[01:04] <Super_Dog> Dinking around with AjaxPlorer.  Install instructions say "Make sure that the « data » sub-folder is writeable by the webserver."
[01:05] <Super_Dog> Anybody have recommendations on the property "sudo chmod -R" command for that?  I'm crappy with permissions...
[01:06] <patdk-lap> would be more than that
[01:06] <patdk-lap> unless you make it writable by all
[01:06] <Super_Dog> Writable by all would be a little bad wouldn't it.... :-(
[01:06] <patdk-lap> depends on many things, but generally, yes
[01:08] <Super_Dog> Correct me if I'm wrong, but can you assign 755 to just the "www-data" user....  Wouldn't that do the trick in Ubuntu?
[01:09] <patdk-lap> yes, and kill whoever needed to edit/modify/... it
[01:09] <patdk-lap> plus means the web user has more permissions than probably needed, like making changes to that program itself
[01:09] <patdk-lap> normally you just set the group to www-data
[01:09] <patdk-lap> and give group write access to what is needed
[01:10] <airtonix> Super_Dog: i usually add my user to the www-data group and set the permissions to 775
[01:10] <Super_Dog> Do you mean 775 or 755?
[01:10] <airtonix> then chown www-data:www-data /var/www -R
[01:11] <airtonix> Super_Dog: i mean 775
[01:11] <patdk-lap> that is way overkill
[01:11] <airtonix> how is it overkill?
[01:11] <patdk-lap> just like I said above
[01:11] <patdk-lap> the webuser can EDIT and MODIFY anything in the program
[01:12] <airtonix> and yourself?
[01:12] <airtonix> nothing?
[01:12] <patdk-lap> leave user alone, why change it?
[01:12] <airtonix> because it needs to actually do stuff?
[01:12] <patdk-lap> heh?
[01:12] <Super_Dog> Am trying to just AjaxPlorer....
[01:12] <patdk-lap> since when does the user have anything to do with that?
[01:12] <airtonix> it's pretty awesome having a /var/www that you can't even setup stuff in
[01:13] <Super_Dog> Am a moderately experienced Ubuntu desktop user and relatively new to the Ubuntu Server platform
[01:13] <airtonix> patdk-lap: oh i don't know, perhaps when you need to : git clone repourl:project-name ./project
[01:13] <patdk-lap> hmm?
[01:13] <airtonix> but hey, maybe the "webuser" magically does this with ESP
[01:14] <patdk-lap> why am I git cloning a website?
[01:14] <airtonix> if you need to ask that question, then i am at a loss for words
[01:14] <patdk-lap> I wouldn't do it into /var/www
[01:15] <Super_Dog> Guys... I didn't understand a single thing you are talking about... :-)
[01:15] <patdk-lap> I keep the websites owned by a user
[01:15] <patdk-lap> and let the webserver access it
[01:15] <patdk-lap> no reason for the webserver to own it
[01:15] <airtonix> patdk-lap: and then the www-data user can't write... more awesome
[01:15] <patdk-lap> why can't it write?
[01:15] <airtonix> because it doesn't own it?
[01:15] <airtonix> because you left it at 755
[01:16] <patdk-lap> as I said, that is what I use group permissions for
[01:16] <patdk-lap> who said I left it at 755?
[01:16] <patdk-lap> did you not read ANYTHING I said?
 yes, and kill whoever needed to edit/modify/... it
[01:16] <patdk-lap>  plus means the web user has more permissions than probably needed, like making changes to that program itself
[01:16] <patdk-lap>  normally you just set the group to www-data
[01:16] <patdk-lap>  and give group write access to what is needed
[01:17] <Super_Dog> So let's say I'm a normal human being that doesn't know Ubuntu from his elbow....  When they tell me in the install manual to, "Make sure that the « data » sub-folder is writeable by the webserver" what do I do when it appears I have successfully installed the LAMP stack in Ubuntu?
[01:18] <Super_Dog> I have a www-data group it appears....
[01:18] <Super_Dog> I presume that is the user that has privileges in the /var/www directory....
[01:19] <airtonix> apparently you only let "A Group" write to "A Folder", then when your application fails becuase it can't write you come back here
[01:19] <Super_Dog> Airtonix:  You said "I usually add my user to the www-data group and set the permissions to 775"...  Pray what command do you issue to make that happen?
[01:19] <airtonix> Super_Dog: ls -al /var/www will show you what user and group have ownership
[01:20] <airtonix> Super_Dog: you add users to groups with : sudo adduser USERNAME GROUPNAME
[01:21] <airtonix> Super_Dog: you set permission bits with : sudo chmod 775 PATHNAME [ -R ] << where -R is optionally recursive
[01:21] <Super_Dog> ok  so if I have a user joseph I could issue:  sudo adduser joseph www-data       ?
[01:21] <airtonix> Super_Dog: apparently you should be making a group called "AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder"
[01:22] <airtonix> and adding yourself to that group, then change ownership of your virtualhost folder under /var/www to be owned by taht group with : sudo chown :AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder /var/www/VIRTUALHOST_FOLDER -R
[01:26] <Super_Dog> It says that user 'joseph' is already a member of `www-data'.
[01:32] <Super_Dog> sudo chmod 775 /var/www/ajaxplorer/data -R    - Does this look right?
[01:33] <Super_Dog> I've added the users who should have access to this to the "www-data" group it appears....
[01:36] <Super_Dog> Guys....  Only works when I do following:
[01:36] <Super_Dog> sudo chmod 777 /var/www/ajaxplorer/data -R
[01:37] <Super_Dog> I know that's probably bad.... (Sorry, permissions have been the bane of my existence and I am an admitted retarded idiot when it comes to Ubuntu Server permissions.)
[01:37] <Super_Dog> Any ideas?
[02:52] <taipres> there any issues
[02:53] <taipres> with latest ubuntu server edition(went 32bit to save memory)
[02:53] <airtonix> save memory?
