[00:05] New bug: #888266 in cobbler (universe) "'cobbler sync' fails when run in a bash script after 'service cobbler restart'" [Undecided,New] https://launchpad.net/bugs/888266 === Guest79151 is now known as med_out [00:52] Anyone have any suggestions on why an 11.10 server might not boot after installation? [00:52] I've re-installed grub already, and I'm able to mount the root raid device from the ubuntu cd [01:10] Anyone out there know what the "State of the Art" is when it comes to creating LXC containers on ubuntu server? [01:11] Should I be looking at libvirt solutions or rolling my own creation scripts? It seems like everyone has a slightly different take on how to create containers, and I'm looking for some tried-and-true utilities. [01:26] donspaulding: lxc-create ? ;) [01:28] Is there a way to have writable webdav shares besides giving the Apache user access? [01:28] SpamapS: Your palindromic username tells me all I need to know. [01:28] :-P [01:29] I'm following along on this article, and it all seems so…thrown together. http://www.activestate.com/blog/2011/10/virtualization-ec2-cloud-using-lxc [01:29] and all the articles I've read on lxc are like that. [01:30] I was just hoping there was something more than a bunch of half-hearted wrappers around lxc-ubuntu [01:30] tohuw: unfortunately not really. the daemon has to have write access... unless you write an suexec capable CGI / PHP webdav implementation.. but that seems unlikely to be worth the time ;) [01:30] donspaulding: I find lxc-create pretty good. :) [01:30] donspaulding: you can try the juju local provider.. [01:31] donspaulding: https://lists.ubuntu.com/archives/juju/2011-October/000844.html [01:31] SpamapS: The idea of re-implmenting webdav into a CGI or PHP environment just to use an existing suexec tool makes me consider the benefits of seppaku. [01:31] Thanks for the assitance... I'll just have to find another way to make this work.. [01:35] donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package. [01:36] donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive [01:36] tohuw: run a separate webdav httpd on a high port? [01:37] I guess the owner of that proc would still need write access, tho [01:37] twb: yes, that was just suggested to me in #httpd. Create another httpd daemon with minimal modules and tight security, and have it serve webdav shares. [01:38] twb: ah, thanks for the tip. [01:38] I wonder if there's a decent DAV implementation that basically just static HTTP+DAV and no fancy crap like php or cgi [01:41] twb: I could disable cgi and php in another httpd instance if I had it use its own configuration directory, no? [01:41] Yes [01:42] I just don't like that it's even in there, because it means the devs care more about features than security [01:53] hey guys, anyone know where i could get some help getting my compiled kernel installed on a hard drive or getting a live cd set up for it [02:06] I am trying to decide whether to use postfix or exim for an outbound SMTP relay. Where would i find a good comparison or documentation on this? [02:06] T3CHKOMMIE: maybe #ubuntu-kernel [02:06] sweet thank you! [02:07] kyconquers: i always use postfix, but take a look at : http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fshearer.org%2FMTA_Comparison&ei=szG7ToSqOIGSgQeC2625CA&usg=AFQjCNH8C6vnjm8DhWbyZtba7ukBMmcIoA&sig2=TWrpFB66pbbj5hGFAUN-3g [02:09] is a nice review between exim qmail, sendmail and postfix [02:09] with pros and cons [02:10] and also talks about administration, releases, comunity ,etc [02:12] virusuy, thank you, I'm definitely using postfix as a MTA and MDA but am unsure about it's performance as an outbound smtp with ldap auth, do you know of anything more geared towards that area? [02:13] no, i've never used postfix with ldap auth.. so i cannot help you with that. [02:13] but, i guess if you do a little search on google could be plenty of how-to [02:14] I found a way to do it running through Cyrus. [02:14] oh, nice [02:15] i'm just trying to see if letting postfix handle the inbound and something else for the outbound would be better or worse? [02:16] well, posftix handle outbound in fact [02:16] or am i wrong ? [02:17] kyconquers: postfix is an mta, it just delivers, cyrus, on the other hand, handles the mailbox [02:17] it works. it just is a workaround a workaround and seams unstable. [02:17] kyconquers: cyrus can't deliver a single thing [02:17] RoyK: or dovecot [02:17] yeah, or zimbra or courier or ... [02:17] RoyK: there's a lot of differents MDA [02:18] all of them