/srv/irclogs.ubuntu.com/2011/11/05/#ubuntu-server.txt

Andrewx	Hello.	00:18
Andrewx	I'm trying to upgrade my install of 11.04 to 11.10	00:19
Andrewx	I got the GUI for upgrade and cancelled on accident.	00:19
Andrewx	How can I resume the GUI for upgrade>	00:19
Andrewx	?	00:19
pangolin	just start over, any debs already downloaded will be skipped	00:27
pangolin	if you cancelled during the install process you may be up a creek and will need to do a clean install.	00:27
dork	hi i've been troubleshooting a problem on an ubuntu system for 15 hours, i have exhausted all ubuntu channels i can think of, so i'm going to try here. i did a distro upgrade that resulted in init not being able to put my software raid together, i can chroot to the environment, i have tried reinstalling legacy grub and reinstalling grub2 multiple times, i just can not get it. would anyone in here please help me trubleshoot this so i can go home?	00:29
Yompa	Side question: how safe are these upgrades? I tend to believe in backup complete reinstall and selective restore.	00:29
dork	Yompa: i've spent 15 hours so far because of an upgrade	00:29
dork	and im still down	00:29
Yompa	dork, I wish you good luck and the best!	00:31
dork	thanks	00:33
virusuy	dork: can you mount your devices ?	00:34
virusuy	i mean, your HD's	00:34
virusuy	?	00:34
dork	i can assemble the raid and mount the raids	00:35
dork	through busybox and and a chrooted environment	00:35
virusuy	but when servers boot said that cannot find your raid , right ?	00:36
dork	t said this	00:36
dork	http://www.froward.org/~mike/screen.jpg	00:36
dork	http://pastebin.com/Mwn9fAHT <--grub config and raid info	00:36
dork	so it seems it's just not able to assemble the raid	00:37
virusuy	did you tried to boot an older kernel ?	00:37
dork	in busybox i can assemble it by hand	00:37
dork	virusuy: yes and that did not work	00:38
virusuy	dork: uhmm	00:38
virusuy	no idea man, good luck	00:39
dork	anyone else?	00:39
virusuy	and the best	00:39
dork	virusuy: thanks	00:39
Yompa	I'm about to build a 1 + 0, nothing that complicated though. Sorry.	00:40
mateolargo	i'm (trying to) manage a PPA for our company and have hit a bit of a snag	00:41
EvilResistance	how so	00:42
mateolargo	after rebuilding several packages and regenerating my Release files (sorry, i'm probably butchering the terminology here) i'm getting a dependency error when trying to install one of our packages	00:43
mateolargo	nginx-custom : Depends: nginx-full (= 1.0.6-2) but it is not going to be installed	00:43
mateolargo	E: Unable to correct problems, you have held broken packages.	00:43
EvilResistance	FYI dont paste to here	00:44
virusuy	dork: Raid 1 ?	00:44
EvilResistance	mateolargo: why are you generating a custom nginx package?	00:44
mateolargo	EvilResistance: we needed to included several modules that weren't in the default packages	00:45
virusuy	dork: if you have a RAID 1 array, you can desassemble and try to boot from 1 HD instead of array	00:45
EvilResistance	mateolargo: can I /query you for a sec?	00:45
mateolargo	sure	00:46
dork	virusuy: i was going to do that as a last measure	00:47
dork	virusuy: i might as well though i'll have to come back tomorrow anyways	00:47
virusuy	dork: if you can boot from 1 HD, then you should resync that array	00:47
dork	virusuy: im just not sure how to approach it	00:48
virusuy	desassemble that array ?	00:48
dork	yeah	00:48
virusuy	disassemble*	00:48
virusuy	uhmm that depends on your RAID controller	00:49
dork	it's software	00:49
dork	just trying to figure out the arguments	00:49
dork	so i don't destroy it	00:50
virusuy	if you can assemble that array in somewhere else, then backup as much you can	00:50
dork	what?	00:50
virusuy	i mean	00:50
dork	i mean boot one disk	00:50
dork	i've got everything backed up	00:50
virusuy	oh , ok	00:50
dork	i got it	00:57
dork	i'm pretty sure	00:57
virusuy	dork: really ? :-)	00:58
