=== Jikan is now known as Jikai === Jikai is now known as Jikan === freeflying_away is now known as freeflying === Jikan is now known as Jikai [01:33] http://i39.tinypic.com/71jlu0.jpg [01:33] during install I keep getting an error during partioning === freeflying is now known as freeflying_away [04:27] Hi , all I ahve Fijutsu Primergy MX130 S2 Micro Server , I want to install Ubuntu 12.04 server edition in it and Need to Install Guest operating systems in it , is it possible to manage graphically if i install KVM in it ? === freeflying_away is now known as freeflying === philipballew is now known as philip [06:27] hey guys [06:28] i am on 12.04 on my servers and i am getting the following apache error [Tue Nov 26 06:13:19 2013] [error] Init: Multiple RSA server certificates not allowed [06:28] this only started yesterday. thing is i only have one certificate from a CA and the other is self signed could that be causing the issue? [09:14] Hi , How can I configure ubuntu server 10.04 LTS to autostart VMs please? [09:36] Hi , How can I configure ubuntu server 10.04 LTS to autostart VMs please? [10:12] This is dryving me nuts. I am a newbie to vmbuilder but everytime I get an error: Failure trying to run: chroot /tmp/tmpJtt3HY mount -t proc proc /proc. What am I missing here? === freeflying is now known as freeflying_away [10:16] My commandline says: sudo vmbuilder kvm ubuntu \ [10:16] --verbose \ [10:16] --suite precise \ [10:16] --flavour virtual \ [10:16] --hostname testvm1204 \ [10:16] --mem 1024 \ [10:16] --user jeroen \ [10:16] --pass iwdi2hw \ [10:16] --mirror http://nl.archive.ubuntu.com/ubuntu/ \ [10:16] --iso /md0/home/jeroen/Downloads/ubuntu-12.04-desktop-amd64.iso \ [10:16] --timezone CET \ [10:16] --addpkg acpid \ [10:16] --addpkg vim \ [10:16] --addpkg openssh-server \ [10:27] yeah kwoot don't do that [10:28] !paste [10:28] For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [10:33] patdk-wk yes, you where correct root_squash === freeflying_away is now known as freeflying === Guest46324 is now known as med_ === med_ is now known as medberry === gary_poster|away is now known as gary_poster [13:49] Sorry about that. Will do next time. But, a hint as to why this does not work would still be appreciated. === Ursinha-afk is now known as Ursinha [13:54] Ok. So specifying an ISO image is the source of the mahem. Right. === derrik_ is now known as derrik [14:22] roaksoax: ping [14:23] zul pong [14:23] roaksoax: can you do a quick review for me? [14:23] yup [14:23] https://code.launchpad.net/~zulcss/python-heatclient/icehouse-ftbfs/+merge/196722 [14:33] zul, nice work on getting the icehouse builds up and running [14:33] I see lots of blue now! [14:33] jamespage: no worries...nova is still stumping me though === mjohnson15_2 is now known as mjohnson15 [15:39] hello [15:40] * genii slides blueking a mug of coffee [15:40] thinking about to use ubuntu-server on my new box that should be used as router + some server stuff [15:41] does ubuntu support latest intel hardware on nic side ? [15:41] I210AT I350 and so on ? [15:42] * blueking havn't tasted coffee for 30 years [15:42] * blueking blinks at genii [15:42] blueking: It's just my custom to be the maker or bringer of virtual coffee :) [15:43] doesn't sound delicious :P [15:43] I am thinking on skip sphirewall/debian due it seems impossibly to get NAT to work :/ [15:44] so thinking about ubuntu server [15:45] blueking: The page at https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=13663 leads me to believe that Linux drivers are available for the I350 [15:46] ( and the igb driver referenced there is present on my system here which is 13.10 ) [15:46] on sphirewall/debian I had to make install of driver myself.. had to put in pci-e ethernet card to get os installed then install driver for onboard nic and not sure if that caused some problem with routing setup [15:47] genii: looks good [15:48] I need extra stuff to turn ubuntu server into router box ? [15:49] maybe thinking about BGP and quagga but might be overkill for local network at home/house [15:52] *twiddles thumbs* [15:53] genii: what u think about using ubuntu server as router ? [15:54] genii and I might have some extra stuff on it like rtorrent/rutorrent samba [15:54] blueking: I would probably instead have a dedicated appliance running OpemWRT, myself [15:54] genii: on pc hardware ? [15:54] genii: http://www.supermicro.nl/products/motherboard/Xeon/C220/X10SLM_-F.cfm [15:54] intel xeon E3 1230L [15:55] and 16GB ecc udimm [15:55] genii: that hardware ar bought for beeing used as router [15:57] blueking: Well, if that's what it's purpose is supposed to be from the start, and