ejat | hi .. i do the release upgrade on ec2 .. from maverick to natty then i get this | 00:16 |
---|---|---|
ejat | http://paste.ubuntu.com/676897/ | 00:17 |
ejat | is it ok for me to reboot or need to fix it 1st then reboot | 00:17 |
Doonz | hey guys anyone have experince with smal storage solutions? | 01:15 |
jcastro | jamespage: Does the etherpad-lite formula work? I just gave it a try. | 01:29 |
jcastro | it listens on port 9001 iirc? | 01:29 |
patdk-lap | smal? | 01:33 |
Doonz | small* | 01:37 |
jmarsden | Doonz: Please try to be much more specific about what you are asking. A microSD card is a "small storage solution", and I have one of those -- but I don't think that is what you mean... is it? | 02:08 |
Doonz | well lets see. Ok Im trying to build a media storage set up for home around the 100tb mark. I currently run 25tb btu what im finding is my sever is getting to taxed and performance is suffering. So i have thought of breaking the one large system into multiple systems | 02:11 |
Doonz | i just dont understand alot of the terms | 02:12 |
Doonz | and im not sure which way i should go without spending a billion bux | 02:12 |
=== DarkwingDuck_ is now known as DarkwingDuck | ||
=== lickalott_ is now known as lickalott | ||
=== smb` is now known as smb | ||
trapmax | Any idea how to get rid of "File descriptor 15 (socket:[6111]) leaked on lvremove invocation." messages? | 07:39 |
van7hu | howdy | 07:49 |
van7hu | how could I know if my kernel was compiled with netfilter support? | 07:50 |
ayambit | van7hu: try to add iptables rule? | 07:59 |
van7hu | .e.g iptables ... etc? | 07:59 |
van7hu | by the mean of ubuntu, is it default? | 07:59 |
ayambit | van7hu: yes, iptables. It is enabled by default (of course) in ubuntu. | 08:00 |
van7hu | but netfilter? | 08:00 |
ayambit | iptables needs netfilter, so if your iptables rule will work, netfilter is available. | 08:02 |
ayambit | And it is in ubuntu-server by default. | 08:02 |
van7hu | okay, thank you | 08:04 |
=== masACC is now known as maswan | ||
uvirtbot` | New bug: #634102 in cloud-init (main) "t1.micro EC2 instances hang on reboot" [High,Fix released] https://launchpad.net/bugs/634102 | 08:37 |
=== uvirtbot` is now known as uvirtbot | ||
=== himcesjf1 is now known as himcesjf | ||
igcek | hello, what would be the best way to have multiple web servers on one static ip | 08:55 |
igcek | different machines with for. ex. | 08:56 |
igcek | ubuntu server installed on them | 08:56 |
ersi | igcek: Utilise different ports for the different daemons | 08:57 |
ersi | Or have some reverse proxy magic on :80 and the other web daemons on other ports and rewrite the requests | 08:58 |
ersi | igcek: Why several different web servers on the same IP though? Or do you just want to serve different domains/sites on the same web server? | 08:59 |
igcek | i have production server and a server production to be... so they all have to be seperated and on port 80. | 09:00 |
igcek | would it work if i just like redirected domain to ip with port and then do a port forwarding? ip:xx.xx.xx.xx:234 | 09:01 |
ersi | igcek: You have one serving the 'production site' and one for testing? | 09:02 |
igcek | now i have one serving the production site, and it probably is not a good idea to put next to it a testing web page. but overall idea is to have for every company physicly different server | 09:05 |
igcek | virtualisation | 09:05 |
ersi | igcek: Yeah, okay - I understand that. But why have it on the same IP? | 09:20 |
ersi | And the same port.. | 09:20 |
igcek | they would all be web servers. (port 80) i only have one static ip. (worldwide) | 09:21 |
linocisco | I want to make ubuntu mail server for windows clients. THat mail server would be for communicating one PC to another if internet is offline. I would like to know where I can find reference link. | 09:24 |
ersi | igcek: Why is changing IP not feaseble? Like using :8080 for the test machine | 09:26 |
ersi | igcek: I meant port, not IP | 09:26 |
igcek | i would like to have transition as painless as can be | 09:28 |
linocisco | I keep seeking on youtube. all are with non-english version. and with GUI desktop. I want to see english version configuration on CLI only pure ubuntu server . | 09:28 |
ersi | linocisco: Usually you will need no further configuration than setting up the mail accounts on the same domain and serve that domain from That mail server | 09:29 |
ersi | linocisco: As in user@companyA.com will be able to mail collueage@companyA.com even if other networks are unreachable | 09:30 |
linocisco | ersi: Yes. I did choosing internet site. | 09:30 |
ersi | And? | 09:30 |
linocisco | ersi: I would like to know how to create users and how to configure accounts on windows mail clients like outlook or thuderbird | 09:31 |
linocisco | ersi: I tried telnet localhost 25 . it was fine | 09:31 |
ersi | Depends on configuration.. usually the default is to use whatever accounts are on the machine. ie local users (root, linocisco, etc in /etc/passwd) | 09:31 |
ersi | 25? Have you only configured SMTP? | 09:32 |
linocisco | ersi: as I have no extra computer. I am to setup my ubuntu text base server on VM and client is my widnows 7 on celeron Toshiba Laptop | 09:32 |
ersi | Um >_> Hm | 09:32 |
linocisco | ersi: I have only one default account since creation. I have not setup DNS server or BIND config on that. | 09:33 |
ersi | Well, you don't really need that for a functional mail service.. What you need is something like postfix to handle incoming mail, and whatever you're using now for SMTP/shuffling outgoing mail | 09:34 |
ersi | I usually just use postfix and dovecot together | 09:34 |
ersi | There's like, endless amounts of documentation of both softwares (in English).. They can be a bit tricky to get to work if it's the first time though | 09:35 |
ersi | linocisco: Maybe this can be of service to you? https://help.ubuntu.com/10.04/serverguide/C/email-services.html | 09:36 |
uvirtbot | New bug: #836544 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/836544 | 09:36 |
linocisco | ersi: The worst thing is I have no internet with my ubuntu server. When I installed mail server, I did using CD installer during installation. I selected [Mail server]. I dont know how to install dovecot without internet. Even with CDrom, I dont know how to , after installaton. | 09:40 |
