[00:52] <joren> Anyone have any suggestions on why an 11.10 server might not boot after installation?
[00:52] <joren> I've re-installed grub already, and I'm able to mount the root raid device from the ubuntu cd
[01:10] <donspaulding> Anyone out there know what the "State of the Art" is when it comes to creating LXC containers on ubuntu server?
[01:11] <donspaulding> Should I be looking at libvirt solutions or rolling my own creation scripts?  It seems like everyone has a slightly different take on how to create containers, and I'm looking for some tried-and-true utilities.
[01:26] <SpamapS> donspaulding: lxc-create ? ;)
[01:28] <tohuw> Is there a way to have writable webdav shares besides giving the Apache user access?
[01:28] <donspaulding> SpamapS: Your palindromic username tells me all I need to know.
[01:28] <donspaulding> :-P
[01:29] <donspaulding> I'm following along on this article, and it all seems so…thrown together.  http://www.activestate.com/blog/2011/10/virtualization-ec2-cloud-using-lxc
[01:29] <donspaulding> and all the articles I've read on lxc are like that.
[01:30] <donspaulding> I was just hoping there was something more than a bunch of half-hearted wrappers around lxc-ubuntu
[01:30] <SpamapS> tohuw: unfortunately not really. the daemon has to have write access... unless you write an suexec capable CGI / PHP webdav implementation.. but that seems unlikely to be worth the time ;)
[01:30] <SpamapS> donspaulding: I find lxc-create pretty good. :)
[01:30] <SpamapS> donspaulding: you can try the juju local provider..
[01:31] <SpamapS> donspaulding: https://lists.ubuntu.com/archives/juju/2011-October/000844.html
[01:31] <tohuw> SpamapS: The idea of re-implmenting webdav into a CGI or PHP environment just to use an existing suexec tool makes me consider the benefits of seppaku.
[01:31] <tohuw> Thanks for the assitance... I'll just have to find another way to make this work..
[01:35] <twb> donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package.
[01:36] <twb> donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive
[01:36] <twb> tohuw: run a separate webdav httpd on a high port?
[01:37] <twb> I guess the owner of that proc would still need write access, tho
[01:37] <tohuw> twb: yes, that was just suggested to me in #httpd. Create another httpd daemon with minimal modules and tight security, and have it serve webdav shares.
[01:38] <donspaulding> twb: ah, thanks for the tip.
[01:38] <twb> I wonder if there's a decent DAV implementation that basically just static HTTP+DAV and no fancy crap like php or cgi
[01:41] <tohuw> twb: I could disable cgi and php in another httpd instance if I had it use its own configuration directory, no?
[01:41] <twb> Yes
[01:42] <twb> I just don't like that it's even in there, because it means the devs care more about features than security
[01:53] <T3CHKOMMIE> hey guys, anyone know where i could get some help getting my compiled kernel installed on a hard drive or getting a live cd set up for it
[02:06] <kyconquers> I am trying to decide whether to use postfix or exim for an outbound SMTP relay. Where would i find a good comparison or documentation on this?
[02:06] <virusuy> T3CHKOMMIE: maybe  #ubuntu-kernel
[02:06] <T3CHKOMMIE> sweet thank you!
[02:07] <virusuy> kyconquers: i always use postfix, but take a look at : http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fshearer.org%2FMTA_Comparison&ei=szG7ToSqOIGSgQeC2625CA&usg=AFQjCNH8C6vnjm8DhWbyZtba7ukBMmcIoA&sig2=TWrpFB66pbbj5hGFAUN-3g
[02:09] <virusuy> is a nice review between exim qmail, sendmail and postfix
[02:09] <virusuy> with pros and cons
[02:10] <virusuy> and also talks about administration, releases, comunity ,etc
[02:12] <kyconquers> virusuy, thank you, I'm definitely using postfix as a MTA and MDA but am unsure about it's performance as an outbound smtp with ldap auth, do you know of anything more geared towards that area?
[02:13] <virusuy> no, i've never used postfix with ldap auth.. so i cannot help you with that.
[02:13] <virusuy> but, i guess if you do a little search on google could be plenty of how-to
[02:14] <kyconquers> I found a way to do it running through Cyrus.
[02:14] <virusuy> oh, nice
[02:15] <kyconquers> i'm just trying to see if letting postfix handle the inbound and something else for the outbound would be better or worse?
[02:16] <virusuy> well, posftix handle outbound in fact
[02:16] <virusuy> or am i wrong ?
[02:17] <RoyK> kyconquers: postfix is an mta, it just delivers, cyrus, on the other hand, handles the mailbox
[02:17] <kyconquers> it works. it just is a workaround a workaround and seams unstable.
[02:17] <RoyK> kyconquers: cyrus can't deliver a single thing
[02:17] <virusuy> RoyK: or dovecot
[02:17] <RoyK> yeah, or zimbra or courier or ...
[02:17] <virusuy> RoyK: there's a lot of differents MDA
[02:18] <virusuy> all of them with some pros and cons
[02:18] <RoyK> yeah, I know...
[02:18]  * RoyK ended up on zimbra because it was nice
[02:18] <virusuy> in my own experiencie always postfix + dovecot was the best solution
[02:18] <virusuy> RoyK: i used zimbra too it's awesome, but then i met roundcube (webmail)
[02:18] <kyconquers> Cyrus is being used to do the authorization  Dovecot is my MUA and i'm using postfix for MTA MDA and the body(everything except authorization) for my outbound
[02:19] <virusuy> so postfix + dovecot +roundcube = WIN :-D
[02:19] <RoyK> it's thin and works well, but it doesn't have the admin-friendlyness of zimbra
[02:19] <RoyK> roundcube I don't know (never heard of it before now)
[02:19] <virusuy> RoyK: yeah.. and zimbra is a suite .. IM , Calendar, Mail
[02:19] <virusuy> thats a pro on Zimbra, though
[02:20] <RoyK> yeah, and that's rather nice...
[02:20] <RoyK> most is in the open version
[02:20] <virusuy> yes.
[02:20] <RoyK> a bit more tricky for backups
[02:21] <virusuy> really ?
[02:22] <RoyK> well, the commercial version has online backup, fixing the issues with mysql and possibly other services that must be stopped
[02:22] <RoyK> but then, I have a private server, so it doesn't matter much for it to be down for 15 minutes in the middle of the night...
[02:22] <virusuy> nice then
[02:23] <RoyK> also, there are scripts around to fix online backup, but I just haven't bothered
[02:23] <kyconquers> so looking at outbound only is there a reason to go with postfix over exim?
[02:24] <virusuy> not really
[02:25] <RoyK> kyconquers: I can't answer that question, but I've standardised on postfix since gods know when, and I've had less issues (close to zero) with postfix than with exim, but then, I don't know exim too well, so that may be the cause
[02:26] <virusuy> Same as RoyK , in my experience with postfix has been excelent
[02:27] <virusuy> have*
[02:27] <kyconquers> ok thank you both
[02:28] <virusuy> has* gosh, i cannot even write :P
[02:32] <virusuy> today i configured logrotate on our squid server at work
[02:32] <virusuy> really easy, logrotate's man page is awesome
[02:32] <virusuy> very clear and straightforward
[03:10] <thermionix> is there a PPA for deb's for testing server kernels?
[03:11] <twb> thermionix: what do you mean
[03:21] <thermionix> current 3.0.0 kernel crashes when suspending devices
[03:21] <thermionix> 3.0.6 fixes the issue
[03:22] <thermionix> wondering if I can find a 3.0.6 ubuntu-server without compiling etc
[03:31] <twb> Dunno, sorry
[03:31] <RoyK> thermionix: doubt it
[03:31] <RoyK> thermionix: but please file a bug
[03:31] <twb> A simple google for "kernel ppa" turns up some matches
[03:31] <twb> thermionix: also 3.1 is in precise.
[04:03] <jdobrien> anyone here familiar with installing setting up lxc on oneiric?
[04:07] <twb> !anyone
[04:11] <jdobrien> twb, if I knew what to ask, i would
[04:12] <jdobrien> I need help diagnosing why I get this when starting an LXC lxc-start: failed to attach 'vethAG4ovV' to the bridge 'virbr0' : No such device
[04:12] <twb> And that third line is the one you should've started with
[04:13] <twb> It's trying to attach to a bridge that doesn't exist.
