zeronezeronehey guys! any suggested reading or websites for desireable network topologies00:52
zeronezeronei am setting up a networked cluster00:52
zeronezeronethree local machines, one off site VPS running dns00:52
zeronezeronei was thinking having one front facing server running ISCSI + reverse proxy via nginx. the other two servers, maybe set them up using some clustering + failover software?00:53
zeronezerone*is looking for further and elaborated reading*00:53
trollworkHowdy, need some help with postfix.  Someone here didn't like the postfix log files, so they symlinked them to /dev/null in /var/log/mail.err & .log.  I've since deleted those symlinks, but the files are not repopulating.01:07
trollworkCan I change the log location? Or somehow re-enable them?01:07
sarnoldtrollwork: check the postfix docs, perhaps you can get it to 'rotate' its logs with a kill -SIGHUP or something easy01:10
trollworksarnold, the postfix logs point to general linux distros.. case in point they recommend editing /etc/syslog.conf to change log settings, ubuntu has /etc/rsyslog.d/postfix.conf instead.. and it's only got one line in it which doesn't really help me much01:12
hadifarnoudusr13: I followed the guide and changed wherever he said I should use my IP. the only place I had to use my IPs was /etc/ipsec.d/l2tp-psk.conf file in step 201:17
hadifarnoudusr13: my ip range for L2TP vpn is   when I connect to it, I get   considering that, is step 3 wrong? iptables does not redirect traffic to me.01:17
mikalAnyone around?02:02
mikalWould nova depending on conserver (from non-free) be a packaging problem for you guys?02:03
Bransi need help with samba02:03
Branstrying to setup a pdc ..02:03
Bransthere's my config02:04
=== Smark is now known as Smark[Gone]
qman__trollwork, touch the logfiles and set the permissions to default, which is syslog:adm 64002:55
trollworkthanks qman__02:55
qman__may need to restart rsyslog after doing that, not sure02:56
trollworkThere we go!02:57
trollworkyou're awesome!02:57
=== Smark[Gone] is now known as Smark
trollworkso I'm trying to install postfix from a shell script in order to automate deployment (Chef & puppet have been banned from the office, don't ask) and the problem is even with a  >/dev/null 2>&1 you get the postfix menu.. is there way to default that?04:15
CarlThanskI have apache, PHP, and mysql running on a clean install and my friend is getting quasi-randomly IP-banned. what could do this?04:27
jpdsHow do you know the IP is 'banned'?04:30
jpdsLog files, etc?04:30
CarlThanskI don't *know*, but he can access resources hosted elsewhere on my network and I can access the resource he can't from another external source04:30
jpdsAs I said before, and will say again, you need to do some network debugging.04:31
CarlThanskas I said before, and will say again, he can reach me and others can reach it. it is *only* the webserver he can't access04:31
jpdsYou didn't mention that before.04:32
jpdsChecked the Apache logs?04:32
CarlThanskyup. see nothing worthwhile04:35
jpdsWell, next step is tcpdump on his IP and seeing what happens when he tries to access the site.04:36
CarlThanskno packets. guess it's time to move on to ddwrt. thanks jpds04:50
=== phizes_ is now known as phizes
sobersabrehi guys. is there a *working* document on how to set up ubuntu machine as active directory member box and authenticate AD users on that machine (i.e. via AD)06:26
qman__sobersabre, looking to create a domain or join existing?06:35
qman__oh, you just mean auth against AD, not a DC06:38
qman__there's several ways to do that with varying downsides06:38
qman__winbind is the method recommended by the samba guys06:39
qman__this is a little old but still generally applies: https://help.ubuntu.com/community/ActiveDirectoryHowto06:41
phizesHi, I am using https://launchpad.net/~ondrej/+archive/mysql to get MySQL 5.5 for Precise, the problem is that 5.6 is also provided, I have managed to pin most of the packages at 5.5 (notably the ones with 5.5 in the package name) I can't work out how to pin libmysqlclient18 to 5.5 as well, here is my current apt preferences.d config http://paste.ubuntu.com/5957784/ Could any one point me in the right direction?06:43