dork	yeah	01:06
dork	it's finishing the fsck now	01:06
dork	but i got it to boot	01:06
virusuy	dork: nice! did you boot from 1 HD ?	01:06
virusuy	or did something else?	01:06
dork	i basically rescanned for raid arrays and rewrote a new mdadm.conf, the syntax is different, remade init and installed it, it's booting now.	01:06
virusuy	dork: nice :-D	01:06
dork	took me 16 hours to figure it out	01:07
dork	i'll take nice but i should probably go shoot myself	01:07
uvirtbot	New bug: #886423 in php5 (main) "Can't install php5-mysql in Ubuntu 11.10 due to unmet dependencies" [Undecided,New] https://launchpad.net/bugs/886423	02:31
arrrghhh	hello all. trying to find a script that will go thru a folder and expand any compressed .RAR files	02:38
arrrghhh	http://code.google.com/p/torrentexpander/	02:38
arrrghhh	seemed to be the answer, and then some	02:39
arrrghhh	but perhaps it's too powerful for my needs - i can't seem to get it to do this simple task. has anyone ever used it?	02:39
uvirtbot	New bug: #886426 in net-snmp (main) "snmpd init status script doesn't check $SNMPDRUN or $SNMPDRUN" [Undecided,New] https://launchpad.net/bugs/886426	02:45
virusuy	arrrghhh: all your files are in the same folder ?	02:51
arrrghhh	virusuy, no	02:52
arrrghhh	well	02:52
arrrghhh	let me rephrase	02:52
arrrghhh	everything is in one folder	02:52
arrrghhh	but there's a high potential that there are RAR's within sub-folders that will need extracting	02:53
arrrghhh	but i do have a 'central point' where all the files in question are going.	02:53
m_tadeu	hi...where can I find the php logs?	02:53
arrrghhh	m_tadeu, tail -f /var/log/apache/php.errors?	02:55
arrrghhh	alternatively, look in your php.ini file	02:55
m_tadeu	arrrghhh: doesn't exist	02:55
m_tadeu	arrrghhh: I'll check	02:56
=== jhelwig is now known as zz_jhelwig
arrrghhh	virusuy, have you ever used that script?	03:03
arrrghhh	it seems really powerful	03:03
arrrghhh	but it might be serious overkill	03:03
virusuy	arrrghhh: no at all, and yes, seems powerful	03:03
arrrghhh	i was thinking about looking at its grooming abilites	03:03
arrrghhh	abilities*	03:03
arrrghhh	but i'm trying to start simple, just want the unrar ability	03:03
arrrghhh	and i can't seem to manage that :/	03:03
virusuy	arrrghhh: you also can study what does and create your own script	03:03
arrrghhh	or "just that" i should say.	03:03
arrrghhh	virusuy, i looked at the bash. it's quite complex.	03:03
virusuy	unrar is ease,	03:03
virusuy	unrar -h for help,	03:04
arrrghhh	i think i can just do the unrar part pretty easily on my own.	03:04
arrrghhh	yea	03:04
arooni-mobile	im trying to ssh into a linux server. i did ssh -v root@ipaddress... and i'm seeing: "debug1: Connecting to IP [IP] port 22. then debug1: connect to address IPADDRESS port 22: Connection refused" ... but nothing else. is there any other reason why the server isnt letting me ssh? is it because its the wrong port (doing new setup on a new server)	03:04
virusuy	the hardest part is moving between folders and sub-folders	03:04
arrrghhh	yea	03:04
arrrghhh	arooni-mobile, is the far end open? are you on a LAN?	03:05
virusuy	arooni-mobile: with wich user are you trying to log in ?	03:05
arrrghhh	looks like root	03:05
arrrghhh	which might be the problem as well	03:05
arooni-mobile	virusuy, root	03:05
arrrghhh	you can't ssh to root	03:05
virusuy	arooni-mobile: in some configs root login is disabled by default	03:05
arooni-mobile	ok i didnt get a user data	03:05
arooni-mobile	user name	03:05
virusuy	oops	03:06
virusuy	:-)	03:06
virusuy	can you configure sshd_config on the server ?	03:06
virusuy	i mean, can you acces in other way than ssh ?	03:06
arooni-mobile	i dont know; this is a new client; and have to figure out leasewebs interface	03:07
virusuy	so, you're not using ssh in LAN, right ?	03:07
arooni-mobile	i mean the server is somewhere in the netherlands	03:08