with some pros and cons [02:18] yeah, I know... [02:18] * RoyK ended up on zimbra because it was nice [02:18] in my own experiencie always postfix + dovecot was the best solution [02:18] RoyK: i used zimbra too it's awesome, but then i met roundcube (webmail) [02:18] Cyrus is being used to do the authorization Dovecot is my MUA and i'm using postfix for MTA MDA and the body(everything except authorization) for my outbound [02:19] so postfix + dovecot +roundcube = WIN :-D [02:19] it's thin and works well, but it doesn't have the admin-friendlyness of zimbra [02:19] roundcube I don't know (never heard of it before now) [02:19] RoyK: yeah.. and zimbra is a suite .. IM , Calendar, Mail [02:19] thats a pro on Zimbra, though [02:20] yeah, and that's rather nice... [02:20] most is in the open version [02:20] yes. [02:20] a bit more tricky for backups [02:21] really ? [02:22] well, the commercial version has online backup, fixing the issues with mysql and possibly other services that must be stopped [02:22] but then, I have a private server, so it doesn't matter much for it to be down for 15 minutes in the middle of the night... [02:22] nice then [02:23] also, there are scripts around to fix online backup, but I just haven't bothered [02:23] so looking at outbound only is there a reason to go with postfix over exim? [02:24] not really [02:25] kyconquers: I can't answer that question, but I've standardised on postfix since gods know when, and I've had less issues (close to zero) with postfix than with exim, but then, I don't know exim too well, so that may be the cause [02:26] Same as RoyK , in my experience with postfix has been excelent [02:27] have* [02:27] ok thank you both [02:28] has* gosh, i cannot even write :P [02:32] today i configured logrotate on our squid server at work [02:32] really easy, logrotate's man page is awesome [02:32] very clear and straightforward === james is now known as Guest26243 [03:10] is there a PPA for deb's for testing server kernels? [03:11] thermionix: what do you mean [03:21] current 3.0.0 kernel crashes when suspending devices [03:21] 3.0.6 fixes the issue [03:22] wondering if I can find a 3.0.6 ubuntu-server without compiling etc [03:31] Dunno, sorry [03:31] thermionix: doubt it [03:31] thermionix: but please file a bug [03:31] A simple google for "kernel ppa" turns up some matches [03:31] thermionix: also 3.1 is in precise. === nande is now known as nandemonai [04:03] anyone here familiar with installing setting up lxc on oneiric? [04:07] !anyone [04:07] A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll. [04:11] twb, if I knew what to ask, i would [04:12] I need help diagnosing why I get this when starting an LXC lxc-start: failed to attach 'vethAG4ovV' to the bridge 'virbr0' : No such device [04:12] And that third line is the one you should've started with [04:13] It's trying to attach to a bridge that doesn't exist. [04:13] twb, right [04:13] Did you set up a bridge? Pastebin /etc/network/interfaces, and the output of "ip a" [04:13] twb, why the heck didn't lxc-create set it up [04:14] Because lxc-create creates a CONTAINER [04:14] It's not its job to fuck up your networking [04:14] haha [04:14] It's not vmware_config.pl [04:15] lxc-create should complain taht virbr0 doesn't exist tho, IMO [04:16] twb, hmm...libvirt-bin not installed...there's a clue [04:16] You are either using lxc or libvirt-bin; they're separate [04:16] twb, they don't work together? [04:16] 12:35 donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package. [04:17] 12:36 donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive [04:17] or play together [04:18] twb, so should i not use libvirt? [04:18] IMO don't bother with libvirt unless you need to give non-root users access to VM management (as opposed to just access to the VMs) [04:19] That is predicated on you knowing what the hell you're doing wrt. lxc or kvm, tho [04:19] twb, I'm using it a semi-isolated development envo [04:20] twb, i got along find using schroots [04:20] s/find/fine [04:20] twb, these are the instructions i am using https://dev.launchpad.net/Running/LXC [04:22] installing libvirt-bin did resolve the issue [04:23] Because libvirt fucks with your network setup [04:24] (Hm, actually as at lucid I don't remember it doing so...) [04:26] twb, the network/interfaces is untouched [04:26] Dunno why it works then [04:51] <{bosco}> ok so i am running 11.10x64 is it possible to make it so only root can login to the server once logged in a user on the server ? [04:51] <{bosco}> via ssh