=== Aaton is now known as Aaton_off === bitmonk_ is now known as bitmonk === baggar11_ is now known as baggar11 === n0ts_off is now known as n0ts === ReTFEF is now known as TheTFEF === cpg is now known as cpg|away === Aaton_off is now known as Aaton === exocaesar is now known as Guest88597 === cpg|away is now known as cpg === TheTFEF is now known as Guest26587 === Guest26587 is now known as TheTFEF [02:04] stgraber: bleh, a problem with set_config_item. I was hoping to be able to 100% use the existing callback code. [02:05] stgraber: but if you want to be able to do set_config_item("lxc.network.0.ipv4", "1.2.3.4") when 2 nics are defined, that requires changes [02:05] bc right now it's all based on the order of items in the config file [02:05] i guess i must change that. with the api it's too hacky otherwise [02:05] :( [02:09] added to todo list. it would be a crime not to === Aaton is now known as Aaton_off [02:42] hallyn: heh, sorry ;) note for the next open source project => properly design config file (and don't make it depend on ordering ;)) === Corey_ is now known as Corey [04:39] I am looking for any docs/guides on getting juju working with rackspace cloud via openstack? [04:39] anyone have ideas on that? [04:40] hey, people who are using node in production, whats your preferred way of doing server config and management? [04:40] oops, wrong channel === Aaton_off is now known as Aaton [06:38] * RoyK += 0xc0ffee === Aaton is now known as Aaton_off === Aaton_off is now known as Aaton [06:56] hm... where can I set the package version in making a deb package? [07:03] is the UEC still not possible in a mesh configuration? I mean - no single point of failure thing in front (although I know it's possible to build that fault tolerant with DRBD or similar, I just don't want all that hassle) === matsubara-afk is now known as matsubara [07:52] hi guys, how can i disable ufw for an interface? as i'm trying to use multicast on private lan, and i want to disable firewall for eth1 [07:53] alex88: afaict, ufw allow in on eth1 [07:53] alex88: man ufw ;) [07:54] i've tried "ufw allow in on eth1 from any to any" [07:54] and it added the rule [07:55] but it seems they stil don't see each other http://pastebin.com/7Qbh6nDs i'm trying to use corosync + pacemaker [07:56] nm, it seems the same with firewall disabled [07:59] does #ubuntu-cloud actually exist? (looks like I can't join because I'm not invited) [08:01] alex88: ufw disable ;) [08:02] RoyK: yup, just tried, still not working, it was working fine before restart and now..boom [08:02] alex88: but - are you sure someone's actually listening to that multicast address? [08:02] alex88: also, make sure there's no router between your machine and whoever's going to receive that traffic [08:03] RoyK: it worked fine until last restart, machines are using crossover cable, also, both corosync are running on same multicast address and port [08:03] just that now, each machine doesn't see the other [08:05] let me try to reboot again with ufw disabled === Jasonn is now known as juicy [08:07] mhh.. same thing [08:07] RoyK: how can i check if something is listening on multicast? [08:09] lsof -p might help [08:09] that'd be the pid you hope is listening [08:10] "corosync 6225 root 9u IPv4 26096 0t0 UDP 226.94.1.1:5405" [08:10] seems so [08:16] then debug that app ;) [08:16] or sniff the traffic on that host to see if you can see incoming multicast traffic === railsraider_ is now known as railsraider === Aaton is now known as Aaton_off === Aaton_off is now known as Aaton === railsraider_ is now known as railsraider [08:53] How do I do sudo -u postgres without getting "could not change directory to "/root"", do I have to cd into some other directory or is there a better way? [08:53] Maybe something similar to su - [08:53] ? [08:53] Pupeno_W: su - postgres [08:53] Can't sudo do it? [08:54] sudo si roy@smilla:~$ sudo su - postgres [08:54] postgres@smilla:~$ [08:55] never mind the initial 'sudo si ' [08:55] That's still su doing it. :) [08:55] yep, with sudo helping [08:55] sudo -iu postgres [08:56] same thing [08:56] just a tiny difference in how the new shell is started [08:57] RoyK: I'm not trying to have an interactive shell, just run a command. [08:59] pkexec? [09:00] Pupeno_W: