/srv/irclogs.ubuntu.com/2011/11/15/#ubuntu-server.txt

roaksoax	by adding a system with all the necessary info	00:00
Daviey	roaksoax: hmm, bloated or d-i, shouldn't make a difference	00:00
roaksoax	Daviey: ok, so either way, we can only access the API once	00:00
Daviey	roaksoax: I'm saying, that i'm not sure it can be achieved with one API call.	00:00
roaksoax	Daviey: why wouldn't it?	00:00
Daviey	roaksoax: I think you have to create the base object, then manipulate it.	00:01
Daviey	(i'm not certain on this)	00:01
roaksoax	Daviey: uhmmmm i haven't actually check that	00:01
adam_g	roaksoax: we first create a new system, then modify it a number of times (set its name, profile, mac addrs, etc)	00:01
roaksoax	I'll have to look into that	00:02
adam_g	followed by a call to save_system	00:02
Daviey	adam_g: Is your understanding that you have to do it that way aswell?	00:02
roaksoax	right but the authentication is only done once, isn't it?	00:03
roaksoax	ahh noo	00:03
roaksoax	never mind	00:03
Daviey	roaksoax: yes, but...	00:03
roaksoax	everytime we pass the token	00:03
Daviey	you auth once, but get returned a token which you use forever more	00:04
roaksoax	yep, multiple calls with a token	00:04
roaksoax	Daviey: well what i just thought of is that maybe, that token should only authorize the modification of the newly added system	00:05
roaksoax	since I pressume that those tokens are unique per authentication	00:06
roaksoax	and used per authorization	00:06
Daviey	roaksoax: As we use TCP, we could do ACL based on source IP address to match to a system profile?	00:06
adam_g	Daviey: AFAICS, yeah.. thats the reqquired workflow for creating a new system with the parameters we want. im not sure how 'new_system, modify_system, modify_system, save_system' translates on the other end, in terms of authentication/authorziation	00:06
Daviey	adam_g: annoyingly (as i've guessed you noticed), debugging server side is less than fun.	00:06
roaksoax	Daviey: or somehow match the passed token with the system id being passes based on the token used on creation time	00:07
Daviey	I'm not sure that helps TBH.	00:08
roaksoax	Daviey: nor do I, just and idea	00:08
Daviey	roaksoax: Keep 'em, ideas, rolling out.	00:10
adam_g	roaksoax: is there anything equivilent to early/late_commands that get executed server-side before/after a machine is provisioned?	00:16
Daviey	adam_g: what are you thinking?	00:16
adam_g	Daviey: just daydreaming... generating per-machine client certificates, shipping those in the preseed, and then revoking after the node has phoned home, or a timeout expired	00:19
Daviey	adam_g: at the very least, http://cobbler_host/cblr/svc/op/nopxe/system/$system_name could probably be made wider with a hook	00:19
Daviey	ie, the late_command to disable pxe after install.	00:19
Daviey	I wonder if storing a hidden data value, such as machine serial number and using that to validate against is viable.	00:22
Daviey	ie, you'd probably only know that if you have access to the box, confirming you are the mac address owner.	00:22
Daviey	still not clean IMO.	00:22
adam_g	Daviey: authing based on mac address seems tough since cobblers never seen the machines mac until cobbler-enlist is run, no?	00:26
Daviey	adam_g: Yeah, it would require more complexity to work around that.	00:28
SpamapS	save me some backscroll.. what problem are you guys looking to solve?	00:29
SpamapS	other than Daviey's insomnia?	00:29
Resistance	they want to solve why the universe exists	00:29
Resistance	:P	00:29
Resistance	lol i kid	00:29
SpamapS	we did that last year.. 10.10.10 ;)	00:29
Resistance	SpamapS: they wanted to solve why the OTHER universe exists :p	00:30
twb	Resistance: it exists because Canonical are too tightarse to provide support for the vast majority of packages they steal from Debian	00:31
twb	adam_g: also MACs can be spoofed trivially and are inherently discoverable	00:31
Daviey	twb: Is that really a helpful comment?	00:32
twb	adam_g: at least, unless you operate a prison like me, where you can dictate physical access :-)	00:32
Daviey	SpamapS: Currently there is a shared username:password we need to give to everyone that asks for it.. not secure.	00:33
twb	Daviey: maybe not, I didn't read much scrollback	00:33
Daviey	adam_g: We could have a profile just for adding new systems, and then disown it from that user blocking further updates.	00:33
Daviey	(post save_system)	00:33
twb	Daviey: you're PXE-installing arbitrary h/w, and want to match the preseed (&c) to the h/w model?	00:36
Daviey	twb: no, we have a minimal boot enviroment that will be booted when a new server is racked (provisioning server doesn't yet know about it), it posts back mac address and other data via an xmlrpc api	00:38
Daviey	currently the api user has full admin access.	00:38
twb	Eek	00:38
SpamapS	Daviey: so the u:p that is used to save systems.. is also capable of doing other damage?	00:38
Daviey	As we ship the creds via a preseed on first boot, everyone can get the creds to the server	00:38
SpamapS	Daviey: I don't know if thats really such a huge concern.	00:38
twb	Why can't that specific API call be anonymous?	00:39
patdk-lap	dunno if you want people anonymously adding new systems	00:39
Daviey	twb: well in part, it is a privildged operation as adding a system requires multiple API calls.	00:39
SpamapS	anonymously adding systems is still quite dangerous	00:39
Daviey	That is, add a new system - then add data about the system	00:39
Daviey	If it's purely anon, then anyone can edit any profile.	00:39
twb	But surely the call is informative only -- it's not making changes to the system	00:40
Daviey	well it is, because you need to do a >1 stage process.	00:40
twb	"Hi my name is Fred I have mac xx:xx.. and I am a pizza box"	00:40
Daviey	Add system Fred.	00:40
Daviey	Fred mac address is xx:xx	00:40
Daviey	Fred you are a pizza box	00:40
Daviey	That is 3 API cals.	00:40
Daviey	calls*	00:40
twb	Sounds to me like the right thing is to change the API	00:41
twb	or s/change/extend/	00:41
Daviey	Well... something we can do, is have a registeration user.	00:41
Daviey	Add system Fred, owned by reg_user	00:41
Daviey	Fred Mac address is xx:xx.	00:41
Daviey	Fred, add more data	00:42
Daviey	save()	00:42
Daviey	Fred is now owned by !- reg_user	00:42
patdk-lap	you lost me 20 fred's ago :)	00:42
SpamapS	Daviey: this is considered purely a time-saving operation for the admins right, admins still need to confirm these systems.	00:42
Daviey	So the shared user/pass for reg_user cannot make further changes to that profile.	00:42
twb	So the first operation creates fred and at the same time sets up bidirectional authentication based on some secret and/or keys to which the default preseed isn't privy?	00:42
Daviey	SpamapS: well default yes, but it should be optional.	00:43