[02:54] <taipres> yeah
[02:54] <taipres> 64bit version naturally uses more
[03:02] <taipres> I choose ubuntu over centos because ubuntu just easier for me to compile stuff
[03:02] <taipres> but need kind memory usage
[03:14] <patdk-lap> hmm, 10.04 32bit installs with only 23megs ram usage
[03:47] <taipres> sudo apt-get install lighttpd php5-cgi
[03:47] <taipres> says it can't find either package, any ideas?
[03:48] <qman__> have you enabled universe?
[03:49] <qman__> I don't think those are in main, though I could be wrong
[03:49] <taipres> qman no
[03:49] <taipres> how do I do that
[03:49] <qman__> sudo vi /etc/apt/sources.list, uncomment the lines in the universe section
[03:49] <qman__> sudo apt-get update
[03:50] <taipres> this isn't gonna install a bunch of intense apps right? my only constraint is memory
[03:50] <taipres> 256MB
[03:50] <qman__> no, it will only allow you to install more software
[03:50] <qman__> it doesn't install more software by itself
[03:50] <taipres> thanks
[03:51] <patdk-lap> you won't be doing large downloads from php will you?
[03:51] <qman__> it will use slightly more disk space to cache the available packages
[03:52] <qman__> but we're talking kilobytes
[03:52] <taipres> don't see any lines commented
[03:52] <taipres> I see
[03:52] <taipres> deb http://archive.ubuntu.com/ubuntu natty main restricted universe
[03:52] <taipres> deb http://archive.ubuntu.com/ubuntu natty-updates main restricted universe
[03:52] <taipres> deb http://archive.ubuntu.com/ubuntu natty-security main restricted universe
[03:52] <taipres> last one is deb http://archive.canonical.com/ubuntu natty partner
[03:53] <taipres> patdk and no, no php big downloads
[03:54] <taipres> although my VPS is on a 1Gbps hehe, and cpu is good
[03:54] <taipres> php probably uses lot of mem for big downloads
[03:54] <patdk-lap> no, lighttpd does
[03:54] <patdk-lap> lighttpd buffers anything external into ram
[03:55] <taipres> really? I thought that was the point
[03:55] <taipres> low memory consumption
[03:55] <patdk-lap> so if you send a large file via php/proxy/...
[03:55] <patdk-lap> no
[03:55] <patdk-lap> lighttpd isn't about low memory comsumtion
[03:55] <patdk-lap> it's about being fast
[03:55] <taipres> "With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)"
[03:55] <patdk-lap> it normally uses small memory
[03:55] <patdk-lap> but it buffers first
[03:56] <taipres> herm, well do you recommend a different web server then?
[03:56] <patdk-lap> if you send a 1gig file from php, lighttpd will allocate 1gig of ram to hold it
[03:56] <taipres> if I go over 256 is goes into vswap
[03:56] <taipres> have anothre 256 there too
[03:56] <patdk-lap> well, normally you don't have to worry about it, don't send large files, or if you must, use x-sendfile
[03:56] <qman__> FYI, I run apache on real hardware with 256MB
[03:56] <qman__> along with plenty of other stuff
[03:56] <qman__> without any issues
[03:56] <taipres> apache dies easy though
[03:57] <taipres> is the reason i'm using alternative web server
[03:57]  * patdk-lap has never seen apache die
[03:57] <qman__> same
[03:57] <taipres> http://www.kalzumeus.com/2010/06/19/running-apache-on-a-memory-constrained-vps/
[03:57] <patdk-lap> most likely you use bad apache modules
[03:57] <taipres> this guy has
[03:57] <taipres> claimed it was lot of traffic and apaches keep alive default time
[03:57] <qman__> that's all adjustable
[03:57] <patdk-lap> apache died for him cause of bad config
[03:58] <qman__> and more likely a problem with the VPS software
[03:58] <patdk-lap> and he hitting the oom
[03:58] <patdk-lap> not apaches fault
[03:58] <qman__> not saying don't try other things, just that apache is not the culprit here
[03:58] <taipres> so you think apache is better at mem than lighthttpd?
[03:59] <patdk-lap> I never said that
[03:59] <taipres> i've never really heard apache described as anything besides bloated and complicated config
[03:59] <patdk-lap> I use lighttpd, and love it, and it is low mem for me
[03:59] <taipres> I use it with xamp and my regular server but is pre config so
[03:59] <patdk-lap> but it does BUFFER first, than attempt to stay low mem
[03:59] <taipres> ok
[03:59] <patdk-lap> so it is possible for lighttpd to use gigabytes of ram, easily, if you are stupid enough to let it
[03:59] <qman__> configuring apache is not very complicated
[03:59] <taipres> so any ideas why I can't get this download to work? when config file seems ok?
[04:00] <qman__> it's bloated compared to minimalist servers, but not compared to other featureful servers
[04:00] <taipres> i'm gonna google regardless but if you know i'dr ather not waste hours
[04:00] <qman__> have you done apt-get update?
[04:01] <taipres> doing that right now
[04:01] <patdk-lap> heh, you always update, before attempting to install
[04:01] <patdk-lap> package versions change often
[04:01] <taipres> ;D
[04:01] <qman__> for example, IME, apache blows IIS7 out of the water in terms of performance
[04:01] <qman__> it's all relative
[04:01] <taipres> is IIS suppose to be good?
[04:02] <qman__> if you ask microsoft it is
[04:02] <taipres> I just remember in the 90's all the flood of exploits for it
[04:02] <patdk-lap> heh for iis7?
