/srv/irclogs.ubuntu.com/2012/05/23/#ubuntu-server.txt

helpme472	how I can set sftp on my proftpd without shell access	00:00
billybigrigger	helpme472 just disable a shell for that user	00:02
billybigrigger	http://www.cyberciti.biz/tips/linux-prevent-normal-users-from-logging-into-system.html	00:03
billybigrigger	set the shell from /bin/bash to /sbin/nologin	00:03
billybigrigger	errr nbm	00:03
billybigrigger	its /bin/false i think in ubuntu	00:04
billybigrigger	ya there it is...	00:04
billybigrigger	helpme472 sudo usermod -s /bin/false USERNAME	00:04
billybigrigger	any network gurus around to help with a dnsmasq server problem?	00:08
billybigrigger	http://pastebin.ca/2152499	00:08
helpme472	what is your probleme	00:09
billybigrigger	im trying to connect to my vpn server...but seems there's a problem with 12.04 and dnsmasq	00:09
billybigrigger	dnsmasq:	00:10
billybigrigger	Installed: 2.59-4 Candidate: 2.59-4	00:10
Mischinka	How do I set all files permissions recursively? and how do i set all folders recursively?	00:11
billybigrigger	chmod -R xxxx /xxxx/	00:12
Mischinka	chmod -R 0755 /directory/ ?	00:13
billybigrigger	xxxx = permisions /xxxx/ = folder ot apply to	00:13
billybigrigger	yeah	00:13
Mischinka	how do i do all files recursively?	00:13
billybigrigger	-$	00:13
billybigrigger	-R	00:13
mischaghost	wow bluescreen of death	00:17
mischaghost	so: chmod -$ -R 0655 /directory/ that will change all the files?	00:20
billybigrigger	oops	00:24
billybigrigger	-R only	00:24
billybigrigger	remove the -$ that was my type	00:24
billybigrigger	typo...ffs :P	00:24
mischaghost	What about only files and not folders?	00:25
nathwill	find /path/ -type f -exec chmod -655 {} \;	00:26
nathwill	er	00:27
nathwill	0655	00:27
nathwill	find /path/ -type f -exec chmod 0655 {} \;	00:27
e2b04836	find . -type f -exec chmod 0655 {} +	00:27
mischaghost	find . -type f -exec chmod 0655 {} + && find . -type d -exec chmod 0755 {} +	00:30
mischaghost	does that look right?	00:30
nathwill	no	00:30
nathwill	what is this + business?	00:31
nathwill	never seen it... it seemed to work.. i may be wrong about that	00:32
=== mischaghost is now known as Mischinka
three18ti	what do you think of configserver firewall?	00:40
=== Kiall_ is now known as Kiall
mgw	anybody have scripts for grabbing ssh keys from ldap?	01:41
twb	mgw: ssh-import-id can pull it from HTTP	01:44
twb	mgw: monkeysphere can pull it from a GPG keyserver	01:45
twb	mgw: don't know of anything for LDAP	01:45
mgw	twb: thanks	01:49
mattwj2002	hi guys	02:32
mattwj2002	how do you make a private cloud system?	02:33
=== dendrobates is now known as dendro-afk
KingKatari	i am running ubuntu 11.10 server, How do i fix a task leak as it is causing tasks that are <defunct>	02:56
twb	Fix the parent process's child handling	03:06
twb	https://en.wikipedia.org/wiki/Zombie_process	03:06
KingKatari	oh god i have no clue where that call needs to go in this app since it is written in python3	03:20
arooni-mobile	hi folks; recently upgraded from 11.10 to 12.04; here is my sources.list: http://paste.ubuntu.com/1002316/ ... but now when i try to move over apt selectoins from one box to another i'm stuck: https://gist.github.com/2773094 ... ideas?	03:23
twb	KingKatari: file a bug report	03:24
twb	KingKatari: or talk to #python about it, I guess	03:25
arooni-mobile	can anyone help me with my package dependency	03:25
twb	arooni-mobile: why are you doing dselect-upgrade ?	03:25
arooni-mobile	twb trying to move dpkg selections from one box to another	03:25
twb	dselect is only for people so old, they tuck their beards between their legs	03:26
arooni-mobile	what would you recommend	03:26
twb	What does "aptitude install" have to say?	03:26
arooni-mobile	somehwat related q; should backporgts all be disabled	03:27
twb	Do not enable backports unless you know what you're doing and you definitely want them	03:28
arooni-mobile	thats what i thought	03:29
arooni-mobile	ubuntu upgrade process enables by default	03:29
twb	http://paste.debian.net/170709/ is about what it should look like (modulo release name)	03:30
twb	I am surprised that do-release-upgrade enables is by default.	03:31
twb	I am surprised that do-release-upgrade enables it by default.	03:31
arooni-mobile	http://paste.ubuntu.com/1002318/	03:31
arooni-mobile	thats what aptitude thinks	03:31
arooni-mobile	does that sound good?	03:31
arooni-mobile	twb, i was suprised too	03:31
twb	Well first ignore all the :i386 sections because they're biarch crap	03:32
arooni-mobile	yeah i think i may be moving from a 32 bit to a 64 bit system	03:33
twb	Hmm, are you migrating from i386 to amd64?	03:33
twb	Ah, OK, that's probably the root cause of all this	03:33
arooni-mobile	bad job david	03:33
twb	WHat I would do is instead of using --set-selections, be a bit lazy	03:33
twb	aptitude -F %p --disable-columns search '!~M~i'	03:33
twb	arooni-mobile: ^ that will emit a list of packages you actually asked for, not including the version numbers	03:34
arooni-mobile	ah goodies	03:34
twb	arooni-mobile: then try apt-get installing those packages only, on the new box	03:34
twb	Beforehand, on the new box, you might want to do something like "aptitude keep ~T" (IIRC) to say "forget about all those changes I asked for before"	03:34
arooni-mobile	ok so once i have the new selections redirected to a text file; what would you use to run the install?	03:35
arooni-mobile	as dselect is apparently a silly tool ;p	03:35
twb	aptitude install foo bar baz quux	03:35
twb	i.e. just pass those package names on the command line	03:36
arooni-mobile	but if i try to pipe the text file into it like: aptitude install < versionless-selections ... nothing really happens	03:36
arooni-mobile	i admit i'm a bit of a command line noob	03:36
twb	Yes; don't do that	03:41
twb	Try aptitude install `cat list-of-packages.txt`	03:41
arooni-mobile	that doesnt seem to install	03:43
twb	Then I give up	03:44
