/srv/irclogs.ubuntu.com/2012/02/03/#ubuntu-server.txt

cautionhow can I measure disk activity?00:06
Zalcaution, iostat00:06
=== Lcawte is now known as Lcawte|Away
stgraberhallyn: lxc uploaded01:07
twbi pxe boot everything01:16
twbI'm even going to be PXE booting the PXE servers soon01:16
twbBecause there's scalability issues serving more than one or two /24's from a single PXE server, so I'm gonna put in one per /24 and have it boot itself off the master server, then cache all the desktop's PXE rootfs's in RAM.01:18
twbCool, huh?01:18
starlockeso... any ultrabooks worth getting excited over...?01:52
twbMy Asus TF101 meets my key requirements of running Ubuntu, having a decent keyboard and screen, and a long (20 hour) battery life, even if most of the other components are not working yet01:57
XevolXhello02:03
=== Jasonn is now known as c00kie
josedbhello, may i ask a simple question?02:47
chelzjosedb: go ahead. on irc you don't have to ask to ask.02:47
josedbok, this is: I have a server , and a dynamic ip (actually using dyndns service to connect throught internet). i want to send system emails (php, or any other daemon),. so whats the best option?02:50
josedbi want to use and external email account (using SSL for auth), is there any posibility?02:52
chelzyes, there is a good package for that02:52
chelzjosedb: sSMTP02:53
josedbive tried postfix, but i found it very dificult to configure it, and very extensive for thiis use02:53
chelzgoogle for guides02:53
josedbthank you so much, iam looking google right now02:54
twbFWIW I have had much better experience with msmtp than with ssmtp02:56
chelztwb: what was bad about ssmtp?02:57
twbTBH I can't remember it was years ago02:57
twbhttp://cyber.com.au/~twb/.msmtprc (although that's going down in a moment for scheduled outage)02:58
josedbif i have problems witg ssmtp, ill try msmtp03:00
=== c00kie is now known as Jasonn
josedbwhat about qmail, webmin has no module for ssmtp03:04
twbDon't use webmin or qmail EVER03:10
josedbno luck with ssmtp:   Cannot open mail.dulkre.com.ar:46503:13
chelztwb: webmin okay, but not qmail? why?03:13
josedbok, fixed. Is it possible to send attachments?03:15
twbchelz: because it's djb03:16
chelztwb: haha :P03:16
twbIt's not free software, and there are strong alternatives (postfix/exim4)03:17
chelzjosedb: sure, just craft the message properly and cat base64'd (i think) version(s) the attachment(s)03:17
chelztwb: ah right, that license does leave quite a bit to be desired03:18
twbhallyn: I just upgraded my LXC server from 2.6.32-32 to 2.6.32-38 and *it works*!  Thanks to you and whoever else got that vsftpd "fix" dealt with03:29
hallyntwb: glad to hear it.  Fraid I can't take any credit, kernel patch by Tetsuo Handa made the difference.03:31
twbbtw do you remember the sysctl setting to limit the number of containers or something?03:31
* twb digs out the bug ticket mail03:31
hallynnetns_max ?03:35
twbAh, it's set to 1024 by default in -38 anyway, so I am safe03:45
mattwj2002hi guys03:47
mattwj2002ufw sucks (or at least my ability to get it to block stuff does)03:47
mattwj2002I am wondering if I need to use iptables03:48
mattwj2002anyone here?03:48
erichammondmattwj2002: You might get more responses if you asked a question with specific information about your situation.03:50
mattwj2002okay03:50
mattwj2002I am trying to get ufw to block access to the ntp to all but certain subnets03:51
mattwj2002it isn't working03:52
mattwj2002it doesn't stop the packets according to port scan03:52
mattwj2002can anyone tell me how do the incoming and outgoing blocking?03:53
mattwj2002I thought I had it figured out but maybe that is my problem03:54
twbmattwj2002: is ntp served from the host running ufw, or is it behind it (i.e. the ufw host is the router) ?04:01
twb-A FORWARD -p udp --dport ntp -s 1.2.3/24 -j ACCEPT; -A FORWARD -p udp --dport ntp -s 1.2.3/24 -j REJECT04:02
mattwj2002ntp is serverd from the box running ufw04:02
twbAh, then INPUT, not FORWARD.04:02
twbI don't know how those rules will translate into ufw idioms.04:02
twbObviously any useful ruleset is going to be default-deny, so the latter of those two rules is not strictly necessary04:04
starlockeububu.04:28
starlockeit's symetrical.04:29
starlockesort of.04:29
osmosishow do I fix  ureadahead-other  error on boot?05:51
saji89I have been trying to set up a name based virtual host in pache on ubuntu 11.10, to a folder /var/www/test. But it keeps on pointing to /var/www only. How can I solve it?06:27
saji89Hi all.06:27
saji89Anyone?06:33
saji89My virtualhost configuration file looks like this-http://paste.ubuntu.com/827328/06:33
SpamapSsaji89: you probably need to a2dissite default06:39
SpamapSsaji89: also do you have somewhere 'NameVirtualHost *:80' ?06:40
saji89SpamapS: Ya its there in ports.conf06:41
saji89SpamapS: My ports.conf looks like this-http://paste.ubuntu.com/827332/06:41
SpamapSsaji89: and you're putting in http://test.local/  to look at it?06:41
saji89Yes-06:42
saji89http://test.local/06:42
saji89SpamapS: Am i missing something here?06:42
=== pehden_ is now known as pehden
saji89SpamapS: I just disabled the default virtualhost now.06:44
saji89and something interesting is happening.06:44
saji89SpamapS: test.local is pointing to /var/www06:45
saji89SpamapS: But http://localhost shos the contens of /var/www/test folder06:45
saji89shows*06:45
SpamapSsaji89: weird indeed.06:46
saji89SpamapS: Yep.06:47
saji89WIll the contents of /etc/hosts do any good?06:47
saji89It might  be the cul[prit i feel.06:47