[04:02] <taipres> never read about performance
[04:02] <taipres> nah older iis i'm sure
[04:02] <patdk-lap> iis5 wasn't nice
[04:02] <patdk-lap> iis6 is ok
[04:02] <patdk-lap> iis7 has been good so far
[04:02] <qman__> yeah, iis5 was the disaster area
[04:02] <taipres> the update fixed it, thanks
[04:02] <qman__> they learned the lesson for the most part and have tried to be secure by default
[04:03] <taipres> nice :D
[04:03] <taipres> I wish windows had more linux like everything only a few commands away
[04:03]  * patdk-lap still puts apache + mod_security infront of iis
[04:03] <taipres> that's only thing i really like about linux
[04:03] <patdk-lap> start using powershell? :)
[04:03] <qman__> in my opinion, powershell tried to fix that, but failed miserably
[04:03] <qman__> it's so obtuse and awkward, it just doesn't work
[04:04] <patdk-lap> ya, I made some mixed powershell + vbs scripts, that work good though
[04:04] <taipres> that's unfortunate
[04:04] <taipres> I love me some VBS scripts
[04:04] <patdk-lap> confusing as hell, that you talk both languages in one file, but you can't mix them
[04:04] <taipres> COM rocks
[04:04] <qman__> powershell is useful but it's not smooth or cohesive
[04:04] <qman__> nothing like bash
[04:05] <patdk-lap> man, I made a private key, and I can't locate it anywhere
[04:05] <taipres> microsofts one framework is really nice too, the one to get all the info
[04:05] <qman__> also, you can cause a BSOD by running ps | kill
[04:05] <taipres> can't think of the name, wrote enough code to use it, you'd think i'd know
[04:06] <taipres> vbs can access it too
[04:06] <taipres> oh WMI
[04:07] <taipres> can evne control CPU speed with it, with some computers
[04:07] <taipres> comes on all windows that I know of
[04:07] <taipres> or CPU fan speed rather
[04:08] <taipres> linux memory management also threw me for a loop when i spent hours trying to figure out why I couldn't free memory allocated with pthread stack
[04:09] <taipres> like I could on windows, turns out linux sees memory different, if its not used it's considered wasted
[04:10] <taipres> but then again even at max mem swap was never touched, so I guess it's really just cached mem not the actually stats
[04:11] <qman__> yeah, you have to count less buffers and cache
[04:11] <taipres> http://www.slideshare.net/haish/linux-memory-consumption good overview
[04:11] <qman__> the kernel is very good at utilizing free memory to speed up the system
[04:12] <taipres> qman makes sense
[04:12] <taipres> just makes me uncomfortable when I see 90% used
[04:12] <taipres> but i'll get use to it
[04:13] <taipres> if it bothers me that much may just switch from pthreads to forks, because when the processes are killed they free
[04:17] <linocisco> who is using vbox with ubuntu server?
[04:18] <linocisco> I can't mount vbox guest addition cdrom on ubuntu guest server
[04:18] <patdk-lap> no one?
[04:18] <linocisco> no one
[04:18] <qman__> that's going to be a question for virtualbox people
[04:18] <qman__> unless they included a deb for it, it's probably not going to work
[04:19] <linocisco> i was asking there
[04:20] <linocisco> no one is responsive after a while.
[04:20] <taipres> they're a pretty active bunch at times they may just not know
[04:20] <taipres> you try googling?
[04:24] <taipres> got lighthttpd and php going well, fastcgi enabled too
[04:24] <taipres> ubuntu rocks, now need to go after mysql, heard it's a memory pig
[04:25] <linocisco> how to clear all iptables entries?
[04:25] <patdk-lap> mysql is hardly a memory hog
[04:25] <taipres> patdk-lap that's good then :)
[04:25] <linocisco> how to clear all iptables entries? all know it is to list with "iptables -L" but I dont know how to clear.
[04:31] <linocisco> hi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet
[04:34] <linocisco> hi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet
[04:37] <SpamapS> linocisco: iptables -F
[04:37] <SpamapS> linocisco: note that this only flushes the *filter* table.. there are others... 'man iptables' will explain them
[04:38] <linocisco> SpamapS, thanks. I would try. btw, could you also look at http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte
[04:38] <linocisco> SpamapS, i dont know why mine is not successful like that
[04:47] <SpamapS> linocisco: I think I have an answer for that one.
[04:51] <airtonix> why does /etc/resolv.conf have to be a symlink?
[04:52] <SpamapS> airtonix: it doesn't!
[04:52] <airtonix> SpamapS: apparently it does!
[04:53] <SpamapS> airtonix: but, without resolvconf, you won't adapt to network changes properly
[04:53] <airtonix> SpamapS: who said anything about not having a resolvconf?
[04:53] <SpamapS> airtonix: the package resolvconf
[04:54] <airtonix> 1. install bind 2. rm /etc/resolv.conf 3. echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf 4. sudo service bind restart 5. recieve error 6. slow clap
[04:54] <airtonix> so again...
[04:54] <SpamapS> airtonix: apt-get remove resolvconf
[04:54] <airtonix> why would i do that on a server ? i didn't install it
[04:55] <SpamapS> its part of ubuntu-minimal
[04:55] <airtonix> shouldn't ubuntu server require the software it's installed with by default?
[04:55] <airtonix> since you know... that's the image i installed.. ubuntu-server
[04:55] <SpamapS> but its only Priority: important , so you can remove it
[04:55] <SpamapS> airtonix: no, a lot of that stuff is there as a convenience.
[04:56] <airtonix> could have fooled me
[04:56] <SpamapS> airtonix: resolvconf is actually quite handy for dealing with a dynamic environment. And for static environments, it should leave your stuff alone.
[04:56] <airtonix> i'm on ubuntu-server... i install bind.. i expect to not have problems like this
[04:58] <SpamapS> airtonix: I can see that you've been inconvenienced by this, and you have an idea of how you'd like things to work. Now is a great time to file a bug report. Perhaps against 'ubuntu-minimal' with 'apport-bug ubuntu-minimal'
[04:58] <airtonix> so here is what will happen. i'll take your word for it that resolvconf isn't required by anything else, i'll remove it and my server will die.
[04:59] <Super_Dog> Anybody run across this before?  http://pastebin.com/LqvtaJQK
[04:59] <airtonix> large flames will consume it
[04:59] <Super_Dog> set locale problem?
[04:59] <SpamapS> airtonix: if your server dies because you remove resolvconf, then something did not declare the dependency properly and that is most *definitely* a bug.
