[00:45] looking for some help with a networking error using cli - basic prob is usb wifi adaptor will only connect to network is i reset my router === slank is now known as slank_away === cpg is now known as cpg|away [02:20] This is my last game, need to get going after [02:20] Misdirect :( === cpg|away is now known as cpg === cpg is now known as cpg|away [03:10] Hello everyone. Trying to make a high-availability KVM setup, but the only thing that is giving me trouble is figuring out how to use iptables [03:11] the setup is pretty simple, two machines that replicate the disk images for the VMs via drbd, and the VMs running on both machines for quick failover [03:11] issue is, there would be an ip conflict for each VM... any suggestions? [03:13] my idea is to use arptables and iptables to block off all of one of the machine's VMs while still letting DRBD and administrative access through [03:15] Free99: wild guess here, but could you solve your problem by giving each vm two interfaces? give both vms a private IP and one vm a public IP, and use linux-ha or similar tools to failover to the other VM and takeover the public IP on its other interface? [03:16] (you may be able to do it entirely with one interface, but two may be easier to use existing tools..?) [03:18] sarnold: well... I don't really know anything about linux-HA.. I have DRBD setup already, bridged networking, etc.. I'd just like to block everything that isn't going to the host VM, then use a sysctl to disable iptables and arptables if the other host goes down [03:19] I guess I'll go check on Linux-HA, but that implies adding new interfaces to every single one of my VMs, right? [03:20] heh, would be so simple to use linux-ha (pacemaker) [03:20] doesn't need to [03:20] all depends on how you do your iptables config [03:20] oh wait, I'm using linux ha, specifically heartbeat! lol [03:21] that is really old [03:22] patdk-lap: to be honest, haven't gotten to that point yet, still doing the DRBD setup, stuck on the iptables though [03:22] oh I see, I should have said pacemaker [03:22] my bad === cpg|away is now known as cpg === cpg is now known as cpg|away [05:53] need help understanding what im doing in Aptitude [05:55] i think it just so simple i do not understand === cpg|away is now known as cpg [10:45] hi, Does anyone know a guide on how to set the ToS (type of service) on a client os? [11:17] hello [11:17] i just setup a crypted partition (SR for a Xen-Server). and added it to the /etc/crypttab with the option "timeout=30". sadly the option seems to be ignored (as boot-process keeps going on) and i am not able to enter the passphrase at boot. anyone an idea what's wrong? [11:18] referring to this bugreport: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/468208 [11:18] Launchpad bug 468208 in cryptsetup "cryptsetup passphrase prompt at boot not working if waiting too long (w/o usplash)" [Undecided,Triaged] [11:19] is it possible that it's an upstart relatet problem? [11:20] jabba_: cryptsetup unlocking is done in initramfs while talking to plymouth (these days) [11:21] jabba_: I didn't experience it timing out, but I did experience three attempts only. [11:22] jabba_: is your root file system encrypted or some other partitions? [11:27] no, the encrypted partition in an SR (Storage Repository) for a Xen Hypervisor (XCP-XAPI). It is essential, that this device is decrypted before the XCP-XAPI-Service starts. [11:27] -in +is [11:29] so is it possible at all to halt the boot-process for a defined time (waiting for the passphrase) and in the case of a timeout countinue booting without decrypting the partition? [11:31] why is the timout-option not listed in the crypttab-manpage anymore? [11:37] xnox: any idea? [11:38] jabba_: so when root is not encrypted, indeed upstart jobs unlock the partitions. it should be accepting options. [11:45] xnox: so upstart is responsible for calling the cryptsetup scripts, BUT the main problem is, that the boot process doesn't get interrupted, for the defined time (timeout=30 in crypttab). === mcclurmc_away is now known as mcclurmc [11:48] the same way it does when rootfs is encrypted. [11:49] jabba_: where did you find reference to crypttab "timeout" option? [11:49] http://manpages.ubuntu.com/manpages/hardy/man5/crypttab.5.html [11:50] jabba_: but that's for hardy. Are you running hardy? that option is not present in lucid and later. [11:51] * xnox is not entirely sure how cryptsetup is managed in hardy. [11:52] xnox: the timeout option i missing in precise... is there a new way to handle this? [11:52] *is [11:53] * xnox is looking into the history behind this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495509 [11:53] Debian bug 495509 in cryptsetup "cryptsetup: timeout