[00:00] <storrgie> I see nobody and nogroup, I want to see if I can get the permissions matched between machines
[00:02] <sarnold> storrgie: check the id numbers..
[06:42] <axisys> what is the recommended route to automate install and configure a server? preseed and puppet ? writing a preseed with raid1 + lvm is not fun
[06:43] <axisys> writing a preseed to setup raid1 + lvm is no fun*
[08:05] <oracle> I installed ubuntu 12.10 server on an SSD last night.  It's a Corsair Force GT that's 4k aligned, but when install finished, fdisk reports it as 512/512 for both logical and physical.  anyone one which partitioner tool is used in the installer?
[08:05] <oracle> anyone know i mean
[08:09] <oracle> Does the partitioner create the first partition on a 4k aligned sector anyway even if the drive is lying about it's sector size?
[08:10] <oracle> I dont have ssh to my server at the moment so can't check this
[09:31] <Rar9> hello I´ve just installed an ISO  Ubuntu 12.04  with plesk for the webadmin .  now i want to transfere some files via sftp but the install sftp user doesn´t have the right permissions.  what do I need to change?
[09:32] <Jeeves_> Probably the permissions on the directory you're trying to write to
[09:37] <Rar9> Jeeves_ as said it´s a clean first time install  my user "webuser" also always need to sudo su is ther a way to change this as well?
[09:42] <Jeeves_> Rar9: No. webuser != root, so you always need to su for root-actions
[09:43] <Rar9> Jeeves_ and there is no way to make it permament?
[09:45] <jpds> Rar9: sudo -i is the correct command to get a root login.
[09:45] <Jeeves_> Rar9: Login as root :)
[09:46] <Rar9> Jeeves_ so what do i need to do for  the "webuser" so he has full sftp rights (Winscp) for the file transfere?
[09:47] <Jeeves_> Rar9: You need to look into the permissionstructure of Linux
[09:47] <Jeeves_> And understand how that works and how you should use it
[09:48] <Rar9> Jeeves_ any hint.... or do I need to setup a root login user?
[09:48] <Jeeves_> Rar9: I gave you a hint, but you choose not to like it.
[09:49] <Rar9> Yes linux is still too new for a win user :-(
[09:49] <Jeeves_> You should check the permissions of the directory you're trying to write to
[09:49] <Jeeves_> Who owns it, who can read it, who can write to it.
[09:50] <Rar9> Jeeves_ yes but should the fest install "webuser" (superuser) have full access to all files?
[09:50] <Rar9> first installed user
[09:50] <Jeeves_> No
[09:51] <Jeeves_> Only root has access to all iles
[09:51] <Jeeves_> +f
[09:51] <Rar9> i the user I created has only sudo rights
[09:52] <Jeeves_> Indeed
[09:53] <Jeeves_> Any user in group admin or sudo (they changed that somewhere on the way) can sudo
[09:53] <Rar9> I can see the  "root" user via lastlog
[09:54] <Rar9> do i need to deine a PW for root then?
[09:54] <Rar9> define
[09:58] <Rar9> sudo passwd root did the job :-)
[09:58] <Rar9> steep learing curve
[10:10] <oracle> I installed ubuntu 12.10 server on an SSD last night.  It's a Corsair Force GT that's 4k aligned, but when install finished, fdisk reports it as 512/512 for both logical and physical.  anyone know which partitioner tool is used in the installer? Does the partitioner create the first partition on a 4k aligned sector anyway even if the drive is lying about it's sector size?
[10:17] <hexy> Hey people, question. I want to backup all my server settings and content and be able to restore it with ease after new installation, how would I go about that? Maybe even to make a full image of the drive? O
[10:21] <finite9> anyone know if 12.10 installer can handle 4k aligned disks?
[10:23] <RoyK> it can
[10:24] <RoyK> it doesn't care
[10:24] <ikonia> most installers shoudn't see a problem
[10:24] <finite9> RoyK: fdisk still shows 512 bytes as physical and logical
[10:24] <finite9> does it matter as long as the partitions are on 4k multiples?
[10:24] <RoyK> finite9: it usually does, since that's what the disk reports
[10:25] <RoyK> finite9: no, as long as partitions are aligned, it doesn't matter.
[10:25] <finite9> RoyK: I've got other raid (non-ssd) disks that report 4096 bytes correctly in fdisk
[10:26] <RoyK> finite9: what is the drive model?