arooni-mobile	the gateway is provided; but i wouldnt need that to connect i think	03:08
virusuy	uhmm could be	03:10
arooni-mobile	i havent heard of using a gateway to connect to via ssh	03:10
virusuy	is not common	03:11
arooni-mobile	i just hate it when i have to open a damn ticket just to login	03:11
virusuy	but , that gateway can allow or deny connections through port 22	03:11
arooni-mobile	so should i try to connect other than ssh root@ip	03:11
virusuy	but why dont you test connect through that gateway before open a new ticket ?	03:11
arooni-mobile	honestly i didnt know that much about gateways; i thought it was only for when i have a home router	03:12
virusuy	root shouldn't be allowed through ssh, but, who knows every sysadmin/company is a different world :-)	03:12
virusuy	arooni-mobile: let me find a how to, cos you can configure ssh to use a gateway in some hosts	03:13
virusuy	how-to *	03:13
virusuy	let me rephrase	03:14
virusuy	you can configure your ssh-client to use a gateway	03:14
virusuy	oh, can you test this command ?	03:17
m_tadeu	I'm unable to get logs from php...I tryed setting error_log to a file, and now to syslog....nothing comes out	03:17
virusuy	ssh -w host:port gateway	03:17
virusuy	ssh -W username@host:port gateway	03:17
=== zz_jhelwig is now known as jhelwig
kevcox	We are starting to use Linux Servers (Ubuntu) more and more for small business solutions. As we get more I would like to start a standard in managing these servers. What does everyone feel is the best process for updating the servers that provide a certain role like Samba or Postfix. Do download all updates or just security updates, etc.?	03:26
kevcox	So far we've been installing all updates (apt-get upgrade).	03:27
kevcox	From time to time I've noticed the apps change and sometimes require .conf file updates that can cause issues if we are not prepared for what can be altered.	03:28
twb	kevcox: it's nontrivial to select only security updates	03:33
kevcox	So you don't rely on the improvements of the apps that are isntalled?	03:33
twb	kevcox: if you have a bunch of servers, like say five app servers, you can designate one of them a staging server and pull updates to it first	03:34
kevcox	Just assume if it works then there is no need?	03:34
twb	kevcox: well, suppose you have lucid, lucid-security and lucid-updates in your sources.list	03:34
twb	kevcox: you can't easily say to apt "please apply updates only from lucid-security"	03:34
twb	kevcox: however, -updates mainly contains critical but non-security-related stuff like fixing bugs that result in data loss	03:35
twb	kevcox: so it's a good idea to pull them in anyway.	03:35
twb	kevcox: OTOH -backports and newer distro releases include new upstream releases, and new feaures = new bugs	03:36
kevcox	Do you recommend for security updates to be performed on their own or manually?	03:36
twb	kevcox: generally I make sure -security and -updates are in sources.list and then just aptitude full-upgrade from time to time.	03:37
kevcox	So you are pulling all security and distro updates manually from time to time?	03:38
twb	Yes	03:39
kevcox	What about when you get an app upgrade that requires .conf migration to a new version?	03:39
twb	Then you deal with it at the time	03:40
virusuy	kevcox: backups .conf files first	03:40
twb	Oh, etckeeper of course	03:40
virusuy	:-)	03:40
twb	But broadly speaking I will tell the users a day beforehand "I'm doing upgrades at 11AM tomorrow, there are no expected outages, but there might be if something goes wrong."	03:40
kevcox	How about this....	03:41
kevcox	I setup security updates to be automatic during off hours on weekends then perform app updates from time to time... Any issues with setting the standard that you can see?	03:42
virusuy	kevcox: automatic updates? NO WAY	03:42
kevcox	Not for critical updates only?	03:42
twb	I have been mostly unimpressed with automated update solutions	03:42