SpamapS	I'm just concerned that there will be an instance where systems are accidentally put into the provisioning VLAN and .. whoops.. reboot and it gets blanked.	00:43
Daviey	twb: well the first API call is to auth with a plain user:password, which returns a token object which is used on all further API calls for that session	00:44
Daviey	SpamapS: well yes, which is why it needs to default to manual.	00:44
Daviey	Use case being plugging my laptop into the LAN and rebooting :)	00:44
Daviey	That would make me somewhat upset.	00:44
twb	Turn off PXE on your laptop them :P	00:45
patdk-lap	you have pxe boot by default on your laptop?	00:45
twb	patdk-lap: I used to	00:45
SpamapS	so manual in that all this will do is boot, register, reboot into the manual "boot from disk" menu.. ok	00:45
Daviey	twb: never! :)	00:45
Daviey	SpamapS: yeah	00:45
SpamapS	Right ok, so yeah, if there were an API call which would allow you to give away your ownership to another user, that would solve the issue would it not?	00:46
Daviey	I think currently the best plan is disowning a system from a minimal prived shared cred user when it is enlisted.	00:46
SpamapS	essentially, do all the bits with fred, then change owner to "admin" and when save returns, you can no longer touch the machine	00:46
Daviey	SpamapS: yeah, i'm not sure there is an xmlrpc query for it.. but it's certainly supported via the cobbler pythonic api - so might be easy to expose if it doesn't already	00:47
SpamapS	This would still allow malicious abuse of the cobbler system by a single node on the provisioning network though.	00:47
Daviey	SpamapS: well it would allow someone to add a bazillion systems	00:47
SpamapS	Exactly	00:48
SpamapS	So perhaps another enhancement is to add user quotas.	00:48
Daviey	I'm not what we can do about that	00:48
SpamapS	and have the reg user limited to 100	00:48
SpamapS	That would be a fairly straightforward change I think.	00:48
Daviey	well that wouldn't stop them disowning, and adding to the admin pool.	00:48
SpamapS	admin would also have 100 quota	00:49
SpamapS	or at least, a sane quota that they could raise themselves	00:49
Daviey	SpamapS: we could ARP lookup the mac address as an isValid() validation check.. but perhaps that is overcomplicating.	00:49
Daviey	err, scrub that	00:50
Daviey	i'm tired.	00:50
SpamapS	can spoof that	00:50
SpamapS	yeah you're not supposed to be around at my EOD :)	00:50
SpamapS	this is usually when we make fun of you	00:50
Daviey	SpamapS: I could make the same comment to you, most days :)	00:50
Daviey	err, my SOD.	00:50
Daviey	SpamapS: How is that cobbler precise upload looking? :)	00:51
Daviey	Right, /me goes AWOL.	00:51
Daviey	nn	00:51
SpamapS	Daviey: zul promised to look at rbasak's changes and mine as well	00:51
Daviey	SpamapS: zul is the reason i don't have a pony.	00:52
SpamapS	He's also responsible for you losing your cookies via jackass is he not? ;)	00:53
Daviey	SpamapS: no comment..:)	00:56
zul	SpamapS: that was a classic	01:00
uvirtbot	New bug: #890501 in cloud-init (main) "EC2 cloud-init overwrites 127.0.1.1 in /etc/hosts on every reboot" [Undecided,New] https://launchpad.net/bugs/890501	01:41
flickerfly	I have a LAMP/SSH server I just installed today. I've been unable to login via the console. I have been able to login from ssh, when I try to change the user password, it gives the error "passwd: Authentication token manipulation error" after entering the first password. I don't even get to confirm it. Any idea what's going on?	01:56
ChmEarl	flickerfly, is your user in the admin group? type groups	01:58
flickerfly	yes	01:58
flickerfly	it is actually the user the installer created, but I just checked to be sure	01:59
ChmEarl	sudo passwd <UN>	02:00
flickerfly	so the password change worked, but I still can't log in at the console	02:04
flickerfly	I can still login with ssh with the new password	02:04
flickerfly	Nov 14 19:03:47 portal login[8651]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=username	02:05
flickerfly	Nov 14 19:03:50 portal login[8651]: FAILED LOGIN (1) on '/dev/tty1' FOR 'username', Authentication failure	02:06
ChmEarl	flickerfly, sudo usermod -s /bin/bash <UN>	02:13
ChmEarl	in case the shell is wrong	02:13
ChmEarl	if the shell is OK, nm	02:14
flickerfly	shell is good	02:14
flickerfly	I just grep'd /etc/passwd to be sure	02:15
twb	flickerfly: pastebin output of this: egrep -v '^[[:space:]](#\|$)' /etc/pam.d/common- /etc/nsswitch.conf	02:17
qman__	have you changed the hostname?	02:17
flickerfly	no hostname change	02:17
qman__	in sshd.conf, PermitRootLogon is Yes by default, but if you have changed that to No, root can't log in over shell	02:18
flickerfly	qman__: http://pastebin.com/uEjyPtJV	02:18
twb	flickerfly: do the same for /etc/ssh/sshd_config as well	02:19
flickerfly	I'm not trying to login root, ssh is working fine	02:19
flickerfly	it's the console that fails	02:19
yaboo	trying to setup a ssh tunnel and getting the error open failed: administratively prohibited: open failed	02:19
yaboo	any idea why	02:19
twb	flickerfly: the files you pasted look fine to me	02:20
twb	flickerfly: "ssh works" -- works with password, or key, or both?	02:20
flickerfly	ssh works with password, I haven't transferred keys or anything like that yet. This is a very fresh install.	02:21
flickerfly	here is the sshd_config: http://pastebin.com/VfmCu7V7	02:21
twb	I can't see what would be wrong	02:23
twb	If you create a new user (adduser) can he get in?	02:23
twb	Maybe the account is locked -- check "getent shadow fred" FSVO fred -- but don't paste that because it contains the password	02:24
flickerfly	the user can get in via ssh so the account isn't locked	02:24
yaboo	flickerfly, I am able to telnet localhost port 10162, that the ssh tunnel works on and get the telnet prompt of the service	02:25
yaboo	two setup sshd_config looks on have PermitTunnel, AllowTCPForwarding	02:26
qman__	yaboo, administratively prohibited means one of two things that I know	02:26
qman__	either you're trying to bind to a port < 1024 on one end or the other, which is not allowed as a non-root user	02:26
yaboo	but when I do a snmpwalk it fails and does the administratively prohibited	02:26
yaboo	qman__, using port 10162	02:27
qman__	or you're using a user account which is not allowed in sshd.conf to tunnel	02:27
qman__	one one end, what about the other?	02:27
yaboo	qman__, how can I check this, something new to me	02:27
qman__	paste your ssh line used to create the tunnel	02:28
qman__	by default, all users are permitted to do this, but if you implemented any SFTP-only or other restrictions you probably disabled it	02:28
yaboo	su - cactiuser -c "ssh -f -N -g -p 22 -L 10162:localhost:161 cactiuser@remotemachines"	02:29
qman__	there yo ugo	02:30
yaboo	have setup snap to be tcp port, can telnet to the port	02:30
