[00:18] <Andrewx> Hello.
[00:19] <Andrewx> I'm trying to upgrade my install of 11.04 to 11.10
[00:19] <Andrewx> I got the GUI for upgrade and cancelled on accident.
[00:19] <Andrewx> How can I resume the GUI for upgrade>
[00:19] <Andrewx> ?
[00:27] <pangolin> just start over, any debs already downloaded will be skipped
[00:27] <pangolin> if you cancelled during the install process you may be up a creek and will need to do a clean install.
[00:29] <dork> hi i've been troubleshooting a problem on an ubuntu system for 15 hours, i have exhausted all ubuntu channels i can think of, so i'm going to try here. i did a distro upgrade that resulted in init not being able to put my software raid together, i can chroot to the environment, i have tried reinstalling legacy grub and reinstalling grub2 multiple times, i just can not get it. would anyone in here please help me trubleshoot this so i can go home?
[00:29] <Yompa> Side question: how safe are these upgrades? I tend to believe in backup complete reinstall and selective restore.
[00:29] <dork> Yompa: i've spent 15 hours so far because of an upgrade
[00:29] <dork> and im still down
[00:31] <Yompa> dork, I wish you good luck and the best!
[00:33] <dork> thanks
[00:34] <virusuy> dork: can you mount your devices ?
[00:34] <virusuy> i mean, your HD's
[00:34] <virusuy> ?
[00:35] <dork> i can assemble the raid and mount the raids
[00:35] <dork> through busybox and and a chrooted environment
[00:36] <virusuy> but when servers boot said that cannot find your raid , right ?
[00:36] <dork> t said this
[00:36] <dork> http://www.froward.org/~mike/screen.jpg
[00:36] <dork> http://pastebin.com/Mwn9fAHT <--grub config and raid info
[00:37] <dork> so it seems it's just not able to assemble the raid
[00:37] <virusuy> did you tried to boot an older kernel ?
[00:37] <dork> in busybox i can assemble it by hand
[00:38] <dork> virusuy: yes and that did not work
[00:38] <virusuy> dork: uhmm
[00:39] <virusuy> no idea man, good luck
[00:39] <dork> anyone else?
[00:39] <virusuy> and the best
[00:39] <dork> virusuy: thanks
[00:40] <Yompa> I'm about to build a 1 + 0, nothing that complicated though. Sorry.
[00:41] <mateolargo> i'm (trying to) manage a PPA for our company and have hit a bit of a snag
[00:42] <EvilResistance> how so
[00:43] <mateolargo> after rebuilding several packages and regenerating my Release files (sorry, i'm probably butchering the terminology here) i'm getting a dependency error when trying to install one of our packages
[00:43] <mateolargo> nginx-custom : Depends: nginx-full (= 1.0.6-2) but it is not going to be installed
[00:43] <mateolargo> E: Unable to correct problems, you have held broken packages.
[00:44] <EvilResistance> FYI dont paste to here
[00:44] <virusuy> dork: Raid 1 ?
[00:44] <EvilResistance> mateolargo:  why are you generating a custom nginx package?
[00:45] <mateolargo> EvilResistance: we needed to included several modules that weren't in the default packages
[00:45] <virusuy> dork: if you have a RAID 1 array, you can desassemble and try to boot from 1 HD instead of array
[00:45] <EvilResistance> mateolargo:  can I /query you for a sec?
[00:46] <mateolargo> sure
[00:47] <dork> virusuy: i was going to do that as a last measure
[00:47] <dork> virusuy: i might as well though i'll have to come back tomorrow anyways
[00:47] <virusuy> dork: if you can boot from 1 HD, then you should resync that array
[00:48] <dork> virusuy: im just not sure how to approach it
[00:48] <virusuy> desassemble that array ?
[00:48] <dork> yeah
[00:48] <virusuy> disassemble*
[00:49] <virusuy> uhmm that depends on your RAID controller
[00:49] <dork> it's software
[00:49] <dork> just trying to figure out the arguments
[00:50] <dork> so i don't destroy it
[00:50] <virusuy> if you can assemble that array in somewhere else, then backup as much you can
[00:50] <dork> what?
