[00:00] ah there we go! :) [00:00] sarnold: it's possible at this point that i've thrown in some cruft that's *causing* trouble, so a quick glance would really be appreciated. [00:07] hallyn: line 279, realpath() is used on the cgroup pathname; will it necessarily exist in the filesystem? since realpath() resolves symlinks, I think it's got to be a real path... [00:08] hallyn: line 284 constrains the strcmp to the length of rcgpath, but if tmppath is longer, the extra data may not be checked [00:08] (that's probably intentional behavior, but still I thought I'd point it out) [00:08] sarnold: realpath(p) where p has no symlinks shoud just return p, iiuc, [00:09] sarnold: and yeah, i just want tomake sure that tmppath isn't above or outside of rcgpath [00:09] i.e. /a/b/../../.. [00:11] hallyn: does line 314 need a \n? [00:13] sarnold: it might, yeah. ceratinly can't hurt, will add it, thanks :) [00:13] sarnold: actually that has been workign without it. but still i'll add it [00:13] hallyn: well, it might. I know apparmor's had no end of \n vs no \n in magic file problems... [00:14] hallyn: sorry, nothing else stood out as a potential problem :( [00:14] sarnold: drat. ok - thanks. [00:14] i'll have to delve into the dbus implemetnation then [00:14] * hallyn puts on his spelunking gear [00:14] ugh, good luck [00:16] thanks again :) - ttyl === TDog_ is now known as TDog [00:55] zul: so many tests passed, but turns out your libvirt-python package failed to build https://launchpad.net/~zulcss/+archive/libvirt-1.2.0/+build/5292931 [00:56] zul: (http://paste.ubuntu.com/6512081/ has the list of failures - probably libvirt-python is responsible for all) [01:04] hallyn: ill fix it up === freeflying_away is now known as freeflying [02:39] Just installed PHP for my ubuntu-server running nginx and I have done changes in my virtual host file (settings http://paste.ubuntu.com/6512329/ ). I created a index.php file in /usr/share/nginx/html but when I try 192.168.0.254/index.php I get "unable to connect" [02:40] Am I forgetting something? I have restarted nginx a couple of times with no luck [03:21] Hey is there anyone that could help me out with some dependency issues? [03:33] !ask Trace_ [03:33] !ask | Trace_ [03:33] Trace_: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience === Ursinha is now known as Ursinha-afk === Ursinha-afk is now known as Ursinha === TDog_ is now known as TDog === TDog_ is now known as TDog [05:05] gosh there are so many ubuntu 13.10 packages missing for ppc [05:10] is there a way to tell dpkg-buildpackage to use multiple core? my core0 is busy but the rest is all idle [05:11] i see, it supports -j [05:14] szaus18: or try setting the environment variable DEB_BUILD_OPTIONS=parallel=4 or whatever === TDog_ is now known as TDog === TDog_ is now known as TDog === gfrog is now known as gfrog_busy === gfrog_busy is now known as gfrog === gfrog is now known as gfrog_busy === TDog_ is now known as TDog [09:14] what command to check how much space left on usb device mounted /mnt/usb ? === TREllis_ is now known as TREllis [09:17] df -h /mnt/usb [09:18] and to check how much stored in each folder ? [09:18] ls and some options [09:19] du -hcs /mnt/usb/* [09:20] TY [09:20] :) [09:20] ogra_: and geser [09:44] decided to reinstall ubuntu server :/ had some glitch here and there some errors with initctl and more stuff I couldn't find out how to fix :/ === TDog_ is now known as TDog === TDog_ is now known as TDog === TDog_ is now known as TDog === gfrog_busy is now known as gfrog_meeting === shadeslayer_ is now known as shadeslayer [11:47] zul, hold fire on icehouse backports - hacking something out to automate it on a regular basis for simple no-change backports [11:49] jamespage: erm, wasn't there already a backport-o-matic that adam_g wrote? [11:50] Daviey, we have most of the scaffolding - it just needs glueing together [11:50] Oh! Nice. === TDog_ is now known as TDog === gfrog_meeting is now known as gfrog === TDog_ is now known as TDog [12:41] jamespage: i was just making sure things build yesterday [12:42] zul, I almost have it working; it checks if mismatches, backports and build tests - if it builds it will upload, if not expect an email :-) [12:43] jamespage: well on my list so far openvswitch, mongodb, ipxe, libunwind