twb	pastebin the output of your 13:33 <twb> aptitude -F %p --disable-columns search '!~M~i'	03:44
arooni-mobile	http://paste.ubuntu.com/1002325/	03:47
yaboo	hi all, followed the firewall/router ubuntu how to, how does one forward ports to another machine within my internal network?	03:47
twb	arooni-mobile: perhaps all those packages are already installed?	03:50
arooni-mobile	yeah i think youre actually right	03:50
arooni-mobile	while iw as waiting for your comand i wrote a bash program	03:50
arooni-mobile	that i think did the trick	03:50
yaboo	have a issue with ufw, I have opened up ports 53 domain, but it seems my dns cannot talk to the outside world.	04:50
yaboo	what else do I need to do.	04:50
twb	yaboo: pastebin output of "iptables-save -c"	04:54
redactd	hi has anyone had problems with courier-imap-ssl not working since 12.04? I am getting error SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate in mail.log. imap works fine unsecure.	04:55
twb	redactd: I use dovecot; the Ubuntu Server Guide also recommends dovecot AFAIK.	04:56
redactd	twb, much more of a learning curve than courier?	04:57
twb	But it sounds like a simple case of it not finding your certs. Do you have a custom cert hierarchy, or what?	04:57
yaboo	twb http://pastebin.com/6Sw1gheH	04:57
twb	I have never used courier. Dovecot is not hard IME, but I have not done very much complex with it -- most of the cleverness, I do in postfix.	04:57
redactd	twb, i use custom certs which are generated and installed with courier on install	04:58
twb	redactd: on install of the courier .deb ?	04:58
redactd	twb, yep	04:58
twb	I mean, does the .deb do them and you just use what it provides, or are you doing something on top of what the .deb provides	04:58
redactd	.deb does it.	04:59
twb	OK so they are probably snakeoil certs or something	04:59
twb	I would be looking into that, and likewise the client side if you're using client-side certs, also see if your old courier was using gnutls and the new one is using openssl, or vice-versa	05:00
twb	e.g. slapd+gnutls has problems (I make no assertion as to whether that's openldap's fault, or gnutls's fault)	05:01
redactd	it uses openssl afaik. setup with pam (only basic mail server) - just reinstalled and noticed interesting error	05:01
twb	Obviously you can also try usual things like turning the debugging up	05:02
redactd	it is a cert error - the imapd.pem no such file or dir :S	05:03
redactd	errors while installing .deb didn't notice it before now	05:04
redactd	prob unrelated though. will just give dovecot a go instead i think	05:05
redactd	twb, out of curiosity how would i turn debugging up on a service like that? do you have a link or something similar? or just google it?	05:07
twb	redactd: depends on the daemon, read the manpages and so on	05:08
redactd	rgr will do ty	05:08
twb	no rgr here...	05:08
yaboo	two did you look at my pastebin	05:21
twb	yaboo: I got distracted.	05:22
yaboo	ok	05:22
twb	Your firewall is bizarro, it should be using conntrack (or state) in FORWARD. IIRC ufw should do that by default...	05:23
twb	yaboo: it looks like /etc/ufw/before.rules didn't get loaded	05:25
twb	yaboo: what release of Ubuntu does lsb_release -a say you're running?	05:25
yaboo	two when I start "ufw enable" I get the error failed to start ufw-init?	05:25
yaboo	12.04	05:25
twb	yaboo: it's "twb"	05:26
yaboo	twb apologies	05:26
twb	yaboo: to be honest, I think you should turn ufw off, then purge and reinstall it, and punch in your ufw rules again	05:28
twb	yaboo: if that still has problems, suggest you drop ufw and just learn to do it by hand, in #netfilter	05:28
yaboo	two ok can be done tonight then	05:29
yaboo	twb to do it by hand where would Iput the rules, and more worried, I do not know enough about iptables to get me through	05:29
twb	Right; you will have to learn	05:30
twb	For basic needs like you have, it is not too hard	05:31
yaboo	two right I do, but no idea to start where	05:31
yaboo	twb last time I followed something I found on google	05:31
KingKatari	what could be causing Connection timeouts / socket hang-ups	05:31
yaboo	two if your around later will try	05:31
yaboo	twb	05:31
yaboo	auto correction	05:32
twb	KingKatari: insufficient data	05:32
KingKatari	i am running Ubuntu Server 11.10 and i get a high amount of connections from a ipaddress on a very specific port for a service i run on that port, well after 10 to 30 seconds i start getting abunch of connection timeouts and or socket hang-ups	05:35
KingKatari	would somaxconn have something to do with that?	05:37
rbasak	KingKatari: sounds like your service can't keep up	05:40
KingKatari	no the service is actully waiting for for connections when this is happing	05:40
nil8	Yo	05:44
Syria_	Hi, i have a VPS server running under Ubuntu Server 10.04 LTS, Please help me with installing vpn service on it because I want add an account in order to use it on my Ipad.	06:16
RoyK	hm... i have, for various reasons, installed Bacula from source. What's the easy way to blacklist the bacula\* packages?	06:58
syria	Hi, Can I use openvpn on my ubuntu server? so I can connect to it using my ipad? please...	06:59
_ruben	syria: yes (assuming ipads support openvpn)	07:01
twb	iphones speak l2tp/ipsec, cisco ipsec, and pptp	07:01
syria	_ruben: My VPS is running under ubuntu server 10.04 LTS, How can I configure it to accept VPN connections please?	07:02
twb	syria: you need to ask ##macosx or something about ios, we don't support it.	07:02
bioman	Hello	07:02
twb	"In 1996 Frederik Schodt characterized the typical reader as a twenty-eight-year-old systems engineer who works at a finance company, eats at ramen noodle shops and is seriously considering using a matchmaking service." --- haha	07:03
syria	twb: I want to configure my ubuntu server to become a VPN server, So I can connect to it later using my ipad or anything else that supports vpn.	07:03
twb	Oops, wrong channel.	07:03
syria	Where should I go? :(	07:03