[10:26] <finite9> thanks. will have to verify what sectors my partitions are on when I get home
[10:26] <finite9> RoyK: it's a Corsair Force GT 120GB SSD
[10:27] <finite9> RoyK: tha others are Seagate raid compatible non-ssd's
[10:28] <RoyK> all drives are "raid compatible" ;)
[10:28] <RoyK> well, perhaps not WD non-raid drives, since they enter a panic mode of "deep recovery" if they hit a bad sector, but most other drives can be reconfigured not to do such nonsense
[10:29] <finite9> hmm...sure?  doesn't it "depend"?  I got 2 WD "RE3" disks.  They've got different firmware than the other greeen/black editions so they don't freak out when mirrored... which has happened to me with other disks that weren't specced as raid specific
[10:30] <RoyK> WD has a TLER (time-limited error recovery) mode for their "enterprise" drives, to avoid that nonsense
[10:31] <RoyK> but then, most drives work well in RAID configurations
[10:31] <finite9> i have 2 WD RE3's mirrored and got a pair of Seagate disks in a raid-0 array, and im pretty sure the datasheet mentioned something about them being specced for raid use as well?
[10:31] <RoyK> it's only this TLER thing
[10:32] <finite9> maybe my previous bad experience was due to using 2 MyBooks (usb2) as a raid-1 :)  it failed daily and had to rebuild the array which took hours.
[10:32] <RoyK> some (at least WDs) desktop drives are locked to a mode doing "deep recovery", trying to read a single sector for up to 1 minute, if a sector fails
[10:32] <RoyK> IMHO that's nonsense
[10:34] <finite9> does the spinning down of the discs not affect raid arrays?  I thought that was one of the advantages of getting "raid specific" versions of disks, so that the disk could handle the spin down (or just doesn't spin down when in raid array), or am i mistaken?
[10:38] <RoyK> that's tunable
[10:39] <RoyK> see hdparm(8)
[10:40] <finite9> tunable to spin down or not?  with smart?  yes, but if you _want_ the disks to spin down, but _not_ get degraded in the array?
[10:40] <RoyK> I don't think there should be a difference there. not smart/smartctl, hdparm
[10:41] <RoyK> smartctl is for querying the disk for health info and more, not controlling it
[10:41] <finite9> ok.  didnt realise that
[10:41] <finite9> thought you could control it as well
[10:42] <RoyK> don't think there's much control available from smartctl apart from starting tests etc
[10:42]  * RoyK RTFM
[10:43] <finite9> yeah I think it's time to re-read it :)  been a few years since last time.
[10:46] <RoyK> nope - you'll have to use hdparm
[10:49] <soren> finite9: You can configure a drive in a raid array to be "write-mostly". This way, it'll only be used when you're writing things, not when reading. This allows it to spin down (assuming nothing is being written) while still being an active part of the array.
[10:50] <soren> Of course this only works for RAID 1.
[10:57] <RoyK> finite9: also, keep in mind that spinning drive a disk may cause its temperature to vary more than leaving it spinning 24x7, and drives are most happy in stable environments
[14:33] <thejoecarroll> hi. i need help with setting up syslog for a chroot jail. i've used jailkit and followed the instructions here: http://olivier.sessink.nl/jailkit/howtos_sftp_scp_only.html but the -a option for syslogd that is suggests using to add an extra socket seems to have been removed between hardy and lucid/precise: http://manpages.ubuntu.com/manpages/hardy/man8/rsyslogd.8.html vs http://manpages.ubuntu.com/manpages/precise/man8/rsyslogd.8.html
[14:34] <thejoecarroll> i'm also having trouble getting sftp to work with the chrooted user although scp works as intended
[14:39] <thejoecarroll> so, q1: how can i get rsyslogd to listen to what's logged by jailed processes to /var/chroot/dev/log (created by jk_socketd; see http://olivier.sessink.nl/jailkit/jk_socketd.8.html), as well as the normal systemwide logging?
[14:47] <thejoecarroll> ok, i figured out the answer to q1: $AddUnixListenSocket /var/chroot/dev/log
[14:48] <thejoecarroll> in /etc/rsyslog.conf anywher after $ModLoad imuxsock
[15:04] <jcastro_> hey Daviey
[15:04] <jcastro_> http://blog.awe.sm/2012/12/18/aws-the-good-the-bad-and-the-ugly/
[15:05] <jcastro_> mentions how we suck at EBS failures, we should check it out.
[15:05] <jcastro_> smoser: utlemming ^^^
[15:23] <roaksoax> zul: can you think of an upstart job that source /etc/default/packagename?
[15:25] <jpds> roaksoax: gmetad sources a .conf file in /etc/.
