energizer | This is my first server. I just ran "sudo apt-get install apache2". Now when I navigate to localhost, I get "it works!" When I go to my host's IP from a different computer, I get nothing ("taking too long to respond".) What do I need to do? | 03:50 |
---|---|---|
qman__ | apache listens on all addresses out of the box, and the firewall is accept-all out of the box too | 03:53 |
qman__ | so either you configured something to block it, or you're going through a router that's not set up right, etc | 03:53 |
energizer | Oh i didnt even think about the firewall. I had ufw enabled. Thanks! | 03:54 |
energizer | I set up an apache server, put an episode in /var/www and now I'm downloading it from another computer. Downloaded 39% in a few seconds, and hasnt made any progress for a long time. Its a 180MB file. Any suggestions. | 04:30 |
airtonix | energizer: use nginx instead? | 05:20 |
=== pug is now known as Guest90499 | ||
adam_g | jamespage, https://code.launchpad.net/~gandelman-a/charms/precise/nova-compute/early_keystone/+merge/164836 one last bug fix to the bash charms before they get merged. hit this when i changed up ordering of relations in deployer config | 05:26 |
energizer | How do i get my index.html to list all of the files in /var/www ? | 05:49 |
rustx | energizer: you really want do that in html ? | 05:50 |
andol | energizer: If you want a directory listing the easiest is generally to not have any index.html, and make sure that your web server has its indexing option enabled. | 05:50 |
energizer | So if I jsut delete index.html, that will automatically happen? | 05:51 |
andol | energizer: That all depends on how your web server is configured. | 05:51 |
energizer | I guess so! Thanks. Is there any reason not to do that? (Just making sure I understood rustx's comment correctly) | 05:54 |
greppy | energizer: it may expose files or directory structure that you don't want others to see. | 05:56 |
energizer | ok thanks | 05:57 |
rustx | energizer: well: You could use DirectoryIndex, but i advise you to configure your Allow from rules to be sure not to expose file directory structure to the whole world (as greppy said) | 06:01 |
energizer | Is it correct that I'm only exposing /var/www and subfolders? | 06:04 |
energizer | rustx if i want to make files available to friends, is this a reasonable and secure way to do it? | 06:06 |
rustx | yep, could be | 06:08 |
rustx | energizer: you have 2 choices : either use Allow From rules, and match the exact IP your friend have at home (or any IP they use) | 06:08 |
rustx | energizer: this will make directory list avaiable only from the IPs you configure | 06:09 |
rustx | energizer: or, the second choice, more simple, would be to use a .htaccess and htpasswd to provide them a password without restriction on IPs to use .. | 06:09 |
rustx | energizer: the second choice can be simple if your friends don't have a static ip | 06:10 |
rustx | energizer: most of IPs provided by ISP can be dynamic, and in that case, the first choice is more complex | 06:10 |
energizer | Whats the difference between these two methods? (http://bit.ly/13DFYdk) | 06:14 |
energizer | rustx: That looks helpful-- thanks. In the Ubuntu community page (https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles), it recommends using the main server configuration file instead of htaccess files. If I want to try the 'recommended' way, is it the same procedure as .htaccess? Any ideas? | 06:26 |
rustx | energizer: let me check your links | 06:29 |
rustx | energizer: 2 sec | 06:29 |
energizer | rustx thanks | 06:29 |
rustx | energizer: ok | 06:30 |
rustx | energizer: when using apache, you can create several virtualhosts | 06:30 |
rustx | energizer: if you only have one, you can password protect the default virtualhost (which is in /etc/apache2/sites-avaible/default) by using the following directives | 06:31 |
rustx | .htaccess can be also used, but the simplier for you is the following | 06:31 |
rustx | energizer: http://pastebin.com/xMCyLg6r | 06:33 |
rustx | on that way, each time apache will look to serve your default virtualhost, it will check the password file in /var/www/.htpasswd | 06:33 |
rustx | then, to create your user/pass in that file, you have to use the following command : htpasswd -cm youruser | 06:33 |
rustx | the shell will ask for your password twice, and when it's ok, your directory will be protected | 06:34 |
rustx | energizer: if you need to add another account to that password file, just remove the 'c' option from htpasswd command (as c option is to create the file ...) | 06:34 |
rustx | energizer: to add friends, the command to use will be htpasswd -m myfrienduser | 06:34 |
rustx | energizer: is that clear enough to you ? | 06:34 |
energizer | thanks. lemme give it a look-over | 06:35 |
rustx | energizer: in my pastebin, i just forgot the Option +DirectoryIndex | 06:35 |
rustx | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +DirectoryIndex | 06:35 |
rustx | it will work fine, trust me ;) | 06:35 |
rustx | energizer: of course, when you change your directory cofniguration, you need at least to reload apache | 06:37 |
rustx | or restart ^ ^ | 06:37 |
energizer | rustx so by default i have this stuff (http://pastebin.com/4n4J4psw) in my sites-available/default. I'm supposed to replace it with your pastebin? | 06:38 |
rustx | energizer: exactly | 06:43 |
rustx | energizer: just the <Directory /var/ww> part to ... </Directory> | 06:44 |
energizer | I'll give it a shot. Thank you! | 06:47 |
rustx | energizer: you're welcome | 06:50 |
energizer | rustx you still here? | 07:18 |
rustx | energizer: yep | 07:20 |
rustx | still at work, so still there :) | 07:20 |
energizer | rustx cool. When I restart apache, i get 'illegal option DirectoryIndex' | 07:22 |
rustx | energizer: yep, my bad/ Replace 'DirectoryIndex' by 'Index' and it will be fine | 07:23 |
rustx | Options Indexes is enough for what you want to do | 07:24 |
rustx | which means directory listing, .. | 07:24 |
energizer | rustx ok I restart apache successfully with '+Indexes'. Now when i try to access localhost, i get '500 local server error' | 07:27 |
rustx | ok | 07:28 |
rustx | energizer: do 'a2enmod rewrite ' | 07:29 |
rustx | htpasswd needs rewrite mod to be enabled | 07:29 |
rustx | you can have all enabled mods thanks to : apache2ctl -M | 07:29 |
rustx | i guess you missed the rewrite module activation to use htpasswd|htaccess | 07:29 |
rustx | then restart apache .. and it should work :) | 07:30 |
rustx | 3 time i say you this .. jejeje .. | 07:30 |
rustx | but i am also working on puppet stuff at the same time | 07:30 |
rustx | sorry for the mistakes i forgot to fix before answering | 07:31 |
rustx | energizer: but this is making you having a good starting knowledge about apache2 :) | 07:31 |
