qman__upstart, by design, fires everything up simultaneously as soon as it can, unless configured dependencies preclude it00:05
qman__so if you depend on something having already been done, you need to configure that in your script00:05
SpamapSsamuelkadolph: startup is emitted at the very very very beginning of pid 1's existence00:07
SpamapSsamuelkadolph: you need to 'start on filesystem' .. not startup00:07
samuelkadolphThat fixed it, thanks qman__ and SpamapS. I am curious about why trying to redirect the io breaks it but not launching the server itself.00:11
minashokryhello everyone, my box has many domains and subdomains on it, I have jenkins running on port 8081. I want jenkins to be accessible only using jenkins.domain.com so that I can set up authentication on this subdomain. I am using apache proxy module for this. now I want to disable accessing it using any other domain by using 8081 port. how can I do this?00:17
samuelkadolphIf you are using ProxyPass then just block 8081 with your firewall or bind jenkins to so only apache can access it00:19
minashokryhow can I do any of these? I tried many things but still failing00:20
samuelkadolphStop unblocking the port with your firewall and if you don't have a firewall, get one.00:21
minashokryI prefer the second solution00:24
minashokrywhen I bound jenkins to, it became not-accessible even from apache00:24
samuelkadolphThen you are using the wrong url00:25
samuelkadolphIf it's http://localhost:8081/ change it to
minashokrythis isn't what I want to do. I want it to be accessible only by using subdomain.domain1.com and not by anything else like domain2.com:808100:26
samuelkadolphThen you have to block external access to 8081 and ProxyPass to localhost:8081 from that domain only00:28
minashokryin my virtual host file of subdomain.domain1.com, I have PassProxy /, and jenkins is bound to now, I see a blank page when requesting subdomain.domain1.com00:31
minashokrythe good news is domain2.com:8081 is giving nothing00:31
samuelkadolphHaving a trailing slash with ProxyPass is very important00:31
minashokryI have it on file, sorry for forgetting it here00:33
samuelkadolphWhat does the error_log say?00:36
=== medberry is now known as med_out
=== kentb is now known as kentb-out
=== Refael is now known as FernandoTertiary
=== RudyValencia- is now known as RudyValencia
twbIs it possible to have mlocate scan the local filesystems daily, but only scan remote (i.e. NFS) filesystems on a Sunday, when the bandwidth spike won't be noticed?03:59
=== cerber0s is now known as cerberos
philipballewi was unable to configure my dchp during the install as i was offline. how can i do that now that i am connected?05:57
=== cerber0s is now known as cerberos
=== smb` is now known as smb
jitshi guys . i have a dual nic system .. one nic is connected to a network with multiple vlans, and other nic is the internet connection .. when the request comes without vlan then it gets to intenret fine, but requests from vlan are not working on most sites..08:20
jitsi believe most sites are not responding to requests with vlan id .. so we need to strip it for requests going out to internet .. how do i do that ?08:21
jitswhere do i set vlan=no for internet connection ?08:25
uvirtbot`New bug: #816313 in openssh (main) ""ssh -b x.x.x.x" or "ssh -o BindAddress=x.x.x.x" does not work." [Undecided,New] https://launchpad.net/bugs/81631309:16
* twb bets triangle routing09:30
twbOh, or he's just not untagging correctly..09:30
tixo5hi, just wondering if anybody has used iRedMail? have any opinions on it ?10:49
tixo5as i am struggling to setup mailserver a little, i mean its running fine but i want virtual users etc10:53
tixo5anyone around that can help with taking a server snapshot ?11:12
alamartixo5: what do you mean by that?11:39
tixo5like some shared hosting providers, allow a server snapshot, like a full image of the server11:40
tixo5im setting up a VPS for first time, and would like to do something similar11:40
tixo5possible to take a full image via shell ?11:40
overrider_I am going to install a minimal x server with fluxbox on my server - is there any way i can prevent apt-get from pulling all the xorg-drivers except the one i really need (intel)? Is that even benefitial in order to keep thinks as light as possible or should i just do the old sudo apt-get install xserver-xorg xserver-xorg-core fluxbox11:46
smbzul, Whenever you get online, could you ping me?11:50
zulsmb: ping i saw the depwait for ipxe i just added it to the seeds11:51
smbzul, Ah ok, then that get sorted already. The other thing I wanted to chat about is your thoughts on the grub config idea11:52
zulsmb: sure11:52
zulsmb: what was the idea again11:53
tixo5whats the best packaged backup solution for ubuntu ?11:53
smbWell basically to have two distinct sets of command line arguments for dom0 kernels and "normal" kernels11:53
smban not the same being used for both as currently11:54
smbAt least I (not sure that is common though) have the problem of using two different console definitions for both11:54
smbWhen I start a normal kernels console=ttyS1 and for xen dom0 its console=hvc011:55
zuloh this is the serial console stuff?11:55
zulyeah im all for it, if you can give me a debdiff for it :)11:56
smbzul, That should be possible. :-P11:56
smbHave not prepared one yet. But basically running it in locally modified environment11:57
zulsmb: sweet....go for it then11:58
tixo5best backup solution for ubuntu server?12:16
tixo5ok thanks ill take a look12:23
tixo5beta software?12:24
tixo5ideally i would like to take the backup via SSH to my local machine12:25
WinstonSmiththey have a stable release12:25
WinstonSmithand it supports ssh, ftp, DAV, etc12:26
alamartixo5: you want a snapshot of the vps?12:26
WinstonSmithyou can also use it with duply http://duply.net/ which is a console frontend12:26
tixo5yes basically12:26
alamaryou could just use lvm snapshots or depending on the vps technology you use vzdump/vzsnapshot for example if it is openvz12:27
tixo5before i wipe it and start again, incase i mess up etc12:27
tixo5yes its openvz12:27
tixo5doesnt my provider need to support that ?12:27
jane-my router says Primary DNS Server Secondary DNS Server ,    how can i know which public dns the ip refers, whats the name of that dns 2. how can i make my own dns and get the list of all the websites of the world?12:27
alamartixo5: .. I thought you were the provider12:27
tixo5jane-: #dns12:27
jpdsjane-: A list of all the websites in the world?12:28
tixo5no alamar i have a VPS container, i have setup everything else myself12:28
tixo5but being the first time i am worried i have done a few things a little messy, so want to start from scratch12:28
tixo5i am unable to take a snapshot or  use the snapshot without my provider supporting that right ?12:29
jane-jpds yes. webs and ips, thats what dns do.12:32
jpdsjane-: Why would you want that?12:32
jane-i want to make my own dns12:32
tixo5jane, you need BIND DNS running12:32
tixo5with a master zone12:32
WinstonSmithjane-: whois for ex. ?12:32
tixo5then add A records and such12:33