[05:03] <SpamapS> airtonix: btw, if you read 'man resolvconf' it explains how to make sure your static interfaces push their configs into resolv.conf
[05:05]  * SpamapS notices that 'man interfaces' doesn't explain this, nor does 'man resolvconf' .. filing bugs
[05:35] <jayjay> hey
[05:35] <jayjay> is anyone online :)
[05:36] <SpamapS> airtonix: bug was already reported almost a month ago btw: bug #934237
[05:36] <jayjay> cool
[05:36] <SpamapS> airtonix: did your server imoliate itself yet?
[05:36] <jayjay> hey I'm having some issues transferring my ssh key
[05:37] <jayjay> i keep getting a connecting timed iout error
[05:37] <airtonix> yes it's currently a hazard zone now
[05:38] <jayjay> any tips? I'm kinda scared to keep ssh running right now :S
[05:38] <jayjay> there have been 4 attempts to hack it with multiple ip's today
[05:38] <SpamapS> jayjay: sorry, I don't understand the question. How are you trying to "transfer your ssh key" ?
[05:39] <jayjay> Sorry i was not clear. I am trying to transfer my ssh key from my ubuntu 10.04 server onto my laptop with this command ssh-copy-id <username>@<host>
[05:40] <jayjay> i keep getting this error ssh: connect to host XXX.XXX.XX.XX port 22: Connection timed out
[05:41] <qman__> then you either have the wrong address or it's firewalled
[05:42] <jayjay> its firewalled
[05:42] <jayjay> i have shorewall installed
[05:42] <jayjay> but i users the shore wall stop command
[05:43] <jayjay> do i need to remove shore wall to be able to do this?
[05:43] <qman__> not likely
[05:43] <qman__> you need to add an exception
[05:43] <jayjay> i can connect to ssh via my laptop
[05:43] <jayjay> i just can't transfer the key
[05:43] <jayjay> i added an exception for ssh
[05:44] <jayjay> SSH/ACCEPT	net		$FW
[05:44] <qman__> wait, are you trying to connect to SSH on the server, or on the laptop?
[05:45] <qman__> because if you're trying to connect to the server from the laptop, you need to also transfer the key to the server from the laptop
[05:45] <qman__> the client's key needs to be placed on the ssh server
[05:45] <jayjay> oh?
[05:46] <jayjay> the laptop is the client
[05:46] <jayjay> the desktop is the server
[05:46] <qman__> then you need to run ssh-copy-id on the laptop
[05:46] <jayjay> yes i just ran that command from the laptop as ssh-copy-id SERVER IP
[05:47] <jayjay> it worked this time =D
[05:48] <jayjay> test
[05:48] <qman__> yeah, it always goes that way
[05:48] <jayjay> ok after the command, it asked me to enter my password
[05:48] <qman__> I was unsure because all my linux boxes run sshd
[05:48] <jayjay> can i disable the password in the ssh config file and still be able to connect to the ssh server?
[05:49] <qman__> the way ssh-copy-id works, it logs in over SSH to copy the key
[05:49] <qman__> after that, you should be able to log in without entering an SSH password
[05:49] <qman__> though you may have to enter a key password, depending on how you created the key
[05:50] <jayjay> no i did not
[05:50] <jayjay> when i made the key i left the password option blank
[05:50] <qman__> ok, in addition to that, your client has to actually look for and use the key
[05:50] <qman__> I'm guessing since ssh-copy-id worked, it'll use it
[05:51] <qman__> default is ~/.ssh/id_rsa
[05:53] <jayjay> Uhgggg now my laptop will not connect to it at all :I
[05:57] <jayjay> :(
[05:57] <jayjay> i give up at this ssh key thing
[05:58] <jayjay> LOL wtf i just started my firewall backup and now its letting me connect to it but still requires a password
[06:11] <airtonix> jayjay: if you want to auto login with pub/priv key from laptop to server then you send the public version of your key set on the laptop to the servers ~/.sssh/authorized_keys (or just paste it in there and chmod it and the directory ~/.ssh/ 700)
[06:11] <airtonix> *i mean ~/.ssh
[06:13] <airtonix> jayjay: another unfortunate and undocumented side effect of using pub/priv keys is that when you have more than 7, the ssh-agent on the machine you are sitting at will only check if the first 7 (you never know which 7)  are valid for logging into the remote machine.
[06:13] <airtonix> more than 7 local ssh keys
[06:14] <airtonix> jayjay: even setting a shortcut in ~/.ssh/config on your local machine will not circumvent this. you unfortunately have to: SSH_AGENT= ssh user@remote -i ~/.ssh/id_rsa
[06:14] <airtonix> which is to mean that you have t set SSH_AGENT= (to nothing)
[06:15] <airtonix> at least i think it's SSH_AGENT
[06:18] <taipres> finally got phpmyadmin working, lighttpd needed alias edit
[06:18] <taipres> it's a hideous version though
[06:18] <taipres> ugh
[06:18] <taipres> i'm hoping ubuntu repository has the latest
[06:19] <taipres> ut oh, says it is the latest
[06:19] <taipres> it's not.
[06:20] <taipres> i'll try main ubuntu channel
[06:38] <taipres> isn't bleeding edge version of ubuntu, so have to compile phpmyadmin from source
[06:55] <taipres> have a good one gentlemen
[06:57] <linocisco> squid proxy with two NIC (one for WAN and one for LAN) possible?
[07:35] <linocisco> squid proxy with two NIC (one for WAN and one for LAN) possible?
[07:40] <linocisco> squid proxy with two NIC (one for WAN and one for LAN) possible?
[07:48] <kraut> there is no reason for repeating yourself
[07:48] <kraut> and yes, why not? if the connectivity is fine, squid would be fine.
[07:50] <RoyK> linocisco: I don't see why not...
