GreenDance	tixo5: if I create a unique linux user for each person, would that work?	12:47
tixo5	well if you want different permissions i would use different users per/site	12:47
tixo5	yes, there is probaably other ways	12:47
tixo5	you could create virtual users using a mysql backend	12:47
GreenDance	really?	12:47
GreenDance	:o	12:47
GreenDance	:D	12:47
tixo5	well my mailserver's users are stored in a database	12:48
tixo5	so i dont see why not	12:48
jpds	jane-: Install bind9 on a machine somewhere?	12:48
tixo5	jpds that was my original reply	12:49
jpds	jane-: https://help.ubuntu.com/10.04/serverguide/C/dns.html	12:49
tixo5	jane-: #dns will me more help	12:49
jane-	hm	12:50
tixo5	jane-, i am running BIND on my server	12:51
tixo5	i host my own DNS records	12:51
tixo5	somebody else hosts the (.) and (com)	12:51
tixo5	you may need your domain registrar to add a 'glue record' to the (.)	12:52
Kurisutian	Hey guys! Maybe somebody in here can help me with this: When logging in to my ubuntu server, the appearing statistics summary page shows the /home directory instead of the root directory... unfortunately I have no clue how to change that... does anyone know where I can do that?	12:52
jane-	tixo5 is it possible to make a new domain , e.g not .com but .moc ?	12:53
tixo5	no	12:54
tixo5	as far as i am aware	12:54
tixo5	there are 'bodies' that govern things like that	12:54
tixo5	the internet would become a crazy place is that was possible	12:54
Pici	ICANN has allowed generic TLDs to be registered, but it costs a prohibitive amount of money to do so.	12:55
tixo5	money is the solution to most things, in this context ill stick with it not being possible	12:55
jane-	tixo5 if i make a list of .moc and supose some people make my server as their pri dns. then they can see a different google.moc ?	12:55
tixo5	again jane, for 5th time your better off asking in #dns	12:56
jane-	k	12:56
Kurisutian	nobody knows where to change the information on the login summary page?	12:56
smoser	lynxman, around ?	13:06
adac	guys, how to add a system user on command line?	13:15
j3roth	Kurisutian, you want to change th motd that displays on login?	13:15
WinstonSmith	adac: man adduser	13:17
j3roth	adac: Correction: man useradd	13:17
WinstonSmith	both should work	13:18
uvirtbot`	New bug: #816414 in nut (main) "[MIR] nut (nut-doc, nut-client, nut-server)" [Undecided,New] https://launchpad.net/bugs/816414	13:36
lynxman	smoser: here	13:43
tixo5	rsync'ing / root is a bad idea?	13:43
smoser	lynxman, i put one question in the merge proposal, but then i had some others.	13:45
lynxman	smoser: shoot	13:45
lynxman	tixo5: it normally is	13:45
smoser	tixo5, rsyncing it to another system, or carefully to another drive will work, though capturing the state of a live filesystem is less than ideal.	13:46
smoser	lynxman, i had intended that "include_once" would be really just "download_once"	13:46
tixo5	i was trying to backup to my local machine over ssh but obviously cant use root as ive disabled login, so need to setup the daemon	13:46
smoser	but you implemented as "include_once".	13:46
tixo5	is there any other better backup solutions to images the partition of my VPS	13:46
tixo5	guess that impossible	13:46
lynxman	smoser: it is download once as far as I see it	13:47
lynxman	smoser: yeah, wasn't that what we agreed the naming convention would be? :)	13:47
smoser	tixo5, rsync is probably reasonable. you can still use rsync as root.	13:47
Daviey	smoser: wait what.. you are advocating using rsync as root?	13:47
tixo5	can from the system	13:48
tixo5	but not remotely	13:48
smoser	in order to read files that are root-protected that is generally required.	13:48
tixo5	i was looking more for a VPS snapshot	13:48
tixo5	this cant be done from within the system right ?	13:48
smoser	tixo5, you can do it, you just have to have rsync client tell the server to use a different "rsync client"	13:49
smoser	see man page	13:49
smoser	--rsync-path=/home/smoser/my-rsync	13:49
tixo5	rsync is totally different to snapshot though	13:49
smoser	where my-rsync has something like: exec sudo rsync "$@"	13:49
tixo5	i want an image of my VPS ideally	13:49
Daviey	smoser: i think we need a rsync-rootwrap.	13:49
smoser	we do indeed.	13:49
smoser	we need more setuid executables i think	13:50
smoser	lynxman, hold on	13:50
lynxman	smoser: holding on :)	13:50
tixo5	smoser: if i rsync'ed /, installed fresh OS and restored	13:50
tixo5	everything wouldnt work right ?	13:50
smoser	tixo5, well, probably would. or very close.	13:51
smoser	but i would be surprised if there werent some issues.	13:51
tixo5	so, i am looking for a solution like VPS snapshot	13:52
smoser	or at least would not be surprised if there were some issues	13:52
tixo5	is that impossible without admining the dedicated server my VPS is on ?	13:52
smoser	tixo5, you'd run into the same sets of issues (at least some of them) with block level	13:52
smoser	some would be different	13:52
smoser	you need to sync the filesystem to the block device (fs_freeze) before you snapshot	13:53
tixo5	most VPS providers alllow snapshot images to be created, and restored	13:53
smoser	but then, you still get a "live" filesystem.	13:53
tixo5	hmm	13:53
smoser	when you start form that live filesystem, at very least that volume will be dirty and need fsck (maybe fs_freeze woudl handle that... id don't know)	13:53
smoser	its the same as if you lost power	13:53
smoser	which normally is fine	13:53
tixo5	so your basically saying theres not much different between using rsync, and a VPs providers snapshot of the system	13:54
tixo5	wish my provider allowed for offsite images to be taken	13:55
tixo5	dont see why that would be so difficult	13:55
smoser	lynxman, if os.path.isfile(includeonce_filename): continue	13:55
tixo5	thanks for help anyway	13:55
smoser	block level snapshots are more complete than filesytem level	13:56
smoser	more complete == safer	13:56
tixo5	and its impossible for me to do that from my VPS?	13:56
smoser	for instance, some things that rsync would not pick up are your filesystem UUID or LABEL	13:56
smoser	which may exist in /boot/grub/grub.cfg	13:56
smoser	if not restored, your system might not reboot.	13:56
tixo5	leaving it pretty painful to backup/restore	13:57