[04:13] <jdobrien> twb, right
[04:13] <twb> Did you set up a bridge?  Pastebin /etc/network/interfaces, and the output of "ip a"
[04:13] <jdobrien> twb, why the heck didn't lxc-create set it up
[04:14] <twb> Because lxc-create creates a CONTAINER
[04:14] <twb> It's not its job to fuck up your networking
[04:14] <jdobrien> haha
[04:14] <twb> It's not vmware_config.pl
[04:15] <twb> lxc-create should complain taht virbr0 doesn't exist tho, IMO
[04:16] <jdobrien> twb, hmm...libvirt-bin not installed...there's a clue
[04:16] <twb> You are either using lxc or libvirt-bin; they're separate
[04:16] <jdobrien> twb, they don't work together?
[04:16] <twb> 12:35 <twb> donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package.
[04:17] <twb> 12:36 <twb> donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive
[04:17] <jdobrien> or play together
[04:18] <jdobrien> twb, so should i not use libvirt?
[04:18] <twb> IMO don't bother with libvirt unless you need to give non-root users access to VM management (as opposed to just access to the VMs)
[04:19] <twb> That is predicated on you knowing what the hell you're doing wrt. lxc or kvm, tho
[04:19] <jdobrien> twb, I'm using it a semi-isolated development envo
[04:20] <jdobrien> twb, i got along find using schroots
[04:20] <jdobrien> s/find/fine
[04:20] <jdobrien> twb, these are the instructions i am using https://dev.launchpad.net/Running/LXC
[04:22] <jdobrien> installing libvirt-bin did resolve the issue
[04:23] <twb> Because libvirt fucks with your network setup
[04:24] <twb> (Hm, actually as at lucid I don't remember it doing so...)
[04:26] <jdobrien> twb, the network/interfaces is untouched
[04:26] <twb> Dunno why it works then
[04:51] <{bosco}> ok so i am running 11.10x64 is it possible to make it so only root can login to the server once logged in a user on the server ?
[04:51] <{bosco}> via ssh sorry?
[04:55] <{bosco}> ti know the sshd_config file i can set that to NO on allow root login but will that do the trick
[04:57] <smw> {bosco}, that will do the trick
[04:57] <smw> {bosco}, assuming you have no other methods to login remotely...
[04:58] <smw> {bosco}, hopefully you have the same setting on your ftp server or whatever else you have.
[04:58] <{bosco}> smw: yes lol
[04:58] <{bosco}> smw: just curious what is your recomendation on "BASTILLE"
[04:58] <smw> Considering I have no idea what it is... I hate it
[04:59] <smw> well, no idea on its relation to computers :-P
[05:00] <{bosco}> it is a server package that configures your server to some security via apt-get
[05:00] <smw> interesting
[05:00] <{bosco}> just curious if you have used it or not no biggie thanks later
[05:00] <smw> I am going to look into it then :-P
[05:00] <{bosco}> :-P
[05:02] <tash> can anyone tell me if this is or isn't a good way to permanently mount a windows share? adding this to /etc/fstab: //MyPC/Users        /mnt/data       cifs    credentials=/etc/.smbcredentials,dmask=777,fmask=777    0       0
[05:02] <tash> seems that it mounts, and is readable, but not writeable
[05:02] <{bosco}> smw: hey i am getting a permission denied when i try and login to root via ssh from my user account?
[05:02] <{bosco}> now
[05:03] <tash> permissions and ownership on everything mounted is dr----x--t 1 root root
[05:03] <tash> bosco: root ssh is probably disabled
[05:03] <smw> {bosco}, wait, this is #ubuntu-server. What are you talking about root?!
[05:03] <smw> lol
[05:03] <{bosco}> tash: i want it disabled from an outside computer via ssh but from my own server i want it enabed?
[05:04] <{bosco}> lol sorry
[05:04] <tash> why don't you just ssh as your user, then sudo?
[05:04] <smw> {bosco}, I thought I was on ##linux or something
[05:04] <smw> why is root even enabled?
[05:05] <{bosco}> smw: is it possible i know root should not be enabled and i have added bosco to the sudo list just asking
[05:05] <smw> on ubuntu you can't login as root from anywhere without having root privileges unless you make changes..
[05:05] <smw> {bosco}, huh?
[05:06] <tash> smw: mounted windows shares before?
[05:06] <smw> tash, yes I have
[05:07] <smw> tash, why?
[05:07] <thermionix> regarding the drive suspend issue in 3.0.0 and its being fixed in 3.0.6 - theres a few bugs - but nothing the mentions ubuntu-server > do I need to create a new bug relating to ubuntu-server?
[05:08] <tash> smw: I added this to fstab and it mounted, but things are not writeable. Trying to determine if I have something wrong in the fstab line, or if it's a windows permissions thing:
[05:08] <tash> //MyPC/Users        /mnt/data       cifs    credentials=/etc/.smbcredentials,dmask=777,fmask=777    0       0
[05:08] <thermionix> alternatively I'll just update to the newer desktop kernel
[05:09] <smw> tash, add defaults to the settings
[05:10] <tash> smw: not sure what you mean :\
[05:11] <smw> tash, before credentials add "defaults,"
[05:11] <smw> tash, no space
[05:11] <smw> tash, that will add rw as well as a few other options
[05:12] <smw> tash, if you don't want too many other options, just add rw
[05:14] <tash> k, added defaults and rebooted.  dr----x--t 1 root root 4096 2011-10-23 10:31 data
[05:14] <tash> permissions looks off still
[05:14] <tash> or is that normal?
[05:14] <tash> I cannot cp something from /home/myuser to /mnt/data/ ... seems like perms are whacky still
[05:15] <tash> I'll try rw
[05:18] <tash> well, I think the problem was actually on my windows share
[05:18] <tash> however, I did end up setting rw
[05:58] <{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now?
[05:58] <{bosco}> all i have done basicy is changed my root to bosco right.
[05:59] <{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now?
[05:59] <SpamapS> {bosco}: except that now its logged whenever bosco becomes root
[06:00] <{bosco}> SpamapS: what are the benifets of this comared to root just having root acess is it still a security issue and if so how to fix this?
[06:02] <{bosco}> SpamapS: you there
[06:23] <Zanzacar> Hi I have been tryingn throughout the day and have been unsuccessful at using vsftpd to chroot someone into their home directory.
[06:24] <Zanzacar> can anyone help me out with this?
[06:27] <twb> Zanzacar: why not use SSH's built-in chrooting SFTP server.
[06:28] <Zanzacar> http://paste.pocoo.org/show/505655/ thats my configuration files
[06:28] <Zanzacar> because I am completely and utterly unaware of such functionality
[06:29] <twb> http://paste.debian.net/144386/
[06:30] <twb> You'd probably want sftponly in the AllowGroups as well :-)
[06:30] <twb> But anyway, I recommend doing it with SFTP instead of FTP, since they look about the same to users, but SFTP is a much better designed protocol and more secure to boot.
[06:31] <Zanzacar> right I was doing it sFTP using vsftpd
[06:31] <twb> vsftpd is not an SFTP server.
[06:31] <twb> It might be an FTP/SSL server.
[06:32] <Zanzacar> o... I didnt know that
[06:32] <twb> SFTP is a module of SSH, so no SSH -> no SFTP
[06:32] <Zanzacar> oic, see ssh has always been on all my servers so therefore I could always sftp but I always thought that was because I needed to install vsftpd
[06:32] <Zanzacar> wow
[06:34] <twb> That goes in my quote file
[06:34] <Zanzacar> I have only really been using linux for maybe 3 months now so ya
[06:35] <Error404NotFound> What would be a good DNS that also supports MySQL? Bind with 3rd party mysql driver, mydns, powerdns...?
[06:35] <Zanzacar> so the script you wrote there, it setsup the ssh_config file correctly to chroot users.
[06:36] <twb> Zanzacar: you should read the sshd_config manpage and understand the lines in it
[06:36] <SpamapS> Error404NotFound: have heard of big sites using powerdns
[06:37] <twb> Zanzacar: you probably won't want one as locked down as I have
[06:37] <Error404NotFound> SpamapS: hmm, ok, powerdns it is.
[06:37] <twb> SpamapS: "big sites" = root servers?
[06:37] <twb> Error404NotFound: why do you want mysql?  Mysql's shit.
[06:38] <Zanzacar> twb: working through the information i found on it. thanks for the information it sure does explain why things where not working haha.
[06:38] <Error404NotFound> twb: correct, what else? pgsql? don't have that much hands on for that
[06:38] <SpamapS> twb: no, I'm not familiar with what they use. But the two sites I knew of using it were large hosting providers. (Not sure if they still exist)
[06:38] <SpamapS> OH please
[06:39] <SpamapS> scale pgsql without wanting to throw yourself off a cliff and I'll gladly give you a hang glider for free.
