/srv/irclogs.ubuntu.com/2013/11/30/#ubuntu-server.txt

jrwren	hazmat: i actually pitched removal of a number of packages recently :)	00:01
hazmat	jrwren, i'm primarily looking at lxc instances (including in cloud-instances), and minimizing seconds on container boot time, its easy to avoid via some container customizerization	00:01
hazmat	jrwren, fair enough	00:01
hazmat	its easy to do externally	00:01
jrwren	hazmat: do you then git clone something to teh new instance?	00:02
hazmat	jrwren, git is used internally by juju when deploying charms, but fair enough i'm snapshotting against a base image for the containers, easy enough to add there, out of curiosity what packages were you pitching to remove?	00:03
jrwren	oh, a juju thing.	00:03
jrwren	would make sense to have a jujuimg separate from cloudimg IMO	00:03
hazmat	jrwren, basically i'm creating a base juju image from each series/release cloud image, i can add the extra package there just as easily	00:04
hazmat	although it would be nice if lxc-attach would work with precise and hwe kernels.. ssh normalizes nicely across the containers.	00:05
hazmat	by base juju image i mean container with btrfs snapshot for lxc-clone. the default cloud images have nothing in specific support of juju btw.	00:09
=== freeflying is now known as freeflying_away
jrwren	right. i know the cloudimg pretty well.	00:19
jrwren	everything else you just said, i've no idea what you are talking about :)	00:20
=== robbyf_ is now known as RobbyF
mushtar	is this the right channel for discussing CloudInit, i.e. https://help.ubuntu.com/community/CloudInit ?	00:58
lifeless	it's a fine channel	01:00
lifeless	for that and many other things	01:00
mushtar	oh good	01:00
mushtar	is it possible to get cloud-init to run on my mac?	01:01
mushtar	i want to be able to use write-mime-multipart	01:02
mushtar	figured it out. bzr branch lp:cloud-init	01:27
=== liam_ is now known as Guest46102
kirkland	jamespage: uh oh, what happened?	03:38
MarGul	Hi I have just unstalled ubuntu server 12.04 and I have changed ip address to static (been pinging it from my laptop and I know its connected to my network). Then I installed nginx running the command aptitude install nginx. The version of nginx is 1.5.6. When I then, on my laptop, type in my servers ip address in my webbrowser I get nothing.	04:23
MarGul	Im following the manual http://arstechnica.com/gadgets/2012/11/how-to-set-up-a-safe-and-secure-web-server/2/	04:23
crimsonmane	i need to re-do my certs ... i just ran through the steps i used the first time but it failed to change the cert as evidenced by the old data being present and not the new data. i used a different email address to make them stand out.	05:11
anepanaliptos	hello..	05:30
anepanaliptos	dont tell me !ask, i know. just being kind.	05:30
anepanaliptos	ok guys.. so this is what i want to do. I dont really understand lvms and the like, but i know what i want..	05:30
anepanaliptos	my old machine was a simple 1 disk setup, and while installing ubuntu i chose the guided partitoning and chose luks + lvm	05:31
anepanaliptos	i want to do the same again, except this time, with two disks. and i want the "2nd disk" to be in teh LVM so i only have to type the key once.	05:31
jkitchen	but not raid?	05:32
anepanaliptos	lvm though seems to create one giant partion, like dynamic disks. i dont want that. i want one "partition" on the 1st disk, and the "other/storage" on the other	05:32
anepanaliptos	correct. but no raid.	05:32
jkitchen	they're separate PVs then	05:32
jkitchen	no way around that	05:32
anepanaliptos	um	05:33
anepanaliptos	is there a way the "storage" disk can mount into the first group?	05:33
jkitchen	you can mount things wherever you want	05:33
anepanaliptos	(im at the guided screen if you wanna teamviewer and push the buttons, but i have a feeling you know what i want to do..)	05:34
anepanaliptos	i dont mind how the "mounting process" happens, as long as.. see the reason why i want them seperate is so that i could possibly transport the second disk and mount it on another computer someplace.	05:34
patdk-lap	anepanaliptos, why do that at all?	05:35
patdk-lap	why type the key multible times?	05:35
anepanaliptos	i dont want to.	05:35
patdk-lap	then don't	05:35
anepanaliptos	so how would i set it up so i dont have to?	05:35
patdk-lap	there are many ways	05:36
patdk-lap	I personally use a script to fetch the key	05:36
patdk-lap	the script asks for the password to decrypt	05:37
patdk-lap	it then uses that password to get the key	05:37
patdk-lap	I store the keys in a gpg archive	05:37
anepanaliptos	woah too complicated	05:37
patdk-lap	:)	05:37
patdk-lap	you could go lazy	05:37