no idea - according to the docs, -EH should help, but AFAICT it doesn't [09:00] Ok… thanks :) [09:00] * RoyK tries to fix sanlock [09:01] do we use SysV or Upstart in precise? [09:04] bpth, really, but upstart is preferred [09:04] sysv for things that don't do upstart [09:05] s/bpth/both/ [09:06] alright. seems good RoyK . Thank you for making Ubuntu awesome. === Aaton is now known as Aaton_off [09:14] i need to know how to use IPTables to allow any and all traffic to/from a specific IP allowed while any other rules in the IPTables are still in effect [09:20] !ufw [09:20] Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist. [09:20] KingKatari: normally, ufw is the preferred way of doing things unless you know iptables by heart and need more capabilities than ufw can offer [09:21] KingKatari: ufw allow from x.x.x.x will do what you want [09:21] i need it via iptables [09:21] KingKatari: or iptables -I INPUT -s x.x.x.x -j ACCEPT will allow all traffic from that IP [09:21] thanks [09:22] something tells me that if you didn't know that, you shouldn't be using iptables in the first place :þ [09:22] so iptables -I INPUT -s 97.96.233.45 -j ACCEPT will allow any traffic in from that IP and iptables -I OUTPUT -s 97.96.233.45 -j ACCEPT will allow all traffic out to that IP? [09:23] normally, the output chain won't block anything [09:24] but if it does, you need to 'iptables -I OUTPUT -d 97.96.233.45 -j ACCEPT' [09:24] -d, not -s [09:24] what it is, is that a friend locked my vps down for me more so then what the Host provider does and i cant get ahold of him to mod it to allow some connections from the vps to a home server and vice versa [09:27] lol i have a perl script on my vps that will query my windows system and then send the info to my linux system ( both windows and linux systems are on my home network ) but due to a conflict on my linux box on home network i cant run this perl script [09:36] hi [09:37] how do I get fts_lucene for dovecot? it's not in any of the repos, afaik === zyga is now known as zyga-afk === n0ts is now known as n0ts_off [10:23] I'm trying to install ubuntu server and when I select the menu option to install it reboots the computer, any ideas? === n0ts_off is now known as n0ts === n0ts is now known as n0ts_off === n0ts_off is now known as n0ts === zyga-afk is now known as zyga === matsubara is now known as matsubara-afk === cpg is now known as cpg|away [11:09] If I have PHP sending output to syslog with ubuntu, how do I make it go to it's own file? [11:12] I have no idea what the default version of syslog installed with ubuntu is - rsyslog? syslogng? [11:13] * KingKatari takes a sledge hammer to his bamt rig and begins to beat it to dust [11:20] any ideas? [11:45] error: internal error cannot load AppArmor profile [12:04] iam unable to see room list or creat any room for xmpp based openfire server used kopete (didnt see any options for rooms) and fastpath webased client (didnt showed a list either . any help? === n0ts is now known as n0ts_off === K4k_ is now known as K4k [13:09] Ok, resolvconf is driving me nuts [13:09] so I removed it [13:09] set both of my interfaces to static [13:10] added the dns-nameservers stuff to both in /etc/network/interfaces [13:10] and the dns-search thingie [13:10] setup resolv.conf to match them [13:10] i.e. they are all supposed to point to this machine since I have bind init [13:11] I reboot [13:11] my resolv.conf is changed [13:11] wtf? [13:11] This is 12.04 BTW [13:19] hello there [13:19] anyone here ? [13:20] i would like to run an application when you open a terminal [13:20] how to do ? [13:25] azei: Use a .bashrc file in your home directory maybe? [13:26] well do you heard about [13:26] cmartrix ? [13:26] heh [13:28] hello Pici [13:28] do you know about that ? [13:29] i simply trying to launch this application at terminal startup [13:29] how ot o do ? [13:29] how to do ? [13:30] azei: Ubuntu server doesn't have a GUI, so there really isn't any "opening a new terminal". If you're running GNOME, or whatever, take a look at the manpage for gnome-terminal for the right arguments for doing whatever you want to do. [13:30] stop [13:30] you don't listening [13:31] azei: then clarify what you're trying to do. [13:31] first tell me