[07:51] <linocisco> i never had internet through squid on vbox
[07:51] <linocisco> that is why now I am testing zentyal
[08:00] <_ruben> 2+ legged squids are much more common than single legged squids i'd say
[08:11] <linocisco> RoyK, I made iptables and i configure squid with just http_acccess 3128
[08:11] <linocisco> _ruben, I long waited to see internet through squid.never worked
[08:12] <linocisco> _ruben, but all my testing was on Vbox
[08:14] <RoyK> linocisco: it should work - if it doesn't, you've probably made an error somewhere. don't start messing around with iptables until you know everything else is working
[08:15] <linocisco> RoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4 forward=1
[08:22] <_ruben> you're combining all kinds of stuff that are not directly related .. how do you want to use squid? as a manually configured proxy in clients, or as a transparent proxy, or ..?
[08:25] <linocisco> _ruben, first of all, i want manually
[08:26] <_ruben> in case, iptables won't be needed at all
[08:26] <_ruben> in that case*
[08:41] <lynxman> morning o/
[08:41] <io> lynxman: hi!
[08:42] <lynxman> io: ello :)
[08:50] <linocisco> _ruben, how could route between two NIC cards, WAN and LAN card?
[08:52] <_ruben> squid's a proxy, not a router
[08:53] <_ruben> a proxy works on a higher (osi layer) level than a router, basically
[08:54] <_ruben> eg: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/what-is-masq.html
[08:57] <linocisco> I want to know exactly how to handle squid with two LAN cards(one is WAN and one is LAN). that is so clear that all LAN clients should get internet from that proxy
[08:59] <_ruben> the number of network cards really has zero influence on how squid works and/or needs to be configured
[09:00] <_ruben> the squid box itself has properly working internet access i assume?
[09:01] <jibel> jamespage, SpamapS  do you know why lamp_reboot post-install test keeps failing  ? It seems that php code is not interpreted. Is it a bug in the test or real issue ?
[09:17] <jamespage> jibel: not sure - I'll try to take a look today
[09:17] <rye_> Hello, I am curious about the status of bug #935585 - I am experiencing this issue, the bug report has a branch attached but no status changes, is it being tracked for release?
[09:17] <jamespage> lynxman, reviewing the rabbitmq-server debdiff (again)
[09:17] <jamespage> morning Daviey
[09:17] <lynxman> jamespage: cool beans :)
[09:29] <koolhead17> hello all
[09:35] <RoyK> linocisco: yes
[09:35] <linocisco> yes for what? sorry i cleared previous msgs
[09:37] <RoyK> 09:15 < linocisco> RoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4  forward=1
[09:40] <linocisco> RoyK, yes. so i need iptables anyway
[09:41] <RoyK> linocisco: adding that masq rule won't hurt
[09:42] <linocisco> is there any precise guide?
[09:42] <RoyK> and you'll need another to do transparent proxying…
[09:42] <RoyK> guide to what?
[09:42] <linocisco> guide to (squid with two NICs(wan+LAN))
[09:43] <RoyK> google ip masquerading
[09:43] <RoyK> it's rather simple, really
[09:43] <linocisco> it is easier said than done.
[09:44] <RoyK> linocisco: yes, most things are, but google it, please, it really is simple
[09:45] <linocisco> RoyK, yes. I really want to blame myself as I really could not get it. and dying to feel myself as useless
[09:46]  * RoyK goes to do something useful
[10:21] <jjohansen> stgraber: I replicated the rbind mount error in isolation, and fixed it you can try the parser at people.canonical.com/~jj/apparmor_parser, just drop it over the one in /sbin/
[10:21] <jjohansen> /me will work with jdstrand to get it into the archive today
[10:21] <jjohansen> /me hasn't tried it in a container yet, my container is failing with an error before hit the apparmor confinement, and I haven't had time to look into it yet.
[10:21] <jjohansen> Sorry its been one of those weekends (son + accident => hospital kind)
[11:39] <koolhead17> nijaba: around
[11:40] <nijaba> koolhead17: hello
[11:41] <koolhead17> nijaba: what was the client you suggested instead postfix.
[11:42] <nijaba> koolhead17: msmtp-mta
[11:42] <koolhead17> nijaba: thanks
[11:43] <nijaba> np
[11:43] <koolhead17> nijaba: BTW looking fwd to meet you on 4th apr :)
[11:44] <nijaba> koolhead17: unfortunately not sure yet if I'll be able to come
[11:44] <koolhead17> ooh. :( ok
[13:37] <hallyn> morning!
[13:40] <stgraber> morning!
[13:41] <hallyn> stgraber: say, is the kernel with the apparmor mounts fix in the archive?
[13:41] <hallyn> i'm goign to push the utmp fix, guess i should look through the (long) bug list and see what else i should squash in there
[13:41] <uksysadmin> hey all
[13:42] <stgraber> hallyn: I'm grabbing jjohansen's fixed apparmor_parser and I'm running a test kernel, if I can get it to work here, we should have it working in the archive later today
[13:42] <hallyn> oh the fix was userspace
[13:44] <stgraber> hallyn: well, jjohansen mentioned a few issues on the kernel side too, so I guess it's a bit of both
[13:45] <stgraber> jjohansen: btw, no need to apologize for work you couldn't do over your weekend ;) thanks for all the help debugging this
[13:45] <uksysadmin> Doing a fresh install of Precise Server Beta 1 always boots into tty7 - first time I didn't realise - thought my box had hung.  Is there a bug filed against this? I can only find this one which seems to be there for a while: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/761830
[13:46] <stgraber> hallyn: so I'm testing http://people.canonical.com/~jj/apparmor_parser + http://people.canonical.com/~jj/linux-image-3.2.0-18-generic_3.2.0-18.29_amd64.deb now
[13:46] <hallyn> stgraber: ok i'm trying to figure out how to stage things.  do you know when that might hit the archive?
[13:48] <stgraber> hallyn: apparmor_parser should hit the archive later today once I confirm it works and jjohansen and jdstrand can prepare a new package
[13:48] <hallyn> ok.  but so the apparmor policy in lxc won't be re-enabled until tomorrow right?