patdk-lap	just save the key onto your first disk	05:37
anepanaliptos	ok what's that route look like?	05:37
anepanaliptos	aa ok.	05:37
patdk-lap	and reference that file to unlock the second	05:37
patdk-lap	if first is locked, can't unlock the second	05:38
anepanaliptos	ok. can that be done "near boot time" ?	05:38
patdk-lap	near boot time?	05:38
patdk-lap	what does that mean?	05:38
anepanaliptos	that sounds better.	05:38
anepanaliptos	before for example, apache2 starts up	05:38
patdk-lap	no idea	05:38
patdk-lap	it happens when disks mount	05:38
patdk-lap	that is upto upstart	05:38
anepanaliptos	perfect.	05:38
patdk-lap	issues is, anyone that roots your server, has access to the decrypt key	05:39
patdk-lap	so using a script, while much harder, is safer, by alittle bit	05:39
anepanaliptos	hmm.	05:39
anepanaliptos	hmmm.	05:39
anepanaliptos	i think ill just type it twice.	05:40
patdk-lap	what exactly are you protecting against?	05:40
anepanaliptos	how do i setup luks without the volgroup stuff then?	05:40
anepanaliptos	im trying to protect againt physical theft	05:40
patdk-lap	then it doesn't matter	05:41
anepanaliptos	so when you yank the power, you're done and you need the key again.	05:41
patdk-lap	well, those are totally different	05:41
lifeless	anepanaliptos: oh, so if people are serious about stealing kit they won't yank the power	05:41
anepanaliptos	lifeless: lol.	05:41
patdk-lap	the best way to steal it, is to root it and copy the data while it's up	05:41
jkitchen	and nobody even knows	05:42
patdk-lap	the system is much less protected when it's running	05:42
lifeless	anepanaliptos: there are stock products that replace the power supply hot	05:42
anepanaliptos	yeah im just talking about like a dumb theif stealing equipment.	05:42
anepanaliptos	look, its my mailserver	05:42
patdk-lap	then saving your key for the other disks in /etc, is safe enough	05:42
anepanaliptos	im trying to "protect" against some "not nice people" accessing.. my mail. if it were to get siezed.	05:43
patdk-lap	cause it's unlikely they logged in, and rooted your server to get those keys first	05:43
anepanaliptos	that kind of thing.	05:43
patdk-lap	siezed?	05:43
anepanaliptos	but im happy with this solution too	05:43
anepanaliptos	23:42 < patdk-lap> then saving your key for the other disks in /etc, is safe enough	05:43
patdk-lap	that implies people know what they are doing	05:43
anepanaliptos	not really. local authoraties arent that smart.	05:43
jkitchen	thermite trap	05:44
jkitchen	problem solved	05:44
patdk-lap	jkitchen, what triggers it?	05:44
patdk-lap	not solved :)	05:44
anepanaliptos	again, too technical.	05:44
anepanaliptos	how do you guys protect your mail servers?	05:45
jkitchen	patdk-lap: "oh shit" button	05:45
jkitchen	:)	05:45
jkitchen	tie it to your iphone "siri, nuke the drives please"	05:45
anepanaliptos	when i had the first one, with only a physical raid, i felt "safe" with luks	05:45
patdk-lap	personally, I have to insert a special usb stick	05:45
patdk-lap	and type in a password	05:45
anepanaliptos	ok. any things i can "rtfm" to help me setup something similar?	05:46
patdk-lap	but, for email	05:46
patdk-lap	it is much much more likely they tapped your internet connection	05:46
anepanaliptos	eeh. still pointless. ssl.	05:47
patdk-lap	what ssl?	05:47
patdk-lap	smtp doesn't use ssl	05:47
anepanaliptos	i use webmail.	05:47
patdk-lap	so your email is safe until you send/receive	05:47
anepanaliptos	yeah. i understand those rules.	05:47
patdk-lap	till everyone starts doing dane/tlsa, I don't really get the whole encrypted email thing	05:48
patdk-lap	if you secured your email, like with s/mime, or pgp	05:49
patdk-lap	there would be no need for encryption	05:49
patdk-lap	the only thing your somewhat protecting is your email history, from before they tapped your connection	05:49
anepanaliptos	ohkay.	05:49
anepanaliptos	so single disk it is that mounts the others via key.	05:50
patdk-lap	well, the simple way is, use your password to unlock your root disk	05:50
patdk-lap	then save the keys on your root disk, maybe like /etc/disk.keys/....	05:50
patdk-lap	and use those files to unlock the other disks	05:50
patdk-lap	someone would have to copy those files first, to unlock the other disks	05:51
patdk-lap	or have the password to unlock the first disk	05:51
patdk-lap	that is the simple way	05:51
patdk-lap	any other way, gets into messing with initramfs, and that isn't much fun	05:51
anepanaliptos	yeah. i think that way is best.	05:52
patdk-lap	s/best/acceptable/	05:53
anepanaliptos	and as far as the whole email thing, there is MX tls	05:53
anepanaliptos	23:53 < patdk-lap> s/best/acceptable/	05:53