lynxman	smoser: that's what I do, I just name it a bit differently	13:58
smoser	block level is going to be safer. filesystem level is going to be smaller.	13:58
smoser	neither are perfect.	13:58
smoser	perfect is shutdown, snapshot, start	13:58
tixo5	i can do block level?	13:58
smoser	(imo)	13:58
smoser	well, you can...	13:58
tixo5	shutdown, snapshot is what i want to do	13:59
smoser	dd if=/dev/sda of=- \| ssh system 'dd > disk.img'	13:59
tixo5	but i have not got those features in my client panel so i cant do it right?	13:59
smoser	i'm really not very familiar witih vps's, but it sounds reasonable that they do not hvae block level snapshots exposed to you.	13:59
tixo5	most do, but mine is cheap :)	14:00
smoser	lynxman, ^	14:02
lynxman	smoser: replied to you in the middle of the rsync thread :D	14:07
smoser	lynxman, right. you 'continue'	14:08
smoser	so you never process that include again	14:08
lynxman	smoser: hence include-once	14:09
smoser	right.	14:09
smoser	i would have preferred "download-once"	14:09
smoser	to suffice for the one time url	14:09
smoser	i dont see a real-need for process-once	14:09
smoser	as most things are 'per-instance' anyway	14:09
smoser	(ie, your mcollective stuff is per-instance)	14:09
lynxman	smoser: for certs for example makes sense, that's what I had in mind	14:09
smoser	why does it make sense?	14:10
smoser	you have other controls over whether or not to act on the data more than once.	14:10
smoser	i think the data should be present to cloud-init so it could act on it	14:10
smoser	if it was a module or soemthing that should be acted on every time	14:10
lynxman	smoser: hm okay let me paint you an scenario	14:10
lynxman	smoser: you get temporary certs, which mcollective uses to connect to a provisioning collective, then it gets fed new certs for the "global" collective once its authenticated and properly provisioned	14:11
lynxman	smoser: that is actually the scenario I had in mind, in this scenario I just need these certificates once, and that data should not be acted upon ever again, if so it'll reset the machine status	14:11
smoser	lynxman, thats fine	14:15
smoser	that situation works fine	14:15
smoser	you can process that hunk multiple times	14:15
smoser	because mcollective module only runs per_instance	14:15
smoser	which means once (the first boot)	14:15
smoser	no side effects will occur the second time	14:15
robbiew	zul: ping...I got 10 pandaboards...how many you need for OpenStack on ARM testing :P	14:17
zul	robbiew: one would be good	14:17
* RoAkSoAx would like one if there's one to spare :)		14:19
robbiew	zul	14:19
robbiew	cool	14:19
robbiew	RoAkSoAx: yeah...I think I can swing that	14:19
smoser	lynxman, i have this suggested change: http://paste.ubuntu.com/652442/	14:19
RoAkSoAx	robbiew: cool thanks ;)	14:19
robbiew	zul: so is it possible to have OpenStack installed across multiple pandaboards...with only LXC	14:20
robbiew	i.e. multiple compute nodes	14:20
zul	robbiew: it should be able...maybe two then	14:20
robbiew	zul: ;)	14:20
lynxman	smoser: well if you wish that feature instead of mine, sounds good :)	14:21
lynxman	robbiew: can I have one? I promise to feed it nicely	14:21
smoser	i think its generally a superset of function	14:21
lynxman	robbiew: :D	14:21
lynxman	smoser: fair enough :)	14:21
smoser	the other question i had, lynxman	14:21
smoser	the private key should be 0600 right?	14:22
lynxman	smoser: hm I think so, wasn't sure so I didn't implement it yet	14:22
lynxman	smoser: wanted to test it first once merged and then make the change if needed	14:22
lynxman	smoser: but it makes sense	14:22
smoser	lynxman, you know, you are allowed to test things before i merge them	14:23
smoser	its even generally smiled apon	14:24
lynxman	smoser: lol ;) I normally do	14:24
lynxman	smoser: this one is highly experimental though	14:24
smoser	lynxman,	14:25
smoser	well, can yo udo 2 things for me	14:25
smoser	i will push a brnach with some changes to your code	14:25
smoser	can you build it and test it?	14:25
smoser	lynxman, lp:~smoser/cloud-init/include_once_and_mc_cert	14:26
lynxman	smoser: will give it a shoot	14:26
robbiew	RoAkSoAx: hey...interested in getting cobbler to work with ARM images?	14:27
RoAkSoAx	robbiew: though that zul already had that working..	14:29
RoAkSoAx	zul: ^^	14:29
robbiew	RoAkSoAx: nope	14:29
RoAkSoAx	robbiew: yeah why not	14:30
zul	RoAkSoAx: the ground work is there already just needs to be followed through	14:30
RoAkSoAx	zul: cool ;)	14:30
* smoser re-reads above, and for the 4.23e8'th time he realizes he may have sounded rude.		14:31
smoser	sorry, lynxman	14:31
lynxman	smoser: no worries, really	14:31
robbiew	RoAkSoAx: cool, thx...then will send you 2 boards ;)	14:32
RoAkSoAx	robbiew: hehe ok ;)	14:32
Daviey	zul / RoAkSoAx: they need to work with u-boot PXE loader, and be as ready as possible to work with native PXE booting.	14:33
zul	Daviey: agreed	14:33
Daviey	(might need to use NCommander for support on that)	14:33
hggdh	oh, NCommander has been package for Ubuntu?	14:42
hggdh	:-)	14:42
robbiew	RoAkSoAx: send me an email with your mailing address and phone, and I'll handle the rest	14:42
robbiew	smoser: interested in a panda board?	14:42
* NCommander apt-get instakk's himself		14:42
hggdh	heh. BTW, NCommander, thank you for rooting my android, works perfectly :-)	14:43
RoAkSoAx	robbiew: will do	14:43
smoser	RoAkSoAx, i'm not un-interested.	14:44
smoser	i would plug one in and give it a try.	14:44
robbiew	smoser: cool	14:44
robbiew	smoser: can you shoot me an email with your address and phone...I can take care of the rest	14:45
* robbiew notes he should have this...but won't "go there"		14:45
fullstop	The heartbeat + pacemaker in ubuntu-server 10.04.. is this a long-term cluster plan for ubuntu or are they moving elsewhere?	15:07
smoser	utlemming, https://gist.github.com/1100458	15:09
utlemming	smoser: nice :)	15:10
apw	kirkland, hey ... i have an external usb drive on a server that i'd like to be a luks encrypted volume, got any experience of monting those during boot ? and i'd like to have it	15:18
=== med_out is now known as medberry
kirkland	apw: I don't, but kees does	15:24
kirkland	apw: kees uses a usb drive just like that	15:24