SpamapSsaji89: to test you can always just telnet in and manually do your request06:48
saji89SpamapS: SOrry.06:48
saji89SpamapS: How can I do that?06:48
saji89SpamapS: My hosts file looks like this-06:49
saji89http://paste.ubuntu.com/827338/06:49
RoyK-18˚C06:49
saji89SpamapS: I use likewise-open to connect my system to a windows server domian based network.06:49
saji89SpamapS: It has added an entry in hosts file, maybe that is causing this trouble.06:50
SpamapSsaji89: possible.. hard to say. Unfortunately, I'm running out of energy.. so I'll have to leave you. :-/06:58
* SpamapS passes out06:58
saji89SpamapS: Please man..07:01
nemo_nihilanyone here that can help me set up and ec2 instance07:01
saji89SpamapS: Atleast a hint ot where i should move next or check next.07:01
saji89to*07:01
* saji89 hopes that SpamapS resurrects07:05
* saji89 lost the hope.07:12
saji89Anyone else , any idea?07:12
saji89SpamapS: Thanks for your time ma.07:15
saji89SpamapS: man*.. Bye.07:15
sorensaji89: First of all, you should make sure you're not seeing cached responses. What are you using to test?07:22
saji89soren: You mean web browser? Firefox 9.0.1, it it.07:23
sorensaji89: You should use something like curl or wget to make sure.07:23
saji89soren: How can i use it?07:24
sorencurl http://test.local/07:24
sorenThat's it :)07:24
sorensaji89: Anyway, have you touched httpd.conf or apache.conf at all?07:24
=== sixstringsg is now known as sixstringsg|away
saji89soren: Nope.07:25
sorenGreatk.07:25
sorensaji89: Can you pastebin the output of "grep . /etc/apache2/sites-enabled/*", please?07:26
saji89soren: SUre..07:26
soren(If there are multiple files, using grep this way will show me their filenames and they'll also be listed in the order in which they're read)07:27
soren...and please don't remove anything from without telling me.07:28
saji89soren: Ok.07:28
saji89soren: interstungly output of only one file show up-07:28
saji89soren: http://paste.ubuntu.com/827362/07:28
sorensaji89: Is that surprising? Is there more than one file in there?07:30
saji89soren: Yes.07:31
saji89soren: http://paste.ubuntu.com/827365/07:31
sorensaji89: That's sites-available.07:31
sorensaji89: Not sites-enabled.07:31
saji89soren: Oh sorry..07:32
sorenAnyway, pastebin "ls -l /var/www/test"07:32
linociscowhat is GNU linux? I dont know about it well. I know only Debian based and Redhat based. what is GNU based?07:33
saji89soren: http://paste.ubuntu.com/827366/07:33
sorensaji89: Ok. What does "curl http://test.local/check.php" say?07:35
saji89linocisco: Everything is GNU Linux. Linux is the kernel we use in all linux distributions, which is actually GNU linux. GNU stands for "GNU is Not Unix".07:36
linociscoso what is the android based? Redhat or Debian ?07:38
saji89linocisco: Redhat, DEbian is based on GNU Linux Kernel.07:38
sorensaji89: What does "curl http://test.local/check.php" say?07:39
saji89linocisco: And even Android uses a modified version of GNU Linux Kernel.07:39
saji89soren: Am installing curl now.07:39
sorensaji89: Oh, ok :)07:39
linociscosoren: what GNU linux ? there are only two . Redhat or Debian , Am I right?07:40
sorenlinocisco: There are probably hundreds of linux distributions.07:41
sorenlinocisco: And you're in an Ubuntu channel. Clearly, there's more than RedHat and Debian.07:42
saji89soren: http://paste.ubuntu.com/827372/07:42
saji89soren: Its output of phpinfo() function, as i had put in that test file.  :)07:43
linociscosoren: yes, soren. we can only install with .deb or .rpm apart from tarball. .so only redhat based or debian based. right ?07:43
sorenlinocisco: N.07:43
sorenNo.07:43
sorensaji89: Great, so everything works?07:43
saji89soren: Ya now it works fne.07:45
saji89soren: DOn't know what happened?07:45
saji89soren, WOuld it be browser cache?07:46
saji89soren: I had even posted a detailed question in askubuntu.com http://askubuntu.com/questions/101030/apche-virtualhost-keeps-pointing-to-default-directory   :)07:46
chelzlinocisco: linux kernel + gnu tools = gnu/linux or gnu+linux. if it doesn't have gnu then it isn't. android uses other tools, some custom. check wikipedia for more.07:47
saji89linocisco: Check this out for a simple answer-http://searchenterpriselinux.techtarget.com/definition/GNU-Linux07:48
sorensaji89: Maybe. Don't know.07:48
saji89soren: Anyways thanks man...07:49
linociscosoren: tango yankee07:49
linociscosaji89:  Tango Yankee07:49
saji89soren: Thansk for the curl tip07:49
saji89soren: Thanks, for the curl tip.07:49
saji89soren: Still one issue exists though.07:50
chelzsaji89: if for some reason you can't use curl, wget works also with    wget -O - http://example.com07:50
saji89soren: http://localhost also points to /var/www/test07:51
linociscowhat is the difference between ubuntforums.org and askubuntu.com?07:51
chelzlinocisco: different format but generally for the same purpose. different accounts too i think07:51
linociscochelz: so different registration required?07:52
chelzlinocisco: i think so. sharing accounts would be pretty difficult for them07:53
saji89chelz: Thanks..07:53
linociscochelz: what about openID?07:53
chelzlinocisco: ubuntuforums is pretty backwards, i'd really be surprised if they started supporting openid07:55
saji89soren: I enabled 'default ' again..07:55
saji89soren: Now everything is fine07:55
linociscochelz: ok thanks. only IRC is interactive07:55
saji89Thanks guys...07:56
osmosishow do I stop services from starting at boot07:58
osmosisanyone know how to troubleshoot courier-imap saying  Error in IMAP command received by server.08:06