virusuy	kevcox: its my opinion	03:43
kevcox	Meaning critical security updates	03:43
twb	kevcox: how does the automated system know which ones are critical?	03:43
virusuy	twb: indeed	03:43
kevcox	I guess I see security updates as being critical	03:43
virusuy	you should take care of security updates, check every update, wich aplication will update , what and which things you need to do before update	03:43
kevcox	I guess I've failed there	03:44
virusuy	kevcox: i mean, this isn't mandatory	03:44
kevcox	I typically logon and see the console tells me there are updates and how many security. I then run APT with UPDATE and then UPGRADE without a second thought.	03:44
kevcox	No issues thus far but I want to do it the right way or best solution.	03:45
virusuy	kevcox: yes you can do that and no worries	03:45
virusuy	but one day, something will fail	03:45
virusuy	and probably will be on weekend	03:46
virusuy	at 3 am	03:46
virusuy	:-)	03:46
kevcox	No doubt... :/	03:46
kevcox	:)	03:46
virusuy	my opinion. ..	03:47
virusuy	you just need to update your vital services	03:48
virusuy	i mean, if you run a apache server, then subscribe to apache's security mailing list to be updated about security fixes and so.	03:48
kevcox	Do you happen to know the command to update security only using APT?	03:48
virusuy	and also you will know about updates, what they do and so on	03:48
kevcox	That sounds like a good idea I need to do.	03:49
kevcox	Just what I need more emails.. :)	03:49
virusuy	kevcox: or tag your mails :)	03:49
kevcox	Another Google Apps user?	03:50
virusuy	i actually use a lot of mailing list and twitter	03:50
virusuy	kevcox: gmail only	03:50
=== luciano_ is now known as virusuy
=== ^tortuguito is now known as tortu
lbw	hi	09:45
lbw	i have installed ubuntu-server and using kdm and using virtualbox	09:46
lbw	all is going fine except that there is no voice	09:46
lbw	i have checked for alsa and pulse audio, both are installed	09:46
lbw	how to enable audio so that i can hear sound for virtualbox	09:46
lbw	thanks	09:46
lbw	message says, pa_pid_file() creation failed	09:48
lbw	when i run pulseaudio from terminal	09:48
lbw	do i need to configure kdm to use pulseaudio or alsa ?	09:49
greppy	is your user in the audio group?	09:50
lbw	hmmm	09:52
lbw	how to check that	09:52
greppy	try the 'id' command in a terminal	09:55
lbw	ok	09:57
lbw	no there is no audio group	09:57
lbw	how to add audio group	09:58
lbw	greppy: thanks :)	10:07
lbw	sudo adduser 'you' audio :)	10:08
lbw	now will it work ?	10:09
=== jason is now known as jasef
storrgie	I just had a failure event on one of my mdadm arrays, does anyone know how I can inspect the drive to see if it really was a failure?	13:20
virusuy	storrgie: i guess you can check your raid status with mdadm --detail /device	13:22
storrgie	cat /proc/mdstat tells me that one of the drives is a failure	13:25
storrgie	I need to see if that drive is truly failing smart	13:25
storrgie	or if it is just an issue where the drive was not spinning up properly	13:25
RoyK	stgraber: smartctl	14:11
RoyK	smartctl -t short /dev/sda	14:11
RoyK	stgraber: smartctl -d sat -t short /dev/sda	14:12
RoyK	ops - wrong nick - storrgie left, apparently	14:12
=== Major_Tom is now known as Omega42
=== \|_\| is now known as jasef
dwelch	Hey guys, looking for some advice on how to setup a Ubuntu server w/ Apach to allow multiple users to host WordPress sites.	15:55
dwelch	I already know how to setup all these (and have done so), but what I cannot figure out is how to setup permissions / users so that each user can upload files through WordPress & have FTP access, but not be able to see any of the other users directories	15:55
RoyK	dwelch: check chrooting for ftp server	15:56
JanC	let them upload to their home directory and use chrooted sftp/ftps access?	15:56
RoyK	dwelch: which ftp server are you using?	15:56
dwelch	vsftp	15:57