[13:49] <stgraber> hallyn: right, my plan is to upload LXC with the updated apparmor profile as soon as the new apparmor hits the archive, so likely late tonight or tomorrow
[13:50] <stgraber> wow, apparmor works! well, the first rule matched and worked, now I need to write the next ones ;)
[13:54] <hallyn> it's all sugar and spice from here on out
[13:54] <hallyn> stgraber: ok i'm going to push a fix in an hour or 3 for bugs 948623, 951150, and 948481
[13:55] <stgraber> bug 948481
[13:55] <hallyn> trivial one...  just rolling it in
[13:56] <stgraber> ok. While you're touching lxc-start-ephemeral would it be possible to add a "-d" flag to it to start the container in the background?
[13:56] <hallyn> you use lxc-start-ephemeral?
[13:56] <hallyn> sure, will do
[13:57] <hallyn> in that case, if you don't mind, i'll push a staging tree for you to test with?
[13:57] <stgraber> I used lxc-start-ephemeral to do some LXC stress testing yesterday and ended up doing "for i in $(seq 1 2000); do (lxc-start-ephemeral -o template&); sleep 2; done"
[13:57] <hallyn> that's pretty enough... :)
[13:58] <hallyn> now the script hangs around to clean up...  i guess i should just have the script itself fork and exit so the fokred thread cleans up
[14:01] <stgraber> hallyn: yeah, I think it'd be the easiest, longer term I think we should add pre/post scripts to the LXC config
[14:02] <stgraber> so we can have lxc-start run pre/post scripts outside the container and inside the container. OpenVZ has that and I remember using it quite often (though mostly for ugly workarounds ;))
[14:03] <hallyn> yeah - like an initrd
[14:03] <stgraber> right
[14:03] <hallyn> that would hlep the fedora case too
[14:03] <hallyn> if you want to opena  bug on that...
[14:03] <hallyn> or we can just discuss at uds i guess
[14:04] <stgraber> jjohansen: any reason "/** -> /usr/lib/lxc/root/**" wouldn't work? (it doesn't match)
[14:04] <stgraber> hallyn: I can add it to my UDS notes
[14:04] <hallyn> along with the rewrite in go
[14:04] <stgraber> right ;)
[14:07] <smb`> hallyn, While I see you around and before I forget: I had a little improvement for libvirt last week which may be something to feed back upstream (bug 949028). How would that best /simplest be done?
[14:08] <smb`> hm... though that also was uploaded already (to precise)
[14:09] <smb`> bah, forgot the closes... :/
[14:26] <hallyn> gary_poster: hey, are you around?
[14:27] <gary_poster> hey hallyn, yes
[14:28] <hallyn> gary_poster: i'm just looking at the lxc-start-ephemeral patch...
[14:28] <gary_poster> thanks, yes
[14:28] <hallyn> gary_poster: only thing i noticed was that you seem to put the original LXC_BIND entry in the container fstab at the end
[14:28] <hallyn> IIUC, won't that make your other bind mounts be overmounted?
[14:28] <hallyn> oh, wait
[14:29] <gary_poster> I do compare for equality
[14:29] <gary_poster> I don't look for containment
[14:29] <gary_poster> I was taking the tack that if they do an explicit -b, they mean it
[14:29] <hallyn> no, you mount them under $rootfs, so that'll DTRT. sorry :)
[14:29] <gary_poster> :-) cool, np
[14:30] <hallyn> gary_poster: per stgraber's suggestion I'm also going to add a '-d' option, then i will push
[14:35] <gary_poster> cool hallyn, thank you
[14:38] <Xethron> I am looking for a way to dynamically control internet speed based on the amount of internet a user consumed relative to another.
[14:39] <kirkland> smoser: howdy
[14:39] <smoser> hy
[14:39] <kirkland> smoser: do we have 64bit ami's for m1small yet?
[14:40] <smoser> they just work
[14:40] <smoser> amis are all the same. they just changed the hardware
[14:40] <Xethron> For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up"
[14:40] <smoser> er... the [virtual] hardware available to run on
[14:40] <kirkland> smoser: oh?
[14:40] <kirkland> smoser: you didn't have to rebuild the ami's using 64 bit kernels and packages?
[14:41] <smoser> no. we have 32 bit amis and 64 bit amis.
[14:41] <Xethron> Is there something that can control something like that?
[14:41] <smoser> all they did was now allow you to run the 64 bit amis on m1.small size
[14:41] <smoser> previously they would just deny your request to do that.
[14:41] <smoser> the interesting thing this means is that they basically have no more 32 bit only hardware.
[14:42] <smoser> (or they can select filter the availablbe nodes to run a m1.small on to ones that have 64 bit hardware in the hypervisor)
[14:43] <smoser> i guess its more likely that they just have an arch aware scheduler.
[14:50] <lynxman> jamespage: ping
[14:51] <stgraber> jjohansen: [61634.549605] apparmor_parser[16338]: segfault at 8 ip 000000000040fcc5 sp 00007fffef35cd20 error 4 in apparmor_parser[400000+be000]
[14:51] <stgraber> jjohansen: that's when adding pivotroot
[14:54] <stgraber> hallyn: so I guess we'll be running without apparmor for a few more days ;)
[14:57] <hallyn> stgraber: dang.
[14:57] <a_ok> does it matter if I add a mount option in fstab that is not supported?
[14:57] <hallyn> stgraber: well i think i'll whip up a set of apparmor mount rules anyway, and pretend i tested it
[14:59] <stgraber> hallyn: the mount rules for the /usr/bin/lxc-start can be tested but anything after that can't as pivotroot is denied and can't be allowed without apparmor_parser crashing :)
[14:59] <hallyn> stgraber: i wasn't going to restrict mounts for lxc-start itself i don't think
[15:00] <hallyn> maybe i should...
[15:00] <hallyn> i guess i should.