Daviey | Who is in the mood for some bug triage? Yeah! | 09:41 |
ersi | linocisco: Heh, oh yeah.. Hm, that always makes stuff a lot more... interesting. | 09:43 |
linocisco | ersi: does server installer include dovecot or Not ? | 09:44 |
ersi | linocisco: I don't know, I'm spoiled with always-internet :| | 09:44 |
linocisco | ersi: that sucks. our country has expensive internet | 09:45 |
linocisco | Does anybody know how to build email server for windows clients using ubuntu server installer CD only ? | 09:50 |
linocisco | is there any ubuntu server training video except the one by Michael Jang which is just in brief ? | 10:02 |
EriksLV | hi | 10:04 |
EriksLV | any recommendations for raid5 controller that works with ubuntu server? | 10:04 |
linocisco | EriksLV: hardware raid or software raid ? hardware RAID is better | 10:05 |
EriksLV | hardware raid | 10:05 |
linocisco | EriksLV: I would recommend ASUS motherboards | 10:06 |
EriksLV | asus | 10:06 |
EriksLV | for a server? | 10:07 |
EriksLV | a joke? | 10:07 |
EriksLV | I need PCIE RAID controller | 10:07 |
patdk-lap | what kind of drives are going be used? | 10:10 |
EriksLV | 4xWD RE4 1TB SATA2 3.5" 7200RPM 64MB | 10:17 |
EriksLV | part number: WD1003FBYX | 10:18 |
EriksLV | any recommendations patdk-lap? | 10:19 |
* soren doesn't care much for hardware raid | 10:21 | |
Guybrush_T | hi guys! i want to use a mra to get all the mails from my different mail accs and forward them to a specific imap folder - i heard from fetchmail and getmail and also that they are not that geat pieces of software. anyone has a better idea? | 11:08 |
=== TRKDK is now known as TRK | ||
memoryleak | I'm trying to use a bash variable in a sed expression - how could I make this work: sed 's/__USER__/${USERNAME}/g' template.conf | 12:09 |
EriksLV | maybe escape dollar sign... | 12:17 |
EriksLV | just a guess | 12:17 |
trapmax | or "'$USER'" | 12:17 |
Ursinha | morning | 12:39 |
Daviey | Ursinha: o/ | 12:48 |
zul | hi Ursinha | 12:48 |
Daviey | Today is a national holiday :/ | 12:49 |
Daviey | zul: Stuff which concerns us on, http://people.ubuntu.com/~davewalker/component-mismatches-mir-track.html - can you check we need them, and raise a MIR if we do? | 12:50 |
Daviey | -carrot will be required for nova after all. | 12:50 |
Daviey | -dingus and -anyjson not looked at | 12:50 |
zul | kombu is not going to work? | 12:50 |
Daviey | -stompy needs body in the MIR | 12:50 |
Daviey | zul: nah, it turned out to be too heavy to replace this late in openstacks cycle. | 12:50 |
zul | Daviey: i was going to make a joke about it but good thing for the delete key | 12:51 |
Daviey | heh | 12:52 |
ersi | What's a "MIR"? | 13:10 |
jcastro | Main inclusion report: https://wiki.ubuntu.com/MainInclusionProcess | 13:10 |
Daviey | kees: Would you be able to look at the kombu MIR please? :) | 13:20 |
soren | Daviey: If we're stuck on -carrot, why do we need kombu? | 13:28 |
zul | soren: glance uses it | 13:39 |
linocisco | hi | 13:57 |
linocisco | how to setup ubuntu mail server to be used by microsoft outlook ? | 13:58 |
patdk-wk | what exactly is, ubuntu mail server? | 14:01 |
patdk-wk | a postfix/dovecot install? | 14:01 |
=== DrNick___ is now known as DrNick__ | ||
uvirtbot | New bug: #836728 in krb5 (main) "package libkadm5clnt-mit7 1.8.3 dfsg-5ubuntu2.1 failed to install/upgrade: error writing to '<standard output>': Success" [Undecided,New] https://launchpad.net/bugs/836728 | 14:26 |
=== himcesjf1 is now known as himcesjf | ||
soren | zul: Ah. | 15:32 |
laserbled | Hi, I have logged into 10.10 64 bit through ssh - I installed xorg-xserver - but I cant startx - please tell me what to do to get to the x environment | 15:56 |
=== med_out is now known as medberry | ||
elz89 | How can I configure slapd daemon to listen on only one of the network interfaces? | 16:59 |
bkerensa | elz89: Have you checked the slapd.conf ? | 17:01 |
elz89 | bkerensa: no only /etc/ldap/ldap.conf I shall check slapd.conf now. | 17:02 |
bkerensa | elz89: Yeah I would check it and see if it allows you to define listening | 17:03 |
elz89 | bkerensa: all I can find is /usr/share/slapd/slapd.conf and no mention in there of interface. | 17:05 |
bkerensa | odd | 17:05 |
bkerensa | elz89: Here http://www.openldap.org/doc/admin24/security.html | 17:06 |
elz89 | bkerensa: I have that page already, and it does not mention how it is done on ubuntu server in a config file. | 17:07 |
elz89 | Or does it mean if I start it once with specified interface it will remember that in config file for next start? | 17:07 |
bkerensa | perhaps | 17:08 |
bkerensa | let me dig a little more | 17:08 |
elz89 | OK thank you :-) | 17:08 |
elz89 | I'm happy to be given things to read as well. | 17:09 |
bkerensa | elz89: I looked pretty good and it doesnt seem like there is any info in man or on google to do selective listening | 17:10 |
bkerensa | =o | 17:10 |
elz89 | bkerensa: Yeah I had a good google :-P or so I thought. | 17:11 |
bkerensa | elz89: Have you considered asking a OpenLDAP dev? | 17:11 |
pmatulis | elz89: see /etc/default/slapd | 17:19 |
bkerensa | elz89: Did pmatulis help you out? | 17:23 |
kernelpanicker | feel free to suggest the right channel... but where does bind9 store it's DNS cache? | 17:25 |
bkerensa | kernelpanicker: I think its stored in memory unless you specific it to backup elsewhere | 17:27 |
bkerensa | kernelpanicker: Check /var/tmp | 17:27 |
uvirtbot | New bug: #836849 in samba (main) "Samba starts before static IPs set in network manager" [Undecided,New] https://launchpad.net/bugs/836849 | 17:29 |
noecc | I've compiled git from source, aptitude install puppet wants to install git-core{a}. How can I proceed without installing git-core{a}? | 17:33 |
bkerensa | noecc: Perhaps remove git then apt get install git && puppet | 17:56 |
noecc | bkerensa: yes except I prefer the latest git from source. | 17:58 |
bkerensa | hmm ok does the latest git have a .deb? | 17:59 |
genii-around | noecc: Maybe set APT::Install-Recommends and APT::Install-Suggests both to zero | 17:59 |