it's also going to run additional services, then Ubuntu Server is not a bad choice. [15:58] ok :) [15:58] Apologies on lag, work requires me to often be away from my computer. [15:58] nods not in hurry [15:59] became father last wednesday :) [15:59] beeing home from work 2 weeks after birth [16:00] blueking: So you need also a small side project like this to keep you busy? ;) [16:02] genii: have been trying to finish this project for more than a week but seems sphirewall/debian wasn't solution :/ [16:03] just using iptables on ubuntu to setup router/nat ? [16:03] or install some stuff to do nat stuff blueking: There is a somewhat simplified tutorial here: http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html [16:07] seems to be a good one :) [16:08] genii: u know abouthing about BGP ? [16:08] border gateway protocol [16:10] only ebgp v4 [16:11] patdk-wk: was that about BGP ? [16:31] blueking, I don't think you need BGP. how many routers do you have in your local network ? [16:50] bgp has nothing to do with how many routers you have [16:51] but I wonder, what exactly will this be talking to on a home network [16:59] zul, hallyn_: I'm trying to resync ipxe as much as possible from Debian [16:59] how does qemu pickup roms these days? the ipxe-qemu package currently installs them to /usr/share/qemu [17:00] but thats not done in debian - everything just gets chucked in /usr/lib/ipxe/qemu [17:00] jamespage: hallyn_ was the last one to touch qemu [17:07] jamespage: ipxe-qemu is depended upon by qemu, that's how qemu gets them... [17:07] hallyn_, yeah - I see the package dependency [17:07] jamespage: I'm not attached to how it currently is, feel free to change it [17:13] hallyn_, this is what was confusing me - http://paste.ubuntu.com/6479931/ [17:13] the links to lib/ipxe come from qemu-system-x86 [17:15] jamespage: if those didn't include pcnet32 i'd say they were just less commonly used and you just install all of ipxe to get them. [17:15] hallyn_, looking up to Debian [17:15] http://anonscm.debian.org/gitweb/?p=pkg-qemu/qemu.git;a=blob;f=debian/qemu-system-x86.links;h=3be443dbd5f1dc4bb73494d261bbbd905b9e9ab8;hb=HEAD [17:18] jamespage: ok. haven't merged this month i guess [17:18] i'm still looking for time to finish looking at the arm64 patches infinity wanted [17:18] and somebody's bugging us to do our tps reports this week :) [17:18] hallyn_, I'm wondering whether we should put symlinks in /usr/share/qemu from the qemu packages only [17:19] but for now I'll leave compat links in so we don't break anything [17:20] jamespage: the ../../lib/ipxe/ns8390.rom link should just be dropped, nothing like it seems to exist in ipxe [17:24] jamespage: I dno't know. 1.0.0+git-2.149b50-1ubuntu3 is where I reversed the links. Something broke when I didn't, but that's all I remember. [17:24] hallyn_, yeah - you would have had an install failure [17:24] jamespage: I would've? [17:25] qemu-system-x86 trying to overwrite files from ipxe-qemu [17:25] ipxe-qemudidn't yet exist did it? [17:28] danley: just one router + two asus wifi routers set in AP mode [17:30] patdk-wk: ethernet (fiber modem) - router - 24 port managed gbit switch [17:31] router = linux on pc [17:32] so why do you think you need to run any kind of router? [17:32] gave up using asus rt n66u as router beeing not stable net dropping out several times a day [17:32] you just need 1 firewall [17:32] those are not routers, those are firewalls [17:32] firewall + nat [17:33] firewall + nat != router [17:33] nat is a firewall function [17:33] ok [17:33] if there was no nat at all, I would be willing to say router [17:33] router = dhcpd server giving IP to each device connected on local net ? [17:33] cause it would route [17:34] no [17:34] cause it's not routing anything, it's replacing [17:34] what you recommend me to do ? [17:34] you don't need bgp [17:34] you don't need quagga [17:34] ok [17:34] you just need a basic iptables + dhcp + dns [17:35] personally, I perfer to use shorewall for my firewall/nat config [17:35] then configure a dhcp server [17:35] then optionally a dns server [17:35] and your good [17:35] shorewall are ? [17:35] shorewall is a program that manages iptables (firewall, nat, ) [17:37] some guys mentioned that firewall should be at .. uhm there are diff security levels if have linux and then software to ake firewall but then base of linux are not secured from attack ? [17:37] base of linux? [17:37] I thought you where worried about setting up a home network [17:38] now your interesting in securing a shell server? [17:38] should block all from ethernet all ports open on inside/local net [17:39] well, that isn't very