qman__	10162:localhost:161	02:30
twb	yaboo: ow	02:30
yaboo	can snmpwalk on the remote machine	02:30
qman__	port 161 is < 1024	02:30
qman__	and requires root to bind to	02:30
yaboo	but 161 is the remote machine	02:30
qman__	doesn't matter	02:30
yaboo	but it works for another tunnel	02:30
twb	qman__: not the way he's using it	02:30
twb	qman__: he's binding to 10162 locally and connecting to 161 remotely	02:30
yaboo	yes	02:30
yaboo	twb ok how do I get around this	02:31
twb	qman__: I do that all the time with e.g. ssh -fNL 8080:www:80 example.net	02:31
twb	qman__: I'm not root there	02:31
qman__	ah, I misread it	02:31
qman__	you're right	02:32
twb	qman__: easy mistake	02:32
qman__	I was thinking the opposite direction	02:32
twb	qman__: the mnemonic is that you write "www:80" not "80:www"	02:32
qman__	because that's what I have to do to set up backuppc tunnels	02:32
twb	yaboo: don't use -g or -p 22 unless you actually need them	02:32
yaboo	twb ok	02:33
twb	yaboo: also safer to use 127.0.0.1 because localhost might not resolve	02:33
yaboo	ok -g and -p gone	02:33
yaboo	and localhost changed to 127.0.0.1	02:34
twb	yaboo: is the ssh client running 4.8 or higher?	02:34
twb	yaboo: if so try ssh -w 127.0.0.1:161 cactiuser@remotemachines, see if you can interact with it at all	02:34
twb	Also if cactiuser has /bin/false as his login shell, su - will do the Wrong Thing; sudo -u will not.	02:35
yaboo	two try the ssh as the cacti user?	02:35
twb	It's "twb"	02:36
twb	And I don't really care who you ssh as	02:36
yaboo	twb get bad tun device	02:36
twb	Hang on	02:37
twb	Sorry I meant -W not -w	02:37
yaboo	trying now	02:38
flickerfly	another piece to this puzzle, if I create a new user and try to login to the console as this user, it fails the same way.	02:38
qman__	flickerfly, I'm going to guess your issue is a hardware one	02:39
flickerfly	I'm dealing with a virtual machine here	02:39
qman__	if it works over SSH, but not locally, and it's failing authentication, it's quite likely the password is not being entered as you think	02:39
ChmEarl	flickerfly, xen?	02:40
flickerfly	vmware	02:40
twb	qman__: ah, like his caps key is down or some shit	02:41
twb	qman__: or he is typing dvorak but the VM is reading it as qwerty	02:41
qman__	yeah, or broken keys, but in the VM world, it's more likely a failure to map keys correctly by the VM software	02:41
twb	vmware needs to die	02:41
flickerfly	twb: I have to type the username so those problems present themselves	02:42
flickerfly	Yeah, not real thrilled with vmware, but that's not my choice	02:42
twb	flickerfly: I'm out of ideas	02:42
flickerfly	ok	02:42
flickerfly	maybe I'll just have some windows qwerty user try it tomorrow then	02:43
flickerfly	perhaps there something amiss in the whole RDP -> vSphere stuff	02:43
yaboo	two its just hangs at the moment after I type the password	02:44
flickerfly	I've been cursing RDP all day for it's breaking my dvorak keyboard :-)	02:44
flickerfly	thanks for the ideas folks	02:45
twb	flickerfly: rdesktop takes a -k option	02:45
flickerfly	Yeah, but I'm on a mac because of the VPN software	02:46
twb	flickerfly: cisco?	02:46
flickerfly	no Watchguard	02:46
flickerfly	It is OpenVPN based, but I haven't taken the time to derive the config and all.	02:47
twb	Ugh, not sure what they- ah, OK	02:47
flickerfly	That part doesn't pay :-)	02:47
twb	It should be trivial and then you wouldn't have to use OS X	02:47
yaboo	twb I think the previous command you gave me failed I typed in the password on the remote machine and no command prompt so far	02:48
twb	-W connects stdio to that port	02:48
twb	like netcat	02:48
flickerfly	Yeah, once the deadline is sunk, I'll probably give it a look, but I think there is a hitch because it downloads a new config each time it connects and this changes frequently. I wonder if they are expiring certs fast or something	02:48
twb	flickerfly: more likely just poor design	02:48
yaboo	ok two, so I make a connection	02:48
twb	flickerfly: analyse the configs they are probably mungable	02:48
flickerfly	twb: perhaps you are right	02:49
yaboo	twb so I guess the point of the above command proves.	02:52
yaboo	thanks for the help guess you guys are out of ideas also	03:01
yaboo	two worked out the issue	03:16
yaboo	GatewayPorts yes needs to be set	03:16
twb	yaboo: ok that's odd	03:22
twb	yaboo: ah, you only need that for -g	03:22
twb	yaboo: you should not be using -g unless you have a firewall on the ssh client side	03:22
yaboo	two the other side has a firewall	03:22
twb	That doesn't help	03:23
yaboo	sorry btw yes have firewalls on both sides so need the -g	03:24
twb	If you use -g, then everyone on your local network can access that port	03:24
yaboo	two I am the only one on the machine who has access to the port	03:24
twb	not machine, NETWORK	03:24
yaboo	twb ok so leave the -g out then	03:25
twb	For example suppose you do "twb@example.net$ ssh -fNL 8080:secret.google.com:80 ssh google.com"	03:25
twb	That exposes secret.google.com:80 to all users on example.net	03:25
twb	If you add -g, it exposes that port to all users on *.example.net	03:25
yaboo	two makes sense	03:26
yaboo	so I avoid the minus g	03:26
twb	Yes, unless of course you need to, in which case do it but lock it down	03:26
yaboo	twb true	03:26
=== jason is now known as Guest84928
twb	Grah	06:12
twb	Stupid cut-down ubuntu busybox	06:12
twb	no less, no vi, more doesn't actually wait after each page.	06:13
twb	I'm stuck using sed -n 1,25p scripts/casper to read the bloody script	06:13
twb	And the ramdisk is twice the size of the debian one anyway because of stupid useless plymouth	06:13
twb	And flipping casper seems to work with a partitioned, FAT32 USB key, but not an unpartitioned extlinux one	06:24
twb	Er, unpartitioned ext2 one	06:24
twb	>rage<	06:24
twb	In other news, it looks like SOEs built with latest lucid-updates & -security no longer detect PS/2 mice	07:27
twb	my SOEs, that is	07:28
twb	pub time	07:28
KaZeR_W	hi there	08:32
KaZeR_W	is this the right place to get help with preseed? i can't get it to honor some directive (e.g. do not ask for keyboard configuration)	08:32
_ruben	KaZeR_W: #ubuntu-installer is probably a slightly more apropriate place	08:36
_ruben	KaZeR_W: but keyboard config can't preseeded, it can be kickstarted tho	08:37
_ruben	i have it specified on my tftp boot cmdline	08:37
KaZeR_W	_ruben, i have is specified too, but it still asks for it. currently i have : "append initrd=ubuntu-server/initrd.gz priority=critical locale=fr_FR url=http://10.151.2.201:4568/ks/00:50:56:ba:00:17.ks auto=true locale=fr_FR console-setup/layoutcode=fr console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical --"	08:38
KaZeR_W	i'll ask in #ubuntu-installer too, thanks	08:39
_ruben	let's what i have specified	08:44
KaZeR_W	_ruben, ? did you mean let's see ?	09:05