lsheeba	Kind attention please , im getting shell booters and host booters hitting my server , how can i trace whos doing it and how can i stop them	15:37
lsheeba	and is their some kind of special support for such problems , that im willing to be greatful in paying the sum of hes help knowledge	15:38
=== andreas__ is now known as ahasenack
alamar	lsheeba: what are shell and host booters?	15:44
lsheeba	It consists of some php flooding shells and a gui.	15:44
lsheeba	the gui pings the shells and gives them a command to flood a certain IP	15:44
lsheeba	since the shells can be on servers with high bandwidth connections, it can be a powerful flooding method.	15:44
lsheeba	it hurts my servers badly , all of my local network cant ping the server then	15:45
zul	er...turn it off then?	15:45
alamar	so block their ips and try to get upstream to nullroute them	15:45
lsheeba	their offline	15:45
lsheeba	im on my personal pc running ubuntu 11.04 desktop	15:45
kim0	Howdy folks, Ubuntu cloud days (day-2) starting in #ubuntu-classroom on the hour .. see you there	15:45
lsheeba	ive blocked all oversea's ip's and allowed local ip's only and still how do they get access ?	15:45
alamar	(and in addition contact the hoster's abuse department of the infected servers)	15:45
lsheeba	im running a small GSP	15:46
lsheeba	with a static ip that i have purchased	15:46
tixo5	booters	15:47
tixo5	arent meant not to be tracked	15:47
tixo5	they use shells hosted on other servers that have been hacked	15:47
* tixo5 shows his blackhat side :(		15:47
lsheeba	cyber crime department didnt help much , well didnt help at all	15:47
tixo5	i gave you your answer	15:48
lsheeba	any solution?	15:48
lsheeba	tixo5,	15:48
tixo5	a WAF?	15:48
tixo5	or ddos module for apache	15:48
thisismygame	Hello, is anyone here familiar with mdadm raid arrays? I just got the mdadm alert email saying a drive was removed from the array. It is now marked as faulty. I was curious if there is any way to see a log of when/where/how this happened?	15:48
lsheeba	do u know of any specialized guru who will accept a payment to perform our security liabilities for this GSP , personal-aid not an organizational request because then we couldve gone for expensive firewall hardwares	15:49
thisismygame	Further, I am curious if anyone can help with replacing the failed drive with a new drive. The new drive will be a new model and likely new make. Which specs are necessary to be consistent among hard drives across mdadm raid arrays?	15:50
tixo5	i do penetration testing, securing servers it not my area, although i know a decent amount	15:50
tixo5	i have work shortly but i will add you incase i can help	15:50
lsheeba	Thanks a bunch	15:50
StevenR	thisismygame: one thing at a time. Review the system logs at the time of the alert	15:50
jpds	lsheeba: Rate-limit network traffic on a per-IP basis?	15:51
lsheeba	i theory the problem of other gsp's here attacking me because of my price range in cost per slot	15:51
lsheeba	jpds, ive tried that , and it puts pressure in hogging the router's cpu " 100% "	15:52
thisismygame	StevenR: I just looked at dmesg and /var/log/messages. dmesg has nothing related, and /var/log/messages, is, from what I can tell, empty. :o	15:53
StevenR	thisismygame: /var/log/syslog	15:53
RoyK	tixo5: what do you use? openvas?	16:00
tixo5	for pentests?	16:00
RoyK	yep	16:00
tixo5	many many many tools	16:00
tixo5	i specialise in web app security	16:01
RoyK	ok	16:01
tixo5	trying to go for a niche :)	16:01
RoyK	any tool in particular?	16:01
tixo5	not being a large company i cant afford the larger tools like webinspect	16:01
* RoyK has a scan running with openvas against his office computers		16:01
tixo5	openvas and such are only good for finding outdated packages rly,	16:02
tixo5	thats all it really does	16:02
tixo5	compares versions	16:02
RoyK	I know	16:02
RoyK	that's why I wondered about other tools, specifically for probing webapps	16:02
tixo5	webapps, opensource like w3af	16:03
tixo5	not a bad framework, quite buggy atm though	16:03
RoyK	k	16:03
RoAkSoAx	Daviey: ping	16:03
tixo5	there is a distro called 'Samurai' that has some really nice tools, just waiting on their 11.04 ubuntu update, as jaunty is pain for me	16:03
RoAkSoAx	Daviey: /win 22	16:03
RoAkSoAx	argh	16:03
tiphares	how can i merge 2 folders in ubuntu?	16:04
RoyK	tiphares: rsync?	16:05
RoyK	or what do you mean 'merge'?	16:05
Daviey	RoAkSoAx: o/	16:05
RoyK	unison perhaps	16:05
RoAkSoAx	Daviey: i'll ping you again after the meeting ;)	16:05
tiphares	i have 2 folders, 1 contains a,b,d, folder 2 contains b,c,d, and i want to marge them into ONE folder, containing a,b,c,d	16:06
Daviey	RoAkSoAx: cool	16:06
RoyK	tiphares: rsync -avP folder1/ folder2/ newfolder	16:07
RoyK	iirc	16:07
RoyK	tiphares: that won't help you with collisions, though, the data from folder2 will overwrite whatever came from folder1 (or was it the other way around?)	16:07
tiphares	doesn't matter which ones overwrite the other	16:08
thisismygame	StevenR: oh, they moved it. yea this has some relevant info. Buffer I/O error, dev sda, sector 0	16:08
tiphares	as they both contain some of the identical files	16:08
tixo5	why cant you just copy	16:08
tixo5	move* sorry	16:08
RoyK	tiphares: then just rsync, or as tixo5 said, copy or move - but rsync may be easier	16:08
tixo5	depending on size rsync will be better	16:08
RoyK	tiphares: if you have f1 and f2 and you want all in f2, cd f2; rsync -avP ../f1/. .	16:09
tiphares	hm	16:09
tiphares	oke, never used rsync, i'll check it out thanks	16:09
tixo5	tiphares: it sounds like your over compicating somwething :P	16:10
tixo5	somethign*	16:10
tixo5	o god	16:10
tiphares	yeah i don't know	16:10
tiphares	i'm a noob	16:10
RoyK	tixo5: rsync isn't really complicated, though :)	16:10
tiphares	coming from windows; when i have 2 folders named pictures, with some of the same files in them, i can just drag and drop either folder and "merge" it with the other one	16:10
tiphares	that's what i want to do	16:11
tiphares	though, using a shell, of course	16:11
RoyK	tiphares: mv f1/somedir f2	16:11
tiphares	what happens when some files conflict then?	16:11
RoyK	just use rsync	16:12
RoyK	it's the easy way	16:12
tiphares	i'm confused :(	16:12
RoyK	or cp -R f1/* f2	16:12
