[00:52] hey guys! any suggested reading or websites for desireable network topologies [00:52] i am setting up a networked cluster [00:52] three local machines, one off site VPS running dns [00:53] i was thinking having one front facing server running ISCSI + reverse proxy via nginx. the other two servers, maybe set them up using some clustering + failover software? [00:53] *is looking for further and elaborated reading* [01:07] Howdy, need some help with postfix. Someone here didn't like the postfix log files, so they symlinked them to /dev/null in /var/log/mail.err & .log. I've since deleted those symlinks, but the files are not repopulating. [01:07] Can I change the log location? Or somehow re-enable them? [01:10] trollwork: check the postfix docs, perhaps you can get it to 'rotate' its logs with a kill -SIGHUP or something easy [01:12] sarnold, the postfix logs point to general linux distros.. case in point they recommend editing /etc/syslog.conf to change log settings, ubuntu has /etc/rsyslog.d/postfix.conf instead.. and it's only got one line in it which doesn't really help me much [01:17] usr13: I followed the guide and changed wherever he said I should use my IP. the only place I had to use my IPs was /etc/ipsec.d/l2tp-psk.conf file in step 2 [01:17] usr13: my ip range for L2TP vpn is 192.168.1.231-192.168.1.239 when I connect to it, I get 192.168.1.233 considering that, is step 3 wrong? iptables does not redirect traffic to me. [02:02] Anyone around? [02:03] Would nova depending on conserver (from non-free) be a packaging problem for you guys? [02:03] i need help with samba [02:03] trying to setup a pdc .. [02:03] http://paste.ubuntu.com/5957273/ [02:04] there's my config === Smark is now known as Smark[Gone] [02:55] trollwork, touch the logfiles and set the permissions to default, which is syslog:adm 640 [02:55] thanks qman__ [02:56] may need to restart rsyslog after doing that, not sure [02:57] There we go! [02:57] you're awesome! [02:57] Thanks! === Smark[Gone] is now known as Smark [04:15] so I'm trying to install postfix from a shell script in order to automate deployment (Chef & puppet have been banned from the office, don't ask) and the problem is even with a >/dev/null 2>&1 you get the postfix menu.. is there way to default that? [04:27] I have apache, PHP, and mysql running on a clean install and my friend is getting quasi-randomly IP-banned. what could do this? [04:30] How do you know the IP is 'banned'? [04:30] Log files, etc? [04:30] I don't *know*, but he can access resources hosted elsewhere on my network and I can access the resource he can't from another external source [04:31] As I said before, and will say again, you need to do some network debugging. [04:31] as I said before, and will say again, he can reach me and others can reach it. it is *only* the webserver he can't access [04:32] You didn't mention that before. [04:32] Checked the Apache logs? [04:35] yup. see nothing worthwhile [04:36] Well, next step is tcpdump on his IP and seeing what happens when he tries to access the site. [04:50] no packets. guess it's time to move on to ddwrt. thanks jpds === phizes_ is now known as phizes [06:26] hi guys. is there a *working* document on how to set up ubuntu machine as active directory member box and authenticate AD users on that machine (i.e. via AD) [06:26] ? [06:35] sobersabre, looking to create a domain or join existing? [06:38] oh, you just mean auth against AD, not a DC [06:38] there's several ways to do that with varying downsides [06:39] winbind is the method recommended by the samba guys [06:41] this is a little old but still generally applies: https://help.ubuntu.com/community/ActiveDirectoryHowto [06:43] Hi, I am using https://launchpad.net/~ondrej/+archive/mysql to get MySQL 5.5 for Precise, the problem is that 5.6 is also provided, I have managed to pin most of the packages at 5.5 (notably the ones with 5.5 in the package name) I can't work out how to pin libmysqlclient18 to 5.5 as well, here is my current apt preferences.d config http://paste.ubuntu.com/5957784/ Could any one point me in the right direction? [06:45] (I am aware that the PPA's 5.5 is the same as what is in the Precise release, the