twb	syria: oh. I assumed you already had that working, because you were asking about openvpn.	07:04
bioman	Want to change drbl stable to drbl testing. I've change in /etc/apt/sources.list to testing, done a aptitude update, a aptitude upgrade but no drbl testing. So aptitude install drbl but it says I have the latest version :/ What's wrong please ? (ubuntu server 11.10)	07:04
syria	twb: Nope, I have no idea where to start from.	07:04
rcsheets	RoyK: might this work? http://askubuntu.com/a/76075	07:05
twb	syria: well first you work out what devices you are required to support, then you pick the least shit technology that they all support.	07:05
twb	syria: since that will be PPTP, you will need a bottle of vodka at this point	07:05
syria	twb: o.0	07:05
syria	I want it to support my Ipad. I am at work now vodka is not allowed :P	07:06
yaboo	two syria, I got pptp working in like 20 minutes and love it, for my iOS devices	07:31
twb	yaboo: pptp is completely insecure	07:34
twb	That is why, if you deploy it, you will need to drown your sorrows in strong liquor	07:34
yaboo	twb yes I understand, but what else do you recomend for iOS devices	07:35
twb	https://en.wikipedia.org/wiki/PPTP#Security_of_the_PPTP_protocol	07:35
twb	yaboo: lt2p/ipsec	07:35
yaboo	two tried that and I needed strong liquor just reading about it.	07:35
twb	Granted.	07:36
twb	Security is always at odds with convenience	07:36
yaboo	twb you are correct	07:37
SpamapS	I dunno if I'd agree that security always is at odds with convenience.	07:52
SpamapS	Active security usually is, but sometimes passive efforts can increase security without compromising convenience. Such as intrusion detection systems which simply report..	07:53
twb	SpamapS: if they just report and no human acts on them, they aren't much of a security layer	07:55
_ruben	how does reporting increase security, by itself	07:55
twb	And they inhibit convenience in that the system is infinitesimally slower to respond :-)	07:55
SpamapS	twb: I think there are 3 dimensions. Convenience, Risk, and Cost.	07:56
yaboo	want to setup free version of splunk and munin	07:56
twb	If you keep going, I might suspect you're trying to add some factual accuracy into my aphorism	07:56
SpamapS	twb: the traditional 2 dimensional scale implies a "state" of "secure" .. but really, you need a process.. and that process has to figure in cost.	07:56
SpamapS	twb: no, just trying to spark a discussion that will bore me to sleep :)	07:57
_ruben	hehe	07:58
SpamapS	_ruben: if the IDS is worth anything, it will know when risk has increased, and just tell you, or even take action to reduce it. Cost would be high, but convenience (system performance and admin involvement) stay the same.	07:58
SpamapS	also inline lossy ethernet taps do not slow down ethernet	07:59
twb	"Having a D-Bus interface means that applications wanting to print automatically get to use printerd asynchronously."	07:59
twb	...uh, because talking to localhost:631 was synchronous?	07:59
SpamapS	twb: those who do not understand unix are doomed to repeat it.	07:59
twb	SpamapS: unfortunately, those people are building the entire goddamn desktop	07:59
twb	Especially lennart	08:00
twb	>rage<	08:00
SpamapS	but its SHINY	08:00
SpamapS	-->> shiny	08:00
SpamapS	see it, over there	08:00
twb	I want so badly to beat some sense into them	08:00
SpamapS	twb: no, its important that pid1 implement everything that Linus has said no to putting in the kernel.	08:00
twb	That way we will reduce the number of pids on the system, to 1 + chrome	08:01
twb	Which is important, I guess, because pids are scarce?	08:01
SpamapS	as scarce as pinheads	08:01
SpamapS	twb: its not pid scarcity.. its just that all those pids clutter up top.	08:02
twb	oh noes!	08:02
SpamapS	who needs crond, and dbus, and udev? You can just let your whole system go down in one fiery ball!	08:02
twb	Anyway my top is alreayd unusably full with jbd/1 through 32	08:02
twb	Seriously, I had to stop using top and learn to use ps because of all the per-core kernel threads	08:03
SpamapS	twb: IIRC htop has a "hide kernel threads" option buried somewhere in there	08:03
SpamapS	"K"	08:03
twb	htop is stupid tho	08:03
twb	I KNOW its stupid because even my manager recommends it	08:04
twb	...that and it's not part of ubuntu-minimal, so I'd have to explicitly ask for it.	08:04
SpamapS	having a top w/ tree support is pretty nice	08:04
twb	SpamapS: I just ps uxf	08:04
SpamapS	twb: so do I	08:04
twb	watch ps uxf -- there now you have htop thread	08:04
SpamapS	but when I want to leave one thing running to see what my latest insanity has done to break the system, watch ps auxfw isn't usually informative enough	08:05
twb	Seriously, what is the advantage of top over watch + ps?	08:05
twb	AFAICT it's basically just that you can use arrow keys instead of ps arguments	08:05
SpamapS	twb: you'd need watch 'sh -c "free -m ; uname -a ; ps auxw" ..	08:06
SpamapS	twb: and then to change even the slightest thing (sort.. etc) you'd have to ctrl-c.. change it.. start it back up	08:06
twb	I turn that stuff off anyway because it means you only see about 10 line of processes	08:06
twb	At least on an 80x25	08:06
SpamapS	what, you only use 80x25 terminals?	08:06
SpamapS	You do realize 23" LCD's are < $150.. :right?	08:07
twb	SpamapS: you think if I let KMS try to negotiate with a crappy KVM, while not switched to that KVM at boot, it will work?	08:07
twb	Actually it doesn't work even when I blacklist modesetting and vga16fb, on lucid boxes, to my great annoyance. I haven't quite cared enough to isolate it.	08:07
SpamapS	twb: remote KVM should be something you only need in dire situations	08:07
twb	SpamapS: by KVM I mean the thing that slides out of the rack that has a LCD and a keyboard, and a bunch of VGA/USB cables hanging out the back	08:08
twb	Not some horrible IPMI thing that needs a java client to access the RFB stream, nor a riced-up qemu	08:09