rustx | which is also great : the one that don't do mistake ... don't learn nothing :) | 07:32 |
energizer | so i ran 'a2enmod rewrite' and restarted apache. same 500 error. | 07:33 |
rustx | paste me errors logs please ? | 07:36 |
rustx | hooo .. dit you make the password file ? | 07:36 |
rustx | htppasswd -cm /var/www/.htpasswd energizer | 07:36 |
rustx | sorry, htpasswd -cm /var/www/.htpasswd energizer | 07:36 |
rustx | this is the reason why : no .htpasswd file to read :) | 07:36 |
rustx | 500 errors sounds like no file to read for password ... | 07:37 |
rustx | we wil get it | 07:37 |
rustx | you make me reminds my apache knowledge. That makes long time I switched to nginx .. | 07:38 |
energizer | rustx It works beautifully. I had put my password in the wrong folder. | 07:40 |
energizer | rustx wait not so fast | 07:40 |
=== Guest97906 is now known as smokie | ||
energizer | rustx ya it works wonderfully. | 07:44 |
rustx | energizer: good then | 07:45 |
rustx | energizer: happy you could learn how to set htpasswd protection on apache ;) | 07:45 |
energizer | rustx Thanks very much! I suppose I should ask-- what is the difference between your pastebin and the code in here: https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles | 07:47 |
rustx | energizer : the difference between your setup and ubuntu web page concerns particular directory into a main directory. In your case, your password protection was done on the main root document /var/www | 07:48 |
rustx | energizer: in apache, you can set different rules for each directory inside /var/www by putting a .htaccess file inside | 07:49 |
rustx | each time apache browse a directory inside /var/www, it will check if .htaccess rules exists, so that to apply those into the directory - or not ... | 07:49 |
rustx | we did a 'default conf', but if you need different rules for different directory, then you should use .htaccess file | 07:50 |
rustx | energizer: at the end, the .htaccess file overrides your default rule inside an apache directory .. :) | 07:50 |
rustx | energizer: this is the way apache works. But, having a file read inside each directory is not so good for performances. According to me, it is better to set all particular rules into your vhost configuration | 07:51 |
rustx | energizer: only depends what you need to do at the end | 07:51 |
rustx | energizer: is that clear enough ? for that explanation about .htaccess ? | 07:51 |
energizer | That is very good. Thank you very much! | 07:55 |
energizer | rustx ^^ | 07:55 |
rustx | energizer: you're welcome dude | 07:56 |
energizer | rustx Last thing. I think that i could stream video from the server before i put up the password. It doesnt seem to work now. Did these settings disable that? | 08:08 |
rustx | nope | 08:08 |
rustx | hum, maybe because of the directory index | 08:09 |
rustx | you maybe can't list file, and read them in the server | 08:09 |
rustx | the server certainly ask you to download those .. | 08:09 |
rustx | you have to choose, or set a DirectoryMatch rules, so that not to index the directory that serves the files on the which one you want to go with streaming | 08:10 |
energizer | rustx i want to double-check that i can do it without the index | 08:11 |
energizer | rustx so now even without +Indexes streaming doesnt work | 08:18 |
rustx | energizer: brb | 08:29 |
energizer | rustx np | 08:29 |
rustx | energizer: what are the options you are using at the end ? | 08:31 |
energizer | rustx Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +Indexes | 08:31 |
rustx | energizer: try with remove -Multiviews option .. | 08:34 |
rustx | reload apache .. and streaming should work | 08:34 |
energizer | rustx didnt work | 08:37 |
rustx | :( | 08:37 |
energizer | mp3, mp4, avi -- none work | 08:37 |
energizer | rustx i found this thread. bottom comment seems to solve it for him, but im not sure how to apply it here | 08:40 |
energizer | rustx http://ubuntuforums.org/showthread.php?t=2142911 | 08:40 |
caribou | Daviey: regarding the rsyslog SRU (bug: LP#1169740), I added a comment | 09:53 |
caribou | Daviey: I'm not able to reproduce the race condition with the modified script | 09:53 |
Daviey | caribou: It sounds like the test script never worked to identify the issue :) | 09:55 |
Daviey | caribou: But, it also looks like it doesn't make the situation worse. | 09:55 |
caribou | Daviey: that's my assumptio | 09:55 |
caribou | Daviey: yeah, that's what I discussed with Adam, hence marking it verification-done | 09:56 |
SirT | Hi there, i have just set up ubunut server on a virtual machine, but when i boot into it i get to the command line instead of the GUI. I have tried to use apt-get install ubutnu desktop, but get a 403 Forbiddon error | 10:33 |
SirT | can anyone help? | 10:33 |
=== Solarra is now known as katsy | ||
edenist | by default, ubuntu server is CLI only | 10:38 |
edenist | you can install a desktop | 10:38 |
simosx | SirT, Ubuntu Server comes by default with the command line. | 10:38 |
edenist | what version of ubuntu server? | 10:38 |
edenist | you may be better off installing a desktop version of ubuntu if that is what you require. Every package that runs on server can be installed on Desktop version as well | 10:38 |
simosx | edenist, do we recommend to use Zentyal for those who require an easier management experience? | 10:39 |
* RoyK recommends learning the commandline | 10:39 | |
edenist | SirT, if you are getting a 403 forbidden error, it sounds like your network hasn't been configured correctly during install. In which case, you wont be able to install any packages. | 10:41 |
SirT | Thank you for you help | 10:43 |
SirT | i think it seems to be a firebox firewall issue | 10:43 |
SirT | i will add an exception and let you know | 10:43 |
SirT | IT was a firewall problem - :) | 10:52 |
edenist | glad thats working now | 10:53 |
resno | its always the firewall | 11:10 |
Solarra | stupid question: do you folks know a linux piece of software that provides a similar functionality to TVersity Media server? | 11:18 |
resno | what do you want it to do? | 11:19 |
resno | what is the "similar functionality" you want | 11:19 |
Nafallo | Solarra: something like minidlna? | 11:19 |
edenist | there's quite a few. google "linux DLNA server". Some I have used are fuppes, ps3mediaserver..... | 11:22 |
Solarra | do those also support on the fly encoding? | 11:24 |
edenist | they do, but not all of them support it natively themselves. I believe most just use FFMPEG | 11:25 |
edenist | or MPLAYER | 11:25 |
edenist | mediatomb as well is another I have used, was a few years ago now though so I dont know if it is still maintained. I've never used on the fly encoding though. | 11:26 |