do you know that applicatioN ? [13:32] azei: Yes, I've played with it before. [13:33] pefect we can exchange better [13:33] zul, bencer: uploaded openldap with smbk5pwd [13:33] when you try to ssh to your server [13:33] stgraber: cool [13:33] i would like that that application run itself [13:33] Daviey, smoser: for bug 1024408, my recollection is that add-apt-repository has never been in any relevant seed. I've always had to install it manually, and just verified this in Oneiric (I don't have a Precise non-VM image handy). But cloud-init depends on python-software properties (and more recently software-properties-common, bug 1021418), so we don't usually find add-apt-repository missing on cloud instances. Would adding software-properties- [13:33] common to an appropriate server seed be the best solution here? [13:33] Launchpad bug 1024408 in ubuntu-meta "Quantal installs do not include software-properties-common by default" [Undecided,Confirmed] https://launchpad.net/bugs/1024408 [13:33] Launchpad bug 1021418 in cloud-init "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Fix released] https://launchpad.net/bugs/1021418 [13:34] I'd certainly like to see add-apt-repository available on Server by default (VM or not) [13:34] and by pressing a key i would like that it give hand to prompt [13:34] how to do ? [13:34] azei: adding it to the end of your .bashrc should be sufficient. [13:35] adding what to where ? [13:35] stgraber: zul, cool thanks!! [13:35] rbasak, well it seems that javiewr is implying there is a dependency bug [13:36] (that i was not aware of) [13:36] smoser: "Quantal server installations do not include software-properties-common by default." [13:36] smoser: this has never been the case. Precise server installations don't include that either, AFAIK, and by design. Unless you install cloud-init [13:36] pefect Pici working [13:36] it seems to me that adding it to server seed would be reasonable. [13:36] azei: great [13:37] rbasak, yes, but commen t2 in that bug suggests a dependencies problem [13:37] (in addition to it not being seeded) [13:37] but it don't give the hand to cli [13:37] when you press something [13:38] rbasak, just uploaded you libnss-ldap fix to quantal - made one small tweak which was to use dh_link in the rules file rather than doing it using mkdir && ln -s [13:39] I think he might have it backwards. Comment #2 sounds like he expects add-apt-repository to appear if he installs python3-software-properties. This is now backwards. From >=quantal, you're supposed to install software-properties-common for add-apt-repository. bug 1021418 [13:39] Launchpad bug 1021418 in cloud-init "Replace python-software-properties Depends with 'software-properties-common'" [Undecided,Fix released] https://launchpad.net/bugs/1021418 [13:39] get my questioN ? [13:39] jamespage: I didn't use dh_link because the links file can't do multiarch. Or can it? [13:39] rbasak, you can use it directly in debian/rules [13:40] jamespage: ah, I didn't know that. Thanks! [13:40] rbasak, http://paste.ubuntu.com/1098313/ [13:40] jamespage: got it. That makes sense. Thanks for the upload! [13:40] rbasak, I'm not sure whether we need to SRU that tho - its broken but are we actually seeing any bugs because of it? [13:41] jamespage: I fear that ldap nss is completely broken on precise, but that nobody has noticed [13:42] jamespage: actually no, scrap that [13:42] rbasak, well until somebody does and can come up with a test case.... [13:42] lol [13:42] nss looks for /lib/.../libnsswitch_ldap.so.2 or something, which does exist (on amd64). So I think I agree - no SRU unless somebody complains with an impact statement [13:43] jamespage: however, armhf is completely broken right now and on my todo list [13:43] rbasak, ack [13:43] sounds good to me [13:43] Upstream detect the presence of glibc in an "interesting" way in autoconf, and an armhf system isn't glibc according to that :) [13:43] So it puts all the libraries in the wrong places [13:45] grmbl, server upgrade from lucid to precise [13:45] but grub doesnt fit in my bootsector :( [13:45] starting on sector 63 [13:47] install it on your partition instead? and let the normal bootsector chainload it? [13:48] wil that work on an mdadm + lvm partition? === joete