_ruben	KaZeR_W: yes, and something came up and i forgot i was gonna take a look :)	09:06
_ruben	append ramdisk_size=14984 debian-installer/locale=en_US console-setup/layoutcode=us url=http://.... vga=normal initrd=lucid-i386/initrd.gz --	09:06
_ruben	debian-installer/locale versus locale probably will do the trick	09:07
KaZeR_W	thanks _ruben trying right now	09:08
koolhead17	hi all	09:12
KaZeR_W	_ruben, still the same. my append line now read as "append initrd=ubuntu-server/initrd.gz priority=critical debian-installer/locale=fr_FR auto=true console-setup/layoutcode=fr console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical --"	09:18
KaZeR_W	do i need to specify a url to get command line arguments to be taken in account?	09:18
_ruben	only reason i can think of if it still asks for keyboard stuff, is that either fr_FR and/or fr aren't valid values	09:19
KaZeR_W	the french keyboard is preselected in the keyboard selection menu, but it still asks	09:21
_ruben	i dont specify ask_detect, might be interfering (perhaps it's reverse boolean for instance)	09:22
KaZeR_W	interesting : using append initrd=ubuntu-server/initrd.gz priority=critical debian-installer/locale=en_US auto=true console-setup/layoutcode=us console-setup/ask_detect=false netcfg/choose_interface=eth0 debconf/priority=critical it doens't ask for the keyboard	09:23
_ruben	which gets us back to my idea of fr_FR and/or fr being wrong :)	09:24
KaZeR_W	indeed :)	09:24
KaZeR_W	i'll try to pinpoint which one it is exactly	09:25
koolhead17	zul: hey	09:26
koolhead17	lynxman: howdy	09:26
_ruben	KaZeR_W: select it by hand and use the debconf tools to figure it out :)	09:27
KaZeR_W	_ruben, console-setup/layoutcode=fr works so i guess it's debian-installer/locale	09:27
_ruben	KaZeR_W: simple solution: don't use localized stuff ;-)	09:29
KaZeR_W	_ruben, yes :)	09:30
BuddyOfBuddy	Hello I am using amazon cloud on ec2...I am try to enable pawword based login in ssh	09:31
_ruben	why reduce security??	09:31
BuddyOfBuddy	so I set /etc/ssh/sshd_config -> PasswordAuthentication yes	09:32
BuddyOfBuddy	and sudo /etc/init.d/ssh restart	09:32
BuddyOfBuddy	but it still not working	09:32
BuddyOfBuddy	I get Permission denied (publickey).	09:33
BuddyOfBuddy	_ruben: bcos private key auth is pain in the ass	09:33
maxb	PasswordAuthentication only applies to SSH protocol 1	09:33
BuddyOfBuddy	i can connect from any where	09:33
maxb	The similar method in protocol 2 is covered by KeyboardInteractiveAuthentication	09:34
BuddyOfBuddy	so what should I do to allow password authetication	09:35
BuddyOfBuddy	i cant find any setting like KeyboardInteractiveAuthentication in sshd_config	09:36
KaZeR_W	_ruben, i'm giving up on trying to build the preseed myself. i'll try with the debconf tool once installed. thanks for your help	09:39
BuddyOfBuddy	please let know how to gid rid of forced private key authetication torture	09:39
BuddyOfBuddy	I need to login via password in ssh	09:39
KaZeR_W	BuddyOfBuddy, which user are you trying to login as ?	09:41
BuddyOfBuddy	i create a new user	09:41
BuddyOfBuddy	I am trying login with it	09:41
BuddyOfBuddy	even if try with ubuntu it give public ket denied error	09:42
KaZeR_W	in fact i agree with ruben. using a private key is much better. what's wrong with it?	09:43
uvirtbot	New bug: #541747 in asterisk "undefined modules in loaded-by-default modules" [Undecided,New] https://launchpad.net/bugs/541747	09:46
BuddyOfBuddy	I need to create lots of users in server ....I dont want waste my time create provate keys for every one	09:46
BuddyOfBuddy	plus on natilus u just mount ssh using user name and password	09:47
BuddyOfBuddy	private key is torture for me	09:47
maxb	you're a poet and you didn't know it	09:48
KaZeR_W	for user in john jane julie; do ssh-keygen -f ~$user/.ssh/id_rsa -t rsa; done	09:48
maxb	Although really the users ought to be generating their own keys and never sharing the private half with the server	09:49
_ruben	exactly	09:49
BuddyOfBuddy	yeah in perfect world	09:49
BuddyOfBuddy	but how to enable password based authetication ....is there a quick way	09:50
BuddyOfBuddy	i want my freedom	09:50
BuddyOfBuddy	:-)	09:50
maxb	Enable KeyboardInteractiveAuthentication if not already enabled, configure user accounts with passwords and valid shells, that's it	09:51
BuddyOfBuddy	in etc/ssh/sshd_config ? or some ther file	09:54
BuddyOfBuddy	so set -> KeyboardInteractiveAuthentication yes in -> /etc/ssh/sshd_config ??	09:55
BuddyOfBuddy	ok resolved	10:01
BuddyOfBuddy	thanks	10:01
KaZeR_W	how can one generate a full preseed file for installing a clone of a server ? debconf-get-selections seems to report way too much informations	10:23
KaZeR_W	and in fact some other informations are missing	10:24
=== smb` is now known as smb
KaZeR_W	ok "debconf-get-selections --installer" seems to be what i need	10:27
=== koolhead11 is now known as koolhead17
uvirtbot	New bug: #890649 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/890649	11:31
Syria	Hello, Can I download files from server to a specific folder? like var/www	11:44
Syria	using wget	11:44
_ruben	cd var/www && wget ....	11:45
Syria	_ruben: Thank you.	11:45
Syria	_ruben: Is this correct? var/www && wget http://wordpress.org/latest.zip	11:57
ersi	No	12:01
ersi	you need to Change Directory by using cd first (cd stands for Change Directory)	12:02
ersi	issue "cd /var/www"	12:02
ersi	then wget latest of wordpress	12:02
=== jetole is now known as joebob
Syria	ersi: Thank you.	12:19
_ruben	then again .. downloading the latest wordpress zipfile into /var/www doesn't make much sense in the first place, but that's a different story ;)	12:20
Syria	_ruben: I have a lot of files that I want to donwload to the dir var/www that's why I wanted to know how. :)	12:23
=== joebob is now known as jetole
ersi	Syria: note that '/' in front of the path is like "C:" sort of in Windows, ie saying just var/www means one thing while /var/www means another. One is a absolute path, one is relative. If you're in the dir /home/syria/ and make var/www and downloads files there.. I'll be in /home/syria/var/www and not in /var/www :)	12:26
Syria	ersi: This is a new information to me thanks again.	12:27
ersi	You're very welcome :)	12:28
koolhead17	Syria, did you check ubuntu server guide	12:30
Syria	koolhead17: Actually no.	12:31
koolhead17	Syria, you should TBH :D	12:31
Syria	koolhead17: I will do that very soon, Thanks.	12:32
koolhead17	Syria, https://help.ubuntu.com/10.10/serverguide/C/	12:32
koolhead17	:)	12:32
* koolhead17 wonders why server channel topic still points to 10.4 guide /o.0\		12:33
ersi	It's very good, in my opinion. It covers a lot	12:33
koolhead17	ersi, indeed :)	12:33
ersi	koolhead17: probably for the same reason you linked the 10.10 one? :D	12:33
koolhead17	ersi, very true	12:33