germanstudent | I'm having problem mounting sshfs on Ubuntu 12.04 at startup. Does someone know a good tutorial or something? | 11:40 |
Madkiss | cheers | 11:54 |
Madkiss | how do I set the DefaultTime2Retain global value for TGT storage volumes? | 11:54 |
SirT | im tryin gto edit the interfaces file to make my ubuntu server static ip. i have opened and edited in nano - how can i save this? i have tried to change it in editor, but it says i do not have permissions. | 11:54 |
hXm | SirT: press ctrl+o | 12:07 |
hXm | if you dont have permissions you need open it with root privileges | 12:08 |
=== gary_poster is now known as gary_poster|away | ||
ak5 | hi, how do I add repositories? according to google there is something called apt-add-repository but not for my 12.04 system | 12:14 |
zul | yolanda: https://code.launchpad.net/~zulcss/nova/noava-ftbfs-refresh/+merge/164650 | 12:15 |
yolanda | hi zul | 12:15 |
yolanda | ok | 12:15 |
rbasak | ak5: http://stackoverflow.com/questions/13018626/add-apt-repository-not-found | 12:15 |
=== gary_poster|away is now known as gary_poster | ||
=== Solarra is now known as Solarra_ | ||
ak5 | ty | 12:18 |
ak5 | although thats weird that one fix works for some another for others | 12:18 |
ak5 | the accepted answer didn't work for me | 12:18 |
ballock | Hello, guys :) | 12:39 |
ballock | as advised I posted this authentication stuff to ubuntu-devel-discuss | 12:39 |
ballock | https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2013-May/014518.html | 12:39 |
ballock | Perhaps I can get some of your attention? | 12:39 |
jcastro | I skipped to the bottom. :) | 12:41 |
jcastro | I've deployed a bunch of machines with auth too and remember doing a similar analysis | 12:41 |
jcastro | ballock: hey so I think the first step is to shove this all into a blueprint | 12:42 |
jcastro | and then submit it for discussion at the next virtual UDS. | 12:43 |
ballock | jcastro: you mentioned some of your analyses, were those published? | 12:44 |
jcastro | yeah but it was around ubuntu 7.10ish | 12:44 |
jcastro | let me dig it up | 12:45 |
ballock | sssd wasn't pretty much there yet | 12:45 |
jcastro | oh this is way before | 12:45 |
ballock | but the rest should pretty match | 12:45 |
qman__ | samba 4 wasn't around either, and it's a real game changer | 12:45 |
ballock | qman__: I wouldn't necessarily agree | 12:46 |
qman__ | for a pure linux environment I can see why you would not want to use it | 12:46 |
qman__ | but for cross-platform compatibility it's the obvious choice | 12:46 |
jcastro | at the time I just used AD | 12:46 |
ballock | If you think that Microsoft is supposed to be the Directory server then perhaps so. | 12:47 |
qman__ | you don't need any microsoft servers to use it | 12:47 |
qman__ | it's just microsoft compatible | 12:47 |
ballock | But I wouldn't base my decision on something from that stable. | 12:47 |
ballock | I know you can have a Samba4 DC now | 12:48 |
qman__ | it's not from that stable, it's a completely open source software | 12:48 |
jcastro | plus remember you have like a year until the next LTS | 12:48 |
ballock | I am aware of it. | 12:48 |
jcastro | so, now's probably the time to talk about it | 12:48 |
ballock | But still Samba4 will need to follow Microsoft's footsteps | 12:49 |
ballock | because that's their primary goal | 12:49 |
ballock | - to create a Microsoft-compatible domain controller | 12:49 |
ballock | and client support | 12:49 |
qman__ | yes, which will ensure continued cross compatibility in the future | 12:49 |
ballock | If Microsoft decides to change the protocol, Samba will again behind it. | 12:50 |
ballock | Of course Microsoft | 12:50 |
ballock | "fearing" the monopoly problems with EC or the US something | 12:50 |
qman__ | Microsoft isn't going to do anything to purposely break samba; they helped the samba guys get it working | 12:50 |
jcastro | Last I checked all their specs were open and they were working with the Samba guys | 12:50 |
qman__ | at this point, microsoft is all for it | 12:51 |
qman__ | and they really don't stand to gain anything by doing a 180 | 12:51 |
ballock | will "support" samba to dismiss the accusation of monopoly in this market. | 12:51 |
qman__ | it isn't about trust, it's about simple business sense | 12:51 |
qman__ | and even if they do, the current product will continue to work with all existing products | 12:51 |
ballock | I do not think the Samba team managed to port all the AD management products like the Group Policy Editor | 12:52 |
ballock | I mean, the mechanisms with RPC are there | 12:52 |
ballock | but you are supposed to manage it with Microsoft's products anyway | 12:53 |
ballock | there comes a licensing problem | 12:53 |
ballock | aside from the patenting stuff | 12:53 |
ballock | i.e. that Android tax you might have heard of | 12:53 |
ballock | I wouldn't be shocked to hear Microsoft has a patent for CIFS or for its subset. | 12:54 |
ballock | I admit I haven't checked how Samba4 client behaves in my environment. | 12:55 |
ballock | I wish them the best. | 12:55 |
ballock | But as Microsoft is providing an LDAP and Kerberos interface to its directory, why not use that instead? | 12:55 |
ballock | It's an open standard and fits for a more generic case - | 12:56 |
ballock | not only for AD. | 12:56 |
rbasak | ballock: thanks for sending that email, and for doing all the work and research behind it. | 13:03 |
jamespage | hallyn, does this commit for qemu have SRU potential? http://lists.nongnu.org/archive/html/qemu-stable/2013-05/msg00066.html | 13:04 |
rbasak | ballock: it's great to see somebody driving this, especially somebody who is managing production deployments. | 13:05 |
hallyn | jamespage: hm, i'm not sure. it's a perf improvement, not a fix for any sort of crash | 13:06 |
hallyn | jamespage: are you talkign about to precise, or to raring (which has 1.4.0) ? | 13:06 |
jamespage | hallyn, I think precise is probably not realistic - but raring might be OK? | 13:07 |
ballock | rbasak: thanks for appreciation, I hope to have some progress on it | 13:07 |
hallyn | jamespage: i assume you're asking bc you or someone else reported impressive gains with it? | 13:07 |
hallyn | if so, i can give it a whirl. though this week, starting today, i was goign to first merge 1.5.0 into saucy | 13:08 |
jamespage | hallyn, someone asked me in #ceph on OFTC | 13:08 |
rbasak | ballock: I used to work in this area in a former job. But now I'm a full time developer, and so I can't be as up-to-date with this stuff as you are. | 13:08 |
jamespage | hallyn, work on 1.5.0 first | 13:08 |
ballock | I have no access to change the actual packages nor have the contacts to ask who is able to fix stuff | 13:08 |
ballock | besides it is supposed to be discussed first, that's what I am trying to achieve | 13:09 |