jpdsjane-: But you want your own DNS records for every website in the world?12:33
jane-jpds yes.12:34
tixo5what are you on about12:34
shaunothat's "you're crazy" territory.  usually for sites you don't handle, your dns server would query upstream & cache.  trying to take a snapshot of every site in existance would be exceptionally difficult (even if you're google)12:36
tixo5WinstonSmith: that duplicity is meant to backup local systems to another server?12:37
jane-how public dns work then. they have a list. dont they?12:37
tixo5not sure if im right, but all zones are hosted by many servers all over the work12:38
tixo5so com will be hosted12:38
jpdsjane-: No, they query other DNS servers.12:38
WinstonSmithtixo5: not the whole system ( well not partitions) only files. and it can backup locally or remotely (ssh, ftp, dav, etc)12:38
tixo5then the (.)12:38
tixo5WinstonSmith: i sort of want to take a snapshot, is this impossible without support from the VPS provider?12:39
WinstonSmithtixo5: can't help you there, never used VPS.12:39
jpdsjane-: They don't have their own copies for every DNS record in existance.12:39
jane-jpds then who does12:40
jpdsjane-: Noone.12:40
jamespageDaviey: ack a sync for me? (https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/816393)12:40
uvirtbot`Launchpad bug 816393 in tomcat7 "Sync tomcat7 7.0.19-1 (universe) from Debian unstable (main)" [Wishlist,New]12:40
jane-if my router states pri dns and sec dns. that means it goes to that ip and fetchs ips of websites according to their names.... doesnt it ?12:41
jpdsjane-: Yes.12:41
jpdsjane-: And those DNS servers, will forward requests they don't know the answers to, to other DNS servers.12:41
tixo5each zone jane- is hosted by another server12:42
tixo5not always but u get the idea12:42
jane-jpds ok. and those others dns servers can be any in world.. ? isnt there a main   one         dns serveR that has all ?12:42
jpdsjane-: No, they send DNS requests down the chain.12:43
jane-jpds how many are there any way. any gues?12:43
jpdsjane-: . nameservers, go to .com nameservers, which go down to ubuntu.com nameservers, etc.12:43
GreenDanceHi, I have a server which is shared between me and others, (my server), I allow them http://mydomain/theirsite, but how can I stop the users from looking at eachothers files, uploading a php directory listings allows access to others files /site1/ /site2/ etc.12:43
jpdsjane-: What exactly are you trying to accomplish?12:44
tixo5GreenDance: are you using virtualhosts?12:44
GreenDancetixo5 yes12:44
tixo5each user is a unix system user?12:45
tixo5or all the same user12:45
tixo5as thats probably your issue12:45
jane-jpds just studing, and may be ill make my own dns12:45
jane-small one12:45
GreenDancetixo5, same users12:45
jane-are they all legitimate dns servers, and what if i want to make my own, bind dns resolver ?  ill need a list of ip names and corresponding names , how can i get it ?12:46
GreenDancetixo5, same user*12:46
jane-jpds ^12:46
GreenDancei think12:46
GreenDancetixo5: if I create a unique linux user for each person, would that work?12:47
tixo5well if you want different permissions i would use different users per/site12:47
tixo5yes, there is probaably other ways12:47
tixo5you could create virtual users using a mysql backend12:47
tixo5well my mailserver's users are stored in a database12:48
tixo5so i dont see why not12:48
jpdsjane-: Install bind9 on a machine somewhere?12:48
tixo5jpds that was my original reply12:49
jpdsjane-: https://help.ubuntu.com/10.04/serverguide/C/dns.html12:49
tixo5jane-: #dns will me more help12:49
tixo5jane-, i am running BIND on my server12:51
tixo5i host my own DNS records12:51
tixo5somebody else hosts the (.) and (com)12:51
tixo5you may need your domain registrar to add a 'glue record' to the (.)12:52
KurisutianHey guys! Maybe somebody in here can help me with this: When logging in to my ubuntu server, the appearing statistics summary page shows the /home directory instead of the root directory... unfortunately I have no clue how to change that... does anyone know where I can do that?12:52
jane-tixo5 is it possible to make a new domain , e.g not .com  but .moc  ?12:53
tixo5as far as i am aware12:54
tixo5there are 'bodies' that govern things like that12:54
tixo5the internet would become a crazy place is that was possible12:54
PiciICANN has allowed generic TLDs to be registered, but it costs a prohibitive amount of money to do so.12:55
tixo5money is the solution to most things, in this context ill stick with it not being possible12:55
jane-tixo5 if i make a list of .moc and supose some people make my server as their pri dns. then they can see a different google.moc   ?12:55
tixo5again jane, for 5th time your better off asking in #dns12:56
Kurisutiannobody knows where to change the information on the login summary page?12:56
smoserlynxman, around ?13:06
adacguys, how to add a system user on command line?13:15
j3rothKurisutian, you want to change th motd that displays on login?13:15
WinstonSmithadac: man adduser13:17
j3rothadac: Correction: man useradd13:17
WinstonSmithboth should work13:18
uvirtbot`New bug: #816414 in nut (main) "[MIR] nut (nut-doc, nut-client, nut-server)" [Undecided,New] https://launchpad.net/bugs/81641413:36
lynxmansmoser: here13:43
tixo5rsync'ing / root is a bad idea?13:43
smoserlynxman, i put one question in the merge proposal, but then i had some others.13:45
lynxmansmoser: shoot13:45
lynxmantixo5: it normally is13:45
smosertixo5, rsyncing it to another system, or carefully to another drive will work, though capturing the state of a live filesystem is less than ideal.13:46
smoserlynxman, i had intended that "include_once" would be really just "download_once"13:46
tixo5i was trying to backup to my local machine over ssh but obviously cant use root as ive disabled login, so need to setup the daemon13:46
smoserbut you implemented as "include_once".13:46
tixo5is there any other better backup solutions to images the partition of my VPS13:46
tixo5guess that impossible13:46
lynxmansmoser: it is download once as far as I see it13:47
lynxmansmoser: yeah, wasn't that what we agreed the naming convention would be? :)13:47
smosertixo5, rsync is probably reasonable. you *can* still use rsync as root.13:47
Davieysmoser: wait what.. you are advocating using rsync as root?13:47
tixo5can from the system13:48
tixo5but not remotely13:48
smoserin order to read files that are root-protected that is generally required.13:48
tixo5i was looking more for a VPS snapshot13:48
tixo5this cant be done from within the system right ?13:48
smosertixo5, you can do it, you just have to have rsync client tell the server to use a different "rsync client"13:49
smosersee man page13:49
tixo5rsync is totally different to snapshot though13:49
smoserwhere my-rsync has something like: exec sudo rsync "$@"13:49
tixo5i want an image of my VPS ideally13:49
Davieysmoser: i think we need a rsync-rootwrap.13:49
smoserwe do indeed.13:49
smoserwe need more setuid executables i think13:50
smoserlynxman, hold on13:50
lynxmansmoser: holding on :)13:50