SpamapS	twb: right, so thats like, what, something you have up for extreme situations	08:09
SpamapS	I don't think I'd use top on that either ;)	08:10
twb	OK, granted, when things are working well I can ssh in from my netbook, but I'm a sysadmin -- if things are working I am back in the batcave waiting for the batsignal	08:10
SpamapS	twb: I always viewed going to the server console as an admission of failure :-P	08:11
twb	Well, yes	08:11
SpamapS	twb: for me, I just racked them, got them onto the network with ILO and PXE enabled, and never saw them again.	08:11
twb	If I have suceeded, I will be paid to sit here reading a book until I die	08:12
SpamapS	that was when I had actual servers	08:12
twb	I hate ILO, it's such a pain in the arse	08:12
SpamapS	Yeah I never liked it much	08:12
twb	It's RFB under the hood but they wrap it in all this java shit	08:12
SpamapS	but it worked better than most IPMI things	08:12
SpamapS	and certainly simpler to use than DRAC	08:13
twb	An I mean I'm on an ARM netbook with 1GB RAM and about 6GB of nonvolatile storage	08:13
twb	As if java is going to even work	08:13
SpamapS	wtf.. ?	08:13
SpamapS	time to get an ultrabook	08:13
twb	SpamapS: x86 has lame battery life	08:13
SpamapS	yeah, 5.5 hours seems pretty lame for something that weighs the same as an ipad	08:14
twb	I get 14h on my 1kg netbook, it was 16h when I bought it	08:14
twb	Anyway, rather than IPMI/ILO/DRAC what I'd really like is for the BIOS to just make itself usable over the serial port	08:14
SpamapS	twb: but then you have to put serial cables in all your boxes	08:15
twb	Since it's ultimately just an 80x25 screen anyway, and pushing it through RFB (let alone java) is just inexcusable blnoat	08:15
SpamapS	even if you have a nice USB way to do it	08:15
twb	SpamapS: what, you run ILO over the same cat5 as its normal IP?	08:15
SpamapS	no, but network is ubiquitous	08:16
twb	SpamapS: that means you're trusting that network	08:16
twb	SpamapS: yeah well, serial to 8p8c is not that hard	08:16
SpamapS	I actually used red for ilo, and blue for regular network. yellow was DMZ	08:16
twb	Definitely better than VGA which you'd need in an emergency	08:16
SpamapS	twb: never had issues w/ ILO.. but meh.. I've achieved my stated goal of boring myself to sleep	08:17
twb	Bear in mind I haven't actually had a chance to make this work, so I am still operating in fantasy land where it will actually be implemented sanely	08:17
twb	SpamapS: that will be $5 or two beers	08:17
twb	:-)	08:17
Sander^work	Do anyone know why I got dropped into a grub shell after upgrading from 10.04 to 12.04? I think I didn't upgrade grub.	09:10
Sander^work	What do I need to do, to upgrade grub, so it will boot again?	09:11
lynxman	morning o/	09:17
twb	Sander^work: does it give an error?	09:18
Sander^work	twb: no, just a grub shell.	09:18
=== matthiasstreulen is now known as streulma
=== Ng_ is now known as Ng
eagles0513875	hey guys	10:52
streulma	hello	11:21
Syria	Hello!	11:26
Syria	Who konws what is this used for? ssh -D "port" "user@address"	11:26
Daviey	Syria: local socks proxy over ssh	11:26
Daviey	man ssh , should provide more info.	11:27
Syria	Daviey: Yes, When I use that command in my terminal I go to firefox browser and use this socks proxy 127.0.0.1 and the port number.	11:27
Daviey	right	11:28
Daviey	So what is the question?	11:28
Syria	Daviey: This helps me to bypass some blocked sites by my ISP.	11:28
Daviey	right, but what is your question? :)	11:28
Syria	Daviey: Can I broadcast this connection to my Ipad via a wireless ad-hoc?	11:28
Daviey	technically you can.. but why not just set up a VPN?	11:29
Syria	Daviey: It was hard for so i have decided to search for an easeir way. :(	11:29
Syria	Daviey: Because Ipad supports l2pt, pptp and Ipsec VPN.	11:30
Syria	Daviey: Can you help me with this please?	11:31
Daviey	Syria: ssh -D 0.0.0.0:4000 user@adress	11:40
Daviey	then set socks as the ip address of your machine, port 4000. Note, it's not authenticated. so, anyone on the network can use your proxy.	11:41
Syria	Sorry Lost my connection. :(	11:46
Syria	DavidLevin: After ssh -D 127.0.0.1:4000 user@address ..... could you please tell me again what should I do to use this tunnel on my ipad as well?	11:48
Daviey	12:40 < Daviey> Syria: ssh -D 0.0.0.0:4000 user@adress	11:48
Daviey	12:41 < Daviey> then set socks as the ip address of your machine, port 4000. Note, it's not authenticated. so, anyone on the network can use your proxy.	11:48
Daviey	not 12.0.0.1	11:49
Syria	Daviey: Thank you for your help and sorry because I ask too much... But should I set the socks as the ip address of the ipad or the laptop??	11:49
Daviey	Syria: on your laptop, use the command as above.. on your ipad; set the socks proxy as the ip address of your laptop and port 4000.	11:50
Syria	Daviey: What if I don't have ssh on my Ipad? I bought a new one and I am being completly unable to install any program because I live in a blocked country by apple store.	11:51
Syria	Daviey: That is why I want to broadcast this connection via ad-hoc wireless.	11:52
Daviey	Syria: i'm not convinced you are listening :)	11:53
Daviey	Syria: ipad will not know it's using ssh, it will know it's using a socks proxy only (via your laptop).. i assume ipad can support socks, that is	11:54
Syria	reading again	11:54
streulma	Ipad can I think	11:59
ikonia	I don't think itunes supports socks proxy, just http	12:03
ikonia	(or the app store)	12:03
Syria	DavidLevin: ssh -D 127.0.0.1:1236 user@address....... is this correct?	12:06
Syria	Daviey: ssh -D 127.0.0.1:1236 user@address....... is this correct?	12:07
Syria	sorry!	12:07
Daviey	No!	12:07
Daviey	12:48 < Daviey> 12:40 < Daviey> Syria: ssh -D 0.0.0.0:4000 user@adress	12:08
Daviey	12:48 < Daviey> 12:41 < Daviey> then set socks as the ip address of your machine, port 4000. Note, it's not authenticated. so, anyone on the network can use your proxy.	12:08
Daviey	12:49 < Daviey> not 12.0.0.1	12:08
Syria	sorry!	12:08