[06:39] <twb> Error404NotFound: well, I dunno about you, but I am using nsd, which compiles normal bind-format zonefiles into a binary database in some magical way I haven't cared enough to grok
[06:39] <Error404NotFound> twb: :) wil google that
[06:39] <SpamapS> I really liked tinydns when I used it
[06:40] <SpamapS> so simple
[06:40] <twb> And nsd *does* run on l. and k.root-servers.net
[06:40] <Error404NotFound> SpamapS: is it really that hard for pgsql? never did it.
[06:40] <twb> And half of h.root-servers.net
[06:40] <twb> I also found nsd really simple to work with compared to bind
[06:40] <SpamapS> Error404NotFound: its possible. But.. well.. ask the launchpad guys about how much they love Slony. ;)
[06:41] <SpamapS> twb: still have to write bind zone files tho, right?
[06:41] <Error404NotFound> SpamapS: ya, i know 'Slony' along with some curse words D:
[06:41] <twb> SpamapS: well, what else are you going to do?
[06:41] <twb> If you want to store the master format for RRs in an RDBMS instead, IMO you need your head examined
[06:42] <twb> Unless you're doing some stupid cpanel-type web UI for idiot end users
[06:42] <twb> Then *maybe*
[06:42] <twb> SpamapS: I bet you could make pg scale really well by just turning off all the integrity checking features that mysql has off by default ;-P
[06:43] <SpamapS> thats a lie
[06:43] <SpamapS> read the manual on 5.5
[06:43] <SpamapS> InnoDB is the default
[06:43] <SpamapS> safe transactions are on by default
[06:43] <twb> I'm not a DBA, but the DBAs I know tell me it's still not good enough
[06:43] <SpamapS> pg people still spreading lies from 3.x days
[06:44] <twb> Don't forget we don't all run latest non-LTS either
[06:44] <SpamapS> 4.1 introduced InnoDB
[06:44] <SpamapS> *4.1*
[06:44] <twb> Shrug.
[06:44] <Error404NotFound> I am at a dilemma, working on a setup that updates DNS zones on the fly using a custom web interface. Now if i don't use a mysql backend supported DNS the updates would have to be done via a cron that pulls data from database and writes config files. NSD seems amazingly fast, wondering what would be better.
[06:44] <SpamapS> That MyISAM was still the default until just over a year ago when 5.5 was released has only fed this FUD. :-/
[06:45] <twb> Another stupid that pissed me off was when I cleaned out old records from squid2mysql the other day, I couldn't find a way to reduce the disk consumption without dumping and rebuilding the db
[06:45] <SpamapS> Error404NotFound: you could just as easily build config files on the fly, you don't have to do it via cron.
[06:45] <twb> SpamapS: IIRC they changed the default on Windows a few years before they changed it on linux, too
[06:45] <SpamapS> twb: OPTIMIZE TABLE xxx
[06:46] <twb> It was a host running etch
[06:46] <SpamapS> twb: but that will only regain space if you have innodb_file_per_table on (which you should if you want to have any kind of long term server managability :)
[06:46] <Error404NotFound> SpamapS: hmm, care to give a hint? Say if data for a zone is inside a table called abc.com, won't i need a cron that would pull data from db and write nsd configs?
[06:46] <lifeless> SpamapS: is that webscale?
[06:46] <SpamapS> lifeless: it uses /dev/null!
[06:46] <twb> I handballed the problem to a dba, but probably he didn't have a new enough mysql for that
[06:46] <lifeless> SpamapS: with map reduce?
[06:46] <twb> SpamapS: and is one table per file the default yet? ;-P
[06:46] <SpamapS> Error404NotFound: nah, just write to the table and then kick off a message to a worker that updates the zone file from the DB
[06:47] <SpamapS> lifeless: and JSON ftw
[06:47] <twb> Error404NotFound: IXFRs go into the db by default, and a cron pushes them to the slave .zones
[06:47] <SpamapS> twb: not sure if innodb_file_per_table is default yet
[06:47] <lifeless> SpamapS: did you hear about the yaml thing ?
[06:47] <twb> Error404NotFound: master zones go from the files to the .db when you nsdc rebuild && nsdc reload
[06:48] <Error404NotFound> twb: hmmm, need to read more about nsd, if i can bind it with mysql, somehow without adding say more than a minute delay of pushing changes from db to nsd's binary format, it would be cool.
[06:48] <lifeless> SpamapS: arbitrary code execution via pyython's yaml.load
[06:49] <lifeless> SpamapS: which is why we don't roll our own formats, mmkay!
[06:49] <SpamapS> lifeless: *@#$%*
[06:49] <lifeless> http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML
[06:49] <twb> Error404NotFound: when I say db I mean nsd's database, not mysql
[06:49] <lifeless> >>> yaml.load("""
[06:49] <lifeless> ... !!python/object:__main__.Hero
[06:49] <lifeless> ... name: Welthyr Syxgon
[06:49] <twb> Error404NotFound: nsd has no mysql
[06:49] <Error404NotFound> twb: ya
[06:49] <SpamapS> lifeless: tho I think I use safe_load most of the time
[06:49] <lifeless> SpamapS: and know you know why
[06:49] <lifeless> SpamapS: really it should be called 'exploit_me_load' and 'load'.
[06:50] <Error404NotFound> twb: thats why i might skip nsd even though its cool as: cron pulls config data from db, writes bind style config for nsd, rebuilds and reloads nsd would always have some delay, running a cron every minute might not be a good idea.
[06:50] <twb> Error404NotFound: you could just have the web UI read and write the zonefile directly, I guess
[06:51] <twb> I guess instead you could write a replacement for zonec which reads from an RDBMS, but I don't like it
[06:51] <twb> Haha, or ASN1 format :P
[06:52] <SpamapS> one nice thing about tinydns.. the line-per-record format was ridiculously hard to script around
[06:52] <SpamapS> err
[06:52] <SpamapS> s/hard/easy/
[06:53] <twb> I guess the root servers don't have to worry about bullshit web UIs because everything is pushed to them... via DNS
[06:53] <Error404NotFound> twb: hmmm, going for powerdns for now, will do nsd where i don't have some crazy boss to answer :P ;)
[06:53] <SpamapS> forget web UI, just being able to attach DNS records to things like customer records is valuable
[06:54] <twb> Error404NotFound: sure, whatever.  You know how I feel, I can't force you to do things my way :P
[06:54] <twb> SpamapS: M-1 M-! dig AXFR example.net RET when sending the RT email
[06:54] <Error404NotFound> One more question, and please bear with me as this might sound stupid for a while, may be longer :D
[06:54] <twb> SpamapS: oh, you mean records as in an RDBMS
[06:55] <twb> Thought you meant records as in "record keeping" i.e. the issue tracker
[06:55] <lifeless> twb: meh rdbms. perl hashes are where it is at.
[06:55] <twb> lifeless: bleh
[06:55] <lifeless> twb: imagine a root server running out of an in-memory hash :)
[06:55] <twb> lifeless: at least it isn't a goddamn CSV-backed database on a SCO4 server
[06:56] <twb> lifeless: the vendor is all "yes must can haz RAID6 6-way 1500 SAS for db"
[06:56] <twb> It's bloody CSV FFS, they have like 80MB and 40 users
[06:56] <Error404NotFound> I have client web servers running behind a varnish+nginx proxy where all clients point their DNS there. Its been working great till last morning when my boss asked me to add support for FTP. We have limited IPs and i was looking some kind of FTP proxy solution that i could configure against say either usernames or incoming domain names(if possible) to route port 21 to backend server. Or is there another alternate? I don't
[06:56] <Error404NotFound>  want to give public ips to web servers in DMZ.
[06:56] <twb> Oh and it was running on a Pentium III last week
[06:56] <lifeless> twb: must have terrible scaling overheads.
[06:57] <lifeless> Error404NotFound: frox perhaps
[06:57] <twb> lifeless: no, the db vendor is just an idiot
[07:14] <Error404NotFound> lifeless: checked, seems like its restricted to only one host in transparent proxy mode, checking non-transparent one, though then i might need to assign dns names for hosts in DMZ in Frox server's /etc/hosts or local dns.
[07:35] <{bosco}> ok so how do i take a user on my server and only allow him to see /home/user and anything there after?
[07:36] <{bosco}> no browsing around?
[07:38] <SpamapS> {bosco}: I've used scponly for that kind of thing before
[07:38]  * SpamapS passes out and goes to sleep
[07:40] <{bosco}> ok what about non inherit trivial in file permissions
[07:41] <{bosco}> SpamapS: but this person still has to have simple root acess to update upgrade and install
[07:41] <{bosco}> nothing else
[07:41] <{bosco}> will that conflict
[07:44] <Guest51768> hello everyone, i have a more philosophical question then a technical one. Encryption. Since my /home dir is completly empty how can I use encrpytion on ubuntu server? could i encrpyt /var /etc
[07:44] <Guest51768> and so on...