tixo5smoser: if i rsync'ed /,   installed fresh OS and restored13:50
tixo5everything wouldnt work right ?13:50
smosertixo5, well, probably would. or very close.13:51
smoserbut i would be surprised if there werent some issues.13:51
tixo5so, i am looking for a solution like VPS snapshot13:52
smoseror at least would not be surprised if there were some issues13:52
tixo5is that impossible without admining the dedicated server my VPS is on ?13:52
smosertixo5, you'd run into the same sets of issues (at least some of them) with block level13:52
smosersome would be different13:52
smoseryou need to sync the filesystem to the block device (fs_freeze) before you snapshot13:53
tixo5most VPS providers alllow snapshot images to be created, and restored13:53
smoserbut then, you still get a "live" filesystem.13:53
smoserwhen you start form that live filesystem, at very least that volume will be dirty and need fsck (maybe fs_freeze woudl handle that... id don't know)13:53
smoserits the same as if you lost power13:53
smoserwhich *normally* is fine13:53
tixo5so your basically saying theres not much different between using rsync, and a VPs providers snapshot of the system13:54
tixo5wish my provider allowed for offsite images to be taken13:55
tixo5dont see why that would be so difficult13:55
smoserlynxman, if os.path.isfile(includeonce_filename): continue13:55
tixo5thanks for help anyway13:55
smoserblock level snapshots are more complete than filesytem level13:56
smosermore complete == safer13:56
tixo5and its impossible for me to do that from my VPS?13:56
smoserfor instance, some things that rsync would not pick up are your filesystem UUID or LABEL13:56
smoserwhich may exist in /boot/grub/grub.cfg13:56
smoserif not restored, your system might not reboot.13:56
tixo5leaving it pretty painful to backup/restore13:57
lynxmansmoser: that's what I do, I just name it a bit differently13:58
smoserblock level is going to be safer. filesystem level is going to be smaller.13:58
smoserneither are perfect.13:58
smoserperfect is shutdown, snapshot, start13:58
tixo5i can do block level?13:58
smoserwell, you can...13:58
tixo5shutdown, snapshot is what i want to do13:59
smoserdd if=/dev/sda of=- | ssh system 'dd > disk.img'13:59
tixo5but i have not got those features in my client panel so i cant do it right?13:59
smoseri'm really not very familiar witih vps's, but it sounds reasonable that they do not hvae block level snapshots exposed to you.13:59
tixo5most do, but mine is cheap :)14:00
smoserlynxman, ^14:02
lynxmansmoser: replied to you in the middle of the rsync thread :D14:07
smoserlynxman, right. you 'continue'14:08
smoserso you never process that include again14:08
lynxmansmoser: hence include-once14:09
smoseri would have preferred "download-once"14:09
smoserto suffice for the one time url14:09
smoseri dont see a real-need for process-once14:09
smoseras most things are 'per-instance' anyway14:09
smoser(ie, your mcollective stuff is per-instance)14:09
lynxmansmoser: for certs for example makes sense, that's what I had in mind14:09
smoserwhy does it make sense?14:10
smoseryou have other controls over whether or not to act on the data more than once.14:10
smoseri think the data should be present to cloud-init so it *could* act on it14:10
smoserif it was a module or soemthing that should be acted on every time14:10
lynxmansmoser: hm okay let me paint you an scenario14:10
lynxmansmoser: you get temporary certs, which mcollective uses to connect to a provisioning collective, then it gets fed new certs for the "global" collective once its authenticated and properly provisioned14:11
lynxmansmoser: that is actually the scenario I had in mind, in this scenario I just need these certificates once, and that data should not be acted upon ever again, if so it'll reset the machine status14:11
smoserlynxman, thats fine14:15
smoserthat situation works fine14:15
smoseryou can process that hunk multiple times14:15
smoserbecause mcollective module only runs per_instance14:15
smoserwhich means once (the first boot)14:15
smoserno side effects will occur the second time14:15
robbiewzul: ping...I got 10 pandaboards...how many you need for OpenStack on ARM testing :P14:17
zulrobbiew: one would be good14:17
* RoAkSoAx would like one if there's one to spare :)14:19
robbiewRoAkSoAx: yeah...I think I can swing that14:19
smoserlynxman, i have this suggested change: http://paste.ubuntu.com/652442/14:19
RoAkSoAxrobbiew: cool thanks ;)14:19
robbiewzul: so is it possible to have OpenStack installed across multiple pandaboards...with only LXC14:20
robbiewi.e. multiple compute nodes14:20
zulrobbiew: it should be able...maybe two then14:20
robbiewzul: ;)14:20
lynxmansmoser: well if you wish that feature instead of mine, sounds good :)14:21
lynxmanrobbiew: can I have one? I promise to feed it nicely14:21
smoseri think its generally a superset of function14:21
lynxmanrobbiew: :D14:21
lynxmansmoser: fair enough :)14:21
smoserthe other question i had, lynxman14:21
smoserthe private key should be 0600 right?14:22
lynxmansmoser: hm I think so, wasn't sure so I didn't implement it yet14:22
lynxmansmoser: wanted to test it first once merged and then make the change if needed14:22
lynxmansmoser: but it makes sense14:22
smoserlynxman, you know, you are allowed to test things *before* i merge them14:23
smoserits even generally smiled apon14:24
lynxmansmoser: lol ;) I normally do14:24
lynxmansmoser: this one is highly experimental though14:24
smoserwell, can yo udo 2 things for me14:25
smoseri will push a brnach with some changes to your code14:25
smosercan you build it and test it?14:25
smoserlynxman, lp:~smoser/cloud-init/include_once_and_mc_cert14:26
lynxmansmoser: will give it a shoot14:26
robbiewRoAkSoAx: hey...interested in getting cobbler to work with ARM images?14:27
RoAkSoAxrobbiew: though that zul already had that working..14:29
RoAkSoAxzul: ^^14:29
robbiewRoAkSoAx: nope14:29
RoAkSoAxrobbiew: yeah why not14:30
zulRoAkSoAx: the ground work is there already just needs to be followed through14:30
RoAkSoAxzul: cool ;)14:30
* smoser re-reads above, and for the 4.23e8'th time he realizes he may have sounded rude.14:31
smosersorry, lynxman14:31
lynxmansmoser: no worries, really14:31
robbiewRoAkSoAx: cool, thx...then will send you 2 boards ;)14:32
RoAkSoAxrobbiew: hehe ok ;)14:32
Davieyzul / RoAkSoAx: they need to work with u-boot PXE loader, and be as ready as possible to work with native PXE booting.14:33
zulDaviey: agreed14:33
Daviey(might need to use NCommander for support on that)14:33
hggdhoh, NCommander has been package for Ubuntu?14:42
robbiewRoAkSoAx: send me an email with your mailing address and phone, and I'll handle the rest14:42
robbiewsmoser: interested in a panda board?14:42
* NCommander apt-get instakk's himself14:42
hggdhheh. BTW, NCommander, thank you for rooting my android, works perfectly :-)14:43
RoAkSoAxrobbiew: will do14:43
smoserRoAkSoAx, i'm not un-interested.14:44
smoseri would plug one in and give it a try.14:44
robbiewsmoser: cool14:44
robbiewsmoser: can you shoot me an email with your address and phone...I can take care of the rest14:45