[15:27] <roaksoax> jpds: cool thanks., the only thing is that it is not an upstart job :)
[15:27] <jpds> roaksoax: It is.
[15:28] <jpds> roaksoax: I upstartified it in raring.
[15:29] <roaksoax> jpds: ah!! i was looking at quantal :)
[15:29] <roaksoax> jpds: thanks for the tip
[16:05] <ed8> hi, which version of Ubuntu server should I install on a new server ?
[16:06] <RoyK> ed8: I'd use the latest LTS, 12.04
[16:06] <ed8> should I go for a LTS or the support scheme doesn't apply to server release
[16:06] <RoyK> LTS is for all releases
[16:07] <ed8> RoyK: is there a 12.10 for server ? (just to know)
[16:07] <RoyK> there is
[16:12] <ed8> what are the pros/cons of choosing a Ubuntu Server instead of a Debian ?
[16:12] <RoyK> I guess just choose whatever you like
[16:16] <roaksoax> q/win 14
[16:16] <roaksoax> err
[16:17] <paco1> hello masters!
[16:20] <paco1> i have a problem with my bind server: i have a master and a slave bind server. i put on my config file on master server "allow-transfer {;};" and "notify yes;" (for normal & reverse zones) but the zones don't transfer quickly, the process takes many times to do the transfer....or only one is transfered
[16:23] <flagg0204> has anyone used apparmor to build an RBAC system for their ubuntu server
[16:24] <flagg0204> having a hard time finding articles on the subject
[16:27]  * RoyK hasn't tried
[16:27] <RoyK> flagg0204: what do you need it for?
[16:31] <hallyn> all:  i plan on uploading new qemu packages from ppa:serge-hallyn/crossc on jan 2.  If you want to test, especially with arm or ppc host/target, I highly recommend following through on those urges :)
[16:32] <ed8> I need some advice about the support for a Ubuntu server. How is the 'standard' support helpful in Windows Network ?
[16:41] <Pici> ed8: I'm afraid I don't understand your question.
[16:41] <TheLordOfTime> nor I...
[16:41] <TheLordOfTime> ed8, can you elaborate on what you're trying to ask?
[16:45] <smoser> utlemming, around ?
[16:45] <utlemming> yup
[16:46] <ed8> I don't understand the 'Windows integration' option of th 'Standard' support describe here : http://www.ubuntu.com/business/server/services
[16:46] <ed8> how is it helpful  ?
[16:46] <utlemming> smoser: here
[16:47] <Pici> ed8: I'm afraid we can't really answer questions about Canonical's support packages. You would be better off using the Contact Canonical link on that page.
[16:47] <smoser> so for the image description data... i am thinking that in the data (example: http://paste.ubuntu.com/1450295/)
[16:48] <Pici> Most of the people here do not work for Canonical, we're just volunteer users providing support.
[16:48] <smoser> there needs to be some globally unique name that references *this* set of items.
[16:48] <smoser> iqn (http://en.wikipedia.org/wiki/ISCSI) seems not un-reasonable to me
[16:49] <ed8> well as it's the #ubuntu-server channel I was expecting some people to know about this
[16:49] <ed8> Pici: or is it the same channel as #ubuntu ?
[16:49] <smoser> http://paste.ubuntu.com/1450303/ (with iqn in it)/
[16:49] <smoser> i'm kind of looking ofr other ideas on what "unique identifier" we could use.
[16:50] <Pici> ed8: Both #ubuntu and #ubuntu-server provide community support.  We do not work for or represent Canonical.
[16:50] <TheLordOfTime> ed8, what you're asking for is about Canonical's paid support.  we don't work for Canonical, we're just community support, as Pici said.
[16:50] <TheLordOfTime> your best bet is to use the Contact Canonical link
[16:50] <TheLordOfTime> and ask them.
[16:50] <smoser> i also considered something just like "authoritative-url: http://cloud-images.ubuntu.com/data/images/releases/precise/server/i386
[16:50] <jcastro_> yeah use the link, I work for Canonical and I don't know the answer to your question either. :p
[16:50] <TheLordOfTime> jcastro_, heh
[16:51] <utlemming> smoser: so you want something that says "this data is unique and came from X"?
[16:51] <ed8> TheLordOfTime: don't you use paid support ?
[16:51] <TheLordOfTime> ed8, nope.
[16:51] <TheLordOfTime> no need, not for my servers anyways.