anepanaliptos	^^ agreed.	05:53
patdk-lap	smtp mx tls is mitm	05:53
patdk-lap	it is full of selfsigned, unsigned, broken, expired, certs	05:54
anepanaliptos	correct. but for "the people who care" that i exange email with, we have exchanged keys.	05:54
patdk-lap	so you can't enable hard verification	05:54
* patdk-lap just has lots of ipsec tunnels		05:54
anepanaliptos	yeah i dont know if i trust creating an ipsec tunnel with someone.	05:56
=== Ursinha is now known as Ursinha-afk
_root_	for IP Aliasing: both Ip should have the same MAC address?	06:18
jkitchen	you don't need to specify the mac	06:20
jkitchen	unless you're talking about something different than I'm thinking of :)	06:20
=== NomadJim_ is now known as NomadJim
=== freeflying_away is now known as freeflying
_root_	I have to add my first IP to my VPS this way http://paste.ubuntu.com/6497998/ and because of that I cant get the eth0:0 to IP alias. could you give me a clue as to what should I do to get eth0:0 working	08:35
blueking	samba seem to be tricky to manage get installed there are some issues several places	09:27
blueking	are there samba install scripts that are up to date ?	09:31
nf7	How can I get /etc/crontab to run a script as if it is in the same working directory as the script?	10:08
jkitchen	nf7: cd /path/to/dir && /path/to/dir/script	10:08
nf7	ohhhhh	10:08
nf7	jkitchen: is this a messy way to do it?	10:09
jkitchen	that's the way to do it	10:09
nf7	jkitchen: awesome, thanks a lot	10:10
jkitchen	yup	10:10
andol	nf7: Alt have the script start off by entering the desired working directory, assuming that applies equally well.	10:10
nf7	andol: it's a Python script, is it possible to do that?	10:11
=== wickedpuppy3 is now known as wickedpuppy
jkitchen	http://docs.python.org/2/library/os.html#os.chdir	10:11
nf7	thank you!	10:12
nf7	jkitchen: Is it possible to have os.chdir point to the scripts path (so it will work no matter where I put the script), or do I need to always manually enter the path?	10:18
jkitchen	nf7: http://docs.python.org/2/library/sys.html#sys.argv http://docs.python.org/2/library/os.path.html#os.path.basename	10:28
nf7	jkitchen: Thanks a lot. It's really hard for me to read and find my own information using the documentation. Is there some sort of guide on how to utilize the documentation properly? Or do I just need to learn more.	10:30
jkitchen	I am permalinking you directly to the functions you want	10:30
nf7	jkitchen: Right, I'm just asking for future reference.	10:31
jkitchen	oh	10:31
jkitchen	I just google for the function name	10:31
jkitchen	or thereabouts	10:31
nf7	Cause I need to stop bothering people so much about little things.	10:31
jkitchen	hah, it's fine	10:31
nf7	Ah ok, how long have you been programming with Python?	10:31
jkitchen	I don't	10:31
jkitchen	I've been a professional google user for about 13 years now though	10:32
nf7	hahah	10:32
nf7	that's always a good skill	10:32
nf7	do you program with anything though? or just use Ubuntu server?	10:32
jkitchen	I am a recovering perl user turned rubyist	10:33
jkitchen	dabbled briefly in python	10:33
nf7	cool, there's a lot of perl in linux isn't there?	10:33
nf7	I was fixing a problem with a wifi card's hardware a while back and I ran into a lot of perl scripts	10:33
jkitchen	there's a lot of a lot of stuff in linux	10:33
nf7	right	10:34
jkitchen	used to be perl was really popular for a lot of stuff though	10:34
jkitchen	still is, truth be told	10:35
nf7	Perl and Python are very similar aren't they?	10:35
jkitchen	lots of folks like me who can whip up all kinds of shit in perl in no time	10:35
jkitchen	but trying to keep up with the new hotness	10:35
nf7	That's what someone told me anyway.	10:35
jkitchen	perl python and ruby are like the romance languages	10:35
nf7	What kind of stuff do you use Ruby for?	10:36
jkitchen	my company is a rails shop	10:36
jkitchen	so... basically everything	10:36
nf7	Right, I've dabbled very little with Ruby, seemed almost identical to Python up to what I learned.	10:36
jkitchen	hah	10:36
jkitchen	not even remotely :)	10:36
nf7	Cool, so web development?	10:36
nf7	yeah of course, past a point	10:36
jkitchen	no, I'm ops	10:36
jkitchen	I just run the servers	10:37
nf7	interesting	10:37
jkitchen	but I use puppet for managing my servers, and foreman for managing the metal	10:37
jkitchen	so there's some ruby there	10:37
nf7	I've been programming for about 3 months right now. Just writing some Reddit bots, having them run on a Ubuntu server on an old netbook that I'm SSH'ing into. It's fun.	10:37
jkitchen	now that this migration is almost finished (working on it right now, in fact, should be done shortly) I'll be able to get into the code side of things a bit more and start making things suck less	10:38