bkerensa | genii-around: +1 I totally didnt think of that | 18:00 |
uvirtbot | New bug: #836875 in bacula (main) "package bacula-director-mysql 5.0.3-1ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/836875 | 18:01 |
elz89 | pmatulis, bkerensa, : nothing in that file either :-( | 18:02 |
bkerensa | elz89: OpenLDAP devs maybe ask them thats what I would do :D | 18:02 |
bkerensa | elz89: If you find out how ping me and I will make a How-To for others | 18:03 |
pmatulis | elz89: this doesn't give you a hint: | 18:05 |
pmatulis | # Example usage: | 18:05 |
pmatulis | # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | 18:05 |
Daviey | soren: glance needs kombu | 18:05 |
Daviey | Ah, zul already answered you | 18:06 |
Daviey | soren: infact, glance D4 is blocked in unapporved pending MIR kombu MIR. | 18:06 |
elz89 | pmatulis: Thank You | 18:09 |
uvirtbot | New bug: #836889 in bacula (main) "package bacula-director-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/836889 | 18:21 |
kernelpanicker | I'm setting up postfix on ubuntu 10.04; how do I hold mail for users in such a way that they can't log into the system via, say, SSH? | 18:28 |
alamar | by not giving them a valid shell for example? | 18:34 |
alamar | or by using non-system user mail accounts | 18:34 |
TheEvilPhoenix | ^ | 18:35 |
kernelpanicker | well... I'm creating a VPS to handle the mail and lists for an existing server. I'll have some mail coming in for some regular users, and the rest will be list traffic. | 18:36 |
kernelpanicker | I'm unclear on where the mail will be 'held' for the list members, and how to deal with the 'regular' mail users... | 18:37 |
alamar | kernelpanicker: mail will not be held for mailinglist users | 18:37 |
kernelpanicker | I have to use postfix/dovecot/mailman, as well, as that's what I've been told to do... | 18:37 |
alamar | it will be delivered to the mailinglist's registered addresses | 18:37 |
kernelpanicker | and I'll be honest, I've been wrestling with this for almost 2 1/2 weeks now... | 18:37 |
kernelpanicker | something that would take one of you probaby 3 hours... | 18:38 |
kernelpanicker | because I don't have a clue. | 18:38 |
alamar | there's like a million howtos that exactly describe how to set up this software constellation | 18:38 |
kernelpanicker | But onward ho, right? | 18:38 |
kernelpanicker | I have a bookmark for each how to... | 18:38 |
kernelpanicker | all of them imperative masterpieces, for particular distros... | 18:38 |
kernelpanicker | etc... | 18:38 |
alamar | well maybe you should pay someone who has more of a clue | 18:38 |
kernelpanicker | I would, if I had more than, what, .27 cents in my pocket. | 18:39 |
kernelpanicker | and also, I want to learn about this stuff. | 18:39 |
kernelpanicker | that was 27 cents... | 18:39 |
kernelpanicker | at any rate... | 18:40 |
kernelpanicker | it seems like the non list email recipients need something to hold their mail, right? | 18:40 |
kernelpanicker | and that not all of them should be able to log into the box... | 18:40 |
kernelpanicker | so I can't just make them into users, right? | 18:40 |
kernelpanicker | There should be some mechanism for holding mail for them, but not making them users, and I recall something like 'adduser -s /sbin/nologin emailusername; passwd emailusername' on other flavors of linux... | 18:42 |
alamar | you can do more or less anything. you can create individual system user's, you can prevent them from logging in, you could create virtual user'S (meaning non-system but in some other database like ldap or mysql) | 18:42 |
kernelpanicker | but that doesn't seem to work in Ubuntu. | 18:42 |
kernelpanicker | alamar: OK | 18:42 |
alamar | kernelpanicker: it is not a good idea to try to administer a public running server if you do not have any idea what you are doing | 18:42 |
kernelpanicker | alamar: tell me about it | 18:42 |
kernelpanicker | doesn't life suck | 18:43 |
ersi | Unfortunally, with mail services - it's usually learning by doing | 18:43 |
alamar | ersi: you can learn and do a LOT by reading appropriate documentation and using a controlled environment | 18:43 |
kernelpanicker | it's also not a good idea to get married, have kids, or jump from hovering helicopters | 18:43 |
alamar | or it will be learning the hardware by ending up on nearly every blacklist | 18:44 |
alamar | and having a non functional mailserver anyway.. | 18:44 |
glebaron | I have a question about ubuntu 10.04 server with multipath drive arrays attached. http://paste.ubuntu.com/677378/ is my multipath listing. http://paste.ubuntu.com/677380/ is my ls -al from /dev/mapper/ | 18:44 |
alamar | s/hardware/hard way/ | 18:44 |
kernelpanicker | what's fantastic is that if one does decide to learn, one can plunge in, read documentation, and get help from irc channels when you're stuck ;) | 18:44 |
ersi | alamar: Well well, you can prepare all you want.. when you go live, you can bet your horse on that something's wrong anyway :P | 18:45 |
alamar | ersi: but then I didn'T rush into running live before even knowing what I'm doing | 18:45 |
glebaron | All is good until I reboot the server. When it comes back up, in /dev/mapper/ all of the mpathxp#'s are missing. | 18:45 |
glebaron | Then the only way I can get them back is to run partprobe /dev/mapper/mpathx. | 18:46 |
ersi | alamar: All sound advice, for sure. | 18:46 |
glebaron | I am thinking that a reboot should not cause it to loose the partition maps. | 18:46 |
glebaron | *lose | 18:46 |
kernelpanicker | alamar is 100% right | 18:46 |
alamar | ersi: it's servers like that which are sending millions of spam mails before their admins EVEN NOTICE it | 18:46 |
kernelpanicker | so, alamar, what are your top two ways of locking down your servers to prevent them from becoming spam farms, and I'll go google them to learn. | 18:47 |
ersi | alamar: I was not saying that one should rush into deploying, without looking at the documentation or taking the 'simple' steps to make sure you won't get instablacklisted | 18:47 |
kernelpanicker | or just one will get me going. | 18:47 |
ersi | Always always authenticate users of your outgoing services | 18:48 |
* kernelpanicker googles 'authenticating users of outgoing mail services' | 18:48 | |
