/srv/irclogs.ubuntu.com/2013/01/15/#ubuntu-server.txt

NomadJimBut the password I supplied in the debconf isn't working when I try to login to the mysql server00:00
NomadJimhttp://paste.ubuntu.com/1532899/ - debconf file00:00
lvmerstevenr: ops forgot to disable firewall..... fml00:01
lvmerstevenr: I can ping local address will test other asap00:01
lvmerstevenr: I can ping local, but no net00:02
lvmerno google.com :/00:02
StevenRlvmer: can you ping your router?00:02
lvmeryes00:02
lvmer0.3 ms00:02
StevenRcan you ping 8.8.8.8 ?00:02
lvmerwhat is that?00:02
StevenRone of google's DNS servers00:02
sarnoldthat's nice of them :)00:02
lvmeryes I can00:02
lvmer14 ms00:03
StevenRok, so you just need to configure some DNS servers00:03
lvmerhum00:03
StevenRlvmer: edit /etc/resolv.conf00:03
lvmeridk what to do, domain name service servers? where is that00:03
lvmerok00:03
lvmersays do not edit by hand00:04
lvmerchanges will be overwritten00:04
StevenRnameserver 8.8.8.8   is an example to use one of google's00:04
StevenRmeh00:04
StevenRdon't worry about that00:04
lvmerk00:05
lvmerso what do I do? add a column that says:    google.com   8.8.8.8  ?00:06
StevenRno00:06
StevenRadd a line that says:00:06
StevenRnameserver 8.8.8.800:06
StevenRor use whatever you'd normally put (your router? your ISP's DNS server?)00:07
lvmernot sure, the file was blank00:07
StevenRideally put two00:07
lvmerbut adding that line00:07
lvmerhelped00:07
StevenRok00:07
lvmerI can ping google.com00:07
StevenRalso add:00:07
StevenRnameserver 8.8.4.4 (google's other public DNS server)00:07
StevenR(don't add the bit in brackets!)00:08
lvmerok00:08
lvmerwhere should I put this? so it doesn't get over written?00:08
StevenRlvmer: it probably won't. Reboot and see00:09
lvmerstevenr: so what was the problem? why did I get errors with the bond, but not without?00:10
=== slank is now known as slank_away
StevenRlvmer: I don't understand?00:11
StevenRlvmer: what do you mean?00:11
lvmerI assume my router is the problem, it freaks out and stops doing dns when it gets 2 ports from the same ip?00:11
lvmerlike why could I always ping google.com00:11
lvmerbut now that I bond and restart00:11
lvmerI can't until I add that file00:11
StevenRlvmer: no, you had no DNS servers configured. When you used DHCP, the nameservers where put in your resolv.conf automatically.00:12
lvmeroooooooooo00:12
StevenR(that's one of the things that DHCP does)00:12
lvmerstevenr: it got erased00:12
lvmerresolv.conf00:12
lvmerI make a .bak00:12
lvmerbut how do I stop this?00:12
StevenRok. you'll need to configure resolvconf00:12
lvmerI assume I can add nameservers to the interfaces? or something00:12
lvmero00:12
StevenRbut I'm not sure how you do that00:13
StevenRyou might be able to do that00:13
StevenRdoesn't look like it00:13
StevenRhave a look at configuring resolvconf00:14
lvmerdns-nameservers 12.34.56.78 12.34.56.7900:15
lvmeryou can add it in interfaces00:15
StevenRcool00:15
StevenRdo that then :)00:16
lvmeryup00:16
lvmerthanks a lot for the help :)00:16
StevenRno problem :)00:16
StevenRnow you can look at adding in the odd interface00:16
lvmeryah00:16
lvmerxD00:16
lvmerthe default nameserver file is:  nameserver 192.168.0.1    [new line]   search hsd1.pa.comcast.net00:19
StevenR?00:19
lvmerhow do I add the search one? lol00:19
lvmerresolv.conf00:19
lvmerthat's the resolv.conf if I start up with dhcp00:20
StevenRdns-search-domains ?00:23
StevenRnot sure (Guessing)00:23
StevenRanyway, I need to sleep now :)00:23
* StevenR &00:24
lvmerstevenr: bye :)00:24
sarnoldlvmer: in my experience, 'search' is often not helpful (why do you care if you don't have to type "hsd1.pa.comcast.net" on host names?)00:26
lvmercuriocity00:26
lvmerlol00:26
lvmerthat is it00:26
lvmerI've moved on, I'm editing other stuff now xD00:26
=== cpg|away is now known as cpg
lvmermii-tool reports no mii interfaces found00:45
=== WaVeR` is now known as WaVeR
* lvmer sighs in shame after realizing his strict firewall settings start automatically on reboot & were preventing him from properly troubleshooting the network adapters01:12
=== cpg is now known as cpg|away
=== ahs3` is now known as ahs3
BrombombI'm running server at home as a media server (DLNA, UPnP).  Is there a way to play audio out to a connected speaker system?04:57
PryMar56Brombomb, use a 1/8 to RCA conversion cable05:06
Brombombsorry not hardware wise but software wise... controlling the server remotely05:07
PryMar56ssh in, and launch abrac (x-forward)05:07
PryMar56abraca05:07
PryMar56it needs xmms2 server05:07
PryMar56apt-get install abraca xmms205:08
Brombombcool I'll check it out05:08
Brombombthanks for the suggestion05:08
PryMar56it works smooth here05:08
=== pug is now known as Guest41110
=== cpg|away is now known as cpg
=== voxadam_ is now known as voxasdam
=== voxasdam is now known as voxadam
Fleckhey, how can I keep current kernel?07:58
sarnoldFleck: investigate 'pinning' in dpkg, apt, apt.conf manpages08:01
Fleckty08:01
=== Malediction_ is now known as Malediction
=== smb` is now known as smb
=== tspxx is now known as tspx
Davieyjamespage: bug 1087091 seems a bit certain 'it should be removed'.. can they not just be fixed? :)09:09