sorry? [04:55] <{bosco}> ti know the sshd_config file i can set that to NO on allow root login but will that do the trick [04:57] {bosco}, that will do the trick [04:57] {bosco}, assuming you have no other methods to login remotely... [04:58] {bosco}, hopefully you have the same setting on your ftp server or whatever else you have. [04:58] <{bosco}> smw: yes lol [04:58] <{bosco}> smw: just curious what is your recomendation on "BASTILLE" [04:58] Considering I have no idea what it is... I hate it [04:59] well, no idea on its relation to computers :-P [05:00] <{bosco}> it is a server package that configures your server to some security via apt-get [05:00] interesting [05:00] <{bosco}> just curious if you have used it or not no biggie thanks later [05:00] I am going to look into it then :-P [05:00] <{bosco}> :-P [05:02] can anyone tell me if this is or isn't a good way to permanently mount a windows share? adding this to /etc/fstab: //MyPC/Users /mnt/data cifs credentials=/etc/.smbcredentials,dmask=777,fmask=777 0 0 [05:02] seems that it mounts, and is readable, but not writeable [05:02] <{bosco}> smw: hey i am getting a permission denied when i try and login to root via ssh from my user account? [05:02] <{bosco}> now [05:03] permissions and ownership on everything mounted is dr----x--t 1 root root [05:03] bosco: root ssh is probably disabled [05:03] {bosco}, wait, this is #ubuntu-server. What are you talking about root?! [05:03] lol [05:03] <{bosco}> tash: i want it disabled from an outside computer via ssh but from my own server i want it enabed? [05:04] <{bosco}> lol sorry [05:04] why don't you just ssh as your user, then sudo? [05:04] {bosco}, I thought I was on ##linux or something [05:04] why is root even enabled? [05:05] <{bosco}> smw: is it possible i know root should not be enabled and i have added bosco to the sudo list just asking [05:05] on ubuntu you can't login as root from anywhere without having root privileges unless you make changes.. [05:05] {bosco}, huh? [05:06] smw: mounted windows shares before? [05:06] tash, yes I have [05:07] tash, why? [05:07] regarding the drive suspend issue in 3.0.0 and its being fixed in 3.0.6 - theres a few bugs - but nothing the mentions ubuntu-server > do I need to create a new bug relating to ubuntu-server? [05:08] smw: I added this to fstab and it mounted, but things are not writeable. Trying to determine if I have something wrong in the fstab line, or if it's a windows permissions thing: [05:08] //MyPC/Users /mnt/data cifs credentials=/etc/.smbcredentials,dmask=777,fmask=777 0 0 [05:08] alternatively I'll just update to the newer desktop kernel [05:09] tash, add defaults to the settings [05:10] smw: not sure what you mean :\ [05:11] tash, before credentials add "defaults," [05:11] tash, no space [05:11] tash, that will add rw as well as a few other options [05:12] tash, if you don't want too many other options, just add rw [05:14] k, added defaults and rebooted. dr----x--t 1 root root 4096 2011-10-23 10:31 data [05:14] permissions looks off still [05:14] or is that normal? [05:14] I cannot cp something from /home/myuser to /mnt/data/ ... seems like perms are whacky still [05:15] I'll try rw [05:18] well, I think the problem was actually on my windows share [05:18] however, I did end up setting rw [05:58] <{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now? [05:58] <{bosco}> all i have done basicy is changed my root to bosco right. [05:59] <{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now? [05:59] {bosco}: except that now its logged whenever bosco becomes root [06:00] <{bosco}> SpamapS: what are the benifets of this comared to root just having root acess is it still a security issue and if so how to fix this? [06:02] <{bosco}> SpamapS: you there [06:23] Hi I have been tryingn throughout the day and have been unsuccessful at using vsftpd to chroot someone into their home directory. [06:24] can anyone help me out with this? [06:27] Zanzacar: why not use SSH's built-in chrooting SFTP server. [06:28] http://paste.pocoo.org/show/505655/ thats my configuration files [06:28] because I am completely and utterly unaware of such functionality [06:29] http://paste.debian.net/144386/ [06:30] You'd probably want sftponly in the AllowGroups as well :-) [06:30] But anyway, I recommend doing it with SFTP instead of FTP, since they look about the same to users, but SFTP is a much better designed protocol and more secure to boot. [06:31] right I was doing it sFTP using vsftpd [06:31] vsftpd is not an SFTP server. [06:31] It might be an FTP/SSL