ersi | "Outgoing authentication" is perhaps a better search term | 18:50 |
kernelpanicker | ok | 18:51 |
tarvid | if I have a string of nsupdate commands that appear to do what I want to do, where is the best place on the client to hook them? | 18:55 |
alamar | set up dns properly (forward confirmed reverse dns), read up on spf (some server's will not accept mail without proper spf records for your domain), implement proper user authentication, provide ssl, use monitoring(munin/nagios), read the documentation for all used software components(postfix, dovecot, mailman and whatever your authentication backend will be) | 18:55 |
alamar | think about using dnsbls/rbls | 18:56 |
alamar | think about greylisting and/or whitelisting | 18:56 |
alamar | and run ntpd to keep your time in synch if you not already do so | 18:56 |
alamar | don't run any other unecessary services, keep up with the security updates for your distribution | 18:57 |
alamar | think about using ratelimiting rules in your firewall, maybe use some mechanism like fail2ban to monitor/ban password/account cracking attempts | 18:58 |
alamar | test your configuration (at least with http://www.abuse.net/relay.html ) if it can be abused as open relay | 18:59 |
Daviey | soren: Around? | 19:03 |
Daviey | I wanted to talk to you about greenlet. | 19:04 |
soren | Shoot | 19:04 |
Daviey | soren: So.. Firstly.. I had NFI it was monkey patching.. Really confused me why standalone code was working, but not inside openstack :) | 19:06 |
Daviey | soren: secondly.. Do you know how to NONBLOCK ? | 19:06 |
Daviey | This crappy snippet works with standard os, but not greenlet monkey patched: os.fdopen(os.open(fpath, os.O_RDONLY | os.O_NONBLOCK)) | 19:07 |
Daviey | ie, it's blocking. | 19:07 |
soren | Yh. | 19:09 |
soren | Uh, even. | 19:09 |
soren | Sorry, what are you trying to do? | 19:09 |
koolhead17 | RoAkSoAx: ping | 19:09 |
Daviey | soren: so.. I want to open a char device.. so "cat foo" would hang forever as there is no EOF. It's like doing a tail -f. | 19:11 |
soren | Daviey: Ok. | 19:11 |
Daviey | I want to capture what is there, which is achieved with teh fugly snippet up there using standard os. | 19:11 |
soren | Daviey: So you want it block. | 19:11 |
Daviey | but the monkey patched os ignores the os.O_NONBLOCK | 19:12 |
Daviey | no, i want it to NOT block | 19:12 |
soren | Daviey: You're confused. | 19:12 |
soren | Or you | 19:12 |
Daviey | ah. I bet os.O_NONBLOCK = None in the monkey patched os. | 19:12 |
soren | 're making me confused. | 19:12 |
Daviey | hold fire.. lemme check my theory. | 19:12 |
soren | Daviey: You say: 'so "cat foo" would hang forever as there is no EOF. | 19:13 |
Daviey | Yes. | 19:13 |
soren | Daviey: That means it's blocking. | 19:13 |
soren | Non nonblocking. | 19:13 |
Daviey | yes, i want it to not block. | 19:13 |
soren | Ok... Let's pretend I didn't hear anything but that, shall we? | 19:13 |
soren | :) | 19:13 |
Daviey | ok :) | 19:14 |
soren | Specifically, I'll ignore all the confusing bits you said. :) | 19:14 |
Daviey | I'm not sure what part confused.. :/ | 19:14 |
soren | WEll, if "cat foo" *hangs* forever... That means it's blocking. | 19:14 |
Daviey | correct | 19:14 |
soren | ...but you say you want non-blocking. | 19:14 |
soren | That's confusing. | 19:14 |
soren | Or a *REALLY* bad example of what you want to do. | 19:14 |
Daviey | I want to cat foo and for it to NOT block. | 19:14 |
soren | Aha! | 19:15 |
soren | Awesome. | 19:15 |
soren | Ok. | 19:15 |
soren | So.. | 19:15 |
soren | This is why I hate eventlet. | 19:15 |
Daviey | my theory is that os.O_NONBLOCK is not implemented. | 19:15 |
soren | You don't get to play with non-blocking I/O. | 19:15 |
soren | It does it for you and you only get to pretend you're dealing with blocking I/O. | 19:15 |
SpamapS | eventlet means that every event "blocks" but returns control to the event loop, right? | 19:17 |
soren | So all your code ends up looking like it's using blocking I/O, but behind the scenes, eventlet does a buch of magic to make it non-blocking. | 19:17 |
soren | Yes, the is easier for people who don't grok how to write proper async code, but it's really, really confusing if you do. | 19:17 |
soren | SpamapS: That's essentially what ahppens behind the scenes, yes. Hidden away. Unless you go and look, you haven't a clue there's such a thing as an event loop. | 19:18 |
soren | For better or worse. | 19:18 |
Daviey | soren: both values of os.O_NONBLOCK == 2048.. So it gets deeper.. *sigh* | 19:18 |
soren | Daviey: You need to stop making assumptions about anything. | 19:19 |
soren | Daviey: Because eventlet probably monkey patched those assumptions to no longer be true. | 19:19 |
Daviey | soren: Well i mean, 2048 is a value in both patched and pure os. However, the 'deeper' means it's not implemented within greenelt. | 19:20 |
soren | Daviey: Do you have some code that demonstrates your problem that I can help you debug? | 19:20 |
Daviey | soren: It would be easier for you to share my env tbh. Give me a few. | 19:21 |
soren | Daviey: ok, cool. | 19:21 |
Daviey | soren: ssh ubuntu@91.189.93.86 -t bash ; sudo -s ; screen -xr | 19:24 |
Daviey | soren: The only window running vi is the one to grok | 19:25 |
soren | Daviey: What are you trying to achieve again? Does the existing code not work? | 19:29 |
soren | Daviey: I wonder how longs it's been since I wrote the Xen code. It's not entirely impossible it predates the eventletification. | 19:30 |
Daviey | soren: sniffing bug 832507, and using a ring buffer, rather than a standard file. | 19:31 |
uvirtbot | Launchpad bug 832507 in nova "console.log grows indefinitely" [Low,Confirmed] https://launchpad.net/bugs/832507 | 19:31 |
RoAkSoAx | koolhead17: pong | 19:31 |
koolhead17 | RoAkSoAx: do you have few minutes? i got few questions. | 19:31 |
RoAkSoAx | koolhead17: sure | 19:32 |
Daviey | soren: so get consolelog blocks using standard os read() as it doesn't EOF | 19:32 |
koolhead17 | cool | 19:32 |
soren | Daviey: ...for Xen. | 19:32 |
Daviey | soren: I'm only testing against kvm/qemu atm | 19:32 |
soren | Daviey: That doesn't make any sense. | 19:33 |
soren | Daviey: kvm logs directly to a file. | 19:33 |
