[01:15] <omfgitsasalmon> Hai, I'm new to networking and I'm curious about setting up a mail server with my Ubuntu server
[01:15] <omfgitsasalmon> Can anyone assist me?
[01:27] <fraq> omfgitsasalmon: in the past I have used sendmail as the MTA
[01:27] <fraq> what exactly are you trying to accomplish?
[01:42] <omfgitsasalmon> fraq: my server can't send email using PHP
[01:42] <omfgitsasalmon> I tried following tutorials but none of them work. Is it because I'm hosting it on a domestic network?
[01:43] <fraq> what tutorials have you tried?
[01:43] <fraq> bear in mind, I'm no expert at this. I just built a sendmail server as part of a larder experiment
[01:43] <fraq> *larger
[01:56] <neild64> Your isp could be blocking smtp
[10:03] <Pupeno> Is ntpd running enough to have the clock adjusted? I changed the time on a machine to see it in action and I'm not seeing ntp fixing it.
[10:05] <mardraum> pastebin ntpq -p
[10:07] <Pupeno> mardraum: https://gist.github.com/pupeno/9737576
[10:07] <rbasak> Pupeno: IIRC ntpd refuses to change the time by more than a few hours by default in case that breaks things. It also slews the clock slowly; you'll need to wait a day or two to see it come into sync again anyway.
[10:08] <Pupeno> I just want to make sure it's working since I change it to bind only lo. It shouldn't stop it from working, but just in case. Is there a way for me to do it? I can't find any logs that say "hey! clock is wrong, slowly fixing it." or sosmething like that.
[10:08] <mardraum> what rbasak says is 100%. Thought from your output you don't seem to be able to reach any ntp servers.
[10:08] <mardraum> though*
[10:09] <mardraum> bind only lo why? are you expecting to NAT it out from localhost?
[10:10] <Pupeno> mardraum: I just don't want ntp to be reachable by anybody (as a server), I'm just running it to keep the clocks synced.
[10:10] <mardraum> firewall it then?
[10:11] <Pupeno> mardraum: I'll firewall it too, but I prefer to have a close configuration as well for all services.
[10:12] <Pupeno> So, apparently I have to bind it to public IPs for it to reach ntp servers.
[10:12] <Pupeno> Why is that?
[10:15] <ogra_> Pupeno, you could just run ntpdate by a cron job once a day instead ... that saves you from having to run a daemon
[10:15] <mardraum> are you expecting to NAT it from localhost?
[10:15] <Pupeno> mardraum: no.
[10:15] <mardraum> then how could it possibly route to the public internet
[10:18] <Pupeno> mardraum: I'm not familiar with the NTP protocol, maybe it has some callback mechanism I'm not aware of, but my server doesn't need to bind 0.0.0.0:25 in order for it to open connections to port 25 in other servers and deliver email. I was expecting ntpd to open connections to my time servers without having to bind and listen in port 123.
[10:18] <mardraum> I'm not having a go at you. At least you didn't claim you hadn't made any changes and then fess up an hour later you made it only run on lo
[10:19] <Pupeno> I'm fine with ntp using other interfaces, I just don't want it to listen on them. The same way postfix is not listening on eth0, but it's using it to reach the Intenet.
[10:19] <mardraum> you run a MTA on localhost only that works fine sending and receiving mail?
[10:19] <mardraum> to internet hosts
[10:20] <Pupeno> mardraum: there's an MTA running listening only on 127.0.0.0:25 that routes email to the internet, yes.
[10:20] <Pupeno> I meant lo, port 25.
[10:21] <mardraum> cool, you must have some translation happening
[10:21] <Pupeno> mardraum: nope.
[10:21] <mardraum> perhaps NTP just refuses to work like that. I've never tried
[10:21] <mardraum> nope?
[10:21] <mardraum> pastebin some mail logs
[10:22] <Pupeno> mardraum: you don't need to listen on port 80 to connect to port 80. My browser doesn't listen on port 80 and connects to port 80 of any server out there.
[10:22] <mardraum> I never suggested that it did?
[10:22] <mardraum> browser will always use a high port anyway, but we are off topic
[10:23] <Pupeno> Well, so does postfix.
[10:23] <mardraum> your 127 address is not valid on the internet. If it can send email to an internet host, something is translating the address.
[10:23] <Pupeno> But also, they open the port to connect, not to listen, which is different.
[10:24] <Pupeno> mardraum: no, nobody is doing NAT. You don't need to do NAT. Program X talks to postifx on 127.0.0.1:25, postfix stores the email, then opens a random high port to connect to whatever:25 and delivers said email.
