[00:11] <zul> hallyn: still around?
[00:12] <zul> hallyn: have you seen this before? http://pastebin.ubuntu.com/1257101/ when trying to do virsh iface-list?
[00:49] <SpamapS> stgraber: yes, I did, and the problem does not seem to be resolved
[00:50] <SpamapS> stgraber: root     12367  0.0  0.0  27532  1108 ?        Ds   14:53   0:00 lxc-start --daemon -n clint-local-ci-u2-0 -l DEBUG -o /home/clint/.juju/data/clint-local-ci/units/u2-0/container.log
[01:01] <pmp6nl> Hey, all! Is unison a good way to backup my webserver to my laptop?
[01:59] <bits8mybytes> postfix or sendmail?
[02:00] <sarnold> I'd go with postfix, but that's mostly because I think it is better documented and better designed.
[02:01] <bits8mybytes> ok
[02:01] <bits8mybytes> I have used sendmail
[02:01] <bits8mybytes> have not tried postfix
[02:01] <bits8mybytes> yet
[02:01] <bits8mybytes> and sendmail was a bitch
[02:01] <sarnold> how do you feel abou the m4? :)
[02:01] <sarnold> hehe
[02:04] <bits8mybytes> sendmail never worked
[02:04] <bits8mybytes> and when I finally got it to work
[02:05] <bits8mybytes> I don't know how the hell I did
[02:05] <sarnold> yeah. then you'll like postfix.
[02:05] <bits8mybytes> cool does it do regex stuff?
[02:05] <bits8mybytes> on emails
[02:05] <bits8mybytes> obviously
[02:06] <sarnold> and more :)
[02:06] <sarnold> and all way easier than sendmail.
[02:36] <bits8mybytes> sarnold thanks for the tip
[02:38] <sarnold> bits8mybytes: have fun :)
[03:04] <Skaag> if I see this in my /sys/block/sda/queue/scheduler : noop anticipatory [deadline] cfq
[03:04] <Skaag> it means I'm on the 'deadline' scheduler right?
[03:20] <SpamapS> Skaag: yes
[03:21] <hallyn> zul: that was the augeas bug for which you uploaded the fix.
[03:21] <hallyn> zul: should nto be happpening any more
[03:22] <hallyn> zul: it came from the /etc/modprobe.d/iw* file having a line split by '\', which the modprobe lens couldn't handle
[03:23] <hallyn> so HOPEFULLY you're not seeing it in an uptodate quantal
[05:10] <level15> hi. i have a server with a few KVM libvirt VMs. one of them is paused and refuses to be unpaused. any ideas?
[06:33] <TLoT> anyone here know why oidentd would spawn tons of processes?
[08:59] <Fajkowsky> hey can someone help me with maas? http://askubuntu.com/questions/195115/nodes-cant-connect-to-server-after-bootstrap
[09:00] <bigjools> Fajkowsky: can you ssh to your node from your juju client machine?
[09:00] <bigjools> to 192.168.0.102 from the screenshot
[09:01] <bigjools> it looks like the machine has not booted yet.  You might be falling foul of the  Oauth time bug
[09:03] <Fajkowsky> witch machine?
[09:03] <Fajkowsky> node?
[09:09] <bigjools> Fajkowsky: yes the node
[09:11] <Fajkowsky> Ok i know what i was doing wrong
[09:11] <Fajkowsky> I was trying run node from old ubuntu instance
[09:12] <Fajkowsky> Now i let install again ubuntu on node
[09:13] <bigjools> ok
[09:14] <Fajkowsky> can I ask something about maas?
[09:15] <Fajkowsky> i go to #maas
[09:15] <bigjools> yup
[09:19] <MacroMan> I'm trying to install Ubunutu-server 12.04 onto an old box as a test server, but I only have an i686 cpu so it won't install. Anyone know what version of ubuntu-server I need to install on this machine?
[09:19] <MacroMan> Does that just mean that the processor is 32 bit and not 64?
[09:21] <rbasak> Are you trying to install using the i386 version or the amd64 version?
[09:21] <rbasak> The amd64 version probably won't work for you.
[09:21] <rbasak> You may also need a non-PAE kernel, for which you'll need to use mini.iso and do a network-based install.
[09:21] <MacroMan> Erm, I just downloaded the recommended one from the UBuntu website. I'm getting the message 'This kernal requiers an x86-64 CPU'
[09:22] <rbasak> Right. So amd64 won't work for you.