soren | Daviey: A plain file. It absolutely EOF's. | 19:33 |
Daviey | soren: which is the roblem. | 19:33 |
Daviey | problem. | 19:33 |
soren | I understand that that is the problem outlined in the bug. | 19:33 |
Daviey | 20:31 < Daviey> soren: sniffing bug 832507, and using a ring buffer, rather than a standard file. | 19:33 |
uvirtbot | Launchpad bug 832507 in nova "console.log grows indefinitely" [Low,Confirmed] https://launchpad.net/bugs/832507 | 19:33 |
soren | Ok, you've lost me somewhere. | 19:34 |
soren | kvm logs to a file. | 19:34 |
soren | This file can grow indefinitly, which is really bad. | 19:34 |
soren | Now, where does the need for non-blocking I/O come into the picture? | 19:34 |
Daviey | soren: Yes, which is why i am sniffing using a ringbuffer char device, rather than a plain test file. | 19:34 |
Daviey | text file* | 19:35 |
soren | A.... ringbuffer char device? | 19:35 |
soren | Enlighten me please. | 19:35 |
Daviey | soren: emlog | 19:35 |
Daviey | soren: http://www.circlemud.org/jelson/software/emlog/ | 19:35 |
koolhead17 | RoAkSoAx: 1. i am using cobbler system for adding a specific system and i have defined it to acquire static IP in th preseed like this http://pastebin.com/Mw7UiVNB but its failing. | 19:36 |
Daviey | soren: WIP - http://paste.ubuntu.com/677426/ | 19:36 |
soren | Daviey: Oh, and it doesn't only support Linux 2.2. It supports Linux 2.4, too! | 19:37 |
soren | Oh, wait. | 19:37 |
RoAkSoAx | koolhead17: what's failing? | 19:37 |
Daviey | soren: I'm actually using a fork :) | 19:38 |
koolhead17 | netcfg/choose_interface=eth1 as additional kopts | 19:38 |
koolhead17 | RoAkSoAx: it fails to assign this static IP after reboot, rather i would say it just takes DHCP ip for installing the whole system :( | 19:38 |
koolhead17 | am trying to provision Oneiric :D | 19:39 |
Daviey | soren: BTW, if you have a better idea.. i'm all ears :) | 19:39 |
RoAkSoAx | koolhead17: right, so on installation it doesn't use the values you passed on the preseed but rather it used DHCP? | 19:39 |
koolhead17 | RoAkSoAx: yes | 19:39 |
RoAkSoAx | koolhead17: so when you reboot, it does not have the network values you have specified | 19:39 |
koolhead17 | yes | 19:39 |
RoAkSoAx | koolhead17: that might be a problem of the installer, ping cjwatson | 19:40 |
RoAkSoAx | koolhead17: other thing you can do, is enable DHCP on cobbler, and set the values for the system, so you configure your network to obtain DHCP from the cobbler server | 19:40 |
koolhead17 | RoAkSoAx: yeah i tried that as well, inside cobbler system options, even it fails | 19:41 |
* koolhead17 pokes cjwatson: | 19:41 | |
RoAkSoAx | koolhead17: it shouldn;t fail, I have it working | 19:41 |
Daviey | soren: So that patch does work, when using the standard os for read()'ing the file. | 19:41 |
RoAkSoAx | koolhead17: I'd recommend you use dnsmasq | 19:42 |
RoAkSoAx | sudo vim /etc/cobbler/modules.conf and enable DHCP | 19:42 |
RoAkSoAx | for dnsmasq | 19:42 |
RoAkSoAx | and then in /etc/cobbler/settings | 19:42 |
RoAkSoAx | koolhead17: then on a system add an interface with MAC, IP address etc | 19:42 |
koolhead17 | RoAkSoAx: i have currently dhcp server whose configuration file is fetched via cobbler only. | 19:43 |
koolhead17 | also if i have a configuration in my profile and am using that with my system, will cobbler overwrite the parameters of that profile for my syste? | 19:44 |
koolhead17 | *system | 19:44 |
koolhead17 | RoAkSoAx: am going to remove this configuration from my preseed and add everything in systems file as you suggested. | 19:45 |
Daviey | soren: I don't think it can be piped to rotatelog. The other option is logrotate, but that will react too slowly. ISTM that this is a cleaner solution. | 19:45 |
RoAkSoAx | koolhead17: the way how we are doing it in orchestra is enable dhcp on the cobbler server and add systems with the information we want the dchp server to provide | 19:45 |
Daviey | (Being a non-standard kernel module, would need to be opt-in) | 19:46 |
soren | Daviey: I don't know.. A kernel space solution seems wonky to me. | 19:46 |
koolhead17 | RoAkSoAx: ooh, you mean hard coding approach, everything handled by the DHCP server, as we often do in practise with print server in network? | 19:46 |
RoAkSoAx | koolhead17: right, but when iun a cobbler system you add the information for the network for that particular system, then cobbler handless DHCP automatically | 19:47 |
Daviey | soren: Other ideas? | 19:48 |
zul | gah | 19:48 |
Daviey | soren: The only other thing i can think of is polling the serial port.. ? | 19:49 |
soren | Daviey: Why don't you think rotatelogs will work? | 19:49 |
Daviey | soren: Can kvm et al pipe it's output? | 19:49 |
koolhead17 | RoAkSoAx: yes i will add ip/subnet/gateway in my systems for particular provision and at same time write the same in dhcp.conf (populated by cobbler) right? | 19:49 |
soren | Daviey: named pipe? | 19:49 |
Daviey | soren: So i looked at a FIFO first, but you can't limit the size? | 19:50 |
Daviey | and FIFO would block, unless it has something cat'ing it | 19:50 |
soren | Daviey: If we were to poll the serial port.. How would that work? I hope kvm wouldn't block waiting for us to read from its serial port buffer. | 19:50 |
Daviey | soren: Honestly, i don't know.. But i did look at using a FIFO first.. but that seems to have the same problems. | 19:50 |
soren | Daviey: Yeah, that's a fair point. killing rotatelogs would hang kvm => suck. | 19:51 |
RoAkSoAx | koolhead17: yes | 19:51 |
RoAkSoAx | koolhead17: though, bye default in orchestra we are using dnsmasq | 19:51 |
Daviey | soren: This emlog is essentially a fifo which is a ringbuffer. | 19:51 |
soren | erk. | 19:51 |
soren | rotatelogs isn't the way to go. | 19:51 |
soren | I forgot its semantics. | 19:51 |
uvirtbot | New bug: #832507 in nova "console.log grows indefinitely" [High,Confirmed] https://launchpad.net/bugs/832507 | 19:52 |
Daviey | soren: There is a userspace (perl) fifo ringer implementation, but that seemed much dirtier. | 19:52 |
soren | Daviey: Have you heard of vbuf? | 19:52 |
soren | (I hadn't) | 19:52 |
soren | Uses libvrb (which I also hadn't heard of) | 19:53 |