jkitchen	cool	10:38
nf7	Well I didn't understand much of that but it sounds interesting.	10:38
nf7	What OS do you use for programming/personal use?	10:38
jkitchen	OSX is my daily driver	10:39
jkitchen	but really it's just a pretty terminal	10:39
jkitchen	chrome, iterm, adium, and a music player	10:39
jkitchen	my primary operating environment is an ubuntu server with about 2 dozen tmux sessions	10:40
nf7	Yeah I was using OSX as well but I recently switched back to Windows, I like 8.1 a lot.	10:40
jkitchen	I can't work on windows	10:40
jkitchen	like literally am incapable	10:40
nf7	Just don't like it or missing some particular program?	10:40
jkitchen	there are no terminals for windows	10:40
jkitchen	putty doesn't qualify.	10:40
jkitchen	putty is great for what it is, but it's not what I need.	10:41
jkitchen	plus I really enjoy having a proper unix command line on my daily driver	10:41
nf7_	Whoops, lost the Wifi there for a moment, back though.	10:42
nf7_	What did I miss?	10:42
jkitchen	dunno	10:42
jkitchen	I have one windows machine, and it's been turned off for the last 8 months.	10:43
nf7_	Well the main reason I switched back to Windows is that I really like 8.1, they've figured out their hotkeys, took some pointers from OSX as well with the spotlight style search and a few other things.	10:43
nf7_	Plus I really like Thinkpads	10:43
jkitchen	if I were going to use a thinkpad it would have linux on it.	10:43
nf7_	Can get around 12 hours of battery with two packs and the docking base is amazing	10:43
jkitchen	but there is no finer laptop than the 13" retina macbook pro	10:44
nf7_	I love coming home and simply snapping it on and having it connect to the speakers, mouse, screen, keyboard, external hd instantly, it's great	10:44
nf7_	Yeah that's actually what I had as well, great machine	10:44
jkitchen	"docking base"	10:44
jkitchen	some proprietary thing	10:44
nf7_	yes it's lenovo proprietary	10:44
jkitchen	I have a thunderbolt display	10:45
nf7_	very similar	10:45
nf7_	the apple one?	10:45
jkitchen	yes	10:45
nf7_	that's one of the nicest screens, crazy expensive though	10:45
jkitchen	was free	10:45
nf7_	I think if I ever bought an OSX machine again I'd get a 13 inch Macbook pro	10:45
nf7_	the battery on those things is crazy	10:45
nf7_	macbook air*	10:45
jkitchen	everything on this thing is crazy.	10:45
jkitchen	oh, not the air	10:46
jkitchen	I am spoiled by retina	10:46
nf7_	yeah the retina is great	10:46
nf7_	I love how you can scale the resolutions	10:46
nf7_	you know what I'm talking about?	10:46
jkitchen	I only use it at the 1680x1050 effective resolution	10:47
nf7_	I like it at whatever the default it	10:47
nf7_	is*	10:47
jkitchen	dunno, I love linux on the desktop, but I also love not having to fuck with my laptop to have it work	10:48
ikonia	there is no need for tha language jkitchen	10:48
jkitchen	sorry	10:48
ikonia	no problem, thank you	10:48
jkitchen	(didn't realize mac was a dirty word, amirite?)	10:49
nf7_	haha	10:49
jkitchen	I kid.	10:49
jkitchen	I came close to buying a thinkpad or samsung series 9 this time around, but then the mavericks preview came out where they were talking about the battery optimizations they were doing at the OS and hardware levels and stuff	10:50
jkitchen	mind blown	10:50
jkitchen	sorry but there's just no way linux can compete with that :(	10:50
nf7_	OSX has crazy good power utilization.	10:51
jkitchen	that's the kind of stuff you can do when you are fully vertical	10:51
nf7_	Windows must be the worst.	10:51
nf7_	Even so, I get really good battery life on my ThinkPad	10:51
jkitchen	for sure	10:51
nf7_	I've actually removed all Lenovo drivers	10:51
nf7_	there were a bunch of power management ones, but I notice no difference whatsoever with them off.	10:52
jkitchen	but there's always that time when you're sitting there and boom, 90% -> 10% in what feels like minutes because something is chewing up power	10:52
nf7_	Yeah true	10:52
jkitchen	happened on my android phone all the time	10:52
jkitchen	happened on my thinkpads in the past	10:52
jkitchen	I do miss linux on the desktop though.	10:52
nf7_	I can't stand all the tools and utilities Lenovo puts on their machines (even if they aren't bloatware technically), first thing I did was a fresh install from a Microsoft CD	10:52
ikonia	is this really anything to do with ubuntu server ?	10:53
ikonia	perhaps take it to one of the offtopic channel please ?	10:53
jkitchen	heh	10:53
nf7_	I was just heading out anyway, thanks for the help.	10:53
jkitchen	np, good luck	10:54