[10:25] <mardraum> a random high port on an interface it doesn't listen on?
[10:25] <Pupeno> mardraum: yes.
[10:25] <Pupeno> That's how TCP/IP works.
[10:25] <mardraum> TCP/IP specifies interfaces now?
[10:26] <mardraum> your postfix config would allow this to happen.
[10:26] <Pupeno> mardraum: no, TCP/IP specifies that you open a local port on a local IP to connect to a remote IP on a remote port.
[10:26] <mardraum> why you expect ntp to work the same I don't really know
[10:27] <Pupeno> mardraum: because that's how most tcp/ip clients work.
[10:27] <mardraum> guess you found the only one in the world that doesn't then?
[10:28] <Pupeno> mardraum: well, I have no proof one way or another, I will not just assume that I found an exception only because something I expected didn't happen. I need more information.
[10:56] <rbasak> lamont: any news on bug 1288823 please?
[12:42] <lamont> rbasak: let me get that uploaded
[12:45] <rbasak> lamont: thanks!
[12:59] <zul> jamespage:  when you get a chance https://code.launchpad.net/~zulcss/nova/2013.1.5/+merge/212214
[13:09] <zul> jamespage:  fixed
[13:12] <jamespage> zul, +1
[13:13] <zul> jamespage:  thanks
[13:13] <zul> jamespage:  ill double check the changelogs and start uploading in a couple of minutes
[13:14] <zul> jamespage:  forgot one from friday https://code.launchpad.net/~zulcss/neutron/2013.1.5/+merge/212226
[13:14] <jamespage> zul, double space in changelog
[13:15] <zul> jamespage:  fixed
[13:15] <jamespage> zul, +1
[13:17] <jamespage> zul, we need to ditch the distro tasks on https://bugs.launchpad.net/nova/+bug/1295674
[13:18] <jamespage> and just have one for Cloud-Archive
[13:31] <zul> coreycb: lemme know when you are done
[13:31] <coreycb> zul,  wil do
[13:37] <coreycb> zul, jamespage: https://code.launchpad.net/~corey.bryant/cinder/2013.1.5/+merge/212217
[13:39] <zul> coreycb: -1
[13:41] <coreycb> zul, should I drop all the "pin" change logs?
[13:41] <coreycb> zul, for glance and horizon
[13:41] <zul> coreycb: the non user facing ones so like sphinx yes
[13:42] <coreycb> zul, ok
[13:43] <coreycb> zul, I also noticed the logs are in reverse order vs the tracking branches in case that makes a difference
[13:43] <zul> coreycb: ye
[13:57] <coreycb> zul, cinder is ready for re-review
[13:58] <zul> ack
[13:59] <zul> Corey:  +1 from me
[14:02] <coreycb> zul, thanks  jamespage ^
[14:02] <coreycb> zul, jamespage: glance https://code.launchpad.net/~corey.bryant/glance/2013.1.5/+merge/212423
[14:03] <zul> coreycb: i thought we were going to skip glance
[14:03] <jamespage> coreycb, skip it
[14:03] <jamespage> the upstream changes are nullified by my patch
[14:03] <coreycb> zul, jamespage: that's right, forgot about that
[14:03] <jamespage> coreycb, hey - np :)
[14:03] <coreycb> :)
[14:08] <coreycb> zul, jamespage : horizon https://code.launchpad.net/~corey.bryant/horizon/2013.1.5/+merge/212225
[14:14] <jamespage> coreycb, I think the final commit is e6a4653 not b14debc
[14:15] <coreycb> jamespage, ok that is probably the similar case for cinder too
[14:16] <coreycb> zul: ^
[14:17] <zul> coreycb: arrgh
[14:18] <coreycb> zul, jamespage : I pushed horizon again
[14:19] <zul> coreycb: ill fix up cinder
[14:19] <coreycb> zul, I'm ready to push if it's easier
[14:19] <zul> coreycb: sure
[14:19] <coreycb> zul: pushed
[14:21] <zul> coreycb: thanks
[14:28] <coreycb> jamespage, when you get a second: https://code.launchpad.net/~corey.bryant/charm-helpers/1294140/+merge/212430
[14:36] <jamespage> coreycb, commented
[14:40] <jamespage> smb, I'm going to propose we backport the current iscsitarget to 12.04,12.10 and 13.10
[14:40] <jamespage> so we don't have todo this again for the 3.13 kernel
[14:41] <coreycb> jamespage, thanks, responded
[14:42] <smb> jamespage, Guess that works for me. So I could close my tracking bug and you can drive the other. If you have a bug number I can refer to in my report, just let me know.