Daviey | soren: isn't that a circular char device? | 19:53 |
Daviey | as in, when it reaches the bottom it writes to the top? | 19:53 |
soren | I'll know in a few minutes. :) | 19:53 |
Daviey | heh, i've not used vbuf TBH.. but that was my memory. | 19:55 |
soren | At any rate, this isn't hard to solve entirely in userspace with a separate helper. | 19:55 |
soren | If we just want to solve our own problem, that is. | 19:55 |
soren | If we want to write a general-purpose ring-buffer thingamajig I imagine it'll get hairier quickly. | 19:56 |
soren | but.. | 19:56 |
soren | Hm. | 19:56 |
Daviey | well it's crazy we don't have something like this in stock kernel TBH. | 19:56 |
Daviey | soren: Looking at the man page for vbuf - looks like it would need a named pipe to use as input.. meaning you can still own the server. | 19:57 |
Daviey | p0wn? Wow, i struggle to keep up with the language. | 19:58 |
soren | Daviey: Let me see what libvirt can do.. | 20:00 |
Daviey | soren: tcp could work, that would mean it would need a listener to suck it in. | 20:04 |
Daviey | Hmm, unix socket would be cleaner and easier to track i suppose. | 20:05 |
soren | Daviey: Trying to work out how kvm would respond to a named pipe whose consumer went away. | 20:09 |
Daviey | soren: normally the consumer going away kills the push? | 20:10 |
Daviey | as in, when i tried this with cat /dev/random > fifo & ; cat fifo ; sleep 10s ; kill second cat, kills the first cat. | 20:11 |
soren | Yeah. | 20:11 |
RoAkSoAx | smoser: http://pastebin.ubuntu.com/677445/ | 20:14 |
RoAkSoAx | smoser: is the PPA stuff fixed? | 20:14 |
Daviey | RoAkSoAx: is that because the node doesn't have access to the keyserver? | 20:15 |
smoser | well that i just an update there. | 20:15 |
smoser | try re-running that command on the instance and see what happends | 20:15 |
RoAkSoAx | Daviey: that, but there was a recent change with python-software-properties that broke cloud-init too | 20:15 |
RoAkSoAx | smoser: but the stuff of importing PPA's is fixed? | 20:16 |
smoser | RoAkSoAx, it should have been. | 20:19 |
RoAkSoAx | smoser: ok cool thanks | 20:24 |
* RoAkSoAx will be back in half an hour | 20:24 | |
=== himcesjf1 is now known as himcesjf | ||
glebaron | I have a question about ubuntu 10.04 server with multipath drive arrays attached. http://paste.ubuntu.com/677378/ is my multipath listing. http://paste.ubuntu.com/677380/ is my ls -al from /dev/mapper/ | 20:30 |
glebaron | All is good until I reboot the server. When it comes back up, in /dev/mapper/ all of the mpathxp1's are missing. | 20:30 |
glebaron | Then the only way I can get them back is to run partprobe /dev/mapper/mpathx. | 20:30 |
glebaron | I am thinking that a reboot should not cause it to lose the partition maps. | 20:30 |
ppetraki | glebaron, so what's your /etc/multipath.conf look like? | 20:33 |
glebaron | ppetraki: http://paste.ubuntu.com/677457/ | 20:34 |
ppetraki | glebaron, have you rebuilt your initramfs since creating this file? | 20:37 |
ppetraki | glebaron, is multipath-tools-boot also installed? | 20:37 |
elz89 | Just wondered, is there something similar to "fpaste" in Fedora? | 20:39 |
Daviey | soren: cracked it! | 20:40 |
soren | Daviey: Cool! | 20:40 |
ppetraki | glebaron, two nits with your config file, 1) blacklisting sda isn't deterministic, you can blacklist by make/model instead | 20:40 |
Daviey | i'm not saying it is the best solution, but at least an option. | 20:40 |
ppetraki | glebaron, 2) change product "VTrak" => product "VTrak.*" | 20:41 |
ppetraki | glebaron, don't want to be the victim of some regexp ambiguity, even though it's working now | 20:42 |
glebaron | ppetraki: thanks for tips. | 20:42 |
glebaron | I am not only one working on this server, so I will answer to the best of my knowledge. | 20:42 |
ppetraki | glebaron, if you have -boot installed, multipath is run in the initramfs, against the config file, which should create all your maps | 20:42 |
ppetraki | glebaron, np | 20:42 |
ppetraki | glebaron, if you're *not* booting from SAN *and* these maps aren't being created, that's an interesting problem | 20:43 |
glebaron | ppetraki: -boot is installed and intramfs has been updated recently. | 20:43 |
yakster | hello everybody! anyone here know how to make apache case insensitive… | 20:43 |
glebaron | ppetraki: but we are booting from local disk and not san. | 20:44 |
yakster | say www.GOOGLE.com or GoOGle.com will redirect to a local page like www.Google.com btw, this is the when listing for external web request | 20:44 |
yakster | I hope that I explained that correctly.. | 20:45 |
ppetraki | glebaron, so those udev rules should have been run when the block devices were added initially. | 20:45 |
ppetraki | glebaron, something went wrong | 20:45 |
ppetraki | glebaron, you should be able to run 'multipath -v0' to create new paths. For example, multipath -F, will clear all unused paths, and multipath -v0 should recreate them | 20:46 |
ppetraki | glebaron, what version of ubuntu is this? | 20:47 |
glebaron | ppetraki: 10.04 Server 64-bit | 20:47 |
yakster | anyone know how to make apache case insensitive? | 20:49 |
TheEvilPhoenix | yakster: it inherits the restrictions of Linux | 20:50 |
koolhead17 | RoAkSoAx: not tried dnsmasq before, currently working on some automation. will read up on it. | 20:50 |
TheEvilPhoenix | Linux is case sensitive | 20:50 |
yakster | correct… | 20:50 |
TheEvilPhoenix | yakster: therefore, Apache is case sensitive | 20:50 |
yakster | I understand that…. | 20:50 |
TheEvilPhoenix | there's no real method to change that | 20:50 |
soren | Err.. | 20:50 |
soren | there is. | 20:50 |
soren | http://httpd.apache.org/docs/current/mod/mod_speling.html | 20:51 |
glebaron | ppetraki: thanks so much for input. Things already looking a lot better. | 20:51 |
yakster | but say I have a webpage, and the what that it was posted is…. http://MySite.dyndns.info/Welcome.html and my dad, being the super smart guy he is, just types in http://mysite.dyndns.info/WELCOME.HTML he is going to get a 404 error, page not found… | 20:51 |
TheEvilPhoenix | soren: orly? *checks* | 20:51 |
TheEvilPhoenix | soren: is it in the repos? | 20:51 |