uvirtbotLaunchpad bug 1087091 in nova "get-orig-source-git should be removed" [High,Confirmed] https://launchpad.net/bugs/108709109:09
Davieymorning all, btw :)09:09
jamespageDaviey, I'm leaving that up to zul; whatever we have should be consistent across all packages09:10
Davieyyeah09:11
RoyKmorning09:12
maruqhi guys10:57
maruqhaving some fun trying to get raid 0 array to persist on a hi1.4xlarge (AWS)10:58
maruqI boot the node (canonical's ubuntu 12.04) with ephemeral at /dev/sdf & /dev/sdg10:58
maruqI then assemble a raid0 array using mdadm10:58
maruqI format the device (/dev/md0) as xfs10:58
maruqwrite things to /etc/fstab & /etc/mdadm/mdadm.conf10:59
maruqcheck it's all good using df -h (I see a 2TB volume that I've mounted at /mnt/data)10:59
maruqI then reboot, and check the df -h to see the volume is not there10:59
maruqif I do an mdadm --detail --scan, it seems my device has moved from /dev/md0 to /dev/md/0_010:59
jodhanyone know why nova-network is using start-stop-daemon in its Upstart job? Is it purely to change the user?10:59
maruqI seem to have missed somethingā€¦ any ideas?10:59
xnoxmaruq: update-initramfs -u ?11:00
maruqxnox: we tried that before & it still seemed to happen, will give it another try though11:01
AtuMhello.. I'm trying to setup a two-node drbd/ocfs2 cluster using pacemaker,corosync and cman... I'm going through cluster-from-scratch manual, but that's ment for rhel based distros.. is there a known how-to to this setup11:16
AtuMthis wiki is no good: https://wiki.ubuntu.com/ClusterStack/Precise11:18
StevenRlvmer1: most modern ethernet interfaces don't have a mii-tool compatible interface :)11:18
=== yofel_ is now known as yofel
maruqxnox: thanks, that seems to be working now ;)11:28
maruqgiving it another reboot to confirm, but it seems good11:28
maruqxnox: do you know of a safe way to call the "update-initramfs -u" ? I'd like to call via chef when I mount the volumeā€¦ best to avoid calling it over & over11:37
xnoxmaruq: it is safe enough. either it will regenerate the same initramfs, or fail to regenerate one (without overwriting the old one) that was my experience with it so far, but check the update-initramfs code to be sure.11:39
xnoxmaruq: you need to regenerate initramfs after adding new raid volumes, not after each mount.11:39
maruqxnox: yeah, that was my thought. it just seemed pointless to call every chef run11:41
ttxjamespage: I see you're coming to FOSDEM, anyone else from server team ?12:33
jamespagettx, sure am - Daviey and rbasak are as well12:34
ttxok, cool12:34
jamespagettx, see you there!12:36
jamespagettx, when do you arrive in brussels? friday?12:36
ttxjamespage: thursday evening.12:36
jamespagettx, right - I arrive friday afternoon12:36
maruqxnox: just trying to get my positioning right in my chef recipe. should I be calling update-initramfs after creating the raid, or after formatting the device & writing the fstab?12:54
=== cpg is now known as cpg|away
samba35RoyK, ping13:07
RoyKsamba35: pang!13:18
=== zeppo_ is now known as zeppo
samba35i am trying to setup a lvm ,with existing harddisk can we build a lvm with lossing data (want to create partion )13:20
RoyK-win 2813:22
samba35?13:22
RoyKsamba35: just ask on the channel, please don't pm me for support, please13:22
samba35ok13:22
RoyKbut no, you can't convert an existing filesystem to lvm13:23
samba35i have lvm formated disk (guess)13:23
samba35how do i check ? if i hit enter i am getting lvm prompt is that mean i am already on lvm13:24
samba35lvm> pvscan13:27
samba35  PV /dev/sda5   VG ubserver   lvm2 [148.81 GiB / 0    free]13:27
samba35  Total: 1 [148.81 GiB] / in use: 1 [148.81 GiB] / in no VG: 0 [0   ]13:27
samba35so i am on lvm ?13:27
AtuMsamba35, you're in lvm prompt. what you see is that /dev/sda5 has been declared as a pv and its in use by volume group named ubserver13:29
samba35so i am using lvm ,now if i want to create another small partion can i create it with esixting free space13:31
AtuMsamba35, you should check free lvm space with vgdisplay13:31
samba35ok13:32
AtuMthen use lvcreate --help13:32
samba35Free  PE / Size       0 / 013:32
AtuMwell then no, you cannot create any extra partitions (lvm volumes in your case)13:33
samba35ic13:33
samba35df -h show 101 gb free13:35
AtuMsamba35, you should really read something like http://www.redhat.com/magazine/009jul05/features/lvm2/ to get familliar with lvm concept first13:35
samba35ok13:35
AtuMdf always shows space on filesystems.. thats above the partition layer13:36
AtuMif you have free space on your FS, you can just use it.. if it's not the propper "path", then just use symlinks ;-)13:37
samba35ok13:37
AtuMif you can't live with what you have set-up, then reinstall - downsizing partitions on lvm2 is no easy task. you must first understand lvm213:39
samba35ok13:42
samba35can  i create lvm on pen drive and use it as a lvm volume ?13:42
=== niemeyer_ is now known as niemeyer
zullifeless: ping13:48
ztanewhy would upstart fail to reap its children?13:50
ztaneI have firefox zombies clinging to pid 1 but not reaped... also any ideas how to debug?13:51