RoyK	tiphares: the unix way: There's More Than One Way To Do It	16:12
tiphares	copying files wont really merge though	16:13
RoyK	tiphares: cd f2; rsync -a ../f1/. .; cd ..	16:15
thisismygame	StevenR: I think we can call this drive deceased. http://pastebin.com/4JW5qT4j	16:15
RoyK	tiphares: then remove f1	16:15
RoyK	or something	16:16
tiphares	thing is i have limited space, and the folders i want to merge are pretty big	16:16
tiphares	but ye	16:16
tiphares	trying out some of the stuff now	16:16
tiphares	:p	16:16
tiphares	kind of overwhelmed with alternatives	16:16
tiphares	rsync man page is like a book though	16:17
RoyK	just use -a	16:17
RoyK	that'll cover most of what you need	16:17
RoyK	add -v to make it verbose	16:18
tiphares	i'd like to know what it does before i use it:p	16:18
RoyK	-P isn't needed	16:18
RoyK	-a == --archive => keeps all sorts of attributes, ownership etc	16:18
tiphares	ah i see	16:19
tiphares	-v = verbose = ?	16:19
RoyK	yes	16:19
RoyK	-P is --partial --progress	16:19
tiphares	dno what verbose means :(	16:19
RoyK	--partial won't be needed unless working with BIG files locally, but -P is short and adds verbosity :P	16:19
RoyK	verbose == noisy	16:20
RoyK	verbose != quiet	16:20
tiphares	yeah alright now you lost me completelyt	16:20
Pici	verbose means it is going to tell you about every action it does.	16:20
tiphares	ah like logging	16:21
StevenR	thisismygame: looks kinda that way, yes.	16:21
StevenR	thisismygame: I think you need to tell mdraid to remove it, and then add another drive.	16:21
tiphares	rsync man page is 2642 lines	16:22
tiphares	that's madness	16:22
StevenR	tiphares: why is it madness?	16:22
RoyK	Dora:~ roy$ man rsync \| wc -l 3562	16:23
RoyK	that is - wc -l returned 3562...	16:23
RoyK	tiphares: there's no need to read it all	16:23
tiphares	no that's why i'm here	16:24
tiphares	heh	16:24
RoyK	again, -avP will be quite sufficient	16:24
tiphares	yeah	16:24
tiphares	i get you	16:24
RoyK	cd /target/dir/whereever/it/is and rsync -avP /source/dir/ .	16:24
tiphares	just trying to figure out what it's actually doing	16:24
RoyK	make sure you add the / at the end of source dir - otherwise it'll create the sourcedir in your dir	16:25
RoyK	you can move that out later, of course...	16:25
RoyK	so /source/dir/ means /source/dir/* (except /source/dir/* won't move 'hidden' files starting with .)	16:26
RoAkSoAx	Daviey: ok	16:50
Daviey	RoAkSoAx: Hey!	16:50
RoAkSoAx	Daviey: howdy ;)	16:50
Daviey	RoAkSoAx: What is the status of redhat-cluster?	16:50
RoAkSoAx	Daviey: as in?	16:51
RoAkSoAx	Daviey: redhat-cluster is soon to be dead	16:51
Daviey	It seems it might uninstallabale	16:51
RoAkSoAx	Daviey: is there a bug #	16:51
RoAkSoAx	Daviey: cause last time I check it was	16:52
Daviey	RoAkSoAx: no, i litterally just checked the REPORT	16:52
RoAkSoAx	Daviey: link	16:52
Daviey	wow, i can't spell today	16:52
Daviey	http://cdimages.ubuntu.com/ubuntu-server/daily/current/report.html	16:52
RoAkSoAx	Daviey: will take a look at it	16:53
RoAkSoAx	Daviey: just installed it and didn't receive any failures	16:54
Daviey	RoAkSoAx: same here, best i can think is main/universe mistmatch?	16:55
RoAkSoAx	kages could not be authenticated	16:55
RoAkSoAx	Daviey: maybe it is a sources mistmatch as when I first tried to update it showed something that some packages couldnot be authenticte	16:56
RoAkSoAx	Daviey: but was resolved by sudo apt-ge tupdate	16:56
Daviey	interesting	16:56
Daviey	RoAkSoAx: lets spend no more time on it, and see what the cdimage shows tomorrow	16:56
RoAkSoAx	Daviey: yeah	16:56
RoAkSoAx	Daviey: anyways, I wanted to talk about bug #789266	16:56
uvirtbot`	Launchpad bug 789266 in cobbler "Cobbler: Missing yum-utils & other cobbler related utils" [Wishlist,Triaged] https://launchpad.net/bugs/789266	16:56
RoAkSoAx	Daviey: according to what I can see, yum-utils Depends on yum	16:57
RoAkSoAx	Daviey: do we really want to install yum in our systems?	16:57
Daviey	RoAkSoAx: ok	16:57
RoAkSoAx	Daviey: when deploying cobbler?	16:57
RoAkSoAx	Daviey: (note that for reference I'm checking the spec file for yum-utils which depends on yum)	16:57
Daviey	makes sense	16:57
RoAkSoAx	Daviey: do we really want that?	16:58
RoAkSoAx	do we really need yum to be installed?	16:58
RoAkSoAx	Daviey: and packaging yum-utils will also mean packaging python-kitchen	16:59
Daviey	RoAkSoAx: oh golly.	17:00
Daviey	RoAkSoAx: Do we really need yum to be entirely installed for this basic support of it?	17:01
RoAkSoAx	Daviey: as I can see in the "reposync" binary, yes we do:	17:01
RoAkSoAx	from yum.misc import getCacheDir	17:01
RoAkSoAx	from yum.constants import *	17:01
RoAkSoAx	from yum.packageSack import ListPackageSack	17:01
RoAkSoAx	import rpmUtils.arch	17:01
Daviey	RoAkSoAx: Have you taken a sniff to see how much effort is involved in just the python bindings?	17:03
Daviey	I suspect they will suck without the world() avaliable, but i wonder if they provide enough just for basic support?	17:04
RoAkSoAx	Daviey: no I havent but from what I can see, there's lots of stuff that access yum modules	17:05
RoAkSoAx	and databases and stuff	17:05
RoAkSoAx	Daviey: so my wild guess is that it would need a great deal of tweaking for basic support	17:06
Daviey	RoAkSoAx: I'm hessitant to suggest just ripping out the rpm support.	17:06
RoAkSoAx	Daviey: I can just go ahead and finish packaging yum-utils to have it on archives	17:06
RoAkSoAx	Daviey: make it depend on yum	17:06
Daviey	I don't think Orchestra should just provide ubuntu/debian support :(	17:06
RoAkSoAx	Daviey: and then see what happens	17:06
Daviey	RoAkSoAx: sounds good to me.	17:06
Daviey	I think time investigating viablity is worth it.	17:07
Daviey	at least we've tried to support it that way	17:07
RoAkSoAx	Daviey: yeah and it doesn't really hurt having yum-utils in the archives, since we have yum already	17:07
Daviey	RoAkSoAx: GPWM	17:09
kirkland	Daviey: for our first rev, i think we need to get ubuntu/debian support "right" and working well	17:11
Daviey	kirkland: totally agreed.	17:12
kirkland	Daviey: and i think we can do that without being evil or hostile toward other distros	17:12
kirkland	Daviey: s/can/should/ :-)	17:12
Daviey	kirkland: which is what we are doing :)	17:12
kirkland	Daviey: \o/	17:12
=== andreas__ is now known as ahasenack