option does not work anymore" [Important,Fixed] [11:55] "* Completely remove support and documentation of the timeout option, document this in NEWS.Debian." [11:57] can't believe it... that's really sad [11:57] well your problem seems to be that it's way too quick, instead of non-existing. [11:58] xnox: could you explain this please? [12:00] jabba_: we are processing udev triggers and we should have approx. udev settle timeout to enter the passphrase which is ~30s long. yet earlier you said "i am not able to enter the passphrase at boot" meaning that even if there was a prompt, it vanished too quick. [12:02] ok.. i must admit: "i can't follow" :/ [12:03] xnox: my udev settles to fast? [12:03] jabba_: I guess I need to experiment with a setup similar to yours. E.g. regular install and one non-essential luks encrypted mountpoint. [12:03] and that's why the passphrase-promt timeouts to early? [12:04] I am speculating a little bit. But i am not spotting anything that will block boot to capture passphrase-promt. [12:04] for non-rootfs luks volumes. [12:05] bug 518964 [12:05] Launchpad bug 518964 in cryptsetup "cryptsetup can't get input at boot." [Undecided,Confirmed] https://launchpad.net/bugs/518964 [12:07] so i am lost :( [12:10] xnox: did you change the State of the bug-report? [12:11] no, it's been there since 2010, I assigned it to myself to check if it can be fixed or not. [12:11] xnox: you're my hero :) , thanks! === yofel_ is now known as yofel === cpg is now known as cpg|away [13:38] yolanda: ping can you have a look at https://code.launchpad.net/~zulcss/python-cinderclient/fixtures/+merge/141751 [13:39] hi [13:39] ok [13:44] done [13:46] yolanda: thanks one more https://code.launchpad.net/~zulcss/python-swiftclient/ftbfs/+merge/141754 [13:51] done [14:02] yolanda: if you want to have a look at whats wrong with glance and quantum be my guest :) [14:03] zul, what's the problem? i saw a fbtfs in your other reviews, is that the same? [14:03] yolanda: glance patches need to be refreshed or dropped and quantum its the testsuite [14:04] ok, i'll take a look === lamont` is now known as lamont === slank_away is now known as slank === Ursinha-afk is now known as Ursinha [15:03] Is anyone on this channel? [15:45] hey everyone, I have a bridged connection that I need to filter. Should I use iptables+arptables, or will ebtables do the job of both? [15:46] heh? [15:46] that depends on what you want [15:46] all 3 of those do totally different things [15:46] if they did the same thing, they wouldn't all exist [15:47] yeah, that's kind of why I'm a little confused. I basically need to isolate my VMs which are connected via a bridge.. the VMs are replicants of the VMs on a different physical host, so there would be an ip conflict [15:47] the hosts watch each other using pacemaker, if one machine goes down, the other unblocks its VMs [15:48] are you doing some kind of memory replication? [15:48] no, just DRBD. I had been wondering if that would work actually [15:49] ya, your whole setup is fail === uksysadmin__ is now known as itarchitectkev [15:49] kind about this, what happens when two computers use the same harddisk? [15:49] it causes complete corruption [15:50] your vm should only be running at one location at a time ever, then no harddrive corruption, no ip issues, ... [15:50] patdk-lap: so what could I do instead? I suppose I would just keep the VMs off on the other machine, keep their disk images synced though [15:50] drbd keeps the disk images synced [15:50] just have pacemaker start the vm on the other machine on failover [15:50] lol I dunno why I thought that'd work [15:51] well, just for my knowledge, if I need to filter these VMs, like for fencing or anything, how would I do that? [15:51] depends :) [15:51] you could use iptabls/ebtables/... [15:51] all depends on what level/layer you want to do it at [15:52] getting conflicting advice saying iptables doesn't work on br0 and such, others saying it does [15:52] kind of don't know my dick from my elbow when it comes to networking haha [15:52] heh? [15:52] iptables works on everything [15:53] lets put it this way [16:46] New bug: #1095710 in linux-lts-quantal (main) "update-grub-legacy-ec2 does not consider 3.5.0-generic as valid for Xen (dup-of: 1005551)" [Undecided,New] https://launchpad.net/bugs/1095710 [16:56] New bug: #1005551 in cloud-init (main) "Quantal does not boot on EC2" [Critical,Fix released] https://launchpad.net/bugs/1005551 === ppetraki is now known as ppetraki-busy === jfluhmann_ is now known as jfluhmann === uksysadmin__ is now known as itarchitectkev === samba35_ is now known as samba35 === mcclurmc is now known as mcclurmc_away [18:41] New bug: #1095757 in krb5 (main) "krb5 packages should be updated