phizes(I am aware that the PPA's 5.5 is the same as what is in the Precise release, the difference is that the official build lacks the library for MySQL to have native_aio compiled into it, which this PPA does have.)06:45
qman__based on what I see there, you shouldn't have to pin anything, as the packages are named differently06:47
qman__the stock packages are mysql-client-5.5 and mysql-server-5.5, and the packages on that PPA are mysql-5.5 and mysql-5.606:48
phizeshttps://launchpad.net/~ondrej/+archive/mysql/+packages <- then click the corresponding title in the table, it lists the actual packages, and it is definitely trying to upgrade to 5.6, whereas I just need the 5.5 versions06:50
phizesIf I recall correctly, trying to apt-get install mysql-5.5 resulted in an error about package not found, and then I would still need to pin it to 5.5 to prevent it upgrading to 5.6 I think.06:53
qman__ok, I see06:54
qman__there is still another way, which is to not install "mysql-client" and "mysql-server", but only "mysql-client-5.5" and "mysql-server-5.5"06:55
qman__if you do need those two metapackages, those are the ones you need to pin06:55
phizesI have done that, but it still tries to upgrade libmysqlclient for some reason. (I did that to be able to pin to 5.5)06:56
qman__mysql-client-5.5 should depend on the correct version of that, but apparently doesn't06:59
phizesHmmk, I can't seem to find a way to differentiate the packages for pinning, I'm considering asking the package maintainer at this point, alternatively I may have to start my own PPA, though I have never done that before.07:05
qman__yeah, I think there's an issue with the dependencies of his version, but you should be able to work around it with pinning07:06
qman__I'm just not familiar enough with the syntax to fix it for you07:06
phizesI thought that should be the case, but I can't find how to define it, pretty much anywhere. I'll have a look at it again, I may have missed something somewhere. Asking any maintainer or similar is always my last resort.07:08
phizesThank you very much for your help though. :)07:08
qman__basically though, mysql-client-5.5 should depend on libmysqlclient18 > 5.5.0, < 5.6.007:09
wiehanHi, I have samba shares installed via webmin. I have set up a folder on my server named Multimedia to be shared and have granted: Guest access. And the default permissions of 755. But when I try to write to that folder it gives an 'permission denied error'. I believe that it has to do with the fact the the folder, locally, doesn't grant the permissions. So what I did was chmod -R 755 /Multimedia.. But it still doesn't work.07:57
wiehanPlease help.07:57
qman__wiehan, 755 means write for the owner but read-only for everyone else, you want 777 for a guest writable share08:04
qman__keep in mind also,08:04
qman__!webmin | wiehan08:04
ubottuwiehan: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.08:04
wiehanqman ty, I changed that now to 766, both with chmod and the namethatshallnotbementioned, still to no avail08:07
wiehanok, Now I have a question that is unrelated to webmin. When I try to access the share from my ubuntu laptop it says "permission denied" but whn I log in from my android phone, it works perfect!?08:12
qman__make sure it's logging in as guest and not using a saved credential08:14
qman__saved credentials are stored in keyring manager08:14
wiehanqman__, how do I clear saved credentials as this seems like a buggy bug08:14
* maxb observes that 766 is quite different to 77708:14
qman__first, ensure none are saved in your keyring using the keyring manager08:15
qman__after doing that, log out, and log back in08:15
mac_nibbletAfter setting upp isc-dhcp-server i keep getting "No subnet declaration for em1"08:16
mac_nibbleteven tho i have specified the only interface to listen on is em208:16
=== smb` is now known as smb
=== gnuyoga_ is now known as gnuyoga
jamespageyolanda, any thoughts on why https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/35/ is failing on amd64?08:35
yolandajamespage, what does this mean? amd64,adt is still in the queue: Waiting for next available executor on adt08:37
jamespageyolanda, where do you see that08:38
yolandajamespage, in the console log08:38
jamespageyolanda, you need to look at the failing job specifically08:39