[07:45] <Guest51768> ?
[07:49] <{bosco}> leave guest
[07:49] <{bosco}> lol jk
[07:52]  * ball is confused
[07:54] <greppy> {bosco}: you want them to only have access to ${HOME} but also have root?
[07:55] <{bosco}> greppy partial root acess only to update upgrade and install packages not to remove or see anything else other than there homefolder
[07:56] <{bosco}> i know how to do the first part it isthe secound that i ham having trouble with
[07:57] <{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco
[07:57] <{bosco}> that is the closest i have come but doesnt work in 11.10x6e
[07:57] <{bosco}> 4
[07:58] <greppy> {bosco}: you would basically need a jail environment for that to work for a shell, but that will make using sudo & apt commands just about impossible.
[08:01] <Error404NotFound> lifeless: jftpgw seems more flexible thank frox.
[08:01] <lifeless> cool, I had not heard of that
[08:05] <{bosco}> greppy: so it is not possible to have both>
[08:06] <{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco then what is this for
[08:08] <lynxman> morning o/
[08:09] <greppy> they will need access to the binaries & libraries to use a shell as well as apt-get using sudo.
[08:09] <{bosco}> oh ok
[08:09] <greppy> you can't really restrict access to just thier home directory and expect them to be able to do other things on the system.
[08:10] <{bosco}> right makes since just though it might work
[08:10] <greppy> {bosco}: why do you trust them to install and upgrade but not have access to the rest of the system?
[08:10] <greppy> if they install a conflicting package, ie lighthttpd instead of apache for example...
[08:11] <greppy> they don't have to uninstall to be able to make something no longer work.
[08:11] <{bosco}> becuase this is me and i am the only one on the system trying to make the perfect user with security isues
[08:12] <{bosco}> i have disabled root ffrom ssh
[08:13] <{bosco}> so i wsa just trying to be secure with my user and also just give him the 3 commandsthat i imight use on a day to day basses
[08:13] <{bosco}> no biggie
[08:16] <noob889> {bosco} how about you give your user its own virtualmachine? :)
[08:17] <{bosco}> well ok noob889 what is the best way to go about that and why have vm on a vps lol isnt that kind of redundent i just want it for security reasons in case someone acesss my server
[08:18] <kaushal> Hi
[08:18] <kaushal> is there a bash script which checks for tomcat service being up and running ?
[08:18] <{bosco}> hi
[08:18] <kaushal> and what would be the ideal scenario to check for catalina.out file
[08:18] <kaushal> I suppose monitoring tomcat listening port is not a recommended method
[08:18] <kaushal> I mean any specific string
[08:18] <kaushal> {bosco}: hi
[08:19] <{bosco}> kaushal: :P
[08:19] <kaushal> {bosco}: Any clue ?
[08:19] <{bosco}> kaushal: not that i now of one sec though?
[08:21] <{bosco}> http://www.unix.com/shell-programming-scripting/118495-how-check-start-tomcat-using-script.html
[08:21] <{bosco}> check there see if that helps
[08:21] <{bosco}> kaushal:
[08:22] <{bosco}> here is how to start them at boot so you know they are running http://raibledesigns.com/tomcat/boot-howto.html
[08:22] <{bosco}> kaushal:
[08:23] <kaushal> {bosco}: basically i need to restart tomcat gracefully using bash script
[08:23] <kaushal> i mean graceful shutdown and graceful start
[08:23] <{bosco}> kaushal: i know lol
[08:24] <{bosco}> other than those links i wouldnt know how you may ask in #ubuntu as well since no one is on here lol?
[12:24] <tyska> hi guys, to configure a server with authenticated proxy it does not just type export http_proxy=http://user:pass@ip:port ?
[12:25] <tyska> hello?
[12:26] <eagles051387> hey ikonia
[12:28] <tyska> can anyone help me with proxy configuration?
[12:29] <xranby> tyska: are you using apache?
[12:29] <tyska> xranby: no, im not trying to configure a proxy server
[12:29] <tyska> xranby: i need to configure a client
[12:30] <tyska> xranby: im trying to do export http_proxy=http://user:pass@ip:port , but it does not working
[12:30] <xranby> that only work for some applications
[12:31] <xranby> for example if you want to use firefox you ahve to set the proxy option inside the firefox configuration gui
[12:31] <tyska> but i cant do a simple ping to 8.8.8.8
[12:31] <xranby> ping are not using http
[12:31] <xranby> the proxy only work for applications that uses http
[12:32] <tyska> but even with elinks i cant connect
[12:32] <xranby> can you run apt-get update ?
[12:34] <xranby> tyska: elinks are looking for HTTP_PROXY
[12:34] <xranby> with all CAPS
[12:34] <tyska> ow
[12:35] <tyska> but even with ALL CAPS it does not work
[12:36] <xranby> tyska: if apt-get update work   then your proxy work
[12:37] <xranby> tyska: you have to check each application that uses http and double check that it gets correct configuration
[12:37] <tyska> xranby: configuration of apt is on /etc/apt/apt.conf.d/02proxy
[12:38] <tyska> xranby: this is already configurated and working
[12:38] <tyska> xranby: my problem is with this export thing
[12:38] <xranby> unfortunally elinks documentation do not mention in what format it want the HTTP_PROXY string http://elinks.or.cz/documentation/manpages/elinks.1.html
[12:40] <xranby> tyska: you can create an elinks.conf http://elinks.or.cz/documentation/manpages/elinks.conf.5.html
[12:40] <xranby> you need to set
[12:41] <xranby> protocol.http.proxy.host  protocol.http.proxy.user  and protocol.http.proxy.passwd
[12:41] <xranby> in this config file
[12:41] <xranby> aparently it can only use  host:port format for HTTP_PROXY and protocol.http.proxy.host
[13:01] <ruben23> hi there guys i get this error when i restart my network --------------> http://pastebin.com/esXNzpXc
[13:01] <ruben23> (9:00:46 PM) Azelphur [~Azelphur@azelphur.com] entered the room.
[13:02] <pmatulis> who is azelphur?
[13:03] <ruben23> sorry i wrongly paste it
[13:06] <pmatulis> ruben23: what release?
[13:07] <ruben23> 10.04 LTSUbuntu 11.10
[13:07] <ruben23> Ubuntu 11.10
[13:13] <pmatulis> ruben23: maybe pastebin your interfaces file
[13:14] <ruben23> http://pastebin.com/hzZ6AhbR
[13:24] <pmatulis> ruben23: is the open-iscsi package installed?
[13:28] <ruben23>  pmatulis: how to install
[13:29] <pmatulis> ruben23: i asked *if* it's installed
[13:29] <pmatulis> ruben23: 'dpkg -l open-iscsi'
[13:30] <ruben23> No packages found matching open-iscsi.
[13:30] <pmatulis> ruben23: ok, just checking
[13:31] <pmatulis> ruben23: you may want to use strace on the command 'sudo strace -o output.txt /etc/init.d/networking restart' and pastebin output.txt
[13:35] <ruben23> http://pastebin.com/4gTXhGg7
[13:40] <pmatulis> ruben23: go up 2 messages
[13:54] <zul> Daviey: ping you said you had a python script that talked to the cobbler api?
[13:55] <Daviey> zul: well, something basic - yes
[13:56] <Daviey> zul: what usesage?
[13:56] <zul> Daviey: care to share?
[13:57] <zul> Daviey: ill do the squid3 thing today
[14:00] <Daviey> zul: Yes, but  have a few snippets - what do you want to achieve
[14:00] <zul> Daviey: i just want to an example that logins to the api and sends something like a mac address
[14:02] <Daviey> zul: http://pb.daviey.com/oocT/ , you'll have to change the profile value.
[14:03] <Daviey> zul: I am interested what this is for tho.
[14:03] <zul> Daviey: the hardware detection stuff
[14:04] <Daviey> zul: Hang on, we have this stage of things done.
[14:04] <pmatulis> bonus question: how do you restart networking on oneiric?
[14:04] <zul> pmatulis: sudo /etc/init.d/networking restart
[14:04] <Daviey> zul: it needs to be done in shell or C really.. unless we bring back the pre-boot enviroment idea
[14:05] <zul> i think we bring back the pre-boot enviornment idea
[14:05] <Daviey> zul: That aspect needs to be addressed before adding the tool.
[14:05] <zul> but really i wanted the snippet to test to see if i add like cpu info to the cobbler api that it can be tested
[14:06] <Daviey> How is the image created?  Maintained?  How is data injected or pulled securely?