Syria	ssh -D myipaddress:4000 user@address	12:08
Daviey	NO NO NO	12:10
Daviey	Syria: 0.0.0.0 (although your ip address will also work)	12:11
matti	Daviey: :)	12:15
KristianDK	Do you guys know if LXC 0.8 will be released in precise anytime soon? Or this there a PPA for it? Couldnt find one	12:17
hallyn	KristianDK: precise is LTS and released. We won't be upping versions. 0.8 is not actually released upstream (it's at 0.8.0-rc2)	12:23
hallyn	KristianDK: but the version in precise has just about all the patches that are upstream	12:23
KristianDK	hallyn, except the one I have troubles with of course :D More specifically this one: https://bugs.launchpad.net/ubuntu/precise/+source/lxc/+bug/994752 - will this also be patched on the precise package?	12:24
uvirtbot	Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed]	12:24
hallyn	KristianDK: yes it will be	12:25
KristianDK	hallyn, ah ok - thats all I need. Do you by any chance know if this is in the works, and if I could possibly help in any way if its not?	12:26
hallyn	it may already be sitting in unapproved precise-proposed queue, but if not then stgraber will be pushing it soon	12:26
hallyn	It's definately in the works. Once te fix is in precise-proposed, you can absolutely help by testing to push it into -updates as quickly as possible :)	12:26
hallyn	If you subscribe yourself to the bug (if you're not already) you'll get an email when the proposed package is ready	12:27
KristianDK	Yeah, already subscribed - didn't know it worked like that. I'm still not that good with launchpad, thanks for you help :-)	12:28
hallyn	KristianDK: excellent (if you want all the gory details, read https://wiki.ubuntu.com/StableReleaseUpdates, but otherwise, thanks for your help)	12:29
KristianDK	Ah great, I'll take a look - might avoid future questions from my side	12:30
hallyn	jdstrand: I've posted a proposed debdiff on bug 1001625 for detecting pc-0.12 (which would also affect your wmvga bug, but I didn't mark it as such... in part bc i couldn't quickly find it :)	12:36
uvirtbot	Launchpad bug 1001625 in qemu-kvm "Guest clock stops after live migration on Ubuntu 12.04 hosts" [Medium,Confirmed] https://launchpad.net/bugs/1001625	12:36
jdstrand	hallyn: hehe-- I am not the author of debian/libvirt-migrate-qemu-machinetype :)	12:42
jdstrand	you could do a 'based on' if you really wanted...	12:43
hallyn	jdstrand: I thought I did do 'based on'. all right all right, was hoping to stay anonymous wrt this :)	12:46
jdstrand	:)	12:46
hallyn	zul: could you take a look at bug 996840 ? It looks like actually a nova bug in its use of libvirt.	12:46
uvirtbot	Launchpad bug 996840 in libvirt "Libvirt error when trying to mount ISCSI volumes" [Medium,Confirmed] https://launchpad.net/bugs/996840	12:46
zul	hallyn: yep	12:47
jdstrand	I don't blame you. that script was tricky to get right. I was running it in postinst so it was moderately important to not hang :P	12:47
hallyn	zul: thanks!	12:47
hallyn	jdstrand: yeah it should be less scary this time at least for that reason :)	12:47
* jdstrand nods		12:47
jdstrand	hallyn: then man page references libvirt\-migrate\-qemu\-disks	12:48
hallyn	gah thought i'd gotten all of those	12:49
jdstrand	the sentence that references that should also be adjusted	12:49
lunaphyte_	hi. i was asking here the the other day regarding a "warning: failed to read mirror file" message when upgrading from 11.10 to 12.04 using do release upgrade.	12:49
hallyn	(collecting these comments, thanks)	12:50
jdstrand	hallyn: since you are fiddling with it, there is non-uniform whitespace in migrate_vm()	12:50
lunaphyte_	digging a bit further with strace, it appears that the file it's looking for is /tmp/update-manager-AkiIxq/Ubuntu.mirrors:	12:50
jdstrand	(oldformat/newformat)	12:50
lunaphyte_	open("/tmp/update-manager-AkiIxq/Ubuntu.mirrors", O_RDONLY) = -1 ENOENT (No such file or directory)	12:50
lunaphyte_	how can i figure out where this file is supposed to come from, and why it's not being created?	12:51
ogra_	why would you care its just a warning (and likely the file is created at some point during the process)	12:51
lunaphyte_	a warning means something isn't happening the way someone was expecting it to, right? why wouldn't i care?	12:52
lunaphyte_	anyway, the question isn't so much whether or not i should care, but rather how i can figure out what is happening.	12:52
jdstrand	hallyn: fyi, README.Debian has 'may in face'	12:58
pmatulis_	lunaphyte_: so the upgrade failed then?	12:59
lunaphyte_	pmatulis_: no, actually, the upgrade appears to complete successfully [as best as i can see so far on another computer with the same problem]	13:00
jdstrand	hallyn: other than those minor things, seems good to me	13:03
hallyn	jdstrand: and I'm not over-reacting with the pc-0.12 thing right? :)	13:12
jdstrand	heh-- well, it seems to be causing a problem, so I don't think so. you may want to coordinate with skaet to make sure it is noticable in the 12.04.1 release notes	13:13
jsmith-argotec	Samba question - I use a user map script to map ldap cn value to uid. Script runs fine and has worked fine on older version of samba	13:46
=== andreas__ is now known as ahasenack
glebaron	Can anyone tell me the recommended way to install java on ubuntu server these days. The landscape seems fragmented and I don't know what is best.	13:47
jsmith-argotec	however now on 12.04 I'm getting this message in the samba logs and not sure where to start to figure it out...	13:48
jsmith-argotec	sh: 1: /etc/samba/ldapmapuser.sh: Permission denied	13:48
jsmith-argotec	permissions are : -rwxrwx--- 1 root admin 182 May 23 09:34 /etc/samba/ldapmapuser.sh*	13:49
jsmith-argotec	doesn't need execute other does it?	13:49
pmatulis_	jsmith-argotec: so... what user is invoking that script?	13:49
jsmith-argotec	umm I thought samba would be invoking the script...	13:50