secure [17:39] block all from everything [17:39] better yet, unplug it, then it's secure [17:39] :) [17:40] ubuntu server , shorewall, dhcp server, dns server is what I need [17:41] firewall ? [17:42] ubuntu server , shorewall, dhcp server, dns server is what I need [17:43] patdk-wk: no need for firewall u say or I have to install that too or are it within ubuntu server ? [17:43] did you bother to read anything I said? [17:43] shorewall configures the firewall+nat [17:43] ah missed that part :/ [17:43] sorry [17:44] I'll give it a try [17:44] wish me good luck :) === G4MBY is now known as PaulW2U [18:07] adam_g: https://code.launchpad.net/~zulcss/nova/icehouse-ftbfs/+merge/196763 [18:08] oh god the pebkac... has anyone else here noticed that there's an overabundance of people who use the default document root as configured in a site's config for web servers, rather than more sanely making their own location for their site's doc root? [18:08] and then upgrades sometimes cause their code to die because they are using the default location and not a sane separate location? [18:08] never noticed :) [18:09] never had an upgrade break something like that [18:09] but then, I never let the upgrades overwrite my configs [18:09] and I always test the upgrade first [18:09] patdk-wk, apparently nginx 1.1.19 has done this, i'm testing 1.4.4 [18:09] patdk-wk, https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074 makes me want to punch kittens... [18:09] Launchpad bug 1194074 in nginx "Default index.html blindly overwritten" [Undecided,Confirmed] [18:09] heh, not good [18:09] because i always am like "WHY ARE YOU USING THE DEFAULT DOCROOT AND NOT A MORE SANE LOCATION?!?!?" [18:10] that is why I stopped using rhel [18:10] Hell, I don't even use the default docroot [18:10] i use /home/MYUSER/html/sitespecificfolderhere [18:10] cause in /etc/httpd/conf.d I would delete files I didn't want, like welcome.conf and stuff [18:10] mhm [18:10] and on upgrades they woudl *come back to life* [18:12] right [18:12] patdk-wk, i'm going to try and replicate with 1.4.4 in Debian, if i can replicate it with that, i'm going to say "Hey, you guys fix it, and give me a patch" lol [18:13] CBA to rewrite their code today, especially since it's frigid cold here today [18:13] could just look at the package, fix it [18:13] and submit a patch [18:13] ... blehhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh stupid snow [18:13] brb, need to shovel the car out of the driveway [18:33] Hi all. I am using raring-lts kernel... I need to do some iptables loging but I notice ipt_LOG does not exist. Any ideas? [18:34] xtables? [18:34] or ULOG [18:38] patdk-wk: Hmm, never used them. I will have to look into it. [18:39] ulog is ultraconfigurable compared to log [18:39] but I was just wondering if it was hiding in the xtables package [18:39] patdk-wk: I do see ipt_ULOG. [18:45] Hrmmm, so I installed ulogd but I don't seem to be getting anything in the logs. I did "iptables -t raw -A OUTPUT -d -j ULOG" [18:47] just a question-... no guide on how to put ubuntu server iso on memory stick for installation ? [18:49] copy it? [18:49] blueking: dd if=/path/to/file.iso of=/path/to/usb/device :) [18:49] Good Evening, I'm having a little trouble setting up StrongSwan, Is anyone able to help me out ? [18:50] sarnold: [18:50] not in windows [18:50] blueking: oh. let me go looking for a bit.. [18:51] blueking: http://sourceforge.net/projects/win32diskimager/ [18:51] unetbootin ? [18:52] I think either winimage or windd also [18:52] oh, unetbootin looks nice. [18:53] bitbyte, don't do it [18:53] use openswan, or libreswan [18:54] patdk-wk Why not use StrongSwan ? [18:54] didn't it die a long long time ago [18:55] The IPsec protocol seems the best and most secure option, StrongSwan seems to implement it well [18:56] how to install openssh-server from precise into lucid? [18:56] hrmm, it doesn't look like ipt_ULOG is working within a network namespace. [18:56] cannot upgrade lucide to precise yet [18:56] oh, strongswan is still alive [18:56] dunno, openswan works good, and is easy to configure [18:56] lucid* [18:57] axisys, you don't [18:57] getting a security scan and asking to upgrade openssh [18:57] I guess I can compile one and install that way for now [18:57] patdk-wk The thing i'm having trouble with is the config. I'm not really too sure about the address ranges [18:57] axisys, learn about the security scan then [18:58] patdk-wk: OpenSSH J-PAKE Session Key Retrieval Vulnerability [18:58] axisys, you sure? [18:58] axisys, what cve? [18:59] axisys: http://people.canonical.com/~ubuntu-security/cve/pkg/openssh.html [18:59] patdk-wk This is