ftbfs so far [12:43] zul, openvswitch? interesteing [12:43] ok [12:46] jamespage: when you get a chance can you have a look at the migrate ftbfs https://launchpad.net/ubuntu/+source/migrate/0.8.2-1/+build/5294293 i have to get liam ready for school === MalcontentMatt is now known as mjohnson15 [12:51] what dhcp server people recommend for ubuntu server ? [12:51] for homeuse [12:53] and what's extra features does ldap gives ? -> isc-dhcp-server-ldap vs isc-dhcp-server ? [12:55] blueking: If it is for home use, and you aren't familiar with ldap, it is not something you need. [12:55] http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol [12:56] ok found out that ldap are goodie if one have several servers if I understood it right [13:14] Just got an Ubuntu VPS setup and its been a while since I've run a server in Linux. I know I probably aught to create a user account rather than doing everything using root, but for each site that I run on this VPS, should I create a different user account for it? or just create a single 'www' user account and run all sites out of that? What about the DB? === gary_poster|away is now known as gary_poster [13:19] zul, ok [13:38] my interfaces got names p3p1 p2p1 in interface-order should I use p*p1 or p?p1 ? [13:40] hmm or is it this -> p+([0-9])p+([0-9]) [13:42] hmm or is it this -> p+([0-9])p+([0-9])?(_([0-9]))* how does this one look like ? [13:42] blueking: What are you trying to do+ [13:42] ? [13:43] edit interface order [13:43] my nic has p3p1 and p2p1 [13:43] Why edit the order? [13:44] no need to ? [13:45] How could I say? [13:45] I don't know what your motivation is. [13:45] Why did you start looking into this in the first place? [13:46] I made backup of ubuntu and did a clean install and putting back conf [13:46] that what I know was working [13:47] pXpY(_Z) is biosdevname assigned names based on physical location in your system. [13:48] (_z) not visible then [13:48] ok :) [13:48] No, it only applies in certain cases. [13:49] I was thinking I didn't need apparmor apt-get remove apparmor and saw EVERYTHING disapear :P [13:50] somehow reinstall of stuff didn't work without issues and caused several error msg [13:51] atleast have firewall dhcp server samba share fixed [14:04] jamespage: keystone is building fine locally now === TDog_ is now known as TDog [14:19] zul, omg I'd forgotten how long ceph takes to build [14:20] jamespage: hehe [14:25] hallyn, sorry for the late notice, but I think you are up today to chair the ubuntu server IRC meeting [14:31] again? [14:31] seems like only yesterday :) [14:32] hallyn: you love it [14:32] I did add a "ping the next week's moderator" to the checklist. who's not following it? [14:32] oh, heh. [14:32] zul: it does allow me to do the rude fast meeting :) [14:33] yikes that's quite an action list [14:33] hallyn: yep yep [14:37] jamespage: do you remember the following bug : LP: #1241674 [14:37] jamespage: juju-core broken with OpenStack Havana for tenants with multiple networks [14:38] yes [14:38] still broken [14:38] jamespage: I'm looking at it; is there any known workaround ? [14:38] jamespage: i.e. until it get fixed in juju-core ? [14:41] jamespage: before I go ahead and start looking at ways to deal with this [14:41] caribou, erm - not run multiple tenant networks for juju environments - sorry that's the best I can suggest right now [14:41] I know that sucks [14:42] jamespage: :-) I was about to say "except *not* running multiple networks" === liam_ is now known as Guest41957 [14:42] jamespage: ok, thanks for the info, at least I know what to expect [14:42] I know gnuoy has been hitting this issue as well === TDog_ is now known as TDog [14:42] gnuoy, is there a plan yet? or are we still waiting on juju-core upstream [14:47] A long round of applause to everyone involved with the fastpath installer :-D [14:48] this will change my testing life [14:48] what is fastpath installer? [14:49] is that same as curtin or curt installer? [14:49] jrwren: well, actually these praises should have gone to #maas [14:49] jrwren: it is, that's how it's called in maa [14:49] maas [14:49] jrwren, yeah - thats right [14:49] its integrated into maas but driven by curtin I think === freeflying is now known as freeflying_away [14:53] jamespage: afaik, fastpath