altice	anyone using TACACS+?	17:47
altice	I am having trouble compiling from source	17:47
altice	and also it has long been since removed from the Repos	17:47
fullstop	altice: I am.	18:04
fullstop	altice: ftp://ftp.shrubbery.net/pub/tac_plus/tacacs%2B-F4.0.4.19.tar.gz	18:05
fullstop	and I just did ./configure to prepare it for install.. but this was a long time ago -- there is a chance that I slightly changed the source and do not remember.	18:05
altice	yea that's what someone suggested	18:06
altice	I saw someone elses insights on that	18:06
altice	however, they did not apply to the errors I was getting	18:06
altice	I'm talking now with developers to see about getting this put into the repo after I get it figured out and working	18:07
fullstop	altice: what errors?	18:07
fullstop	errors building or running?	18:07
altice	building	18:09
altice	I upgraded some in house servers to ubuntu 10.04 LTS	18:09
altice	and I have to compile from source again for TACACS	18:09
altice	fullstop: here's a pastebin of the output from makefile	18:10
altice	http://pastebin.com/rsqRMefT	18:10
fullstop	altice: one moment.. let me see if mine still builds.	18:16
fullstop	altice: here is my full build output: http://pastebin.com/dEebuV4k	18:17
fullstop	I am x86_64	18:18
fullstop	Also 10.04 LTS	18:19
altice	I believe mine are xenon cores, i686	18:20
altice	what version of tacacs did you use?	18:20
fullstop	The same version I sent in the link above..	18:20
fullstop	tac_plus version F4.0.4.19	18:20
fullstop	You are not trying to make -j 4 or anything, right?	18:21
altice	you sent a link?	18:21
altice	or you mean my link?	18:21
fullstop	no, I sent a link to the tac_plus source	18:21
fullstop	that's the one I am using	18:21
altice	ohhh, psht gah, completely missed that	18:21
altice	yea I'm using the same ver	18:21
fullstop	can you make clean and pastebin the output from a fresh make?	18:22
altice	from the same source (shrubbery)	18:22
altice	sure thing	18:22
fullstop	I went through the trouble of setting up tac_plus purely so I could restrict access to the ASA for the rancid process.	18:22
fullstop	Other than that, I just have to trust myself with the ASA. ;-)	18:23
altice	lol, to be honest with you fullstop	18:23
altice	I have no idea what you just said ;)	18:23
altice	I know tacacs+ purly from a AAA standpoint and cisco gear	18:23
altice	authorization, access, accounting	18:24
altice	(authentication)	18:24
fullstop	I wanted to set up RANCID (also from shrubbery), but I wanted to restrict the rights of the RANCID user.	18:24
altice	never read into that, what is it used for?	18:24
fullstop	rancid periodically pulls the running configuration of network equipment and puts them in version control.	18:25
altice	mine is all based on access to network equipment. Who can log in, what commands they can use, and keeping a record of what config changes were done	18:25
fullstop	It lets you keep track of changes	18:25
altice	o0o0o really?	18:25
altice	:) I might want to look into that	18:25
fullstop	Yes, that's what I use tac_plus for as well, but just to restrict access for the process that gets the configurations.	18:26
altice	I'll write that down, RANCID might be useful in the future.	18:26
fullstop	There's a fork of RANCID which will let you use git as your backend if that's your thing.	18:26
altice	my punch list is starting to get huge.......	18:26
fullstop	http://www.shrubbery.net/rancid/	18:26
altice	honestly, I don't do enough development work to be sold on using git	18:26
altice	fullstop: okay I have the make file pasted, the whole ong	18:33
altice	one(	18:33
altice	fullstop : http://pastebin.com/DRFmEbjt	18:33
fullstop	altice: try just "make" instead of "make tac_plus"	18:34
fullstop	df	18:36
fullstop	whoops	18:36
altice	okay	18:37
altice	;) no way it was really that simple	18:38
altice	hahaha	18:38
fullstop	hahaha	18:38
altice	wtf mate	18:38
fullstop	cheers	18:38
altice	thanks for your help	18:41
fullstop	no problem. Have fun!	18:41
altice	I'm still going to push to have this included in the repos	18:41
fullstop	It wouldn't be a bad idea. It took me a while to find the source.	18:42
tiphares	can rsync only copy stuff from a to b, and not move stuff?	18:45
CrazyGir	it "syncronizes"	18:45
genii-around	If you're moving stuff thats not really synchronising....	18:45
altice	tiphares: have you read through the man pages and examples for rsync?	18:46
altice	it should explain it	18:46
tiphares	man pages for rsync are massive, so i thought i'd ask	18:46
altice	it's kind of like updating backups of files, you only care about recent stuff	18:46
altice	sure sure	18:46
tiphares	what's the point of this channel if people can't ask about stuff	18:46
altice	hey hey, don't get offended	18:46
altice	just wanted to mention that the resource was available	18:47
tiphares	i'm not, just sayin :>	18:47
tiphares	i found the mv tool insufficient	18:47
tiphares	so looking for alternatives	18:47
CrazyGir	tiphares: I generally start with questions, get them answered in the manpages, get new questions from reading the manpage, then experiment and ask for hlep	18:47
CrazyGir	tiphares: what are you doing that mv is not sufficient?	18:48
tiphares	i'd like the option to exclude stuff from moving	18:48
tiphares	couldnt' figure out how to do that with mv	18:48
CrazyGir	I am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.20	18:49
CrazyGir	tiphares: this is unix, you combine tools	18:49
CrazyGir	so use find or something (to create the list you want) and then run through xargs with mv	18:49
altice	or write a script to do your dirty work	18:49
CrazyGir	OR, create a list of files in txt, and cat this to xargs	18:49
altice	true	18:49
altice	you can use grep to filter out things you want	18:50
CrazyGir	eg, you can do all sorts of things here :)	18:50
altice	also true	18:50
CrazyGir	small utilities to do specific things, combined in the ways that you need	18:50
altice	power of unix tools	18:50
CrazyGir	amen	18:50
tiphares	yeah i'm aware of that i can make this happen with scripts	18:50
CrazyGir	you don't need scripts	18:51
tiphares	but i'm sorta new to nix, and wondered if there's pre defined tools to do this	18:51
CrazyGir	cat list.txt \| xargs mv ...	18:51
CrazyGir	done.	18:51