[09:22] <MacroMan> OK. So should I just try with the 32bit download?
[09:22] <MacroMan> Or is that a waste of time?
[09:22] <rbasak> Depends on whether your machine supports PAE or not.
[09:22] <MacroMan> PAE?
[09:22] <rbasak> If you don't know, it's probably easiest just to try the 32 bit download
[09:23] <rbasak> If it doesn't work, then look for instructions on installing 12.04 on a non-PAE machine
[09:23] <MacroMan> Ah yes, it does.
[09:23] <MacroMan> Cool, I'll try the 32bit one and see where I get
[09:25] <MacroMan> Tanks
[10:10] <eagles0513875> hey guys i need to implement dovecot + postfix for use with multiple domains. I already have dovecot + postfix setup which works. does anyone have a good how to on how to do this
[10:32] <eagles0513875> :(
[10:56] <eagles0513875> anyone alive in here?
[10:57] <tanathos> yes
[10:57] <eagles0513875> tanathos: do you have any experience with dovecot + postfix and multiple domains
[10:57] <tanathos> just that I have no ideea of dovecot + postfix unfortunately
[10:58] <eagles0513875> tanathos: no problem :(
[12:17] <vrturbo> hi all, any good howto's for juju + MAAS + openstack folsom + quantum ?
[12:32] <Fajkowsky> if someone will have time please check my problem with juju - http://askubuntu.com/questions/195901/juju-services-are-not-deplyoing-correctly
[12:34] <zul> hallyn: yeah works with augeas-lens installed
[12:49] <zul> hallyn: shouldnt augeas-lens be a depends now then?
[13:02] <hallyn> zul: doesn't it?
[13:02] <hallyn> augeas-tools -> libaugeas0 -> augeas-lenses
[13:08] <zul> hallyn: doesnt look like it
[13:16] <hallyn> zul: http://paste.ubuntu.com/1257929/   what do you see?
[13:17] <zul> hallyn: http://paste.ubuntu.com/1257931/
[13:18] <hallyn> zul: oh!  yeah.  you want libvirt to depend on it.  i see
[13:19] <hallyn> zul: so yeah, any reason not to have libvirt depend on libaugeas0?  it's in main...
[13:19] <zul> hallyn: nope not that i know of
[13:20] <Daviey> hallyn: what is the benefit ?
[13:20] <hallyn> Daviey: 'virsh iface-list' doesn't bomb out
[13:20] <hallyn> 00:14 < zul> hallyn: have you seen this before? http://pastebin.ubuntu.com/1257101/ when trying to do virsh iface-list?
[13:20] <hallyn> Daviey: ^
[13:21] <Daviey> i see :)
[13:26] <hallyn> smb`: Daviey: ok, are we at the point where i should fire up a large compute instance and bisect the netdev-freeing 'lxc' bug?
[13:27] <Daviey> One for smb i think.
[13:27] <Daviey> (as in, i don't know the state)
[13:31] <hallyn> smb`: ^
[13:33] <hallyn> ahs3: hi, debian bug 688167, have you had a chance to look at the 0.2.2-1 proposed pkg?
[13:49] <SpamapS> smb`: any ideas? I'm still running your 'smb2' kernel.. I can give you dmesg's or syslogs..
[14:27] <smoser> SpamapS, ping
[14:27] <smoser> http://paste.ubuntu.com/1258070/
[14:27] <smoser> or anyone, really
[14:27] <smoser> why does that job not respawn
[14:34] <xsl> hello all , sorry this "noobish" question. but i want to use lxc to separate php from nginx and mailfilter from postfix .. but the thing is ... all stuff installed with apt-get wants to install dependencies
[14:35] <xsl> can i use a flag on apt-get to install stuff that i want
[14:35] <xsl> like .. on 1 lxc i want just mysql-server
[14:35] <xsl> on lxc.2 i want nginx and mysql support .. no mysql-server again
[14:35] <xsl> any tips pls?
