[00:00] <qman__> then consider this an important lesson in system administration -- before you change something, take note/save a copy of the old setting
[00:00] <multiHYP> oh its messy
[00:00] <multiHYP> i didn't know ufw existed even :(
[00:01] <multiHYP> out of security concerns rushed it
[00:01] <qman__> a rush job is never secure
[00:01] <multiHYP> is it harmful to just remove those iptables rule files?
[00:02] <qman__> save a copy and try it to find out
[00:03] <multiHYP> this is big responsibility even for my own little things
[00:03] <multiHYP> :S
[00:03] <multiHYP> like being a guard at the door of a bank or something
[00:05] <qman__> as previously mentioned, ubuntu is secure by default, you should take your time when installing packages and pay attention to the changes you make, as that's where most systems' points of failure are
[00:06] <qman__> unless you use a really poor password, even the default SSH is reasonably secure
[00:07] <qman__> think about it this way, who do you trust to be better at security
[00:07] <qman__> random blogger posting guides on the internet, or the package maintainers
[00:12] <multiHYP> wow, im glad rm * didn't remove the .files
[00:12] <multiHYP> i was in my ~ directory and wanted to remove those temporary iptables files and used rm *
[00:13] <multiHYP> no way, i am trying to learn these for myself, so that if something goes wrong i can rectify the situation, i keep things well documented :D
[00:14] <multiHYP> cannot remove my vm and recreate a brand new one. and keeping backups is expensive. at least for now not worth backing up
[00:33] <multiHYP> why is my ubuntu not having aptitude and what is interpid…?
[00:35] <Pici> multiHYP: er, what do you mean?
[00:36] <multiHYP> sudo aptitude install nginx
[00:36] <multiHYP> sudo: aptitude: command not found
[00:36] <multiHYP> am i supposed to install aptitude via apt-get and then use it to install nginx?
[00:37] <Pici> aptitude is just another apt frontend, you can us either to install nginx.
[00:37] <multiHYP> no, nginx doesn't work with apt-get at all
[00:37] <multiHYP> oh wait it did
[00:38] <multiHYP> then it wasn't working with brew on mac
[00:38] <multiHYP> im mixing everything up now
[00:38] <multiHYP> sorry
[00:38] <Pici> its okay, I'm only slightly confused.
[00:43] <tiphares> how to benchmark a server through a shell?
[00:43] <tiphares> like CPU/ram etc
[00:49] <JRWR> I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/hkZung2p
[00:50] <multiHYP> ldap on mac lion has a huge bug
[00:50] <multiHYP> be careful
[00:51] <JRWR> ubuntu all the way
[00:51] <multiHYP> is it possible to set nginx to autostart on startup
[00:51] <multiHYP> ?
[00:51] <multiHYP> JRWR: yep, ubuntu is most solid and hassle free
[00:51] <JRWR> multiHYP: uing init scripts, yes
[00:52] <multiHYP> how?
[00:52] <JRWR> multiHYP: also I am a total ldap newbie
[00:52] <JRWR> updaterc.d (I think) go google it :)
[00:52] <multiHYP> i tried using it, but didn't need it really, unless you are in a corporate or something
[00:52] <JRWR> large project
[00:52] <JRWR> 100 people authing into 40 differnt programs
[00:58] <multiHYP> wow, yeah ldap might be handy :D
[01:16] <multiHYP> whats the advantage of running ntp all the time?
[01:18] <twb> multiHYP: that your clock stays correct.
[01:27] <multiHYP> why is apt-get remove --purge not cleaning my os from the installed application?
[01:27] <multiHYP> i used apt-get install to setup it up anyway...
[01:38] <twb> I don't understand the question.
[01:38] <twb> multiHYP: what application?  That is, what package name?
[01:39] <multiHYP> i installed nginx with apt-get and tried to uninstall it, but things about nginx are still on my system
[01:39] <twb> What do you mean "things about nginx" ?
[01:39] <multiHYP> apart from having only 0.8.54 on apt-get repository where the latest is 1.0.6, it cannot be removed cleanly as expected.
[01:39] <multiHYP> files and folders
[01:40] <multiHYP> basically apt-get remove nginx --purge doesn't do what it supposed to on ubuntu 11.04
[01:40] <multiHYP> :o
[01:41] <twb> pastebin the output of "dpkg -l '*nginx*'"
[01:41] <pmatulis> multiHYP: what is this ldap lion bug?
[01:41] <multiHYP> you can login as anybody, as soon as you have the public settings
[01:41] <multiHYP> i don't know exactly but its a major embarrassment.
[01:42] <pmatulis> multiHYP: so ldap server on lion then?
[01:42] <multiHYP> pmatulis: not sure ldap server or just ldap, but yes the bug is related to os x lion implementation.
[01:43] <twb> multiHYP: uh, you got a CVE reference for that?
[01:43] <multiHYP> http://pastebin.com/ujMtyDby
[01:43] <multiHYP> what is CVE?
[01:43] <twb> !MITRE
[01:43] <twb> !CVE
[01:44] <twb> Ugh, why can't ubottu just have all of dpkg bot's info entries.
[01:44] <twb> multiHYP: MITRE CVEs are a central reference point for vulnerabilities, irrespective of the project they occur in
[01:44] <multiHYP> are those applications too?
[01:45] <multiHYP> still unclear
[01:45] <twb> http://cve.mitre.org
[01:45] <twb> As to your nginx issue, when you ask for a package to be installed, it pulls in all dependencies.  When you ask for a package to be removed, it doesn't (by default) remove obsolete dependencies.
[01:46] <multiHYP> so --purge supposed to clean though
[01:46] <twb> multiHYP: what has happened is you asked for nginx, which has pulled in nginx-full (the real program) and nginx-common (the support files), and these have not been removed by your attempt to purge "nginx", which only removed the wrapper package.
[01:46] <multiHYP> someone tested the same thing on debian
[01:46] <multiHYP> and it worked!
[01:46] <multiHYP> oh
[01:46] <twb> multiHYP: on an older system, nginx was not simply a wrapper for nginx-full.