CrazyGir	create that list however you need to	18:51
altice	yep, listen to Gir, that's a good method to approach this	18:52
tiphares	hm	18:52
tiphares	i'm confused :(	18:53
altice	make a list of the file names your trying to move	18:53
tiphares	manually?	18:53
altice	hehe yes that or do it a more elegant way	18:53
tiphares	may i ask for some input there	18:53
altice	okay so.......first things first where are the files located	18:53
altice	all in one folder?	18:53
tiphares	yeah	18:54
altice	k good	18:54
altice	we can generate a list	18:54
altice	easier since it's in one folder	18:54
altice	are there similar strings of letters that you want to move and some you dont?	18:54
tiphares	yeah	18:55
altice	i.e.........all the files that begin with 'erg'?	18:55
altice	give me an example?	18:55
tiphares	TR is the stuff i want to move into another folder	18:55
altice	so begin with T<anything>R<anything> ?	18:56
tiphares	or actually, i want to move anything but Ts.A	18:56
tiphares	but yeah, can start off simple	18:56
altice	okay so are you using regular expressions? do you understand those character combinations?	18:56
tiphares	not using regex, just using * for wildcard	18:56
tiphares	i'm awfully worthless at regex	18:57
altice	if you do an "ls TR" does it give you what you want?	18:57
altice	regex is powerful, ESPECIALLY for what your trying to do now	18:57
altice	I'd highly suggest reading up on it, even though there is a steep learning curve at first	18:57
tiphares	yeah i know, i have it on my bucket list:P	18:57
tiphares	i am familiar with it	18:58
altice	haha, should be a little more important than a "kick the bucket" list	18:58
tiphares	heh	18:58
altice	so basically you can use "ls" and wildcards	18:59
tiphares	ls -lad TR	18:59
tiphares	gets me the dirs	18:59
tiphares	i want	18:59
altice	perfect	18:59
altice	now pipe that into a txt file	18:59
tiphares	can i do all of that with a command	19:00
altice	ls -lad TR > output.txt	19:00
altice	yep	19:00
alamar	what is it you want to achieve?	19:00
altice	now you have a new file named output.txt right?	19:00
altice	everything in there you need?	19:00
tiphares	cool that worked out nicely altice	19:00
altice	excellent	19:00
altice	now use Gir's method	19:01
altice	cat list.txt \| xargs mv	19:01
tiphares	linux 101 for dummies atm alamar :P	19:01
tiphares	xargs = ?	19:01
altice	and then mv where you want	19:01
altice	http://www.cyberciti.biz/faq/linux-unix-bsd-xargs-construct-argument-lists-utility/	19:02
alamar	you could just use find for folder(-type d) and -exec mv the {} to the destination	19:02
altice	I'm not familiar with that, alamar, go ahead and walk through that	19:02
=== aurigus_ is now known as aurigus
alamar	find searchpath/ -type d -iname matchme -exec mv "{}" destination/ \;	19:03
alamar	or -name if it shall be case sensitive	19:03
tiphares	so many things in there i have absolutely no clue what is	19:04
tiphares	:D	19:04
alamar	or -regex if you want to use regular expressions for matching	19:04
alamar	well OR you just stick to what you've just been told by altice ;)	19:04
tiphares	i'll write your version down in my notes:p	19:05
=== skrewler_ is now known as skrewler
CrazyGir	I am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 192.168.1.20	19:24
jdstrand	CrazyGir: can you paste your before.rules file?	19:31
alamar	what is this rule supposed to do?	19:32
CrazyGir	sorry, got kicked	19:37
CrazyGir	jdstrand: it's got a lot more in it than I understand	19:37
alamar	then I'll ask again. what is this rule supposed to do?	19:37
CrazyGir	alamar: all I want to do is forward tcp to port X on the br0 interface to a specific IP	19:38
alamar	I do not see any destination nor that you are using the nat table	19:38
CrazyGir	isn't that the DNAT --to-destination <IP> part?	19:39
CrazyGir	I could also rephrase my question..	19:39
alamar	oh sorry I didn't see it when scrolling in my backlog	19:40
CrazyGir	what should my iptables entry look like to ensure port X does to a specific IP?	19:40
alamar	but -t nat is missing	19:40
CrazyGir	is what I have correct	19:40
CrazyGir	ok, so I should add -t nat	19:40
CrazyGir	anything else?	19:41
alamar	iptables -t nat -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination 1.2.3.4	19:41
CrazyGir	I'm adding this to before.rules, from what I have read this is the place to do so?	19:41
alamar	1.2.3.4:9000	19:42
alamar	if you want to work with ufw it probably is	19:42
alamar	(but I don't know what format/syntax/whatever works in there)	19:43
alamar	as I said... layering something above iptables shoots yourself in the foot when you want something more than "port open/closed" ;p	19:43
kirkland	jamespage: ping	19:45
jamespage	kirkland: pong	19:45
kirkland	jamespage: just wanted to touch base with you one more time on hadoop/cdh	19:45
jamespage	kirkland: sure	19:46
kirkland	jamespage: I was asked earlier today if we should target our hadoop packages for Canonical Partner instead of the Ubuntu Archive	19:46
kirkland	jamespage: I didn't know if you had any plans to improve upon the latest state of packages from iamfuzz and negronjl, and try to push them to Universe ...?	19:46
kirkland	jamespage: if not, we're going to be religated to pushing them to Partner	19:46
kirkland	jamespage: I'd like to think that Ubuntu users would benefit from them in Universe	19:47
kirkland	jamespage: but at this point, we'd need a Platform champion to help push that	19:47
jamespage	kirkland: so I want to pickup hadoop/cdh longer term but we need to sort out how we work with upstream first	19:49
jamespage	kirkland: so I think that for this release partner is really the only realistic choice	19:49
kirkland	jamespage: is that attainable for Oneiric?	19:49
kirkland	jamespage: okay	19:49
kirkland	jamespage: that gives me something I can work against, schedule wise	19:49
kirkland	jamespage: we'll target Partner and/or a PPA for Oneiric	19:50
jamespage	kirkland: I think that is the only choice ATM	19:50
jamespage	kirkland: are you going to go with the packages your team has produced or use the upstream distribution packages?	19:51
jamespage	from CDH	19:51
=== CrazyGir is now known as Guest40059
kirkland	jamespage: we haven't made a firm decision yet, but I think we were leaning toward our packaging	19:52