to v. >=1.10.2 to workaround bug with gssapi kerberos authentication" [Undecided,New] https://launchpad.net/bugs/1095757 [18:53] hi guys, i asked this question on the #ubuntu channel but it may have fallen on deaf ears. I've just got a new installation of 12.04 and am trying to set up a mail server following this guide: http://flurdy.com/docs/postfix/edition11.html but I'm having issues with SASL. It shows up as Error: authentication failed: no mechanism available [18:57] tflgen2: anything in the logs? [18:58] mail log shows "mailsrv postfix/smtpd[8927]: warning: unknown[192.168.40.180]: SASL PLAIN authentication failed: no mechanism available" [18:59] Sounds like a PAM issue [19:01] in /etc/pam.d/smtp: auth required pam_mysql.so user=mail passwd=QQuz43 host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1 [19:01] tflgen2: looks like pam_mysql.so is part of that guide; do you have it installed? [19:02] tflgen2: does the guy say why he hsa both "mailPASSWORD" and "aPASSWORD"? Why are they different..? [19:02] sarnold: no idea. i just use the same [19:03] tflgen2: and can you connect to your mysql database on the command line with the specified username and password? [19:03] yep [19:06] hang on [19:11] for a sec there, thought I had missed some files to install……not the case [19:22] sarnold: i'm kinda at a loss of where to look here. what else can i look at regarding pam? [19:23] tflgen2: are there any errors in the auth log? === ppetraki-busy is now known as ppetraki [19:24] no, it doesn't even look like it hits the auth log. [19:25] you could always strace it. it's not much fun (especially if its your first time iwth strace), but you can at least watch what it tries to do.. [19:35] https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440 [19:35] Launchpad bug 875440 in cyrus-sasl2 "Cannot authenticate with saslauthd and mysql" [High,Confirmed] [19:41] tflgen2: wow. be sure to click the "oes this bug affect you?" thing.. [19:42] https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/875440/comments/61 that is the fix [19:42] Launchpad bug 875440 in cyrus-sasl2 "Cannot authenticate with saslauthd and mysql" [High,Confirmed] === TheLordOfTime is now known as LordOfTime === LordOfTime is now known as TheLordOfTime [19:46] New bug: #1095775 in maas (main) "maas 0.1+bzr482 (precise) incompatible with python-django 1.4 (cloud-archive)" [Undecided,New] https://launchpad.net/bugs/1095775 [19:46] tflgen2: oh, woo, so the guide is outdated and needs fixing. that's more pleasant. :) [19:52] so i am trying to use the cloud live image, the http://localhost comes up but does not accept the password in the GettingStarted.txt file [19:52] What up wit that [19:53] case sensitive? [19:53] yeah it just says ubuntu:ubuntu123 [19:55] i can't even think where to look for the config file with that password in it so i can change it [19:57] "Point your browser to the public address of the openstack-dashboard node, "http://node-address/horizon" , login using admin/openstack" [19:58] horizon isn't a valid URI and that password combo doesn't work. it seems like the glance API isn't working on port 9292 [19:58] hrm [19:58] yeah the stock commands don't work. [19:59] It's ok, i mean i am sure i can set it up manually, i was a bit enthused by being able to check it out this way [20:01] oh, eth3 (the nic i am using) keeps getting unassigned [20:01] so this is a networking issue perhaps [20:01] and there it goes [20:03] it keeps getting wiped out [20:03] genewitch: pastebin ifconfig -a [20:03] what's the pastebin package called on ubuntu [20:04] pastebinit [20:04] i killed network-manager [20:05] should i not have done that [20:05] http://paste.ubuntu.com/1492939/ [20:05] if you reconfigured /etc/network/interfaces and restarted first, yes [20:05] no [20:06] eth[012] not configured, eth3 configured with rfc1918 address, what do you want to know? [20:06] RoyK: It kept getting UNconfigured. [20:06] like 4 times. [20:07] pastebin /etc/network/interfaces [20:07] nothing in there but lo [20:08] well, then configure it [20:08] !interfaces [20:08] !network configuration [20:08] no idea how to get that from the bot - google ubuntu network configi [20:09] i know how to manually configure a network. My point was that's not in the GettingStarted guide. [20:11] nice: failed to get http://169.254.169.254/latest/meta-data/public-keys [20:11] this is a bang-up job. [20:27] Looks like no dhcp and it falls back to the 169.254.x.x [20:31] genii-around: no, 169.254.169.254 is a metadata server [20:32] i guess this cirros image is meant to boot on amazon cloud, and openstack doesn't have a metadata server by default [20:33] oh, it does have a metadata server, just doesn't have curl :-p [20:35] genewitch: i just booted into the livecd of ubuntu cloud on virtual box and was able to get an instance of cirros to boot [20:38] yes, i have 3 running. [20:38] i'm testing ephemeral [20:38] oh, my bad [20:39] it is KVM >.