[01:47] <twb> You probably want to look into "apt-get autoremove"
[01:47] <twb> "purge" is the same as "remove", except that it also removes config files.  Remove will remove everything *but* the config files, but only of the packages you explicitly list.
[01:48] <multiHYP> how can i make sure that its now gone for good?
[01:52] <twb> multiHYP: purge the relevant packages
[01:52] <multiHYP> i did, i did autoremove evne
[01:53] <multiHYP> these are the main ones remaining: http://pastebin.com/sGUwrXMW
[01:56] <multiHYP> removed them manually
[01:56] <multiHYP> what a pain, is apache as bad as nginx?
[01:58] <warning123> hi all i have connected to my server through ssh , i started a game server and it had terminal showing me the live processing... but then after ssh disconnected when i relogged in , im back to root , how can i check that live processing again , i dont want to open the same process i want to go back to that window
[01:59] <blsh0p> what is ubuntu server?
[02:00] <KoolaidJunkie> Its used to run web server, game server, etc
[02:00] <warning123> blsh0p, http://en.wikipedia.org/wiki/Server_(computing)
[02:00] <KoolaidJunkie> Or click that. lol
[02:01] <KoolaidJunkie> I need some help with DDCLIENT. Im trying to update my IP with DynamicDNS service. But its sending my local ip (the one behind the router) instead of my external ip
[02:02] <twb> KoolaidJunkie: you need to run ddclient on the host that has the public IP address, i.e. the one doing PPPoE or PPPoA.
[02:02] <twb> KoolaidJunkie: if this is not possible, you need to find some what for ddclient to learn that address
[02:04] <twb> multiHYP: what depends what you mean by "bad".
[02:04] <KoolaidJunkie> twb: how can I make DDCLIENT learn that address. Ubuntu Server is running on a Desktop PC hardwired to the router.
[02:05] <twb> I don't know.
[02:05] <multiHYP> well, hard to remove things and reverse to a previous (before installation) state.
[02:05] <warning123> KoolaidJunkie, < are u connected > to a < router > then < another router > = then > internet < ? , or 1 router to the internet? if 1 router then activate DMZ on the computer with DDCLIENT to allow it to be the DHCP -CEO which is like connecting from you to the WAN ( internet ) .
[02:06]  * twb thinks: I should stop being so helpful, this channel is getting to be as bad as #ubuntu...
[02:06] <KoolaidJunkie> warning123, there is only 1 router. and the computer running Ubuntu Server is hardwired to the LAN1 port
[02:07] <twb> KoolaidJunkie: I usually address it by putting Ubuntu on the router
[02:08] <KoolaidJunkie> I don't think ubuntu will run the router. if it can I have no clue how to flash it to it
[02:09] <twb> KoolaidJunkie: right; you would probably need a new router and a new ADSL modem or ATM card.
[02:09] <twb> KoolaidJunkie: the other approach, of course, is to get a static IP from your ISP.
[02:09] <KoolaidJunkie> Yeah, thats a little extreme when all I want to do is run a Teamspeak Server
[02:10] <twb> Shrug.
[02:13] <warning123> KoolaidJunkie, does ur router have Dyndns functionality ? if not try editing DDCLIENT to be able to read ur WAN ip and not local , im guessing u will need it to check online and not locally
[02:13] <twb> !u
[02:15] <warning123> ubottu, thanks
[02:16] <KoolaidJunkie> warning123, I set DMZ in router. How should I config DDCLIENT now?
[02:20] <JRWR> I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/yMVVKN5W
[02:23] <warning123> KoolaidJunkie, /etc/ddclient.conf file
[02:25] <KoolaidJunkie> warning123, thanx. i got it now. by changing to use=web, web=dyndns its pulls the external ip
[02:26] <warning123> KoolaidJunkie, np
[03:16] <Dravekx> hi
[03:16] <Dravekx> anyone good with LAMP and ssl certs on ubuntu server?
[03:27] <twb> !anyone
[03:28] <Dravekx> I have LAMP installed on Ubuntu Server  11 and Im trying to install an SSL cert, but not sure exactly where it goes?
[03:32] <delerium_> might help: https://help.ubuntu.com/8.04/serverguide/C/httpd.html
[03:40] <Dravekx> yeah reading that.
[03:41] <delerium_> Also depends if you want to use a self sign or a certificate signed by a vendor (verisign, entrust, etc,etc)
[03:42] <Dravekx> vendor. already have the cert. need to install it.
[03:42] <delerium_> and I guess it's for Apache. right^
[03:42] <Dravekx> yeah. I just did the request.
[03:43] <Dravekx> one page says to keep them together in /etc/ssl and the other says to put them in the /certs and /private directory. I'm not sure what is correct.
[03:43] <Dravekx> I guess it doesnt matter as long as the links are correct.
[03:44] <delerium_> I think they can be in wathever path you put in your .conf file (honestly, I never install cert on Apache, only on Netscape / IHS / WAS).  But it should be pretty similar
[03:45] <twb> Dravekx: read the version appropriate to your install verison -- not necessarily 8.04
[03:45] <delerium_> twb: yeah. my bad on this
[04:21] <Dravekx> here's two directories: sites-enabled and sites-available. one has default and default-ssl, and the other has 000-default. Everything is running from 000-default. how do I enable both the default and the default-ssl?
[04:22] <Dravekx> I need the default for port 80 /var/www and the ssl for port 443 /var/www-ssl
[04:23] <qman__> Dravekx, sudo a2ensite sitename
[04:24] <Dravekx> qman__ ahh right.
[04:24] <qman__> then reload or restart apache
[04:25] <twb> The reason it's 000-default is simply because apache has no concept of "default" -- the vhost it defaults to is the first one in the config file
[04:26] <Dravekx> twb if I need default and default-ssl running, would I made one configuration file for both, or keep them separate?
[04:27] <multiHYP> where is the standard place to install stuff in ubuntu? i have admin privileges but as a normal user where should i install my stuff such as webserver and other applications…?
