/srv/irclogs.ubuntu.com/2014/01/02/#ubuntu-server.txt

=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
krababbel	Hi, why is there a relative path in openssl.cnf for CA_default? Where should I keep my files like certs if I want to be my own CA for a LAN? Some say in /root/ca but others suggest /etc/ssl	03:09
krababbel	Also I want to create a certificates for my webserver and mailserver. Without my own CA signing both certs, I'd need to install multiple certificates on clients, correct? With my CA, a client could verify both mail and web certs using only the CA cert, correct?	03:14
patdk-lap	depends on what you do	03:16
patdk-lap	you could have some other ca sign them	03:17
krababbel	patdk-lap: I need to sign them myself, it is just a test LAB.	03:17
krababbel	patdk-lap: So if I sign them myself, my clients in the lab could verify all server certificates, which were signed by my CA, and the clients would only need to install my CA certificate, correct? I am a bit unsure now.	03:19
krababbel	patdk-lap: Otherwise I could just self sign the certs on the mailserver and webserver for example each.	03:20
patdk-lap	yes	03:20
patdk-lap	but the server would need it's certificates and any intermediate certs (that doesn't sound like your making)	03:20
krababbel	patdk-lap: OK, thank you a lot.	03:23
rsd	any good suggestions for a MON replacement (if any)?	03:48
patdk-lap	what is a mon	03:49
rsd	system monitoring, alert, etc	03:49
krababbel	I am unsure about LDAP authentication and /home on an NFS server. If the LDAP and NFS servers are different machines on the network, could pam_mkhomedir create the homedirs on the NFS server on first login?	05:31
krababbel	Why is it a problem with having both local and LDAP homedirs in /home? I read that usually you should separate them, but I don't see why. Aren't UID and GID enough?	05:39
krababbel	Maybe that's only for users which already exist locally.	05:45
krababbel	Or is the problem that a local user trying to login and mounting their /home/... could be rejected by the NFS server because NFS may not find that user in LDAP and locally, I guess.	05:49
krababbel	So if the same local user already exists on all machines, and the only additional users in /home would be LDAP users, then separating /home wouldn't be necessary?	05:51
=== sivatharman__ is now known as psivaa
=== ikonia_ is now known as ikonia
Rar9	morning. need some help with an Error 503 for installing Solr4 with Tomcat7 .. Anyone?	09:25
ikonia	Rar9: 503 is service unavailable suggesting that it's not listening on the port you have defined, or it is listening but the application is not configured (which is common with solr)	09:43
=== Ursinha_ is now known as Ursinha
=== gary_poster\|away is now known as gary_poster
=== highvolt1ge is now known as highvoltage
krababbel	Why is it a problem with having both local and LDAP homedirs in /home? I read that usually you should separate them, but I don't see why. Aren't UID and GID enough? But if there is only the same local user on all machines, and the only additional users in /home would be LDAP users, then separating /home wouldn't be necessary?	13:08
=== mjohnson15_2 is now known as mjohnson15
=== dannf` is now known as dannf
zul	rbasak/hallyn: im adding that arm64 patch before uploading a new libvirt (1.2)	15:52
ahnkle	i am thinking of getting a Proliant DL140 G3 for personal use. there is an Ubuntu 10.04 release. is this retired now?	15:54
rbasak	zul: I'm not sure we should right now.	15:54
rbasak	zul: I don't want to cause a future conflict with a Linaro patch.	15:54
rbasak	I emailed Clark (Linaro) to get his view.	15:55
zul	rbasak: arrgh after i rediffed it	15:55
rbasak	Since he's doing the libvirt armhf/arm64 enablement work which involves pushing it upstream.	15:55
rbasak	zul: well, I did say in the bug·	15:55
zul	rbasak: yes but im not awake yet :)	15:55
hallyn	zul: bug 1264955 - any objections to nfs-common being in libvirt build-dep?	16:25
uvirtbot	Launchpad bug 1264955 in libvirt "libvirt: find-storage-pool-sources work unexpected" [Undecided,New] https://launchpad.net/bugs/1264955	16:25
zul	hallyn: nah	16:28
zul	hallyn: 1.2.0 has been uploaded like a half hour agao	16:28
hallyn	yeah - and on the one hand i don't want a new uplaod just for that, but otoh if we don't do it now we'll never remember :)	16:34
hallyn	well i've added it to my long list of libvirt bugs to work on when i have time	16:35
zul	hallyn: sweet...just batch them up :)	16:35
krababbel	Hi, is there a problem sharing one public folder over samba and nfsv4 at the same time?	16:50
jrwren_	no, no problem.	16:51
krababbel	jrwren_: OK thanks, I'll try that.	16:51
jrwren_	why would there be a problem :)	16:51
krababbel	jrwren_: I asked because NFSv4 uses usually this special folder /exports	16:52
krababbel	So I was unsure if they'd work nicely together. (samba and nfs)	16:53
jrwren_	oh no.	16:55
jrwren_	that /exports is just a default config. you can export anything	16:55