yolandajamespage, seems that ftp test isn't working properly, when did you see that failure, starting on today?08:41
jamespageyolanda, its been failing a while now - https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/08:41
yolandajamespage, seems like some problem with vsftpd: The server responded with:08:45
yolanda OOPS: child died08:45
yolandaand it works with i386 so it's quite strange, not sure what's happening08:46
jamespageDaviey, some new binary pkgs for juju-core in the NEW queue if you have time09:20
Davieyjamespage: done, thanks09:22
jamespageDaviey, thanks09:22
geserstgraber: I've assigned bug #1186662 to you as requested, I've commented what I know about the bug so far.10:05
uvirtbotLaunchpad bug 1186662 in isc-dhcp "isc-dhcp-server fails to renew lease file" [Undecided,Triaged] https://launchpad.net/bugs/118666210:05
stgrabergeser: thanks10:06
geserI tried to understand the code if it's safe to move the opening the lease file after dhcpd drops to the dhcpd user or if it needs some of the data that can be written to the leases file is needed at this stage but without much success yet10:08
geserI'm not sure yet if doing a chown() on the leases file before it drops the privileges is the less risky fix (even if a little bit ugly)10:10
msafiI ran a hello world node.js script yesterday, which acts as a web server. Then I turned it off, but when I visit my server, it still says "Hello World". I tried it on multiple browsers and in Private mode10:22
msafiWhere could this Hello World output be cached?10:23
yossarianukdoes anyone know if you can connect a Windows IIS server -> external Linux coldfusion server ?11:02
yossarianuk (as coldfusion on windows is bad....)  I know Linux java memory management is better11:02
adam_gjamespage, if you have a sec, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/cinder/paramiko_min11:08
=== marcoceppi_ is now known as marcoceppi
jamespageadam_g, upstream only require >= 1.8.011:11
adam_gjamespage, doh, was going by our version11:12
jamespageadam_g, :-)11:12
adam_gjamespage, updated11:14
adam_gjamespage, is there anything special i need to do to get cloud-archive-backport to create a signed source package?11:21
jamespageadam_g, just sign it afterwards11:22
jamespageadam_g, putting a signed package up for review is less that ideal11:22
jamespagedebsign *_source.changes11:22
adam_gjamespage, ah11:22
adam_gjamespage, anyhow, http://people.canonical.com/~agandelman/ca/havana/paramiko-1.10.1-1~cloud0/11:24
=== melmoth__ is now known as melmoth
catphishi've set up a network install server based on an ubuntu 12.04 ISO, the installation works fine, but the resulting system seems to point to lots of non-existant repos on my install server (sources, multiverse)11:56
catphishwhat is the best way to fix it?11:56
jamespageadam_g, +111:57
_rubencatphish: make sure your install server is actually complete? :)11:58
_rubenthe install isos contain far from everything, obviously11:59
catphish_ruben: that's what i thought, what is the best way to maintain a full copy?12:02
catphishlooks like that works :)12:13
_rubeni use rsync ;)12:13
_rubenor actually, i plan to use it. now i'm using debmirror, which is using rsync as well though12:13
_rubenbut since i use debmirror to mirror pretty much everything, i might as well use rsync directly12:14
catphish_ruben: is it possible to configure the sources file, or should i just replace it with a post script?12:27
catphishi will probably host a basic set of sources locally for an up-to-date base install then pull everything from an external mirror subsequently12:28
vilahi all, how do I mount an iso inside an lxc container ? Said iso contains could-init data so it should be mounted early in the "boot" sequence12:33
_rubencatphish: you want your fresh installed vms to have a modified sources.list? not sure if there's any preseeding directives for that (assuming you are using preseeding), else it should be a post-install script indeed12:51
catphishthat's fine, i've put a %post in my kickstart file which should do the job fine12:51
zuljamespage/roaksoax: https://code.launchpad.net/~zulcss/heat/refresh/+merge/17898914:41
tdelamhey, how do I upgrade apache from 2.2.22 to 2.2.25 via apt?14:56