[14:06] <zul> Daviey: sure i have a vague idea in my head
[14:06] <zul> :)
[14:06] <zul> i need some caffine first
[14:06] <Daviey> zul: That needs documenting! :)
[14:06] <pmatulis> zul: bzzzt!  "Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces"
[14:06] <Daviey> i'm not digging into your head :p
[14:06] <zul> Daviey: well guess whats on my todo list today ;)
[14:07] <Daviey> zul: Depending how exotic we plan to get, adding CPU, KVM supported, Memory/RAM / Disk sizes etc, is probably going to be easier to add in C than handling a binary image.
[14:08] <zul> Daviey: right...but you have to be smart on how you get your information we are just not dealing with intel only
[14:09] <Daviey> zul: no, totally.
[14:09] <zul> Daviey: ill write my vague idea up today
[14:12] <Daviey> zul: ok, great!
[14:13] <zul> send it off to ubuntu-server?
[14:21] <zul> freaking freenode
[14:22] <zul> Daviey:  for arm we cant use something like dmidecode and /proc/cpuinfo is different as well
[14:25] <Daviey> zul: Yeah, that is what hdt seems to depend on, no?
[14:25] <zul> Daviey: no it uses syslinux
[14:27] <Daviey> erm, are you sure that is how it detects the CPU?
[14:28] <zul> yeah im looking at the code now
[14:28] <Daviey> and it doesn't use dmi?
[14:30] <zul> http://lxr-test.linpro.no/#syslinux+syslinux-4.01/com32/sysdump/
[14:31] <Daviey> http://lxr-test.linpro.no/syslinux+syslinux-4.01/com32/sysdump/dmi.c , isn't concerning?
[14:31] <zul> for arm yes :(
[14:32] <zul> Daviey:  just poke holes into my dreams ;)
[14:33] <Daviey> hah
[14:33] <Daviey> it might still work.. :/
[14:33] <zul> ogra_: ping
[14:33] <zul> lets ask the experts
[14:36] <ogra_> pong
[14:37] <ogra_> you wont be able to use syslinux on arm, you will need to use whatever bootloader the board supports
[14:37] <ogra_> and zul is right, no dmi (BIOS) on arm
[14:37] <Daviey> ogra_: uboot can chain into syslinux / pxelinux, no?
[14:37] <zul> ogra_:  fudge...
[14:38] <ogra_> i doubt that, but u-boot can to PXE nowadays
[14:38] <Daviey> ogra_: Gah! I said no dmi aswell.. :)
[14:38] <ogra_> s/to/do/
[14:38] <ogra_> what do you need from syslinux here ?
[14:38] <ogra_> i would assume that functionality is in u-boot as well already
[14:38] <zul> ogra_:  syslinux provides a tool called hdt which dumps hw info about the machine you are booting
[14:39] <ogra_> the bad thing is that each board has its special setup, so you will need a lot of special casing per-board
[14:39] <zul> ogra_: i wanted to use hdt to suck that info out of it and feed it back into cobbler
[14:39] <Daviey> ogra_: I thik probing the kernel is safer. :)
[14:39] <ogra_> hmm
[14:40] <ogra_> well, that sounds like you do it before a kernel is booted
[14:40] <ogra_> if you have kernel and userspace archdetect is your friend
[14:40] <ogra_> and lsusb ...
[14:40] <Daviey> ogra_: Well we have 3 possible solutions..
[14:40] <zul> archdetect?
[14:41] <ogra_> well, it should return the arch and subarch
[14:41] <ogra_> i.e. armel/omap4
[14:41] <Daviey> ogra_: can give me the output of /sys/devices/system/cpu/present on arm please? :)
[14:42] <ogra_> beyond that .... cat /proc/cpuinfo |grep ^Hard
[14:42] <ogra_> ogra@horus:~$ cat /sys/devices/system/cpu/present
[14:42] <ogra_> 0-1
[14:42] <Daviey> ogra_: is that a 2 core box?
[14:42] <urthmover> when installing 11.04 on apple xserve I do not see an option to  install EFI boot when partitioning my disks.  How do I resolve this?
[14:42] <ogra_> (thats on tegra, bvut i doubt it will be different on other SMP boards)
[14:43] <ogra_> Daviey, exactly
[14:43] <Daviey> thanks
[14:43] <ogra_> ogra@printsrv:~$  cat /sys/devices/system/cpu/present
[14:43] <ogra_> 0
[14:43] <ogra_> beagleboard ^^^
[14:43] <urthmover> I did notice that 11.04 server iso only has bootx86.efi  and not bootia32.efi in the /efi/boot folder as well.  Will someone speakup that hcan leand a hand?
[14:44] <zul> ogra_: lovely ;)
[14:44] <ogra_> :)
[14:45] <urthmover> if anyone in here does not have experience with ubuntu on this platform (apple xserve) but knows of someone on this channel that does please point that nick out to me as well  thanks
[14:45] <zul> urthmover: i doubt alot of people have an apple xserve google is your friend in this case
[14:46] <Daviey> lamont: I assumed you might have some experience with apple xservers running ubuntu?
[14:46] <urthmover> zul: agreed I have been slopping around in this for all of this past week.  I've compiled my own grub  but unable to grub-mkimage ...  I have a booting usb key but it only boots into grub 1.96  and won't loop iso images from the usb key   thanks for the suggestion though zul
[14:47] <zul> urthmover: you might want took at refit as well
[14:49] <urthmover> agreed zul  refit does appear to be a valid solution but unfortunately when I have that installed on this box  it does not recognize any mountable install media (cdrom, usb drive)  been quite frusterating.....maybe I'll install refit  again  and see if anyone in the refit irc channel can lend a hand as to why that aspect of this install wasn't successful
[15:04] <Daviey> zul: it seems to me that hdt gives us the worst of both worlds TBH
[15:04] <zul> Daviey: hmm...maybe we dont need dmi info
[15:04] <zul> Daviey: how so?
[15:05] <Daviey> we don't get the flexibility to extend it, which we'd have with a bloated image - and we aren't using the linux kernel, which provides an abstraction layer we can probe
[15:05] <Daviey> (linux kernel being the current implementation)
[15:05] <zul> k
[15:06] <Daviey> It's still C, meaning rapid development equals the current implementation
[15:06] <zul> so right now you have to pop in the cd to send the mac address back to the cobbler server?
[15:07] <Daviey> One of the main benefits of a bloated image is that it is easier to throw in adhoc modules i feel.
[15:07] <Daviey> zul: no!
[15:07] <Daviey> zul: That was low hanging fruit to add.. the primary interface is a default preseed from cobbler to netboot and register it automagically.
[15:08] <zul> ok gotcha
[15:08] <Daviey> we are (ab)using d-i as a cheap execution enviroment, which we can pass data to, which is supported by cobbler.
[15:09] <zul> ok im just trying to understand now
[15:09] <Daviey> i'd actually not be upset if it went away from the CD menu TBH, so it just works under the covers.
[15:10] <Daviey> Replace it with a 'Deploy something on this machine', which chains into ipxe.
[15:20] <stgraber> hallyn: uploaded a new LXC to Precise. This fixes some auto-generated changes that got bundled in the previous upload and applies the remaining changes to lxc-ubuntu
[15:21] <stgraber> hallyn: so the new lxc-ubuntu is identical to what's upstream at the moment (includes the lxc.cap.drop, tap devices and mknod changes)
[15:24] <hallyn> did i cause those auto-generated changes?
[15:24] <hallyn> ok, i'm trying to get a prototype of the lxc bridge working.  The /etc/init.d/lxc is getting kind of ugly though :)
[15:24] <stgraber> not sure, might well have been me. It's one of these cases where we need to unapply and re-apply all the quilt changes
[15:24] <stgraber> are you planning on converting it to an upstart script?
[15:24] <hallyn> I might have to just bite the bullet and switch to upstart.  except i don't want to diverge from debian
[15:25] <hallyn> i dunno, what's your thought?
[15:25] <hallyn> he's obviously developing the bas version,
[15:25] <hallyn> so i guess it depends on whether dba is willing to take my changes (in some form or other)
[15:25] <hallyn> if not, then yes, no sense maintaining our own version of the bash script
[15:25] <stgraber> yeah, if the changes go in Debian, we probably should stick to the sysvinit script
[15:26] <stgraber> if not, then upstart would likely be a bit cleaner
[15:26] <stgraber> but we'd loose some of the custom actions in the process (not that I think they should have been there in the first place)
[15:28] <hallyn> what would we lose?