is a maas tag that makes the installer use curtin [15:04] caribou: the fastpath installer is using curtin to do the install really [15:04] caribou: it gets activated by adding the tag [15:04] roaksoax: ah, ok. thanks for the precision [15:06] caribou: np :). I know there isn't really much info out there to clarify this [15:06] roaksoax: I just didn't take time to have a look at the code. I think this is where the doc resides ;-) === TDog_ is now known as TDog [15:17] zul, that's working quite nicely [15:18] jamespage: ceph? [15:18] zul, ceph done [15:18] jamespage: keystone is down to 4 test failures all have to do with essex keystoneclient [15:18] 16 packages done infact [15:18] 3 failures [15:18] zul, gah - is that stuff still in tree - I thought it was going to be dropped? [15:19] jamespage: its still there [15:19] zul, btw libunwind won't pass its test suite if apport is enabled [15:19] if that was the build failure you saw [15:19] nose has been ripped out so have to run the testsuites with all the stuff we have skipped in the past [15:19] it expects core dumps on disk in defined locations - apport intercepts those [15:19] jamespage: ack [15:22] jamespage: now if i could only figure out whats going on with nova [15:23] zul, yolanda is looking at heat and ceilometer [15:23] jamespage: ack [15:23] can't remember whether I mentioned that or not [15:23] jamespage: dont think so [15:24] zul, adding python-pip to build-depends make sense? it doesn't build without that, but i can't see it on requirements, so maybe it's something with my machine [15:24] yolanda: no it doesnt...just patch it out of requirements.txt [15:24] zul, it isn't in requirements, but if i don't have pip installed in my machine, i received error i showed you [15:25] yolanda: wha? === JanC_ is now known as JanC [15:25] yolanda: can you post the full build log? [15:25] sure [15:26] zul http://paste.ubuntu.com/6515025/ [15:27] seems it's a req from pbr [15:27] Installed /home/ubuntu/build-area/ceilometer-2013.2/pbr-0.5.23-py2.7.egg [15:27] Searching for pip>=1.0 [15:27] yolanda: how are you building the package are you using pbuilder? [15:27] bzr bd [15:27] that's first step [15:28] yolanda: right you want to use bzr bd -S and then use something like pbuilder or sbuild otherwise you are going to get problems like this [15:28] zul, sorry, yes, bzr bd -S [15:28] i receive the error executing the bzr bd -S command [15:28] yolanda: make sure you have python-pbr installed [15:29] mm, it wasn't, but i executed and apt-get build-dep ceilometer [15:29] let me try now [15:29] it's that, yes [15:29] i may be using an old ceilometer package to get the build deps [15:33] yolanda, zul: some of the package clean calls will pull in deps if they are not already installed [15:33] bzr bd -S -- -nc will avoid this [15:33] but is bad practice [15:33] (but in a bzr tree you should not get cruft - so its not to bad) [15:35] i hate you testr [15:46] hallyn, the "ping the next week's moderator" was from me following the checklist. Apologies on it being so late on the ping though [15:53] zul https://code.launchpad.net/~yolanda.robla/ceilometer/icehouse_refreshed_patch/+merge/197553 [15:59] yolanda: merged thanks [15:59] cool [16:00] easy one [16:02] utlemming, can you just please 'ack' that we will plan on producing alpha-1 images for cloud-images. ? [16:02] smoser: done [16:03] smoser: or did you need me to ack that somewhere else besides the meeting? [16:03] probably here or ther eis sufficient [16:03] maybe just say so in #ubuntu-release also [16:03] can you do tha t? [16:04] so other people are aware [16:15] jamespage: https://code.launchpad.net/~zulcss/keystone/icehouse-ftbfs/+merge/197559 [16:16] i am adding some update paths to the sources.list file by adding two lines such: deb http://ftp.ubuntu.com/ubuntu/ gutsy main universe multiverse restricted [16:16] deb-src http://ftp.ubuntu.com/ubuntu/ gutsy main universe multiverse restricted [16:17] but while updating via terminal i cannot get the updates via gutsy [16:18] w0rmie, gutsy is no longer supported [16:18] w0rmie: You need to upgrade that machine. [16:20] w0rmie: I mean, gutsy's not been supported since 2009. [16:20] i need to install kerreghed to boot them into a supercomputer [16:20] what's the alternative