[14:46] <Kniggedigge> hi guys, can someone give me some support on netatalk on ubuntu 11.4? http://pastebin.com/HSeTUMDp
[14:53] <holstein> Kniggedigge: you tried the suggestion at http://0pointer.de/avahi-compat?s=libdns_sd&e=afpd ?? i would want to be running a more recent version, or an LTS... 10.04 or 12.04
[14:54] <Kniggedigge> hey holstein, do you think it might be, that afpd isnt running correctly? actually i tried to connect to the afp share with a mac, that does not work, but root      5998  0.0  0.0  65980  2532 ?        S    16:52   0:00 /usr/local/sbin/afpd -U uams_dhx.so,uams_dhx2.so -g -c -n  says that afpd is running… so i dont know if the error message above is important and blocking the whole thing....?
[14:55] <Adri2000> adam_g: hi, in what vcs is the keystone package maintained?
[14:56] <holstein> Kniggedigge: if it were me, i would start simple... ping the machines, check firewall settings... can the mac "connect" to anything? i usually just use ssh
[14:57] <Adri2000> adam_g: debian/control points to an essex branch and ~ubuntu-server-dev has no other up to date branch for this
[14:57] <Kniggedigge> yes i have a whole lan setup here with another smb share that works and im configuring the ubuntu machine via ssh… so that works, firewall does not block anything
[14:58] <zul> Daviiy: ping im just going to put instructions on how to configure the ceilometer stuff in a README.Debian
[15:00] <Adri2000> zul: hi. I think I should have asked my last question to you. any idea? :)
[15:00] <zul> Adri2000:  what question? i wasnt paying attention
[15:01] <Adri2000> in what vcs is the keystone package maintained? debian/control points to an essex branch and ~ubuntu-server-dev has no other up to date branch for this
[15:02] <zul> Adri2000: all the work is going into lp:~openstack-ubuntu-testing/keystone/quantal-folsom-proposed
[15:03] <Adri2000> ok thanks
[15:13] <ahs3> hallyn: whups.  completely spaced uploading that package.  i'll get to it this evening.
[15:13] <hallyn> ahs3: thanks!
[15:13] <ahs3> hallyn: sorry 'bout that.  my bad.
[15:15] <hallyn> zul: back to libvirt and augeas - libvirt build-depends on netcf, so it should end up linked against libaugeas0.  i guess that does NOT end up pulling in the things libaugeas0 package depends on?  that'd be too much?
[15:15] <hallyn> or is that a bug int eh builder?
[15:15] <zul> it doesnt
[15:16] <chmac> How do I unfreeze an SSD on a server? Can't hotplug it as I don't have physical access... :-(
[15:16] <zul> hallyn: lets see what debian does
[15:16] <xsl> guys, quick tip plz. i want to have 3 LXC containers lxc.mysql(mysql-server) lxc.php(php-fpm phpmyadmin) lxc.www (nginx) but i dont want for instance to install mysql-server on lxc.php wen i do apt-get install phpmyadmin ... any tips ?
[15:17] <zul> hallyn: i think we can get away with adding augeas-lens but im not 100% sure
[15:19] <xsl> APT::Install-Recommends "0";
[15:19] <xsl> APT::Install-Suggests "0";
[15:19] <xsl> found it
[15:19] <xsl> i dont install the recommends
[15:20] <xsl> just the the stuff i rly think it needs and the Depends
[15:20] <hallyn> zul: wanna file a bug real quick or should i?
[15:21] <zul> hallyn: please
[15:21] <hallyn> k
[15:23] <hallyn> zul: no, wait.  here you go.  libvirt-bin depends on libnetcf1, which depends on libaugeas0, which depends on libaugeas-lenses.  no?
[15:24]  * hallyn fires up a new instance to test.  this makes no sense
[15:25] <zul> hallyn: right but i have none of that installed
[15:25] <hallyn> zul: why?
[15:26] <zul> hallyn: i had to manually install augeas-lenses and libaugeas0
[15:26] <hallyn> yes, but why didn't they get installed automatically
[15:30] <hallyn> zul: http://paste.ubuntu.com/1258197/  are you sure you didn't mess around with your system?  do an 'apt-get autoremove' or something?  (i *hate* autoremove, it's so broken)
[15:30] <zul> hallyn: pretty sure lemme get back to you
[15:34] <DarkStar1> Hello. I have postfix/dovecot(mysql backend) installed on a webserver and use roundcube for the webmail front end. Only problem is I'd now like for each user to be able to change their own passwords. Is there an alternative to roundcube that has this functionality built in?
[15:44] <SpamapS> smoser: does it exit 0 ? (the maas job)
[15:44] <SpamapS> smoser: respawn only happens on non normal exits
[15:44] <smoser> SpamapS, sorry. i figured it out.