rbasak	glebaron: I would assume that the default-jre-headless package will give you a sensible default. I don't understand the java landscape very well either though.	13:50
jsmith-argotec	pmatulis_: though I just checked and permissions on that script on the older samba server and it was -rw-r-xr-x	13:50
jamespage	rbasak, glebaron: default-jre-headless will give you the supported version of Java for a given release of Ubuntu	13:51
jsmith-argotec	pmatulis_: it is listed in the samba config as the user mapping script so I thought the samba process invoked it	13:52
jsmith-argotec	pmatulis_: username map script = /etc/samba/ldapmapuser.sh	13:52
bt	I am wondering if someone could answer some questions on networking issues...	13:56
glebaron	jamespage, do you know what the currently supported version is?	13:57
pmatulis_	jsmith-argotec: ok... and what user is smbd run as?	13:58
jamespage	glebaron, which release of ubuntu? 12.04 is openjdk-6 (Java 6)	13:58
glebaron	jamespage, yes, 12.04.	13:58
bt	I basically cannot figure out how to configure my physical networking adapters... i have tried using/modifying /etc/network.interface, but it always fails to bring up the second adapter	13:58
pmatulis_	bt: i recommend reading the ubuntu server guide. help.ubuntu.com	13:59
KristianDK	Is there an easy way to apply a proposed fix to a running installation? e.g. bug 994752	13:59
jamespage	glebaron, 12.04 also has openjdk-7 in universe - but openjdk-6 is default	13:59
uvirtbot	Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752	13:59
jsmith-argotec	pmatulis_: root	14:00
jsmith-argotec	pmatulis_: which is why I don't understand the permissions error	14:00
pmatulis_	SpamapS: do you really think this is Critical? bug #872824	14:01
uvirtbot	Launchpad bug 872824 in network-manager-strongswan "Network-manager locks up when adding strongSwan VPN connection" [Critical,Triaged] https://launchpad.net/bugs/872824	14:01
bt	i have looked through the networking portion, but it still fails..	14:01
pmatulis_	bt: you should by now know that the file is /etc/network/interfaces	14:02
bt	yes.. that was the file i was working with	14:02
pmatulis_	jsmith-argotec: try to run the script manually	14:02
pmatulis_	bt: maybe pastebin it, someone may take a look	14:03
a_ok	What do I have to do to use liboauth-php?	14:06
bt	http://pastebin.com/LNxrJuq4 ---- the response i get from running /etc/init.d/networking restart	14:07
bt	is file exists	14:08
jsmith-argotec	pmatulis_: works fine manually as root and as a admin group member	14:08
jsmith-argotec	pmatulis_: I added all execute to the script permissions and now the error has changed to	14:12
bt	the above pastebin is my interfaces file	14:12
jsmith-argotec	pmatulis_: /bin/bash: /etc/samba/ldapmapuser.sh: Permission denied	14:12
jsmith-argotec	pmatulis_: I added read as well and now it's working... no idea why it needs all read/execute but that's what works so we'll go with it	14:14
jsmith-argotec	pmatulis_: thanks for the help!	14:15
glebaron	jamespage, rbasak, thanks for the info.	14:17
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
SpamapS	pmatulis_: yes, its critical. The whole box loses control of its network because this software is completely broken.	15:51
SpamapS	pmatulis_: the only workaround is to not use this software. That seems like a reason to either fix it, or drop it.	15:51
=== Tunn3l is now known as Tunn3l\|dinner
jcastro	adam_g: zul: you guys are in ~charmers, we're going to start to schedule review time for charms like we do the sponsorship queue, if you guys want in I can leave you in the group	16:48
jcastro	if you don't, then I can just remove you guys	16:48
zul	jcastro: remove me i dont have time :(	16:49
=== Lcawte\|Away is now known as Lcawte
hallyn	soren: hey, regarding the libvirt failure with multiple parallel virsh starts (as shown by http://people.canonical.com/~serge/breaklibvirt.sh), it doesn't appear to be any sort of timeout issue	17:04
hallyn	Here are the relevant logs fwiw: http://paste.ubuntu.com/1003284/	17:05
hallyn	Tweaking /etc/libvirt/hooks/qemu to only sleep at the 'begin start' still does it, and for that matter so does removing the sleep so all there is is '#!/bin/bashn exit 0' :)	17:06
hallyn	looks like i need to look more closely at virCommandHandshakeWait:2369 : Unable to wait for child process: Bad file descriptor for the real issue	17:07
hallyn	hm, maybe it's as simple as a sleep after virCommandRequireHandshake()	17:17
hallyn	nah that makes no sense	17:17
adam_g	jcastro: how much time are we talkin?	17:21
jcastro	4h a month	17:22
adam_g	jcastro: cool, let me know how/where things get scheduled	17:23
ahasenack	hi, anybody from maas around here?	17:34
ahasenack	I changed the IP address and updated all config files I could find, also ran cobbler sync	17:34
ahasenack	but the json profiles under /var/lib/cobbler/config/profiles.d still have the old ip for iscsi_target and log_host	17:34
ahasenack	should I edit them manually or is there another way?	17:35
samba35	ahasenack, can i send you pm ?	17:35
ahasenack	samba35: techincally, sure	17:36
gmcinnes	Hi all.	17:41
gmcinnes	I just did a do-release-upgrade -d to get from 10.04 to 12.04. After rebooting at the end of the process, I just get dumped to a grub prompt, with no menu entries of kernels :( Any idea how to fix?	17:42
gmcinnes	Does anyone know what kernel it likely installed, and I can try and boot from grub2?	17:43
ahasenack	gmcinnes: you can play around with the ls command	17:45
ahasenack	see what is installed	17:45
ahasenack	then try to boot manually whatever you find	17:45
ahasenack	basically you need a kernel (hd?,?)/vmlinuz root=/dev/some/device	17:45
ahasenack	and another for initrd (hd?,?)/initrd	17:46
ahasenack	then "boot"	17:46
ahasenack	you need to find out "hd?", use tab completion for that, it's going to be a number	17:46
ahasenack	and maybe /vmlinuz won't exist, so poke around in /boot	17:46
gmcinnes	that's the thing. I don't know hot to get to /boot	17:46