< [20:55] Question to all. Where can I get documentation on how to install mono on uBuntu server? [21:04] Hello? [21:07] Lovelidge: does http://askubuntu.com/questions/11921/how-to-install-mono-on-a-server help? [21:10] has anyone here migrated from courier to dovecot? I'm gonna try and give dovecot a try to see if the imap behavior is better. [21:13] tflgen2: I never "migrated" - and dovecot gave no reason for complaints [21:15] guntbert: i guess i'm not actually looking to migrate as this is a fresh install. Doing this for a customer, they currently are hosted elsewhere and using outlook with pop3. I'm hoping to get them on my server with courier/dovecot (preferably imap). [21:15] do you have a good tutorial on installation of dovecot on 12.04? [21:23] <_KaszpiR_> Question - I have a home server running ubuntu-server LTS on some quite old motherboard, SATA (AHCI) in bios, booting form single drive [21:24] that's not a question [21:24] <_KaszpiR_> now, I'd like to migrate to new motherboard that uses EFI - any suggestions what can go wrong/ [21:24] _KaszpiR_: nothing, if you turn EFI off [21:24] witam można po polsku [21:25] <_KaszpiR_> hm [21:28] <_KaszpiR_> ok, looks like I've found some more info === alaing_ is now known as alaing [21:33] tflgen2: sure - see https://help.ubuntu.com/12.04/serverguide/dovecot-server.html :) === cpg|away is now known as cpg [21:56] gah, dovecot sucks :( can't even get it to start "dovecot: config: Warning: Killed with signal 15 " [22:01] heh? dovecot is great [22:02] I switched to it in 2003 I think, and I wouldn't call anything else currently close to it [22:03] i can't get the damn thing to start :) [22:03] well, it has a lot of config options [22:03] use dovecot -n, to see what you did [22:03] ! thanks for that [22:03] tflgen2: I am only a bot, please don't think I'm intelligent :) [22:04] ubottu, oh, go get a life [22:04] patdk-lap: I am only a bot, please don't think I'm intelligent :) [22:07] patdk-lap: ok, so that helped me weed out some crap. now i'm staring at fatal: unknown database driver 'mysql' [22:08] that is a debian/ubuntu thing [22:08] likely didn't install the dovecot-mysql package [22:08] dovecot --build-options |tail -n4 [22:08] Mail storages: shared mdbox sdbox maildir mbox cydir raw [22:08] SQL driver plugins: mysql postgresql sqlite [22:08] tflgen2: how did you install dovecot? I had no troubles at all [22:09] hmm [22:13] turns out =i didn't have the dovecot-mysql package installed…. [22:14] /facepalm [22:16] New bug: #1095840 in nova (main) "No logrotate config for nova.log" [Undecided,New] https://launchpad.net/bugs/1095840 === cpg is now known as cpg|away [23:25] hi guys [23:25] I have a ubuntu-11.10 (Desktop) installation.. which I was using as a server (not using any gui feature of it) [23:26] can I just rip off the ubuntu-desktop package .. to make it as efficient as ubuntu-server [23:26] as I see on the ubuntu website .. they merged the generic and server kernl after 12.04 .. but I have 11.10 installation [23:27] this machine was suppoed to be only for testing .. but then we want to use it in the production too [23:27] please suggest .. thanks! [23:28] anti-neutrino: feel free to uninstall any packages you don't use. [23:29] anti-neutrino: you'll make most impact by removing applications that are using the most amount of memory, but that can be a bit difficult to quantify [23:29] thanks for the reply @sarnold [23:29] anti-neutrino: for my little pandaboard, I just asked upstart to not start X, it seemed like a nice half-way point. it doesn't run, but the libraries are all there in case I want to ssh -X an application some day. [23:30] yeah I am removing all the unwanted services .. (making list of resource hungry services from the top command) [23:30] yeah I can do that too .. [23:31] so once again a naive question .. if kill X .. it pops up again [23:31] i understand this should be in something like 'startup' [23:31] aha, here we go: http://upstart.ubuntu.com/cookbook/#override-files [23:32] anti-neutrino: the book says these override files were added in upstart 1.3; if so, something like: echo manual >> /etc/init/lightdm.override ought to save you a few hundred megabytes of RAM/swap [23:34] cool... thanks a lot sarnold [23:34] I can try this on one of the VMs .. [23:35] you guys are awesome .. this seems to do the trick :) === cpg|away is now known as cpg [23:39] anti-neutrino: you may also wish to look at the powertop output and find which processes are responsible for the majority of your CPU wakeups