difference is that the official build lacks the library for MySQL to have native_aio compiled into it, which this PPA does have.) [06:47] based on what I see there, you shouldn't have to pin anything, as the packages are named differently [06:48] the stock packages are mysql-client-5.5 and mysql-server-5.5, and the packages on that PPA are mysql-5.5 and mysql-5.6 [06:50] https://launchpad.net/~ondrej/+archive/mysql/+packages <- then click the corresponding title in the table, it lists the actual packages, and it is definitely trying to upgrade to 5.6, whereas I just need the 5.5 versions [06:53] If I recall correctly, trying to apt-get install mysql-5.5 resulted in an error about package not found, and then I would still need to pin it to 5.5 to prevent it upgrading to 5.6 I think. [06:54] ok, I see [06:55] there is still another way, which is to not install "mysql-client" and "mysql-server", but only "mysql-client-5.5" and "mysql-server-5.5" [06:55] if you do need those two metapackages, those are the ones you need to pin [06:56] I have done that, but it still tries to upgrade libmysqlclient for some reason. (I did that to be able to pin to 5.5) [06:59] hmm [06:59] mysql-client-5.5 should depend on the correct version of that, but apparently doesn't [07:05] Hmmk, I can't seem to find a way to differentiate the packages for pinning, I'm considering asking the package maintainer at this point, alternatively I may have to start my own PPA, though I have never done that before. [07:06] yeah, I think there's an issue with the dependencies of his version, but you should be able to work around it with pinning [07:06] I'm just not familiar enough with the syntax to fix it for you [07:08] I thought that should be the case, but I can't find how to define it, pretty much anywhere. I'll have a look at it again, I may have missed something somewhere. Asking any maintainer or similar is always my last resort. [07:08] Thank you very much for your help though. :) [07:09] basically though, mysql-client-5.5 should depend on libmysqlclient18 > 5.5.0, < 5.6.0 [07:57] Hi, I have samba shares installed via webmin. I have set up a folder on my server named Multimedia to be shared and have granted: Guest access. And the default permissions of 755. But when I try to write to that folder it gives an 'permission denied error'. I believe that it has to do with the fact the the folder, locally, doesn't grant the permissions. So what I did was chmod -R 755 /Multimedia.. But it still doesn't work. [07:57] Please help. [08:04] wiehan, 755 means write for the owner but read-only for everyone else, you want 777 for a guest writable share [08:04] keep in mind also, [08:04] !webmin | wiehan [08:04] wiehan: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. [08:07] qman ty, I changed that now to 766, both with chmod and the namethatshallnotbementioned, still to no avail [08:12] ok, Now I have a question that is unrelated to webmin. When I try to access the share from my ubuntu laptop it says "permission denied" but whn I log in from my android phone, it works perfect!? [08:14] make sure it's logging in as guest and not using a saved credential [08:14] saved credentials are stored in keyring manager [08:14] qman__, how do I clear saved credentials as this seems like a buggy bug [08:14] * maxb observes that 766 is quite different to 777 [08:15] first, ensure none are saved in your keyring using the keyring manager [08:15] after doing that, log out, and log back in [08:16] After setting upp isc-dhcp-server i keep getting "No subnet declaration for em1" [08:16] even tho i have specified the only interface to listen on is em2 === smb` is now known as smb === gnuyoga_ is now known as gnuyoga [08:35] yolanda, any thoughts on why https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/35/ is failing on amd64? [08:37] jamespage, what does this mean? amd64,adt is still in the queue: Waiting for next available executor on adt [08:38] yolanda, where do you see that [08:38] ? [08:38] jamespage, in the console log [08:38] https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/35/console [08:39] yolanda, you need to look at the failing job specifically [08:39] https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/35/ARCH=amd64,label=adt/ [08:41] jamespage, seems that ftp test isn't working properly, when did you see that failure, starting on today? [08:41] yolanda, its been failing a while now - https://jenkins.qa.ubuntu.com/job/saucy-adt-squid3/ [08:45] jamespage, seems like some problem with vsftpd: The server responded with: [08:45] OOPS: child died [08:46] and it works with i386 so it's quite strange, not sure what's happening [09:20] Daviey, some new binary pkgs for juju-core in the NEW queue if you have time [09:22] jamespage: done, thanks [09:22] Daviey, thanks [10:05] stgraber: I've assigned bug #1186662 to you as requested, I've commented what I know about the bug so far. [10:05] Launchpad bug 1186662 in isc-dhcp "isc-dhcp-server fails to renew lease file" [Undecided,Triaged] https://launchpad.net/bugs/1186662 [10:06] geser: thanks [10:08] I tried to understand the code if it's safe to move the opening the lease file after dhcpd drops to the dhcpd user or if it needs some of the data that can be written to the leases file is needed at this stage but without much success yet [10:10] I'm not sure yet if doing a chown() on the leases file before it drops the privileges is the less risky fix (even if a little bit ugly) [10:22] I ran a hello world node.js script yesterday, which acts as a web server. Then I turned it off, but when I visit my server, it still says "Hello World". I tried it on multiple browsers and in Private mode [10:23] Where could this Hello World output be cached? [11:02] does anyone know if you can connect a Windows IIS server -> external Linux coldfusion server ? [11:02] (as coldfusion on windows is bad....) I know Linux java memory management is better [11:08] jamespage, if you have a sec, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/cinder/paramiko_min === marcoceppi_ is now known as marcoceppi [11:11] adam_g, upstream only require >= 1.8.0 [11:12] jamespage, doh, was going by our version [11:12] adam_g, :-) [11:14] jamespage, updated [11:21] jamespage, is there anything special i need to do to get cloud-archive-backport to create a signed source package? [11:22] adam_g, just sign it afterwards [11:22] adam_g, putting a signed package up for review is less that ideal [11:22] debsign *_source.changes [11:22] jamespage, ah [11:24] jamespage, anyhow, http://people.canonical.com/~agandelman/ca/havana/paramiko-1.10.1-1~cloud0/ === melmoth__ is now known as melmoth [11:56] i've set up a network install server based on an ubuntu 12.04 ISO, the installation works fine, but the resulting system seems to point to lots of non-existant repos on my install server (sources, multiverse) [11:56] what is the best way to fix it? [11:57] adam_g, +1 [11:58] <_ruben> catphish: make sure your install server is actually complete? :) [11:59] <_ruben> the install isos contain far from everything, obviously [12:02] _ruben: that's what i thought, what is the best way to maintain a full copy? [12:03] apt-mirror? [12:13] looks like that works :) [12:13] thanks [12:13] <_ruben> i use rsync ;) [12:13] <_ruben> or actually, i plan to use it. now i'm using debmirror, which is using rsync as well though [12:14] <_ruben> but since i use debmirror to mirror pretty much everything, i might as well use rsync directly [12:27] _ruben: is it possible to configure the sources file, or should i just replace it with a post script? [12:28] i will probably host a basic set of sources locally for an up-to-date base install then pull everything from an external mirror subsequently [12:33] hi all, how do I mount an iso inside an lxc container ? Said iso contains could-init data so it should be mounted early in the "boot" sequence [12:51] <_ruben> catphish: you want your fresh installed vms to have a modified sources.list? not sure if there's any preseeding directives for that (assuming you are using preseeding), else it should be a post-install script indeed [12:51] that's fine, i've put a %post in my kickstart file which should do the job fine [14:41] jamespage/roaksoax: https://code.launchpad.net/~zulcss/heat/refresh/+merge/178989 [14:56] hey, how do I upgrade apache from 2.2.22 to 2.2.25 via