xnoxztane: so firefox was started by e.g. gnome-session. But it's lost it's track of firefox and hence it got reparented to upstart pid1. Upstart will not reap those. In raring we are working on adding support to run upstart on per-usersession basis (with subreaper call) such that firefox would have been reparented to user-upstart and correctly reaped when user logs out.13:57
xnoxztane: also such questions are best suited for #upstart =)13:58
ztaneok :P13:58
* ogra_ wonders what you do with an upstart started firefox on a server14:00
ztaneogra_: it does nothing, however when I went to ask the same question on #ubuntu I got a lecture what zombie processes are and how I can ignore the problem altogether.14:03
ztaneand here I got an answer :D14:03
ogra_well14:03
AtuMwhat I'd like to know is why would anyone want upstart on server machines? what's the upside of starting processes in paralel on a server?14:05
ztaneAtuM: faster startup on for example elastic computing14:05
ztaneservers used to be "that big iron on racks", not that much anymore14:06
AtuMztane, and that's what... 2min max... if server is stabile i'd expect it would not need any reboots for years to come.. so what's the point14:06
ztaneAtuM: you do not get it obviously14:07
ogra_you wouldnt do any security upgrades on your server ?14:07
ztanecloud computing, if you need 5000 machine hours of computing14:07
ztaneyou boot 50000 computers and do it in 6 minutes14:07
ztaneand then halt14:07
AtuMogra_, linux is not windows..14:08
ogra_AtuM, ??14:08
ztanealso, computers *will* crash14:08
ztanebecause of parity errors at least14:08
ztaneon cheaper hardware14:08
AtuMogra_, if I protect linux from the outside world and it works fine.. do I really "need" security updates?14:08
ogra_yes14:09
ztaneyour desktop computer *will* crash because of parity errors.14:09
AtuMztane, yes.. but not that often.. and if I use ECC memory it should't crash.. forget desktop... we're in "server" section14:09
ztanemaybe not so for expensive server hw14:09
ogra_AtuM, as long as your server is in any way connected to the internet you should always make sure to have all security fixes14:09
ogra_and that has nothing to do with linux or windows14:10
ztaneanother case is14:10
ztanethat in a sequential sequence, there might be a case that something "not so necessary" would be blocking ssh in boot...14:11
ztanehow would you go fix that problem, ssh cannot start because it would launch at 50 instead of 30 :D14:11
AtuMogra_, let's say I have a database server that never connects to internet.. it's client is in dmz and the security is taken care of.. the likleyhood of breaching the server is low.. and the critical part is the db software, not linux kernel14:11
ogra_you dont have any users in your network ?14:12
ogra_usually a server serves something to more than one person14:12
ztaneanyway, there are bugs in kernel, patching a running kernel is a bit difficut14:12
ztane*difficult14:12
ogra_and indeed the DB software might be more important here but what tells you that there isnt a kernel vulnerabolity that can be used through sql commands ? :)14:13
AtuMogra_, security is a far fetched idea... it's an illusion.. there are always vulnerabilities we don't know of.14:14
ogra_an admin who doesnt regulary security updates has to be fired imho14:14
ogra_immediately without discussion ...14:14
AtuMogra_, you don't work with HA systems do you?14:14
ogra_i did in my life14:15
ogra_and also saw people being fired because of missing security updates14:15
AtuMogra_, so you're basically saying that upstart saves time with doing security updates14:17
ogra_as long as there are users you can not trust you are vulnerable, very simple ...14:17
ogra_no14:17
ogra_i'm just reacting to "servers dont need to be rebooted for years"14:17
AtuMogra_, that's a fact that no patch can solve14:17
ogra_no, patches cant, but being up to date minimizes the risk14:17
=== zurich is now known as level15
jdstrandfyi, ksplice can patches many kernel vulns without a reboot. you are going to need to patch your servers. consider a flaw in the database being used with a kernel local priv escalation. sure you have to weigh the risks vs regressions vs downtime, but flat out saying security is an illusion is not correct14:19
AtuMogra_, that "no reboot for years" remark is just for discussion. I think it all depends on SLA and the risk management policy.. if there's no big risk to a periferal server I see no reason for regular updates.. but that's just me14:20
jdstrandthere is a big difference between a vuln waiting to be discovered and one that is known and can be actively exploited14:20
AtuMjdstrand, ksplice is owned by Oracle now.. it's off topic for ubuntu-server14:21
jdstrandand part of the beauty of HA is you can take down some servers for a reboot and leave others running14:21
ogra_right14:22
jdstrandAtuM: I don't think the mere mentioning of ksplice is off-topic14:22
ogra_which makes security maintenance so much easier14:22
jdstrandit is something that they offer for Ubuntu for people who don't want to reboot cause of kernel vulns. I am not advocating its use, I am saying it is possible14:22
jdstrandbut in the HA case, it isn't needed. you use phased updates14:23
jacobwhi, what's the easiest way to install 12.04 on non pae?14:36