[15:28] <stgraber> freeze, unfreeze and status
[15:33] <lamont> Daviey: it's possible
[15:34] <lamont> the buildds are xserves, but I thought those were ibm, not apple
[15:34] <Daviey> ah, ok
[15:39] <urthmover> lamont: apple calls their rackmountable enterprise server hardware xserve (as confusing as that is for everyone except apple)
[15:40] <urthmover> lamont: Apple has discontinued these boxes a year or so ago.  Still supporting them  but I'm sure that OS updates will soon stop in a few years   so it is time to take advantage of the great hardware and put an OS that I can grow with
[16:03] <ppetraki> hallyn, iscsi-target
[16:06] <hallyn> ppetraki, lvm
[16:06] <ppetraki> hallyn, I'm confused, I thought you were interested in which iscsi target server we were using?
[16:06] <ppetraki> hallyn, what about LVM?
[16:07] <hallyn> ppetraki, nothing about lvm  :)
[16:07] <ppetraki> hallyn, oh good :)
[16:07] <hallyn> ppetraki, that's true in 12.04 too?
[16:09] <ppetraki> hallyn, hrm... that knowledge is definitely based on 10.04 LTS
[16:09] <ppetraki> hallyn, I don't have a good answer for you there
[16:11] <hallyn> ppetraki, ok, thanks
[16:12] <ppetraki> hallyn, appears that fedora is using tgtd, which would be the tgt package for us, for what its worth
[16:12] <kirkland> SpamapS: yo
[16:15] <SpamapS> kirkland: sup?
[16:15] <roaksoax> jandrusk: ping
[16:15] <roaksoax> ups
[16:15] <dork> hello
[16:15] <roaksoax> sorry
[16:15] <roaksoax> jamespage: ping
[16:15] <jamespage> roaksoax: pong
[16:16] <roaksoax> jamespage: any recommendations for USB sticks for the pandaboards?
[16:16] <jamespage> roaksoax: hmm - so I'm using laptop SATA drive in a USB caddy - works OK
[16:17] <jamespage> still boot from the sd card buts runs from the drive - so better performance
[16:17] <roaksoax> jamespage: right
[16:17] <roaksoax> jamespage: what's the preseed file again? and after installation did you have to modify anything?
[16:17] <roaksoax> jamespage: and kernel parameters added if any?
[16:18] <jamespage> roaksoax: preseed - https://gist.github.com/1205832
[16:19] <jamespage> cobbler stuff inc kernel params - https://gist.github.com/1205825
[16:19] <jamespage> and some fu to re-image the SD card to netboot when you want to re-install
[16:19] <jamespage> https://gist.github.com/1205751
[16:20] <jamespage> I did have a pad - but I can't find it ATM
[16:20] <roaksoax> jamespage: ok, but after installation everything was working as expected then
[16:21] <jamespage> yep - I use that configuration pretty frequently towards the end of last cycle
[16:21] <roaksoax> jamespage: i mean, it was booting of sd card but running from sda
[16:21] <jamespage> yep
[16:21] <roaksoax> jamespage: ok cool
[16:22] <roaksoax> jamespage: cool, thanks
[16:22] <jamespage> np
[16:22] <roaksoax> jamespage: now, did you get any case for your pandaboard?
[16:22] <roaksoax> lol
[16:22] <jamespage> nope
[16:22] <hallyn> stgraber, hey, do you ever see containers that wont' shut down because ureadahead was still running (or hung) ?
[16:23] <hallyn> I've reported it as a bug for natty, but got it with an oneiric container on precise too
[16:23] <hallyn> i don't know what the problem is
[16:23] <jamespage> its nicely accumumating a layer of dust - just waiting for it to catch fire when I run some java on it!
[16:23] <roaksoax> jamespage: sounds like fireworks to me.. wait for the hollidays :)
[16:32] <BrixSat> hello
[16:32] <BrixSat> im trying to compile a driver and i get the next error
[16:32] <BrixSat> Makefile:93: /lib/modules/2.6.32-28-generic/build/.config: No such file or directory
[16:40] <hggdh> Daviey: the server's team to bug-control expired. Is this what you want?
[16:40] <hggdh> ah, server team's membership, to be precise
[16:50] <Daviey> hggdh: Ah no, i hoped to grab you about that last week.
[16:50] <Daviey> Can it be re-added?
[16:50] <Daviey> zul: for squid3, are you adding a transisitional package?
[16:51] <zul> yep
[16:55] <Daviey> zul: Are the conf's compatiable?
[16:55] <zul> Daviey: yeah
[16:56] <Daviey> rocking!
[16:56] <roaksoax> zul: why is a squid3 transitional package needed?
[16:57] <zul> roaksoax: because squid is going away in favor of squid3
[16:57] <roaksoax> zul: ahh just realized that we have both, squid, and squid3
[16:57]  * Daviey notes roaksoax is behind on his bug mail.
[16:58] <roaksoax> Daviey: heh... or in the spam bin
[16:59] <roaksoax> Daviey: is there any email I should have been aware of?
[17:00] <Daviey> roaksoax: nah, jdstrand opened a bug asking us to replace squid with squid3 for it to be possible to support it for 5 years
[17:00] <roaksoax> Daviey: ahh.. I didn't get any
[17:00]  * jdstrand hugs server team
[17:01] <Daviey> jdstrand: when do hugs turn into beers?
[17:01] <roaksoax> Daviey: how was skydiving btw?
[17:01] <jdstrand> perhaps when I receive one that is owed to me :P
[17:03] <lynxman> jdstrand: so it's a very good transaction, the server team gives you one... you have to pay one for each guy of the server team? ;)
[17:03] <Daviey> jdstrand: heh, fair point :)
[17:04] <Daviey> lynxman: Rick Clark promised to buy every member of the Ubuntu Server Team a beer at UDS.. ~ubuntu-server being an open team at the time doubled it's membership overnight.
[17:05] <lynxman> Daviey: and then half of them dutifully resigned the next day? ;)
[17:05] <jdstrand> hehe
[17:11] <SpamapS> lynxman: so *thats* how we got Chuck!
[17:11]  * SpamapS hugs zul
[17:12] <zul> eh?
[17:27] <zul> okies squid3 should be ready for the MIR report now
[17:28] <zul> jdstrand: it already had ufw support btw
[17:29] <ServerNoOb> who has plenty of time to help me? Afraid I may be doomed
[17:30] <jdstrand> nice
[17:31] <ServerNoOb> Anyone good with dns?
[17:32] <ahs3> ServerNoOb: yes, somewhat.  what's the question?
[17:32] <ServerNoOb> is it possible to do this.
[17:33] <ServerNoOb> ISP----router------wifpc----out to another router -----to ubuntu 10.04 server
[17:34] <ServerNoOb> I have the first router port forwarding to the wireless pc
[17:35] <ServerNoOb> the wireless pc is giving ip to the second router
[17:36] <ServerNoOb> ports forwarded from second router to the ubuntu dns server
[17:37] <ahs3> tcp or udp ports or both?  dns wants to use udp, typically
[17:37] <ServerNoOb> dns work on that lan but i think it is broken at the wireless pc... dont think it is passing it off to the second router
[17:37] <ServerNoOb> will try that
[17:38] <ServerNoOb> dns is set to udp
[17:38] <ServerNoOb> on both routers
[17:40] <ahs3> i think what you'll have to do is debug each step with something like dig
[17:41] <ServerNoOb> when I try to go  to the domain it says taking too long to respond
[17:42] <ahs3> i.e., go to the ubuntu server, make sure you can dig there, then go to the next link
[17:42] <ServerNoOb> does the wireless pc have to have a dns server too or is there a way to passit through
[17:43] <ahs3> if you want the pc to resolve names, yes it needs a dns server -- or at least a hosts file
[17:43] <patdk-wk> you don't need a dns server on ANY of those machines or routers
[17:43] <patdk-wk> it would be helpful if the isp router had a dns server, but not needed
[17:44] <patdk-wk> ahs3, are you confusing dns server with resolv.conf?
[17:44] <ahs3> ah, i interpreted the question as "does it need access to a dns server", not "does it need to _run_ a dns server"
[17:45] <patdk-wk> sounds like he has a dns server running on the ubuntu box
[17:45] <patdk-wk> so many possible things could be going on
[17:46] <patdk-wk> but normally dual homing things, expecially laptops, normally don't work well
[17:46] <ahs3> right, unless done very carefully
[17:47] <patdk-wk> all my networks use 192.168.1.x :)
[17:47] <ahs3> heh
[17:48] <ServerNoOb> ahh does it need to run one
[17:48] <ahs3> patdk-wk: yeah, that's why this sounds like a debugging exercise to find the link where the dns packets get dropped
[17:49] <ahs3> ServerNoOb: it doesn't need to run a server, but it must be able to resolve (hence, /etc/resolv.conf)
[17:49] <ServerNoOb> from the server dig got info
[17:49] <ServerNoOb> next step up is linksys router
[17:50] <ahs3> right -- see if you can dig from the other side of the router, and so on...