hallyn | jamespage: oooh, i see. it mainly affects rbd. i missed that from the description :) | 13:09 |
ballock | Is the post in the right list to get attention or should I post links to some other lists or channels? | 13:10 |
ballock | Perhaps I should inform some individuals? | 13:10 |
ballock | The vUDS idea is good, but I think there are things to check before getting there. | 13:10 |
rbasak | ballock: right. If you get it agreed in a blueprint after discussion at the next vUDS, and you then provide patches to packages that are acceptable to Ubuntu developers, then you should be able to get your patches sponsored. It does take longer to get things reviewed that way, but we are all keen to make sure that this route is available to you. | 13:11 |
hallyn | jamespage: applies cleanly (2 line offset) to 1.4.0, queued this up for next monday | 13:12 |
rbasak | ballock: and in time you can become an Ubuntu developer yourself. | 13:12 |
jamespage | hallyn, thanks muchly | 13:13 |
jamespage | do you need a bug report to go with that? | 13:13 |
SirT | im trying to run sudo /etc/init.d/networking restart command, however i get an error saying couldnt read interfaces file | 13:17 |
SirT | anyone have any ideas? | 13:17 |
rbasak | SirT: the installer creates /etc/network/interfaces for you. Perhaps you've lost or renamed this file? Try restoring it from backup. | 13:19 |
rbasak | Or see the interfaces man page to recreate one from scratch. It's not very complicated. | 13:19 |
ballock | rbasak: thanks, I'll copy the stuff to a blueprint... there's some naming convention for that, right? | 13:20 |
ballock | And again, should this be the server, foundations or... community? | 13:21 |
rbasak | ballock: there is. But I'm not sure what to do here, especially as we've just had UDS. | 13:22 |
hallyn | jamespage: I'll need it for SRU of course. I can submit one myself, but having it come from someoen else should be helpful | 13:22 |
rbasak | ballock: perhaps start with a wiki page proposal? The blueprint is really for when it's ready for UDS - you can start the discussion and specification first. | 13:23 |
psivaa | hallyn: lxc smoke test for saucy appears to have some hanging issue, http://pastebin.ubuntu.com/5686913/ | 13:23 |
ballock | rbasak: well, I can create a blueprint and get other things done | 13:23 |
hallyn | smb: bug 1180281 sounds like your cup of tea | 13:23 |
uvirtbot | Launchpad bug 1180281 in libvirt "“Unable to connect to libvirt” when using xl toolstack with Xen 4.2.1" [Medium,Confirmed] https://launchpad.net/bugs/1180281 | 13:23 |
psivaa | hallyn: the vm is in aldebaran now if you'd like to investigate | 13:24 |
hallyn | psivaa: virbr0 is not related to lxc0... it sounds like your host is a bit hosed | 13:25 |
rbasak | ballock: I don't think there's any need for a formal process until you're ready to get the details agreed on in a session. It's fine just to use wiki.ubuntu.com and mailing list discussions until then. | 13:25 |
hallyn | psivaa: is the 'lxc-list' output from the host, or the utah vm guest? | 13:25 |
psivaa | hallyn: it's from the utah vm host | 13:26 |
rbasak | ballock: until then, the main thing to do is to work towards a solid proposal, and then provided that there aren't any objections you should be set to go at the next UDS. | 13:26 |
hallyn | psivaa: none of the test code actually runs on the vm host right? | 13:28 |
hallyn | psivaa: it sounds like /bin/init's rootfs was deleted... | 13:28 |
hallyn | (not necessarily /, but /proc/1/root) | 13:28 |
psivaa | hallyn: the lxc test code is only run in the vm host installed by utah | 13:28 |
SirT | rabsak: Thanks for the reply | 13:29 |
hallyn | psivaa: oh. ok, i call that the vm guest | 13:30 |
psivaa | hallyn: ok :), so the test code actually runs in the vm guest which is saucy and not in vm host which is a precise installation | 13:32 |
hallyn | psivaa: phew :) | 13:32 |
psivaa | hallyn: :) | 13:33 |
jamespage | hallyn, I asked the reported to raise a bug | 13:40 |
jamespage | reporter that is | 13:41 |
hallyn | jamespage: thanks | 13:42 |
hallyn | psivaa: that vm really seems hung | 13:43 |
hallyn | i'm goign to try simple testcases on fresh saucy box | 13:44 |
psivaa | hallyn: ack, thanks | 13:48 |
=== wedgwood_away is now known as wedgwood | ||
hallyn | psivaa: oooh. i see. the messages you saw in dmesg are innocuous | 14:00 |
hallyn | psivaa: upstart on the host is getting net-device-up messages for the network interfaces in the containers. Tries to deal with them, but /sys/class/net/$nic does not exist on the host. so it logs and ignores | 14:00 |
hallyn | psivaa: As I said the utah guest seems to have completely hung for me - I'm not sure if that's a connection issue, an issue on aldebaran itself, a qemu issue, or what. | 14:01 |
psivaa | hallyn: ohh ok, i was able to ssh to it though, i have the lxc test output now | 14:02 |
hallyn | oh, the vm went away. | 14:02 |
hallyn | ok | 14:02 |
hallyn | psivaa: and did the tests fail? | 14:02 |
psivaa | hallyn: yea the jenkins job collected the jobs destroyed the vm and one of the tests fail | 14:02 |
hallyn | psivaa: one of the tests failed bc i killed it i think | 14:03 |
SirT | trrying to run active directory membership, it keeps telling my password is incorect - do i need to set this somewhere? | 14:04 |
psivaa | hallyn: http://pastebin.ubuntu.com/5687029/ is the failure , not sure if that's related to the killing | 14:04 |
SirT | this is for domainjoin-gui | 14:04 |
hallyn | psivaa: /usr/share/lxc/templates/lxc-ubuntu: line 257: 23822 Terminated flock -x 200 | 14:05 |
hallyn | psivaa: ^ yeah that was me :) | 14:05 |
psivaa | hallyn: ack :) | 14:05 |
TheLordOfTime | Daviey: server team meeting still on for today? | 14:05 |
Daviey | TheLordOfTime: sure is! | 14:06 |
TheLordOfTime | what time is it at again? | 14:06 |
* TheLordOfTime needs to balance his time before the meeting so he can go vote :/ | 14:06 | |
Daviey | TheLordOfTime: in 1hr50 mins | 14:10 |
TheLordOfTime | eesh that means i need to get to the voting place now... o.O | 14:10 |
TheLordOfTime | Daviey: any action items or points of interest I should read up on before the meeting? | 14:16 |
Daviey | TheLordOfTime: we are quite early in the dev cycle, so nothing too juciy | 14:20 |
Daviey | TheLordOfTime: but, https://wiki.ubuntu.com/ServerTeam/Meeting | 14:20 |
TheLordOfTime | Daviey: mind if i steal some time during open discussion RE including nginx as an option on either tasksel or some screen within the installer, or would that be better suited for another team's meeting? (per https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1177919/comments/3) | 14:21 |
uvirtbot | Launchpad bug 1177919 in nginx "Merge nginx 1.4.1-1 (universe) from Debian unstable (main)" [Wishlist,Fix released] | 14:21 |