ztanejacobw: hmm?14:37
newlinuxHi all14:38
newlinuxcan I have zimbra mail with apache web server in the same ubuntu server?14:38
ztanejacobw: shouldnt that just work right out of the box14:39
roaksoaxzul: quick question... is there an effective way to determine whether package A is to be installed (or has been installed) in package B postinst ?14:39
jacobwztane: >12.04 kernel requires pae extension14:39
zulroaksoax: not that i know of14:39
roaksoaxzul: k thanks14:40
ztanejacobw: really? or that it has support enabled14:40
ztanehmm14:41
ztaneseems that it is indeed dropping non-pae support14:42
ztaneah i thought it was a runtime switch but ofc it is not as it changes page directory layout14:44
zuljamespage: extras packaged and uploaded14:45
jacobwztane: using the mini iso is the answer14:47
diego_where can i find the most updated repository for samba4 for 12.04 ?14:48
=== slank_away is now known as slank
=== zeppo_ is now known as zeppo
=== Ursinha_ is now known as Ursinha
=== motmot is now known as liva
jamespagezul, ta15:06
jamespageyolanda, ^^ see zulls comment re extras15:06
yolandalet me check15:06
yolandaok, i'll try to rebuild the package15:07
iclebyte_workhow can i downgrade one specific package to that of a previous release without having apt remove all the dependent applications. the package in question is libgnutls26 - i'm running 12.04lts and have added oneric's security repo and masked the libgnutls26 pkg in /etc/apt/preferences and 'apt-get install libgnutls26' wants to downgrade to 2.10.5-1ubuntu3.1 but it also wants to remove all the other apps which rely on it15:19
diego_http://paste.org/60172 guys any help??? Samba4 + Kerberos15:24
=== alaing_ is now known as alaing
newlinuxHi All15:33
newlinuxI need small help15:33
newlinuxim new to linux15:33
newlinuxI have download xeams mail server15:34
newlinuxits .tar15:34
iclebyte_worknewlinux, yes? what is your question?15:37
newlinuxOk15:40
newlinuxI have download a free linux mail server, its 50MB file .Tar15:41
newlinuxI have done the these steps15:41
newlinuxtar -xf XeamsLinux.tar15:41
newlinuxwhen i run Install.sh , I get that the file is not there15:42
newlinuxbut when I ls I can see the file15:42
iclebyte_workhow are you running Install.sh?15:42
iclebyte_workyou should use a dot slash to signaify execute from the current directory. i.e. './Install.sh'15:43
iclebyte_workremember also Linux is case sensitive so Install.sh and install.sh are not the same.15:43
newlinuxYes I have done that15:44
iclebyte_workdid it work?15:44
newlinuxit shows command not found15:44
iclebyte_worktry this15:44
iclebyte_workchmod +x Install.sh15:44
iclebyte_workthen ./Install.sh15:44
newlinuxOk Thanks <iclebyte_work>15:44
newlinuxbut it says I must login name root15:45
newlinuxI just installed ubuntu 12.4, didnt ask for the root password?15:45
newlinuxcan you please advise?15:45
iclebyte_workno it wont, it assumes you are root15:45
iclebyte_worktype this: sudo ./Install.sh15:45
iclebyte_workthen put in YOUR password when it asks for one15:45
iclebyte_workthe sudo command can be remembered as 'super user do'15:46
newlinuxit says you must login as root?15:46
iclebyte_workjust put in your password15:46
iclebyte_worknewlinux, if you are new, i would recommend you install software from the offical ubuntu packages rather than from a tar.gz or something15:46
iclebyte_workpostfix is a good email server15:46
iclebyte_workapt-get install postfix15:46
newlinuxyes but its complex15:47
newlinuxxeams its easier it seems15:47
newlinuxwhats the root defaulr password?15:47
iclebyte_workthere isnt a root account15:48
iclebyte_workyou have the ability to run commands as the root user15:48
iclebyte_workusing sudo15:48
iclebyte_workthere is no 'root password'15:48
newlinuxyou mean sudo then inter15:48
newlinuxenter15:48
newlinuxI tried15:48
iclebyte_work'sudo ./Install.sh'15:48
iclebyte_workAlso, the default postfix should just work straight away15:49
iclebyte_workjust choose 'Internet Site' when you install it15:49
newlinuxbut if does postfix has web based?15:51
iclebyte_workno postfix is not web based. if you want web based administration of postfix try 'postfixadmin' available from http://postfixadmin.sourceforge.net15:52
iclebyte_workbut you will also need to configure a web server and mysql database15:53
freesbie_maybe this should help you in the right direction with the mail server: https://help.ubuntu.com/community/PostfixCompleteVirtualMailSystemHowto15:53
Davieym_3: Are you chairing this next meeting?15:55
newlinuxi have istalled it15:56
iclebyte_workcan anyone assist me with this downgrading issue?15:56
Davieyjimbaker: If m_3 doesn't respond, you are next in the list?15:56
jimbakerDaviey, i'm teaching a course in a few minutes15:59
newlinuxThanks all15:59
Davieyjimbaker: wow, you can multi-task?16:00
jimbakerDaviey, not particularly well ;)16:00
DavieyUrsinha: According to the rota, that puts you next in place.. Are you able to take it?16:01
UrsinhaDaviey, I think so16:02
Daviey\o/16:02
newlinuxdear all16:02
newlinuxmy ubuntu is 64 bits16:02
SuperMattwell put it back together16:03
newlinuxand i want to install a 32 bits package, is that fine?16:03