osmosisthis postfix mysql setup isnt working. maybe im going about this wrong. for virtual domains, should I just be using Maildir?08:26
HermanDEAnybody have a working TProxy system with 11.10?08:32
lynxmanmorning o/08:34
greppyosmosis: I prefer maildir, but I also prefer dovecot to courier.08:35
osmosisgreppy, I was looking at  https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto08:35
osmosisgreppy, any reason why you like dovecot?08:36
osmosisdoes it have a web admin interface?08:36
greppyI use froxlor as a web/mail hosting frontend control panel.08:37
greppyfroxlor.org has packages you can download.08:38
greppyonce you install froxlor, there are step by step, copy&paste configurations to make to get postfix & dovecot working.08:39
osmosishmm. tempting08:39
osmosiscan it do billing too?08:40
greppynope08:41
greppynot yet.08:41
greppyit's on the todo list :)08:41
greppyanother option is http://www200.pair.com/mecham/spam/08:41
greppyI've used that on it's own before, and also tweaked it to work with ubuntu & froxlor08:41
osmosisi spent the whole day on postfix /courier-imap.  i just get failed logins, and there is no error log trail08:42
osmosisfroxlor looks strong08:43
osmosishas debian packages, but not ubuntu08:44
greppythey work fine on ubuntu :)08:45
greppyI have it in production for customers right now.08:46
taipressudo /etc/init.d/apache2 stop09:56
taipressays it stopped it but it's still running09:56
taipresany ideas?09:56
dns53is it a zombie process?09:56
taipresyeah09:59
taiprestop shows it09:59
taipres2 of them running09:59
taipresfinally got it, thanks10:00
taipresdon't know how tried kill -9 million times, but whatever works10:00
dns53apache can do that occasionally, it is worse with things like oracle ebusiness suite10:02
MyrttiI'd try "sudo service apache2 stop" first tho10:03
sorentaipres: zombie processes are already dead. Can't be killed.10:12
sorentaipres: To get rid of them, you need to kill their parent process.10:12
sorenThey're left around as zombies because their parent hasn't called wait() on them.10:13
soren...and when you kill the parent, init adopts it.10:14
soren...and init knows how to deal with it.10:14
dns53talking about zombie processes i caused one with bash auto complete10:17
kjhi11:09
dns53hey11:09
kjhi room11:09
kjhows everyone here11:13
bastidrazor breaking a sweat.. its alright11:14
kjlol11:14
=== dduffey_afk is now known as dduffey
gary_posterhallyn (I hope this is before the start of your day, so reply when you get a chance :-) ), hi.  Would it be worth seeing if I can escalate kernel bugs 925028 and 925024?13:14
uvirtbotLaunchpad bug 925028 in lxc "apparmor breaks lxc-start-ephemeral (apparmor+overlayfs returns -EINVAL)" [High,Confirmed] https://launchpad.net/bugs/92502813:14
uvirtbotLaunchpad bug 925024 in lxc "apparmor makes it impossible to install postgresql-common on Precise" [High,Confirmed] https://launchpad.net/bugs/92502413:14
zulmorning13:41
bigjoolsfwereade_: around?14:10
fwereade_bigjools, heyhey14:11
bigjoolsfwereade_: hi there.  I want to pull python-testtools into juju - can you think of any reason why I should not?14:12
fwereade_bigjools, not offhand, what do you need them for?14:12
bigjoolsfwereade_: makes testing a *lot* nicer14:13
bigjoolsthe matchers are much better than trial's standard test cases14:13
bigjoolsthis would only be a development dependency though14:14
fwereade_bigjools, it might be slightly irritating to have two styles of TestCase... it would probably be best to check with niemeyer14:15
bigjoolsfwereade_: it's not a different style of test case, I only want the matchers.14:15
bigjoolsI'll see what he says14:16
=== bladernr_afk is now known as bladernr_
Psi-JackCurious.. Is Canonical still supporting AppArmor, and contributing to it's future? I ask because I noticed SELinux stuff starting to creep into Ubuntu.14:28
jdstrandPsi-Jack: absolutely. take a look at wiki.ubuntu.com/AppArmor14:30
andolPsi-Jack: Well, this might not be a full answer to your question, but Debian are doing a bit of work on SELinux, of some which also end up in Ubuntu.14:30
jdstrandPsi-Jack: Canonical has several AppArmor upstream developers in its employ and is doing significant work on AppArmor in general. It was under Canonical that AppArmor made it into the upstream kernel14:31
Psi-Jackandol: Ahhh14:31
Psi-JackNice. :)14:31
jdstrandPsi-Jack: it is healthier than ever. Like andol said, we inherit thinsg from Debian, and we do want SElinux to work, but AppArmor is the officially supported and maintained MAC in Ubuntu14:32
Psi-JackNice. Good to know, because I absolutely despise the over complexity that SELinux is.14:33
Psi-JackAppArmor, though, it isn't /quite/ as secure as SElinux itself is, it's not nearly as intrusive to the system by design, and is more neutral in setup, actually allowing you to work with any filesystem, even nfs, which SELinux can't do.14:34
Psi-JackI'm going to be working together basics to advanced documentation on AppArmor on my own site.14:36
SpamapSjamespage: around?14:49
jdstrandPsi-Jack: apparmor and selinux have had different requirements. apparmor behaves much like selinux's targeted policy, but without the complexity14:51
jdstrandPsi-Jack: selinux is better in certain environments, such as MLS. it also has a concept of dbus mediation and Xace. apparmor can do a sort of mls, but it is more difficult to setup. work is ongoing for dbus and X security14:52
Psi-JackHeh nice.,14:53
jdstrandfor general use, apparmor works very well14:53