ahasenack	try ls (hd0<tab><tab>,<tab><tab>)	17:47
ahasenack	some combinations of that	17:47
gmcinnes	ah!	17:48
gmcinnes	the light switches on.	17:48
gmcinnes	thanks.	17:48
=== dendro-afk is now known as dendrobates
jcastro	adam_g: I'm doing the schedule today, what days are good for you?	17:49
adam_g	jcastro: mon or fri usually	17:52
PedroGomes	Hi, does anyone knows if it is possible to create an empty (or mostly empty) lvm group in a installation based on preseed/partman?	18:00
hazmat	smoser, is there a way to manually run cloud-init post boot?	18:03
smoser	there are jobs in /etc/init/cloud-*	18:03
smoser	you can run them by hand (sudo start cloud-init-XXXX)	18:03
=== Gallomimia_ is now known as Gallomimia
SuperLag	What is the proper way to make sure an init.d script starts on boot?	18:15
SuperLag	Netatalk, in this case	18:16
RoyK	SuperLag: symlink it to /etc/rc2.d/Sxxnetatalk, where xx being a number	18:17
RoyK	the number being the start order	18:17
RoyK	or, the other way around, Sxxnetatalk, like, S99netatalk -> ../init.d/netatalk	18:17
stgraber	hallyn: current lxc SRU has now been published, I'll start preparing the next one today/tomorrow	18:19
gmcinnes	ahasenack: thanks for your help. I'm still stuck trying to find the root partition. I know where it should be. Its an lvm volume which shows up in ls in grub, but it doesn't want to boot	18:20
gmcinnes	ahasenack: is there anything special I have to do to get lvm partitions to work?	18:20
ahasenack	gmcinnes: I don't know if grub support /boot in lvm	18:22
hallyn	stgraber: thanks. Did you see the new bug/complaint about --close-all-fds not being the default?	18:23
ahasenack	gmcinnes: but lvm in root works, I have it	18:23
hallyn	I'm fine with making it the default, fwiw.	18:23
henkjan	ahasenack: grub2 can boot from lvm	18:23
stgraber	hallyn: nope, haven't seen it yet. Do you see any potential problem with having it be the default?	18:23
stgraber	hallyn: I can't think of a case where we specifically want the container to inherit an fd	18:24
hallyn	well it might paper over errors in callers...	18:24
hallyn	no, if we inherit one we bail out with an error	18:24
hallyn	so the only thing we lose is not warning about bad callers	18:24
hallyn	probably not worth it	18:24
ahasenack	gmcinnes: so if your /boot is in the root partition, and that is an lvm lv, then you need to research how grub handles lvm, i don't know that	18:25
ahasenack	gmcinnes: my /boot is a normal /dev/sda1 partition, just the rest is lvm	18:25
stgraber	hallyn: could we change it to closing all fds by default but printing a warning if lxc-start inherited any non-standard fd?	18:26
hallyn	do you think that's worth it?	18:26
stgraber	depends how much effort it's, if it's fairly trivial to get the warning or at last a log entry, it might be worth doing	18:27
hallyn	well, maybe at debug level	18:27
hallyn	yeah	18:27
hallyn	do you fel that should be handled in your next set of SRUs?	18:28
stgraber	so someone working on a wrapper around lxc-start can make sure that his code is sane (thinking of what arkose is doing at the moment)	18:28
hallyn	well in any case, i'm about to duck out for lunch	18:28
hallyn	sounds good. i'l lhappily whpi up a patch later today or tomorrow if you like.	18:28
stgraber	it's technically a change of behavior so we might have to do some convincing to get in as an SRU	18:29
gmcinnes	ahasenack: yeah. I thought mine was too. All the vmlinuz and grub stuff is there, but the actual "/boot" is on / I think. What a pain. I'll keep hacking.	18:30
stgraber	and we need to make sure not to drop the current parameter as otherwise we'd cause regression	18:30
hallyn	yup	18:30
hallyn	ok i'll triage the bug later (if you haven't by then)	18:30
hallyn	bbl	18:30
ahasenack	gmcinnes: check this: https://wiki.archlinux.org/index.php/GRUB2#LVM	18:31
ahasenack	gmcinnes: you can issue those commands at the grub prompt too	18:32
ahasenack	the insmod I mean	18:32
ahasenack	maybe after doing that ls will show the /boot files and you can reference them	18:32
ahasenack	set root=stuff is so you don't need to use (hdN,M) all the time as a path prefix	18:33
ahasenack	or the vg and lv names in this case	18:33
gmcinnes	ahasenack: ah! got it.	18:33
gmcinnes	I was already at that page :)	18:34
ahasenack	nice, hope it works	18:34
gmcinnes	well, I got it booted :) Now to see wtf went wrong on the upgrade.	18:34
ahasenack	gmcinnes: double nice	18:35
=== dendrobates is now known as dendro-afk
gmcinnes	anyone know if there is a command to check grub.cfg syntax?	19:27
gmcinnes	of course there is. awesome :)	19:27
=== nxvl is now known as inxvl
=== inxvl is now known as nxvl
mgw	anybody here with experience building openssh dpkg?	19:56
mgw	I made an update to configure.ac, ran autoreconf, and now I'm failing to compile	19:56
mgw	About 20 minutes into dpkg-buildpackage	19:57
mgw	https://gist.github.com/70f1ab4e2f71baa39681	19:58
axisys	how do I send mail from command line with a reply-to header?	20:46
axisys	mail -r foo@example.com does not work.. does not recognize -r	20:46
axisys	in solaris that is what we have been using	20:46
axisys	got it! mail -a "From: foo.com" worked	20:55
tash	I feel like an idiot. I don't know if this is better to be asked here or #vbox. I have an Ubuntu Server running VirtualBox. 2 interfaces ( eth0, eth1 ). I have 2 virtual machines running on the host. Each one is respectively bridged to eth0/eth1. So, vm1 is bridged to eth0 and vm2 is bridged to eth1 on the host. If I unplug 1 of the network cables, say eth1 (192.168.1.223) I can still ping it, but I cannot ping the vm that is bridged to that interfac	21:06
tash	fwiw, I can also ping eth0, so I know I am not confused in that regard ( as in, I'm pinging the right thing )	21:07
=== zooko` is now known as zooko
KillMeNow	anyone here ever use the vmware converter to P2V a Ubuntu server?	21:21
=== deboroh is now known as elleuca
=== wolferz is now known as Guest95739