[15:44] <smoser> you have to say
[15:44] <smoser> respawn
[15:44] <smoser> *and
[15:44] <smoser> err..
[15:44] <SpamapS> OH
[15:44] <SpamapS> respawn is missing yes
[15:44] <SpamapS> didn't see that
[15:45] <SpamapS> respawn limit != respawn ;)
[15:45] <smoser> i read the man page and assumed that the defaults for the respawn meant that respawn by default
[15:45] <smoser> but you have to state that.
[15:45] <SpamapS> yeah thats not the most clear distinction
[15:45] <smoser> (and it does respawn on non-zero exit)
[15:47] <smoser> thanks for the reply, though, SpamapS
[16:07] <DarkStar1> No ideas?
[16:09] <RoyK> DarkStar1: users and passwords stored in the mysql db?
[16:09] <DarkStar1> RoyK: Yeah
[16:10] <RoyK> then I guess it should be fairly simple to write that in php
[16:10] <RoyK> usually the password is stored as a hash, so using that for authentication is trivial, and changing it even easier
[16:10] <RoyK> just make sure access is over https
[16:11] <DarkStar1> I haven't done any php coding before and I doubt it is as trivial as you make it sound :D
[16:11] <RoyK> have you any pratice in any other programming languages?
[16:12] <DarkStar1> RoyK: Yeah C, C++ Java
[16:12] <RoyK> then php should be trivial indeed
[16:13] <RoyK> or perhaps writing the same thing in another language
[16:14] <RoyK> DarkStar1: can you create a bogus user, set a password, and pastebin the user entry from the database? it should show up now the password is stored
[16:15] <DarkStar1> RoyK: wish I can but I can't afford the time to code this. I'm working on two other projects as I speak. I was just told to look for a solution
[16:15] <SpamapS> DarkStar1: are you sure Roundcube doesn't have some kind of plugin to support it?
[16:16] <RoyK> it really won't take long, it's very simple indeed
[16:16] <SpamapS> Yeah but I'd bet money its already done
[16:17] <RoyK> true
[16:17] <DarkStar1> SpamapS: I am currently searching but I was given to understand that my boss hadn't found any.
[16:17] <RoyK> but perhaps I misunderstood - he was looking for an alternative to roundcube...
[16:17] <DarkStar1> which is why it gets passed down to me :)
[16:18] <DarkStar1> RoyK: I just wanted a solution that would allow a user to change their passwords. IF there is a plugin for roundcube, all the better
[16:18] <RoyK> DarkStar1: it's just a simple html form to authenticate the users, and then another to set a new password, and then some db connections and SQL to be passwd
[16:18] <RoyK> s/passwd/passed/
[16:19] <DarkStar1> I really can't afford a few hours to code this thing debug stuff, make sure it's secure etc.
[16:19] <RoyK> DarkStar1: find that user entry, and I may give it a try - I don't have much to do this very hour (home from work and a bit tired, but can't sleep yet)
[16:20] <SpamapS> DarkStar1: http://code.google.com/p/dovecotpfd/ this wouldn't work?
[16:20] <SpamapS> oh.. hrm.. only supports doevcot files, not db
[16:20] <SpamapS> doh
[16:20] <sarnold> DarkStar1: if you do wind up coding it yourself, here's a good set of guidelines: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
[16:21] <RoyK> doesn't list dovecot, though
[16:22] <sarnold> DarkStar1: http://www.openwall.com/phpass/ (I *love* the openwall.com work. Strong endorsement of anything they touch. :)
[16:23] <RoyK> sarnold: the hash() function is usually sufficient
[16:23] <RoyK> http://no2.php.net/manual/en/function.hash.php
[16:24] <sarnold> RoyK: I strongly disagree.
[16:24] <sarnold> RoyK: (a) too many people screw up the salting. Really. Check stackoverflow.com some time to see hudnreds of poorly written PHP password storage contraptions.
[16:24] <sarnold> RoyK: (b) the iterations are nearly as important -- they drastically slow down targetted brute force attempts.
[16:25] <sarnold> RoyK: Openwall's phpass handles these details correctly, once, in one place.
[16:25] <RoyK> ok
[16:25] <RoyK> anyway
[16:26] <RoyK> I guess that may be incompatible with dovecot?