[04:27] <twb> everything in -enabled is considered part of "the" config file
[04:28] <qman__> multiHYP, normal users don't install web servers or applications
[04:28] <qman__> normal users use the applications
[04:28] <multiHYP> ok so this is an admin thing, then i need to know for both, admin as well as normal user application ilocations.
[04:29] <qman__> the standard process is to use apt-get, or at the very least, dpkg to install software
[04:29] <qman__> compiling from source and manually installing is not recommended
[04:29] <multiHYP> but some packages aren't available or as up to date as one hopes via those methods.
[04:29] <twb> The way normal users get packages installed, is to call the sysadmin and beg him to install it
[04:29] <qman__> if you must compile from source, you should build a .deb package and install it
[04:30] <multiHYP> how is that done? i thought .deb was for debian only.
[04:30] <qman__> ubuntu is built from debian, and uses debian's package management system
[04:30] <qman__> don't take that to mean you can install debian packages on ubuntu, the dependency tree is different
[04:30] <multiHYP> oh so why use ubuntu instead of debian anyway?
[04:31] <twb> Because Debian is less forgiving of idiots.
[04:31] <multiHYP> i thought ubuntu would make things easier than so many other kinds of linux distros
[04:31] <qman__> it's a matter of user preference
[04:31] <qman__> as is almost any choice of distribution
[04:32] <multiHYP> so okay this seems like a solid idea actually, i get the .tar.gz and make a .deb package out of it for install/deinstall and remove the .tar.gz
[04:32] <multiHYP> so later i can reuse the .deb package
[04:32] <qman__> the point of packaging a manual compile is so that it can be easily removed from the system later
[04:33] <multiHYP> yes, its exactly what i need too. had a hard time manually removing a bad pkg with different dependencies...
[04:34] <qman__> again, compiling manually should be a last resort
[04:34] <qman__> you lose a lot of benefits
[04:34] <multiHYP> i know, there is no .deb package for this application
[04:35] <twb> multiHYP: you should be asking yourself "do I really need this package?"
[04:35] <multiHYP> at least this version of the application, also the one i got through apt-get was a bad package, because it wasn't removed cleanly afterwards
[04:35] <qman__> incorrect
[04:35] <qman__> you simply did not remove all the packages it depended on
[04:36] <multiHYP> well i didn't know that was possible
[04:36] <multiHYP> i didn't know it was depending on anything actually
[04:36] <qman__> when you install software it informs you of everything which is being installed
[04:36] <qman__> this includes dependencies and recommends by default
[04:36] <multiHYP> hence, i thought by removing it would know that by itself. kind of counter intuitive, don't you think?
[04:37] <qman__> you installed a meta package
[04:37] <qman__> meta packages don't actually contain software, they're just there to make it easy to install a set of packages
[04:37] <qman__> for example, linux-image
[04:37] <multiHYP> how to identify meta packages?
[04:37] <qman__> this is a meta package which gets you the latest kernel packages
[04:37] <qman__> look at the dependencies of a package
[04:37] <qman__> it will tell you what it installs to do what you told it
[04:41] <multiHYP> i didn't even have apt-rdepends :D
[04:42] <multiHYP> they might as well give the kernel.h file and let me figure out the rest of it...
[04:43] <multiHYP> i guess im better off using the older 0.8.54 version that is available via apt-get. its at least the standard way of doing things...
[04:44] <multiHYP> i mean there is no nginx-1.0.6.deb or something like that.
[04:45] <multiHYP> which brings me to what i was going to do, either make a .deb out of source or install the old version.
[04:46] <multiHYP> why is not a single user creating a .deb for that if that is the way things should work? nginx is very popular.
[04:46] <qman__> for security and maintenance reasons
[04:47] <qman__> each release of ubuntu sticks with a certain major version of a package
[04:47] <twb> multiHYP: 1.0.5 is packaged as a .deb, but it is not in your release, because new versions = new bugs.  Ref. http://paste.debian.net/128442/
[04:47] <qman__> the version you have released when 0.8 was considered stable and production ready
[04:47] <qman__> so only updates to 0.8 are available in the normal channels for that release
[04:48] <multiHYP> so it is even encouraged that i should stick to that because its best for my os
[04:48] <qman__> bugfixes and features can also be backported to older versions, and the packages look like software1.2-ubuntu3 in those cases
[04:49] <multiHYP> how is the removal of such meta packages possible without accidentally removing a common dependency that i don't want to remove?
[04:49] <multiHYP> do i have to manually keep a list on paper that checks for packages and their corresponding dependencies?
[04:49] <qman__> unless there is a very compelling reason to use a different version, such as a dealbreaking feature or fix, you should stick with the version available in the repositories
[04:49] <qman__> that's what apt-get autoremove is for
[04:50] <qman__> it removes packages which were installed only as dependencies, but the packages that depended on them are gone
[04:50] <qman__> however, if you manually install a package that was installed as a dependency later, it will be marked as one you wanted and won't be removed by this
[04:51] <multiHYP> ok
[04:51] <qman__> example, if you install nginx, then later install nginx-common, then uninstall nginx, then autoremove
[04:52] <qman__> nginx-common would stick around, as would its dependencies
[04:52] <qman__> because you marked it as one you want
[04:52] <multiHYP> because i installed it separately?
[04:52] <multiHYP> ok i see
[04:53] <multiHYP> so is this correct if i follow the standard procedure: sudo apt-get autoremove nginx :to remove nginx and all its dependencies?
[04:53] <qman__> no
[04:53] <qman__> just 'sudo apt-get autoremove'
[04:53] <qman__> removes all orphaned dependencies from the system
[04:54] <multiHYP> ok, see i saw that line on a website and was about to try it out, there are so much mis-information online ...
[04:59] <multiHYP> i believe i messed things up during my manual removal process, can i force reinstall something with apt-get again?
[05:02] <qman__> you can apt-get install --reinstall
[05:02] <qman__> but you need to make sure you get the right package
[05:03] <qman__> reinstalling one package won't affect the dependencies
[05:04] <multiHYP> something doesn't work anymore, i did that yeah. the installation appears to be successful after that but the binary is missing...