* robbiew notes he should have this...but won't "go there"14:45
fullstopThe heartbeat + pacemaker in ubuntu-server 10.04.. is this a long-term cluster plan for ubuntu or are they moving elsewhere?15:07
smoserutlemming, https://gist.github.com/110045815:09
utlemmingsmoser: nice :)15:10
apwkirkland, hey ... i have an external usb drive on a server that i'd like to be a luks encrypted volume, got any experience of monting those during boot ? and i'd like to have it15:18
=== med_out is now known as medberry
kirklandapw: I don't, but kees does15:24
kirklandapw: kees uses a usb drive just like that15:24
lsheebaKind attention please , im getting shell booters and host booters hitting my server , how can i trace whos doing it and how can i stop them15:37
lsheebaand is their some kind of special support for such problems , that im willing to be greatful in paying the sum of hes help knowledge15:38
=== andreas__ is now known as ahasenack
alamarlsheeba: what are shell and host booters?15:44
lsheebaIt consists of some php flooding shells and a gui.15:44
lsheebathe gui pings the shells and gives them a command to flood a certain IP15:44
lsheebasince the shells can be on servers with high bandwidth connections, it can be a powerful flooding method.15:44
lsheebait hurts my servers badly , all of my local network cant ping the server then15:45
zuler...turn it off then?15:45
alamarso block their ips and try to get upstream to nullroute them15:45
lsheebatheir offline15:45
lsheebaim on my personal pc running ubuntu 11.04 desktop15:45
kim0Howdy folks, Ubuntu cloud days (day-2) starting in #ubuntu-classroom on the hour .. see you there15:45
lsheebaive blocked all oversea's ip's and allowed local ip's only and still how do they get access ?15:45
alamar(and in addition contact the hoster's abuse department of the infected servers)15:45
lsheebaim running a small GSP15:46
lsheebawith a static ip that i have purchased15:46
tixo5arent meant not to be tracked15:47
tixo5they use shells hosted on other servers that have been hacked15:47
* tixo5 shows his blackhat side :(15:47
lsheebacyber crime department  didnt help much , well didnt help at all15:47
tixo5i gave you your answer15:48
lsheebaany solution?15:48
tixo5a WAF?15:48
tixo5or ddos module for apache15:48
thisismygameHello, is anyone here familiar with mdadm raid arrays? I just got the mdadm alert email saying a drive was removed from the array. It is now marked as faulty. I was curious if there is any way to see a log of when/where/how this happened?15:48
lsheebado u know of any specialized guru who will accept a payment to perform our security liabilities for this GSP , personal-aid not an organizational request because then we couldve gone for expensive firewall hardwares15:49
thisismygameFurther, I am curious if anyone can help with replacing the failed drive with a new drive. The new drive will be a new model and likely new make. Which specs are necessary to be consistent among hard drives across mdadm raid arrays?15:50
tixo5i do penetration testing, securing servers it not my area, although i know a decent amount15:50
tixo5i have work shortly but i will add you incase i can help15:50
lsheebaThanks a bunch15:50
StevenRthisismygame: one thing at a time. Review the system logs at the time of the alert15:50
jpdslsheeba: Rate-limit network traffic on a per-IP basis?15:51
lsheebai theory the problem of other gsp's here attacking me because of my price range in cost per slot15:51
lsheebajpds, ive tried that , and it puts pressure in hogging the router's cpu " 100% "15:52
thisismygameStevenR: I just looked at dmesg and /var/log/messages. dmesg has nothing related, and /var/log/messages, is, from what I can tell, empty. :o15:53
StevenRthisismygame: /var/log/syslog15:53
RoyKtixo5: what do you use? openvas?16:00
tixo5for pentests?16:00
tixo5many many many tools16:00
tixo5i specialise in web app security16:01
tixo5trying to go for a niche :)16:01
RoyKany tool in particular?16:01
tixo5not being a large company i cant afford the larger tools like webinspect16:01
* RoyK has a scan running with openvas against his office computers16:01
tixo5openvas and such are only good for finding outdated packages rly,16:02
tixo5thats all it really does16:02
tixo5compares versions16:02
RoyKI know16:02
RoyKthat's why I wondered about other tools, specifically for probing webapps16:02
tixo5webapps, opensource like w3af16:03
tixo5not a bad framework, quite buggy atm though16:03
RoAkSoAxDaviey: ping16:03
tixo5there is a distro called 'Samurai' that has some really nice tools, just waiting on their 11.04 ubuntu update, as jaunty is  pain for me16:03
RoAkSoAxDaviey: /win 2216:03
tiphareshow can i merge 2 folders in ubuntu?16:04
RoyKtiphares: rsync?16:05
RoyKor what do you mean 'merge'?16:05
DavieyRoAkSoAx: o/16:05
RoyKunison perhaps16:05
RoAkSoAxDaviey: i'll ping you again after the meeting ;)16:05
tipharesi have 2 folders, 1 contains a,b,d, folder 2 contains b,c,d, and i want to marge them into ONE folder, containing a,b,c,d16:06
DavieyRoAkSoAx: cool16:06
RoyKtiphares: rsync -avP folder1/ folder2/ newfolder16:07
RoyKtiphares: that won't help you with collisions, though, the data from folder2 will overwrite whatever came from folder1 (or was it the other way around?)16:07
tipharesdoesn't matter which ones overwrite the other16:08
thisismygameStevenR: oh, they moved it. yea this has some relevant info. Buffer I/O error, dev sda, sector 016:08
tipharesas they both contain some of the identical files16:08
tixo5why cant you just copy16:08
tixo5move* sorry16:08
RoyKtiphares: then just rsync, or as tixo5 said, copy or move - but rsync may be easier16:08
tixo5depending on size rsync will be better16:08
RoyKtiphares: if you have f1 and f2 and you want all in f2, cd f2; rsync -avP ../f1/. .16:09
tipharesoke, never used rsync, i'll check it out thanks16:09
tixo5tiphares: it sounds like your over compicating somwething :P16:10
tixo5o god16:10
tipharesyeah i don't know16:10
tipharesi'm a noob16:10
RoyKtixo5: rsync isn't really complicated, though :)16:10
tipharescoming from windows; when i have 2 folders named pictures, with some of the same files in them, i can just drag and drop either folder and "merge" it with the other one16:10
tipharesthat's what i want to do16:11
tipharesthough, using a shell, of course16:11
RoyKtiphares: mv f1/somedir f216:11
tiphareswhat happens when some files conflict then?16:11
RoyKjust use rsync16:12
RoyKit's the easy way16:12
tipharesi'm confused :(16:12
RoyKor cp -R f1/* f216:12
RoyKtiphares: the unix way: There's More Than One Way To Do It16:12
tipharescopying files wont really merge though16:13
RoyKtiphares: cd f2; rsync -a ../f1/. .; cd ..16:15
thisismygameStevenR: I think we can call this drive deceased.   http://pastebin.com/4JW5qT4j16:15
RoyKtiphares: then remove f116:15
RoyKor something16:16
tipharesthing is i have limited space, and the folders i want to merge are pretty big16:16
tipharesbut ye16:16
tipharestrying out some of the stuff now16:16
tiphareskind of overwhelmed with alternatives16:16
tipharesrsync man page is like a book though16:17