Gilligan94	Hi I have a system without a graphics card and I want to set up ubuntu server on it, what would the best way to do this be?	10:54
ikonia	a serial connection	10:54
jkitchen	Gilligan94: network console	10:54
Gilligan94	so I'll beable to install it over SSH?	10:54
jkitchen	it really doesn't even have like an onboard vga? weird.	10:54
jkitchen	Gilligan94: yup	10:54
Gilligan94	yea no VGA this is an AMD system	10:55
jkitchen	doesn't mean it doesn't have a vga port on board	10:55
jkitchen	in fact with newer AMDs it seems like it's hardecr to get one WITHOUT an apu than with...	10:55
Gilligan94	in this case it doesn't have any VGA	10:55
jkitchen	crazy	10:55
Gilligan94	I believe this mobo and CPU was aimed at gaming so they just assumed you would use a dedicated GPU	10:56
ikonia	what is the motherboard model	10:57
Gilligan94	not sure, I dont have it on hand currently	10:57
jkitchen	not even hdmi?!	10:59
* jkitchen is baffled		10:59
Gilligan94	nope nada	10:59
Gilligan94	kinda cool IMO keeps the cost down	11:00
jkitchen	eh	11:00
jkitchen	by about $2	11:00
jkitchen	anywho OFF TOPIC	11:00
jkitchen	try the network installer.	11:00
Gilligan94	every little bit counts >.>	11:00
Gilligan94	alright thanks	11:00
jkitchen	or serial console	11:01
jkitchen	but I doubt it has a serial port	11:01
Gilligan94	yea I dont think it does	11:01
ikonia	if it's not got any form of vga for "cost saving" they won't have put a serial port on	11:01
jkitchen	right	11:01
Gilligan94	any advantage to using 13.10 over 12.04?	11:02
jkitchen	plenty	11:02
ikonia	Gilligan94: it really depends on your needs	11:02
jkitchen	go with 13.10 unless you need LTS	11:02
Gilligan94	alright	11:03
blueking	does there exist scripts up to date for install of samba ?	11:51
ikonia	blueking: the package manager will manage updates	12:01
frojnd	Hi there. I need a little assitance with mx records. I successfully set multuiple A records for server's IP. So when I go to mydomain1.com it goes there without a problem. It's the same with mydomain2.com Now I'd like to set up MX records for mail server for mydomain1.com. Under free DNS hosting section of my host provider, I set up: Name: mydomain1.com, Type: MX, Value: IP	12:05
frojnd	WHen I do dig -t mx mydomain1.com I can't see mydqomain1.com under mx...	12:06
frojnd	Am I doing this correctly?	12:06
frojnd	I also tried for google mails and it's rather different then I did: Name: atl1.aspmx.i.google.com, Type: MX, Value: mydomain1.com	12:07
ikonia	dns changes will take time to go live	12:07
frojnd	So: do I have to first set A recrod for mail.mydomain1.com and then use this?	12:07
ikonia	mx records need to be a vali dhost name too	12:07
frojnd	ikonia: I've set up yesterday and still not seen.	12:08
ikonia	is the fqdn of the mx host able to be resolved	12:08
frojnd	ikonia: so in theory, if I set first A record: mail.mydomain1.com for server's ip and then use for mx like this: mail.mydomain1.com Type: MX value: mydomain1.com will it work?	12:08
ikonia	MX has to be a fqdn, not an ip	12:08
frojnd	aha	12:09
frojnd	we found a problem	12:09
frojnd	let me try	12:09
frojnd	It says changes will be visible in max 4 hours	12:11
frojnd	Nevertheless I noticed a few problems with postfix	12:12
frojnd	postfix/cleanup[1128]: warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for "root@mydomain1.com" this warning each second, which is worring me	12:14
frojnd	log is already 18MB big	12:14
frojnd	ioptop is running like crazy :)	12:14
frojnd	In that *.maps.cf I have user, password, hosts, dbname and query	12:15
frojnd	Also in that file, user is not root	12:17
=== julian is now known as alamar
=== Ursinha-afk is now known as Ursinha
blueking	ikonia: not that kind I was thinking.. but script to get everything installed	12:43
ikonia	the package manager will install everything	12:44
leelondon	i used ubuntu-s for five years guys	13:57
leelondon	please like https://www.facebook.com/DwayneJohnson	13:57
leelondon	the rock	13:57
frojnd	Ok. I have setup a MX record for mydomain1.com as mail.mydomain1.com and is also seen if I do dig -t mx mydomain1.com	15:07
frojnd	What does that error mean for postfix? Nevertheless I noticed a few problems with postfix	15:07
frojnd	postfix/cleanup[1128]: warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error	15:07
Maddeth	Hey all, anyone know if there is a netatalk channel?	15:55
Maddeth	or anyone able to help bme with some netatalk issues	15:56
Maddeth	s/bme/me/	15:56
=== mjohnson15_2 is now known as mjohnson15
subman	I've tried adding a second hard drive to my ubuntu server machine but now it won't boot up. It gets stuck at verifying dmi pool. Any ideas?	16:45
=== mibofra- is now known as mibofra