JanC	RoyK: I hope he doesn't use plain FTP... ;)	15:57
RoyK	JanC: seems like it...	15:57
RoyK	dwelch: then check chrooting for vsftpd, it supports it well	15:57
dwelch	And that works well, but some of these accounts I wanted to allow ssh access to also	15:58
JanC	dwelch: ssh/sftp can be chrooted as well	15:58
RoyK	google for ssh/sftp chroot	15:58
Dulcin	Hi, I currently have a server which I use as SMTP server for my website, my personal mail is done through google apps, and my domain is hosted somewhere else. Now to avoid my emails sent from my server being detected as spam, I want to set up an SPF record. Should I set this up on the server itself?	15:59
RoyK	JanC: touché	15:59
JanC	but another issue might be that scripts run by apache can access data outside the user's home (you might have to use a technique to chroot that too)	16:00
dwelch	It's been a while, but I feel like I ran into WordPress-upload permission issues when I persued that route	16:00
JanC	or at least run them as another user	16:00
dwelch	Hmm	16:01
JanC	dwelch: it's possible to run wordpress as the user (e.g. using FastCGI & such)	16:01
dwelch	Yeah, I ended up using the apache module mpm_itk to prefork & run the request as the user	16:03
dwelch	which works, but I'm worried that's a bit scary from a security stand point	16:03
JanC	ah, yes, that MPM does the same	16:04
JanC	dwelch: filesystem permissions have to be set right too, of course	16:04
dwelch	Yeah, so basically what I've got now is that each user has their default umask to 770, their site served out of ~/www and mpm running the requests as those users	16:05
JanC	dwelch: alternatively you can run multiple webservers in containers or VMs...	16:05
dwelch	With a chrooted ssh / ftp, security should be in good shape, right?	16:06
dwelch	Thought of that JanC, but I'm already on a pretty weak VM in a XEN environment (at linode.com)	16:06
JanC	right, I was just going to write that it's often a security/cost trade-off ☺	16:08
JanC	dwelch: I don't really know mpm_itk, but maybe it also allows chrooting?	16:10
dwelch	Haha yeah, definitely a cost trade off preforking all the requests, but I wasn't sure about the security issue	16:10
dwelch	Okay, well I guess my setup isn't that bad then	16:11
dwelch	I was scared that someone might come swinging for me w/ that kind of setup :P	16:12
JanC	dwelch: what I mean is that you must decide what is secure enough for you and how much money you want to (or can) spend, and balance that ☺	16:13
dwelch	Yeah I hear ya.	16:14
JanC	I wonder if it would be possible to use ecryptfs or encfs...	16:14
dwelch	I've read most the formal documentation for each of these, but I'm wondering if there are any really good resources for basic server admin understanding	16:14
Dulcin	Can an SPF record hold multiple IPs or should I create multiple SPF records	16:20
uvirtbot	New bug: #886592 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/886592	16:21
=== smw_ is now known as smw
dwelch	JanC: just went and picked up a ubuntu knowledge book from the library, looking into encryptfs for my purposes	17:16
JanC	dwelch: the problem with ecryptfs would be to handle automatic mounting in a secure way (because obviously there is no login password entered when apache forks)	17:20
dwelch	Ah, good point	17:21
JanC	there is an #ecryptfs channel on the OFTC IRC network BTW	17:21
dwelch	O cool, I'll check that out	17:27
RoyK	remember, remember the fifth of november....	18:27
RevChas	Anyone got a minute to help with getting Postfix and SASL to play together?	20:03
julivaljr	qual o conselho para iniciar uma instalacao ubuntu server?	20:46
=== tortuguito is now known as Namorado_da_Swee
=== Namorado_da_Swee is now known as tortu
=== tortu is now known as roedor
=== roedor is now known as esquilinho
=== Namorado_da_Swee is now known as tortu
=== tortu is now known as tortuguito

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!