RoyKjust use -a16:17
RoyKthat'll cover most of what you need16:17
RoyKadd -v to make it verbose16:18
tipharesi'd like to know what it does before i use it:p16:18
RoyK-P isn't needed16:18
RoyK-a == --archive => keeps all sorts of attributes, ownership etc16:18
tipharesah i see16:19
tiphares-v = verbose = ?16:19
RoyK-P is --partial --progress16:19
tipharesdno what verbose means :(16:19
RoyK--partial won't be needed unless working with BIG files locally, but -P is short and adds verbosity :P16:19
RoyKverbose == noisy16:20
RoyKverbose != quiet16:20
tipharesyeah alright now you lost me completelyt16:20
Piciverbose means it is going to tell you about every action it does.16:20
tipharesah like logging16:21
StevenRthisismygame: looks kinda that way, yes.16:21
StevenRthisismygame: I think you need to tell mdraid to remove it, and then add another drive.16:21
tipharesrsync man page is 2642 lines16:22
tipharesthat's madness16:22
StevenRtiphares: why is it madness?16:22
RoyKDora:~ roy$ man rsync | wc -l 356216:23
RoyKthat is - wc -l returned 3562...16:23
RoyKtiphares: there's no need to read it all16:23
tipharesno that's why i'm here16:24
RoyKagain, -avP will be quite sufficient16:24
tipharesi get you16:24
RoyKcd /target/dir/whereever/it/is and rsync -avP /source/dir/ .16:24
tipharesjust trying to figure out what it's actually doing16:24
RoyKmake sure you add the / at the end of source dir - otherwise it'll create the sourcedir in your dir16:25
RoyKyou can move that out later, of course...16:25
RoyKso /source/dir/ means /source/dir/* (except /source/dir/* won't move 'hidden' files starting with .)16:26
RoAkSoAxDaviey: ok16:50
DavieyRoAkSoAx: Hey!16:50
RoAkSoAxDaviey: howdy ;)16:50
DavieyRoAkSoAx: What is the status of redhat-cluster?16:50
RoAkSoAxDaviey: as in?16:51
RoAkSoAxDaviey: redhat-cluster is soon to be dead16:51
DavieyIt seems it might uninstallabale16:51
RoAkSoAxDaviey: is there a bug #16:51
RoAkSoAxDaviey: cause last time I check it was16:52
DavieyRoAkSoAx: no, i litterally just checked the REPORT16:52
RoAkSoAxDaviey: link16:52
Davieywow, i can't spell today16:52
RoAkSoAxDaviey: will take a look at it16:53
RoAkSoAxDaviey: just installed it and didn't receive any failures16:54
DavieyRoAkSoAx: same here, best i can think is main/universe mistmatch?16:55
RoAkSoAxkages could not be authenticated16:55
RoAkSoAxDaviey: maybe it is a sources mistmatch as when I first tried to update it showed something that some packages couldnot be authenticte16:56
RoAkSoAxDaviey: but was resolved by sudo apt-ge tupdate16:56
DavieyRoAkSoAx: lets spend no more time on it, and see what the cdimage shows tomorrow16:56
RoAkSoAxDaviey: yeah16:56
RoAkSoAxDaviey: anyways, I wanted to talk about bug #78926616:56
uvirtbot`Launchpad bug 789266 in cobbler "Cobbler: Missing yum-utils & other cobbler related utils" [Wishlist,Triaged] https://launchpad.net/bugs/78926616:56
RoAkSoAxDaviey: according to what I can see, yum-utils Depends on yum16:57
RoAkSoAxDaviey: do we really want to install yum in our systems?16:57
DavieyRoAkSoAx: ok16:57
RoAkSoAxDaviey: when deploying cobbler?16:57
RoAkSoAxDaviey: (note that for reference I'm checking the spec file for yum-utils which depends on yum)16:57
Davieymakes sense16:57
RoAkSoAxDaviey: do we really want that?16:58
RoAkSoAxdo we really need yum to be installed?16:58
RoAkSoAxDaviey: and packaging yum-utils will also mean packaging python-kitchen16:59
DavieyRoAkSoAx: oh golly.17:00
DavieyRoAkSoAx: Do we really need yum to be entirely installed for this basic support of it?17:01
RoAkSoAxDaviey: as I can see in the "reposync" binary, yes we do:17:01
RoAkSoAxfrom yum.misc import getCacheDir17:01
RoAkSoAxfrom yum.constants import *17:01
RoAkSoAxfrom yum.packageSack import ListPackageSack17:01
RoAkSoAximport rpmUtils.arch17:01
DavieyRoAkSoAx: Have you taken a sniff to see how much effort is involved in just the python bindings?17:03
DavieyI suspect they will suck without the world() avaliable, but i wonder if they provide enough just for basic support?17:04
RoAkSoAxDaviey: no I havent but from what I can see, there's lots of stuff that access yum modules17:05
RoAkSoAxand databases and stuff17:05
RoAkSoAxDaviey: so my wild guess is that it would need a great deal of tweaking for basic support17:06
DavieyRoAkSoAx: I'm hessitant to suggest just ripping out the rpm support.17:06
RoAkSoAxDaviey: I can just go ahead and finish packaging yum-utils to have it on archives17:06
RoAkSoAxDaviey: make it depend on yum17:06
DavieyI don't think Orchestra should just provide ubuntu/debian support :(17:06
RoAkSoAxDaviey: and then see what happens17:06
DavieyRoAkSoAx: sounds good to me.17:06
DavieyI think time investigating viablity is worth it.17:07
Davieyat least we've tried to support it that way17:07
RoAkSoAxDaviey: yeah and it doesn't really hurt having yum-utils in the archives, since we have yum already17:07
DavieyRoAkSoAx: GPWM17:09
kirklandDaviey: for our first rev, i think we need to get ubuntu/debian support "right" and working well17:11
Davieykirkland: totally agreed.17:12
kirklandDaviey: and i think we can do that without being evil or hostile toward other distros17:12
kirklandDaviey: s/can/should/ :-)17:12
Davieykirkland: which is what we are doing :)17:12
kirklandDaviey: \o/17:12
=== andreas__ is now known as ahasenack
alticeanyone using TACACS+?17:47
alticeI am having trouble compiling from source17:47
alticeand also it has long been since removed from the Repos17:47
fullstopaltice: I am.18:04
fullstopaltice: ftp://ftp.shrubbery.net/pub/tac_plus/tacacs%2B-F4.0.4.19.tar.gz18:05
fullstopand I just did ./configure to prepare it for install.. but this was a long time ago -- there is a chance that I slightly changed the source and do not remember.18:05
alticeyea that's what someone suggested18:06
alticeI saw someone elses insights on that18:06
alticehowever, they did not apply to the errors I was getting18:06
alticeI'm talking now with developers to see about getting this put into the repo after I get it figured out and working18:07
fullstopaltice: what errors?18:07
fullstoperrors building or running?18:07
alticeI upgraded some in house servers to ubuntu 10.04 LTS18:09
alticeand I have to compile from source again for TACACS18:09
alticefullstop: here's a pastebin of the output from makefile18:10
fullstopaltice: one moment.. let me see if mine still builds.18:16
fullstopaltice: here is my full build output: http://pastebin.com/dEebuV4k18:17
fullstopI am x86_6418:18
fullstopAlso 10.04 LTS18:19
alticeI believe mine are xenon cores, i68618:20
alticewhat version of tacacs did you use?18:20
fullstopThe same version I sent in the link above..18:20
fullstoptac_plus version F4.0.4.1918:20
fullstopYou are not trying to make -j 4 or anything, right?18:21
alticeyou sent a link?18:21
alticeor you mean my link?18:21
fullstopno, I sent a link to the tac_plus source18:21
fullstopthat's the one I am using18:21
alticeohhh, psht gah, completely missed that18:21
alticeyea I'm using the same ver18:21
fullstopcan you make clean and pastebin the output from a fresh make?18:22
alticefrom the same source (shrubbery)18:22