server. [06:32] o... I didnt know that [06:32] SFTP is a module of SSH, so no SSH -> no SFTP [06:32] oic, see ssh has always been on all my servers so therefore I could always sftp but I always thought that was because I needed to install vsftpd [06:32] wow [06:34] That goes in my quote file [06:34] I have only really been using linux for maybe 3 months now so ya [06:35] What would be a good DNS that also supports MySQL? Bind with 3rd party mysql driver, mydns, powerdns...? [06:35] so the script you wrote there, it setsup the ssh_config file correctly to chroot users. [06:36] Zanzacar: you should read the sshd_config manpage and understand the lines in it [06:36] Error404NotFound: have heard of big sites using powerdns [06:37] Zanzacar: you probably won't want one as locked down as I have [06:37] SpamapS: hmm, ok, powerdns it is. [06:37] SpamapS: "big sites" = root servers? [06:37] Error404NotFound: why do you want mysql? Mysql's shit. [06:38] twb: working through the information i found on it. thanks for the information it sure does explain why things where not working haha. [06:38] twb: correct, what else? pgsql? don't have that much hands on for that [06:38] twb: no, I'm not familiar with what they use. But the two sites I knew of using it were large hosting providers. (Not sure if they still exist) [06:38] OH please [06:39] scale pgsql without wanting to throw yourself off a cliff and I'll gladly give you a hang glider for free. [06:39] Error404NotFound: well, I dunno about you, but I am using nsd, which compiles normal bind-format zonefiles into a binary database in some magical way I haven't cared enough to grok [06:39] twb: :) wil google that [06:39] I really liked tinydns when I used it [06:40] so simple [06:40] And nsd *does* run on l. and k.root-servers.net [06:40] SpamapS: is it really that hard for pgsql? never did it. [06:40] And half of h.root-servers.net [06:40] I also found nsd really simple to work with compared to bind [06:40] Error404NotFound: its possible. But.. well.. ask the launchpad guys about how much they love Slony. ;) [06:41] twb: still have to write bind zone files tho, right? [06:41] SpamapS: ya, i know 'Slony' along with some curse words D: [06:41] SpamapS: well, what else are you going to do? [06:41] If you want to store the master format for RRs in an RDBMS instead, IMO you need your head examined [06:42] Unless you're doing some stupid cpanel-type web UI for idiot end users [06:42] Then *maybe* [06:42] SpamapS: I bet you could make pg scale really well by just turning off all the integrity checking features that mysql has off by default ;-P [06:43] thats a lie [06:43] read the manual on 5.5 [06:43] InnoDB is the default [06:43] safe transactions are on by default [06:43] I'm not a DBA, but the DBAs I know tell me it's still not good enough [06:43] pg people still spreading lies from 3.x days [06:44] Don't forget we don't all run latest non-LTS either [06:44] 4.1 introduced InnoDB [06:44] *4.1* [06:44] Shrug. [06:44] I am at a dilemma, working on a setup that updates DNS zones on the fly using a custom web interface. Now if i don't use a mysql backend supported DNS the updates would have to be done via a cron that pulls data from database and writes config files. NSD seems amazingly fast, wondering what would be better. [06:44] That MyISAM was still the default until just over a year ago when 5.5 was released has only fed this FUD. :-/ [06:45] Another stupid that pissed me off was when I cleaned out old records from squid2mysql the other day, I couldn't find a way to reduce the disk consumption without dumping and rebuilding the db [06:45] Error404NotFound: you could just as easily build config files on the fly, you don't have to do it via cron. [06:45] SpamapS: IIRC they changed the default on Windows a few years before they changed it on linux, too [06:45] twb: OPTIMIZE TABLE xxx [06:46] It was a host running etch [06:46] twb: but that will only regain space if you have innodb_file_per_table on (which you should if you want to have any kind of long term server managability :) [06:46] SpamapS: hmm, care to give a hint? Say if data for a zone is inside a table called abc.com, won't i need a cron that would pull data from db and write nsd configs? [06:46] SpamapS: is that webscale? [06:46] lifeless: it uses /dev/null! [06:46] I handballed the problem to a dba, but probably he didn't have a new enough mysql for that [06:46] SpamapS: with map reduce? [06:46] SpamapS: and is one table per file the default yet? ;-P [06:46] Error404NotFound: nah, just