is now known as joegazz84 === joegazz84 is now known as bca === bca is now known as Guest29702 === Guest29702 is now known as bca [14:05] smoser: ping [14:05] zul, here. [14:06] smoser: where can i get the cirios images again? [14:11] zul, launchpad.net/cirros oficially [14:12] but if you are playing, i'd appreciate testing on http://cirros.brickies.net/download/0.3.1~pre1/ [14:12] zul, ^ [14:13] cool beans [14:20] which is the most feature full xmpp server ? any suggestions? which one is this jabber.org using? how can i ban kick or gline (similer to irc) in jabber? using openfire at the moment? are there any stardard commands? which xmppds have largets user communities [14:21] smoser: does the cirios lxc image work? [14:23] zul, i believe so [14:38] rbasak: agreed, that has always been the case [14:38] also.. vim being missing, wtf :) [14:38] Daviey: I found bug 439566 [14:38] Launchpad bug 439566 in ubuntu-meta "add python-software-properties to ubuntu-standard" [Wishlist,Triaged] https://launchpad.net/bugs/439566 === Lcawte|Away is now known as Lcawte [14:40] rbasak: perhaps liase with cyphermox? [14:46] Daviey: don't we just need to add software-properties-common to a seed now? [14:46] Daviey: which seed? ubuntu-standard? [14:47] rbasak: well, standard hits desktop aswell... is this just required for server? [14:48] Daviey: desktop ends up with it already I think. I think it should be in both though, since lots of Ubuntu-related instructions use add-apt-repository (eg. instructions on a PPA page) [14:49] rbasak: Okay, do you want to get a MP ready? we'll JFDI and see if there is comment. [14:49] Daviey: OK, will do [14:51] supr === Aaton_off is now known as Aaton [15:18] smoser, zul: how do you feel about an upgrade to python-boto? I have one in the sponsorship queue.... [15:20] Does anyone have an example of an iptable egress rule (allow to, say, connect to www.server.com:80 from a LAN) for a firewall? [15:20] jamespage, well.. i do not have strong feelings against. [15:20] other than that i finally got to using the debian package in the last upload [15:21] (after like 2 years of carrying our own) [15:21] jamespage: depends on the changelog [15:21] zul, the changelog is massive of course [15:21] sure i wouldnt mind sticking it in the openstack-ci and see what breaks first [15:23] http://paste.ubuntu.com/1098457/ [15:24] we are fairly light on boto usage. really [15:24] Hi, is it possible to install Ubuntu Server from USB-stick? I am just receiving error about reading from CD. What I want is to install Ubuntu Server and then install MATE on it, without getting Unity nor KDE nor XFCE nor LXDE. [15:25] smoser, yeah - I noticed [15:25] smoser: still i would rather have someone install it and the nova testsuite with it on though [15:25] safer than sorry [15:25] (debian package finally in use) [15:26] zul: does the nova build do that - I can check it if you like? [15:26] jamespage: sure [15:27] http://paste.ubuntu.com/1098459/ [15:27] Nevermind, Google is full of similar issues. [15:28] i generally trust python-boto though to be backwards compatible. [15:31] smoser, ack - I pushed back on the additional changes proposed to the packaging anyway - I'll look again later. [15:32] jamespage, mp link? [15:33] smoser, https://code.launchpad.net/~logan/ubuntu/quantal/python-boto/new-upstream/+merge/115465 [15:34] hm.. === Aaton is now known as Aaton_off [15:42] I understand that you guys are doing and discussing specific dev stuff, but would it really be that hard to answer a few 30 second questions? (not me, just people I can see further up that have been completely ignored with questions that even I could have answered...) === matsubara-afk is now known as matsubara [15:47] Then why didn't you answer them? [15:48] ++ [15:49] smoser, hm..? === Aaton_off is now known as Aaton === Ursinha` is now known as Ursinha === Aaton is now known as Aaton_off === Aaton_off is now known as Aaton === Aaton is now known as Aaton_off === i23 is now known as py_can [16:51] jamespage, my hmm... was just wondering why the suggested watch file move to pypy [17:09] N === cpg|away is now known as cpg === cpg is now known as cpg|away [17:39] /statusbar window add -after lag -priority 10 act [17:40] /me smiles [17:46] sorry, new