alticesure thing18:22
fullstopI went through the trouble of setting up tac_plus purely so I could restrict access to the ASA for the rancid process.18:22
fullstopOther than that, I just have to trust myself with the ASA.  ;-)18:23
alticelol, to be honest with you fullstop18:23
alticeI have no idea what you just said ;)18:23
alticeI know tacacs+ purly from a AAA standpoint and cisco gear18:23
alticeauthorization, access, accounting18:24
fullstopI wanted to set up RANCID (also from shrubbery), but I wanted to restrict the rights of the RANCID user.18:24
alticenever read into that, what is it used for?18:24
fullstoprancid periodically pulls the running configuration of network equipment and puts them in version control.18:25
alticemine is all based on access to network equipment. Who can log in, what commands they can use, and keeping a record of what config changes were done18:25
fullstopIt lets you keep track of changes18:25
alticeo0o0o really?18:25
altice:) I might want to look into that18:25
fullstopYes, that's what I use tac_plus for as well, but just to restrict access for the process that gets the configurations.18:26
alticeI'll write that down, RANCID might be useful in the future.18:26
fullstopThere's a fork of RANCID which will let you use git as your backend if that's your thing.18:26
alticemy punch list is starting to get huge.......18:26
alticehonestly, I don't do enough development work to be sold on using git18:26
alticefullstop: okay I have the make file pasted, the whole ong18:33
alticefullstop : http://pastebin.com/DRFmEbjt18:33
fullstopaltice: try just "make" instead of "make tac_plus"18:34
altice;) no way it was really that simple18:38
alticewtf mate18:38
alticethanks for your help18:41
fullstopno problem.  Have fun!18:41
alticeI'm still going to push to have this included in the repos18:41
fullstopIt wouldn't be a bad idea.  It took me a while to find the source.18:42
tipharescan rsync only copy stuff from a to b, and not move stuff?18:45
CrazyGirit "syncronizes"18:45
genii-aroundIf you're moving stuff thats not really synchronising....18:45
alticetiphares: have you read through the man pages and examples for rsync?18:46
alticeit should explain it18:46
tipharesman pages for rsync are massive, so i thought i'd ask18:46
alticeit's kind of like updating backups of files, you only care about recent stuff18:46
alticesure sure18:46
tiphareswhat's the point of this channel if people can't ask about stuff18:46
alticehey hey, don't get offended18:46
alticejust wanted to mention that the resource was available18:47
tipharesi'm not, just sayin :>18:47
tipharesi found the mv tool insufficient18:47
tipharesso looking for alternatives18:47
CrazyGirtiphares: I generally start with questions, get them answered in the manpages, get new questions from reading the manpage, then experiment and ask for hlep18:47
CrazyGirtiphares: what are you doing that mv is not sufficient?18:48
tipharesi'd like the option to exclude stuff from moving18:48
tipharescouldnt' figure out how to do that with mv18:48
CrazyGirI am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination
CrazyGirtiphares: this is unix, you combine tools18:49
CrazyGirso use find or something (to create the list you want) and then run through xargs with mv18:49
alticeor write a script to do your dirty work18:49
CrazyGirOR, create a list of files in txt, and cat this to xargs18:49
alticeyou can use grep to filter out things you want18:50
CrazyGireg, you can do all sorts of things here :)18:50
alticealso true18:50
CrazyGirsmall utilities to do specific things, combined in the ways that you need18:50
alticepower of unix tools18:50
tipharesyeah i'm aware of that i can make this happen with scripts18:50
CrazyGiryou don't need scripts18:51
tipharesbut i'm sorta new to nix, and wondered if there's pre defined tools to do this18:51
CrazyGircat list.txt | xargs mv ...18:51
CrazyGircreate that list however you need to18:51
alticeyep, listen to Gir, that's a good method to approach this18:52
tipharesi'm confused :(18:53
alticemake a list of the file names your trying to move18:53
alticehehe yes that or do it a more elegant way18:53
tipharesmay i ask for some input there18:53
alticeokay so.......first things first where are the files located18:53
alticeall in one folder?18:53
alticek good18:54
alticewe can generate a list18:54
alticeeasier since it's in one folder18:54
alticeare there similar strings of letters that you want to move and some you dont?18:54
alticei.e.........all the files that begin with 'erg'?18:55
alticegive me an example?18:55
tipharesT*R* is the stuff i want to move into another folder18:55
alticeso begin with T<anything>R<anything> ?18:56
tipharesor actually, i want to move anything but T*s.A*18:56
tipharesbut yeah, can start off simple18:56
alticeokay so are you using regular expressions? do you understand those character combinations?18:56
tipharesnot using regex, just using * for wildcard18:56
tipharesi'm awfully worthless at regex18:57
alticeif you do an "ls T*R*" does it give you what you want?18:57
alticeregex is powerful, ESPECIALLY for what your trying to do now18:57
alticeI'd highly suggest reading up on it, even though there is a steep learning curve at first18:57
tipharesyeah i know, i have it on my bucket list:P18:57
tipharesi am familiar with it18:58
alticehaha, should be a little more important than a "kick the bucket" list18:58
alticeso basically you can use "ls" and wildcards18:59
tipharesls -lad T*R*18:59
tipharesgets me the dirs18:59
tipharesi want18:59
alticenow pipe that into a txt file18:59
tipharescan i do all of that with a command19:00
alticels -lad T*R* > output.txt19:00
alamarwhat is it you want to achieve?19:00
alticenow you have a new file named output.txt right?19:00
alticeeverything in there you need?19:00
tipharescool that worked out nicely altice19:00
alticenow use Gir's method19:01
alticecat list.txt | xargs mv19:01
tiphareslinux 101 for dummies atm alamar :P19:01
tipharesxargs = ?19:01
alticeand then mv where you want19:01
alamaryou could just use find for folder(-type d) and -exec mv the {} to the destination19:02
alticeI'm not familiar with that, alamar, go ahead and walk through that19:02
=== aurigus_ is now known as aurigus
alamarfind searchpath/ -type d -iname *matchme* -exec mv "{}" destination/ \;19:03
alamaror -name if it shall be case sensitive19:03
tipharesso many things in there i have absolutely no clue what is19:04
alamaror -regex if you want to use regular expressions for matching19:04
alamarwell OR you just stick to what you've just been told by altice ;)19:04
tipharesi'll write your version down in my notes:p19:05
=== skrewler_ is now known as skrewler
CrazyGirI am trying to forward several ports on a VM server to specific VMs (running ubuntu 10.4). I found some IPTables notes and came up with the following, but ufw seems to fail when I put this in before.rules and restart ufw: -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination
jdstrandCrazyGir: can you paste your before.rules file?19:31
alamarwhat is this rule supposed to do?19:32