write to the table and then kick off a message to a worker that updates the zone file from the DB [06:47] lifeless: and JSON ftw [06:47] Error404NotFound: IXFRs go into the db by default, and a cron pushes them to the slave .zones [06:47] twb: not sure if innodb_file_per_table is default yet [06:47] SpamapS: did you hear about the yaml thing ? [06:47] Error404NotFound: master zones go from the files to the .db when you nsdc rebuild && nsdc reload [06:48] twb: hmmm, need to read more about nsd, if i can bind it with mysql, somehow without adding say more than a minute delay of pushing changes from db to nsd's binary format, it would be cool. [06:48] SpamapS: arbitrary code execution via pyython's yaml.load [06:49] SpamapS: which is why we don't roll our own formats, mmkay! [06:49] lifeless: *@#$%* [06:49] http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML [06:49] Error404NotFound: when I say db I mean nsd's database, not mysql [06:49] >>> yaml.load(""" [06:49] ... !!python/object:__main__.Hero [06:49] ... name: Welthyr Syxgon [06:49] Error404NotFound: nsd has no mysql [06:49] twb: ya [06:49] lifeless: tho I think I use safe_load most of the time [06:49] SpamapS: and know you know why [06:49] SpamapS: really it should be called 'exploit_me_load' and 'load'. [06:50] twb: thats why i might skip nsd even though its cool as: cron pulls config data from db, writes bind style config for nsd, rebuilds and reloads nsd would always have some delay, running a cron every minute might not be a good idea. [06:50] Error404NotFound: you could just have the web UI read and write the zonefile directly, I guess [06:51] I guess instead you could write a replacement for zonec which reads from an RDBMS, but I don't like it [06:51] Haha, or ASN1 format :P [06:52] one nice thing about tinydns.. the line-per-record format was ridiculously hard to script around [06:52] err [06:52] s/hard/easy/ [06:53] I guess the root servers don't have to worry about bullshit web UIs because everything is pushed to them... via DNS [06:53] twb: hmmm, going for powerdns for now, will do nsd where i don't have some crazy boss to answer :P ;) [06:53] forget web UI, just being able to attach DNS records to things like customer records is valuable [06:54] Error404NotFound: sure, whatever. You know how I feel, I can't force you to do things my way :P [06:54] SpamapS: M-1 M-! dig AXFR example.net RET when sending the RT email [06:54] One more question, and please bear with me as this might sound stupid for a while, may be longer :D [06:54] SpamapS: oh, you mean records as in an RDBMS [06:55] Thought you meant records as in "record keeping" i.e. the issue tracker [06:55] twb: meh rdbms. perl hashes are where it is at. [06:55] lifeless: bleh [06:55] twb: imagine a root server running out of an in-memory hash :) [06:55] lifeless: at least it isn't a goddamn CSV-backed database on a SCO4 server [06:56] lifeless: the vendor is all "yes must can haz RAID6 6-way 1500 SAS for db" [06:56] It's bloody CSV FFS, they have like 80MB and 40 users [06:56] I have client web servers running behind a varnish+nginx proxy where all clients point their DNS there. Its been working great till last morning when my boss asked me to add support for FTP. We have limited IPs and i was looking some kind of FTP proxy solution that i could configure against say either usernames or incoming domain names(if possible) to route port 21 to backend server. Or is there another alternate? I don't [06:56] want to give public ips to web servers in DMZ. [06:56] Oh and it was running on a Pentium III last week [06:56] twb: must have terrible scaling overheads. [06:57] Error404NotFound: frox perhaps [06:57] lifeless: no, the db vendor is just an idiot [07:14] lifeless: checked, seems like its restricted to only one host in transparent proxy mode, checking non-transparent one, though then i might need to assign dns names for hosts in DMZ in Frox server's /etc/hosts or local dns. [07:35] <{bosco}> ok so how do i take a user on my server and only allow him to see /home/user and anything there after? [07:36] <{bosco}> no browsing around? [07:38] {bosco}: I've used scponly for that kind of thing before [07:38] * SpamapS passes out and goes to sleep [07:40] <{bosco}> ok what about non inherit trivial in file permissions [07:41] <{bosco}> SpamapS: but this person still has to have simple root acess to update upgrade and install [07:41] <{bosco}> nothing else [07:41] <{bosco}> will that conflict [07:44] hello everyone, i have a more philosophical question then a technical