SuperMattyup16:03
SuperMattmight be a good idea to install ia32-libs16:03
newlinux?16:03
SuperMattthey're 32bit libraries16:04
SuperMattso if the app doesn't work initially, it *should* do with ia32-libs16:04
newlinuxcoz i got some file not found message16:05
newlinuxi think better to install ubunti 32 bits?16:05
SuperMattwell try ia32-libs :)16:05
SuperMattno no16:05
SuperMattwhat is the application?16:05
SuperMattnewlinux: ?16:08
m_3Daviey: I did last week16:09
Davieym_3: not according to the schedule16:11
Davieym_3: did you do minutes?16:11
newlinuxsorry16:12
SuperMattnp16:12
newlinuxiys xeams mail server16:12
newlinuxwhat do you think, shall i install ubuntu 12.4 32 bits16:12
SuperMattyou shouldn't need to16:13
newlinuxim still at office its 7:10 pm :(16:13
SuperMatttry installing ia32-libs from the package manager16:13
SuperMattso apt-get install ia32-libs16:13
newlinuxthis is the site http://www.xeams.com/XeamsDownload.htm16:13
newlinuxthe package is 32 bits16:14
newlinuxits mentioned it works with all lexus16:14
newlinuxLinux16:14
SuperMattyup16:14
SuperMattI've just checked their site, and it suggests ia32-libs16:14
SuperMatthttp://www.xeams.com/ubuntu.htm16:14
newlinuxso I will try the 32 bits?16:14
shaunoit also appears to be java, which is worth not overlooking16:15
newlinux?16:15
SuperMattwell, it's not downgrading to ubuntu 32 bit, it just installs some stuff to make 32 bit stuff work16:15
newlinuxwhat do u mean?16:15
newlinuxwhat can i do16:16
SuperMattnewlinux: at your command line, do this: sudo apt-get install ia32-libs16:16
newlinuxok I did16:17
SuperMattwhat happened?16:17
newlinuxits installing16:18
SuperMattexcellent16:18
SuperMattonce that is done installing, try xeams again16:18
newlinuxdo I need to restart?16:19
SuperMattshouldn't need to16:20
newlinuxok, incase it didnt work, any other easy web based linux email package i can use?16:21
SuperMattroundcube16:21
SuperMattwhich you install with: sudo apt-get install roundcube16:22
newlinuxis it easy16:22
newlinux?16:22
SuperMattwell that depends on your definition of easy16:22
SuperMattI could probably get a round cube server running in about 10 minutes16:22
SuperMattcan I ask: how long have you been using Ubuntu/Linux?16:23
newlinuxohh please16:23
newlinuxim stock since 3 days16:23
newlinuxi belive this is the best option16:23
newlinuxIt can be configured in Iphone and other mobiles?16:23
SuperMattyup16:23
newlinuxI used backtrack in my security course last year16:24
SuperMattwell roundcube is just a front end to other technologies, such as postfix and dovecot16:24
SuperMattdid you read this at all? https://help.ubuntu.com/community/MailServer16:24
newlinuxI will go through it16:25
MACscrHmm, I am having issues with postfix after an apt-get upgrade. Postfix appears to be running, but i dont think its to functional right now. The upgrade did not complete as well. here is what it shows if i try to do apt-get upgrade again: http://pastie.org/pastes/5688996/text?key=rurb5ciidsbsulx6byneww16:25
newlinuxso in this case i still need postfix?16:25
MACscrany suggestions based on my errors above?16:25
SuperMattnewlinux: do you have postfix install already?16:26
=== matsubara is now known as matsubara-lunch
newlinuxno16:28
newlinuxI can install it as you mentioned apt ??16:28
SuperMattyup16:28
SuperMattpostfix is only for sending email16:28
SuperMattyou will also need something like dovecot to store email16:28
SuperMattthere's a lot of configuring you'll have to do16:29
newlinuxso I need to install both posfix and dovecot?\16:29
SuperMattyup16:29
SuperMattnewlinux: I really recommend you don't do this on a live server. You should get your hands on a virtual machine with ubuntu on it and test everything in that16:30
SuperMattyou're looking for a whole world of hurt if you don't do this in testing first16:30
newlinuxim doing in the new server, its a test16:31
SuperMattok, good16:31
newlinuxSupermatt, can you be with me I will do it rights now16:32
SuperMattuhm, I can't guarantee anything16:33
SuperMattnewlinux: I'm not trying to put you down or anything here, but it sounds to me like you have quite limited ubuntu experience. For what it's worth, I think it would be a good idea to leave the server alone for the evening, and just concentrate on ubuntu server basics16:34
SuperMatthttp://ubuntu-manual.org/16:34
newlinuxYes, I respect you and your rights16:34
newlinuxactually im trying to install it for my manager house16:35
* ogra_ would also suggest a few weeks or months for learning linux basics first16:36
ogra_at least if you really plan to use that server in production ...16:37
SuperMattagreed16:38
SuperMattotherwise the server might be insecure16:38
newlinuxok i understand16:39
m_3Daviey: nope (/me guilty look)... just kinda thought it was done at the end of the meeting... doh16:40
newlinuxSupermatt, any good article i can use to follow and install any basic mail server16:41
ikonianewlinux: do you understand how a mail setup works yet ?16:44
SuperMattnewlinux: https://help.ubuntu.com/community/MailServer I would start here and I would read it all. You need to work out what you need and why you need it. Reading these will help, though they won't tell you everything16:44