[16:26] <DarkStar1> Man I can't use anything that would require me getting my hands dirty with Php code atm. a) I haven't coded php before whilst I'm not against learning it, I don't think coding a password utility too is the best way to start. and b) I just simply can't spare the time
[16:26] <sarnold> RoyK: perhaps; I thought we were talking about PHP? :)
[16:26] <DarkStar1> I'm solidly jammed for the next few months
[16:26] <RoyK> DarkStar1: erm - I didn't ask you to code php - I said just give me a dump of a bogus user :)
[16:27] <RoyK> DarkStar1: perhaps I can do some coding for free - I don't have much else to do atm
[16:27] <bjf> jamespage, do you every see http://pastebin.ubuntu.com/1258161/ with your jenkins jobs ?
[17:36] <bananapie> Hey, a while back I found a command that I execute instead of 'make install', it builds a .deb file instead of installing the package. I can't find the command, anyone know what I am talking about ?
[17:36] <bananapie> checkinstall is the command, thanks
[17:36] <bananapie> 'checkinstall -D make install'
[17:37] <sarnold> :)
[18:02] <zul> Daviey: ceilometer uploaded
[18:07] <Daviey> thanks
[18:09] <scsinutz> is there an AMI creator tool sort of like boxgrinder for Ubuntu?
[18:20] <SpamapS> scsinutz: sort of
[18:20] <SpamapS> scsinutz: what you really want is just to pass in cloud-config as userdata and use the stock AMI's
[18:22] <SpamapS> scsinutz: https://help.ubuntu.com/community/CloudInit
[18:25] <SpamapS> scsinutz: also you might be interested in juju, which goes further and helps model the relationships between services
[18:25] <SpamapS> scsinutz: http://juju.ubuntu.com/ for that
[18:51] <pmatulis> anybody here manage to get sssd working with sudo rules in ldap?
[19:00] <TheLordOfTime> so, on the mailing list, noticed a discussion on "Webmin", zentyal, and others.  Has the public-facing security implications of those been addressed yet?
[19:03] <SpamapS> TheLordOfTime: what implication would that be? That zentyal/webmin are less likely to be secure than ssh?
[19:03] <TheLordOfTime> SpamapS, that it opens up more brute-forcing attempts.  that, and it can break how configurations work with certain webserver packages which are likely to run
[19:04] <TheLordOfTime> SpamapS, i find it a tad too insecure... in SSH, you can key-restrict connections
[19:04] <TheLordOfTime> in webmin, its password-restricted only
[19:05] <TheLordOfTime> that protection gap, in my opinion, makes it a risky package (note i've not worked with zentyal, talking strictly webmin atm)
[19:05] <TheLordOfTime> while i don't care if people load it up manually by source, it default listens on *:10000 which makes it even less secure because it can be publicly accessed
[19:06] <SpamapS> TheLordOfTime: I don't think it opens up any more brute forcing than ssh (you can use cert based auth just as easily with HTTPS as with SSH)
[19:06] <SpamapS> TheLordOfTime: but frankly, what sane person would *ever* put their management interface on the internet?
[19:06] <TheLordOfTime> SpamapS, define "sane" to be the server team, and i'll agree
[19:06] <SpamapS> Which server team?
[19:07] <TheLordOfTime> SpamapS, any sane team of server administrators
[19:07] <TheLordOfTime> SpamapS, my concern is with the less sane / less experienced crowd of server admins
[19:07] <TheLordOfTime> namely the newbies
[19:07] <SpamapS> Are going to install a server.. on the internet.. without a firewall?
[19:07] <SpamapS> I don't think even newbies make that mistake.
[19:07]  * TheLordOfTime coughts
[19:07] <TheLordOfTime> coughs*'
[19:08] <TheLordOfTime> you'd be surprised what i see cross my desk :p
[19:08] <SpamapS> Because even if they do.. its a mistake that corrects itself rather quickly with a remote compromise.
[19:08] <TheLordOfTime> but i'll not argue :P
[19:08] <sarnold> you never know when hyou might want to admin your erver from a local starbucks...
[19:08] <SpamapS> sarnold: right, and there are ways of doing that without just leaving it wide open to the whole net.
[19:08] <SpamapS> tho I acknowledge that a newbie may make that mistake..
[19:09] <SpamapS> still, this is no different than opening ssh
[19:09] <zul> adam_g: thats *not* good (re: 1061166)
[19:10] <TheLordOfTime> i think we just need to look into practical use cases for it, and whether its "default" of listening on *:10000 with nothing but a password is sane.