[17:51] <ServerNoOb> from the wireless pc it digs too
[17:52] <ServerNoOb> I think my connection may just be too darn slow
[17:54] <ahs3> it would have to be *really* bad for dns to fail -- it does a lot of retries
[17:54] <ahs3> and dig will report the response times
[17:55] <ServerNoOb> speedtest.net says 0.35Mbps dn and 0.08Mbps up
[17:56] <ServerNoOb> I would like to get my server wifi working to cut out a few steps
[17:56] <ServerNoOb> with the desktop version wifi card worked out of the box, but not on server
[17:57] <ahs3> that should be plenty of bandwidth
[17:57] <patdk-wk> speed doesn't matter, just latency
[17:57] <patdk-wk> if you have 30seconds of latency :(
[17:57] <patdk-wk> ServerNoOb, you know, there is no difference between desktop and server
[17:57] <patdk-wk> except all the desktop stuff isn't installed
[17:58] <patdk-wk> so you just need to install the wifi drivers into your server install
[17:58] <ServerNoOb> dig show Query time: 332mms
[17:58] <ahs3> long, but not at all unreasonable
[18:01] <ServerNoOb> ssh is not even making it past first router
[18:01] <ServerNoOb> connection timed out
[18:02] <ahs3> that's tcp on a different port, but that sure seems like a clue :)
[18:03] <ServerNoOb> can you ping it?
[18:03] <ahs3> what's the ip address?
[18:04] <ServerNoOb> 206.41.235.152
[18:05] <ahs3> it's not configured to ignore pings, is it?
[18:05] <ahs3> apparently not...
[18:05] <ahs3> PING 206.41.235.152 (206.41.235.152) 56(84) bytes of data.
[18:05] <ahs3> 64 bytes from 206.41.235.152: icmp_req=1 ttl=242 time=395 ms
[18:07] <ServerNoOb> nslookup shows it pointed to that IP
[18:10] <ServerNoOb> now I have pulled everything from nat on router except http and ssh
[18:11] <ServerNoOb> also removing firestarter
[18:13] <ServerNoOb> am I still here?
[18:14] <ServerNoOb> ok I am
[18:19] <ServerNoOb> how strange
[18:29] <ServerNoOb> ahs3: now it makes it past first router but pulls the wireless pc's webpage
[18:30] <patdk-wk> you don't have your wireless router setup as a hotspot capture do you?
[18:30] <ServerNoOb> no
[18:30] <ServerNoOb> wish I could
[18:31] <ahs3> well, and if http is port forwarded to the wireless pc, isn't that correct?
[18:31]  * ahs3 is a little puzzled by the question...
[18:31] <ServerNoOb> this pc I am on pulls wifi from my first router then uses eth0 to share net with second router
[18:32] <patdk-wk> oh well, so basically you have 3 routers
[18:32] <ServerNoOb> the server with dns and website I want to reach is coonnected to second router
[18:32] <ServerNoOb> if you conut this pc as a router
[18:33] <patdk-wk> it routes doesn't it? :)
[18:33] <ServerNoOb> the it would be second
[18:33] <patdk-wk> how is the second router setup?
[18:33] <patdk-wk> I assume you connected it's wan port to your eth0?
[18:33] <ServerNoOb> yes
[18:33] <patdk-wk> ya, then talking to stuff on that lan isn't possible
[18:33] <ServerNoOb> so it pulls an ip
[18:34] <patdk-wk> unless you setup port forwarding, then you can only talk to one device
[18:34] <patdk-wk> that is so bad, 3 level deep nat :(
[18:34] <ServerNoOb> I figured that
[18:34] <ServerNoOb> was worth a try
[18:34] <patdk-wk> oh it's possible
[18:34] <patdk-wk> but many limitations
[18:35] <ServerNoOb> so I need to make this pc my main server
[18:35] <ahs3> yeah, very messy.  i wonder if you could subnet the lan on eth0 and have the pc route to it...
[18:35] <patdk-wk> no idea, I don't thing we even know your goal
[18:36] <ServerNoOb> I will make a graphic and show you ...will you be around for a few
[18:37]  * ahs3 has to head off to lunch...bbiab
[18:46] <ServerNoOb> patdk: still here
[19:38] <zul> Daviey: you are right the api is silly
[19:46] <Daviey> zul: oh?
[19:46] <Daviey> zul: you mean the lack of exposed debug?
[19:46] <zul> silly-easy
[19:46] <Daviey> oh
[19:47] <Daviey> yeah xmlrpc via python is really rather nice.
[19:47] <Daviey> zul: Have you managed to add extra data?
[19:47] <zul> Daviey: working on that now
[19:47] <soren> Is this for cobbler?
[19:48] <zul> soren: yes
[19:48] <soren> ok
[19:55] <soren> There's actually a change under review against Nova that adds bare-metal provisioning.
[19:55] <soren> If you guys want to do a cobbler driver, you may want to look at it.
[19:56] <soren> It's targeted at some odd ball embedded platform they have, so it's not the same use case, but it would be great if they would be in the same sort of style.
[19:57] <zul> soren: yeah i saw i need to review it
[20:13] <roaksoax> zul: you working on cobbler-enlist?
[20:13] <roaksoax> or similar?
[20:14] <zul> roaksoax: kind of
[20:14] <roaksoax> zul: so how are we gonna register new systems then?
[20:15] <zul> roaksoax: right now sudo cobbler system --cpu_cores=99 and that info gets exposed from the api
[20:16] <Daviey> I really think cobbler-enlist is the approach we should be extending
[20:17] <roaksoax> zul: so we are extending cobbler then and not using ocsinventory or are we doing both
[20:17] <zul> roaksoax: extending cobbler
[20:17] <Daviey> The bloated image approacg which 'sudo cobbler system add' depends on has significant more work involved, for a similar end experience.
[20:17] <zul> I should have a patch soon as an example
[20:18] <Daviey> I feel that ocsinventory is a Medium priority thing.
[20:18] <roaksoax> Daviey: well in my mind relies the approach that a system should 1. turn on. 2. obtain a pxe image from cobbler 3. register into cobbler (with all info) 4. it turns off 5. ready to be deployed
[20:19] <Daviey> roaksoax: that is what we were striving for already, but the image is based on something we get for free.
[20:20] <roaksoax> Daviey: that's what I mean with
[20:20] <roaksoax> Daviey: that's what I mean with "in my mind relies the approach"
[20:20] <Daviey> If we go for the bloated image, we need to worry about creating, maintaining and passing credentials to it.  Which is an issue we currently do not have
[20:20] <zul> thats something we all agree on
[20:20] <Daviey> smoser, doesn't agree
[20:20] <smoser> i never do
[20:20] <Daviey> I agree that a bloated image might well be nicer, but the added work has little benefit IMO.
[20:21] <smoser> i just think that you're going to have to bite the bullet at one point or another.
[20:22] <smoser> that sooner or later (read, sooner) you're going to realize that getting enough stuff to run in that little environment of the installer is a regular PITA
[20:22] <Daviey> smoser: You could well be right, but in order to make a decent plan on this - we need to document reasons that would cause that.
[20:22] <smoser> and you'll re-invent lots of things (like facter) that you would get for free if you bit said bullet
[20:22] <Daviey> smoser: so every dep we need in the d-i env, we need to introduce a udeb - is a PITA, agreed
[20:23] <Daviey> smoser: even in the minimal image, i'm not sure we'd want ruby, would we?
[20:23] <smoser> things you need, that will result in reinvention or PITA:
[20:23] <smoser>  * facter
[20:23] <smoser>  * ssl support
[20:23] <Daviey> ssl support we are getting regrdless.
[20:23] <smoser> really? that is somehow free?
[20:23] <zul> free as in magic..
[20:23] <smoser> i thought installer did not have it, and thus you couldnt use it.
[20:23] <Daviey> smoser: I *do* agree that a bloated image is 'better', but not neccessarily the right choice.
[20:23]  * zul does his doug henning impression
[20:24] <smoser> i dont think its necissariliy better.
[20:24] <smoser> i just think you're going to do a ton of work now fighting to stay in that installer
[20:24] <Daviey> smoser: well not free, but Colin is adding ssl support to d-i already.
[20:24] <smoser> and then throw that away in the future
[20:25] <smoser> i can most definitely grab a *lot* of data through /sys and /proc about a system with nothing more than busybox
[20:25]  * Daviey loves how the tables have turned. :)
[20:25]  * Daviey was smoser last cycle, and smoser was Daviey
[20:25] <smoser> Daviey, we'll, i could agree with you
[20:25] <smoser> but then we'd both be wrong
[20:25] <roaksoax> isn't it better to have a live image pxe booted, that runs and grabs the info, and then pushes it to cobbler?