[05:04] <multiHYP> :(
[05:22] <Dravekx> how do I get bash aliases to work for a specific user? I set with alias command="" but it's not working.
[05:22] <Dravekx> oh wait. maybe I need to load screen first.
[06:36] <KoolaidJunkie> Could someone help with a External IP issue? I'm unable to access the server from outside the network, through the External IP
[08:31] <multiHYP> hi, is there a command i could use as root to set the sshd_config parameter to allow login via passowrd?
[08:42] <ersi> Yeah, vim /etc/sshd/sshd_config >_>
[09:15] <jamespage> Daviey: I've not actually managed to get a successful PPA build of the new version of jenkins as yet - not due to the issue you found - but due to some other dep changes I had in the PPA
[09:16] <jamespage> however I did successfully sbuild it on a headless server  - so I really don't understand why your pbuild failed...
[09:17] <Daviey> jamespage: So it failed to build in a PPA?
[09:17] <Daviey> I didn't check back after the 2 hours*
[09:17] <Daviey>  * where 2 hours was probably 10.
[09:17] <jamespage> it was more like 10
[09:17] <jamespage> The PPA I did the test build in contained the new version of jtidy (waiting for ack on FFE for that)
[09:17] <jamespage> which broke the build in a different way
[09:18] <Daviey> jamespage: Did you push to a different PPA /OR? did it at least get past the issue i thought i saw?
[09:18] <jamespage> Daviey: so I'm happy to hold this update back to fix that issue as well
[09:18] <jamespage> I have now pushed it to a different PPA
[09:18] <Daviey> Does it need to build against a newer jtidy?
[09:19] <jamespage> https://launchpad.net/~james-page/+archive/oneiric/+build/2766025
[09:19] <Daviey> Not that i can even pretend to know WTF jtidy is :)
[09:19] <Daviey> Start in 12 hours, seriously?
[09:19] <jamespage> :-)
[09:19] <jamespage> ;-(
[09:19] <jamespage> :-/
[09:20] <Daviey> ... and people wonder why we push untested stuff to the archive.
[09:20] <jamespage> yeah
[09:21] <jamespage> I should fix the jtidy upgrade issue as well - its not a code incompatibility - its just that the maven artifact moves so the build does not pick it up and fails
[09:21] <Daviey> ah
[09:22] <Daviey> well failing to build because of a dep, i'm less concerned about.
[09:22] <koolhead11> hi all
[09:22] <koolhead11> RoAkSoAx: hey there.
[09:22] <jamespage> Daviey: yes - but I still don't understand the test failure you saw
[09:23] <jamespage> I might repro you pbuilder environment to see if I can reproduce
[09:23] <jamespage> hi koolhead11
[09:23] <koolhead11> jamespage: hey there. need little help
[09:24] <koolhead11> the preseed example file is not providing much info to me for manual partitioning
[09:25] <koolhead11> https://help.ubuntu.com/8.04/installation-guide/example-preseed.txt
[09:25] <koolhead11> d-i partman-auto/expert_recipe string
[09:27] <koolhead11> http://paste.ubuntu.com/682443/
[09:27] <koolhead11> what is  64 512 300% linux-swap   ??
[09:27] <koolhead11> what is this 300%
[09:27] <koolhead11> ?
[09:28]  * jamespage looking
[09:28] <koolhead11> Daviey: hello sir
[09:29] <koolhead11> kim0: hey. :)
[09:32] <just-a-visitor> http://edwardpku.com/cun/2008/05/05/partman-auto-recipe-files/
[09:35] <koolhead11> just-a-visitor: awesome. thanks a lot. jamespage lemme read on the url. #awesome :D
[09:35] <Daviey> koolhead11: hello!
[09:35] <jamespage> thats one to bookmark
[09:36]  * jamespage struggling with ADSL upload killing my Internet performance today
[09:36] <koolhead11> Daviey: how have you been? :)
[09:36] <koolhead11> jamespage: just going to bookmark it now. :P
[09:36] <Daviey> just-a-visitor: that is a good example!
[09:37] <Daviey> koolhead11: Pretty gooooood!
[09:38] <just-a-visitor> I'd check the actual source code, since it seems to be quite dated. :-)
[09:48] <Daviey> rbasak: hello sir!
[09:48] <Daviey> How did you get on with qemu-system-arm, and the cloud image?
[09:50] <rbasak> Daviey: waiting to sync with utlemming!
[09:51] <rbasak> He found another option and went off to work on it
[09:51] <Daviey> rbasak: ah! nice.
[09:51] <Daviey> Sadly, he won't be around today
[09:52] <rbasak> hmm
[09:53] <Daviey> rbasak: I remember you sniffed bug 832507
[09:53] <Daviey> did you get an idea for a cleaner fix, than my non-ideal one?
[09:55] <rbasak> I haven't managed to figure out where exactly the console.log gets written out from
[09:55] <rbasak> I think it's in libvirt rather than qemu
[09:56] <rbasak> In which case I think libvirt should be enhanced to provide a ringbuffer option
[09:56] <soren> Daviey: I thought you said you found a solution for that one?
[09:57] <rbasak> Would you like me to carry on looking down this route?
[09:58] <Daviey> soren: Well my solution cannot be default, as it uses a non-mainline (or -dkms packaged) kernel module.
[09:59] <soren> Daviey: Oh, I thought you went down a different path. Ok.
[09:59] <Daviey> soren: I'm hessitant to maintain code i'm not familar with.
[09:59] <Daviey> soren: well rbasak seemed to think he'd be able to find a proper fix :)
[10:00] <Daviey> soren: The solution in the branch attached, 'works' - but i've not yet decided if to merge propose it.
[10:00] <Daviey> if all else fails, at least it's /something/.
[10:01] <rbasak> Daviey: OK I'll carry on then :)
[10:01] <Daviey> rbasak: That might be useful.. it's a pretty serious bug. :/
[10:16] <soren> Daviey: I think I have a much simpler solution.