jdstrandPsi-Jack: if you are documenting things for yourself, I suggest perusing http://wiki.apparmor.net/index.php/Documentation14:54
* SpamapS is hoping AppArmor + LXC becomes the new stanard for chroot jails. :)14:57
jdstrandyes, that is actually an area that apparmor is leading14:57
jdstrand(aiui)14:58
hallyngary_poster: jjohansen is working on bug 925024.  Not sure it needs to be escalated.  He was going to have a test kernel for me today.14:59
uvirtbotLaunchpad bug 925024 in lxc "apparmor makes it impossible to install postgresql-common on Precise" [High,Confirmed] https://launchpad.net/bugs/92502414:59
hallyngary_poster: as for bug 925028, yeah, i suspect it will need to be escalated15:00
uvirtbotLaunchpad bug 925028 in lxc "apparmor breaks lxc-start-ephemeral (apparmor+overlayfs returns -EINVAL)" [High,Confirmed] https://launchpad.net/bugs/92502815:00
hallynthat is, if you feel that lxc-start-ephemeral+apparmor is important15:00
hallyngary_poster: that is, we could set the policy so that lxc-start-ephemeral skips the apparmor policy.15:00
hallyn(as a workaround)15:00
hallynmind you, the features are there, so the feb 16 FF deadline is not a problem here - we just need to shake out the bugs before rlease15:01
hallynin contrast, the apparmor mount restrictions are a new feature, so they need to hit (in some form) before feb 1615:01
gary_posterhallyn, hm.  you are introducing apparmor not only as a nice way to tighten things down but because of real problems you've encountered with your sound card and so on, right?  If so, it seems like I'd prefer to have 925028 actually fixed, rather than apparmor disabled in that case.15:02
hallyngary_poster: the q would be, what workloads are you going to run in ephemeral containers15:03
hallynif it's all stuff you mainly trust and own, on secure networks, then it's not as important15:04
hallynyou're right of course, our goal is all containers to be secure :)  but that isn't going to happen for *real* until 14.04 LTS15:04
hallynthere *will* be ways to escape a container.  If only bc i haven't thought of them yet :)15:05
hallyn(i do try to track them at wiki.ubuntu.com/LxcSecurity, and think all cases so far are covered by our planned features.  but...)15:05
gary_poster14.04: heh, ok.  what workloads: yeah, we mostly trust and do own. :-)15:05
hallyngary_poster: right, so while i'd like it fixed, we ahve to realize that fixing it will take time away from other kernel team efforts15:06
hallyngary_poster: so whether or not to escalate it i think depends on your needs.  It at least doesnt' sabotage the whole lxc apparmor plans, like the other bug does15:07
Psi-Jackjdstrand: I'm writing a Basics 101 over now, but the overal purpose of my site is to educate others, from newbies to professional experts and what-not.15:07
Psi-JackBasically, I plan to have a more useful wiki than any other wiki out there. :)15:07
hallyn(if bug 925024 doesn't get solved, we're in trouble)15:07
uvirtbotLaunchpad bug 925024 in lxc "apparmor makes it impossible to install postgresql-common on Precise" [High,Confirmed] https://launchpad.net/bugs/92502415:07
Psi-Jack(One Ring to rule them all! heh)15:07
jdstrand:)15:08
gary_posterhallyn, fair enough.  So, I'm ok with disabling the apparmor profile for ephemeral, if you are willing to set that up.  I'm hopeful the bug won't be lost though--I'd prefer not to have to keep replying to the "is this fixed by the new kernel" bot.15:08
hallyngary_poster: there is a tag we can set on the bug to make that bot shut up15:08
gary_posteryeah I saw that15:09
gary_posterI'll do that15:09
hallynthanks :)15:09
hallyngary_poster: i'll go ask apw in #kernel whether he has time to look at it.15:09
gary_posterok thanks hallyn15:09
hallyndoes it help you to have the workaround right now?  or can we wait and hope for a real fix?15:10
gary_posterhallyn, we have automation disabling the apparmor entirely for us right now.  So we are not blocked; OTOH, we are also not testing further possible issues with apparmor integration15:10
hallyngary_poster: ok.  it's probably not worthwhile anyway given the more fundamental re-attach issue.  so i'll wait at least on that.  thanks.15:11
gary_postercool15:11
gary_posterthank you15:11
SpamapS"Telling someone that he looks very stupid, because he did something stupid is not a personal attack. It is a stating of the facts." -- Stefan Esser     LOL15:12
stgraberhallyn: can you import my patch from yesterday's upload into your git tree?15:25
hallynstgraber: will do15:26
stgraberhallyn: I also noticed another bug in lxc-create yesterday but haven't look exactly where it's coming from. If you run lxc-create -f with an invalid filename, it'll obviously fail but /var/lib/lxc/container will have been created (empty) and so will make the next lxc-create tell you it already exists15:26
hallynstgraber: i need to work on syncing some lxc-clone changes from upstream too (as we've diverted)15:27
hallynstgraber: sounds like bad cleanup on my part15:28
hallynboy, terrible lag here15:28
hallynstgraber: can i add your signed-off-by?15:29
stgraberhallyn: yep15:30
hallynstgraber: patch pushed15:32
stgraberthanks15:33
stgraberhallyn: I'm going to try and blog a bit about LXC again, posting something on the foreign arch containers today and hopefully something on the upstart changes next week (hoping they get merged by then). The at some point after feature freeze (likely close to release), another post on everything that changed since Oneiric (I've been doing these since karmic/lucid, kind of useful to get an idea of what was done).15:39