jdstrand	alamar: fyi, ufw uses plain iptables-restore syntax in its rules files	19:52
kirkland	jamespage: do you have an opinion or information to add?	19:52
alamar	jdstrand: from what it looks like there are also different things going on in the files	19:52
jamespage	kirkland: I think working with the upstream CDH packages will give you a smoother line for support/bugs etc...	19:53
jamespage	kirkland: but I have not looked at that packaging	19:53
kirkland	jamespage: interesting, okay	19:53
jdstrand	no. these are just fed into iptables-restore. granted, various chains are setup, etc, but the rules files are no more than straight iptables	19:53
kirkland	jamespage: yeah, i was looking for specific information why one might be better than another	19:53
jamespage	kirkland: well you get better support for older releases but nothing newer than maverick ATM	19:56
jamespage	kirkland: so that might actually answer your question	19:56
kirkland	jamespage: ah, yeah	19:56
jamespage	kirkland: that said they do publish a full suite of hadoop plus friends - http://tinyurl.com/3mkyqtw	19:57
=== koolhead17 is now known as koolhead17\|afk
tiphares	so, can someone tell me where i screwed up the syntax here; cat filename \| xargs mv TARGET	20:18
alamar	tiphares: try mv -t TARGET	20:23
alamar	xargs appends the input to the command string and mv, without specifying it further, treats the last input word as destination	20:23
tiphares	didn't change much	20:25
=== CrazyGir_ is now known as Guest62894
alamar	tiphares: what's the exact problem?	20:27
tiphares	still working on my previous problem	20:28
tiphares	moving certain stuff into a specific folder	20:28
alamar	I meant with the cat X \| xargs mv -t Y	20:28
tiphares	right	20:28
tiphares	it returns this	20:28
tiphares	mv: invalid option -- 'r'	20:28
tiphares	Try `mv --help' for more information.	20:28
alamar	tiphares: try cat foo \| xargs mv -t TARGETDIR --	20:30
Guest62894	when adding the iptables line to before.rules, and then stopping/starting ufw, it freaks with: ERROR: problem running ufw-init	20:30
jdstrand	Guest62894: can you use paste.ubuntu.com and paste your before.rules file?	20:30
Guest62894	bah. I should be CrazyGir..	20:30
alamar	Guest62894: do logs tell you anything more specific? also it wouild be recommendable to paste your before.rules file somewhere	20:31
tiphares	that worked alamar	20:31
tiphares	:S	20:31
tiphares	that seems confusingly random	20:31
alamar	tiphares: pardon me?	20:31
tiphares	adding '--' worked	20:31
Guest62894	there we go :)	20:32
Guest62894	bah!	20:32
alamar	tiphares: "--" prevents anything afterwards from being interpreted as commandline argumeents	20:32
alamar	this works with every command	20:32
alamar	more or less	20:32
alamar	let's say most commands	20:32
tiphares	oh	20:32
=== Guest62894 is now known as CrazyGir
alamar	probably with all commands using getops*	20:33
CrazyGir	there we go :)	20:33
tiphares	i learn something new everytime im here :P	20:33
tiphares	awesome	20:33
Pici	more, less, and most all support that.	20:33
Pici	<.<	20:33
CrazyGir	jdstrand: my before.rules (written by someone else) is quite long, and works fine by itself	20:33
jdstrand	CrazyGir: well, I need to see what you added and where to see what the problem is	20:34
CrazyGir	when I add this line, it fails: -A PREROUTING -i br0 -p tcp -t nat --dport 9000 -j DNAT --to-destination 192.168.1.20:9000	20:34
jdstrand	CrazyGir: a diff of before and after is likely good enough	20:34
CrazyGir	I added it at the end	20:34
CrazyGir	before COMMIT	20:34
alamar	Pici: well as I said most do. but it's probably related to the use of the getopt-family of functions for commandline parsing	20:35
jdstrand	CrazyGir: that is your problem. the before.rules only has the *filter table	20:35
Pici	alamar: I know, was just playing with the words you chose to use to describe that.	20:35
CrazyGir	jdstrand: ah, so I'm a bit confused	20:36
jdstrand	CrazyGir: see 'man ufw-framework', the 'Port Redirections' section	20:36
alamar	CrazyGir: as I understand there are different sections like nat and filter	20:36
CrazyGir	where should I be putting port redirections?	20:36
alamar	within the *nat section	20:36
CrazyGir	okies	20:36
CrazyGir	okies	20:36
alamar	jdstrand: this is by the way what I meant with other stuff in the file ;)	20:37
jdstrand	alamar: it is still all iptables-restore	20:37
jdstrand	you can't mix and match rules for different tables	20:37
alamar	CrazyGir: when you put it in the nat section you will probably not need to refer to the nat table	20:37
CrazyGir	and this is why I love pf	20:37
jdstrand	you need a filter table, and a nat table and the right rules need to go in the right places	20:37
alamar	CrazyGir: you could use iptables directly	20:37
CrazyGir	it's iptables that is nuts :)	20:38
alamar	no it isn't	20:38
CrazyGir	alamar: the 'nat seciton' you are referring to.. is this in before.rules?	20:38
jdstrand	CrazyGir: read the ufw-framework man page like I said :) it has what you need, I promise :)	20:39
jdstrand	EXAMPLES, then Port Redirections	20:39
CrazyGir	jdstrand: yea, I'm ther	20:39
CrazyGir	I see there are 2 things i need for this to work	20:39
CrazyGir	not just the one line I had	20:40
* jdstrand nods		20:40
CrazyGir	:)	20:40
jdstrand	well, this is an example	20:40
jdstrand	it is assuming the firewall is mostly closed, which is why the filter table part is there (ie, as documented, it will work with ufw)	20:40
jdstrand	anyhoo, gotta run	20:41
CrazyGir	not sure I follw you there, but thanks	20:41
CrazyGir	I would call this "mostly closed"	20:41
alamar	before.rules could be added to man 5	20:41
alamar	jdstrand: TIL about iptables-save & iptables-restore; thank you	20:43
hallyn	kirkland: ooh, qemu v0.15.0-rc0 was tagged	20:44
hallyn	updating my main virt laptop to onieric today, then i'll try a sync and see hwo it goes	20:45
CrazyGir	when starting ufw, and it fails, is there a way to get a specific line number that it errored on?	20:46
CrazyGir	ERROR: problem running ufw-init <--- not helpful	20:47
jdstrand	unfortunately, no	20:47
CrazyGir	seriously?	20:47
jdstrand	you can run ufw-init manually	20:47
CrazyGir	ufw disable; ufw-init ?	20:47
jdstrand	/lib/ufw/ufw-init reload	20:47