RoyKtdelam: I don't think that's possible. why?14:58
tdelamRoyK: security issue, 2.2.25 addresses one that we specifically are required to resolve.14:59
=== natefinch is now known as natefinch-afk
RoyKtdelam: are you sure the fix isn't backported? that's the usual way to fix things in debian/ubuntu land15:03
RoyKtdelam: do you have docs on this issue?15:04
tdelamRoyK: none that I am allowed to share. We're doing the typical PCI Compliance (sigh) process and one of the requirements was 2.2.25 on our proxy server but is currently 2.2.2215:06
tdelamI normally prefer to do things the old fashioned compile from source way but this server is was already set up and they've used apt for everything, now I am having an issue upgrading to 2.2.25 and was hoping someone in here could lend a hand :)15:07
jamespagetdelam, if you are using a version shipped in a supported Ubuntu release it should have the required security fixes irrespective of the actual apache version15:09
Picitdelam: If its a CVE that you need to guard  against, you should check the package status at http://people.canonical.com/~ubuntu-security/cve/15:09
jamespagetdelam, I've done PCI compliance a few times now and this always gets raised15:09
PiciIMO PCI compliance is flawed in regards to version number compliance.15:09
RoyKtdelam: so an unknown security failure already fixed? doesn't sound like a day zero to me, so I'm rather curious why you can't point to which error this is15:09
tdelamthanks Pici and jamespage15:10
RoyKtdelam: like I said - fixes are usually backported15:10
tdelamthanks RoyK15:10
RoyKbut it's quite impossible to verify that without knowing which security issue this is about :P15:11
tdelamso that's what all these updates are then, patches to the existing packages15:11
tdelamso they don't actually go by version numbers, just whatever is installed gets patched up daily?15:11
RoyKthat's what backporting means15:11
tdelamthat's an interesting way to go about it15:12
RoyKsomeone release a fix for an issue in 2.2.25, along with some new features, someone at ubuntu or debian grabs the fix and patches up 2.2.2215:12
RoyKrecompiles and posts a new release after it's been through QA15:12
tdelamthat's better15:14
RoyKtdelam: lookup the bug ID of the issue in question in the debian/ubuntu bug forums15:15
RoyKit certainly should have one15:15
tdelamI'll have to get it again but I see where you guys are coming from15:15
tdelami much prefer this.15:16
jamespagerbasak, can I cry now>15:36
zuljamespage:  im going to push this change for heat, i have tested it, it installs properly15:55
jamespagezul, sorry - +115:55
rbasakjamespage: new upstream?15:56
jamespagerbasak, kinda15:57
jamespagerbasak, the debian maintainer had to switch to using the embedded libv8 as the standalone version is now to old and security buggy15:57
jamespagethe embedded version appears to dislike arm15:57
=== medberry_ is now known as med_
DWSRHey all, I have 5 SAS drives connected to an HBA, and I'm wondering if there's a way to get them to spindown?16:18
RoyKDWSR: smartctl?16:35
RoyKDWSR: no, wait, hdparm16:35
RoyKDWSR: what ubuntu version?16:35
RoyKand what filesystem(s)?16:35
hallynsmb: hi - http://status.qa.ubuntu.com/reports/ubuntu-server/triage-report.html has quite a few xen bugs.  do you on occasion look at these?  I can aim to change my xen-virgin status, but there'll be some overhead so thought i'd check.17:00
jcStraaaaange networking glitch, hoping someone can help17:03
jcShort story: moved CUPS onto new Ubuntu Server with new hostname, created CNAME pointing old hostname to new17:05
jcI telnet to new server IP on port 631, connected instantly. Same port but using new hostname, 2 second delay. Same port but old hostname, 10+ second delay. All three combinations from another server connect instantly.17:06
mdeslaurrbasak: is anyone working to get squid3 out of saucy-proposed?17:06
sarnoldjc: check DNS on both client and server for both client and server forward / reverse lookups17:07
jcsarnold: reverse lookup on new server IP goes to new hostname only, but I'm not sure I can have it resolve back to the old one as well for compatibility17:09
jclookup on old hostname returns the correct CNAME and corresponding server IP17:09