ikonianewlinux: we went over this yesterday and you had no idea how any of it worked, so a guide at this time will be useless16:44
newlinux<ikonia>, I understand how it works but not in linux16:46
SuperMattnewlinux: I think you should start by readying through the ubuntu manual project and learn about how the ubuntu command line works, then work your way up16:47
newlinuxsure16:48
newlinuxthanks all16:48
SuperMattyou have a long road ahead of you16:48
SuperMattinstalling a secure, stable mail server is something I haven't managed yet, and I've been in the linux game for 5 years now16:49
ogra_definitely ...good luck though16:49
newlinuxthanks all16:49
shaunoparticularly mailservers.  making them work is the easy bit.  not turning them into a spammer's best friend calls for a little less guesswork16:51
patdk-wkmaking a mailserver spammerproof is easy16:55
patdk-wkmaking it not receive spam, is hard16:55
patdk-wkmaking your website cgi's protected against hacking to send spam, is normally not hard, but seems to fail in the real world16:56
frojndIs it neccessery for lighttpd properly run that apache2 is installed?17:19
frojndThe files in the document root have to be17:20
frojndreadable by the user starting the web server17:20
frojndIn my case I started lighttpd as root so if root has access that's ok right?17:20
SuperMattuhm, just because you started as root, doesn't mean it's running as root17:24
frojndhow can I check?17:24
SuperMattit's possible that lighttpd has an options to run as a different user17:24
SuperMattps auxww | grep lighttpd17:24
SuperMattthe first column should be the user it's running as17:24
frojndok it's root17:24
SuperMattcool17:25
SuperMattso yeah, if it's running as root, it should be able to read anything17:26
sarnoldfrojnd: you don't want your webserver to run as root. that's a quick way to sharing your machine with the albanian mob.17:27
SuperMattwell yes, there is that17:27
frojndyeah, I'm gonna chage it to www-data ?17:27
Darkstar1__anyway I can profile my system memory to see what's consuming what?17:27
SuperMattgood idea17:27
frojndI belive that's the correct name for it?17:27
sarnoldfrojnd: yes, though I have a personal grudge about that :) the on-disk data should be owned by a different user than the webserver runs as -- you wouldn't want a compromised webserver to have write access to more than the database sockets it needs and its logsfiles.17:29
Darkstar1__I'm having segmentation fault issues in apache17:30
SuperMattsarnold: agreed, we only ever give www-data access to specific folders17:30
frojndsarnold: so if I have /var/www/htdocs my documentRoot for www data,.. how do I make I don't know one user safely write code?17:31
sarnoldfrojnd: you could chown the directory to a new user, "web" or something, and have your user copy data into it (perhaps via sudo) when necessary17:31
sarnoldfrojnd: you could also just chown it for that user account, but that really only makes sense on a server that the user doesn't do anything else, except publish web..17:32
RoyKor even, just create a group for web and chgrp the dir and chmod g+w the dir and let the user copy entirely without sudo17:33
sarnoldbetter :)17:33
Guest63082I'm having trouble using postfix with SSL enabled LDAP, can someone give me some pointers how to do it, or is it not possible?17:34
frojndsarnold: ok so here it is now: /var/www/ and all subdirs are owned by root:root17:39
frojndsarnold: and lighttpd is run as www-data:www-data17:39
RoyKfrojnd: really, you don't want www-data to be able to write to those files17:39
frojndRoyK: I just said that they are root:root17:40
RoyKthat's ok17:40
sarnoldfrojnd: better :) owned by root is a bit overkill, but having the daemon have very little write access is the most important thing. woot.17:40
RoyKfrojnd: just do as I said above17:40
frojnddrwxr-xr-x  2 root root 4096 Jan 15 18:15 htdocs drwxr-xr-x  3 root root 4096 Jan 15 17:42 servers17:40
frojndNow I have to create a chrooted user17:41
frojndmeh, jailed user :)17:41
=== matsubara-lunch is now known as matsubara
frojndThis is /etc/init.d/lighttpd http://paste.ubuntu.com/153487417:43
frojndThe server has to be started as root to take control of port 80, but it's not necessary or a good idea to continue running as root after port acquisition.17:44
frojndcan someone check that bash script?17:45
Darkstar1__guys any gui tool I can use to get a profile of what's eating system memory?17:45
Darkstar1__it's a desktop 12.04 that I'm using as a server right now17:45
sarnoldDarkstar1__: memory consumption is difficult to measure, since shared libraries are shared amongst all processes that have loaded them..17:47
sarnoldDarkstar1__: 'top', 'htop', or 'ps aux' are pretty good tools though; the VSZ is the virtual address space allocated, the RSS is the "resident set size", the actual physical memory the process is using, the SHR is the amount that _can be_ shared with other processes -- though it isn't necessarily shared17:48
Darkstar1__sarnold: reason I ask is because I have a php issue that only turns up in apache error logs as just plain ol' segmentation fault. The system monitor reports 2/7.9Gb memory in use but the cli tool called free reports that I have 7 .something in use and only 528Mb free17:49