CrazyGirsorry, got kicked19:37
CrazyGirjdstrand: it's got a lot more in it than I understand19:37
alamarthen I'll ask again. what is this rule supposed to do?19:37
CrazyGiralamar: all I want to do is forward tcp to port X on the br0 interface to a specific IP19:38
alamarI do not see any destination nor that you are using the nat table19:38
CrazyGirisn't that the DNAT --to-destination <IP> part?19:39
CrazyGirI could also rephrase my question..19:39
alamaroh sorry I didn't see it when scrolling in my backlog19:40
CrazyGirwhat should my iptables entry look like to ensure port X does to a specific IP?19:40
alamarbut -t nat is missing19:40
CrazyGiris what I have correct19:40
CrazyGirok, so I should add -t nat19:40
CrazyGiranything else?19:41
alamariptables -t nat -A PREROUTING -i br0 -p tcp --dport 9000 -j DNAT --to-destination
CrazyGirI'm adding this to before.rules,  from what I have read this is the place to do so?19:41
alamarif you want to work with ufw it probably is19:42
alamar(but I don't know what format/syntax/whatever works in there)19:43
alamaras I said... layering something above iptables shoots yourself in the foot when you want something more than "port open/closed" ;p19:43
kirklandjamespage: ping19:45
jamespagekirkland: pong19:45
kirklandjamespage: just wanted to touch base with you one more time on hadoop/cdh19:45
jamespagekirkland: sure19:46
kirklandjamespage: I was asked earlier today if we should target our hadoop packages for Canonical Partner instead of the Ubuntu Archive19:46
kirklandjamespage: I didn't know if you had any plans to improve upon the latest state of packages from iamfuzz and negronjl, and try to push them to Universe ...?19:46
kirklandjamespage: if not, we're going to be religated to pushing them to Partner19:46
kirklandjamespage: I'd like to think that Ubuntu users would benefit from them in Universe19:47
kirklandjamespage: but at this point, we'd need a Platform champion to help push that19:47
jamespagekirkland: so I want to pickup hadoop/cdh longer term but we need to sort out how we work with upstream first19:49
jamespagekirkland: so I think that for this release partner is really the only realistic choice19:49
kirklandjamespage: is that attainable for Oneiric?19:49
kirklandjamespage: okay19:49
kirklandjamespage: that gives me something I can work against, schedule wise19:49
kirklandjamespage: we'll target Partner and/or a PPA for Oneiric19:50
jamespagekirkland: I think that is the only choice ATM19:50
jamespagekirkland: are you going to go with the packages your team has produced or use the upstream distribution packages?19:51
jamespagefrom CDH19:51
=== CrazyGir is now known as Guest40059
kirklandjamespage: we haven't made a firm decision yet, but I think we were leaning toward our packaging19:52
jdstrandalamar: fyi, ufw uses plain iptables-restore syntax in its rules files19:52
kirklandjamespage: do you have an opinion or information to add?19:52
alamarjdstrand: from what it looks like there are also different things going on in the files19:52
jamespagekirkland: I think working with the upstream CDH packages will give you a smoother line for support/bugs etc...19:53
jamespagekirkland: but I have not looked at that packaging19:53
kirklandjamespage: interesting, okay19:53
jdstrandno. these are just fed into iptables-restore. granted, various chains are setup, etc, but the rules files are no more than straight iptables19:53
kirklandjamespage: yeah, i was looking for specific information why one might be better than another19:53
jamespagekirkland: well you get better support for older releases but nothing newer than maverick ATM19:56
jamespagekirkland: so that might actually answer your question19:56
kirklandjamespage: ah, yeah19:56
jamespagekirkland: that said they do publish a full suite of hadoop plus friends - http://tinyurl.com/3mkyqtw19:57
=== koolhead17 is now known as koolhead17|afk
tipharesso, can someone tell me where i screwed up the syntax here; cat filename | xargs mv TARGET20:18
alamartiphares: try mv -t TARGET20:23
alamarxargs appends the input to the command string and mv, without specifying it further, treats the last input word as destination20:23
tipharesdidn't change much20:25
=== CrazyGir_ is now known as Guest62894
alamartiphares: what's the exact problem?20:27
tipharesstill working on my previous problem20:28
tipharesmoving certain stuff into a specific folder20:28
alamarI meant with the cat X | xargs mv -t Y20:28
tipharesit returns this20:28
tipharesmv: invalid option -- 'r'20:28
tipharesTry `mv --help' for more information.20:28
alamartiphares: try cat foo | xargs mv -t TARGETDIR --20:30
Guest62894when adding the iptables line to before.rules, and then stopping/starting ufw, it freaks with: ERROR: problem running ufw-init20:30
jdstrandGuest62894: can you use paste.ubuntu.com and paste your before.rules file?20:30
Guest62894bah. I should be CrazyGir..20:30
alamarGuest62894: do logs tell you anything more specific? also it wouild be recommendable to paste your before.rules file somewhere20:31
tipharesthat worked alamar20:31
tipharesthat seems confusingly random20:31
alamartiphares: pardon me?20:31
tipharesadding '--' worked20:31
Guest62894there we go :)20:32
alamartiphares: "--" prevents anything afterwards from being interpreted as commandline argumeents20:32
alamarthis works with every command20:32
alamarmore or less20:32
alamarlet's say most commands20:32
=== Guest62894 is now known as CrazyGir
alamarprobably with all commands using getops*20:33
CrazyGirthere we go :)20:33
tipharesi learn something new everytime im here :P20:33
Picimore, less, and most all support that.20:33
CrazyGirjdstrand: my before.rules (written by someone else) is quite long, and works fine by itself20:33
jdstrandCrazyGir: well, I need to see what you added and where to see what the problem is20:34
CrazyGirwhen I add this line, it fails: -A PREROUTING -i br0 -p tcp -t nat --dport 9000 -j DNAT --to-destination
jdstrandCrazyGir: a diff of before and after is likely good enough20:34
CrazyGirI added it at the end20:34
CrazyGirbefore COMMIT20:34
alamarPici: well as I said most do. but it's probably related to the use of the getopt-family of functions for commandline parsing20:35
jdstrandCrazyGir: that is your problem. the before.rules only has the *filter table20:35
Picialamar: I know, was just playing with the words you chose to use to describe that.20:35
CrazyGirjdstrand: ah, so I'm a bit confused20:36
jdstrandCrazyGir: see 'man ufw-framework', the 'Port Redirections' section20:36
alamarCrazyGir: as I understand there are different sections like *nat and *filter20:36
CrazyGirwhere should I be putting port redirections?20:36
alamarwithin the *nat section20:36
alamarjdstrand: this is by the way what I meant with other stuff in the file ;)20:37
jdstrandalamar: it is still all iptables-restore20:37
jdstrandyou can't mix and match rules for different tables20:37
alamarCrazyGir: when you put it in the nat section you will probably not need to refer to the nat table20:37
CrazyGirand this is why I love pf20:37