TheLordOfTime | (btw thanks for handling that merge!) | 14:21 |
TheLordOfTime | (assuming it was you) | 14:21 |
TheLordOfTime | s/handling/sponsoring/ | 14:22 |
Daviey | TheLordOfTime: yes, it was me. And sure, that is a good spot. | 14:25 |
TheLordOfTime | okay, i've got a mental list of pros and cons | 14:25 |
TheLordOfTime | a few big cons too | 14:25 |
TheLordOfTime | Daviey: it's in #ubuntu-meeting, right? | 14:28 |
Daviey | TheLordOfTime: yes | 14:29 |
zul | yolanda: https://code.launchpad.net/~zulcss/ceilometer/ceilometer-pbr/+merge/164907 | 14:30 |
samba35 | Sub-process /usr/bin/dpkg returned an error code (1) how do i fix this problem when i try to download package | 14:30 |
TheLordOfTime | samba35: we need more than just the "subprocess returned an error" output, it's likely explained a little earlier in the output... | 14:33 |
yolanda | zul, i see python-testtools is added as depends but not listed in changelog? | 14:34 |
zul | yolanda: doh ill add that | 14:34 |
samba35 | dpkg: error processing openvas-server (--configure): | 14:35 |
samba35 | subprocess installed post-installation script returned error exit status 10 | 14:35 |
samba35 | Errors were encountered while processing: | 14:35 |
samba35 | openvas-server | 14:35 |
samba35 | E: Sub-process /usr/bin/dpkg returned an error code (1) | 14:35 |
zul | yolanda: fixed | 14:45 |
samba35 | i think there is temp files with openvas server how do i clean up dpkg temp | 14:48 |
zul | jamespage: ping around? | 14:52 |
jamespage | zul, ping yes | 14:52 |
zul | jamespage: https://code.launchpad.net/~zulcss/horizon/horizon-pbr/+merge/164914 | 14:53 |
=== koolhead17|afk is now known as koolhead17 | ||
zul | jamespage: crap | 15:14 |
Daviey | zul: horizon would really benefit from a dep-8 test IMO :) | 15:17 |
zul | im sure it would | 15:18 |
Daviey | One that shows that GET / returns 200 :) | 15:18 |
Daviey | (under apache / mod_wsgi, not just djanog dev server) | 15:18 |
zul | Daviey: that ould be my next commit i just want to get the builds going again | 15:18 |
Daviey | yeah | 15:20 |
SirT | can anyone here help me with likewise AD settings? | 15:36 |
Rallias | Is there any way I can force br1 to wait until lxc container vpn is booted and running? | 15:45 |
zul | yolanda/jamespage: https://code.launchpad.net/~zulcss/python-swiftclient/fbtfs-testr/+merge/164927 | 15:48 |
Daviey | yolanda: zul wants to add dep8 tests to swiftclient, and i suspect is asking for some assistance. Specifically a --help test. | 15:50 |
Daviey | Right zul ? :) | 15:50 |
TheLordOfTime | Daviey: i might be late to the meeting, since now is the first chance I can get to vote... | 15:50 |
TheLordOfTime | :/ | 15:50 |
zul | Daviey: actually i just want to get them building again | 15:50 |
Daviey | TheLordOfTime: don't worry, AOB happens right at the end | 15:50 |
Daviey | adam_g: Are you chairing ? | 15:51 |
yolanda | zul, i have some tests to use as sample that use a "--help" to test the client, do you want to see them? | 15:51 |
zul | TheLordOfTime: well which is more important voting or the ubuntu server meeting ;) | 15:51 |
zul | yolanda: yes please | 15:51 |
Daviey | zul: turn your pep8 upside down into a dep8. | 15:51 |
zul | Daviey: that really messes with my dyslexia | 15:52 |
Daviey | yolanda: ooo, something generic ? Can i see? | 15:52 |
yolanda | Daviey, i just wrote some for tgtadmin: https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/tgt/dep-8-tests | 15:52 |
TheLordOfTime | zul: voting, my dad's in the election for judge :P | 15:53 |
Daviey | yolanda: is the exit code not safe enough? | 15:53 |
yolanda | Daviey, what do you mean? maybe i add an exit 0? | 15:54 |
Daviey | yolanda: sorry, I mean.. something like, http://pb.daviey.com/Wwew/som | 15:58 |
yolanda | Internal Server Error! | 15:58 |
Daviey | erk | 15:59 |
Daviey | yolanda: try again? | 15:59 |
Daviey | oh | 15:59 |
Daviey | bad paste | 15:59 |
yolanda | i've tried lots of times | 15:59 |
Daviey | http://pb.daviey.com/Wwew/ | 15:59 |
yolanda | :) | 15:59 |
Daviey | Who needs 404, when 500 will do. | 16:00 |
Nafallo | 418 | 16:00 |
yolanda | this looks better than my solution :) | 16:00 |
Daviey | yolanda: I don't know.. see what smoser thinks | 16:03 |
Daviey | he'll probably want to use traps | 16:03 |
Daviey | :) | 16:03 |
smoser | i like traps | 16:04 |
yolanda | Daviey, if the client fails for a failing depends for example,as we had with ceilometer and stevedore, your solution will work? | 16:04 |
yolanda | (we can try it anyway) | 16:04 |
Daviey | I'd have thought so.. | 16:05 |
Daviey | yolanda: not saying exit code necessarily is better.. but it certainly feels more generic and chance of false positive is lower. | 16:05 |
yolanda | Daviey, yes, i agree with you | 16:06 |
=== VD is now known as Guest94874 | ||
zul | jamespage/yolanda: https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164941 | 16:17 |
yolanda | zul, what are these <<TREE and >>MERGE-SOURCE in changelog diff? | 16:24 |
zul | yolanda: bad merges...quantum? | 16:25 |
yolanda | zul, yes, in quantum merge :https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164941 | 16:26 |
zul | yolanda: its targeted at the wrong branch *sigh* | 16:27 |
zul | yolanda: https://code.launchpad.net/~zulcss/quantum/quantum-pbr/+merge/164942 | 16:27 |
yolanda | that one looks better :) | 16:29 |
psivaa | hallyn: there is another VM in aldebaran that's hung on lxc test | 16:56 |
hallyn | psivaa: pls mark the bug confirmed, and leave the vm up. i'll take a look thsi afternoon. | 16:57 |
hallyn | psivaa: i suspect a kernelbug, but nto sure yet | 16:57 |
psivaa | hallyn: ok, will do. thanks | 16:58 |
TheLordOfTime | rbasak: as an FYI, on the nginx issue: http://people.canonical.com/~ubuntu-security/cve/pkg/nginx.html | 17:11 |
TheLordOfTime | it's got a few CVEs that are eithier (a) being ignored upstream, or (b) have been idle upstream (debian upstream, or nginx upstream) for a while | 17:11 |
TheLordOfTime | http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4968.html <-- that one's probably being ignored | 17:12 |
uvirtbot | TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968) | 17:12 |
TheLordOfTime | http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html was fixed in saucy, but i have yet to dig for a fix | 17:12 |
uvirtbot | TheLordOfTime: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070) | 17:12 |
sarnold | TheLordOfTime: the patch for CVE-2013-2070 looks to be the 'patch.2013.proxy.txt' here: http://www.openwall.com/lists/oss-security/2013/05/13/3 | 17:17 |
uvirtbot | sarnold: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070) | 17:17 |
sarnold | dear uvirtbot: please rate-limit your lookups. thanks. | 17:17 |
TheLordOfTime | sarnold: forgive me if i go digging in upstream instead for the patch | 17:17 |