ppetraki | glebaron, here's an example of make/model blacklisting: http://lists.alioth.debian.org/pipermail/pkg-lvm-maintainers/2010-May/002910.html | 20:52 |
ppetraki | glebaron, lsscsi is your friend | 20:52 |
glebaron | ppetraki: Will have to wait for a day or so to reboot and see if it's fixed for good. | 20:52 |
ppetraki | glebaron, I understand, what interconnect are you using? SAS? | 20:52 |
yakster | ok, that is great if I have an illiterate person accessing my site, but not for one who likes to type in proper case text. | 20:53 |
koolhead17 | soren: ping | 20:54 |
soren | TheEvilPhoenix: Sure. | 20:54 |
koolhead17 | RoAkSoAx: thanks. i will update you about development tomorrow. :) | 20:54 |
soren | TheEvilPhoenix: in apache2.2-bin, even. | 20:54 |
smoser | RoAkSoAx, http://paste.ubuntu.com/677474/ | 20:54 |
soren | koolhead17: What's up? | 20:54 |
smoser | that is output of an oneiirci instance with cloud-config from http://paste.ubuntu.com/677475/ | 20:55 |
=== mrmist is now known as evilmrmist | ||
smoser | so it seems its working to me. | 20:55 |
glebaron | ppetraki, I do not know about interconnect. Promise unit is SATA disks direct connected via fiber. I inherited it already hooked up. Is there an easy way to find out? | 20:55 |
hallyn | jdstrand: hi - in the qrt, the libvirt testsuite help starts with | 20:56 |
hallyn | USAGE: *** DEPRECATED *** | 20:56 |
ppetraki | glebaron, yeah, its SAS, it can support either, I looked it up | 20:56 |
hallyn | I don't understnad. what is deprecated? | 20:56 |
yakster | ok, how do i enable that mod spelling | 20:56 |
koolhead17 | soren: doing great. need your mail id. working on jenkins/open stack automation might need your help on that. | 20:56 |
TheEvilPhoenix | soren: how do i activate that module? | 20:56 |
jdstrand | hallyn: let me look | 20:57 |
soren | TheEvilPhoenix: sudo a2enmod speling, presumably. | 20:58 |
soren | koolhead17: soren@openstack.org | 20:58 |
koolhead17 | soren: thanks :D | 20:58 |
jdstrand | hallyn: can you paste with the command? | 20:58 |
jdstrand | soren: dude! | 20:59 |
ppetraki | glebaron, make sure you update the initramfs to reflect your new changes before you reboot. If you continue to have problems we'll have to dig into debugging starting with why the udev rules didn't have the desired impact | 20:59 |
* koolhead17 needs to dig deep inside jenkins now :D | 20:59 | |
hallyn | jdstrand: doh! I was looking at the libvirt-aa-secdriver.sh | 21:00 |
hallyn | Recon I don't need to be running that by hand :) | 21:00 |
jdstrand | hallyn: oh yes, don't use that :) | 21:00 |
soren | jdstrand: Dude, indeed! | 21:00 |
glebaron | ppetraki, thanks. I am already understanding much better. I will update initramfs and reboot soon. If that doesn't work, I will be back with more questions! | 21:01 |
ppetraki | glebaron, :) | 21:01 |
jdstrand | hallyn: that has all be converted over anyway to test-libvirt.py anyway | 21:01 |
yakster | nope that didn't work… | 21:01 |
jdstrand | soren: :) | 21:01 |
yakster | just tried it, and it dosent even remotely work.. | 21:05 |
yakster | hello? | 21:06 |
yakster | quiet all the sudden | 21:08 |
Daviey | hallyn: nice fix on the qemu-kvm package. | 21:13 |
Daviey | hallyn: FYI qemu-kvm 0.15 final just hit experimental. | 21:16 |
Daviey | smoser: BTW, i had a kernel panic rebooting an instance earlier. | 21:18 |
=== evilmrmist is now known as netralmrmist | ||
=== netralmrmist is now known as neutralmrmist | ||
Daviey | smoser: It *might* have been my fault, but mentioning it JIC http://pb.daviey.com/KKOF/ | 21:19 |
hallyn | Daviey: on qemu-kvm 0.15... anything more i can do to help that along? | 21:33 |
=== neutralmrmist is now known as mrmist | ||
Daviey | hallyn: I think we really need to open that issue post b1. | 21:42 |
Daviey | I really don't want to screw b1 if it turns ut bad. | 21:43 |
Daviey | out* | 21:43 |
hallyn | Daviey: ok | 21:48 |
CluelessPerson | hey | 22:12 |
CluelessPerson | for some reason samba suddenly stopped working | 22:12 |
CluelessPerson | my server still shows up on the network | 22:13 |
CluelessPerson | but when I try to connect from my windows netbook, it tells me there's no anser/connection | 22:13 |
=== Robinux is now known as sw0rdfish | ||
Daviey | Who wants to earn a gold star? | 22:29 |
Daviey | Someone fixing bug #837049 would make me very happy! | 22:30 |
uvirtbot | Launchpad bug 837049 in php5 "php5 FTBFS (amd64 only)" [High,Confirmed] https://launchpad.net/bugs/837049 | 22:30 |
arrrghhh | hey all | 22:42 |
arrrghhh | i want to secure my server with ssh key auth instead of password auth | 22:43 |
uvirtbot | New bug: #837049 in php5 (main) "php5 FTBFS (amd64 only)" [High,Confirmed] https://launchpad.net/bugs/837049 | 22:43 |
arrrghhh | my only issue is adding all of the machines i need before disabling password auth - should i just reuse the same key for all machines? what do i do for mixed environments? some of the machines accessing the server are linux, some are windows.... | 22:43 |
glebaron | arrrghhh: it's a per-user thing. Each user has their own private key on their machine, and their public key is installed on their servers in user accounts that you want them to have access to. | 22:45 |
glebaron | *your servers* | 22:45 |
arrrghhh | yes | 22:46 |
arrrghhh | well this is one server | 22:46 |
arrrghhh | and i am always the client machine | 22:46 |
arrrghhh | but i have many clients | 22:46 |
arrrghhh | cell phone, work PC, home laptop (win&lin) | 22:46 |
arrrghhh | then i run into the issue of "other machines" | 22:46 |
glebaron | the private key has to be on each of those. | 22:46 |
arrrghhh | i rarely need to access my server from other machines, but what do i do when i run into a client that isn't setup? | 22:46 |
arrrghhh | ok so you'd recommend i get all the keys setup, then disable pass-based auth? | 22:47 |
glebaron | just copy the private key to that machine. | 22:47 |
glebaron | yes. | 22:47 |
arrrghhh | ok | 22:47 |
arrrghhh | i guess copying the private key seems difficult across platforms | 22:47 |
arrrghhh | private keys for putty don't seem compatible with linux and visa-versa... no? | 22:47 |
glebaron | they work. | 22:47 |
glebaron | It's not optimal. | 22:48 |
arrrghhh | i remember them not working. or perhaps i didn't know how to get it to work? | 22:48 |