[10:16] <soren> Daviey: Give me a couple of minutes to validate it.
[10:17] <Daviey> soren: You can't just say that.... need detail man!
[10:17] <Daviey> i'm sat on the edge of my chair awaiting detail.
[10:18]  * soren whistles innocently
[10:18] <soren> Yup.
[10:18] <soren> it works.
[10:19] <soren> If we tell kvm to talk to a named pipe, it'll buffer the output if we're not listening.
[10:20] <soren> ..and if we stop listening, it starts buffering again, and will flush the cache when we start listening again.
[10:20] <soren> So we can just use the code that I wrote to support Xen.
[10:20] <soren> ...and add some expiry stuff to it.
[10:21] <soren> The point is, not listening doesn't block kvm.
[10:22] <soren> I'm not sure how or why it works. When I looked at the source code, it didn't seem to have a buffer mechanism or reconnect handling or anything like that.
[10:22] <soren> ...but I can see it working.
[10:22]  * soren wonders if Daviey fell off that chair
[10:23] <Daviey> i sure did
[10:23] <Daviey> soren: Does kvm action the SIG* to terminate if the sink goes away?
[10:23] <soren> I'll let you reread what I just said.
[10:23] <soren> :)
[10:24] <soren> Ah.
[10:24]  * soren spots the ambiguity
[10:24] <soren> No, it does not.
[10:24] <soren> When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...
[10:25] <Daviey> as in, if you are thinking to just connect to the pipe when i run euca-get-console-output, does kvm die following that command?
[10:25] <soren> 10:24 < soren> No, it does not.
[10:25] <soren> 10:24 < soren> When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...
[10:25] <soren> :)
[10:26] <Daviey> soren: Okay.. and you can limit the size of the fifo?
[10:26] <soren> We could connect to the pipe on GetConsoleOutput as well as once a minute (to avoid kvm's buffer for this growing out of hand).
[10:26] <soren> Daviey: I don't think so, no. I don't see the size of the buffer mentioned anywhere much less documented how you can change it.
[10:26] <Daviey> It actually sounds easier to add ringbuffer support to kvm IMO :)
[10:27] <soren> Using this approach, I can hack this together in an hour or so.
[10:28] <Daviey> Note, that in order to be compariable to AWS - it should output the last 64K.
[10:28] <soren> We can get the EC2 API to chop it off at 64k.
[10:29] <Daviey> I don't know what the behaviour is if i push 10TB to the console, sure the instance will hurt; but what does it do when flushed?
[10:29] <soren> I don't want to impose that particular limitation further down the stack. Keeping an MB or even a couple per VM shoulnd't be a problem at all.
[10:29] <soren> ...but sure, we should have a limit.
[10:29] <soren> I just believe that when you decide to impose arbitrary limits, they should be really high.
[10:29] <Daviey> But does that limit mean that it is chopped in nova-compute?
[10:30] <Daviey> Possibly expensive?
[10:30] <soren> Hardly.
[10:30] <soren> In the grand scheme of things, it's miniscule.
[10:31] <Daviey> nice overcomplicated tail, http://stackoverflow.com/questions/136168/get-last-n-lines-of-a-file-with-python-similar-to-tail
[10:31] <rbasak> If we did use a ringbuffer, we'd want that CPU of chugging through 10TB to be accounted for in the guest properly, ie. the host shouldn't struggle to complete other tasks
[10:31]  * rbasak is still struggling through entirely undocumented code
[10:31] <soren> You're talking over the internet to an API server that looks things up in a database, sends an AMQP message to a compute server that probably also looks stuff up in a database and then sends a response all the way back. Reading a megabyte from the filesystem and truncating it down to the last 64k isn't a big deal.
[10:32] <Daviey> "the code is the documentation" etc
[10:32] <Daviey> :/
[10:32] <rbasak> Are we talking about the same thing?
[10:32] <rbasak> I always assumed that the issue is that the guest can DoS the host by filling up its disk
[10:32] <soren> right
[10:33] <Daviey> rbasak: Soren is thinking of using a fifo, which should hurt the instance - not the host.
[10:33] <Daviey> as in, the yet-to-be-discovered bugger in kvm filling up and killing the instance.
[10:33] <Daviey> err, buffer.
[10:34] <rbasak> what would be reading the fifo?
[10:34] <soren> Daviey: Actually, it might just be that kvm does this in a separate thread.
[10:34] <Daviey> I always thought fifo's were fragile for this sort of usecase tbh.. but i am happy to be proved wrong.
[10:34] <soren> Daviey: ...so it doesn't block all of kvm, only the thread that is waiting to write to the fifo.
[10:35] <Daviey> soren: Stop getting distracted, we can sniff your diff :)
[10:35] <soren> Daviey: Well, they're only fragile if either end thinks it's talking to something else.
[10:35] <Daviey> rbasak: Either, when making a request - flush the pipe and/or have a 60s flush process.
[10:35] <rbasak> so the thread has an internal buffer of some form that it writes to the fifo from, and other threads in kvm are writing to it?
[10:35] <rbasak> what happens when that buffer fills?
[10:35] <soren> Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.
[10:35] <Daviey> rbasak: *every 60s flush.
[10:35] <Daviey> rbasak: NFI.
[10:36] <soren> Attempts to write to it will err.
[10:37] <Daviey> suck it and see.. i'm expecting a blocker, but i'll be more than pleased if not. :)
[10:38] <soren> According to pipe(7), the size of the buffer is 65536.
[10:40] <soren> Daviey: Sniff my diff? I'm not writing anything right now. I've got a couple of other pressing matters I need to attend to first, but I'd be happy to answer questions along the way if someone wants to take a stab at this.
[10:40] <Daviey> soren: ok
[10:40] <soren> One thing that would probably be helpful to know from the start: Each server in Nova has a periodic_tasks method that gets called every minute or so.
[10:41] <soren> So no need to worry about inventing something for that.
[10:41] <Daviey> soren: how do you register an event with that?