apt? [14:58] tdelam: I don't think that's possible. why? [14:59] RoyK: security issue, 2.2.25 addresses one that we specifically are required to resolve. === natefinch is now known as natefinch-afk [15:03] tdelam: are you sure the fix isn't backported? that's the usual way to fix things in debian/ubuntu land [15:04] tdelam: do you have docs on this issue? [15:06] RoyK: none that I am allowed to share. We're doing the typical PCI Compliance (sigh) process and one of the requirements was 2.2.25 on our proxy server but is currently 2.2.22 [15:07] I normally prefer to do things the old fashioned compile from source way but this server is was already set up and they've used apt for everything, now I am having an issue upgrading to 2.2.25 and was hoping someone in here could lend a hand :) [15:09] tdelam, if you are using a version shipped in a supported Ubuntu release it should have the required security fixes irrespective of the actual apache version [15:09] tdelam: If its a CVE that you need to guard against, you should check the package status at http://people.canonical.com/~ubuntu-security/cve/ [15:09] tdelam, I've done PCI compliance a few times now and this always gets raised [15:09] IMO PCI compliance is flawed in regards to version number compliance. [15:09] tdelam: so an unknown security failure already fixed? doesn't sound like a day zero to me, so I'm rather curious why you can't point to which error this is [15:10] thanks Pici and jamespage [15:10] tdelam: like I said - fixes are usually backported [15:10] thanks RoyK [15:11] but it's quite impossible to verify that without knowing which security issue this is about :P [15:11] so that's what all these updates are then, patches to the existing packages [15:11] so they don't actually go by version numbers, just whatever is installed gets patched up daily? [15:11] that's what backporting means [15:12] that's an interesting way to go about it [15:12] awesome [15:12] someone release a fix for an issue in 2.2.25, along with some new features, someone at ubuntu or debian grabs the fix and patches up 2.2.22 [15:12] recompiles and posts a new release after it's been through QA [15:14] that's better [15:15] tdelam: lookup the bug ID of the issue in question in the debian/ubuntu bug forums [15:15] it certainly should have one [15:15] I'll have to get it again but I see where you guys are coming from [15:16] i much prefer this. [15:36] rbasak, can I cry now> [15:36] https://launchpad.net/ubuntu/+source/mongodb/1:2.4.5-1ubuntu1/+build/4857783 [15:36] grrraaargghhhhh! [15:55] jamespage: im going to push this change for heat, i have tested it, it installs properly [15:55] zul, sorry - +1 [15:56] jamespage: new upstream? [15:57] rbasak, kinda [15:57] rbasak, the debian maintainer had to switch to using the embedded libv8 as the standalone version is now to old and security buggy [15:57] BUT [15:57] the embedded version appears to dislike arm === medberry_ is now known as med_ [16:18] Hey all, I have 5 SAS drives connected to an HBA, and I'm wondering if there's a way to get them to spindown? [16:35] DWSR: smartctl? [16:35] DWSR: no, wait, hdparm [16:35] DWSR: what ubuntu version? [16:35] and what filesystem(s)? [17:00] smb: hi - http://status.qa.ubuntu.com/reports/ubuntu-server/triage-report.html has quite a few xen bugs. do you on occasion look at these? I can aim to change my xen-virgin status, but there'll be some overhead so thought i'd check. [17:03] Straaaaange networking glitch, hoping someone can help [17:05] Short story: moved CUPS onto new Ubuntu Server with new hostname, created CNAME pointing old hostname to new [17:06] I telnet to new server IP on port 631, connected instantly. Same port but using new hostname, 2 second delay. Same port but old hostname, 10+ second delay. All three combinations from another server connect instantly. [17:06] rbasak: is anyone working to get squid3 out of saucy-proposed? [17:07] jc: check DNS on both client and server for both client and server forward / reverse lookups [17:09] sarnold: reverse lookup on new server IP goes to new hostname only, but I'm not sure I can have it resolve back to the old one as well for compatibility [17:09] lookup on old