ersi	The changes aren't that disturbingly great, but there is changes	12:34
ersi	Syria: For the absolutely latest Ubuntu server guide, go to here instead: https://help.ubuntu.com/11.10/serverguide/C/ (Only thing that differs is the number 10.10 to 11.10)	12:34
koolhead17	EricJ, typo i meant 11.10 :D	12:35
koolhead17	* ersi	12:35
koolhead17	ersi, i donno if its policy to keep latest LTS on topic :D	12:36
ersi	might be, would not be so strange	12:38
Syria	The latest LTS is 10.04 right?	12:39
filo1234	yes it is	12:40
uvirtbot	New bug: #890362 in glance (main) "Should glance user's shell be /bin/false?" [Undecided,New] https://launchpad.net/bugs/890362	13:12
* Daviey wonders if that is a question or a bug		13:13
=== grzyweasel_ is now known as grzyweasel
azzid	I have a broken disk in my server, I get alot of output to my console every time it tries to access the disk, how can I prevent the errors temporarily? I need to reconfigure mdadm, fail the disk and so on, but the screen is so full of errors I cant really work.	13:26
azzid	probably a pretty basic thing, but I can't really formulate it to apply my google-fu	13:27
ersi	azzid: 'reset' or 'clear' :)	13:31
ersi	or doesn't that work over yer console?	13:31
azzid	ersi: clear will clear what is currently on the screen, but the error keeps appearing like every other second so I need to redirect it somehow	13:36
ersi	azzid: How about hopping over to another console?	13:37
azzid	it follows me if I switch tty =/	13:37
azzid	ssh is not affected, but the network driver is wrong so thoose sessions die after ~20 seconds	13:38
* ersi hugs his serial console		13:44
* koolhead17 kicks himself		13:45
ersi	I think you're unfortunally in shit creek without a paddle, my good sir :\|	13:45
ersi	How about booting from another source, like a thumbdrive?	13:45
ersi	(I know this'll probably be a PITA)	13:45
filo1234	ersi: try tty --silent or --quiet	13:46
hallyn	zul, what kind of assinine package do you have to write to fail update, then refuse --purge saying 'reinstall first'? (yes, i'm blaming YOU for rabbitmq-server :)	13:49
zul	hallyn: gah?	13:49
azzid	ersi: seems im not all out of luck, while asking the question mdadm seems to have stopped bothering the disk, so now the console is usable again! =)	13:50
azzid	filo1234: will try tty --silent if the screen starts fill up with crap again	13:51
smb	hggdh, jamespage Hm, I fear we still will be asked about news on bug 790712. Cannot say I got anything. Is this still happening (might be worked around by more ram and none of us really notices)	13:52
uvirtbot	Launchpad bug 790712 in linux "20110531 i386 server ISO: order 5 allocation failure during install" [High,Confirmed] https://launchpad.net/bugs/790712	13:52
ersi	azzid: Huzzah!	13:56
hggdh	smb: we did indeed work around by raising the default memory size of the VMs to 764 (from 512)	14:02
hggdh	smb: I have been trying to reproduce it without success	14:02
smb	hggdh, Hm, so what do you think. Should we close the bug for now until we trigger it again?	14:04
uvirtbot	New bug: #890691 in rabbitmq-server (main) "rabbitmq-server won't upgrade or purge" [Undecided,New] https://launchpad.net/bugs/890691	14:11
hggdh	smb: let me try one more time	14:13
smb	hggdh, Sure. Or alternatively reset the memory value back to 512 for the automated tests and wait. At least that we can then use as the status update for our action? :)	14:14
hggdh	smb: yes. I will update the bug	14:15
jcastro	kirkland: sorry I missed your message about byobu	14:17
jcastro	kirkland: also, I am sure this will be useful for something down the road: https://github.com/holman/spark	14:17
kirkland	jcastro: heh, no worries	14:17
kirkland	jcastro: neat; jhunt has a branch with some of this in byobu	14:18
jcastro	oh cool	14:18
kirkland	jcastro: i need to revisit it now that we're on tmux	14:18
kirkland	jcastro: it depends on utf8	14:18
kirkland	jcastro: which is pretty broken in screen	14:19
kirkland	jcastro: but works like a champ with tmux	14:19
jcastro	woo	14:19
mtaylor	kirkland: ping	14:26
mtaylor	kirkland: have you noticed the new behavior of add-apt-repository?	14:26
Daviey	mtaylor: The warning message?	14:26
mtaylor	yes	14:26
mtaylor	Daviey: sort of makes automation scripts, well, unhappy	14:27
Daviey	mtaylor: automation, who uses THAT?	14:27
mtaylor	Daviey: oh. silly me. I forgot.	14:27
Daviey	mtaylor: does -y, not automated it?	14:27
mtaylor	Daviey: shouldn't users who need that confirmation in oneiric be using the Ubuntu Software Center anyway?	14:27
mtaylor	Daviey: it does - unless I'm writing automation scripts which also need to work on pre-oneiric	14:28
Daviey	mtaylor: it's not silently ignored pre-oneiric?	14:28
mtaylor	Daviey: OR - following any of the bazillion cut-and-paste instructions on installing software on the web	14:28
mtaylor	Daviey: nope	14:28
Daviey	sigh	14:28
mtaylor	yup.	14:28
Daviey	mtaylor: can you raise a bug?	14:28
mtaylor	turns out ppa's are REALLY popular :)	14:28
mtaylor	I was writing one right, but then thought I should ping somneone first	14:28
Daviey	mtaylor: suggestions for a fix also welcome. :) .. Perhaps respecting a env variable?	14:29
mtaylor	Daviey: honestly, I would revert the confirmation	14:30
mtaylor	Daviey: it has no real use in server environments	14:31
mtaylor	Daviey: and in desktop environments, the recommended end-user interface is the software center	14:31
mtaylor	although if it's got to stay - respecting an env var, or perhaps a config file which could be created via d-i preseed questions	14:31
mtaylor	Daviey: and then we can just add that preseed option to the various standard preseed files that we use	14:32
mtaylor	https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/890708	14:32
uvirtbot	Launchpad bug 890708 in software-properties "Confirmation question is a UI regression breaking scripts" [Undecided,New]	14:32
Daviey	mtaylor: I'm not entirely sure why it was added.	14:36
mtaylor	Daviey: I don't either - although it feels like one of those times that desktop use cases intruded into the world of things that are highly used in server land	14:39
Daviey	mtaylor: well -y was added for this use case, but i understand portability.	14:40
kirkland	mtaylor: Daviey: haven't noticed, that's bad :-(	14:41
mtaylor	kirkland: yeah, right?	14:41
kirkland	mtaylor: totally a big pile of suck	14:42
mtaylor	kirkland: should I write an inflamatory blog post? :)	14:42
kirkland	mtaylor: scathing	14:43
kirkland	mtaylor: :-P	14:43
Daviey	mtaylor: sure thing, if you want it added to the bottom of the pile :)	14:43
mtaylor	Daviey: the bottom of the pile of inflamatory blog posts I write? - I'm sure that pile is way to large for anything to get noticed on the bottom of it ;)	14:44
zul	mtaylor: ping, https://jenkins.openstack.org/job/nova-ppa/1342/console why is my email address used?	14:44