[15:00] <hallyn> no sense allowing mounts with target outside of $rootfs
[15:00] <stgraber> hallyn: also you seem to have the choice between a generic "mount" allowing everything or allowing each of them individually but can't make something like "/** -> /usr/lib/lxc/root/**" as I'd have done for /usr/bin/lxc-start
[15:00] <hallyn> right
[15:01] <stgraber> but that's a bug, the documented syntax allows it
[15:02] <hallyn> oh i misread
[15:02] <hallyn> i'm goign to go based on the docs at the wiki.  and file bugs :)
[15:03] <stgraber> ok :)
[15:03] <hallyn> but first i have some other testing to do.  bbl
[15:04] <stgraber> hallyn: I think "/** -> /usr/lib/lxc/root**" is what we want for usr.bin.lxc, we also want "pivotroot /usr/lib/lxc/root" and then look into the second profile
[15:04] <stgraber> hallyn: the tricky part being nested containers
[15:14] <jamespage> lynxman, pong
[15:28] <hallyn> stgraber: my hope is that nested containers will just DTRT with pathanmes...
[15:28] <hallyn> stgraber: I'm more worried about cgrousp with nested containers.
[15:28] <hallyn> bc i'd like to restrict writing to them
[15:28] <hallyn> stgraber: did i cc: you on the email about that?
[15:35] <stgraber> hallyn: I think you did, at least I remember you mentioning it (basically it'd be great to allow /sys/fs/cgroup/*/lxc/<container name>/** in apparmor)
[15:36] <hallyn> right
[15:36] <hallyn> q is do we want to risk the complicatino of per-container profiles this late in cycle
[15:38] <pabelanger> So I'm getting ready to upload my patches for bug 953093, glance will still use sqlite3 by default.
[15:39] <stgraber> hallyn: I'd usually say it's too risky but on the other end I'm guessing LTS users (me included) will want it and so it'd be easier to fix any bug post-release than to explain how to implement the feature on their own until the next LTS
[15:39] <hallyn> stgraber: do you think this requires FFE?
[15:40] <hallyn> or is it a bug that users can't specify per-container policy?
[15:44] <stgraber> hallyn: I think it'd need a FFe but explaining the current limitation and the problem it'd be for our users
[15:44] <hallyn> ok
[15:45] <hallyn> stgraber: the ugliest part of this is the complication/slowdown at lxc-create, lxc-clone, and lxc-destroy
[15:46] <stgraber> hallyn: yeah, though if only building and loading the new profile it should be fairly quick
[15:46] <stgraber> hallyn: (as long as we don't call a full reload of all the profiles)
[15:46] <hallyn> stgraber: certainly won't be doing that :)
[15:58] <gary_poster> hallyn, we are seeing tempfs be very unhappy now (it has errors trying to whiteout files).  The only thing I know I did in a crazy way is that we are using an overlayfs as an upper for another overlayfs in my patch.  We can switch to just making a new tempfs instead and see if that is less insane
[15:59] <gary_poster> that's what I'm going to try to do in a bit
[15:59] <gary_poster> need to step away for now
[16:20] <bencer> hi huats, jamespage
[16:21] <bencer> we have uploaded new packages of zentyal fixing the issues you raised
[16:21] <huats> bencer: ok great
[16:21] <jamespage> bencer: great!
[16:21] <bencer> when do you think you can have a look at them?
[16:25] <jamespage> bencer, tomorrow realistically
[16:26] <bencer> jamespage: ok cool, i will ping you again tomorrow :)
[16:26] <bencer> let me know if we can do anything else in the meanwhile
[16:27] <pabelanger> Anybody know where the glance debian packaging branch is?  Or which one is master?
[16:27] <pabelanger> Trying to create a merge request
[16:27] <bencer> jamespage: huats could also upload them? do you want to have a look at them again? or can i push him to upload them asap?
[16:28] <pabelanger> I am assuming lp:ubuntu/nova
[16:28] <pabelanger> sorry, lp:ubuntu/glance
[16:28] <jamespage> bencer: we should not upload until a FFe has been granted for these packages - https://wiki.ubuntu.com/FreezeExceptionProcess
[16:28] <hallyn> gary_poster: my understanding is that the rationale/justification for overlayfs's simplicity is precisely that you can overly on top of an overlay
[16:28] <hallyn> gary_poster: so doing what you suggest is good for verifying that that's the problem, but if there's a problem then it's a bug
[16:29] <jamespage> bencer: preparing the information for that in the bug report is something that can happen in between now and review completion
[16:29] <jamespage> I note from the bug report that there is still some debate as to whether these packages should be native or not.
[16:29] <huats> bencer: i cannot upload that since the FFe is needed + the new process
[16:30] <bencer> jamespage: huats should we fill the bug for FFe now?
[16:30] <jamespage> bencer: yes - it can be done in the existing bug report
[16:32] <bencer> jamespage: do we have to do something else than subscribing ubuntu-release team?
[16:33] <jamespage> bencer, yes - the Bug Description needs to be populated with the information detailed in https://wiki.ubuntu.com/FreezeExceptionProcess
[16:34] <hallyn> stgraber: help!
[16:34] <hallyn> stgraber: my attempt to dput lxc failed with -eperm
[16:35] <jamespage> bencer: I think it just needs re-shuffling to line up with the required information to support the release team approval
[16:35] <stgraber> hallyn: again? :)
[16:36] <jamespage> please don't subscribe ubuntu-release until myself/huats has had time to review again; packaged really need to be good-to-go
[16:36] <stgraber> hallyn: should be good now
[16:36] <hallyn> stgraber: i don't *think* i did anything stupid...
[16:36] <hallyn> thanks, retrying
[16:37] <bencer> jamespage: huats ok thanks, i will ping you both tomorrow, going to rewrite the bug description before then, thanks again
[16:37] <jamespage> bencer: no problem
[16:38] <huats> great
[16:45] <pabelanger> Okay, just created my first merge request using launchpad.  I _think_ I did it right
[16:47] <hallyn> stgraber: push worked this time, thanks :)
[16:48] <stgraber> hallyn: np. cjwatson hardcoded the ACL in his script so it shouldn't be dropped anymore ;)
[16:49] <stgraber> hallyn: you merged that one https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/+merge/97021 right?