hostname returns the correct CNAME and corresponding server IP [17:10] Both client and server reading from the same internal DNS server [17:12] jc: darn, all that sounds about right. :) [17:12] sarnold: that's why this unexplained delay has me stumped, as it doesn't happen when connecting from other servers, just our Mac clients [17:13] Ran a tcpdump on both ends only to show no traffic between client and server until telnet on client kicks in with a prompt [17:13] jc: hrm, interesting. throw tcpdump / wireshark on good session and bad session and see if you can spot it? [17:13] hah === natefinch-afk is now known as natefinch [17:14] Ran dtruss (equivalent of strace) on the Mac client side to see if I could see anything holding up the request, but nothing between 1000us and the 10.0014 seconds required to generate a prompt :/ [17:17] jc: is there an equivalent of 'ltrace'? something that would show library calls? [17:17] jc: actually, a quick step back: this _might_ be confined entirely to telnet. try netcat or socat or bash's /dev/tcp/... and see if anything else has trouble of it is just a cranky thirty-year-old program? :) [17:18] sarnold: will try netcat on the Mac client [17:20] sarnold: occasionally on the Mac client I'll see messages such as "getaddrinfo: nodename nor servname provided, or not known", suggesting it's forgotten the destination IP momentarily [17:21] sarnold: Ha. `nc -v oldhostname 631` takes exactly the same ten seconds to say "connection succeeded!" [17:21] jc: haha! :) [17:23] sarnold: Could it be something incorrectly configured in /proc/net on the server end? [17:24] Because if not, then I'd have to start suspecting the network, and the guy in control of the switches "doesn't know enough" about yesterday's server move to be bothered helping to diagnose the problem :/ [17:24] jc: dunno :/ when I've seen these sorts of delays in the past, it was nearly always a server logging hostnames rather than IPs, and the reverse lookups were misconfigured or just darned slow. so when it's something else, it's a lot harder to pin down. :( [17:31] sarnold: Because if not, then I'd have to start suspecting the network, and the guy in control of the switches "doesn't know enough" about yesterday's server move to be bothered helping to diagnose the problem :/ [17:31] Whoops, screen froze for a sec there [17:32] jc: hehe :) [17:32] sarnold: Meant to say that I can try changing the new server IP to the old server IP, if that eliminates the connection delay then I can be sure something's wrong with the core switch [17:32] jc: maybe poke around arp tables? [17:33] Nothing in there on the new server [17:35] Right, gonna try switching server IPs === p0wp0w is now known as p0wp0w|AWAY [18:37] RoyK: I tried using hdparm -S242 /dev/sdx and it doesn't work. Returns an error. Running 12.04 and they're part of a ZFS RAIDZ. [18:37] RoyK: Error is SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0a 00 00 00 00 20 00 01 cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [18:37] what sort of controller is this? [18:38] IBM M1015, so an LSI 9240 [18:38] err 9280* [18:38] 92xx have the same chipset [18:39] yeah, I figured as much [18:39] some of those are somewhat hard to handle, and zfs is rather hard to handle for spindown as well, since it does background jobs frequently [18:39] I've tried to spindown on zfs and md and haven't figured out how to do that on either of them [18:40] btw, an idle drive draws maybe 1w, the rest of the machine draws significantly more, so why bother? [18:42] RoyK: Noise. The drives are 15k SAS drives, not 7.2k SATA. [18:42] They're not LOUD, but they're noticable. [18:42] all drives are [18:42] but I somewhat doubt you can make spindown work on zfs, even with a controller that supports those ATA commands [18:42] a SAS controller may not support those [18:43] (or probably won't) [18:43] I've used 92xx controllers with zfs on some 100TiB machines (two years ago), and smartctl didn't like those - neither did hdparm with spindown [19:07] roaksoax: ping [19:08] zul: tururu [19:08] tururu [19:08] zul lol whstd up? [19:19] zul: ?? [19:21] roaksoax: ill need you to review a branch for me in a little bit [19:21] its