[00:50] <virusuy> i mean
[00:50] <dork> i mean boot one disk
[00:50] <dork> i've got everything backed up
[00:50] <virusuy> oh , ok
[00:57] <dork> i got it
[00:57] <dork> i'm pretty sure
[00:58] <virusuy> dork: really ? :-)
[01:06] <dork> yeah
[01:06] <dork> it's finishing the fsck now
[01:06] <dork> but i got it to boot
[01:06] <virusuy> dork: nice! did you boot from 1 HD ?
[01:06] <virusuy> or did something else?
[01:06] <dork> i basically rescanned for raid arrays and rewrote a new mdadm.conf, the syntax is different, remade init and installed it, it's booting now.
[01:06] <virusuy> dork: nice :-D
[01:07] <dork> took me 16 hours to figure it out
[01:07] <dork> i'll take nice but i should probably go shoot myself
[02:38] <arrrghhh> hello all.  trying to find a script that will go thru a folder and expand any compressed .RAR files
[02:38] <arrrghhh> http://code.google.com/p/torrentexpander/
[02:39] <arrrghhh> seemed to be the answer, and then some
[02:39] <arrrghhh> but perhaps it's too powerful for my needs - i can't seem to get it to do this simple task.  has anyone ever used it?
[02:51] <virusuy> arrrghhh: all your files are in the same folder ?
[02:52] <arrrghhh> virusuy, no
[02:52] <arrrghhh> well
[02:52] <arrrghhh> let me rephrase
[02:52] <arrrghhh> everything is in one folder
[02:53] <arrrghhh> but there's a high potential that there are RAR's within sub-folders that will need extracting
[02:53] <arrrghhh> but i do have a 'central point' where all the files in question are going.
[02:53] <m_tadeu> hi...where can I find the php logs?
[02:55] <arrrghhh> m_tadeu, tail -f /var/log/apache/php.errors?
[02:55] <arrrghhh> alternatively, look in your php.ini file
[02:55] <m_tadeu> arrrghhh: doesn't exist
[02:56] <m_tadeu> arrrghhh: I'll check
[03:03] <arrrghhh> virusuy, have you ever used that script?
[03:03] <arrrghhh> it seems really powerful
[03:03] <arrrghhh> but it might be serious overkill
[03:03] <virusuy> arrrghhh: no at all, and yes, seems powerful
[03:03] <arrrghhh> i was thinking about looking at its grooming abilites
[03:03] <arrrghhh> abilities*
[03:03] <arrrghhh> but i'm trying to start simple, just want the unrar ability
[03:03] <arrrghhh> and i can't seem to manage that :/
[03:03] <virusuy> arrrghhh: you also can study what does and create your own script
[03:03] <arrrghhh> or "just that" i should say.
[03:03] <arrrghhh> virusuy, i looked at the bash.  it's quite complex.
[03:03] <virusuy> unrar is ease,
[03:04] <virusuy> unrar -h for help,
[03:04] <arrrghhh> i think i can just do the unrar part pretty easily on my own.
[03:04] <arrrghhh> yea
[03:04] <arooni-mobile> im trying to ssh into a linux server.  i did ssh -v root@ipaddress... and i'm seeing: "debug1: Connecting to IP [IP] port 22. then debug1: connect to address IPADDRESS port 22: Connection refused"  ... but nothing else.  is there any other reason why the server isnt letting me ssh?  is it because its the wrong port (doing new setup on a new server)
[03:04] <virusuy> the hardest part is moving between folders and sub-folders
[03:04] <arrrghhh> yea
[03:05] <arrrghhh> arooni-mobile, is the far end open?  are you on a LAN?
[03:05] <virusuy> arooni-mobile: with wich user are you trying to log in ?
[03:05] <arrrghhh> looks like root
[03:05] <arrrghhh> which might be the problem as well
[03:05] <arooni-mobile> virusuy, root
[03:05] <arrrghhh> you can't ssh to root
[03:05] <virusuy> arooni-mobile: in some configs root login is disabled by default
[03:05] <arooni-mobile> ok i didnt get a user data
[03:05] <arooni-mobile> user name
[03:06] <virusuy> oops
[03:06] <virusuy> :-)
[03:06] <virusuy> can you configure sshd_config on the server ?