what i have so far but I'm not sure about the IP's http://pastebin.com/VWj9DiXJ [18:59] patdk-wk: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478 [18:59] axisys: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478) [18:59] The right and left subnets I'm not really sure if their set right [18:59] axisys: http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4478.html [18:59] sarnold: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478) [19:00] Is the left subnet, the one which belongs to the servers internal network ? [19:00] axisys: "not enabled at compile time" :) [19:00] so amazing [19:00] your vaunerable to something you don't have :) [19:00] love stupid security scans [19:00] all they do is check what version you have, and ASSUME you have issues [19:01] patdk-wk: :-) [19:01] this drives up the scanners profits [19:01] cause it finds things you don't have [19:01] proving you need them [19:01] sarnold: help respond to the scan then. what is not enabled? [19:01] yo udon't need to [19:01] just supply that link [19:02] I'd wager the clear majority of people just use their distribution-provided versions of nearly all their software -- making the tools worse-than-doing-nothing for nearly everybody [19:02] axisys: J-PAKE authentication support [19:02] I would scream at them myself [19:03] how the hell can I be vaunerable to j-pake when I don't support it [19:03] patdk-wk: which link.. there were few flew by including mine [19:04] http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-4478.html [19:04] patdk-wk: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4478) [19:04] should ldd /usr/sbin/sshd prove that j-pake is not enabled? [19:04] dunno [19:05] them testing if j-pake is enabled would prove it [19:05] the issue is, they didn't even bother [19:16] patdk-wk, sarnold : thanks a lot, guys! [19:17] axisys: woot! have fun. :) [19:17] guess dealing with mediocre security team ;-) [19:17] at best [19:18] oww [19:30] they always are :) [19:30] just enough to prove they did something [19:30] without digging into doing real work [19:37] yeah, anybody can click 'scan' in openvas and email you the pdf [19:38] people wo actually do their jobs check to see whether the software is actually vulnerable === thomi_ is now known as thomi [19:40] my lucid servers get lit up for PHP vulnerabilities they don't have based on the version number all the time === qman__ is now known as qman [19:48] kernel to choose ? [20:03] hi, all. question, i am running win2k under kvm + libvirtd. Network speed between host and guest is way too slow. I tried changing the nic type to virtio, but it seems newer virtio drivers for windows do not support win2k. Any hints? [20:09] shorewall are not included in ubunti pack ? [20:09] Not by default [20:10] ok have to fetch it myself then [20:11] blueking: If you mean install it with apt-get, then yes :) [20:12] ah same style as debian [20:12] Yep. [20:14] what I need for rtorrent/rutorrent ? it uses scgi ? [20:14] php5-cgi ? [20:14] or php5-xmlrpc ? [20:15] Level15: sorry but you're probably SOL, windows 2000 hasn't been on anybody's radar in about 6 years [20:15] Level15: win2k is 13 yrs old. good luck. :( [20:16] yeah... my friend has an ancient application that only runs on win2k and i'm just trying to give him a hand [20:18] that it's working at all is surprising to me [20:20] Level15: try fiddling around with several of the different NICs? my 'man qemu' reports 12 different nics, and while the ne2k_isa is unlikely to be best :) it can't hurt to try several of them.. [20:22] I thought virtio was the best... found some oldr virtio drivers but gave me poor performance as well [20:23] dweaver`, ping [20:23] adam_g, hi [20:24] Level15: with newer guests, virtio probably would be best. but older guests might do better with standard, well-tested drivers, and forcing the emulator to be the funny one... [20:24] dweaver`, hey, taking a lookat https://bugs.launchpad.net/bugs/1242992, trying to reproduce with not much luick. exactly where are you hitting this? [20:24] Launchpad bug 1242992 in python-keystoneclient "Unable to autolaunch a dbus-daemon without a $DISPLAY for X11" [Undecided,Confirmed] [20:25] sarnold: will try, thanks [20:25] dweaver`, i suspect the newly backported version of keyring from 12.10 is the culprit,but unable to reproduce with python-keystoneclient alone [20:25] adam_g, I did a clean deployment of Havana in our demo lab using Juju, I can paste the bundle file for you if you like. [20:26] dweaver`, im more interested exactly what was failing and where [20:26] adam_g, Oh, OK, when trying to use openstack-dashboard you get the error in the