[20:26] <smoser> what does "live image" mean
[20:26] <Daviey> roaksoax: yes, but we need to worry about creating, maintaining and passing secure data to it.
[20:26] <Daviey> smoser: pxe booting a read only minimal image.  aka, bloated image
[20:27] <roaksoax> yeah
[20:27] <smoser> doesnt have to be read-only
[20:27] <roaksoax> Daviey: by secure data you mean cobbler's user/password in order to be able to push that back into cobbler?
[20:28] <Daviey> I certainly will not block the bloated image approach, as i do think it is cleaner and more extendible.. However, it really needs a solid plan, with clear benefits.
[20:28] <Daviey> roaksoax: yah
[20:28] <roaksoax> Daviey: and can't we preseed that or use cloud-init?
[20:28] <Daviey> roaksoax: well if we go for the bloated image, preseed isn't an option is it?
[20:29] <Daviey> with the d-i image we can preseed.
[20:29] <Daviey> cloud-init.. Yes!  That is a good idea.
[20:29] <Daviey> we'd need to extend the orchestra metadata service tho
[20:29] <Daviey> (suddenly it's sounding like a significant undertaking, with little end user benefit)
[20:30] <roaksoax> Daviey: uhmmm not really, we could just obtain a blob of data base64 encoded
[20:30] <roaksoax> and then decoded on the image
[20:30] <roaksoax> similarly to what we do with the juju/cloud-init stuff
[20:30] <Daviey> well sure, but we still need to make and maintain a data service, right?
[20:31] <smoser> Daviey, not entirely
[20:31] <smoser> maybe we could just take over the kickstart for this path
[20:31] <smoser> cloud-inti would hvae bot be extended for a datasource type
[20:32] <Daviey> "have to be"?
[20:32] <smoser> then it would just read forom the kernel command line that uesr-data comes from this url (which is its kikstart url)
[20:32] <smoser> and it consumes it
[20:32] <smoser> have to be
[20:32] <Daviey> smoser: How long would that take?
[20:32] <smoser> but i dont know if cloud-init is necessary or overkill for that little thing.
[20:32] <smoser> it wouldn't be too bad.
[20:32] <smoser> its another data source type
[20:35] <Daviey> utlemming: How long would it take you to fork the livebuild magic to produce a <100MB bootable image?
[20:41] <roaksoax> but anyways, i think we need to be concerned on extending cobbler to store hw information
[20:41] <roaksoax> of a system
[20:41] <zul> Daviey roaksoax smoser: Thats how you expose new things through cobbler:people.canonical.com/~chucks/cobbler/cobbler-cpu-cores.patch
[20:42] <smoser> i think 100M is unfortunately overly optimistic
[20:43] <smoser> $ du -hs /lib/modules/$(uname -r)
[20:43] <smoser> 140M	/lib/modules/3.1.0-2-generic
[20:44] <roaksoax> zul: Instead of patche item_profile.py you should be patching item_system.py since the system'
[20:44] <roaksoax> zul: Instead of patche item_profile.py you should be patching item_system.py since the systems, since they are the ones that hold the information of each system
[20:44] <zul> crap i thought i did that :P
[20:45] <roaksoax> :)
[20:45] <zul> roaksoax: but you get the ide
[20:45] <zul> idea even
[20:45] <roaksoax> zul: but anyways, if we end up having ocsinventory as a backend, I think we could add a new feature to cobbler to say "system backend is ocs inventory". so it grabs all the hw info from there
[20:46] <roaksoax> zul: yeah I do, sweeeet
[20:49] <roaksoax> zul: so I gues you will be working on extending cobbler to store hw info then?
[20:49] <zul> roaksoax: probably
[20:52] <Daviey> roaksoax: so one of the *huge* reasons we went with cobbler when we reviewed the options was because we thought it would be easy to extend to make it the heart of orchestra.
[20:52] <roaksoax> Daviey: which it is
[20:53] <Daviey> zul: looks like a good patch, and easy to extend, nice work.
[20:53] <Daviey> zul: I wonder how much work it would be for extensions to be a runtime plugin, rather than patching core.
[20:54] <smoser> what patch is this ?
[20:54] <smoser> http://people.canonical.com/~chucks/cobbler/cobbler-cpu-cores.patch
[21:08] <zul> it would be nice to know what hardware info we need
[21:55] <the-mgt> if I'm on LTS and run 'do-release-upgrade -d' it's trying to upgrade me to precise
[21:55] <the-mgt> is there a way to specify a release?
[21:56] <the-mgt> ahh nm, Prompt=normal
[22:30] <hallyn> all right, super-friends, tomorrow is a holiday, so i'll see ya'll on monday!
[23:08] <lynxman> hallyn: enjoy :)
[23:18] <utlemming> Daviey: sorry I missed your chat...forking livebuild is pretty trivial, but like smoser said, <100MB is going to next to impossiable unless we use a compressed FS or strip out unneeded modules.
[23:20] <Daviey> utlemming: thanks
[23:23] <utlemming> Daviey: what are you using the bootable image for
[23:24] <virusuy> hi
[23:25] <utlemming> Daviey: I've build a initramfs based boot that used ~100M compressed initramfs before (not Ubuntu though) that booted over PXE. As long as you have sufficient memory, then you could run the root file system out of memory.
[23:26] <Daviey> utlemming: yeah, did that include python?
[23:27] <utlemming> Daviey: ah, yeah it did
[23:28] <utlemming> It was really, really stripped down, and I think it was like 75MB with xz encryption.
[23:28] <utlemming> Daviey: It was also using a custom compiled kernel, so that helped with the space requirements.
[23:28] <Daviey> utlemming: that might be worth considering, but i'm concerned about cleanly reproducing and maintaining.
[23:28] <utlemming> Daviey: actually, I take that back, it was 140M
[23:29] <Daviey> The concern is also support for unknown hardware, which means we need a rich kernel.
[23:29] <Daviey> smoser, zul, roaksoax ^^
[23:30] <utlemming> True...but I would assume that it is things like disk arrays, raid hardware, ethernet, etc. If you drop out the video for linux, 3d acceleration cards, etc., you can save some serious space
[23:33] <kyconquers> what would be the pros/cons of using exim with cyrus auth vs exim doing auth itself?
[23:44] <zul> Daviey: im all for it if it can be done easily enough
[23:46] <Takyoji> Doubt anyone would know, but: know how to disable the 'switch user' option via manually changing it in gconf or a text file?
[23:49] <utlemming> Daviey, zul: the big problem that I ran into with a large initramfs was that download errors. We saw some problems with TFTP, so we used a patched version of gPXE that had some retry logic.
[23:50] <zul> yucky
[23:50] <Daviey> utlemming: In other news, are you able to tackle the keystone MIR - bug 881464 you signed up for? :)
[23:51] <utlemming> Daviey: I thought you were going to ask about that...yeah, I'll put that on my high priority list. I got side tracked by UDS and Amazon's new region that just launched.
[23:51] <Daviey> roaksoax: SpamapS is doing a mysql merge, can you work with him to get it included - or hand off - bug 880339? Thanks
[23:51] <Daviey> utlemming: excuses, excuses :P
[23:52] <Daviey> zul: How is bug 885283 looking?
[23:52] <zul> Daviey: need to do the MIR
[23:52] <Daviey> zul: and bug 879853?
[23:53] <zul> Daviey: will do the munin tonight after i get back from meeting liams teacher
[23:53] <Daviey> zul: Great, i think it will be trivial - considering a security member of the MIR team requested it. :P
[23:53] <Daviey> zul: Ooo, have fun
[23:54] <Daviey> zul: bug 871278 has landed in upstream trunk now, right?
[23:54] <zul> Yeh
[23:54] <zul> i think so
[23:54] <zul> ill upload the nova milestone tomorrow as well
[23:54] <Daviey> zul: Yeah, it was blocked on Authors file if i saw correctly, now resolved
[23:56] <Daviey> zul: Great!  It might be good if one of the components, you talk through someone else how to do the process. :)
[23:56] <Daviey> adam_g: Hey, have you been able to touch cobbler-enlist this week?
[23:57] <Daviey> zul: In other news, did you see - bug 883988?
[23:59] <zul> sqlalchemy.exc.OperationalError: (OperationalError) table images already exists u'\nCREATE TABLE images (\n\tid INTEGER NOT NULL, \n\tname VARCHAR(255), \n\ttype VARCHAR(30), \n\tsiz
[23:59] <zul> that tells me it was a re-install
[23:59] <adam_g> Daviey: theres a pending MP for bug #868492