hallynstgraber: sounds good.  i was thinking i should blog on the backing store changes.  i guess i better hold off on the apparmor ones.15:41
hallynstgraber: i do intend to write a server guide section on lxc.  if you're interested in working on that (proofreading/rewriting) lemme know :)15:42
stgraberhallyn: yep, blogging on the backing store changes would be nice, and on apparmor/security for containers once we know exactly what we'll have for precise15:46
stgraberhallyn: I'm happy to at least proofread, potentially contribute if I find the time (and have something useful to contribute ;))15:46
mrevellbigjools, We don't really need a generic BAD state, do we? MISSING and FAILED_TESTS should cover pretty much everything. I'm struggling to come up with another BAD state that MaaS would be aware of.16:01
bigjoolsmrevell: I don't think so16:01
bigjoolsmrevell: I should have suggested AWOL instead of MISSING :)16:02
mrevellEven if it is in a some other bad state, I'm not sure we'd have a way to distinguish it for 12.04.16:02
mrevellbigjools, I suggested MIA :)16:02
smoserwoot. fun bug.16:12
smoserhttps://bugs.launchpad.net/ubuntu/+bug/92616016:12
uvirtbotLaunchpad bug 926160 in ubuntu "precise cloud-images significantly larger than oneiric" [Medium,Confirmed]16:12
VivekI am getting some directories in /var/log/orchestra with the I.P Addresses of newly commissioned nodes.16:18
VivekI am interested in finding out which part of the orchestra or rsyslog source code creates those directories.16:18
=== fenris is now known as Guest21494
=== Guest21494 is now known as ejat
uvirtbotNew bug: #926160 in ubuntu "precise cloud-images significantly larger than oneiric" [Medium,Confirmed] https://launchpad.net/bugs/92616016:21
RoyKhttp://paste.ubuntu.com/827766/16:22
SpamapSVivek: I believe the default pre-seed just points installed machines' rsyslogd at the orchestra-logging-server, and then the configs that orchestra adds to the orchestra-logging-server's rsyslogd sorts them out by ip16:22
VivekSo my issue is this16:24
VivekI have an 2 ethernet interfaces16:24
Viveketh0 in bridged more and eth1 in internal mode16:24
VivekI am running this on a virtualbox setup16:24
VivekI have configured dnsmasq to only server dhcp requests via eth116:25
VivekI am seeing directories in /var/log/orchestra/rsyslog in with I.P Adresses also in the eth0 range.16:26
Vivek/var/log/orchestra/rsyslog/10.x.x.x/2012/01/30/messages says16:28
Viveksorry its /var/log/orchestra/rsyslog/2012/01/30/10.x.x.x16:28
VivekThe log messages say16:28
VivekJan 30 18:22 10.x.x.x #015#012##01516:29
VivekAlso /var/log/orchestra/rsyslog/2012/01/30/orchestra/messages says16:29
VivekJan 30 18:22:30 orchestra sshd[6165]: Did not receive identification string16:30
Vivekfrom 10.x.x.x16:30
VivekMy eth0 is in the 10.x.x.x series and eth1 in 192.168.1.x series.16:30
VivekSpamapS: Any idea16:34
Vivek?16:34
Vivek:)16:34
VivekI am following kirkland's blog to deploy orchestra fleets.16:34
kirklandVivek: check with roaksoax, who has more current info than me16:47
kirklandVivek: I rolled off of the Orchestra project and left Canonical a few months back16:47
Vivekkirkland: Nice meeting you here.16:47
Vivekkirkland: ok16:48
kirklandVivek: likewise :-)16:48
VivekI am Vivek Varghese Cherian16:48
kirklandVivek: roaksoax is your huckleberry now :-)16:48
Vivekhttp://www.vivekcherian.com16:48
VivekI am with CSSCorp and we can Canonical's Channel Partners.16:48
VivekSure, I'll get in touch with roaksoax.16:49
VivekWhat times are roaksoax available ?16:49
VivekI am in the Indian Standard Time ( + 5.30 GMT).16:49
VivekThis is the first time I am getting a response in the channel and it's 10.20 PM here in India :)16:50
VivekI'll be leaving work in another 10 mins or so.16:50
Vivekkirkland: Do you suggest that I send a mail to the list ?16:50
Viveks/can/are16:53
VivekTypo a few lines back :)16:53
=== Lcawte|Away is now known as Lcawte
kirklandVivek: yeah, mailing the list would be the best bet16:58
kirklandVivek: ah, right, I remember you from CSSCorp now :-)16:59
kirklandVivek: roaksoax was on holiday this week, I think he's back next week16:59
kirklandVivek: he's typically either in Peru or Miami16:59
Vivekkirkland: ok16:59
kirklandVivek: I can point you to a few documents on Orchestra16:59
kirklandVivek: one second ...16:59
VivekPlease do.16:59
kirklandVivek: https://help.ubuntu.com/community/Orchestra17:00
=== glebihan_ is now known as glebihan
kirklandVivek: https://wiki.ubuntu.com/Kernel/Reference/Orchestra17:00
kirklandVivek: and if you've found by blog posts on orchestra, then that'll give you some background17:00
Vivekkirkland: Thanks.17:05
kirklandVivek: you bet, good luck17:05
Vivekkirkland: I need to say bye for now. Happy Weekend :)17:05
VivekThanks SpamapS for your inputs as well.17:06
kirklandVivek: one more contact would be Daviey17:06
kirklandVivek: he's usually in a UK timezone17:06
kirklandVivek: if that timing helps you any better17:06
Vivekok17:07
VivekBye for now17:07
loolhey all!17:15
loologra suggested that I ask here17:15
loolThe web indices for e.g. http://uec-images.ubuntu.com/precise/20120203/ which I think are generated from cdimage code say "For ARMv5t processors and above"; it's because for "armel" images we say "For ARMv5t processors and above." -- which was true in jaunty; since we don't really have any official ARM images for anything older than lucid which is ARMv7t2, I propose that we change it to ARMv7; is that ok?  would you rather have a different wording?17:15