[10:41] <Daviey> just something to grep for. :)
[10:42] <soren> Daviey: You don't. You just override that method and add more calls to it.
[10:42] <soren> We don't really have an (internal) events system like that where you can subscribe to particular events or whatnot.
[10:42] <rbasak> one thing I find really annoying about ec2 is that it takes ages for it to update console output
[10:43] <rbasak> it'd be nice if it was instant :)
[10:43] <soren> openstack's impl is instantaneous
[10:44] <soren> That's a particular place where I explicitly don't want feature parity with EC2 :)
[10:44] <soren> i
[10:44] <soren> whoops
[10:44] <Daviey> rbasak: Yeah.. would be easier to do post run-instance magic based on console output.
[10:44] <Daviey> For example, smosers ssh fingerprint magic.
[10:45]  * rbasak does something like that on EC2
[10:45] <rbasak> I patched python-boto years ago
[10:45] <soren> I'm guessing Amazon must store that off of their "compute nodes". Otherwise I don't see why they'd want to limit the number and frequence of console output updates so drastically.
[10:45] <rbasak> but it's too slow due to the console update delay :-/
[10:46] <soren> q
[10:46] <soren> whoops
[10:49] <rbasak> it looks to me like libvirt has some kind of stream abstraction. Is this what it's using to get the console output from kvm?
[10:51] <soren> Are you trying a different approach? Or why are you looking at libvirt code?
[10:52] <rbasak> I'm still thinking about a ringbuffer approach, but mainly I'm still trying to find my way round so that I can understand whichever approach better. I don't yet have a full picture of where console output goes currently
[10:52] <soren> At the moment, the serial port of the virtual machine is configured to go to a file.
[10:53] <soren> This is done in the XML defining the VM.
[10:53] <soren> rbasak: http://libvirt.org/formatdomain.html#elementsConsole
[10:53] <rbasak> yep I'm looking at that thanks
[10:53] <rbasak> So that's read by libvirt - how does it arrange that to happen?
[10:54] <rbasak> does libvirt open a file and pass kvm the fd, or does it give kvm a pts and read it through to a file, or something else?
[10:54] <soren> For qemu, I believe all those things are done by passing the relevant arguments to qemu on the command line.
[10:55] <rbasak> so it passes the filename directly?
[10:55] <rbasak> (and qemu opens it?)
[10:56] <soren> Yes.
[10:57] <soren> rbasak: You should be able to just specify a named pipe in the XML and have everything work out.
 Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.
[10:58] <rbasak> does that apply to qemu?
[10:58] <soren> yes
[10:58] <rbasak> what will qemu do on a SIGPIPE/EPIPE?
[10:59] <soren> It ignores it, AFAICT.
[10:59] <soren> Er..
[10:59] <soren> sorry, no.
[10:59] <rbasak> and loses the write?
[10:59] <soren> It ignores SIGPIPE.
[10:59] <rbasak> and is that well defined or might the behaviour change in future?
[10:59] <soren> This is free software. There are no guarantees :)
[11:00] <rbasak> :-)
[11:00] <soren> If we want it to not change, we just use it and complain if it breaks at some point.
[11:00] <rbasak> soren, what do you think about this named pipe approach vs. modifying something to write out a ringbuffer?
[11:01] <rbasak> or even, giving qemu a fifo but reading the fifo and writing out a ringbuffer
[11:01] <soren> ringbuffers are kinda hard to "write out" :), but having a ring buffer implementation in kvm would be sort of neat. It's much more work than just using a named pipe, though.
[11:01] <soren> ...and I think using a named pipe (now that we know it behaves well) is perfectly fine.
[11:01] <rbasak> the bit of ringbuffering into a file that I see as untidy would be the head/tail pointers
[11:02] <rbasak> I suppose a couple of integers at the start of the file would do, but then it's suddenly a binary format
[11:02] <soren> That's why ringbuffers aren't written to files.
[11:02]  * rbasak was thinking about mmapping a file
[11:02] <soren> Truncating files by chopping stuff off of the end of them is easy. Moving their starting point forward isn't.
[11:02] <rbasak> then another process could read out the current state quite easily
[11:03] <rbasak> struct { int head, int tail, char data[] }
[11:03] <rbasak> assuming ints are atomic on writes
[11:03] <rbasak> then a writer would just need to order changes carefully
[11:04] <soren> You'd only need a start ptr, really.
[11:04] <soren> Well, and perhaps a max_length.
[11:04] <rbasak> then the first write run through would have to be a special case
[11:04] <rbasak> anyway, that's just the detail
[11:05] <rbasak> it's still ugly I admit :)
[11:06] <rbasak> I'm thinking of something like <console type='pty'><source path='/tmp/console.log' ringbuffer='16384' /><target type='virtio' port='0'/></console>
[11:06] <rbasak> Hence looking at libvirt, and if libvirt could manage taking input from qemu and dealing with the ringbuffer, then it would fit in really well
[11:07] <rbasak> If the ringbuffer isn't a file then maybe memory but then it'd need some kind of API to get it out again
[11:07] <rbasak> are we allowed to use pthread mutexes in libvirt?
[11:13] <Daviey> jamespage: stop finding issues :)
[11:13] <jamespage> Daviey: sorry
[11:13] <jamespage> my preseed seem to be broken now as well - gah!
[11:17] <Daviey> rbasak: it has case history, so i assume yes - http://www.redhat.com/archives/libvir-list/2011-January/msg00965.html
[11:18] <Daviey> rbasak: Note, that this would probably have to be accepted upstream before we could carry it.
[11:20] <eagles0513875> any people well versed with dovecot and postfix running on 10.04
[11:20] <Daviey> eagles0513875: many people are probably well versed in this.
[11:23] <soren> rbasak: libvirt has e.g. virMutexLock, which I believe is a thin wrapper around pthread mutexes.
[11:24] <soren> rbasak: Remember, though, that libvirt supports stopping libvirt while letting the VM's keep running.