CrazyGir	kks	20:48
jdstrand	CrazyGir: yes, disable fine. then you will want to update /etc/ufw/ufw.conf manually to 'enable' it, then use ufw-init manually	20:48
hallyn	doh', tehre i ago again, confusing the trees	20:49
hallyn	0.14.1 it is	20:49
alamar	ah so now I understand why you did not like me badmouthing ufw :)	20:49
jdstrand	hallyn: fyi, I uploaded a new qemu-kvm today	20:49
CrazyGir	jdstrand: what do you mean by this? then you will want to update /etc/ufw/ufw.conf manually to 'enable' it	20:50
hallyn	i saw the push.	20:50
jdstrand	hallyn: not sure if 0.14.1 has the fixes or not...	20:50
hallyn	yeah, not sure, but i'll be checking of course	20:50
jdstrand	CrazyGir: ufw-init will short circuit if the firewall is disabled	20:50
hallyn	still hoping 0.15.0 comes out before freeze :)	20:50
jdstrand	CrazyGir: since 'ufw enable' is not working for you, you need to stop the short circuit. that is done by setting ENABLED=yes in /etc/ufw/ufw.conf	20:51
CrazyGir	ah, yes, I have that	20:55
CrazyGir	hrm, ufw-init doesn't like the *nat I included per the manpage	20:57
CrazyGir	before COMMIT	20:57
alamar	you probably really should paste it somewhere	20:58
RoyK	!pastebin	20:58
ubottu	For posting multi-line texts into the channel, please use http://paste.ubuntu.com \| To post !screenshots use http://imagebin.org/?page=add \| !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic.	20:58
jdstrand	CrazyGir: the *nat is after COMMIT	20:58
jdstrand	CrazyGir: see, each table starts with:	20:58
jdstrand	*<table name>	20:58
jdstrand	rules for the table	20:58
jdstrand	COMMIT	20:58
jdstrand	so, you need:	20:59
jdstrand	*filter	20:59
jdstrand	your regular rules	20:59
jdstrand	COMMIT	20:59
jdstrand	*nat	20:59
CrazyGir	ah	20:59
CrazyGir	ok	20:59
jdstrand	your new rules from ufw-framwork for PREOUTING	20:59
jdstrand	COMMIT	20:59
RoyK	does ufw have NAT in recent versions of ubuntu?	21:00
jdstrand	RoyK: not via the cli, no	21:00
RoyK	imho the lack of nat in ufw is a major drawback	21:00
hallyn	only via the gui? :)	21:00
CrazyGir	hah	21:00
jdstrand	hallyn: hah, uuh, no :)	21:00
RoyK	adding nat support to ufw must be a rather tough task - I guess an hour or three for a decent programmer :P	21:01
kirkland	hallyn: neat	21:01
kirkland	hallyn: you merging?	21:02
jdstrand	RoyK: the feature is planned, and I hear what you are saying. it is something I would like myself. that said, the primary audience is for bastion hosts/desktops/server, not for routing firewalls	21:02
hallyn	kirkland: i'll take 0.14.1 tomorrow at least	21:02
jdstrand	RoyK: patches welcome and all that :)	21:02
RoyK	jdstrand: still, quite a lot of people would like to use a server for NATing	21:02
jdstrand	yep	21:02
RoyK	jdstrand: I don't have that need atm, so I don't think I'll spend much time on it	21:02
jdstrand	:)	21:03
CrazyGir	jdstrand: this is going better, but iptables is not happy with the following, is there a way to get more specifics on what it doesn't like? -A PREROUTING -p tcp -i br0 -t nat --dport 9000 -j DNAT --to-destination 192.168.1.20:9000	21:03
alamar	CrazyGir: the "-t nat" is not necessary in this setup	21:03
jdstrand	CrazyGir: get rid of the '-t nat'	21:03
CrazyGir	didn't you tell me to put it in there alamar ?	21:03
CrazyGir	:P	21:03
alamar	CrazyGir: for iptables yes	21:03
jdstrand	CrazyGir: you already specified the table via '*nat'	21:03
alamar	I said iptables ....	21:03
CrazyGir	hah	21:03
CrazyGir	:)	21:03
CrazyGir	ok, much better	21:04
CrazyGir	jdstrand: that makes more sense _now_ ;)	21:04
CrazyGir	slowly piecing together my understanding with iptables here	21:04
CrazyGir	I appreciate the patience	21:04
jdstrand	CrazyGir: if you are going to be fiddling a lot with before.rules, I recommend reading the iptables man page	21:04
CrazyGir	I'm hoping to limit it to this one set of port forwards	21:04
* jdstrand nods		21:05
CrazyGir	these servers are all setup (and actually someone else's responsibility)	21:05
alamar	so stop messing with his fw setup1!!!! ;)	21:05
CrazyGir	I'm responsible for the VMs running on these servers	21:05
CrazyGir	but I'm responsible for the VMs, and he's floating somewhere in some water somewhere in greece	21:06
alamar	CrazyGir: I wasn't serious ;)	21:07
kirkland	hallyn: FYI, I just turned off my email subscription to ~ubuntu-virt's monitored packages (kvm, libvirt, and friends)	21:07
kirkland	hallyn: please explicitly subscribe me to any bug that you'd like my attention to	21:07
kirkland	hallyn: it's been ages since I've needed to do anything on any of those bugs beyond the excellent work that you, mdeslaur, and jdstrand already do	21:07
kirkland	hallyn: so I turned off that swath of bugmail (so I can focus on other swaths of bugmail) :-)	21:08
kirkland	Daviey: ^	21:08
Daviey	kirkland: Yeah, i think we have it covered in ~ubuntu-server, thanks for letting us know.	21:14
kirkland	Daviey: np; never hesitate to subscribe me, if I can help	21:14
* Daviey subscribes kirkland to all bugs :)		21:16
* kirkland runs for cover		21:16
CrazyGir	hah	21:24
hallyn	kirkland: thx for the heads-up. (just left the faraday cage^W^Wporch for a minute :)	22:05
kirkland	hallyn: heh, cool	22:29
kirkland	hallyn: i think my airstream is a faraday cage	22:30
martyn	kirkland : Close to it .. Aluminum isn't known for being radio-transparent	22:38
martyn	kirkland: What's got you in an airstream?	22:38
kirkland	martyn: fun thing to have sometimes	22:39
martyn	Well, sure :) I was wondering if you were travelling...	22:39
martyn	I've gone to various Burning Man related events in an airstream ... it was 60's retro fun :)	22:40
kirkland	martyn: ah, no, not at the moment	22:40
kirkland	martyn: nice; mine's a 1968	22:40
martyn	Hoo .. that's nice	22:40
martyn	Hard to keep the aluminum skins in perfect condition.. but they are wonderful trailers	22:41
martyn	Got a kitchen in yours?	22:41
martyn	(some had 'em, many didn't .. beautiful mini kitchenettes though)	22:41
kirkland	martyn: yup	22:41
kirkland	martyn: it's pretty nice	22:43
=== medberry is now known as med_out
hallyn	oh ffs, i go to all the trouble to instal lwindows so i can install firmware update, and the update fails to install	23:51
* hallyn hates firmware junk		23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!