to irssi, and trying out some settings :) [17:47] np :) [17:59] ssvss: 20 pushups, now! [18:26] " 16:47:19 - Wed 18.07.2012 Then why didn't you answer them?" because I wasn't here, I was idle... I was commenting to people who were active and talking at the time... [18:39] good afernoon/eve people, can i ask support questions about ufw/iptables here? [18:40] imma ask my questions, and hope this is the right channel, because this is driving me crazy [18:40] dbsr: lol [18:40] go for it [18:41] !ask [18:41] Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience [18:44] first, im new to linux, so, probably how i did it was not the most efficient way, i wanted to be able to open the ssh port on my server remotely through apache, made a c wrapper that gets called by www-data but is executed as root, the c wrapper calls a bash script that reads the ip from a text file the php page makes after i have succesfully logged in (prob could have used the c wrapper for it but this was easier :p) [18:44] anyhows, everything works [18:45] i use ufw by the way, not iptables itself [18:45] the rule gets added [18:45] but somehow [18:45] it doesnt work [18:45] what exactly are you trying to do? [18:45] open ssh port to apache seems rather - well - strange [18:46] the weird thing is, that when i add the rule with gufw, it does work, i checked user.rules, and it looks exactly the same, checked iptables-save no difference between the ufw added rule and the rule added through gufw [18:46] i dont open it for apache [18:46] explain the application [18:46] i use apache to open it 8) [18:46] what you are trying to do [18:47] trying to login via ssh on port 80? [18:47] or 443? [18:47] or what? [18:47] zul: can you push that python-warlock packaging somewhere so i can get builds going agian? [18:48] well, my server was gettung hammered by baddies tryingi to get access to it through ssh, i disabled password auth and am using keypass now, so its not really needed anymore [18:48] but i thought it would be fun to make [18:48] adam_g: yep [18:49] what it should do is when i want to ssh my server, i visit a php page that needs user/pass, when user/pass is correct, apache calls a script that opens the ssh port (22) [18:49] and when i close the remote session ive got a script that closes the port [18:49] adam_g: http://people.canonical.com/~chucks/tmp/ [18:49] the problem is that somehow, i cant use ufw to open the port for my ip [18:49] when I add the exact same rule through gufw [18:49] it does work [18:50] and every setting file ive looked, both rules look exactly the same [18:51] I have even looked at the gufw source code to see if it is doing anything special when it applies the rules, couldnt find it [18:51] so im at wits end [18:53] dbsr: apt-get install denyhosts ;) [18:54] or fail2ban [18:54] or knockd [18:54] or use openvpn [18:56] sorry guys, got d/c [18:56] Seveas: vpn is nonesense if you want a server to be available [18:56] dbsr: try denyhosts or fail2ban [18:56] yea, im not making it as much any more for security reasons as for fun/learning [18:56] im running fail2ban [18:57] then those worms won't get through [18:57] yea, dunno much about that, but was wondering howd they get my servers ip [18:57] i did register a website at freedns [18:57] thought that was it [18:57] probably by sweeping [18:58] like mass port scanners? [18:58] dbsr_: forget about secret addresses [18:58] just secure your host [18:58] one of the ips that was hammering my server was apparently a well known botnet' [18:58] listen: they'll find your address, just secure it [18:59] yea [18:59] thanks for the advice guys, if anyone knows what could cause the discrepancy between gufw and ufw would be cool [19:00] dbsr_: the best advice is to secure your services - that way you won't need a firewall [19:00] no firewall at all? [19:00] nope [19:01] neither on the router? [19:01] a firewall is there to secure insecure systems behind it [19:01] heh [19:01] * RoyK works at hioa.no and we don't have a firewall [19:01] like only idiots need virusscanners? [19:02] or windows users ;) [19:02] heh [19:02] same [19:02] * dbsr_ windows user [19:02] :) [19:09] well hi again, webirc is no good apparently :) [19:10] there has been one linux virus right? read