[11:24] <eagles0513875> Daviey: well my issue is this. on 10.04.2 i got everythign working etc and now reconfiguring dovecot and postfix configured the exact same way
[11:25] <eagles0513875> Daviey: yet all emails get delivered to /var/mail instead of my maildir
[11:25] <soren> rbasak: So anything you do should either not require libvirt to run for kvm to also keep running.
[11:50] <rbasak> soren: ah, I was wondering about that, thanks. So with your named pipe system, nova would give libvirt a path to a named pipe, and take care of reading it itself? Would that include a persistent process/thread to read, or would you be relying on qemu not breaking when it tries to write to the pipe with no reader?
[11:51] <soren> rbasak: I'd rely on qemu not to break.
[11:51] <rbasak> ok thanks
[11:52] <soren> We trust Qemu to do everything else properly. If qemu breaks, we're so utterly screwed anyway :)
[11:53] <Daviey> soren: talking of which.. pondering a new upstream version.. 0.15 was released a while ago.
[11:53] <Daviey> *very* late in the cycle. :/
[11:55] <rbasak> yeah I understand but it's kind of broken to expect a random application to know what to do when faced with EPIPE :)
[11:55] <rbasak> (but if it works atm then fair enough I guess)
[11:56] <soren> rbasak: Why?
[11:56] <kvarley> I get "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)" when I try and login to mysql on my machine. what am I doing wrong?
[11:57] <soren> rbasak: qemu isn't exactly a random application. It's *the* application.
[11:58] <koolhead11> kvarley: is this server not on same system
[11:58] <kvarley> koolhead11: I'm running a LAMP server setup on localhost.
[11:59] <koolhead11> kvarley: what does mysql -uroot -p <yourpassword> does ?
[11:59] <kvarley> koolhead11: Produces that error
[12:01] <rbasak> soren: because by default applications won't watch SIGPIPE, and it's a special case to have to deal with it. If qemu deals with it by definition because someone considered writing to FIFOs, then fair enough. If we're lucky that it works, then also fair enough but we're still lucky that it works :)
[12:01] <rbasak> s/watch/catch
[12:02] <koolhead11> kvarley: https://help.ubuntu.com/community/MysqlPasswordReset see if it helps!! :D
[12:03] <kvarley> koolhead11: I got in :) Thanks for the help tho! :)
[12:06] <koolhead11> kvarley: its great the community documentation and take googles help :D cheers!!
[13:09] <Ursinha> good morning people
[13:36] <Daviey> Ursinha: Hello!
[13:40] <tdn> I have installed mysql server using apt-get. Now there is set a password for user debian-sys-maint. How do I get this password?
[13:52] <just-a-visitor> Try looking into /etc/mysql/debian.cnf.
[14:32] <aveng3r> Hi, I'm using ubuntu 11.4 server, is there a way to install xorg?
[14:35] <just-a-visitor> https://help.ubuntu.com/community/ServerGUI
[14:38] <aveng3r> thanks
[14:44] <eagles0513875> hey guys i need some help with postfix
[14:50] <Ursinha> bug 833499
[14:53] <eagles0513875> hey guys im setting up post fix what should the postmaster and root email be set to the system users email address?
[15:30] <eagles0513875> any postfix experts in here i need some help
[15:31] <eagles0513875> i changed a line in saslauthd and for some reason it doesnt like said line
[15:31] <eagles0513875> its failing to start saslauthd
[15:33] <memoryleak> and why does it this?
[15:38] <eagles0513875> memoryleak: ??
[15:40] <yaboo> trying to setup a telnet server on my box, can telnet localhost, but am unable to telnet from another machine
[15:40] <yaboo> do I need to activate something?
[15:41] <memoryleak> eagles0513875: I can't do some voodoo and guesss what the problem might be. Paste changed lines, and the Error message(s).
[15:42] <eagles0513875> memoryleak: i pasted a line from the ubuntu wiki on how to set this up
[15:42] <eagles0513875> yaboo: if your trying to telnet to another machine it woudl be telnet IP PORT
[15:43] <memoryleak> eagles0513875: Still not enugh info to help you.
[15:43] <yaboo> eagles0513875, getting connection refused, switched off firewall believe, but still no dice
[15:43] <eagles0513875> memoryleak: what info do you need
[15:44] <eagles0513875> yaboo: can you ssh into the remote machien and try telnet ip port
[15:44] <memoryleak> Error message? What you changed?
[15:44] <eagles0513875> telnet localhost ip port
[15:44] <eagles0513875> memoryleak: in the saslauthd file i changed the very last line to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
[15:44] <eagles0513875> when it comes to starting it
[15:44] <yaboo> eagles0513875, can ssh into the machine, from other machine, I get connection refused
[15:45] <eagles0513875> yaboo: are you the admin of the remote machine
[15:45] <eagles0513875> memoryleak: i get this error when i try to start it /etc/default/saslauthd: 59: Syntax error: Unterminated quoted string
[15:45] <yaboo> eagles0513875, yes
[15:45] <eagles0513875> yaboo: can you login to the machine and do sudo iptables -L and check that port 22 is open
[15:45] <yaboo> eagles0513875, iptables -L returns blank
[15:46] <eagles0513875> yaboo: then sudo apt-get install openssh-server
[15:46] <yaboo> eagles0513875, defeats the purpose of telnet
[15:46] <eagles0513875> yaboo: what do you need telnet for anyway
[15:46] <eagles0513875> its hardly used and not very secure
[15:47] <yaboo> eagles0513875, a inhouse app using wyse60 emulation
[15:48] <eagles0513875> yaboo: you have any routers along the way between  you and ur server?
[15:48] <eagles0513875> it could be the router is blocking the port
[15:48] <memoryleak> eagles0513875: Look for qoute chars that are not enclosing
[15:48] <eagles0513875> or the whole network firewall
[15:48] <eagles0513875> memoryleak: it specifically says line 59
[15:48] <yaboo> eagles0513875, no, same network, netmask
[15:49] <memoryleak> eagles0513875: Post the whole file on pastebin.com
[15:49] <eagles0513875> memoryleak: found it
[15:49] <eagles0513875> yaboo: doesnt matter same subnet or not
[15:49] <yaboo> ok eagles0513875
[15:49] <eagles0513875> if the entire network firewall doesnt have it opened you wont have access via telnet
[15:49] <memoryleak> eagles0513875: Basically, it told you allready what was wrong. You just didn't look.