kirkland	mtaylor: or, better yet, just ask mvo :-)	14:44
kirkland	mtaylor: i bet mvo fixes it within minutes :-)	14:45
mtaylor	zul: because?	14:45
kirkland	mtaylor: can you jump into #ubuntu-devel?	14:45
mtaylor	zul: looking	14:45
kirkland	mtaylor: let's poke mvo about it	14:45
mtaylor	kirkland: joining now	14:45
zul	mtaylor: i just find it odd :)	14:45
kirkland	mtaylor: i just pinged him there	14:46
mtaylor	oh for shit's sake. my irc client has quit joining channels again	14:46
mtaylor	what a pile of ass	14:46
mtaylor	zul: I'm guessing because you were the last person to commit to the packaging branch? or that you were the person who edited the changelog last?	14:47
mtaylor	zul: I'd have to look a little further	14:47
zul	mtaylor: ah i was just curious no biggy	14:47
kirkland	mtaylor: you coming? mvo is here now	14:47
mtaylor	kirkland: I'm unable to join the channel because my irc client got borked (and I have a few tabs that I need data from)	14:49
kirkland	mtaylor: heh	14:49
kirkland	mtaylor: okay, Daviey and i are talking to mvo now	14:49
mtaylor	kirkland: any chance I could be a diva and ask him to come in here for a sec?	14:49
mtaylor	kirkland: or - you can probably handle it	14:49
mtaylor	kirkland: did you see my preseed-related suggestion to Daviey above?	14:49
kirkland	mtaylor: we can handle it, and the irc nazis might get on us for moving a conversation that belongs in ubuntu-devel away from it	14:50
kirkland	mtaylor: <mvo> kirkland: hm, so it does check is sys.stdin.isatty() - in what env do the scripts run?	14:52
phunyguy_work	Hey folks, I am also in the Kubuntu channel, having some issues with the most recent kernel available (I think), Networking is really flaky. It was suggested I come in here and make a request to see if there is a newer kernel package that is pre-release, and if I can have it.	15:18
yann2	hello! If i want to change the configuration file used by vsftpd, do I need to edit the path directly in the upstart script?	15:23
hggdh	smb: I really cannot repeat it on precise's kernel (bug 790712), and jibel confirms we are not seeing it. How do you want to proceed with it?	15:30
uvirtbot	Launchpad bug 790712 in linux "20110531 i386 server ISO: order 5 allocation failure during install" [High,Confirmed] https://launchpad.net/bugs/790712	15:31
hggdh	smb: close fixed by unknown on precise?	15:31
smb	hggdh, I would tend to close it, either invalid or fix released with a comment. And I am not too hot for trying to find a solution for oneiric, given that for the testing case it is enough to increase memory a bit.	15:33
hggdh	smb: will close it this way, then	15:33
smb	hggdh, Thanks- This sounds like one of these things that would take much more time to find any fix for than the actual use would be	15:34
hggdh	smb: I agree	15:34
hggdh	smb: precice's task closed fix released, oneiric and natty wontfix	15:38
smb	smb, Ok, sounds good to me. Thanks	15:38
hallyn	stgraber, lp:~serge-hallyn/ubuntu/precise/lxc/lxc-default-config2 is now rebased on top of precise's lxc, tests fine for me. (speaking of tests, i guess we should have a little testsuite)	16:18
stgraber	hallyn: ouch, your branch contains quite a lot of changes in .pc, basically destroying all of them and re-creating all of them :)	16:22
hallyn	no, it can't. I re-did that without killing .pc	16:22
hallyn	maybe i failed on push	16:22
stgraber	hallyn: hmm, "Leave as "false" if you'll use virbr0 or another existing" but USE_LXC_BRIDGE="true" :)	16:23
hallyn	but anyway i was just going to dput, not merge the bzr source, so hopefully the archive will dtrt	16:23
hallyn	stgraber, oops, i did change that after commenting :)	16:24
hallyn	do you think default on is ok?	16:24
hallyn	comment fix pushed	16:26
stgraber	I think it's going to make it easier for quite a lot of users yes. Ideally this should be a mandatory debconf question once the default file is generated using a debconf template	16:26
stgraber	hallyn: should you use dnsmasq's pid file to kill dnsmasq instead of trying to find it in the process list?	16:27
stgraber	*shouldn't	16:27
hallyn	Hm, I suppose. (I don't trust pidfiles in general, but long as I'm creating it...)	16:28
stgraber	hallyn: also, in 0015-ubuntu-templ-use-updates.patch, policy is to always use security.ubuntu.com for -security IIRC	16:28
Daviey	ahs3 meet hallyn, hallyn meet ahs3 :)	16:29
stgraber	and last comment (I'm done reading the diff :)), shouldn't 'cp debian/lxc.conf debian/lxc/etc/lxc/lxc.conf' be moved to lxc.install?	16:29
hallyn	Daviey, i've asked ahs3 :)	16:30
zul	Daviey: 2.2.2 is tagged so ill just do that	16:30
hallyn	stgraber, maybe; I probably was thinking it was going to be a rename, that debian/lxc.conf wouldn't bre acceptable	16:30
stgraber	other than these few notes, changes look good	16:32
hallyn	stgraber, I don't like that policy (re security) but ok :)	16:32
hallyn	feh, that means i need another fix to the patch I sent upstream	16:33
stgraber	hallyn: I think the idea was that archive.u.c can be mirrored/overriden/... and so isn't necessarily up to date, security.ubuntu.com should always directly hit the main security mirrors and so should always be up to date	16:34
stgraber	security updates also get copied to archive.u.c (in the -updates pocket) so once your mirror catches up, you can grab it from there without touching security.u.c	16:35
hallyn	ok, still have to fix the dnsmasq one...	16:35
hallyn	then, with thes # of changes, i'd better re-test everything :)	16:36
hallyn	thanks for the feedback	16:36
stgraber	np	16:36
ahs3	hallyn: lemme guess, netcf :)? today's your day, dude	16:40
hallyn	ahs3, yay!	16:41
medberry	L)	16:44
medberry	:)	16:44
SpamapS	doh!	17:01
SpamapS	I forgot 1600 UTC is now 08:00 for me.	17:01
hallyn	we tried to tell you last week :)	17:01
SpamapS	who did?	17:01
hallyn	but SOMEONE was on holiday	17:01
SpamapS	Tuesday I was most certainly not	17:01
hallyn	hm	17:01
SpamapS	I just missed it because I was asleep	17:02
hallyn	well, i'm getting old	17:02
hallyn	i need a nap, and get off my lawn while you're at it	17:02
Daviey	SpamapS: you now have a tonne of bugs :P	17:02
SpamapS	Daviey: as opposed to before, when I only had half a ton of bugs	17:02
Daviey	SpamapS: heh.	17:02
SpamapS	I didn't see minutes from last week's meeting	17:02
Daviey	SpamapS: bug 887410, might want your love.	17:03
uvirtbot	Launchpad bug 887410 in apache2 "plymouth ask-for-passphrase" [Medium,New] https://launchpad.net/bugs/887410	17:03
SpamapS	I noticed that mathiaz's old "generate the minutes" script doesn't work anymore with the new format.	17:03
Daviey	SpamapS: the transsition bugs that were opened last cycle, are you looking to resolve them this cycle	17:03
SpamapS	Daviey: which transition?	17:04
Daviey	SpamapS: the runlevel ones	17:04
Daviey	SpamapS: wow, more than i thought	17:05