jcBoth client and server reading from the same internal DNS server17:10
sarnoldjc: darn, all that sounds about right. :)17:12
jcsarnold: that's why this unexplained delay has me stumped, as it doesn't happen when connecting from other servers, just our Mac clients17:12
jcRan a tcpdump on both ends only to show no traffic between client and server until telnet on client kicks in with a prompt17:13
sarnoldjc: hrm, interesting. throw tcpdump / wireshark on good session and bad session and see if you can spot it?17:13
=== natefinch-afk is now known as natefinch
jcRan dtruss (equivalent of strace) on the Mac client side to see if I could see anything holding up the request, but nothing between 1000us and the 10.0014 seconds required to generate a prompt :/17:14
sarnoldjc: is there an equivalent of 'ltrace'? something that would show library calls?17:17
sarnoldjc: actually, a quick step back: this _might_ be confined entirely to telnet. try netcat or socat or bash's /dev/tcp/... and see if anything else has trouble of it is just a cranky thirty-year-old program? :)17:17
jcsarnold: will try netcat on the Mac client17:18
jcsarnold: occasionally on the Mac client I'll see messages such as "getaddrinfo: nodename nor servname provided, or not known", suggesting it's forgotten the destination IP momentarily17:20
jcsarnold: Ha. `nc -v oldhostname 631` takes exactly the same ten seconds to say "connection succeeded!"17:21
sarnoldjc: haha! :)17:21
jcsarnold: Could it be something incorrectly configured in /proc/net on the server end?17:23
jcBecause if not, then I'd have to start suspecting the network, and the guy in control of the switches "doesn't know enough" about yesterday's server move to be bothered helping to diagnose the problem :/17:24
sarnoldjc: dunno :/ when I've seen these sorts of delays in the past, it was nearly always a server logging hostnames rather than IPs, and the reverse lookups were misconfigured or just darned slow. so when it's something else, it's a lot harder to pin down. :(17:24
jcsarnold: Because if not, then I'd have to start suspecting the network, and the guy in control of the switches "doesn't know enough" about yesterday's server move to be bothered helping to diagnose the problem :/17:31
jcWhoops, screen froze for a sec there17:31
sarnoldjc: hehe :)17:32
jcsarnold: Meant to say that I can try changing the new server IP to the old server IP, if that eliminates the connection delay then I can be sure something's wrong with the core switch17:32
sarnoldjc: maybe poke around arp tables?17:32
jcNothing in there on the new server17:33
jcRight, gonna try switching server IPs17:35
=== p0wp0w is now known as p0wp0w|AWAY
DWSRRoyK: I tried using hdparm -S242 /dev/sdx and it doesn't work. Returns an error. Running 12.04 and they're part of a ZFS RAIDZ.18:37
DWSRRoyK: Error is SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 20 00 01 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0018:37
RoyKwhat sort of controller is this?18:37
DWSRIBM M1015, so an LSI 924018:38
DWSRerr 9280*18:38
RoyK92xx have the same chipset18:38
DWSRyeah, I figured as much18:39
RoyKsome of those are somewhat hard to handle, and zfs is rather hard to handle for spindown as well, since it does background jobs frequently18:39
RoyKI've tried to spindown on zfs and md and haven't figured out how to do that on either of them18:39
RoyKbtw, an idle drive draws maybe 1w, the rest of the machine draws significantly more, so why bother?18:40
DWSRRoyK: Noise. The drives are 15k SAS drives, not 7.2k SATA.18:42
DWSRThey're not LOUD, but they're noticable.18:42
RoyKall drives are18:42
RoyKbut I somewhat doubt you can make spindown work on zfs, even with a controller that supports those ATA commands18:42
RoyKa SAS controller may not support those18:42
RoyK(or probably won't)18:43
RoyKI've used 92xx controllers with zfs on some 100TiB machines (two years ago), and smartctl didn't like those - neither did hdparm with spindown18:43
zulroaksoax:  ping19:07
roaksoaxzul: tururu19:08
roaksoaxzul lol whstd up?19:08
roaksoaxzul: ??19:19
zulroaksoax:  ill need you to review a branch for me in a little bit19:21
zulits heat again19:21
=== funkyHat_ is now known as funkyHat