lool(gosh 309 people in this chan)17:15
ogra_lool, also note that we dont have *any* plain armel (without subarch) images at all, i wonder how that got there17:16
loologra_: they might have plain armel images with separate aki?  no idea17:16
ogra_Daviey, ^^^ an idea ?17:16
loolI can see the case statement in the cdimage code though, so it's easy for me to fix an obviously incorrect string  ;-)17:16
ogra_feel free :)17:17
ogra_i'm still confused why they are built though17:17
koolhead17hi all17:18
loologra_: Ok; so I'm taking your ack for it and doing the change to "ARMv7" and changing armel to armel|armhf; if it's an issue, ping me and I will revert it17:18
ogra_no issue :)17:18
looloddly, that was already fixed in one of the two branches17:24
loollooks like there's a fork of the code somewhere or on an out of date copy17:24
loolwell, I'll see; I've pushed the public branch updates17:24
ogra_lool, oh, i think the cloud guys work off a fork, yeah17:32
=== CasmoNL_ is now known as CasmoNL
ogra_completely separate and not merged back yet iirc17:33
=== fenris is now known as Guest21540
=== Guest21540 is now known as ejat
robbiewlool: utlemming is the one to talk to18:08
utlemminglool: I'll get that fixed18:09
utlemminglool: I've update the string to "ARMv7"18:14
loolutlemming: Could you add a case statement for armhf too?  (see public cdimage branch)18:16
loolrobbiew: thanks18:16
robbiewlool: ;)18:17
loolutlemming: In fact, our current implementation for cdimages.ubuntu.com has case statements by platform to distinguish OMAP, i.MX51 etc. which you might want to consider if your image is platform specific18:17
utlemminglool: yup. We aren't quite ready to pulish the armhf images yet, but when we do, they will be identified properly.18:17
loolOk; thanks!18:17
utlemminglool: for the armel images, we have a generic one, and then we have an OMAP one (which has the bootloader, etc) on it. But you're right, we could make it a bit clearer18:18
aljosain oneiric is it enough to change data_directory in postgres conf or is PG_DATA configured somewhere for init/startup scripts?18:46
krauthi19:10
krautis there any ppa for a newer openssl version? i'm looking for 1.0.1 which includes the padlock engine.19:10
bjfroaksoax: http://pastebin.ubuntu.com/827959/    http://pastebin.ubuntu.com/827962/19:24
roaksoaxbjf: indeed weird. traffic gets denied apparently19:27
roaksoaxbjf: can you pastebin the squid config too please?19:28
bjfroaksoax: i assume squid3 (i still have /etc/squid/squid.conf after the upgrade19:33
roaksoaxbjf: bug #92473919:34
uvirtbotLaunchpad bug 924739 in squid3 "after upgrade from oneiric to precise, previous squid config unused, cannot be used when relocated" [Critical,Triaged] https://launchpad.net/bugs/92473919:34
bjfroaksoax: i'm emailing it to you since it's so large19:36
roaksoaxbjf: yeah seems to be an issue with squid rather than withorchestra as per the above bug report19:39
bjfroaksoax: i copied the /etc/squid/squid.conf over the /etc/squid3/squid.conf and restarted squid. unfortunately i get the same error (i'm going to double check what i did)19:41
adam_gbjf: try /etc/init.d/squid3 stop, squid3 -N19:42
adam_gand paste output19:43
bjfroaksoax: i wonder if part of the problem is that /etc/squid/squid.conf is a symlink to /usr/share/orchestra/conf/squid.conf19:43
=== sixstringsg|away is now known as sixstringsg
bjfadam_g: no output from the command. the cache.log is: http://pastebin.ubuntu.com/827990/19:46
bjfadam_g: also squid3 is upstart now so: "stop squid3"19:47
adam_gbjf: hehe yeah, init.d is an old habbit19:48
bjfadam_g: i ran "squid3 -z" and "squid3 -N" and it seems to be running now, will give it  a try19:48
adam_gbjf: (reads backlog) i was just working on bug 924739.. is there a bug for issue to get some context?19:49
uvirtbotLaunchpad bug 924739 in squid3 "after upgrade from oneiric to precise, previous squid config unused, cannot be used when relocated" [Critical,Triaged] https://launchpad.net/bugs/92473919:49
bjfadam_g: no, i just upgraded and looks like i hit that bug19:49
bjfadam_g: * it's alive *  on to the next issue but I think this one is fixed19:52
bjfadam_g, roaksoax: thanks for the assist19:52
adam_gbjf: np19:54
adam_groaksoax: we really need to make sure squid is transitioning smoothly for users, not just in context of orchestra but for ubuntu as a whole. issues like 924739  are going to bite *lots* of users19:55
adam_gsmoser: ^19:56
adam_gare there any other packages that went through similar transitions in times past?19:56
smoserbug 92473919:56
uvirtbotLaunchpad bug 924739 in squid3 "after upgrade from oneiric to precise, previous squid config unused, cannot be used when relocated" [Critical,Triaged] https://launchpad.net/bugs/92473919:56
smoseradam_g, definitely some packages have gone through such19:57
smoserzul, so...19:57
zullibvirt-lxc console19:57
smoserwhat i'm doing that was testing this was using: http://smoser.brickies.net/git/?p=tildabin.git;a=blob_plain;f=lxc-libvirt-root;hb=HEAD19:57
smoserand removing the '--console' at the end.19:58
smoserso it didn't connect to that console19:58
smoserthen...19:58
smoseri was just booting cirros root with it19:58
smoserand then doing whatever was supposed to "flush console"19:58
zulsmoser: right but the xml is different from what i use in openstack20:00
smoserzul, you have an example of what you have for lxc domain?20:00
zulsmoser: yeah gimme a sec20:01
smoserwell, you have:20:02