Daviey	https://bugs.launchpad.net/ubuntu/+bugs?field.tag=runlevel1 - how importiant are these?	17:05
SpamapS	Daviey: yes my plan is to take care of them all this cycle if possible	17:06
SpamapS	Daviey: 2 or 3 have already been fixed	17:06
SpamapS	They're all quite simple really	17:06
Daviey	SpamapS: Do you want to document how to fix, might be good bitesize bugs for new contributors?	17:08
SpamapS	Daviey: First I want to get the automated boot testing fleshed out	17:15
SpamapS	Daviey: that way if these seemingly bitesized fixes break something we should find out	17:15
jeiworth	hi all	17:19
Daviey	SpamapS: great!	17:19
jeiworth	am struggling a bit configuring ocsinventoy with gpli, i remember back in the day i successfully configured it to periodically scan ip ranges for open ports etc. for machines that do not have the agent running, anyone can give me a hand in this? or, since we are just starting the implementation, alternatives for automatcially inventorizing and managing are still welocome :)	17:21
pmatulis	jeiworth: what specific problem are you having?	17:32
jeiworth	pmatulis: ok, i have installed ocsinventory and gpli on a 11.10 server using packet manager, the interconnection between the two work fine, also any machine i install the agent on appears shortly after in the ocsinventroy. so far so good, but what i also want is that the agents (or the server) scan the local net to see what ip's have open ports and which ones	17:37
jeiworth	pmatulis: this happens for ip and snmp scans	17:38
jeiworth	pmatulis: or better, they don't happen at all ;)	17:38
pmatulis	jeiworth: well it installs on ubuntu fine. it sounds like an issue at the app level	17:39
hallyn	stgraber, (sigh :) new version pushed to bzr and tested	17:39
jeiworth	pmatulis: yes, it must be somewhere in the config	17:40
pmatulis	jeiworth: if anyone in this channel is familiar with this s/w then they will speak up but i feel you will get better help in another forum	17:41
jeiworth	pmatulis: thanks, yeah, i am checking google and their own chat but they don't seem too responsive there	17:41
zul	Daviey: still around?	17:59
roaksoax	kirkland: ping	18:00
kirkland	roaksoax: yo!	18:00
roaksoax	kirkland: yo! just upgrade tmux in lucid from your byobu ppa	18:00
roaksoax	kirkland: and got this:	18:00
roaksoax	Setting up tmux (1.5-1~lucid1) ...	18:00
roaksoax	/var/lib/dpkg/info/tmux.postinst: 7: dpkg-maintscript-helper: not found	18:00
kirkland	roaksoax: i think that can be ignored	18:00
kirkland	roaksoax: this is a backport of tmux	18:01
kirkland	roaksoax: let me see what that's doing	18:01
roaksoax	kirkland: yeah it doesn't really fail or anything but just in case :)	18:01
kirkland	roaksoax: yeah, it's benign	18:02
kirkland	if dpkg-maintscript-helper supports rm_conffile; then	18:02
kirkland	dpkg-maintscript-helper rm_conffile /etc/init.d/tmux-cleanup 1.4-6 -- "$@"	18:02
kirkland	fi	18:02
roaksoax	kirkland: alrighty ;)	18:03
kirkland	roaksoax: i can fix that, if you think that might scare people?	18:03
roaksoax	kirkland: well... it warned me but maybe regular users wont even notice it as it didn;t fail to install or anything	18:04
Daviey	zul: yup	18:05
kirkland	roaksoax: okay, thanks	18:05
kirkland	roaksoax: if there's any more complaints about it, i'll just add a command -v test to it	18:05
zul	Daviey: should we move the css for cobbler to orchestra?	18:05
kirkland	zul: +1	18:05
kirkland	zul: i think that "skin" belongs in orchestra	18:05
kirkland	zul: note that the Canonical Design Team was supposed to help us with that	18:06
Daviey	zul: Yeah, i'm not a fan of patching the upstream theme. We shouldn't have done that	18:07
zul	Daviey: k ill drop that one	18:07
zul	roaksoax: fyi the arm doesnt apply anymore :(	18:08
hallyn	stgraber, ok i'm going to try pushing (as a test to see if i have the upload perms now)	18:10
stgraber	hallyn: if you don't, just poke me and I'll fix them :)	18:12
bladernr	Hey gang... I have a server hardware question for you... it's been a while since I was on the Hardware OEM side of things, so I'm a bit out of touch with the latest and greatest... Are there servers being sold with converged devices (NIC/ISCSI) and are there servers being sold with physical 10GbE adapters	18:18
bladernr	I'm curious about what's being shipped on the motherboard, not via PCIe options.	18:18
bladernr	Also, anyone know of servers being sold with onboard FC?	18:19
bladernr	FWIW, I'm working on beefing up hardware testing on servers running Ubuntu Server for the 12.04 cycle and trying to sort out what we currently test and what areas we may be missing.	18:20
kyconquers	can anyone recommend a good stress test library?	18:20
bladernr	kyconquers: not sure about a library, but there's a tool in universe called 'stress' that seems to do a good job of stress testing systems.	18:22
bladernr	Phoronix also has some usual server benchmark tests that hit things like PostgreSQL, MySQL, Apache, etc.	18:23
patdk-wk	sysbench does a good job	18:23
patdk-wk	bladernr, I don't know of any motherboards with onboard fiber at all	18:25
palt	I'm having a problem with upgrading a postgres cluster from 8,4 to 9.1	18:25
palt	Getting an error that pg_upgradecluster cannot read the encoding	18:25
palt	The encoding for all the databases is UTF-8 so it should be the same for all the databases	18:26
palt	We only have the standard main cluster	18:26
bladernr	patdk-wk: I don't either, and I was stretching a bit with that one, but I do know that there were boards coming that had converged network devices and onboard 10GbE at least... just don't know how common those are right now	18:27
bladernr	^^ outside of blades that use different infrastructure	18:27
uvirtbot	bladernr: Error: "^" is not a valid command.	18:27
bladernr	sheesh...	18:27
Dulcin	Where can I find logs of crontab on ubuntu 11.10? And/or -- how do I enable logging?	18:28
patdk-wk	bladernr, there have been servers with onboard nic/iscsi for atleast 6 years, and the 10gig onboard for 3 years	18:31
patdk-wk	in fact, all my servers have onboard nic/iscsi combo	18:31
patdk-wk	and the ones I bought in the last year are all 10gig onboard	18:31
SpamapS	Dulcin: should be in /var/log/syslog	18:34
hallyn	robbiew, hi, do you know why https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-kvm doe snot show up in https://blueprints.launchpad.net/~ubuntu-server/+specs?role=assignee ?	18:43
Dulcin	SpamapS: is it possible to create a seperate log for crontab only?	18:43
patdk-wk	edit /etc/rsyslog.conf	18:44
pmatulis	Dulcin: 'grep -r cron /etc/rsyslog*'	18:44
SpamapS	actually add a file to /etc/rsyslog.d	18:44
SpamapS	#cron.* /var/log/cron.log	18:44
pmatulis	SpamapS: ;)	18:44
patdk-wk	oh heh, changed on me :)	18:44
robbiew	hallyn: checking	18:47
robbiew	hallyn: needed some switches flipped ;)	18:48
robbiew	done	18:48