bitbyte	Hey guys any one here who can help out with a VPN problem ?	18:47
jkitchen	?ask	18:50
jkitchen	??ask	18:50
jkitchen	don't ask to ask, just ask. if someone can help and is willing, they might just do that	18:51
anepanaliptos	yes. but i dont know what your problem is.	18:53
bitbyte	sorry got called away from the machine as i typed enter	18:56
bitbyte	I'm having some problems understanding generating the certificates	18:56
jkitchen	bitbyte: what sort of vpn are you creating, openvpn?	18:56
bitbyte	I am following the setup outlined here : http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client	18:56
bitbyte	but the openssl command I am having trouble finding any details for. Any ideas on some documents to read up more on it	18:57
jkitchen	there's always 'man openssl'	18:57
bitbyte	I am setting up StrongSwan on ubuntu server, I think I have the config right. But when i generate the certs they don't seem to work right	18:57
jkitchen	but basically that guy is setting up a CA and such	18:58
jkitchen	for my vpn (openvpn) I use the easy-rsa stuff that ships with openvpn	18:58
jkitchen	to manage my ca	18:58
bitbyte	If I'm just setting up a home VPN would i need to setup the Certificate Authority ?	18:59
jkitchen	yes	18:59
bitbyte	I was looking on ss64 for the openssl command but had no luck	18:59
jkitchen	if you follow those directions on the page exactly, it should work fine	18:59
jkitchen	what step did you have trouble with?	18:59
bitbyte	Ok I will give it another shot, The issues began when i copied the certs over to my osx test laptop and it did not recognize the certs even when fully important to keychain	19:00
bitbyte	The setup I have at the moment is : http://pastebin.com/g2yhYYC0	19:01
bitbyte	If I understand this correct the leftsubnet 10.10.10.x/24 will be the network the VPN clients are on and 0.0.0.0/24 will accept any inbound IP's	19:02
jkitchen	I can't speak to that part, sorry	19:02
bitbyte	and having the interfaces=%default route it should pass it through to the em1 ethernet interface and connect it to my internal 10.10.5.x/24 network	19:02
bitbyte	There was one other item i was wondering about which was that when i run the openssl to generate the certs it asks for a password, Can this be taken off ?	19:04
bitbyte	Because if I understand it correctly, it will require the password to be entered every time its requested to be used.	19:05
anepanaliptos	yes you can leave it blank and push enter	19:16
bitbyte	When i pushed enter it seems to exit the creation of the cert	19:17
blueking	hello	20:29
blueking	I have a question about reboot/init 6 I have an issue with it tried google for it but found no answer to it, maybe someone here knows ? the issue about reboot/init 6 is that it shuts down computer and doesn't restart are there ways to force pc/linux restart ? I am running ubuntu server 13.10	20:31
zkvvoob	Hi guys, I'm trying to find out why my Ubuntu 12.04 server with Postfix/Dovecot suddenly stopped receiving emails. Sending works fine. Could someone give me a hand?	20:56
zkvvoob	Please?	21:01
zkvvoob	Anyone?	21:12
blueking	I have a question about reboot/init 6 I have an issue with it tried google for it but found no answer to it, maybe someone here knows ? the issue about reboot/init 6 is that it shuts down computer and doesn't restart are there ways to force pc/linux restart ? I am running ubuntu server 13.10	21:23
sander^home	How do I decrypt a pgp message?	21:53
jkitchen	you need the private key	21:54
jkitchen	then you just gpg --decrypt	21:54
sander^home	jkitchen, do you have a compleate example?	22:03
jkitchen	sander^home: huh?	22:04
jkitchen	gpg --decrypt filename	22:04
sander^home	jkitchen, ah, ok. And what argument do I spesify the private key, and where do I spesify the message?	22:05
jkitchen	sander^home: you need the private key in your keyring	22:05
jkitchen	and you can either pipe the message in or specify a filename	22:05
jkitchen	gpg will figure out which private key to use to decrypt the file if you have multiple private keys in your keyring	22:06
sander^home	jkitchen, how do I import the private key into my keyring?	22:07
jkitchen	sander^home: gpg --import keyfilename	22:09
jkitchen	or you can pipe the key into --import	22:09
sander^home	jkitchen, seems like I got an public key..and a message	22:16
jkitchen	sander^home: if you don't have the private key you can't decrypt the message	22:17
jkitchen	that's kinda the point	22:17
sander^home	jkitchen, ok. Thanks alot:)	22:24
zkvvoob	Hi guys, I'm trying to find out why my Ubuntu 12.04 server with Postfix/Dovecot suddenly stopped receiving emails. Sending works fine. Could someone give me a hand?	22:27