[16:49] <hallyn> stgraber: yup
[16:49] <hallyn> hopefully the right one (i didn't realize he was going to make more changes)
[16:50] <hallyn> stgraber: and -d works for me :)
[16:50] <stgraber> hallyn: cool. Marking the bug fix released and the branch merged then.
[16:50] <hallyn> lp email told me it was marked fix released
[16:50] <stgraber> bug 951150
[16:50] <stgraber> ^ doesn't agree :)
[16:51] <stgraber> anyway marked fix released manuaally
[16:51] <stgraber> *manually
[16:53] <hallyn> thanks
[16:53] <hallyn> i wonder if the mp was done after the push, and that re-opened the bug
[17:05] <pabelanger> Now, on to adding dbconfig-common support into nova
[17:18] <koolhead17|away> wa00 is nova going to be completely automates ?  /o.0\
[17:37] <gary_poster> hallyn, I have confirmation that overlayfs + upper overlayfs does not allow removal of files; overlayfs + upper tempfs does
[17:38] <gary_poster> it may be that overlayfs requires xattrs but does not implement it?
[17:42] <gary_poster> hallyn, I modified my branch: http://bazaar.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/revision/79
[17:42] <gary_poster> should I make a new MP?
[17:42] <hallyn> gary_poster: yes pls
[17:42] <gary_poster> ack hallyn
[17:42] <hallyn> gary_poster: by overlayfs upper,
[17:42] <hallyn> gary_poster: that means the fs changes will be written to?
[17:42] <hallyn> that seems reasonable to refuse
[17:42] <gary_poster> hallyn, yes
[17:43] <hallyn> so you're working around that?
[17:43] <gary_poster> hallyn, yeah, I just make another tempfs
[17:43] <gary_poster> mount that in ephemeralbind
[17:43] <gary_poster> and it is ok
[17:43] <hallyn> gary_poster: should you create a single tmpfs for all overalys for a container,
[17:43] <hallyn> and create subdirs under that to use as the overlays?
[17:44] <gary_poster> that's what I do hallyn, yeah
[17:44] <hallyn> gary_poster: awesome, thanks :)
[17:44] <gary_poster> cool
[18:17] <gary_poster> hallyn, MP is here: https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150-2/+merge/97077 .  Would you like me to file a separate bug, or do anything else?
[18:18] <hallyn> gary_poster: no thanks, i'll take it from here
[18:18] <gary_poster> cool, thanks hallyn
[18:18]  * gary_poster goes to have a bit of lunch
[18:18] <hallyn> np - ttyl
[18:21] <hallyn> gary_poster: to be sure, you ran this and it cleaned up fine?  (wondering whether i can just push blindly, or should setup an env to test in)
[18:51] <mgw> any suggestions on avoiding clock skew on qemu-kvm guests? Is there a demonstrable reason why ntp shouldn't be used?
[18:55] <gary_poster> hallyn, I tested it quickly and it seemed fine.  I had used a version without the -d changes for my initial tests.  If you haven't already run a couple of tests, I'm happy to
[18:55] <gary_poster> happy to run a few more tests, I mean
[18:57] <hallyn> gary_poster: -d shouldn't affect it, i'll push, thanks
[18:57] <gary_poster> cool thank you
[18:58] <hallyn> thanks you for the patch :
[18:58] <gary_poster> :-) welcome
[19:05] <Xethron> I wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?
[19:27] <axisys> i have to pick disk 8 while booting (ctrl+p and then select disk 8) to boot the OS.. do I need to change the disk order in bios to automate this?
[19:28] <axisys> can I just install the boot loader on every disk instead ?
[19:29] <Evansdny> hello
[19:31] <Evansdny> I just setup my first home server using ubuntu 11.10 server of course coming from kubuntu and ubuntu on most of my machines i feel very mich at home. i am however having a horrible time configuring aliases and sub domains in apache either manually or using webmin's interface. i just cant seems to get the sub domain to come up. i have a top level domain and a static IP address at home through my ISP
[19:33] <Evansdny> any help or direction to some good information sites would be greatly appreciated
[19:35] <axisys> Evansdny: you will have lot better luck in getting support if you pastebin some error from your apache either here or #httpd channel
[19:36] <Evansdny> ok....   well i guess i'm not getting any errors it just goes directly to the top level domain and dousnt even see the sub domain. even though all my config files are correct
[19:38] <Evansdny>  i will try #httpd
[19:38] <Evansdny> thanks
[19:41] <axisys> how do I catch the grub at boot on lucid ? shift is not catching it
[19:42] <axisys> is it esc+shift?
[19:44] <axisys> esc worked
[20:08] <axisys> this x4270 fails to boot all the way http://paste.ubuntu.com/880895/
[20:08] <axisys> what gives?
[20:10] <_KaszpiR_> GPT: Use GNU Parted to correct GPT errors.
[20:14] <axisys> hmm.. in recovery mode it boots all the way
[20:14] <axisys> _KaszpiR_: so boot in that mode and try to fix it, may be?
[20:15] <axisys> not sure what is the fix
[20:15] <axisys> GPT:585937498 != 585937499 <-- so change the block size or something?
[20:18] <axisys> sdi and sdj are part of md and boot disk
[20:18] <axisys> no GPT error for those two
[20:30] <axisys> recovery mode works perfect.. it is really single user mode .. and I enabled ssh and ssh in it.. all lvm+md looks good and installed new pkg.. works perfectr
[20:30] <axisys> perfect*
[20:54] <axisys> http://paste.ubuntu.com/880960/ <-- boots perfect in dmesg
[22:17] <akgraner> mmm, thought you'd like to see the table of contents for Issue 12 of Ubuntu User Magazine  - http://www.ubuntu-user.com/Magazine/Archive/2012/12
[22:52] <HaltingState> hey; is ssh enabled/running by default on ubuntu server?
[22:53] <HaltingState> if i install from iso and hook up to network can I ssh in or do i have to do something else also
[22:54] <pabelanger> HaltingState: when you install openssh-server it is
[22:54] <pabelanger> you will be prompted during the installation process to add it
[23:26] <Xethron> I wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?