apache log file. [20:26] dweaver`, ah! okay [20:26] ill try that [20:35] genii: when doing apt-get I want to look through what that are available to be downed/installed how ? [20:35] dweaver`, hmph, still no luck [20:40] blueking: apt-get -u dist-upgrade [20:41] adam_g, I don't know what to suggest, then. I can try and re-deploy and see if I get the error again on a new clean deployment, but that might take a while to organise as we are working on other bits of the lab at the moment. [20:42] blueking: From command-line, usually something like: apt-cache search [20:42] dweaver`, if you hit it again please capture some log output and traces [20:42] ok [20:42] blueking: I recommend to run first however: sudo apt-get update [20:43] i've done that at first [20:44] shorewall there are diff versions out.. currently my isp uses IPv4 but soon they'll start use IPv6 what to use ? [20:44] adam_g, which logs do you want, just the apache log? [20:45] shorewall6 maybe ? [20:45] dweaver`, if that is the only place you're seeing any errors, yeah [20:45] dweaver`, im interested to know if manually using the keystone client from the problematic node gives the same results, like the original bug shows [20:50] adam_g, Ok, I can try that too. [20:54] genii: atleast ubuntu server 13.10 found nic's without issue [20:56] oh noes.. :/ sending reboot command in shell makes pc shutdown and doesn't bring it up again, howto make it restart without needing to push powerbutton ? [20:58] blueking: give it a minute, it might need to spend time on shutdown to flush swap, flush dirty pages to disk, go through a slow bios, wait five seconds at a grub prompt, then perhaps wait for a dhcp lease or something.. [20:59] sarnold: powerled extinguishes [21:00] had same problem with suse too [21:04] blueking: try looking at the reboot= option in bootparam(7) -- you might need to fiddle with that. (I haven't seen a need to change it in a decade or more, but you never know..) === mjohnson15_2 is now known as mjohnson15 [21:05] sarnold: what file/location to look at ? [21:06] blueking: man 7 bootparam [21:09] blueking: also maybe a bios settings. [21:15] jrwren: reboots fine with other lix distru than ubuntu and suse, [21:18] sudo nm -D /usr/sbin/sshd | grep method shows jpake method is not compiled in [22:24] just wonder ubuntu server i have nic interfaces p2p1 and p3p1 where p2p1 are connected to ethernet and p3p1 are local net diff subnets p2p1 gets ip from dhcp 192.168.1.114 and then on p3p1 static ip 192.168.2.1 netmask 255.255.255.0 then gateway on p3p1 should be ? [22:30] none! [22:30] it's a trick question :) [22:30] looked at example http://www.yourownlinux.com/2013/07/how-to-configure-ubuntu-as-router.html can't be correct to have diff subnets on same local net ? [22:34] patdk-lap: ubuntu machine has eth0 and eth1 10.10.6.203 and 10.10.6.204 ubuntu eth0 - switch - hostA that has ip 192.168.1.8 diff subnet from eth0 10.10.6.203 ? this example confused me :/ [22:35] what confuses me is [22:35] how can people always fine the worse, most idiotic examples, that people post [22:35] :) [22:37] http://www.shorewall.net/two-interface.htm [22:43] patdk-lap: hmm I installed shorewall6 I think [22:45] why? [22:45] does your isp support ipv6? [22:45] does all the websites you use support ipv6? [22:46] aren't you having enough issues dealing with ipv4 first? [22:47] Patrickdk: isp are soon going to use ipv6 [22:47] not likely [22:47] they have been going to use ipv6 soon for years now [22:47] and they have made even more plans to not use it [22:48] thus the invention of CGN [22:48] so easier use shorewall two interface [22:49] it's just as easy to use shorewall or shorewall6 [22:49] but shorewall handles ipv4 [22:49] and shoreall6 handles ipv6 [22:49] ok done purge of shorwall6 [22:51] a question when use 'init 6' shouldn't it reboot computer and not powerdown whole box ? [22:54] suse and ubuntu shuts down whole box with reboot/init 6, sphirewall/debian it restarted without need to push powerbutton... are there any setting that cause this powerdown when I want to restart linux ? === medberry is now known as med_ === mjohnson15_2 is now known as mjohnson15 [23:27] uhm what does last number 24 in ip mean ? 192.168.0.0/24 [23:27] blueking: the number of bits in a netmask; /24 corresponds with 255.255.255.0. [23:28] blueking: http://en.wikipedia.org/wiki/CIDR_notation [23:28] ok === freeflying is now known as freeflying_away [23:42] hmm I need to static ip on local net interface... [23:50] blueking: man 5 interfaces -- and don't forget to set aside some IPs for static use from your dhcp server :) === freeflying_away is now known as freeflying