=== Guest95739 is now known as wolferz
hallyn	stgraber: ok, if you don't have the package ready tomorrow, can i give you a patch for bug 1003583 tomorrow?	21:41
uvirtbot	Launchpad bug 1003583 in lxc "make the "--close-all-fds" option in lxc-start on by default" [Low,Confirmed] https://launchpad.net/bugs/1003583	21:41
hallyn	(not sure yet which patch I'll write :)	21:41
stgraber	hallyn: yep	21:43
hallyn	thx	21:44
=== matsubara is now known as matsubara-afk
KristianDK	stgraber, any chance bug 994752 will be going to precise-proposed sometime soon? And this there anything I can do to help?	21:54
uvirtbot	Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752	21:54
=== Lcawte is now known as Lcawte\|Away
stgraber	KristianDK: yes	21:58
stgraber	KristianDK: it's planned to go in the next sru	21:58
KristianDK	stgraber, I'm not sure I fully understand the SRU concept in regards to timing - when would the next SRU be?	22:06
* LordOfTime pokes hallyn		22:08
SpamapS	KristianDK: its not timed	22:09
SpamapS	KristianDK: but its a rather lengthy process .. so sometimes its best to group them rather than do them in serial, thats what stgraber means.	22:09
hallyn	LordOfTime: yup, I'm new to bugs. since I never cause any myself	22:10
stgraber	KristianDK: if all goes well, it should be land in -updates within the next 2 weeks	22:10
LordOfTime	hallyn: :P	22:10
KristianDK	SpamapS, ah thanks, now I understand :-)	22:10
LordOfTime	hallyn: you targetted it correctly, i'd leave that bug as it was (the Lubuntu one) until it gets confirmed	22:10
LordOfTime	hallyn: someone'll get to it eventually, i'll poke my friends on the lubuntu team, get them to see it though	22:10
* LordOfTime works on Ubuntu bugs and nginx bugs, so... :p		22:11
hallyn	LordOfTime: thanks. launchpad scard me, making it look like that project didn't get looked at by anyone	22:11
hallyn	I hated to be responsible for that bug falling off a cliff	22:11
KristianDK	stgraber, ok - I'm really blocked by this bug right now - is there a recommended way to apply the patch in a way where it will not conflict with the update once it arrives?	22:11
stgraber	considering I don't know how I'm going to fix it in the SRU yet, no	22:12
LordOfTime	hallyn: they get looked at every so often, you might want to sit and lurk in -bugs forever :P	22:12
* LordOfTime is on bugsquad, if yo uhave a question about a bug ask it there, i'll probably see it		22:12
hallyn	LordOfTime: good point, I'll ask there next time. thanks.	22:12
hallyn	KristianDK: if you're blocked on that bug, can you simply use a package from ppa for now?	22:13
LordOfTime	hallyn: you can ask in #lubuntu or #ubuntu-bugs, but bugsqad'll look at stuff mentioned in -bugs :)	22:13
KristianDK	hallyn, sure - couldnt find a PPA with the fix in it though	22:13
stgraber	KristianDK: quantal currently has the fix	22:13
LordOfTime	which package guys	22:13
LordOfTime	and what program	22:13
hallyn	KristianDK: there isn't one yet :) but I can see if the quantal package will compile for precise in my virt ppa, one sec	22:14
hallyn	LordOfTime: an lxc bug, bug# should be a page or two up	22:14
LordOfTime	hallyn: packet loss between irc and my end, mind reposting?	22:14
hallyn	bug 994752	22:14
uvirtbot	Launchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,Confirmed] https://launchpad.net/bugs/994752	22:14
KristianDK	hallyn, that would be cool! I'm very new to debian packaging, so I'm a bit lost on how things are done "the right way"	22:15
hallyn	KristianDK: this almost certainly isn't the "right" way :) but it should keep you going	22:16
LordOfTime	hallyn: the correct way is to read the SRU guidelines, and request an SRU with that patch	22:16
hallyn	KristianDK: I say it's not the right way bc I'm going to use the quantal version #, so you'll need to manually install the precise version when that is fixed	22:16
hallyn	LordOfTime: yup, that's being done	22:17
LordOfTime	hallyn: looks like the SRU request isnt even there	22:18
* LordOfTime looked, there's tons of missing data		22:18
hallyn	stgraber is on it	22:18
LordOfTime	good, one less thing for me to poke people on :P	22:18
* LordOfTime has enough to deal with		22:19
KristianDK	LordOfTime, if its anything I can do, I'd love to do so - I would just need some directions	22:19
LordOfTime	STOP RINGING, YA STUPID PHONE	22:19
LordOfTime	be right back, this thing's been ringing off the hook all day	22:20
hallyn	KristianDK: assuming there is no build failure that I didn't anticipate, it should show up at https://launchpad.net/~serge-hallyn/+archive/lxc-backport	22:20
KristianDK	hallyn, awesome! Thanks a lot! I guess it wont update when the SRU comes then, but I could actually just reinstall the VM we use for testing at that point, so that probably does not matter	22:21
hallyn	KristianDK: ideally when the call goes out for testing the SRU package, you'll apt-get remove lxc, rm /etc/apt/sources.list.d/serge*, set up -proposed, apt-get update and apt-get install lxc to test :)	22:24
hallyn	(you can ping me when the time comes to go back over that if you like)	22:24
hallyn	ttyl	22:24
KristianDK	Sure, thanks :)	22:24
=== qhartman_ is now known as qhartman
KristianDK	hallyn, adding the PPA and doing apt-get update && apt-get upgrade should do it right?	22:35
KristianDK	or does this need to complete first? https://launchpad.net/~serge-hallyn/+archive/lxc-backport/+builds?build_state=pending	22:36
hallyn	KristianDK: yes, but only once it has built	22:36
hallyn	right	22:36
KristianDK	ah, from experience - does it actually take 14 hours?	22:36
KristianDK	then i might as well go to sleep :D	22:36
hallyn	KristianDK: it depends on how many other packages are queued up	22:41
hallyn	ppas are lower priority	22:42
KristianDK	ah ok, ill keep an eye on it	22:44
stgraber	hallyn: bumped, will start building real soon	23:00
KristianDK	awesome :D	23:02

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!