smoser        <console type='pty' tty='/dev/pts/2'>20:02
smoser            <source path='/dev/pts/2'/>20:02
smoser            <target port='0'/>20:02
smoser        </console>20:02
smoserbut that is almost certainly wrong20:02
smoserright?20:02
zulsmoser: http://paste.ubuntu.com/828010/20:03
smoserzul, is that different than trunk ?20:04
roaksoaxbjf: anytime20:04
roaksoaxadam_g: indeed20:04
* roaksoax is experiencing wifi issues20:04
zulsmoser: that is from trunk20:04
smoserstrange.20:05
smoserbecause http://paste.ubuntu.com/828015/ is what nova/virt/libvirt.xml.template looks like.20:05
smoserso maybe libvirt just ignores the tty= stuff ?20:06
smoserso anywahy...20:06
smoserhm..20:06
smoserzul, with your xml it doesn't change my experience20:10
smoserso you can test that locally.20:10
smoserit seems more direct path to me20:10
zulinteresting20:10
zulok ill play around20:10
=== guampa|2 is now known as guampa
ninjaihow can I completely reconfigure sendmail? I messed up my cfgs and I want to completely re-install it including configs20:26
ninjaithis is the line right here I see in the email header that I think is giving me problems: "Received: from mydomain.com (localhost [127.0.0.1])"20:44
ninjaimydomain.com isn't my domain20:44
ninjaiwell20:44
ninjaiit is in my windows network20:44
ninjaibut it used to say this: "Received: by atari (Postfix, from userid 1005)20:45
ninjai"20:45
ninjaimakes no sense >:(20:45
ninjaiI've already completely reconfigured sendmail/postfix to no avail20:45
ninjaiHead is about to explode20:45
ninjaiI suspect the above reason is why we are being rejected by clients20:45
ninjaiclients' mail servers20:45
jjohansenhallyn: http://people.canonical.com/~jj/linux-image-3.2.0-12-generic_3.2.0-12.21~aadentry_amd64.deb20:55
jjohansenthis is for bug#925028 but it should work for your other problems as well, consider it a fall back if I the simple labeling doesn't work out.  The patch for this will go in either way20:56
jjohansenI haven't gotten back to fixing the labeling between USNs and the above, but I am going to get back to it now will have it for you monday morning20:57
hallynjjohansen: thanks.  tbh i dont' completely understand the labeling you're talking about21:00
hallynpiloting this afternoon, will test tonight or tomorrow21:00
hallyngary_poster: ^ i suppose you could test that one as well if you have time21:00
gary_posterhallyn, not this second, but can on Monday if you want21:01
gary_posterhallyn, or in evening if necessary21:01
hallyngary_poster: no worries, i'll get to it then.  thanks.21:01
gary_posterok thank you hallyn21:01
hallynjjohansen: i'll reread your email and maybe the src to clue myself in better about the labeling.21:02
=== Lcawte is now known as Lcawte|Away
jjohansenhallyn: I'll dig out the doc I have been working on, its far from finished, and I am sure has more than a few errors in it21:08
hallynthx21:09
=== sixstringsg is now known as sixstringsg|away
adam_gSpamapS: ping21:13
tdelamhello, does anyone know of a good snooping/watch program to watch SSH users? I need to configure some stuff remotely on a server but I want to teach some juniors by allowing them to snoop while I set up.21:32
guntberttdelam: look at http://ubuntuforums.org/showthread.php?t=29928621:36
tdelamthanks21:37
=== dduffey is now known as dduffey_afk
guntberttdelam: you're welcome :-) (and please don't cross-post in the future :-))21:38
tdelamguntbert: I didn't mean to, I realized afterwards that my question has nothing to do with Ubuntu but Ubuntu server.21:39
guntberttdelam: its ok :)  no harm done21:39
tdelam:) thanks, my apologies.21:39
tdelamwow, that is pretty sweet.21:41
guntberttdelam: is it ok for you? btw thank you for giving me that idea :)21:44
Potatoe_I am trying to do rate limiting with iptables but I can't go past about 20 in the hit count field. "iptables -I INPUT -p udp --dport 5060 -m recent --update --seconds 1 --hitcount 16 -j DROP" Any suggestion on how I could do this with 30 seconds and 5000 as the --hitcount ?21:56
tdelamguntbert: welcome :) and yea it works flawlessly21:59
tdelamI just tested it out, I'll make good use of this for training some guys on Monday21:59
guntberttdelam: so will I on the next occasion :)22:00
tdelamI never knew I could do that with screen, it's very easy22:01
=== Lcawte|Away is now known as Lcawte
=== arosales1 is now known as arosales
ChrysippusHello.  I'm in the process of evaluating servers.  Has Ubuntu-Server adopted the proposed move to systemd init and logging?22:45
kerframilno22:50
kerframilto put that it into perspective: https://undacuvabrutha.wordpress.com/2011/04/29/why-ubuntu-should-continue-with-upstart-for-11-10/22:52
Chrysippuskerframil: Thanks for the link.  That's the answer I was hoping for.  I'm very new to Ubuntu -- is that an authroitative position?  It sound so, from content and tone.   I'm seeking a distribution with a server-centric community that'll server as a stable core on which to keep up to date with modern kernels and latest Xen.   The collection of L.P.-tech - from Pulse Audio, to Systemd, libcanberra, avahi, the list goes on - that's being blindly22:57
Chrysippusadopted by some distributions has had me concerned.22:57
kerframilChrysippus: likewise23:00
kerframilChrysippus: I don't even like upstart particularly. in any case, jumping on to a bandwagon at that juncture would have been madness.23:00
ChrysippusI'm not particularly well-versed in 'upstart' either.  My own requirements with regards to init & syslogging are -- let *me* sensibly manage server daemons, stop breaking things, and stop messing with rsyslogd.23:00