[14:43] <jamespage> smb, lets just do it under bug 1262712
[14:44] <smb> jamespage, NAK, that is just plain confusing
[14:44] <jamespage> smb, why?
[14:46] <smb> jamespage, The current iscsitarget for me is 1.4.20.3+svn499-0ubuntu1 orin at least 496. This is not what the original tracking bug was for. And then we got some stuff in the comments from the old request and some from the new one
[14:49] <jamespage> smb, ?
[14:49] <jamespage> I'm a bit confused
[14:50] <jamespage> the original bug for for +490 - upstream trunk (as I just uploaded to 14.04) is only 9 commits on from that
[14:51] <smb> The tracking bug was opened to push the S version of it into older releases. Now you want to push the T version. It may only be a few commits but it is a different version and to be honest for me that is a new request.
[14:58] <zul> jamespage/coreycb: cinder and horizon uploaed
[14:58] <coreycb> zul, thanks
[15:13] <zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/2013.1.5/+merge/212232
[15:42] <zul> jamespage:  im dealing with kazoo right now
[15:51] <raj__> Is plymouth  anyway useful on server ? i see several plymouth entries in the processes listing ..
[15:56] <jamespage> zul, ack
[15:57] <jamespage> zul, niggle on the keystone MP - other than that +1
[16:00] <rbasak> raj__: http://web.dodds.net/~vorlon/wiki/blog/Plymouth_is_not_a_bootsplash/ provides a good explanation of why plymouth is also useful for server.
[16:17] <railsraider> Hi im trying to make upstart pre-stop stanza to sleep for x seconds before sending the sigkill but it seems that upstart doesnt accept it and kill imiddiately
[16:17] <railsraider> http://pastebin.com/2ruUqdav
[16:18] <railsraider> any idea how to wait before upstart do sigkill
[16:18] <zul> jamespage:  fixed
[16:21] <jodh> railsraider: 'kill timeout SECONDS' - see init(5).
[16:21] <railsraider> i tried that
[16:24] <jamespage> zul, +1
[16:25] <zul> jamespage:  well need the new oslo.rootwrap as well (#1081795)
[16:26] <rbasak> railsraider: looks like your problem is "exec". What's inside a "... script" stanza in an upstart job is just normal shell.
[16:26] <railsraider> seems like upstart ignores my sleep command and the kill timeout is how long to wait after sigterm to send sigkill
[16:26] <rbasak> railsraider: in shell, lines after a successful "exec" will never execute.
[16:27] <rbasak> railsraider: I don't know why you had "exec" there, in the first place, but try dropping it.
[16:27] <railsraider> rbasak: i have to make sure the processes exit gracefully how would i achive that
[16:28] <railsraider> thanks im trying that now
[16:31] <railsraider> rbasak: thanks so much worked on this all day i simply copy pasted the line from the script section
[16:31] <railsraider> it works now
[17:12] <jamespage> hallyn, seeing some lxc oddness in the OpenStack CI lab - "lxc-start: command get_cgroup failed to receive response"
[17:12] <jamespage> that's coming from lxc machines that juju is trying to start on one of the servers
[17:14] <hallyn> jamespage: do you have any more info from syslog, auth.log, or a container.log?
[17:16] <jamespage> hallyn, syslog, auth.log - nothing
[17:16] <jamespage> where do I find container.log?
[17:19] <vlad_starkov> QUESTION (cross-post): Can't boot on freshly installed 12.04.4 64bit. Got multiple CPU soft lockup messages. Could someone point me how to boot in verbose/debug mode to figure out what's going on?
[17:21] <rbasak> !crosspost|vlad_starkov
[17:23] <vlad_starkov> rbasak: Yep. For that I market question as "cross-post"
[17:24] <hallyn> jamespage: you can check /var/log/lxc/ ..  it depends where juju is directing it to put them
[17:24] <hallyn> jamespage: can you try createing and starting a contaienr by hand, see if htat fails too?
[17:25] <jamespage> hallyn, http://paste.ubuntu.com/7147289/
[17:27] <hallyn> jamespage: oh, i think that's a knwon bug in apparmor today.  tyhicks was assigned one
[17:27] <jamespage> hallyn, OK  - so long as someone knows :-)
[17:27] <hallyn> probably bug 1296459
[17:27] <jamespage> hallyn, that is latest everything
[17:27] <hallyn> jamespage: yeah try downgrading apparmor
[17:31] <jdstrand> hallyn, jamespage: fyi, tyhicks is assigned and knows the cause. he is working on a fix now
[17:31] <jamespage> ack
[17:32] <hallyn> cool, thx
[17:51] <hazmat> do nested containers need trusty kernel?