an article about it a while back, decent read [19:12] dbsr: there have been worms, but no big one since the BIND worm back in 1999 or so [19:13] oh, 2001, that was [19:15] RoyK: Have you ever tried archlinux? thought it would be fun to try it out, heared it isnt really a distro for (headless) servers tho [19:15] dunno [19:15] ubuntu works well for me [19:16] fair enough, and any input on the lack of quality codecs for (hd) media playback [19:16] if theyd have those [19:16] i would switch back instantly [19:23] aight, thanks for the help, gn all === ReTFEF is now known as TheTFEF [19:27] hello [19:27] my sh script works if I am in the directory, but not outwards === roaksoax_ is now known as roak === roak is now known as andreserl === andreserl is now known as roaksoax_ === segv_ is now known as segv === Daviey_ is now known as Daviey === three18ti_ is now known as three18ti === roaksoax_ is now known as roaksoax === LordOfTime is now known as TheLordOfTime [20:49] Can anyone tell me why apparmor is not allowing mysql to start: http://pastie.org/private/idr4qq2ewnqewdtlfz0zlg [20:49] googling did not get me a good answer so far [20:49] raubvogel: I don't see any evidence that apparmor is preventing mysql from starting [20:50] raubvogel: the profile_replace is just from /etc/init/mysql.conf loading its profile into place before it starts [20:51] Ah ok. I have been having too much fun with apparmor this week so I am a bit in a knee-jerk mode [20:52] raubvogel: check /var/log/mysql* [20:52] Jul 18 12:45:54 certmysql kernel: [11966.798666] init: mysql main process (6145) terminated with status 1 [20:53] SpamapS: It did not write to its log file [20:53] I think I know now what is going on [20:53] bind-address [20:53] raubvogel: when that happens I try running /usr/sbin/mysqld manually === cpg|away is now known as cpg [22:20] Hi, I want to compile a package that was downloaded using apt-get source [package name]. I compiled it using 'dpkg-buildpackage -rfakeroot --target=x86_64'. I am running on a 32bit machine, I was hoping to cross compile. Can someone point me to a straight forward guide on how to do this ? [22:58] I all, I have an ubuntu ec2 server and I am trying to use apt-get install. I cam getting 403s for everything [22:58] led to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/main/g/gtk+3.0/libgtk-3-common_3.4.2-0ubuntu0.2_all.deb 403 Forbidden [22:58] s/led/Failed/ [22:59] * smw_ pokes utlemming [22:59] smw_: did you run "apt-get -y update" firsT? [23:00] oh... that would be a good idea :-) [23:00] thanks [23:00] utlemming, it is working now :-) [23:01] smw_ :) [23:01] * utlemming is happy [23:01] smw_: unfortantly, this is an area where I think apt is deficient [23:01] it should update the meta-data before any operation, so you don't see 403's [23:02] yeah === joete is now known as bca === Lcawte is now known as Lcawte|Away [23:41] Hi, trying to use perf-top and well perf in 12.04 can't seem to find the package that has it? [23:49] New bug: #882581 in glance (main) "install/upgrade questions re glance-manage db_sync" [Low,Confirmed] https://launchpad.net/bugs/882581 [23:49] New bug: #974046 in maas (main) "running just the command "maas" causes an error" [Medium,In progress] https://launchpad.net/bugs/974046 [23:49] New bug: #1007314 in krb5 (main) "trying to upgrade from 11.10 to 12.04: The package 'postgresql-contrib-8.2' is marked for removal but it's in the removal blacklist" [High,Fix committed] https://launchpad.net/bugs/1007314 [23:49] New bug: #1026256 in pptpd (main) "pptpd.conf" [Undecided,New] https://launchpad.net/bugs/1026256 [23:49] New bug: #1026261 in postfix (main) "[regression] mail stalls; postfix chroot setup nests /etc/ssl/certs to deep" [Undecided,New] https://launchpad.net/bugs/1026261 [23:49] New bug: #1026375 in php5 (main) "package libapache2-mod-php5 5.3.10-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1026374)" [Undecided,New] https://launchpad.net/bugs/1026375 [23:50] New bug: #1026057 in openldap (main) "Segfault when setting bad olcTLSCipherSuite" [Medium,Triaged] https://launchpad.net/bugs/1026057 [23:51] New bug: #1026015 in openbsd-inetd (main) "wrong variable in /etc/default/openbsd-inetd" [Undecided,New] https://launchpad.net/bugs/1026015