[03:06] <virusuy> i mean, can you acces in other way than ssh ?
[03:07] <arooni-mobile> i dont know; this is a new client; and have to figure out leasewebs interface
[03:07] <virusuy> so, you're not using ssh in LAN, right ?
[03:08] <arooni-mobile> i mean the server is somewhere in the netherlands
[03:08] <arooni-mobile>  the gateway is provided; but i wouldnt need that to connect i think
[03:10] <virusuy> uhmm could be
[03:10] <arooni-mobile> i havent heard of using a gateway to connect to via ssh
[03:11] <virusuy> is not common
[03:11] <arooni-mobile> i just hate it when i have to open a damn ticket just to login
[03:11] <virusuy> but , that gateway can allow or deny connections through port 22
[03:11] <arooni-mobile> so should i try to connect other than ssh root@ip
[03:11] <virusuy> but why dont you test connect through that gateway before open a new ticket ?
[03:12] <arooni-mobile> honestly i didnt know that much about gateways;  i thought it was only for when i have a home router
[03:12] <virusuy> root shouldn't be allowed through ssh, but, who knows every sysadmin/company is a different world :-)
[03:13] <virusuy> arooni-mobile: let me find a how to, cos you can configure ssh to use a gateway in some hosts
[03:13] <virusuy> how-to *
[03:14] <virusuy> let me rephrase
[03:14] <virusuy> you can configure your ssh-client to use a gateway
[03:17] <virusuy> oh, can you test this command ?
[03:17] <m_tadeu> I'm unable to get logs from php...I tryed setting error_log to a file, and now to syslog....nothing comes out
[03:17] <virusuy> ssh -w host:port gateway
[03:17] <virusuy> ssh -W username@host:port gateway
[03:26] <kevcox> We are starting to use Linux Servers (Ubuntu) more and more for small business solutions.  As we get more I would like to start a standard in managing these servers.  What does everyone feel is the best process for updating the servers that provide a certain role like Samba or Postfix.  Do download all updates or just security updates, etc.?
[03:27] <kevcox> So far we've been installing all updates (apt-get upgrade).
[03:28] <kevcox> From time to time I've noticed the apps change and sometimes require .conf file updates that can cause issues if we are not prepared for what can be altered.
[03:33] <twb> kevcox: it's nontrivial to select only security updates
[03:33] <kevcox> So you don't rely on the improvements of the apps that are isntalled?
[03:34] <twb> kevcox: if you have a bunch of servers, like say five app servers, you can designate one of them a staging server and pull updates to it first
[03:34] <kevcox> Just assume if it works then there is no need?
[03:34] <twb> kevcox: well, suppose you have lucid, lucid-security and lucid-updates in your sources.list
[03:34] <twb> kevcox: you can't easily say to apt "please apply updates only from lucid-security"
[03:35] <twb> kevcox: however, -updates mainly contains critical but non-security-related stuff like fixing bugs that result in data loss
[03:35] <twb> kevcox: so it's a good idea to pull them in anyway.
[03:36] <twb> kevcox: OTOH -backports and newer distro releases include new upstream releases, and new feaures = new bugs
[03:36] <kevcox> Do you recommend for security updates to be performed on their own or manually?
[03:37] <twb> kevcox: generally I make sure -security and -updates are in sources.list and then just aptitude full-upgrade from time to time.
[03:38] <kevcox> So you are pulling all security and distro updates manually from time to time?
[03:39] <twb> Yes
[03:39] <kevcox> What about when you get an app upgrade that requires .conf migration to a new version?
[03:40] <twb> Then you deal with it at the time
[03:40] <virusuy> kevcox: backups .conf files first
[03:40] <twb> Oh, etckeeper of course
[03:40] <virusuy> :-)
[03:40] <twb> But broadly speaking I will tell the users a day beforehand "I'm doing upgrades at 11AM tomorrow, there are no expected outages, but there might be if something goes wrong."
[03:41] <kevcox> How about this....