one. Encryption. Since my /home dir is completly empty how can I use encrpytion on ubuntu server? could i encrpyt /var /etc [07:44] and so on... [07:45] ? [07:49] <{bosco}> leave guest [07:49] <{bosco}> lol jk === Guest51768 is now known as noob889 [07:52] * ball is confused [07:54] {bosco}: you want them to only have access to ${HOME} but also have root? [07:55] <{bosco}> greppy partial root acess only to update upgrade and install packages not to remove or see anything else other than there homefolder [07:56] <{bosco}> i know how to do the first part it isthe secound that i ham having trouble with [07:57] <{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco [07:57] <{bosco}> that is the closest i have come but doesnt work in 11.10x6e [07:57] <{bosco}> 4 [07:58] {bosco}: you would basically need a jail environment for that to work for a shell, but that will make using sudo & apt commands just about impossible. [08:01] lifeless: jftpgw seems more flexible thank frox. [08:01] cool, I had not heard of that [08:05] <{bosco}> greppy: so it is not possible to have both> [08:06] <{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco then what is this for [08:08] morning o/ [08:09] they will need access to the binaries & libraries to use a shell as well as apt-get using sudo. [08:09] <{bosco}> oh ok [08:09] you can't really restrict access to just thier home directory and expect them to be able to do other things on the system. [08:10] <{bosco}> right makes since just though it might work [08:10] {bosco}: why do you trust them to install and upgrade but not have access to the rest of the system? [08:10] if they install a conflicting package, ie lighthttpd instead of apache for example... [08:11] they don't have to uninstall to be able to make something no longer work. [08:11] <{bosco}> becuase this is me and i am the only one on the system trying to make the perfect user with security isues [08:12] <{bosco}> i have disabled root ffrom ssh [08:13] <{bosco}> so i wsa just trying to be secure with my user and also just give him the 3 commandsthat i imight use on a day to day basses [08:13] <{bosco}> no biggie [08:16] {bosco} how about you give your user its own virtualmachine? :) [08:17] <{bosco}> well ok noob889 what is the best way to go about that and why have vm on a vps lol isnt that kind of redundent i just want it for security reasons in case someone acesss my server [08:18] Hi [08:18] is there a bash script which checks for tomcat service being up and running ? [08:18] <{bosco}> hi [08:18] and what would be the ideal scenario to check for catalina.out file [08:18] I suppose monitoring tomcat listening port is not a recommended method [08:18] I mean any specific string [08:18] {bosco}: hi [08:19] <{bosco}> kaushal: :P [08:19] {bosco}: Any clue ? [08:19] <{bosco}> kaushal: not that i now of one sec though? [08:21] <{bosco}> http://www.unix.com/shell-programming-scripting/118495-how-check-start-tomcat-using-script.html [08:21] <{bosco}> check there see if that helps [08:21] <{bosco}> kaushal: [08:22] <{bosco}> here is how to start them at boot so you know they are running http://raibledesigns.com/tomcat/boot-howto.html [08:22] <{bosco}> kaushal: [08:23] {bosco}: basically i need to restart tomcat gracefully using bash script [08:23] i mean graceful shutdown and graceful start [08:23] <{bosco}> kaushal: i know lol [08:24] <{bosco}> other than those links i wouldnt know how you may ask in #ubuntu as well since no one is on here lol? === jason is now known as jasef [12:24] hi guys, to configure a server with authenticated proxy it does not just type export http_proxy=http://user:pass@ip:port ? [12:25] hello? [12:26] hey ikonia [12:28] can anyone help me with proxy configuration? [12:29] tyska: are you using apache? [12:29] xranby: no, im not trying to configure a proxy server [12:29] xranby: i need to configure a client [12:30] xranby: im trying to do export http_proxy=http://user:pass@ip:port , but it does not working [12:30] that only work for some applications [12:31] for example if you want to use firefox you ahve to set the proxy option inside the firefox configuration gui [12:31] but i cant do a simple ping to 8.8.8.8 [12:31] ping are not using http [12:31] the proxy only work for applications that uses http [12:32] but even with elinks i cant connect [12:32] can you run apt-get update ? [12:34] tyska: elinks are looking for HTTP_PROXY [12:34] with all CAPS [12:34] ow [12:35] but even with ALL CAPS it does not work [12:36] tyska: if apt-get update work then your proxy work [12:37] tyska: you have to check each application that uses http and double check that it gets correct configuration [12:37] xranby: configuration of apt is on /etc/apt/apt.conf.d/02proxy [12:38] xranby: this is already configurated and working [12:38] xranby: my problem is with this export thing [12:38] unfortunally elinks documentation do not mention in what format it want the HTTP_PROXY string http://elinks.or.cz/documentation/manpages/elinks.1.html === cerber0s is now known as cerberos [12:40] tyska: you can create an elinks.conf http://elinks.or.cz/documentation/manpages/elinks.conf.5.html [12:40] you need to set [12:41] protocol.http.proxy.host protocol.http.proxy.user and protocol.http.proxy.passwd [12:41] in this config file [12:41] aparently it can only use host:port format for HTTP_PROXY and protocol.http.proxy.host [13:01] hi there guys i get this error when i restart my network --------------> http://pastebin.com/esXNzpXc [13:01] (9:00:46 PM) Azelphur [~Azelphur@azelphur.com] entered the room. [13:02] who is azelphur? [13:03] sorry i wrongly paste it [13:06] ruben23: what release? [13:07] 10.04 LTSUbuntu 11.10 [13:07] Ubuntu 11.10 [13:13] ruben23: maybe pastebin your interfaces file [13:14] http://pastebin.com/hzZ6AhbR [13:24] ruben23: is the open-iscsi package installed? [13:28] pmatulis: how to install [13:29] ruben23: i asked *if* it's installed [13:29] ruben23: 'dpkg -l open-iscsi' [13:30] No packages found matching open-iscsi. [13:30] ruben23: ok, just checking [13:31] ruben23: you may want to use strace on the command 'sudo strace -o output.txt /etc/init.d/networking restart' and pastebin output.txt [13:35] http://pastebin.com/4gTXhGg7 [13:40] ruben23: go up 2 messages [13:54] Daviey: ping you said you had a python script that talked to the cobbler api? [13:55] zul: well, something basic - yes [13:56] New bug: #888552 in cyrus-sasl2 (main) "cyrus-sasl2 denies authentication if host name unresolvable" [Undecided,New] https://launchpad.net/bugs/888552 [13:56] zul: what usesage? [13:56] Daviey: care to share? [13:57] Daviey: ill do the squid3 thing today [14:00] zul: Yes, but have a few snippets - what do you want to achieve [14:00] Daviey: i just want to an example that logins to the api and sends something like a mac address [14:02] zul: http://pb.daviey.com/oocT/ , you'll have to change the profile value. [14:03] zul: I am interested what this is for tho. [14:03] Daviey: the hardware detection stuff [14:04] zul: Hang on, we have this stage of things done. [14:04] bonus question: how do you restart networking on oneiric? [14:04] pmatulis: sudo /etc/init.d/networking restart [14:04] zul: it needs to be done in shell or C really.. unless we bring back the pre-boot enviroment idea [14:05] i think we bring back the pre-boot enviornment idea [14:05] zul: That aspect needs to be addressed before adding the tool. [14:05] but really i wanted the snippet to test to see if i add like cpu info to the cobbler api that it can be tested [14:06] How is the image created? Maintained? How is data injected or pulled securely? [14:06] Daviey: sure i have a vague idea in my head [14:06] :) [14:06] i need some caffine first [14:06] zul: That needs documenting! :) [14:06] zul: bzzzt! "Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces" [14:06] i'm not digging into your head :p [14:06] Daviey: well guess whats on my todo list today ;) [14:07] zul: Depending how exotic we plan to get, adding CPU, KVM supported, Memory/RAM / Disk sizes etc, is probably going to be easier to add in C than handling a binary image. [14:08] Daviey: right...but you have to be smart on how you get your information we are just not dealing with intel only [14:09] zul: no, totally. [14:09] Daviey: ill write my vague idea up today [14:12] zul: ok, great! [14:13] send it off to ubuntu-server? === chuck__ is now known as zul [14:21] freaking freenode [14:22] Daviey: for arm we cant use something like dmidecode and /proc/cpuinfo is different as well [14:25] zul: Yeah, that is what hdt seems to depend on, no? [14:25] Daviey: no it uses syslinux [14:27] erm, are you sure that is how it detects the CPU? [14:28] yeah im looking at the code now [14:28] and it doesn't use dmi? [14:30] http://lxr-test.linpro.no/#syslinux+syslinux-4.01/com32/sysdump/ [14:31] http://lxr-test.linpro.no/syslinux+syslinux-4.01/com32/sysdump/dmi.c , isn't concerning? [14:31] for arm yes :( [14:32] Daviey: just poke holes into my dreams ;) [14:33] hah [14:33] it might still work.. :/ [14:33] ogra_: ping [14:33] lets ask the experts [14:36]