jdstrandyou need a *filter table, and a *nat table and the right rules need to go in the right places20:37
alamarCrazyGir: you could use iptables directly20:37
CrazyGirit's iptables that is nuts :)20:38
alamarno it isn't20:38
CrazyGiralamar: the 'nat seciton' you are referring to.. is this in before.rules?20:38
jdstrandCrazyGir: read the ufw-framework man page like I said :) it has what you need, I promise :)20:39
jdstrandEXAMPLES, then Port Redirections20:39
CrazyGirjdstrand: yea, I'm ther20:39
CrazyGirI see there are 2 things i need for this to work20:39
CrazyGirnot just the one line I had20:40
* jdstrand nods20:40
jdstrandwell, this is an example20:40
jdstrandit is assuming the firewall is mostly closed, which is why the filter table part is there (ie, as documented, it will work with ufw)20:40
jdstrandanyhoo, gotta run20:41
CrazyGirnot sure I follw you there, but thanks20:41
CrazyGirI would call this "mostly closed"20:41
alamarbefore.rules could be added to man 520:41
alamarjdstrand: TIL about iptables-save & iptables-restore; thank you20:43
hallynkirkland: ooh, qemu v0.15.0-rc0 was tagged20:44
hallynupdating my main virt laptop to onieric today, then i'll try a sync and see hwo it goes20:45
CrazyGirwhen starting ufw, and it fails, is there a way to get a specific line number that it errored on?20:46
CrazyGirERROR: problem running ufw-init <--- not helpful20:47
jdstrandunfortunately, no20:47
jdstrandyou can run ufw-init manually20:47
CrazyGirufw disable; ufw-init ?20:47
jdstrand/lib/ufw/ufw-init reload20:47
jdstrandCrazyGir: yes, disable fine. then you will want to update /etc/ufw/ufw.conf manually to 'enable' it, then use ufw-init manually20:48
hallyndoh', tehre i ago again, confusing the trees20:49
hallyn0.14.1 it is20:49
alamarah so now I understand why you did not like me badmouthing ufw :)20:49
jdstrandhallyn: fyi, I uploaded a new qemu-kvm today20:49
CrazyGirjdstrand: what do you mean by this? then you will want to update /etc/ufw/ufw.conf manually to 'enable' it20:50
hallyni saw the push.20:50
jdstrandhallyn: not sure if 0.14.1 has the fixes or not...20:50
hallynyeah, not sure, but i'll be checking of course20:50
jdstrandCrazyGir: ufw-init will short circuit if the firewall is disabled20:50
hallynstill hoping 0.15.0 comes out before freeze :)20:50
jdstrandCrazyGir: since 'ufw enable' is not working for you, you need to stop the short circuit. that is done by setting ENABLED=yes in /etc/ufw/ufw.conf20:51
CrazyGirah, yes, I have that20:55
CrazyGirhrm, ufw-init doesn't like the *nat I included per the manpage20:57
CrazyGirbefore COMMIT20:57
alamaryou probably really should paste it somewhere20:58
ubottuFor posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.20:58
jdstrandCrazyGir: the *nat is after COMMIT20:58
jdstrandCrazyGir: see, each table starts with:20:58
jdstrand*<table name>20:58
jdstrandrules for the table20:58
jdstrandso, you need:20:59
jdstrandyour regular rules20:59
jdstrandyour new rules from ufw-framwork for PREOUTING20:59
RoyKdoes ufw have NAT in recent versions of ubuntu?21:00
jdstrandRoyK: not via the cli, no21:00
RoyKimho the lack of nat in ufw is a major drawback21:00
hallynonly via the gui? :)21:00
jdstrandhallyn: hah, uuh, no :)21:00
RoyKadding nat support to ufw must be a rather tough task - I guess an hour or three for a decent programmer :P21:01
kirklandhallyn: neat21:01
kirklandhallyn: you merging?21:02
jdstrandRoyK: the feature is planned, and I hear what you are saying. it is something I would like myself. that said, the primary audience is for bastion hosts/desktops/server, not for routing firewalls21:02
hallynkirkland: i'll take 0.14.1 tomorrow at least21:02
jdstrandRoyK: patches welcome and all that :)21:02
RoyKjdstrand: still, quite a lot of people would like to use a server for NATing21:02
RoyKjdstrand: I don't have that need atm, so I don't think I'll spend much time on it21:02
CrazyGirjdstrand: this is going better, but iptables is not happy with the following, is there a way to get more specifics on what it doesn't like? -A PREROUTING -p tcp -i br0 -t nat --dport 9000 -j DNAT --to-destination
alamarCrazyGir: the "-t nat" is not necessary in this setup21:03
jdstrandCrazyGir: get rid of the '-t nat'21:03
CrazyGirdidn't you tell me to put it in there alamar ?21:03
alamarCrazyGir: for iptables yes21:03
jdstrandCrazyGir: you already specified the table via '*nat'21:03
alamarI said iptables ....21:03
CrazyGirok, much better21:04
CrazyGirjdstrand: that makes more sense _now_ ;)21:04
CrazyGirslowly piecing together my understanding with iptables here21:04
CrazyGirI appreciate the patience21:04
jdstrandCrazyGir: if you are going to be fiddling a lot with before.rules, I recommend reading the iptables man page21:04
CrazyGirI'm hoping to limit it to this one set of port forwards21:04
* jdstrand nods21:05
CrazyGirthese servers are all setup (and actually someone else's responsibility)21:05
alamarso stop messing with his fw setup1!!!! ;)21:05
CrazyGirI'm responsible for the VMs running on these servers21:05
CrazyGirbut I'm responsible for the VMs, and he's floating somewhere in some water somewhere in greece21:06
alamarCrazyGir: I wasn't serious ;)21:07
kirklandhallyn: FYI, I just turned off my email subscription to ~ubuntu-virt's monitored packages (kvm, libvirt, and friends)21:07
kirklandhallyn: please explicitly subscribe me to any bug that you'd like my attention to21:07
kirklandhallyn: it's been ages since I've needed to do anything on any of those bugs beyond the excellent work that you, mdeslaur, and jdstrand already do21:07
kirklandhallyn: so I turned off that swath of bugmail (so I can focus on other swaths of bugmail) :-)21:08
kirklandDaviey: ^21:08
Davieykirkland: Yeah, i think we have it covered in ~ubuntu-server, thanks for letting us know.21:14
kirklandDaviey: np;  never hesitate to subscribe me, if I can help21:14
* Daviey subscribes kirkland to all bugs :)21:16
* kirkland runs for cover21:16
hallynkirkland: thx for the heads-up.  (just left the faraday cage^W^Wporch for a minute :)22:05
kirklandhallyn: heh, cool22:29
kirklandhallyn: i think my airstream is a faraday cage22:30
martynkirkland : Close to it .. Aluminum isn't known for being radio-transparent22:38
martynkirkland: What's got you in an airstream?22:38
kirklandmartyn: fun thing to have sometimes22:39
martynWell, sure :)  I was wondering if you were travelling...22:39
martynI've gone to various Burning Man related events in an airstream ... it was 60's retro fun :)22:40
kirklandmartyn: ah, no, not at the moment22:40
kirklandmartyn: nice;  mine's a 196822:40
martynHoo .. that's nice22:40
martynHard to keep the aluminum skins in perfect condition.. but they are wonderful trailers22:41
martynGot a kitchen in yours?22:41
martyn(some had 'em, many didn't .. beautiful mini kitchenettes though)22:41
kirklandmartyn: yup22:41
kirklandmartyn: it's pretty nice22:43
=== medberry is now known as med_out
hallynoh ffs, i go to all the trouble to instal lwindows so i can install firmware update, and the update fails to install23:51
* hallyn hates firmware junk23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!