blueking	noone had problem with shutdown -r, reboot, init 6 ?	22:30
jkitchen	zkvvoob: what's in your maillog?	22:30
jkitchen	also, what's the domain?	22:30
zkvvoob	jkitchen: http://paste.ubuntu.com/6501474/	22:31
jkitchen	Dec 1 00:20:02 server sm-mta[7723]: NOQUEUE: SYSERR(root): hash map "access": missing map file /etc/mail/access.db: No such file or directory	22:33
jkitchen	that's not postfix, for one	22:33
jkitchen	sm-mta I'm gonna guess is sendmail	22:34
zkvvoob	jkitchen: but I removed that	22:34
zkvvoob	sendmail	22:34
jkitchen	clearly not	22:34
zkvvoob	what do I do then?	22:34
jkitchen	remove sendmail, install postfix	22:34
zkvvoob	like I said, already did that: apt-get remove sendmail, apt-get autoremove	22:35
jkitchen	how did sendmail get on there to begin with?	22:35
zkvvoob	I was trying to figure out why the PHP Mail function was not working and tried setting up sendmail; when nothing changed, I removed it	22:35
zkvvoob	and reinstalled Postfix	22:35
jkitchen	ah	22:35
jkitchen	that'll do it.	22:35
zkvvoob	but maybe I messed something with the config files	22:36
jkitchen	postfix ships its own /usr/sbin/sendmail, so you don't need to actually have sendmail installed	22:36
jkitchen	dpkg -l \| grep sendmail	22:36
zkvvoob	jkitchen: http://paste.ubuntu.com/6501494/	22:37
jkitchen	ok, what about postfix	22:38
jkitchen	also, perhaps sendmail is still running, check your process list	22:38
jkitchen	or try telnet localhost 25	22:38
zkvvoob	jkitchen: http://paste.ubuntu.com/6501495/	22:38
jkitchen	ok, postfix isn't installed either	22:38
zkvvoob	so, apt-get install postfix again?	22:39
jkitchen	so between that and the fact that you removed postfix and installed sendmail, that would cause mail to stop working, yes.	22:39
jkitchen	yea, install postfix	22:39
zkvvoob	aye, aye	22:39
jkitchen	but first check the process list	22:39
zkvvoob	how?	22:39
jkitchen	sendmail may still be running	22:39
jkitchen	ps aux \| grep sendmail	22:39
jkitchen	maybe	22:39
jkitchen	I don't (won't) use sendmail, so I'm not sure what all processes it uses	22:40
zkvvoob	root 4303 0.0 0.0 13548 2208 ? Ss Nov30 0:00 sendmail: MTA: accepting connections root 8372 0.0 0.0 4392 808 pts/0 S+ 00:40 0:00 grep --color=auto sendmail	22:40
jkitchen	yea, it's still running. kill it.	22:40
zkvvoob	again, how? :(	22:40
jkitchen	kill 4303	22:40
jkitchen	4303 is the pid of the sendmail process there	22:41
zkvvoob	right, got it	22:41
zkvvoob	done	22:41
jkitchen	(second column)	22:41
zkvvoob	now install postfix?	22:41
jkitchen	yup	22:41
jkitchen	and hopefully you didn't apt-get purge it before, it should still have your configu	22:41
zkvvoob	no, I didn't purge anything	22:41
zkvvoob	it's installed	22:41
zkvvoob	now what?	22:41
blueking	anyone knows what option -d means ? in -> "reboot -d -f -i" looking at file /etc/rc6.d/S90reboot	22:41
blueking	man doesn't mention -d option	22:42
jkitchen	zkvvoob: in theory, postfix is up and running and your mail should be working again	22:43
zkvvoob	hm, ok, I'll tail the mail log and send a messge	22:43
zkvvoob	jkitchen: http://paste.ubuntu.com/6501525/	22:45
zkvvoob	and there's no trace of the message in my mailbox	22:45
jkitchen	Dec 1 00:45:01 server postfix/smtpd[9185]: error: unsupported dictionary type: mysql	22:45
jkitchen	you may need to install postfix-mysql	22:46
jkitchen	dunno if you were actually using that before or whatnot	22:46
zkvvoob	jkitchen: nothing - http://paste.ubuntu.com/6501545/	22:48
jkitchen	you need to restart postfix after installing the package	22:49
zkvvoob	did that	22:49
jkitchen	ok	22:49
jkitchen	mailq says?	22:49
zkvvoob	jkitchen: http://paste.ubuntu.com/6501552/	22:50
jkitchen	zkvvoob: those are bounce messages, you can look at what they say with postcat. postcat -q B6C8C601566	22:52
jkitchen	though unless your clock is quite off those are most likely not relevant to this matter	22:52
Xeronix	I'm having trouble installing Ubuntu Server 13.10 - my USB keyboard is not recognized by my computer once I get into the installation steps	22:52
Xeronix	I'm stuck at Select a Language	22:52
jkitchen	Xeronix: replug?	22:52
Xeronix	jkitchen: I have tried that	22:52
zkvvoob	jkitchen: no, it's not off, they are old; aparently I've not been receiving message for quite some time, not just today	22:52
jkitchen	just a thought :)	22:52
jkitchen	zkvvoob: I'd bet there's a strong correlation between when you uninstalled postfix and installed sendmail and when your mail stopped working	22:53
jkitchen	Xeronix: do you have any sort of legacy usb support enabled in your bios?	22:53
zkvvoob	jkitchen: the thing is I never actually uninstalled postfix	22:53