hallyn	robbiew, great, thanks	18:48
zul	yay down to 20 cobbler patches	19:34
koolhead17	o.0	19:38
njin	Hello fellows, does ubuntu server use Network-Manager ?	19:55
njin	by default?	19:56
smoser	no	19:56
njin	smoser, thanks	19:57
pmatulis	njin: how could it? n-m is a graphical tool	20:05
cwillu_at_work	pmatulis, false.	20:06
pmatulis	cwillu_at_work: n-m won't bring in the graphical stuff?	20:08
cwillu_at_work	pmatulis, network-manager just recommends network-manager-{gnome,kde,whatever}	20:08
cwillu_at_work	I use it headless for appliances	20:09
pmatulis	cwillu_at_work: ah ok, so i can install network-manager in a cli environment and that's all that will get installed?	20:09
cwillu_at_work	yep; (noting that apt-get installs recommends by default, but that can be disabled temporarily)	20:10
pmatulis	cwillu_at_work: heh, ok	20:10
Randolph	hi all	20:52
vasosanitario	opa	20:56
vasosanitario	algum brasileiro?	20:56
guntbert	!br \| vasosanitario	21:00
ubottu	vasosanitario: Por favor, use #ubuntu-br para ajuda em português. Para entrar no canal por favor faça "/join #ubuntu-br" sem as aspas. Para a comunidade local portuguêsa, use #ubuntu-pt. Obrigado.	21:00
hggdh	now, to have a nick of 'toilet bow' is indeed something	21:09
kyconquers	is there an application or test to tell how long an email server will take per email?	21:18
ikonia	kyconquers: no but you can bench mark it yourself	21:20
kyconquers	ikonia, how?	21:21
ikonia	kyconquers: write a shell script to inject 100 identical emails, then view the logs on the mail server and see how long it takes to process and how long it takes for hte queue to go down	21:22
ikonia	do this on a local lan so that you know your public internet connection is not a problem	21:22
ikonia	then you know the servers capabilities (roughly - you can go as in depth as you want, ram queues, io times etc)	21:23
kyconquers	thank you ikonia	21:23
Dulcin	I notice this error in my cron log: (CRON) DEATH (can't open or create /var/run/crond.pid: Permission denied)	21:25
Dulcin	what is it trying to do and should I change file permissions on that file?	21:25
zul	[ubuntu/precise] cobbler 2.2.2-0ubuntu1 (Accepted)	21:32
zul	eod	21:32
roaksoax	zul: yay!!	21:34
lcb	hi. i installed xfce one one of ubuntu servers i have because i need some minimal graphical interface on it. due to a faulty GPU on that computer i could get to a feasible xfce by going into recovery mode and after selecting "Resume". That seems to me is the best video mode to use. How and where could i make it as default?	21:50
kirkland	jcastro: +1 :-)	22:08
Daviey	zul: nice one	22:10
swharper	when installing a raid configuration (new/blank install) shouldn't I have the RAID build on separate drives from the OS?	22:23
patdk-lap	depends what your attempting to do	22:23
swharper	basically I have 7 1.5TB drives and 1 640GB drive. i had planned on installing the OS on the 640 and build the RAID out of the remaining 1.5TB drives	22:24
patdk-lap	if you only have two disks, oviously the raid will be on the same drives	22:24
patdk-lap	if you have more disks, you still might want the os drives to be raided, for their own protection	22:24
patdk-lap	that is fine	22:24
swharper	but when I try to partition during the install it is freezing at 50%	22:24
patdk-lap	if your os drive dies, you jsut have to rebuild	22:24
swharper	i can tell the RAID is being built because it takes about 24 hours for the lights to stop flashing,but the install still hangs	22:25
patdk-lap	dunno if I would bother attempting to do that at install time	22:25
patdk-lap	I would just install	22:25
patdk-lap	then build the raid later	22:25
swharper	hm	22:25
patdk-lap	I only config stuff at install if it's needed for the os	22:25
patdk-lap	but that is just me	22:25
swharper	is there a good front end for mdadm?	22:25
patdk-lap	mdadm :)	22:25
swharper	haha	22:26
patdk-lap	you want gui? your in the wrong channel	22:26
swharper	im coming from openfiler, which was relatively easy	22:26
swharper	so then basically just pick the 640gb, tell it to automatically partition that drive then deal with the rest of em once the server is up?	22:27
patdk-lap	that is how I do it	22:27
swharper	thanks	22:27
kklimonda	has someone configured "integrated" openldap with kerberos? i.e. kerberos stores it's database in ldap, and ldap uses kerberos for authentication? Is it right that I have to still have to store password for users used by kerberos to access ldap in ldap itself?	22:36
willwh	hi guys, I deployed this: http://majic.rs/book/initd-scripts/running-irssi-on-boot - when I reboot however, no screen/irssi session	23:08
willwh	works fine invoked like, /etc/init.d/irssid start	23:08
willwh	and I ran update-rc.d defaults irssid	23:08
willwh	How do I go about debugging what is failing here? :)	23:08
medberry	willwh, possibly a race. Possibly the network isn't fully up yet. I'd break it down into two parts: see if screen is coming up. If so, then see why irssi is failing.	23:15
medberry	use logs 2> output and if necessary, strace and friends.	23:15
medberry	alternatively just put a sleep in the script and see if that is a shortcut work around.	23:15
willwh	medberry: screen doesn't come up	23:15
medberry	willwh, doesn't screen need a tty?	23:16
savid	Is there an automation-friendly way to enable the "universe" packages in /etc/apt/sources.list?	23:17
swharper	great…reboot after install and right after verifying DMI pool data - "error:fd0 read error. error: no such disk."	23:24
yaboo	what software is good to automatically keep up a ssh tunnel	23:27
kklimonda	hmm, are NFSv4 ACLs supported in Ubuntu?	23:29
SpamapS	yaboo: I just use 'keep-one-running' from run-one	23:31
swharper	now im at the grub rescue prompt	23:32
SpamapS	yaboo: its in 11.10 and later	23:32
yaboo	SpamapS, I am using 10.04	23:32
SpamapS	yaboo: then something like 'while true ; do ssh -xzyz foo ; sleep 1 ; done	23:34
yaboo	SpamapS, cool	23:36
mtaylor	SpamapS: there's an ssh config command which will send the keepalives	23:37
mtaylor	TCPKeepAlive yes	23:38
mtaylor	ServerAliveInterval 300	23:38
mtaylor	in your .ssh/config	23:38
yaboo	mtaylor, .ssh/config not /etc/ssh/sshd_config?	23:38
mtaylor	yaboo: it's a client config	23:38
mtaylor	not a server one	23:38
yaboo	mtaylor, can it be /etc/ssh/ssh_config?	23:38
SpamapS	mtaylor: but that won't respawn the tunnel if ssh dies	23:39
mtaylor	correct	23:39
yaboo	would like it to respawn the tunnel	23:39
mtaylor	oh - sorry, I was following your answer wrong	23:39
yaboo	have keys setup for passwordless logins	23:39
m_3	yaboo: http://paste.ubuntu.com/739777/ is a quick and dirty cronjob that worked for me in the past... you might wanna work to make it a bit more robust though	23:43
yaboo	m_3, thanks will look at it then	23:44

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!