arrrghhh | ok | 22:48 |
arrrghhh | so i should have a ppk for putty for windows clients, and another key for linux perhaps? | 22:48 |
glebaron | yes. | 22:48 |
glebaron | we have windows users using putty ppk on their windows machines | 22:49 |
glebaron | and connecting to linux servers. | 22:49 |
glebaron | and we have linux/mac users using regular ssh keys. | 22:49 |
glebaron | but we don | 22:49 |
glebaron | t | 22:49 |
glebaron | normally put putty keys on any client other than windows. | 22:50 |
arrrghhh | ah | 22:50 |
arrrghhh | ok | 22:50 |
arrrghhh | i think that was my problem | 22:50 |
arrrghhh | last time i was trying to have one key for all clients | 22:50 |
arrrghhh | and i ran into issues trying to get putty to work with linux priv key, or visa-versa. | 22:51 |
arrrghhh | thanks | 22:51 |
glebaron | :) | 22:51 |
arrrghhh | crap glebaron left. | 23:23 |
arrrghhh | how do i transfer the client key to the host from Windows/putty...? | 23:24 |
arrrghhh | crap | 23:30 |
qman__ | ssh-copy-id makes it easy on linux, but it's as simple as putting the public key into ~/.ssh/authorized_keys on the server | 23:37 |
qman__ | just ssh in, edit that file, and copy/paste | 23:38 |
qman__ | arrrghhh, ^ | 23:38 |
arrrghhh | oh | 23:38 |
arrrghhh | ok | 23:38 |
arrrghhh | qman__, i don't have an authorized_keys file in .ssh... | 23:39 |
arrrghhh | would it be in /etc? | 23:39 |
qman__ | no | 23:39 |
qman__ | the file doesn't exist until at least one key is put there | 23:39 |
qman__ | create it | 23:39 |
arrrghhh | heh | 23:39 |
arrrghhh | ok | 23:39 |
qman__ | the permissions also have to be right | 23:40 |
qman__ | 600 IIRC | 23:40 |
arrrghhh | 700 actually i think | 23:40 |
qman__ | 600 on mine | 23:40 |
arrrghhh | hrm | 23:40 |
qman__ | 700 would be executable | 23:40 |
qman__ | no need to execute keys | 23:40 |
arrrghhh | yea that's true. | 23:40 |
arrrghhh | ubuntu guide said 700 | 23:40 |
qman__ | folder should be 700 | 23:40 |
qman__ | file should be 600 | 23:40 |
arrrghhh | oic | 23:40 |
arrrghhh | makes sense | 23:41 |
arrrghhh | so i can just take the ppk file | 23:41 |
arrrghhh | and paste the "private-lines" into an authorized_key file..? | 23:41 |
qman__ | no | 23:42 |
qman__ | public key | 23:42 |
qman__ | not the private key | 23:42 |
arrrghhh | ah right | 23:42 |
arrrghhh | private key is client only | 23:42 |
qman__ | private key goes to the connecting client | 23:42 |
arrrghhh | server refused our key | 23:43 |
arrrghhh | heh | 23:44 |
=== medberry is now known as med_out | ||
arrrghhh | all i did was paste the public key in | 23:44 |
arrrghhh | and took all the end keys out | 23:44 |
arrrghhh | so it's one long line... | 23:44 |
qman__ | that's correct | 23:44 |
arrrghhh | hrm | 23:44 |
qman__ | each public key you want to allow connections from, goes on one line in the file | 23:44 |
arrrghhh | ok | 23:45 |
arrrghhh | anything else on that line? | 23:45 |
qman__ | nope | 23:45 |
arrrghhh | just the jibberish that involves the public key? | 23:45 |
arrrghhh | hum | 23:45 |
arrrghhh | why would the server refuse my key then? | 23:45 |
qman__ | like this | 23:45 |
arrrghhh | oh key based auth might not be enabled. | 23:45 |
qman__ | ssh-rsa AAAAB....8= ryan@amdk6 | 23:45 |
arrrghhh | oh | 23:45 |
arrrghhh | i didn't have the ssh-rsa | 23:46 |
arrrghhh | or the machine @ the end | 23:46 |
qman__ | ssh-rsa at the front, description at the back | 23:46 |
qman__ | it can be anything, mine happens to be user@host | 23:46 |
arrrghhh | ah, and my authorized_keys is in /etc for some reason. | 23:46 |
qman__ | yes, but that's machine wide | 23:46 |
arrrghhh | hrm | 23:46 |
arrrghhh | ok | 23:46 |
qman__ | I assume you don't want to allow connections as any user on the machine from your key | 23:46 |
arrrghhh | no | 23:46 |
arrrghhh | i only have this one user, but still no :P | 23:47 |
qman__ | a default install has over 20 users | 23:47 |
arrrghhh | yea | 23:47 |
arrrghhh | well | 23:47 |
arrrghhh | i've only created one user | 23:47 |
arrrghhh | so what do i put in for the machine @ the end | 23:48 |
arrrghhh | doesn't matter? | 23:48 |
arrrghhh | cuz it's still rejecting my key. | 23:48 |
qman__ | can be anything, it's just a description field | 23:48 |
arrrghhh | so why else would the server refuse my key? | 23:49 |
qman__ | plenty of possible reasons | 23:50 |
arrrghhh | heh | 23:50 |
qman__ | I'd check /var/log/auth.log | 23:50 |
arrrghhh | k | 23:50 |
qman__ | see if it says why | 23:50 |
arrrghhh | i see accepted passwords | 23:51 |
arrrghhh | but no 'rejections' or anything similar from sshd | 23:51 |
arrrghhh | how can i tell that it's pulling from this authorized_keys file...? | 23:52 |
arrrghhh | ah | 23:54 |
arrrghhh | it is pulling from /etc/.ssh/authorized_keys | 23:54 |
arrrghhh | so should i change that in the sshd_config...? | 23:54 |
qman__ | looks like your home directory isn't set up right | 23:54 |
qman__ | what does cd ~ do? | 23:54 |
arrrghhh | puts me at the user@nas:~$ prompt | 23:55 |
qman__ | pwd | 23:55 |
qman__ | there | 23:55 |
arrrghhh | /home/user | 23:55 |
qman__ | did you set encrypted home directories? | 23:55 |
arrrghhh | nope | 23:55 |
qman__ | and the file you created is /home/user/.ssh/authorized_keys | 23:56 |
arrrghhh | yes | 23:56 |
qman__ | and /home/user/.ssh is chmod 700 | 23:56 |
qman__ | and /home/user/.ssh/authorized_keys is chmod 600 | 23:56 |
arrrghhh | drwx------ 2 user user 4096 2011-08-29 17:42 .ssh | 23:56 |
arrrghhh | er i don't think auth_keys is 600 hold on | 23:57 |
arrrghhh | k it's 600 now | 23:58 |
arrrghhh | and i still get server refused our key | 23:58 |
arrrghhh | (i removed the /etc/.ssh directory) | 23:58 |
arrrghhh | so this line | 23:58 |
arrrghhh | AuthorizedKeysFile /etc/.ssh/authorized_keys | 23:58 |
arrrghhh | in my sshd_config | 23:58 |
arrrghhh | doesn't matter..? | 23:58 |
arrrghhh | i shouldn't change that? | 23:58 |
qman__ | mine doesn't have that line | 23:59 |
qman__ | try commenting it out and restarting sshd | 23:59 |
arrrghhh | k | 23:59 |
arrrghhh | lol | 23:59 |
arrrghhh | i recall vaguely doing that. i wish i knew why. | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!