Xeronix	jkitchen: I do	22:53
zkvvoob	jkitchen: at least I don't remember	22:53
Xeronix	Under USB configuration	22:54
jkitchen	zkvvoob: postfix and sendmail are mutually exclusive	22:54
Xeronix	I have Legacy USB Support enabled	22:54
zkvvoob	jkitchen: I know that now, yes	22:54
jkitchen	Xeronix: you might disable that	22:54
zkvvoob	jkitchen: so what could I try now?	22:54
Xeronix	DISABLE it?	22:54
jkitchen	Xeronix: yes, linux has supported usb keyboards for over a decade	22:54
jkitchen	you don't need the bios to do that for you anymore	22:54
jkitchen	zkvvoob: how are you testing your mail?	22:55
Xeronix	jkitchen: Still no use, it's not working :(	22:55
jkitchen	Xeronix: you rebooted that quickly?	22:55
Xeronix	Yep	22:55
jkitchen	lies.	22:55
Xeronix	USB install	22:55
zkvvoob	jkitchen: sending a message from another account, tail -f /var/log/mail.log; checking webmail if anything's arrived	22:55
Xeronix	it's not a server, so it doesn't have a long POST cycle either	22:55
jkitchen	zkvvoob: what's the domain?	22:55
zkvvoob	jkitchen: I already sent you the output of telnet localhost 25	22:55
zkvvoob	jkitchen: saturn13.eu	22:56
zkvvoob	or mail.saturn13.eu - for the SMTP	22:56
Xeronix	jkitchen: Like literally, my keyboard loses power or something	22:56
Xeronix	hmm	22:56
jkitchen	Xeronix: weird. is it a fancy keyboard or just off the shelf thing	22:56
Xeronix	does Ubuntu have USB3 support built in?	22:56
Xeronix	jkitchen: Nope, I used it yesterday to install server on another machine	22:56
jkitchen	weird	22:57
jkitchen	in theory it shouldn't matter, because of usb hid	22:57
jkitchen	but yea.	22:57
jkitchen	HEH	22:57
jkitchen	zkvvoob: tail -f your log file	22:57
jkitchen	you should have just seen a message from me	22:58
jkitchen	250 2.0.0 Ok: queued as 58C7D600040	22:58
Xeronix	jkitchen: shite, just disabled legacy usb and my keyboard no longer works for getting into the bios	22:58
zkvvoob	jkitchen: I think I did, here http://paste.ubuntu.com/6501595/	22:59
jkitchen	Xeronix: wat	22:59
jkitchen	:(	22:59
zkvvoob	jkitchen: but I don't see the actual message in my mailbox	22:59
Xeronix	going to CMOS reset	22:59
DRice7	hey guys - can anyone help me with my Xorg starting problem? Error found at bottom of: http://paste.ubuntu.com/6501600/	23:01
jkitchen	zkvvoob: bounce says unknown user bz	23:02
zkvvoob	jkitchen: that's insane, I'm logged in my webmail with that user	23:03
zkvvoob	jkitchen: here, I just logged out and then back in	23:03
jkitchen	zkvvoob: well, most webmail programs are just imap clients	23:03
jkitchen	so your imap server and postfix are disagreeing	23:03
zkvvoob	jkitchen: right, so what should I do then?	23:03
jkitchen	are you doing some virtual users setup or something with postfix?	23:04
jkitchen	(I'm assuming so since you have mysql involved)	23:04
zkvvoob	jkitchen: maybe, I'm using ISPCOnfig, maybe it got confused with the postfix situation - should I remove the account and add it again?	23:04
jkitchen	no	23:04
jkitchen	postfix is probably just not looking at it	23:04
jkitchen	I don't know what ISPConfig is though, is that some sort of third party panel thing?	23:05
jkitchen	like cpanel or plesk or such	23:05
zkvvoob	yes, like cPanel	23:05
jkitchen	if so, you should probably contact their support	23:05
jkitchen	oh, it's open source.	23:05
jkitchen	hrm	23:05
zkvvoob	so?	23:05
jkitchen	well, maybe ask their irc channel then? :)	23:05
blueking	hmm	23:06
zkvvoob	:D	23:06
zkvvoob	Well, thank you very much for your help jkitchen !	23:06
jkitchen	I have never used ispconfig so I have no idea how it's configured	23:06
jkitchen	no problem, good luck	23:06
blueking	sighs	23:06
blueking	debian and ubuntu are built on same kernel ?	23:07
jkitchen	blueking: all linux distros are by definition built off of the linux kernel	23:08
blueking	jkitchen: just wonder why I have reboot problem on debian and ubuntu but not in opensuse	23:10
jkitchen	the 'reboot' command isn't part of the kernel	23:11
jkitchen	what problem are you having?	23:11
DRice7	blueking, it has to do with the acpi drivers	23:11
DRice7	apt-get install pastebinit	23:11
DRice7	dmesg \| pastebinit	23:11
DRice7	check the ACPI messages	23:11
blueking	jkitchen: reboot, shutdown -r, init 6 all shuts down pc	23:11
jkitchen	ahh, yes. that's probably ACPI thing.	23:12
* jkitchen hands the baton to DRice7		23:12
blueking	ok	23:12
blueking	DRice7: what am I looking for ?	23:20
blueking	DRice7: have some acpi warning at line 858 - 864	23:23
blueking	jkitchen: what should I look for about acpi in dmesg ?	23:28
blueking	hmm'	23:43
blueking	edited grub put in acpi=off no change to reboot	23:49

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!