[03:42] <kevcox> I setup security updates to be automatic during off hours on weekends then perform app updates from time to time... Any issues with setting the standard that you can see?
[03:42] <virusuy> kevcox: automatic updates? NO WAY
[03:42] <kevcox> Not for critical updates only?
[03:42] <twb> I have been mostly unimpressed with automated update solutions
[03:43] <virusuy> kevcox: its my opinion
[03:43] <kevcox> Meaning critical security updates
[03:43] <twb> kevcox: how does the automated system know which ones are critical?
[03:43] <virusuy> twb: indeed
[03:43] <kevcox> I guess I see security updates as being critical
[03:43] <virusuy> you should take care of security updates, check every update, wich aplication will update , what and which things you need to do before update
[03:44] <kevcox> I guess I've failed there
[03:44] <virusuy> kevcox: i mean, this isn't mandatory
[03:44] <kevcox> I typically logon and see the console tells me there are updates and how many security.  I then run APT with UPDATE and then UPGRADE without a second thought.
[03:45] <kevcox> No issues thus far but I want to do it the right way or best solution.
[03:45] <virusuy> kevcox: yes you can do that and no worries
[03:45] <virusuy> but one day, something will fail
[03:46] <virusuy> and probably will be on weekend
[03:46] <virusuy> at 3 am
[03:46] <virusuy> :-)
[03:46] <kevcox> No doubt... :/
[03:46] <kevcox> :)
[03:47] <virusuy> my opinion. ..
[03:48] <virusuy> you just need to update your vital services
[03:48] <virusuy> i mean, if you run a apache server, then subscribe to apache's security mailing list to be updated about security fixes and so.
[03:48] <kevcox> Do you happen to know the command to update security only using APT?
[03:48] <virusuy> and also you will know about updates, what they do and so on
[03:49] <kevcox> That sounds like a good idea I need to do.
[03:49] <kevcox> Just what I need more emails.. :)
[03:49] <virusuy> kevcox: or tag your mails :)
[03:50] <kevcox> Another Google Apps user?
[03:50] <virusuy> i actually use a lot of mailing list and twitter
[03:50] <virusuy> kevcox: gmail only
[09:45] <lbw> hi
[09:46] <lbw> i have installed ubuntu-server and using kdm and using virtualbox
[09:46] <lbw> all is going fine except that there is no voice
[09:46] <lbw> i have checked for alsa and pulse audio, both are installed
[09:46] <lbw> how to enable audio so that i can hear sound for virtualbox
[09:46] <lbw> thanks
[09:48] <lbw> message says, pa_pid_file() creation failed
[09:48] <lbw> when i run pulseaudio from terminal
[09:49] <lbw> do i need to configure kdm to use pulseaudio or alsa ?
[09:50] <greppy> is your user in the audio group?
[09:52] <lbw> hmmm
[09:52] <lbw> how to check that
[09:55] <greppy> try the 'id' command in a terminal
[09:57] <lbw> ok
[09:57] <lbw> no there is no audio group
[09:58] <lbw> how to add audio group
[10:07] <lbw> greppy: thanks :)
[10:08] <lbw> sudo adduser 'you' audio :)
[10:09] <lbw> now will it work ?
[13:20] <storrgie> I just had a failure event on one of my mdadm arrays, does anyone know how I can inspect the drive to see if it really was a failure?
[13:22] <virusuy> storrgie: i guess you can check your raid status with mdadm --detail /device
[13:25] <storrgie> cat /proc/mdstat tells me that one of the drives is a failure
[13:25] <storrgie> I need to see if that drive is truly failing smart
[13:25] <storrgie> or if it is just an issue where the drive was not spinning up properly
[14:11] <RoyK> stgraber: smartctl
[14:11] <RoyK> smartctl -t short /dev/sda
[14:12] <RoyK> stgraber: smartctl -d sat -t short /dev/sda
[14:12] <RoyK> ops - wrong nick - storrgie left, apparently
[15:55] <dwelch> Hey guys, looking for some advice on how to setup a Ubuntu server w/ Apach to allow multiple users to host WordPress sites.