TheLordOfTime | sarnold: i don't know if the patch you listed on that mailing list was an upstream patch or not | 17:17 |
sarnold | TheLordOfTime: nginx.org isn't upstream enough? :) | 17:17 |
* TheLordOfTime missed that | 17:17 | |
TheLordOfTime | sarnold: balancing thirty things at once | 17:17 |
* sarnold throws in a few chainsaws for fun | 17:17 | |
sarnold | TheLordOfTime: I'll update our UCT, thanks :) | 17:18 |
* TheLordOfTime shoots the chainsaws with phasers | 17:18 | |
TheLordOfTime | sarnold: remind me what UCT is again? | 17:18 |
zul | yolanda/jamespage: https://code.launchpad.net/~zulcss/keystone/havana-refresh/+merge/164954 | 17:18 |
=== gary_poster is now known as gary_poster|away | ||
sarnold | TheLordOfTime: the database used to generate http://people.canonical.com/~ubuntu-security/cve/ -- and of course, mdeslaur beat me to it. hehe. :) | 17:20 |
TheLordOfTime | sarnold: yeah i pinged -hardened about it already :p | 17:21 |
TheLordOfTime | but that one "being ignored" bug I don't have upstream confirmation on an ignore | 17:21 |
TheLordOfTime | so you can't mark it as "ignored" | 17:21 |
sarnold | TheLordOfTime: 20 months without movement is close enough.. :) | 17:21 |
TheLordOfTime | :P | 17:22 |
sarnold | TheLordOfTime: we may wish to distro-patch that. have you tested that patch in your ppa? | 17:22 |
sarnold | TheLordOfTime: .. or perhaps debian may wish to carry it..? | 17:22 |
TheLordOfTime | sarnold: which patch for which? | 17:22 |
sarnold | TheLordOfTime: to add ssl certificate validation on proxy | 17:22 |
TheLordOfTime | sarnold: i'll check later, in the mean time i'm busy focusing on creating an LP bug for 2013-2070 so i can track fixing as I prep debdiffs for currently supported releases. | 17:23 |
* TheLordOfTime doesn't like bzr for some reason | 17:24 | |
sarnold | TheLordOfTime: thanks | 17:24 |
TheLordOfTime | sarnold: and the PPAs are based off of Debian, so unless Debian adopts it the fix is existent in the nginx ppas | 17:24 |
TheLordOfTime | s/existent/not existent/ | 17:24 |
jcastro | ballock: heya, maybe you should start sitting in on our meetings? | 17:30 |
jcastro | I was thinking we could start bringing your issues to light | 17:30 |
rbasak | TheLordOfTime: thanks | 17:31 |
=== gary_poster|away is now known as gary_poster | ||
schnitzel- | hi. i need a raid0 geek.... | 18:04 |
schnitzel- | its about software raids in general (yes i red the stuff in the internetz) and whether they are bootable. performance also interests me. | 18:04 |
blkperl | schnitzel-: ask your question, and someone may know the answer | 18:05 |
schnitzel- | i dont have a particular question...i mean....my problem is kinda weird. ;) | 18:06 |
schnitzel- | i have some asus zenbook. ux51vz if you want to google. | 18:06 |
blkperl | what are you tryin to accomplish? | 18:07 |
schnitzel- | the raid controler is blocked by asus, you cant access it. but i am fucking sick of wondoze. want back to ubuntu. | 18:07 |
schnitzel- | is it possible to make a software raid which can dualboot win8 and soem ubuntu | 18:07 |
schnitzel- | what are the disadvanteages. | 18:07 |
schnitzel- | does it make sense to break the raid0. | 18:07 |
schnitzel- | etc.. | 18:07 |
schnitzel- | can i maybe even partition the raid0/format the drives without breaking it? | 18:08 |
blkperl | so you have 2 disks in a raid0 via asus's hardware raid | 18:10 |
schnitzel- | 2 ssds | 18:10 |
schnitzel- | yes | 18:10 |
schnitzel- | raid0 | 18:10 |
blkperl | do you want ubuntu on one ssd and win8 on the other? | 18:10 |
schnitzel- | 2x128gb ssd asus hardware raid (raid controller some intel shit - intel mobile express chipset raid controller) | 18:10 |
schnitzel- | no. that would be easy | 18:10 |
schnitzel- | i want 1 big ssd - better performance as far as i red | 18:11 |
schnitzel- | then split it into 3 drives. linux/win8/ntfs files.... | 18:11 |
schnitzel- | +swap ofc | 18:11 |
blkperl | ok. well you can't software raid and expect win8 to be able to understand it | 18:11 |
schnitzel- | thats what i thought. :( | 18:11 |
schnitzel- | so a software raid is more a "fake" raid for linux only... | 18:12 |
schnitzel- | what would you do....i mean...nobody need swrite speed of 2 raid0 ssds. so i am thinking of breaking the raid0. but i am not sure since i cant rebuild it. what is asus thinking by disabling access to the raid controller? stupid. | 18:13 |
schnitzel- | and 128gb each os would be nice....but i am not fully convinced yet | 18:13 |
zul | adam_g: https://code.launchpad.net/~zulcss/keystone/havana-refresh | 18:14 |
sarnold | schnitzel-: it might be a rubbish controller.. | 18:14 |
schnitzel- | sarnold what do you want to say?! :p break the raid and use the two ssds as seperate drives? | 18:15 |
blkperl | schnitzel-: I think I would do each OS on one disk, but that implies having access to make a raid0 of one disk (and it sounds like you don't have access to the hardware controller) | 18:15 |
schnitzel- | blkperl why do i need a raid0 if i want to make 1 os each disk? | 18:16 |
blkperl | because the hardware raid controller is presenting one "device" with two disks at the moment right? | 18:16 |
sarnold | schnitzel-: you could do something a bit .. cumbersome: make three partitions on each drive. sda0 gets win8 boot, sdb0 gets linux boot. sda1 and sdb1 get raided together for windows data. sda2 and sdb2 get raided together for linux data. | 18:17 |
schnitzel- | blkperl yes. | 18:17 |
blkperl | schnitzel-: you may be able to dual boot that then, if linux plays nice with the hardware controller | 18:18 |
schnitzel- | blkperl but i *think* i can kill it with gparted. i would just format every drive.. | 18:18 |
blkperl | you can't disable a hardware raid with software, you have to do it in the bios/raid controller | 18:19 |
schnitzel- | sarnold this would be a waste of space :D i usually have my files on 1 ntfs drive. we are talking about some movies, few mp3s documnts...stuff like this. access from win and linux would be nice...you get the point. ;) | 18:19 |
schnitzel- | blkperl now we are talking! :D thats good to know...i have red some forums. problem is that there are very few "geeks". some have managed to install 1 os on each drive. but same person says, that the acess to the raid controller is disabled. | 18:20 |
schnitzel- | i wonder what he did.... :( | 18:20 |
blkperl | you should *backup* all your data to an external device and try to install a dual boot configuration | 18:21 |
schnitzel- | ahh. befor i forget i can acess in bios: disable the raid. make it ahci | 18:22 |
schnitzel- | thats all i can do. i think this implies that i *cant* rebuild the raid0. at least everybody says that (who tried it...) | 18:22 |