kerframilChrysippus: amen!23:00
kerframilChrysippus: things such as these are bothersome also: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/531331/comments/1823:03
uvirtbotLaunchpad bug 531331 in plymouth "Remove plymouth destroying system" [Undecided,Invalid]23:03
ChrysippusIs Ubuntu-Server targeted more as server distro to be used as provided, or one on which more modern packaging & backports are readily available, &/or source builds from upstream projects don't require endless patching?  I'm specfically looking to Xen.  I've found binaries in Ubuntue packaging for 4.1.1 so far, which lags behind upstream.23:05
hallynrbasak: I'm confused on bug 879666.  Is there any reason not to JFDI?23:05
uvirtbotLaunchpad bug 879666 in nova "chown error for console.fifo when launching vm" [Medium,New] https://launchpad.net/bugs/87966623:05
kerframilChrysippus: I can't give a neutral answer, as I am someone who administers Ubuntu simply because I have to. I don't think it's targetted at all; rather, I think it prevails on branding. obviously, you should draw your conclusions based on your particular needs.23:06
hallynjtaylor: tbh i was hoping stgraber or slangasek would look at that one.  but maybe i should man up...23:07
hallyn(oops, wrong chan)23:08
Chrysippuskerframil: I'm in the process of gathering data, so that I might draw those conclusions.  I don't particularly trust neutral answers.   I'm more a fan of opinions based on expertise and opinion.  But noted.23:08
kerframilChrysippus: well, let's just say I wouldn't want to irk anyone in the course of expressing my views ;)23:09
Chrysippuskerframil: Shame that that's the way of things these days, but understood.23:12
kerframilChrysippus: you mentioned building a custom kernel. that's a requirement in these quarters for several reasons, one of which is that the stock kernel crashed on us from time to time. packaging and distributing a kernel isn't so hard, but I had issues with userland hanging (plymouth related and where I knew the kernel itself wasn't to blame). now, I see to have a solution though gutting out various upstart scripts entirely.23:24
kerframilChrysippus: this process is now enshrined in a puppet manifest23:25
kerframilseem*23:25
ChrysippusAre 'modern' kernels (e.g., 3.2.x + pvops) available in Ubu-Server packaging?23:26
kerframilChrysippus: you could try looking through the personal package archives collection I suppose. if you know how to build a kernel, I really wouldn't bother. the more distros I experience, the more I find the downstream process to be a hindrance rather than a help to getting things done. building a kernel isn't hard and, to be fair, the make-pkg utility does package it up into a deb without undue fuss.23:30
Chrysippuskerframil: On Solaris, I never bothered with kernel builds.  On FreeBSD, kernel builds were trivial.  I assume there's not too great of a difference for Ubu-Server, or Linux in general.  Adding Xen into consideration complicates the details a bit.23:30
kerframilmake-kpkg, sorry23:30
cwillu_at_workChrysippus, ubuntu has vanilla kernel debs available of everything including rc's and nightlies23:31
cwillu_at_workno security updates on them beyond what kernel.org releases though23:31
kerframilChrysippus: if you have that kind of experience, you can adapt to Linux easily enough. at the end of the day, you can unpack sources, configure and make without faffing around with distro idioms. as I say, debian/ubuntu's make-kpkg tool does work fairly well if you want to distribute. I'll give it that.23:32
cwillu_at_workhttp://kernel.ubuntu.com/~kernel-ppa/mainline/23:32
kerframilcwillu_at_work: not that I'd use these (need certain patches) but good to know, thanks23:32
Chrysippuscwillu_at_work: And the rest of UbuServer runs relatively happily on top of these vanilla kernels?  From my reading, that's not the case with all Linux distros.23:33
cwillu_at_workChrysippus, it's the case with most23:33
cwillu_at_workI actually run pretty much all my machines off those kernels23:33
kerframilChrysippus: I found it to be awkward for the reasons noted above. if you want the details, feel free to drop me an email. been a long day and don't really want to go through the particulars. there are a few things you have to be careful about, for instance devtmpfs support is a requirement.23:34
kerframilChrysippus: I can boot reliably now - and without an initramfs23:34
Chrysippuscwillu_at_work: Any of them running modern Xen, if I may ask?23:34
cwillu_at_workChrysippus, I use kvm23:34
Chrysippuskerframil: I'll keep the offer in mind, thanks.  May revisit, but need to do my homework first.23:35
ChrysippusAt the very least, it sounds like "here" there's a community interested in and focussed on server issues.  A lot less chatter re: desktop apps.23:36
kerframilChrysippus: the endless desktop churn is a veritable yawn fest to me also23:37
ChrysippusFor use cases such as we've been chatting about, what about the "UbuServer vs Debian" choice? I have zero interest in the religious wars between communities, and am only interested in the functional advantages of one versus the other.  Much of what I've read about Canonical/Ubuntu contributions has been focussed on the desktop user.  I simply do not yet know what, if any, are the substantive differentiators on the server-side.23:50
ChrysippusSorry kerframil ^^23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!