[19:10] <TheLordOfTime> (IMO that default is evil)
[19:10] <SpamapS> TheLordOfTime: why is that evil?
[19:10] <TheLordOfTime> although openssh-server also suffers from a similar issue.
[19:10] <SpamapS> Ok, so basically you want training wheels on your servers.
[19:10] <TheLordOfTime> SpamapS, i lock down my servers, i'm far beyond using webmin :p
[19:11] <SpamapS> Thats a very backwards way of thinking.
[19:11] <SpamapS> A web based interface is going to be a lot easier to tweak via a smartphone than ssh'ing and vim'ing files
[19:11] <SpamapS> There are lots of use cases for things like zentyal
[19:11] <SpamapS> and port 10000 is.. meh
[19:12] <SpamapS> its not ever going to be installed by default
[19:12] <SpamapS> so user's who install it are expected to think about what they're installing
[19:12] <SpamapS> (which is why we fought so hard to not have openssh enabled on the CD's)
[19:13] <SpamapS> TheLordOfTime: I think its a molehill.. not a mountain.
[19:13] <TheLordOfTime> perhaps i'm just over-analyzing, maybe just over-analyzing the general population of ubuntu/ubuntu-server users *shrugs*
[19:13] <SpamapS> You want to protect people from themselves. Don't.
[19:13] <SpamapS> Make good sane defaults, and help them discover their options. But please don't treat people like children.
[19:15] <TheLordOfTime> indeed, i shall do so.
[19:15] <TheLordOfTime> oh, while you're here... can you test/confirm a php5-fpm bug for me?  its so low a bug it wouldnt even get low IMO, but i'd like it tested/confirmed/reviewed by someone other than me :P
[19:16] <TheLordOfTime> https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1059272  <-- that's the bug
[19:16] <TheLordOfTime> more of an aesthetics thing than anything else.
[19:16] <TheLordOfTime> s/aesthetics/reporting/
[19:17] <TheLordOfTime> afaict, that's on precise, i havent loaded up a quantal VM that hasnt imploded.
[19:47] <zul> adam_g: is that ec2 bug on the openstack-ci?
[19:49] <adam_g> zul: what do you mean?
[19:50] <zul> adam_g: https://bugs.launchpad.net/bugs/1061166
[19:50] <adam_g> zul: what do you mean is it on the openstack-ci? was it triggered there? no
[19:51] <zul> ok
[19:51] <zul> just checking
[19:54] <zul> adam_g: mind if i use the openstack-ci lab to test it out?
[19:59] <adam_g> zul: sure, if you trigger the precise_essex_deploy_proposed you'll get an essex install you can upgrade
[19:59] <zul> cool thanks
[20:42] <howdypartner> Howdy all. I set up a small lan and I have a client that can ping the server through the switch but I can't seem to get it to access the internet. Do I have to do some port forwarding on the server or ?
[20:42] <unless> hey hi!
[20:44] <holstein> howdypartner: you'll need to congigure your router to allow it to be "seen"
[20:44] <holstein> howdypartner: you can forward a port around the router's firewall, or put the machine in the "dmz" and run a firewall out there
[20:44] <howdypartner> holstein: My server is acting as the router. I set it up as a dhcp server
[20:45] <howdypartner> holstein: modem -> dhcp server -> switch -> client is how i have it set up
[20:45] <holstein> howdypartner: i doubt the server is the only thing between you and the internet.. i would confirm the ip address, and check what ports your isp might be blocking
[20:46] <holstein> what did i do? i forwarded a port in my ddwrt's router config.. and i use a dyndns address
[20:47] <howdypartner> holstein: Well, I can ping from the server but the client can only ping the server. So I assumed it might be an iptables issue?
[20:47] <howdypartner> ping google*
[20:47] <unless> I am accessing my remote server and I need to run from inside it a ssh localhost. I did generate a public key and renamed it to authorized_keys but it still asking me for password from a remote connection point of view.
[21:31] <baarthor> @unless access rights for authorized_keys are ok?
[21:31] <baarthor> think 600 should be ok
[21:50] <axisys> how to provide default answers to apt-get install libpam-ldap ?
[22:41] <cincinnatus> I noticed that Webmin is showing signs of aging... but did anything replace it?