[16:51] <ed8> ok
[16:51] <smoser> well 2 things
[16:51] <TheLordOfTime> a couple of organizations i've worked with went for paid support, but...\
[16:51] <ed8> Do you have any suggestion on the partitions to create for a ubuntu server ?
[16:52] <smoser> a.) i need some unique identifier that names "this set of items". that way, to know if I've "seen" an item_group before I just have to have its 'serial' and 'unique-identifier'
[16:53] <flagg0204> RoyK: I'd like a user to be able to login an use certain commands without having to provide sudo access.
[16:53] <smoser> b.) if I have a local mirror from http://mirror-1.com and I switch my sync client to http://mirror-2.com , Ideally the tool then doesn't have to completely mirror everything again.
[16:54] <smoser> ie, it would "know" somehow that the new upstream mirrors were identical
[16:54] <RoyK> flagg0204: can't you just use sudo and allow those certain commands there?
[16:54] <flagg0204> RoyK: I could, but that would involve creating sudo entries for every user as our LDAP has no concept of groups. That doesnt scale
[16:55] <utlemming> smoser: thinking....
[16:55] <RoyK> flagg0204: then why don't you use groups? I'm confused...
[16:56] <smoser> "authoritative-url" gives the additional benefit of providing a "where is the upstream mirror of all this stuff"
[16:56] <smoser> but then has the negative affect of implying that there *is* one (and that you'd know it when you produced the data).
[16:57] <RoyK> flagg0204: I didn't think there was an LDAP server on the planet not supporting groups
[16:59] <flagg0204> RoyK: ldap does support groups. the way ours is implemented does not use groups. and I dont admin the ldap server. so i cant change it.
[16:59] <RoyK> flagg0204: you can probably create local groups with ldap users - should work
[17:00] <utlemming> smoser: I think that the IQN idea has a lot of merrit. but I am wondering about doing it java like
[17:01] <utlemming> smoser: i.e. com.ubuntu.cloud-images.precise.<SET>
[17:01] <smoser> re-using iqn gives a clearly defined naming convention.
[17:01] <utlemming> smoser: right, and you do have the benefit of a RFC
[17:01] <smoser> unless there is another, such well defined definition, i'd just use it.
[17:02] <smoser> i do think that "authoritative-url"  makes sense too though. as a "can contain".
[17:03] <utlemming> smoser: yeah, this all makes sense to me
[17:07] <RoyK> flagg0204: anyway - the useful change would be to have the admin add an ldap group or two. what sort of commands do you need to allow for your users?
[17:09] <jamespage> roaksoax, quantum-netns-cleanup could be adapted to do what we want
[17:09] <jamespage> ATM it will cleanup dhcp and l3 router ports and namespaces
[17:09] <jamespage> that needs to be a cli option
[17:12] <roaksoax> jamespage: right, so the RA can simply call that and do its thing then
[17:19] <jdstrand> flagg0204: I'll refer you to http://wiki.apparmor.net/index.php/Documentation
[17:19] <jdstrand> flagg0204: in particular 'Integrating AppArmor with PAM for login-based policies' (which should be current) and 'Using AppArmor for Role Based Access Control (RBAC)' (which may be out of date)
[17:45] <RoyK> jdstrand: erm - does this mean apparmor can replace sudo for certain tasks?
[17:46] <sarnold> RoyK: apparmor doesn't raise privileges; however, if you've got a setuid program, apparmor can restrict what that program can do (vaguely similar to sudo's commands+arguments...)
[17:46] <RoyK> ok
[17:46] <sarnold> RoyK: I think they're complementary tools, but you could certainly describe a sudo use that apparmor could do..
[17:47] <RoyK> thanks - gotta look more into apparmor - so far, it's only been background noise
[17:49] <sarnold> woo :)
[20:07] <echosystm> hi guys
[20:07] <echosystm> im trying to reverse tunnel into a ubuntu server and i cant get it to work
[20:08] <echosystm> a connection is created but whenever i try to telnet over it, i get a refused connection
[20:08] <echosystm> unlike when the connection isnt there, telnet doesnt run at all
[20:10] <RoyK> echosystm: ssh tunnel?
[20:12] <echosystm> yes
[20:34] <brendan_> hey all... so some of our servers are getting bonded and i am also slowly incorporating puppet into the infrastructure.. and the boss is installing the pt-cache search ifenslave-2.6 package, my question is.. if i include that package as part of the core_packages all of our servers receive and do not get setup for a bonded connection, would/will that package create havoc?
[20:34] <brendan_> if installed, but not used?
[21:30] <echosystm> exit
[21:30] <echosystm> ugh
[21:30] <echosystm> the worst