[15:55] <dwelch> I already know how to setup all these (and have done so), but what I cannot figure out is how to setup permissions / users so that each user can upload files through WordPress & have FTP access, but not be able to see any of the other users directories
[15:56] <RoyK> dwelch: check chrooting for ftp server
[15:56] <JanC> let them upload to their home directory and use chrooted sftp/ftps access?
[15:56] <RoyK> dwelch: which ftp server are you using?
[15:57] <dwelch> vsftp
[15:57] <JanC> RoyK: I hope he doesn't use plain FTP...  ;)
[15:57] <RoyK> JanC: seems like it...
[15:57] <RoyK> dwelch: then check chrooting for vsftpd, it supports it well
[15:58] <dwelch> And that works well, but some of these accounts I wanted to allow ssh access to also
[15:58] <JanC> dwelch: ssh/sftp can be chrooted as well
[15:58] <RoyK> google for ssh/sftp chroot
[15:59] <Dulcin> Hi, I currently have a server which I use as SMTP server for my website, my personal mail is done through google apps, and my domain is hosted somewhere else. Now to avoid my emails sent from my server being detected as spam, I want to set up an SPF record. Should I set this up on the server itself?
[15:59] <RoyK> JanC: touché
[16:00] <JanC> but another issue might be that scripts run by apache can access data outside the user's home (you might have to use a technique to chroot that too)
[16:00] <dwelch> It's been a while, but I feel like I ran into WordPress-upload permission issues when I persued that route
[16:00] <JanC> or at least run them as another user
[16:01] <dwelch> Hmm
[16:01] <JanC> dwelch: it's possible to run wordpress as the user (e.g. using FastCGI & such)
[16:03] <dwelch> Yeah, I ended up using the apache module mpm_itk to prefork & run the request as the user
[16:03] <dwelch> which works, but I'm worried that's a bit scary from a security stand point
[16:04] <JanC> ah, yes, that MPM does the same
[16:04] <JanC> dwelch: filesystem permissions have to be set right too, of course
[16:05] <dwelch> Yeah, so basically what I've got now is that each user has their default umask to 770, their site served out of ~/www and mpm running the requests as those users
[16:05] <JanC> dwelch: alternatively you can run multiple webservers in containers or VMs...
[16:06] <dwelch> With a chrooted ssh / ftp, security should be in good shape, right?
[16:06] <dwelch> Thought of that JanC, but I'm already on a pretty weak VM in a XEN environment (at linode.com)
[16:08] <JanC> right, I was just going to write that it's often a security/cost trade-off  ☺
[16:10] <JanC> dwelch: I don't really know mpm_itk, but maybe it also allows chrooting?
[16:10] <dwelch> Haha yeah, definitely a cost trade off preforking all the requests, but I wasn't sure about the security issue
[16:11] <dwelch> Okay, well I guess my setup isn't that bad then
[16:12] <dwelch> I was scared that someone might come swinging for me w/ that kind of setup :P
[16:13] <JanC> dwelch: what I mean is that you must decide what is secure enough for you and how much money you want to (or can) spend, and balance that  ☺
[16:14] <dwelch> Yeah I hear ya.
[16:14] <JanC> I wonder if it would be possible to use ecryptfs or encfs...
[16:14] <dwelch> I've read most the formal documentation for each of these, but I'm wondering if there are any really good resources for basic server admin understanding
[16:20] <Dulcin> Can an SPF record hold multiple IPs or should I create multiple SPF records
[17:16] <dwelch> JanC: just went and picked up a ubuntu knowledge book from the library, looking into encryptfs for my purposes
[17:20] <JanC> dwelch: the problem with ecryptfs would be to handle automatic mounting in a secure way (because obviously there is no login password entered when apache forks)
[17:21] <dwelch> Ah, good point
[17:21] <JanC> there is an #ecryptfs channel on the OFTC IRC network BTW
[17:27] <dwelch> O cool, I'll check that out
[18:27] <RoyK> remember, remember the fifth of november....
[20:03] <RevChas> Anyone got a minute to help with getting Postfix and SASL to play together?
[20:46] <julivaljr> qual o conselho para iniciar uma instalacao ubuntu server?