[17:53] <lutostag> hazmat: you can do nested lxcs pre-trusty with root
[17:57] <lutostag> just add lxc.aa_profile = lxc-container-default-with-nesting to your /var/lib/lxc/<top-level container name>/config
[17:58] <hazmat> lutostag, thank you
[18:01] <lutostag> hazmat: np :)
[18:22] <zul> hallyn/smb: libvirt xl fails to start because there wasnt a /var/log/libvirt/libxl/libxl-driver.log btw
[18:37] <hallyn> zul: meaning if the .log file doesn't exist, libvirt xl won't start?  it opens without O_CREAT ?
[18:48] <zul> hallyn:  yeah the directory is missing from the libvirt-bin.dirs
[19:03] <hallyn> zul: pushing a new package to fix that?
[19:04] <zul> hallyn:  yeah
[19:04] <zul> hallyn:  do you have anything else?
[19:10] <zul> smb: do you have any documentation on libvirt and xl?
[19:17] <hallyn> zul: oh, sorry, no i don't
[19:17] <zul> hallyn:  ack
[19:18] <zul> hallyn:  ok uploaded
[19:39] <adar> hi. do you know anyone know a good tutorial about security nginx ??
[22:07] <sarnold> hallyn: congratulations on core-dev :)
[22:09] <thumper> hallyn: when I run 'lxc-start', does that immediately put the container into STARTING mode?
[22:11] <thumper> I have an "lxc-wait -n ubuntu-local-machine-1 -s RUNNING|STOPPED" running after the lxc-start and it returns immediately
[22:11] <thumper> and lxc-info says stopped
[22:11] <thumper> but 8s later, it is started
[22:22] <Valduare> hi all
[22:39] <Valduare> whats the word on using these arm devices for bare metal servers in maas
[22:42] <sarnold> Valduare: I'd say "no" to pandaboards, my personal pandaboard hangs often; they fell over often when we used them for builders, too
[22:43] <sarnold> Valduare: I hope you're talking about real servers though :) I suspect they'd be quite a lot nicer.
[22:43] <Valduare> I havnt used a panda board myself
[22:43] <Valduare> I have a few mk808 devices that have been real solid
[22:44] <Valduare> but these mk902 have rj45 and quad core
[22:45] <Valduare> sarnold: anyways just wondering if I can get them under maas to play with
[22:46] <sarnold> Valduare: try asking in #maas -- the little I've played with it, it looks pretty flexible, if you can figure some way to remotely power them on and off..
[22:47] <Valduare> half a watt idle, they could stay on :P
[22:47] <sarnold> niiiiice
[23:15] <hallyn> thumper: yes, lxc calls it started when init has started
[23:16] <hallyn> thumper: you're probably interested in bug 1266808.
[23:44] <blottoface> I did an aptitude install mediawiki and uncommented out the Alias line in /etc/mediawiki/apache.conf.  Then I did a a2enconf mediawiki.  Then I restarted apache2 services.  It complains about permissions when I try and visit the site.  :(  The www-data user and group has read permissions.  The error in the log says "client denied by server configuration"
[23:46] <Valduare> #maas is dead channel tonight..
[23:48] <Rallyball> My pc won't read my flashdrives but the system will recognize it, anybody know why?
[23:50] <sarnold> blottoface: that could be the server configured to deny or not allow based on IP address, or any other number of reasons.. it'd be nice if it could tell you -why- it was denied...
[23:51] <sarnold> Rallyball: perhaps they are formatted with a filesystem your kernel can't read?
[23:51] <Rallyball> Yes, that's probably it, thanks.
[23:52] <Rallyball> Do most flashdrives load a default file system depending on the OS?
[23:52] <Rallyball> Or is there something I have to do to load them from the pc?
[23:53] <Rallyball> In other words, are most flash drives compatible with Linux?
[23:53] <sarnold> Rallyball: most flash drives come formatted with vfat, because it is the only filesystem that mac os x and windows have in common
[23:54] <sarnold> (vfat more or less equals fat32..)
[23:54] <Rallyball> That makes sense.
[23:54] <Rallyball> How do I format it to accept linux files?
[23:54] <sarnold> Rallyball: mke2fs on the /dev/whatever block file
[23:55] <Rallyball> Ok, thanks.
[23:55] <sarnold> Rallyball: if it is partitioned you may wish to change the filesystem type tag in the partition table using fdisk or gdisk
[23:56] <Rallyball> Yes but I will need to dump the data first.