heat again === funkyHat_ is now known as funkyHat [19:24] hey guys, i assume that i will end up with "unusable" system, due to the fact that 13.04 server doesn't want to use a keyfile for luks authorization during boot process, https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? [19:24] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,Invalid] [19:31] I'm using mdadm raid1. I have grub2 install on the MBR /dev/sda and /dev/sdb. I recently had a failure and had to replace sdb. I reinstalled grub and ran update-grub on sdb. Can anyone tell me if I need to update the initramfs as well? [19:44] <_ruben> jefgy: why would that be needed? the initramfs is on the raid [19:45] <_ruben> whoop .. just built my first 2-node pacemaker/corosync/drbd/apache/mysql cluster .. a mere PoC though, but still :) [19:46] <_ruben> within azure no less, with all its crappy limitations and oddities [19:51] _ruben: Each time I swap a drive I seem to end up booting to busybox and initramfs tells me it is unable to find the uuid. I didn't know if maybe the initramfs points to the uuid of the replaced drive in some way [19:52] _ruben: in which case maybe updating the initramfs could resolve the issue [19:54] <_ruben> I'd expect the initramfs to point to the (uuid of the) raid volume(s), and not the disks themselves, that shouldn't change .. could be wrong tho [19:54] <_ruben> been ages since i dealt with such a scenario [20:26] anyone? [20:27] !ask | failmaster [20:27] failmaster: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience [20:27] hey guys, i assume that i will end up with "unusable" system, due to the fact that 13.04 server doesn't want to use a keyfile for luks authorization during boot process, https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? [20:27] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,Invalid] [20:28] no idea - I don't use non-LTS for servers [20:29] RoyK, fair enough, i already know it's a bad idea [20:31] failmaster: I don't understand - do you want to hardcode the encryption keys? [20:31] RoyK, the end goal is to have fully encrypted instance with key files on removable /boot media [20:32] Wq [20:33] ok [20:34] failmaster: it still will be insecure, though, unless you bring that usb plug with you and it's not sitting in the machine permanently [20:34] RoyK, i know, that's why i do bring it [20:37] RoyK, it was working on 12.04 =) And strangely works on 13.04 with any media but / hdd [20:40] why did you upgrade the server? [20:43] RoyK, i had an adventure with destroying the media [20:45] what media? [20:45] with bootloader and keys [20:45] oopsie [20:46] can you spell "backup"? [20:47] RoyK, no, because in russia you may spell it to someone you don't know actually during rectal cryptoanalysis procedures which will make the whole idea useless [20:49] ok [20:50] * RoyK isn't in russia and doesn't know the full length of the surveillance there [20:51] failmaster: is it that bad that you'll need full encryption everywhere? [20:51] RoyK, encryption is pretty much illusion because it will be as easy as that, no matter what you've done or not, your hdds will be formatted and some kind of cp will be dropped on it and u will be jailed for it [20:52] how nice :P [20:52] * RoyK is from .no [20:52] RoyK, it's hard to draw a real picture, but to have one is a strong point [20:53] are you russian, or do you just live there? [20:53] if you'll reach public stats on corruption level you'll may be have a clue [20:54] RoyK, only insane ones, gerard depardieu and snowden will move to our desperate lands === acrocity_ is now known as acrocity [22:15] Hi! Is there a way to get php 5.4 on 10.04 LTS? [22:17] WG1337: you could try to rebuild the raring packages yourself, or you could ask for a backport: https://wiki.ubuntu.com/UbuntuBackports [22:18] oh, ok, thanks! [22:48] RoyK: gnip [22:59] esta Exio4? [23:51] guys, i have a problem trying to switch passphrase to keyfile authorization for root partition, while it works flawlessly for others on 13.04, however, the end-goal scheme used to work fine on 12.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? [23:51] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New]