[15:49] <eagles0513875> memoryleak: the way i interpreted it it said line 59
[15:50] <eagles0513875> yet the error was further up then line 59
[15:50] <eagles0513875> near the top
[15:50] <memoryleak> Your'e not the first that thid this mistake in the config :D
[15:59] <yaboo> eagles0513875, got it working, seems inetd only allowed tcp6, installed xinetd and works in tcp4 and able to telnet into the machine
[16:02] <eagles0513875> yaboo: ahh
[16:02] <eagles0513875> memoryleak: you did same mistake as me
[16:30] <koolhead17> hi all
[17:18] <KoolaidJunkie> Could someone help me get a script to start on boot up?
[17:58] <fedup> so I have a fresh install of 10.4.3 server, I want it to be a dhcp server and file and LAMP. for dhcp where sould I start? dhcp3-server, dnsmasq, or dhcpd
[18:08] <zoopster> fedup: I'm using dhcp3-server
[18:20] <qman__> I also use dhcp3-server, but if you're looking for dynamic DNS on your LAN, dnsmasq is going to be the better option
[18:21] <qman__> it can be done with other servers and BIND, but dnsmasq is tailored for that kind of setup
[18:27] <erty> hi
[18:30] <erty> i got pc with pc with 2 disk
[18:31] <erty> with 2 disk 76 GB
[18:32] <erty> i got raid 1 on it
[18:32] <erty> what it will be the volume of my disk ?
[18:34] <fedup> hmmm ok
[18:42] <pmatulis> sounds like homework
[18:45] <erty> yeah  anyone can tell ?
[18:45] <fedup> dnsmasq will do dhcp ip's and be able to support a wirelss access point?
[18:46] <qman__> your chosen DHCP server really doesn't have anything to do with using a wireless access point
[18:48] <erty> anyione there
[18:48] <erty> .?????
[18:49] <fedup> k
[18:49] <fedup> wasn't sure, I guess not with it just being a static ip
[18:56] <lickalott> erty you have a question?
[18:57] <erty> yes of course
[18:57] <erty> 2 disk of 76 GB with raid how much the total volume ?
[18:58] <erty> raid 1
[18:58] <jmarsden> erty: 76GB.  Is this a trick question? :)
[18:59] <erty> well with raid 10 how much it gives ?
[19:00] <jmarsden> With RAID 10 you ned 4 disks.  so that one *is* a trick question!
[19:01] <erty> well if you create raid 1 on 76 GB
[19:01] <erty> as OS if you got ubuntu
[19:02] <erty> from the OS is it possible to check the type of raid created before ?
[19:03] <jmarsden> erty: Software RAID: read /etc/mdadm/mdadm.conf.  Hardware RAID: see how the RAID controller is configured using whatever tool or utility it uses.
[19:05] <erty> if i understand correctl, if it is an hardware raid, from the OS we can't access to type of raid
[19:05] <erty> am i correct ?
[19:06] <jmarsden> You can get a utility that knows about the hardware RAID controller and use that to look at how the controller is set up.
[19:07] <erty> lets take an example of HP SERVER
[19:08] <erty> what utility knows about the hardware RAID controller and use that to look at how the controller is set up ?
[19:08] <jmarsden> It is not the server that matters, it is the controller.
[19:08] <jmarsden> Which controller card do you have?
[19:09] <erty> smart array controller
[19:09] <jmarsden> Maybe, this is relevant to you: http://h18000.www1.hp.com/products/servers/proliantstorage/software-management/acumatrix/index.html
[19:10] <jmarsden> No, that is not a specific controller name :)
[19:10] <jmarsden> HP makes a bunch of "smart array controllers", I think...
[19:11] <jmarsden> The Ubuntu package cciss-vol-status  may also be relevant?
[19:12] <erty> well can you give me a clue ?
[19:12] <jmarsden> I just gave you a bunch of clues.  Use them.
[19:14] <erty> well, always with the same disk with raid 1
[19:14] <erty> 2 disk of 76 GB raid 1
[19:14] <KoolaidJunkie> Hey everyone.
[19:14] <KoolaidJunkie> How can I get a script to run on server boot?
[19:15] <erty> when you booting to the OS, if you do fdisk -l how many disk it will detect ?
[19:15] <jmarsden> erty: try it and see :)
[19:16] <erty> don't have any hardware
[19:16] <erty> to try that's why i m asking you here ? pppl :)
[19:18] <erty> just want to understand the concept before buying
 sounds like homework <erty> yeah  anyone can tell ?
[19:20] <jmarsden> That does not look like pre-sales evaluation to me...
[19:20] <erty> homework for myself
[19:21] <erty> don't worry ; There is no ambiguity
[19:33] <erty> so how much it gives with fdisk -l ?
[21:17] <jeeves_moss> is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?
[21:19] <jmarsden> jeeves_moss: mail -f predefined@example.com -s "some subject" recipient@example.com <somefile.txt
[21:20] <jeeves_moss> jmarsden, thank you.  that's the simplest
[21:20] <jmarsden> Well, you can leave out the -s "some subject" to simplify it further :)
[21:21] <jeeves_moss> thanks.  my ISP's tech support is refusing to fix an issue that's been going on for 6+ months, so I figure an e-mail every 15 mins should get their attention
[21:25] <jeeves_moss> sorry, connection issues
[21:25] <jeeves_moss> it dosn't like the "-f" command for the "from" user
[21:39] <jeeves_moss> jmarsden, are you stil here?
[21:42] <jeeves_moss> is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?
[22:24] <lickalott> redirectors i would assume
[22:40] <bcessa> hi, what software do you recommend to monitor a ubuntu server with: nginx, php5-fpm, mysql ?