then? [16:21] smoser, can you review the pad [16:22] w0rmie: you might find http://askubuntu.com/q/91815/7808 helpful. But you should upgrade. [16:23] jamespage, i say "ship it" [16:25] smoser, ack === TDog_ is now known as TDog [16:29] smoser, hey - there are a few updates in cloud-tools staging - specifically the juju-core one is needed for some stuff [16:29] as I uploaded I'm a little reticent to accept it [16:31] jamespage, are you askign me to push to -propsed ? [16:31] smoser, pls [16:31] i can do that. i actually thought you had. [16:31] sure. [16:33] jamespage, i only see juju-core in staging. === TDog_ is now known as TDog [16:34] smoser, thats it then [16:34] I think the report is stuffed on reports.qa.ubuntu.com [16:34] I'll take a look at that [16:34] jamespage, well, its not "stuffed" [16:34] its just incorect report [16:35] stuffed == incorrect :-) [16:35] its not wrong [16:35] its correctly reporting what it was told to report [16:35] it was just told to report something != what you actually want [16:35] i've thoguht of taking a look at that [16:35] what we want is 2 tables [16:35] lp:ubuntu-reports [16:35] ubuntu -> -next [16:35] I can deploy updates now [16:35] err... [16:36] ubuntu devel -> -next [16:36] and [16:36] ubuntu stable -> staging -> proposed -> updates [16:36] yeah - that makes sense [16:38] i just pushed juju to -proposed [16:38] smoser, thanks [16:39] zul, xen, python-wsme, qemu, webtest, simplejson, openvswitch, urllib3, msgpack-python, spice, ipxe, requests all fail to backport [16:39] everything else is good [16:39] zul, I can fix openvswitch now - I know what the issue is [16:39] jamespage: msgpack-python has been deprecated in favor of python-msgpack [16:40] we also need to include newer six and iso8601 as well [16:42] I wrote a tool for configuring network interfaces on ec2. What package would this be useful to add to? [16:43] jamespage, can you give me a quick "how to ruN" for that thing ? [16:43] smoser, for what - the report? [16:43] yeah === TDog_ is now known as TDog [16:43] smoser, yeah - I struggled with that - one second [16:44] i'lll submit a doc with my proposed branch [16:52] jamespage: ok nova fixed i think [16:58] zul, great [17:05] been a long time LTS server user, now have to work for powerpc, where many packages are unsupported, am I better of to use wheezy/debian [17:05] jamespage: can you bounce me the failures mins the openvswitch one so i can have a look [17:05] s/of/off/ [17:06] zul, look at the console log in the lab [17:06] ack [17:06] trying hard to get nova-compute-kvm built on 13.10 since last night [17:06] szaus18: which powerpc packages work in Debian but not in Ubuntu? [17:06] nova-compute-kvm for example [17:09] Anything else [17:09] ? [17:10] at the moment this is the major one, i do see other packages that are not supported during the search [17:11] would like to run some search to find out the whole list, it won't surprise me there are more [17:23] oops, nova-compute-kvm build failed yet again on ppc, time to try debian [17:23] is Ben here? [17:46] zul, spice self-fixed [17:46] on the next hourly backport-o-matic [17:46] jamespage: cool [17:46] jamespage: nova is almost fixed [17:49] zul: couple of comments on the keystone merge [17:49] zul, also we need to merge in the security update that landed last week [17:50] jamespage: yeah we should get that security update in trusty [17:51] zul, it's already done [17:51] oh.. === liam_ is now known as Guest7421 === TDog_ is now known as TDog [18:09] jamespage: updated [18:09] Hi there. [18:12] zul, patch headers? [18:12] Anyone here familiar with posftix? [18:13] Every second I get a warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for "root@mydomain1.com" [18:16] jamespage: should be there [18:31] jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-cinderclient/1.0.7/+merge/197587 [18:33] zul, I'll leave that to roaksoax [18:34] jamespage: ack [18:35] zul: already commented [18:37] roaksoax: i thought it was there...removed the changelog comment [18:37] zul: done [18:38] I have a very newbie question, regarding postfix configuration. I decieded I'll go from beginning because I've missed something. [18:39] When it asks me for the system mail name I enter mail.mydomain1.com if dig -t mx mydomain1.com shows: mydomain1.com 5278 IN MX 10 mail.mydomain1.com ?? [18:40] Is this correct? [18:48] hi people! [18:49] do you have web sites for to learn linux ubuntu server [18:49] Shockwave: this is a good starting point: https://help.ubuntu.com/12.04/serverguide/ [18:49] for the administration of linux ubuntu server cllass online o tutorials=? [18:49] sarnold: thanks ! [18:49] ;)} [18:50] this is all for to learn the administration of linux servr=?? [18:51] hm [18:51] this is odd [18:51] On one hand it says: This name will also be used by other programs. It should be the single, fully │ │ qualified domain name (FQDN). [18:52] frojnd: is with me=? [18:52] And fqdn in this case fqdn for mail is mail.mydomain1.com [18:52] and on the other: Thus, if a mail address on the local host is foo@example.org, the correct value for │ │ this option would be example.org. [18:52] ok perfect! [18:52] sorry! [18:52] greetings [18:53] Decepticonssssssssssssssssssssssssssssssssssssss [18:53] So which one is it? mail.mydomain1.com or mydomain1.com ? [18:53] smoser: I want to contribute a utility to cloud-init that would run on boot (after eth0 was configured), after any interface was configured, and manually by request of the system adminitrator. The purpose of the program would be to configure network interfaces for the IPs assigned to it inside an AWS VPC. [18:53] smoser: does that sound like a good fit to be included in cloud-init? [18:53] lfaraone: what does this utility do that I cannot already do with cloud-config ? [18:55] lfaraone, bug 1153626 ? [18:55] Launchpad bug 1153626 in cloud-init "Multiple Interfaces and IPs not detected in AWS VPC" [Medium,Triaged] https://launchpad.net/bugs/1153626 [18:55] jrwren: I create an EC2 instance, and associate three IP addresses with the default network interface. I add another two network interfaces with a couple IPs each. [18:55] frojnd: well, given what you've pasted there, I'd say go with 'domain1.com' alone... [18:55] ie, is this "ec2-net-utils" ? [18:55] with the script I wrote, each available interface is initialised and dhcpd run if applicable, aliases are automatically configured for interfaces. [18:55] frojnd: (though it's been many years since I've run my own mail server, those neurons are getting thin and weak :) [18:55] i am interested in having something like that in cloud-init and in hooking into the same basic infrastructure as it would/will be created on openstack [18:56] smoser: I didn't look at ec2-net-utils, but it probably does something similar. [18:57] sarnold: yeah. Ok will do [18:57] lfaraone, the key thin gyou've not mentioned above is that it can/should run from udev hotplug [18:58] smoser: I hadn't investigated that, but it wouldn't be hard to add the relevant trigger, I'm sure. [18:58] * lfaraone hasn't worked with udev too much, previously. [18:59] lfaraone, so, generically, yes. i'd really like to have a solution for that [19:00] and i'm willing to help you if you're interested in ccreating one and getting into c loud-init and ubuntu [19:03] smoser: Awesome. Would this just live in cloudinit/config/handlers/? I can put what I have into a branch and work from there. === TDog_ is now known as TDog [19:04] i dont really think its a handler so much. handlers are for "parts" (of user-data) [19:05] dont worry about where it lands so much. [19:05] maybe just put it into a new dir named 'utils/' or something [19:05] and push a branch for me to look at. [19:06] smoser: I have a somewhat related question about the contributions process; mind if I PM? [19:07] thats fine [19:09] is there an updated lxc for precise besides the daily ppa? [19:24] This is amazing. netcat mail.mydomainq.com 25 shows: 220 mydomain1.com ESMTP Postfix (Ubuntu) When I do ehlo mydomain1.com I get: 250-mydomain1.com 250-pipeling, 250-status and a bunch of other 250-things... but when I do netcat mail.mydoman1.com 110 nothing happens, terminal goes into another line. Instead it should connect to the pop3 courier, am I right? === mjeanson_ is now known as mjeanson [19:28] frojnd: don't forget that pop3 / imap4 is completely unrelated to the esmtp that handles the incoming MX ... [19:30] frojnd: going to another line without any further response makes me wonder if you've hit a firewall that DROPs rather than REJECTS... how's