failmasterhey guys, i assume that i will end up with "unusable" system, due to the fact that 13.04 server doesn't want to use a keyfile for luks authorization during boot process, https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone?19:24
uvirtbotLaunchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,Invalid]19:24
jefgyI'm using mdadm raid1. I have grub2 install on the MBR /dev/sda and /dev/sdb.  I recently had a failure and had to replace sdb.  I reinstalled grub and ran update-grub on sdb.  Can anyone tell me if I need to update the initramfs as well?19:31
_rubenjefgy: why would that be needed? the initramfs is on the raid19:44
_rubenwhoop .. just built my first 2-node pacemaker/corosync/drbd/apache/mysql cluster .. a mere PoC though, but still :)19:45
_rubenwithin azure no less, with all its crappy limitations and oddities19:46
jefgy_ruben: Each time I swap a drive I seem to end up booting to busybox and initramfs tells me it is unable to find the uuid.  I didn't know if maybe the initramfs points to the uuid of the replaced drive in some way19:51
jefgy_ruben: in which case maybe updating the initramfs could resolve the issue19:52
_rubenI'd expect the initramfs to point to the (uuid of the) raid volume(s), and not the disks themselves, that shouldn't change .. could be wrong tho19:54
_rubenbeen ages since i dealt with such a scenario19:54
RoyK!ask | failmaster20:27
ubottufailmaster: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience20:27
failmasterhey guys, i assume that i will end up with "unusable" system, due to the fact that 13.04 server doesn't want to use a keyfile for luks authorization during boot process, https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone?20:27
uvirtbotLaunchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,Invalid]20:27
RoyKno idea - I don't use non-LTS for servers20:28
failmasterRoyK, fair enough, i already know it's a bad idea20:29
RoyKfailmaster: I don't understand - do you want to hardcode the encryption keys?20:31
failmasterRoyK, the end goal is to have fully encrypted instance with key files on removable /boot media20:31
RoyKfailmaster: it still will be insecure, though, unless you bring that usb plug with you and it's not sitting in the machine permanently20:34
failmasterRoyK, i know, that's why i do bring it20:34
failmasterRoyK, it was working on 12.04 =) And strangely works on 13.04 with any media but / hdd20:37
RoyKwhy did you upgrade the server?20:40
failmasterRoyK, i had an adventure with destroying the media20:43
RoyKwhat media?20:45
failmasterwith bootloader and keys20:45
RoyKcan you spell "backup"?20:46
failmasterRoyK, no, because in russia you may spell it to someone you don't know actually during rectal cryptoanalysis procedures which will make the whole idea useless20:47
* RoyK isn't in russia and doesn't know the full length of the surveillance there20:50
RoyKfailmaster: is it that bad that you'll need full encryption everywhere?20:51
failmasterRoyK, encryption is pretty much illusion because it will be as easy as that, no matter what you've done or not, your hdds will be formatted and some kind of cp will be dropped on it and u will be jailed for it20:51
RoyKhow nice :P20:52
* RoyK is from .no20:52
failmasterRoyK, it's hard to draw a real picture, but to have one is a strong point20:52
RoyKare you russian, or do you just live there?20:53
failmasterif you'll reach public stats on corruption level you'll may be have a clue20:53
failmasterRoyK, only insane ones, gerard depardieu and snowden will move to our desperate lands20:54
=== acrocity_ is now known as acrocity
WG1337Hi! Is there a way to get php 5.4 on 10.04 LTS?22:15
sarnoldWG1337: you could try to rebuild the raring packages yourself, or you could ask for a backport: https://wiki.ubuntu.com/UbuntuBackports22:17
WG1337oh, ok, thanks!22:18
DWSRRoyK: gnip22:48
Exio666esta Exio4?22:59
failmasterguys, i have a problem trying to switch passphrase to keyfile authorization for root partition, while it works flawlessly for others on 13.04, however, the end-goal scheme used to work fine on 12.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone?23:51
uvirtbotLaunchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New]23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!