schnitzel- | blkperl yes...i am thinking about trying exactly this. but i wanted to discuss the option with the software raid. but as you told me...it wont work with win | 18:23 |
schnitzel- | which is sad. | 18:23 |
blkperl | well raid0 is no redundancy so it doesn't make sense to rebuild one | 18:23 |
blkperl | if a disk dies in a raid0, all of your data is gone | 18:23 |
schnitzel- | what you mean with that? | 18:23 |
schnitzel- | well sure | 18:23 |
blkperl | so there is no "rebuilding" process | 18:23 |
schnitzel- | ofc. what i mean with "rebuild" is: make 1 big drive again. ;) | 18:24 |
schnitzel- | if i dont like 128gb ssd each OS. | 18:24 |
blkperl | you should be able to recreate the raid0 as long as you have access to the raid controller, it will destroy your data though | 18:25 |
schnitzel- | i have never had a raid controller. what exactly does "access" mean. are the options in the bios. where to config it, etc.. | 18:26 |
schnitzel- | can yu give me an idea what i am looking for? | 18:26 |
blkperl | there should be a key combination during the boot process, like press "crt-c" to access raid controller | 18:27 |
sarnold | schnitzel-: often the raid controller will have its own bootsplash screen for a second after the main bios splash screen | 18:27 |
schnitzel- | everything is locked down. i just have "asus" then soon the windows logo. | 18:27 |
blkperl | can you access the bios? | 18:28 |
sarnold | if you hit 'esc' wihle booting can you get psat the pretty graphics screen and return to good old fashioned bios boot screen? :) | 18:28 |
schnitzel- | i can access the bios. | 18:28 |
schnitzel- | Sargun no ;P | 18:29 |
user01 | hey. i am schnitzel. gonna restart the other machine. | 18:30 |
schnitzel- | .. | 18:30 |
user01 | well. i hit enter. and enter the setup. | 18:30 |
user01 | i access the tab "advanced" | 18:31 |
user01 | there i can see "sata configuration | 18:31 |
user01 | "sata mode selection" --> RAID. i can change that to AHCI and IDE | 18:32 |
schnitzel- | back | 18:34 |
user01 | so any ideas what this means? | 18:38 |
blkperl | nope | 18:41 |
adam_g | roaksoax, https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-openstack-charms | 18:42 |
user01 | k. thanks anyways. ima try some more stuf :) | 18:52 |
adam_g | roaksoax, all but nova-cloud-controller are pretty small charms and low hanging fruit. | 18:52 |
resno | ok, im trying to setup a new server. i was given an ip. and i cant get it to respond. | 18:52 |
resno | neither can i ping out | 18:53 |
resno | i have edited the interfaces but i'm not sure what is wrong | 18:53 |
adam_g | roaksoax, i'd prefer any new charm work that happens this cycle does so with a dependency on lp:charm-helpers, so we are pulling helper code from there instead of copying it around ourselves like we have been | 18:54 |
roaksoax | adam_g: ok cool. I'l;l pick one and start working on it | 18:54 |
Guest51469 | Hey, I'm new to ubuntu and currently downloading the server (12.04.2 LTS) How can I also install the GUI? I want to learn Apache server, MySQL and MySQL workbench... | 19:01 |
Shogoot | Any chmod chown guru taht can help me troubleshoot? I got this /var/html/www location for a simple website, but i cant get it to work proper. And my educated guess is that is a permission issue | 19:08 |
Shogoot | Forbidden You don't have permission to access /smn.php on this server. Apache/2.2.22 (Ubuntu) Server at 192.168.1.166 Port 80 | 19:09 |
resno | yes, permission error | 19:11 |
resno | do ls -ll in that folder | 19:11 |
Shogoot | total 0 | 19:11 |
Shogoot | sorry | 19:12 |
Shogoot | let me se | 19:12 |
resno | ehm | 19:12 |
resno | should see xrw--- etc | 19:12 |
Shogoot | -rwxr-xr-x 1 smn smn 33 Apr 8 19:47 smn.php | 19:12 |
resno | ah | 19:12 |
resno | chown www-data:www-data or root | 19:13 |
Shogoot | but i have to do taht for the whole www directory, dnt i? | 19:14 |
Shogoot | I changed permision to -rwxr-xr-x 1 www-data www-data 33 Apr 8 19:47 smn.php | 19:16 |
Shogoot | but i still get same error | 19:16 |
sarnold | Shogoot: how about the directories that contain smn.php and the directories above it? | 19:22 |
Daviey | rbasak: seen bug 1182613 | 19:24 |
uvirtbot | Launchpad bug 1182613 in puppet "puppet completely broken on saucy" [Undecided,New] https://launchpad.net/bugs/1182613 | 19:24 |
Shogoot | sarnold, the parent director looks lke this drwxr-xr-x 7 www-data www-data 4096 Apr 28 23:01 www | 19:25 |
sarnold | Shogoot: aha. check /var/log/audit/audit.log or /var/log/syslog to see if you have AppArmor DENIED messages. | 19:25 |
Shogoot | sarnold, http://paste.ubuntu.com/5688065/ | 19:29 |
Shogoot | . | 19:37 |
RoyK | ; | 19:47 |
adam_g | Daviey, you still around? i've got some rebuilt proposed packages for UCA that need to go in, but there are also security updates that need to get out to -updates. | 20:03 |
adam_g | jamespage, http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/ + http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1_rebase/ . these will UCA proposed's with ubuntu proposed | 20:21 |
adam_g | zul, Daviey ^ | 20:22 |
zul | adam_g: need me to +1? | 20:22 |
adam_g | zul, at some point but we actually need to push something thru the pockets before those can go in | 20:22 |
zul | adam_g: *sigh* ok cool | 20:23 |
Daviey | adam_g: ho | 20:27 |
Daviey | adam_g: can you outline what needs doing, and i'll take a look in the morning. | 20:28 |
Shogoot | sarnold, http://paste.ubuntu.com/5688065/ | 20:32 |
=== guntbert_ is now known as guntbert | ||
sarnold | Shogoot: ah. that might need fixing, but will be unrelated to your apache problems. :) | 20:51 |
Shogoot | sarnold, im kinda lost anyway | 20:52 |
Shogoot | any clues ? :)* | 20:53 |
sarnold | Shogoot: do you have any more-specific logs in /var/log/apache* that might indicate why permission was denied? | 20:55 |
Shogoot | from apache2/error.log http://paste.ubuntu.com/5688342/ | 20:57 |
sarnold | Shogoot: nice, that's probably concrete enough to eventually fix it. | 20:58 |
Shogoot | seems chineese | 20:58 |
sarnold | Shogoot: look through your apache configuration, try to find what might block your hosts from accessing the directory or virtual host or whatever... | 20:58 |
jcastro | roaksoax: yeah! I see celery is done? | 21:01 |
roaksoax | jcastro: yeah so just wait 7 days for it to be accepted in -updates | 21:01 |
jcastro | is the wait serial? | 21:01 |
jcastro | so like 7 for celery, then another 7 for maas? | 21:01 |
roaksoax | jcastro: nope | 21:03 |
roaksoax | jcastro: once something is mark verification-done you just wait 7 days to get accepted into -updates, though that obviously depends on whomever processes the queue | 21:04 |
jcastro | ack | 21:04 |
Shogoot | sarnold, i dont see shit in there :) | 21:08 |