your firewalling look? does your ISP put any firewalling in place? [19:32] sarnold: I've enabled tcp 110 port [19:32] frojnd: does it work locally? does netstat -alp | grep 110 show it? [19:33] ha [19:33] empty [19:34] frojnd: hunh. then your 'nc' should have failed immediately... [19:34] I thought ufw accepts changes right away after adding a rule [19:36] frojnd: oh, I screwed up, try netstat -nlp not -alp --- perhaps netstat looked up the 110 in /etc/services to report 'pop3' instead. sorry. [19:37] still... sudo netstat -nlp | grep 110 nothing [19:37] but ufw raw | grep 110 gives me: 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 [19:38] anyone know what `atd` is? [19:38] i see it in htop but i have no idea what it is nor do i recognize the system username (daemon) [19:39] TheLordOfTime: $ man atd [19:39] xnox, okay... why are atd and cron both running on the system...? [19:40] is that normal for 12.04 systems? [19:40] they do different jobs. cron is recurring, atd isn't [19:40] sarnold: does this matter? I have 2 external IPs Domains are set for the ip that isn't active in ifconfig [19:40] so then i shouldn't be alarmed by the sudden appearance of atd in the processes list. [19:40] okay, thank you [19:41] if it's new I'd ask why. but it's not unusual to have them in parallel [19:41] TheLordOfTime: it's required by lsb-core, Linux Standard Base it's one of the core components that is guaranteed to be available across all distributions.... [19:41] frojnd: if the port isn't shown open in netstat, that means your pop3 daemon isn't configured to open it, or the pop3 daemon isn't running [19:42] xnox, okay, i only asked because the server that i'm checking was listed in DroneBL's DNSBL as a botnet node, but the box is locked down and there's no evidence nor rogue processes... [19:42] atd was the only process i didn't immediately recognize. [19:44] roaksoax: https://code.launchpad.net/~zulcss/nova/icehouse-refresh/+merge/197595 [19:46] sarnold: ofcourse :S I used before dovecot and now I forgot to start it [19:46] I just installed courier-pop and imap for testing this [19:47] hi all, I start ubuntu minimal on my laptop,it load the keyboard then freeze. When I check the kernel message i read: ieee80211 phy: brcnsnac: fail to load firmware brcm/bcm43xx-0.fw [19:48] sda: try installing the linux-firmware package onto that host; it might require booting with 'single' or something similar.. [19:56] sarnold, how? i am trying to install a new system with ubuntu minimal cd. [19:56] sda: ah, so this is during the installer? [19:56] yes [19:57] sarnold, and i cannot skip [19:57] sda: oh, sorry, I misunderstood your first question. :( [19:58] sarnold, probably because i was not clear! :D anyway any ideas? [19:59] sda: sorry, I'm pretty weak at the installing end of things, I'm better once they're upand running ;) [20:06] sarnold, worth a try! [20:06] :D [20:06] sarnold, i'll try to use ubuntu server [20:07] sda: if all else fails, try the desktop disc -- it'll be mostly the same stuff, with the annoyance of networkmanager instead, but you can deal with that once it's running. :) [20:13] sarnold, but i don't want to install a gui, i don't want to install programs like firefox for my CLI server [20:14] sda: yeah, that's good, but if the laptop is gving you trouble, perhaps the desktop installer will do a better job of making it work. you can always turn off or uninstall X once it's installed [20:22] alot of new faces, very few old ones [20:27] Anyone on tonight who's got experience with ipsec certs who can help with a issue loading the certs in strong swan ? [20:36] Well that's interesting. I can't even send a mail using telnet [20:38] Oh and I've removed /var/log/mail.log and recreate it but now nothing will be saved in this file [20:38] I've made sure that it hass sufficent rights [20:43] frojnd: you may need to ask the server to rotate logs; if it has a filehandle open to the old log file and continues to log there, the file will not be accessible further but the data won't be freed until the server either rotates logs (and thus closes the file) or is restarted (and thus closes the file) [20:43] frojnd: check /proc/pid/fd/ for a list of files the server has open, one of them might be /var/log/mail.log (deleted) [20:44] sarnold: don't have /proc/pid/fd [20:44] not even /proc/pid [20:45] frojnd: ah, sorry, you have to look up the pid of your server via pidof postfix or something similar [20:46] smoser: I pushed up what I have to start with to https://code.launchpad.net/~lfaraone/+junk/configure-interfaces [20:46] pidof postix empty [20:48] does any one know how to run openssl to generate a cert without encryption ? [20:48] i run private/strongswanKey.pem -out cacerts/strongswanCert.pem and when pressing enter to skip password it errors saying password needed [20:48] lfaraone, thanks. i'll try to take a look at that tomorrow. [20:49] bitbyte_: Why aren't you using the strongSwan pki utils? [20:49] the honest answer is I don't know how [20:49] bitbyte_: http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA [20:51] jpds can i generate the certs from that method and implement them in the other config [20:51] bitbyte_: What other config? [20:51] sorry the link i posted from the walk through i was following i.e. http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client [20:52] bitbyte_: No idea about that, I've always used ipsec pki. [20:53] bitbyte_: But the client should just take the cert. [20:53] jpds ok cool i'll give a shot, do you know any other resources to look at as i find the strong swan documentation a bit hard to read [20:54] bitbyte_: I always go to strongswan.org. [20:54] jpds one last question do you know if osx will accept the .der certs in their inbuilt ipsec / keychain ? [20:54] if not ill google [20:55] sarnold: by server u mean postfix? [20:55] bitbyte_: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) [20:55] that page comes up as removed [20:56] bitbyte_: You're missing a ). [20:56] frojnd: yeah, at least I think that's what I saw you confiuring earlier [20:56] *face palm* [20:56] bitbyte_: And don't worry about the docs being hard to read, that's just ipsec. [20:56] jpds much appreciated this issues been bugging me for past few days [21:02] sarnold: so in theory reinstalling postifx could fix mail log [21:02] frojnd: I hope it wouldn't take -that- much -- try first a 'sudo service postfix restart' [21:03] sarnold: won't hel [21:03] help [21:03] or it won't log verbose :) [21:03] frojnd: hrm :/ [21:03] the problem is that I've start from the beginning. I'm trying to simply send email when connected to telnet localhost 25 [21:04] I leterally do this: ehlo localhost [21:04] mail from: root@localhost [21:04] rcpt to: test@localhost [21:04] data [21:04] subject: .... [21:04] and when I su to test and do mail: it says no mail [21:05] Oh and when I do . when trying to write an email, it says: 250 2.0.0 Ok: queued as A6E83CA00C2 [21:05] and still not /var/log/mail.log heh [21:06] I'd just like to know why it won't send email from localhost [21:07] frojnd: anything in mailq output? [21:07] Also when I do telnet localhost 25 it shows me 220 mydoman1.com ESMTP Postfix (Ubuntu) [21:07] sarnold: for user test, it's empty [21:12] Hi people! [21:12] what is disc containers and benefic=?? [21:15] jpds Hey can you take a look at the start up log for my ipsec as it's now throwing the same error when loading the certs but reversed ? if i paste bin the log and tell you the lines you ok to take a quick look ? [21:23] What is default logging facility in ubuntuserver? [21:23] I need to restart it to see if postfix will start logging afterward [21:23] frojnd: rsyslogd [21:24] sarnold: tnx [21:24] it was that 'r' infornt of syslog :) [21:24] :) [21:26] and it works :) [21:26] yay! [21:26] now you've got error messages you can use to actually fix your -real- problem :) but progress is progress, hehe [21:30] yeah :) [21:30] but it's not error I'm afraid [21:34] bitbyte_: Sure. [21:40] sarnold: [21:41] This is the newst log http://sprunge.us/CUOV when I try to send a mail as root to test [21:41] I have no idea what sysadmin is doing there [21:41] or how it gone there [21:42] frojnd: oof. grep for 'sysadmin' in /etc and see what turns up? :) [21:44] ah It's in /etc/aliases [21:44] from previous attempts of configuring.. I've updated aliases now [21:45] jpds i think i might have sorted it [21:45] jpds looks like it was myself being slack and not cleaning up mess from before [21:46] sarnold: finally :) [21:46] sarnold: got amil locally juhu [21:46] bitbyte_: Hehe. [21:46] frojnd: \o/ :) [21:47] sarnold: http://sprunge.us/WWcD this is how it looks like when it's working [21:47] frojnd: much better [21:48] yeah :) now I can build the rest of setup ssl only and stuff :) [21:48] I'd prefer pgp keys [22:20] sarnold: heh when I send mail from outside I don't receive mail [22:21] Specifically from gmail. But gmail won't state that that there is any error. So it's lost somewhere [22:22] hi all, i'm trying to install ubuntu server on my old laptop. Once I arrive at detect network, it stall because it's not able to load wifi firmware: ieee80211 phy0: brcmsmac fail to load firmware brcm/bcm43xx-0.fw. I don't need the wifi card to install. Any IDEA? [22:26] sarnold: u have any ideas why when I send email from gmail to my newly created server I won't receive mail? I've opened ports 110 and 143 I can also see them when I to netsetat -tlnp | grep 101/143 [22:39] ah [22:39] I think I know what the problem is [22:39] port 25 [22:39] which is not opened === TDog_ is now known as TDog [22:53] ha [23:21] Hello. I need to apply upstream patches to my ubunutu 12.04 server in response to a PCI scan as seen here:http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1635.html. Can give me a hint on how to get started? [23:21] crazysix_: ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635) === crazysix_ is now known as crazysix [23:25] ha [23:26] When sending mail using mailx from ubuntuserver to gmail account I see sent from: @mail.mydomain1.com and not @mydomain1.com lol [23:27] ANd myhostname is set to mydomain1.com :) [23:28] frojnd: don't forget there are two From headers; one, known as From_, is the "envelope From" header, and it is the one your MTA is liable to set. the other one, "From: ", is an email header set by the MUA, and it is unlikely to be changed by the MTA.. [23:28] anyone have any ideas on where to start here? Or a good resource? [23:29] crazysix: wow, what kind of idiot PCI scanner would pretend open_basedir() is a security mechanism??? [23:29] trustwave... [23:30] they also did not recognize any of the issues addressed by ubuntu packages and I had to dispute those. [23:30] crazysix: feel free to let them know that open_basedir() always has been and always will be a gigantic disaster, one more indicator that the PHP authors really didn't know what they were doing.... [23:30] but, now I have to remedy these [23:30] lol [23:30] will do [23:30] crazysix: I mean, if they wanted to report back, "hey, you're running PHP, that's a disaster", I'd agree, but "open_basedir() is broken", and ... wow. just wow. :) hehe. [23:30] however, I still have about 3 more issues that I need to apply these upstream patches for [23:31] lol [23:31] crazysix: oh? which else? [23:32] sarnold: I don't understand really. Where is this set. [23:32] here is another CVE-2011-4718 http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4718.html [23:32] crazysix: Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4718) [23:32] crazysix: Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4718) [23:35] crazysix: yikes, those patches look miserable. [23:36] sarnold: yeah, not too thrilled about this one [23:37] sarnold: I have to catch the bus. I'll be back later. Thanks for looking at those. [23:37] crazysix: can you instead demonstrate that your application's use of php sessions is managed like this? https://wiki.php.net/rfc/strict_sessions#current_solution [23:38] sarnold: I will try. Apparently Drupal already takes care of the session issue. I will try to make that argument [23:39] sarnold: thanks again [23:39] crazysix: have a good night, good luck :) [23:41] zul: just a reminder, will waiting on python-libvirt 1.2.0 :) [23:42] sarnold: about that mail.mydomain1.com which should mydomain1.com when I use mail to send mails to external emails.. I still don't understand where is this set in postfix [23:42] frojnd: depends upon which header was set to mail.mydomain1.com -- was it the envelope From_ header or the message From: header? [23:43] sarnold: I really don't know where this is set. At least in main.cf I didn't set anything like it [23:44] sarnold: this is the mail client issue not the postfix? [23:45] frojnd: then check your mailx configuration? [23:46] sarnold: aha now I get it