sarnoldDarkstar1__: now I know I've seen a tool that actually looks into /proc/*/maps and figures out which processes are using which libraries and accounts each process "their share" of that address space, but I've never been able to find it again. heh.17:50
Darkstar1__sarnold: I hate when that happens :D17:50
Darkstar1__ok running htop17:51
sarnoldDarkstar1__: well, segfaults are something else. php is a pretty shitty interpreter, and poorly written (or intentionally written) php code can segfault it all day long...17:51
sarnoldDarkstar1__: .. and if the code is poorly-written just right, it'll let external people play with its address space. :/17:51
sarnoldDarkstar1__: that really doesn't have much to do with actual memory _consumption_. Your linux system will generally have only a few hundred megabytes free -- free memory is wasted memory -- the value that makes more sense to look at is the +/- buffers line in the free output17:52
sarnoldDarkstar1__: check the kernel logs for more details on those segfaults; dmesg output may have it, or it may be in /var/log/kern* something -- maybe you'll be able to pinpoint whatever stupid program is crashing and either fix it or remove it.17:53
=== hggdh is now known as hggdh_AFK
frojndHeh this is funny18:15
frojndWhen I start lighttpd like this: /etc/init.d/lighttpd start18:15
lifelesszul: pong18:15
frojndand then stop it like this: /etc/init.d/lighttpd stop and after it I try to run it: I get: 2013-01-15 19:14:52: (network.c.358) can't bind to port:  80 Address already in use18:15
frojndAnd ps aux | grep lighttpd says: www-data 18251  0.0  0.0  36028   708 ?        S    19:13   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf18:16
frojndand /etc/init.d/lighttpd status says:  * lighttpd is not running18:16
frojndIs there something wrong with lighttpd file? http://paste.ubuntu.com/153487418:17
sarnoldfrojnd: does lighttpd start child processes? you may need to remove the pidfile from start-stop-daemon if it has child processes that also listen on port 8018:19
frojndsarnold: fuser -v 80/tcp says: 80/tcp:              www-data  18251 F.... lighttpd18:19
frojndsarnold: how do I check if it starts a child processes? ps?18:20
sarnoldfrojnd: yeah, or pstree18:20
sarnoldfrojnd: did you write that init script yourself? or was it provided?18:21
sarnoldyou may wish to just file bugs if 'stop' doesn't kill all the processes18:21
frojndsarnold: provided18:21
sarnoldit seemed a bit much to just write for yourself ;) hehe18:22
frojndmy knowladge at bash is really limited haha :>18:22
frojndsarnold:      |-lighttpd <-pstree18:23
frojndJust that.18:23
=== The_Pugilist is now known as DaveR
sarnoldfrojnd: well, killall lighttpd first, start it with the initscript, and see what's started..18:24
frojndsarnold: ps aux | grep lighttpd www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf18:25
frojndsarnold: pstree:   |-lighttpd and that's it18:26
frojndoh and fuser -v 80/tcp 80/tcp:              www-data  18706 F.... lighttpd18:26
sarnoldfrojnd: just the one process? okay. now kill it with its initscript again, and see what's left over18:26
frojnd * Stopping web server lighttpd    ...done.18:27
frojndps aux | grep lighttpd www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf pstree:  |-lighttpd and fuser: 80/tcp:              www-data  18706 F.... lighttpd18:27
frojndit does not kill it :)18:27
sarnoldfrojnd: is the pidfile still there?18:29
frojndyes18:30
sarnoldare there anything odd about its permissions or the permissions of its containing directory?18:30
frojndsarnold: -rwxr-xr-x 1 root root 2545 Aug 19  2010 /etc/init.d/lighttpd18:32
frojndsarnold: and /etc/init.d looks like this: drwxr-xr-x  2 root root  4096 Jan 15 18:44 .18:32
sarnoldfrojnd: sorry, the pidfile will be in /var/run18:33
frojndsarnold: in /var/run drwxr-x---  2 www-data   www-data     40 Jan 15 17:08 lighttpd18:34
RoyKthe whole of var run owned by www-data?18:35
RoyKoh, ic18:35
frojndsarnold: ls -la /var/run/ NO: drwxr-xr-x 16 root       root        520 Jan 15 18:15 .18:35
frojndRoyK: no..18:35
frojndah, you typed i cee..18:36
sarnoldfrojnd: how about /var/run/lighttpd.pid ?18:37
frojndsarnold: does not exist18:37
frojndsarnold: even though ps aux | grep lighttpd says otherwise: www-data 18706  0.0  0.0  36028   712 ?        S    19:24   0:00 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf18:37
sarnoldfrojnd: how odd. killall lighttpd again, restart it, and check the pidfile while it is running18:38
frojndsarnold: there is no /var/run/lighttpd.pid18:40
sarnoldfrojnd: how odd. :)18:40
frojndindeed :)18:40
frojndlet me try and start it with service lighttpd start18:40
frojndno, the same18:41
frojndshould I reinstall lighttpd?18:42
sarnoldfrojnd: might not hurt, though I hate that as an answer.18:43
frojndsarnold: what's the proper way for uninstalling? apt-get --purge remove?18:43
sarnoldfrojnd: I think apt-get purge18:44
frojndyeah now it works ps aux | grep does not show anything18:46
frojndwhere in /var/run/ should that file be exactly?18:47