[22:42] <SpamapS> cincinnatus: Zentyal is the closest thing
[22:44] <cincinnatus> SpamapS: It doesn't even come close though :( It creates a basic virtual server, and that's it. It has very little knowledge of Apache
[22:45] <cincinnatus> Is there an advanced Apache module out there?
[22:45] <cincinnatus> (to configure redirects, etc)
[22:45] <cincinnatus> for Zentyal, that is
[22:51] <SpamapS> cincinnatus: dunno.
[22:55] <cincinnatus> At work, I usually administer Linux boxes with CLI... However, it feels like so last century... It's hard to believe things have gone backwards since the last time I used Webmin
[22:55] <cincinnatus> So I'm probably missing something
[23:01] <SpamapS> cincinnatus: well, the whole "admin a single box" paradigm is kind of going away :)
[23:08] <Eitan> hey gents, quick question on ulimits, i am having the darnest time getting the ulimit changed permanent. I can change stach size by doing ulimit -s XXX size. but when i change /etc/security/limits.conf  * hard stack 10240 it wont affect ulimit even after restart. I also went ahead and made the cahnge to /etc/pam.d/common-sessions
[23:08] <Eitan> dont know what i could be missing
[23:11] <SpamapS> Eitan: /etc/security/limits only affects logged in users with a pam session
[23:11] <SpamapS> Eitan: so if you're trying to affect the limits for services, thats the wrong way
[23:16] <Eitan> ok
[23:16] <Eitan> i see
[23:17] <Eitan> i was trying to affect the limit for user: postgres
[23:17] <Eitan> or a number of other users
[23:17] <Eitan> so that would not be the way to do it?
[23:20] <sarnold> Eitan: depends upon how the user postgres is running the processes in question; if they are started via init (upstart), put the ulimit commands in the initscript / config file. If they are started via a user logging in via ssh or getty, make sure pam_limits is configured for whichever service they use to log in.
[23:21] <Eitan> well postgresql runs upstart
[23:21] <Eitan> oh i see
[23:22] <Eitan> thats makes sense to add the ulimit commnads to the initscript
[23:23] <RoyK> why do you want to ulimit postgres?
[23:24] <Eitan> the guy developing the application wants those tweaks made to postgres
[23:24] <Eitan> i dont thinks nessesary
[23:24] <Eitan> but thats what he wnats
[23:24] <RoyK> it will probably make postgres crash
[23:25] <Eitan> well, he will have problems with his application then, lol
[23:25] <Eitan> ill let him know
[23:25] <RoyK> postgres tries to allocate memory and gets an error and crashes
[23:25] <RoyK> ENOMEM - boom
[23:26] <sarnold> 10megs of stack may be plenty
[23:26] <RoyK> better fix the application
[23:26] <sarnold> I don't know postgres specifically, but stack use tends to be higher on "unbounded" applications, especially ones that may make recursive calls. databases aim for more predictability.
[23:27] <sarnold> I bet there's a reasonable number you can pick -- maybe 10 megs, maybe 100 megs -- that a non-broken postgres will always stay within.
[23:27] <RoyK> pgsql calls can be recursive
[23:27] <RoyK> and all languages can be written uglily ;)
[23:28] <sarnold> RoyK: not SQL queries -- the C implementation
[23:28] <RoyK> sarnold: is that what Eitan is doing?
[23:29] <sarnold> RoyK: yeah
[23:29] <RoyK> sarnold: there may be plenty of pgsql fun in an sql statement...
[23:30] <sarnold> RoyK: indeed :) I just have a feeling that the pgsql team's execution engine wouldn't go through unlimited stack to execute it :)
[23:31] <Eitan> ill let him know guys
[23:31] <Eitan> thanks
[23:31] <RoyK> sarnold: I have a feeling there might not be much stack checking in pgsql...
[23:33] <sarnold> RoyK: it wouldn't be explicit in their code; it'd be in how they write their function calls.
[23:33] <sarnold> it'd be answerable probably wit ha static code analyzer :)
[23:38]  * RoyK is a wee bit worried about sdb http://munin.karlsbakk.net/munin/karlsbakk.net/smilla.karlsbakk.net/index.html#disk
[23:56] <Daviey> SpamapS: hey, can you work out if you or Norvald should be drafter for https://blueprints.launchpad.net/ubuntu/+spec/servercloud-r-mysql please