krababbel	jrwren_: Thank you a lot. :)	16:55
hallyn	zul: is ppa:ubuntu-cloud-archive/havana-staging "the havana cloud archive" ?	17:23
zul	hallyn: its the staging area http://www.ubuntu.com/download/cloud/cloud-archive-instructions	17:24
hallyn	where is the real havana cloud archive then?	17:24
hallyn	oh i see, thx	17:25
hallyn	how do i add the apt-key?	17:25
hallyn	eh, nm. no matter for the test	17:26
=== gaughen_ is now known as gaughen
=== justizin_ is now known as justizin
hallyn	zul: are you doing anything right now on libvirt apparmor bugs?	17:44
hallyn	jdstrand: can I (later today/tomorrow) point you to some debdiffs relating to libvirt-apparmor?	17:45
zul	hallyn: nope just getting libvirt-python ready for mir	17:46
hallyn	oh i thought with merge from debian you didnt' have to	17:46
hallyn	ok. just one more lxc thingie and then i'm hitting libvirt-apparmor hard.	17:46
zul	hallyn: nah i wish it was like that	17:46
=== gary_poster is now known as gary_poster\|away
=== gary_poster\|away is now known as gary_poster
adam_g	zul, if you get some minutes today could you plz take a look at the 2013.2.1 branch updates at https://code.launchpad.net/~ubuntu-server-dev/+activereviews ?	18:43
zul	adam_g: 2013.2.1?	18:44
adam_g	zul, the first havana stable release	18:44
zul	adam_g: cool gimme a sec	18:45
adam_g	zul, no rush	18:45
zul	adam_g: +1	18:48
adam_g	zul, nice thanks	18:49
=== melter_ is now known as melter
=== pHcF_ is now known as pHcF
krababbel	I want to export /home directories over NFS. Why do people say it is a problem if I do not separate the remote home folder from the local home?	20:02
krababbel	For example like described here in the second paragraph: http://nickportertech.blogspot.co.at/2010/02/ubuntu-machine-with-nfs-home-and-ldap.html	20:02
jrwren_	krababbel: its only a problem if you want to login to an nfs client system when the nfs server is down	20:04
krababbel	jrwren_: OK thanks a lot, of course, I am tired. :)	20:05
jrwren_	if that is not a requirement, then it is no problem.	20:05
krababbel	jrwren_: I see, yes.	20:06
=== cmagina_ is now known as cmagina
=== Guest35485 is now known as Rasmus`
hallyn	jdstrand: in qrt test-libvirt.py, there are two lines restoring "/etc/apparmor.d/abstracations/libvirt-qemu" <sic>. Is that some intended genius, or a typo?	21:45
tclarke	I'm setting 12.04 MAAS and I'm having trouble following the install docs...I get to the point where I need to d/l initial boot images and run "maas-cli mynam node-groups import-boot-images" where mynam is the name of my login profile	21:49
tclarke	node-groups: error: argument COMMAND: invalid choice: u'import-boot-images' (choose from 'register', 'list', 'refresh-workers', 'accept', 'reject')	21:49
=== tclarke is now known as tclarke\|AFK
stdaro	https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/257857 is pretty unpleasant, still applies today	22:01
uvirtbot	Launchpad bug 257857 in openjdk-6 "openjdk-6-jdk should depend on openjdk-6-jre-headless too" [Low,Triaged]	22:01
=== gary_poster is now known as gary_poster\|away
bravvve22	hello am newbe,in a vps ubuntu 10.04 is installed and if config gave me venet0:0,no eth0 what meen?	22:20
bigjools	tclarke\|AFK: you need to run the version of maas in the cloud archive	23:06
adam_g	zul, ping	23:41
krababbe1	Hi, if I enable no_root_squash on an export, could it be dangerous for the NFS server, or would that "just" allow a remote root to do anything within that export folder?	23:44
bekks	krababbe1: yes, it could dangerous, dependingon what you are sharing.	23:45
krababbe1	The problem is, that I want to have an NFS server export /home to clients. These clients are LDAP accounts, and I want to use pam_mkhomedir to create their homes on first login. But I get 'permission denied', and I guess it has to do with the fact that remote machines are restricted by root_squash. With no_root_squash it seems to work.	23:47
krababbe1	bekks: The NFS server, LDAP server and client are three different machines on the LAN.	23:48
bekks	krababbe1: Which doesnt matter, and doesnt clarify which shares you are going to share with no_root_squash	23:49
krababbe1	bekks: The /home folder would be shared with no_root_squash.	23:49
krababbe1	bekks: On the NFS server it would be /mnt/home, since I separated local home from LDAP user's homes	23:50
bekks	krababbe1: Unless root isnt going to use stuff from /home, it's nasty, but somehow safe.	23:50
krababbe1	bekks: I guessed so. :) Is there an similar alternative?	23:51
krababbe1	using pam_mkhomedir I mean	23:52
krababbe1	I am doing this for the first time.	23:52
hitsujiTMO	krababbe1: i'd also ensure subtree_check is used	23:52
krababbe1	hitsujiTMO: Thanks, I'll try that.	23:53
adam_g	zul, anyway, /me needs sponsorship for http://people.canonical.com/~agandelman/heat-2013.2.1/ . can you help? guess heat is not seeded properly?	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!