sarnoldfrojnd: /var/run/lighttpd.pid18:47
frojndit's just not there18:47
frojndhttp://paste.ubuntu.com/1535068/18:48
frojndOnly those 6 pids are there18:48
frojndwhat in the *blub* is goning on :D18:49
frojndgoin'18:49
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
michelehi there20:32
michelei already have ubuntu-server installed. how do I launch the tasksel for "ubuntu software selection" (like http://askubuntu.com/questions/153265/what-does-the-basic-ubuntu-server-package-contain-in-software-selection-during ) ?20:32
RamosDevilQuick question - I just set up Ubuntu 12.04 Server on my Mac Mini (late 2011).  Everything was running smoothly until I stopped getting a response from the box... I checked the computer and it was still on, but I couldn't get anything to happened, so I restarted.  I'm assuming the server itself crashed, and there's no sleep or standby mode since this is a server, correct?22:10
sarnoldRamosDevil: when I stopped getting responses from a machine, it had gotten a new dhcp but not entered into dns yet. (perhaps your setup is a little less clumsy than mine :)22:11
sarnoldRamosDevil: iirc, it's the same kernel all the way through, so suspend and hibernate are available, "pm-suspend" and "pm-hibernate" ought to do the job, iirc.22:11
=== smw_ is now known as smw
sarnoldRamosDevil: in my case, I wrote a quick bit of bash scripting to scan ssh banners and look for the host that felt 'right'. for i in `seq 2 254` ; do echo "" | nc 192.168.1.${i} 22 ; done22:12
sarnoldRamosDevil: .. of course, if yours is _offline_, that's something else entirely22:12
Davieyadam_g_: hey, https://review.openstack.org/#/c/19495/ .. has an update for lvm as SRU been considered, do you know?22:13
RamosDevilThanks, guys. Even though the kernels are merged now (server/desktop), I would assume that suspend and hibernate are disabled by default in server installations... How would I check to see if a timeout time has been set?22:14
sarnoldRamosDevil: if you're running unity, the system settings -> power will show it.. if you're not running a desktop environment, though, I'd expect it to work as any other server ought to.22:16
RamosDevilYeah, no GUI for me... Dang.  Looks like I've got a hardware issue.  Thanks for the assist.22:17
sarnoldRamosDevil: was there anything suspicious looking in the logs?22:17
RamosDevilNothing that points me in the direction of what may have happened... No KP or anything, just abruptly ends.22:20
sarnolddamn, I hate those :(22:21
RamosDevilNot the way I wanted to end my work day, but it gives me something to focus on tomorrow.  Thanks again, have a good night!22:28
=== Malediction_ is now known as Malediction
=== Malediction_ is now known as Malediction
adam_g_Daviey: re: LVM. seems like new features that wouldn't fit into an SRU, but a potential backport for future CA releases?22:55
Davieyadam_g_: we should explore if it CAN be SRU'd first.  It does sound like it could be unsuitable, but we should check first.23:10
Daviey-> afk23:10
=== Malediction_ is now known as Malediction
m_tadeuhi everyone...I just upgraded to 12.04 and I'm experiencing a problem in smtp...the client says "This server does not support authentication". And it was working before the upgrade23:23
patdk-lapm_tadeu, likely you accidentally told it to overwrite your config when you upgraded it23:24
m_tadeupatdk-lap: I'm quite sure I didn't...I was very careful with that. but where should I check?23:26
patdk-lapwhat smtp server are you using?23:26
m_tadeupostfix with dovecot23:26
patdk-lapthen you need to check in /etc/postfix/main.cf and /etc/postfix/master.cf23:27
m_tadeupatdk-lap: can it be the milter?23:29
m_tadeumy config is there23:29
patdk-lapno23:29
xnoxDaviey: adam_g_: what in particular do you want in lvm? =)23:31
xnoxAh... thin provisioning. I am working on landing it in Debian experimental and ubuntu.23:31
xnoxFirst I need to get it into raring, then we can think about SRU. It will need a new thin-provisioning package for related tools. Not sure how sru friendly new packages are.23:32
m_tadeuI'm getting this message in the log23:36
m_tadeupostfix/smtpd[10912]: warning: connect to Milter service inet:localhost:8891: Connection refused23:36
sarnoldhrm :)23:37
m_tadeugoogling is not helping much :(23:37
patdk-lapgoogle won't be ANY HELP23:37
sarnoldm_tadeu: what milter did you run there?23:37
patdk-laponly you know what milter you had running on that port23:37
m_tadeupatdk-lap: where can I check it? sorry to ask basic questions, but it was a while ago since I did this23:40
patdk-lapno way to know23:42
patdk-lapyou have to find the program on your server configured to use port 889123:42
patdk-lapor disable the milter in postfix and figure it out later23:42
m_tadeuprobably it should be dkim...I restarted the service, but it wont show up in netstat23:51
orudieGreetings. I just installed squid proxy server for the first time. Looking for some assistance on configuration. Thanks in advance23:52
m_tadeuso, I'm using dkim in 8891 and domainkeys in 889223:53
m_tadeunetstat only shows dk-filter in 8892....so no dkim. the process is running...damn23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!