sarnold | Shogoot: darn :/ the first thing that comes to mind would be something like allow, deny directives. | 21:09 |
Shogoot | seems a perfectly fine apache2.conf | 21:10 |
Shogoot | sarnold, what if www-data:www-data should be root instead, or www-data has not the correct permissions | 21:15 |
Shogoot | ? | 21:15 |
sarnold | Shogoot: www-data ought to work. (I disklike it, but that's a rant for another day.) | 21:15 |
sarnold | Shogoot: the webserver is probably running as www-data, right? | 21:16 |
Shogoot | no idea | 21:16 |
Shogoot | how to check? | 21:16 |
sarnold | Shogoot: ps auxw | grep -e http -e apache | 21:16 |
Shogoot | sarnold, http://paste.ubuntu.com/5688391/ | 21:17 |
sarnold | Shogoot: first column, www-data | 21:17 |
Shogoot | this does not say me anything | 21:18 |
sarnold | Shogoot: the first oclumn in that output is the username of the process; all your apache workers are running as www-data | 21:19 |
Shogoot | sarnold, what about this one then? root 1484 0.0 1.0 399304 22432 ? Ss 00:11 0:03 /usr/sbin/apache2 -k start | 21:19 |
sarnold | Shogoot: that process starts and stops the workers as load goes up and down | 21:20 |
Shogoot | and on line 10 theres anotehrone with root | 21:20 |
Shogoot | ah ok | 21:20 |
sarnold | iirc, line ten was your grep command | 21:20 |
Shogoot | ah i se that now | 21:21 |
Shogoot | i just want my little page to display :_/ | 21:21 |
qhartman | I am trying to get a Cisco ASA to do dynamic DNS updates to bind9 server running on Ubuntu 12.04. Everything seems to be working correctly on the DNS server, but the dynamic updates are failing. | 21:22 |
qhartman | When I run named with -d 4 I get this output: https://gist.github.com/anonymous/5623356 | 21:22 |
Shogoot | sarnold, when i use http://www.cthulhuisevil.net/smn.php i get another error thoguh.. "Not Found The requested URL /smn.php was not found on this server." | 21:22 |
qhartman | that's what I see when the ASA requests a DNS update. Any thoughts? | 21:22 |
Shogoot | sarnold, never mind i forgot to omitt the "www." | 21:23 |
qhartman | I've set this sort of thing up in the past using ISC DHCP and it's more or less "just worked". It's unclear to me if the problem is with the bind config, or the ASA config | 21:33 |
Monotoko | can anyone here help with BIND? I've just got a new freelance job and it's confusing me to hell :( | 21:40 |
qhartman | Monotoko, I can probably help with some of it, but I'm currently struggling with getting synamic updates to work myself | 21:41 |
qhartman | s/synamic/dynamic/ | 21:42 |
qhartman | But I'll ask for a cut.... | 21:42 |
qhartman | :D | 21:42 |
Monotoko | we have a script that's putting zone files in automatically: this one goes to the domain (but won't resolve via dig?) http://pastebin.com/wrJ89HDc | 21:42 |
Monotoko | this one isn't doing anything even though it's the same, it's just failing instantly... http://pastebin.com/nAZqaUji | 21:43 |
Monotoko | I don't understand what's happening... but I'm guessing they need rewriting | 21:43 |
qhartman | I assume you're bouncing the bind process after placing those files? | 21:44 |
Monotoko | yeah, it's been bounced and I've turned the server off and on again... :) | 21:45 |
qhartman | heh | 21:45 |
qhartman | what about the serial number, is that incrementing correctly? | 21:45 |
sarnold | Monotoko: do you get any error messages in the logs? | 21:45 |
Monotoko | sarnold, if I could find the log on this damn server I'd look... two secs | 21:46 |
qhartman | you probably want to look in /var/log/syslog | 21:47 |
qhartman | fwiw, I just tried to look up the used guitars one and it worked fine | 21:48 |
qhartman | so did copydoodle | 21:49 |
Monotoko | interesting... | 21:49 |
Monotoko | May 21 21:47:54 ip-10-195-98-37 named[9331]: client 75.151.85.53#40660: query (cache) 'copydoodle.co.u/A/IN' denied | 21:49 |
qhartman | yeah, that's me | 21:50 |
qhartman | but I got a response | 21:50 |
Monotoko | so why's the server saying you were denied? Something's not going right here... | 21:50 |
Monotoko | sorry this wasn't part of the original job desc... my client just asked if I'd have a look because his previous programmers were *his words I'm not allowed to say here* | 21:51 |
qhartman | http://forums.cpanel.net/f5/why-named-logging-query-cache-denied-var-log-messages-170302.html | 21:52 |
qhartman | oh wait | 21:52 |
qhartman | that denied was a typo on my part | 21:52 |
qhartman | notice the ".co.u" , "not ".co.uk" | 21:53 |
Monotoko | ahhh, so do you get a response through dig too? | 21:53 |
sarnold | heh, I figured that was just limiting the length of logging.. | 21:53 |
qhartman | that's why you would be getting the denied message | 21:53 |
qhartman | yeah | 21:53 |
qhartman | onymous/5623581 | 21:54 |
qhartman | https://gist.github.com/anonymous/5623581 | 21:54 |
Monotoko | interesting, might just be the network I'm behind then... is there anything I can do to improve this setup, or should I just leave it as it is? | 21:54 |
qhartman | it seems ok from here | 21:54 |
Monotoko | brilliant, il report that back to the client - thanks :) | 21:54 |
sarnold | 0 msec? wow. | 21:54 |
sarnold | oh, local cache? | 21:54 |
qhartman | yes | 21:55 |
qhartman | my first query took 2196 msec | 21:55 |
sarnold | that's more like it :) | 21:55 |
sarnold | well, slow, but still. | 21:55 |
qhartman | now, since we've gotten the bind user's attention, anyone manage to get dynmaic DNS updating from a CISCO ASA to talk to bind? | 21:56 |
sarnold | for a moment I wondered if you two happened to share a datacenter with bonkers internal networking :) | 21:56 |
qhartman | heh | 21:56 |
qhartman | I've gotten the devices to talk to each other, and queries of manual entries work fine, but the dynamic updates from the ASA fail, with no explanation I can find on either side | 21:57 |
Monotoko | heh, this is on Amazon! | 21:58 |
Monotoko | AWS - it should be good damnit -.- | 21:58 |
qhartman | I'm on the verge of giving up on the ASA DHCP server and spinning up ISC on another box | 21:59 |
* Monotoko bangs head against wall | 22:01 | |
Monotoko | "It's not just you! http://usedguitarreviews.com looks down from here." | 22:01 |
qhartman | oh | 22:01 |
qhartman | I bet it's not a DNS thing | 22:01 |
qhartman | I bet it's vhost | 22:01 |
qhartman | you are redirecting usedguitar... to www.usedguitar... and there's no DNS entry for www | 22:02 |
qhartman | but you do have a wildcard in there, so it should catch it | 22:02 |
qhartman | check your webserver, that's probably the probleem | 22:03 |
Monotoko | hmmm | 22:03 |
qhartman | yeah, the wildcard isn't catching the www | 22:03 |
qhartman | I can get the apex, but not www | 22:04 |
Monotoko | ... why isn't the wildcard catching www? >.< | 22:04 |
qhartman | It is catching it for copydoodle, which seems odd. | 22:04 |
Monotoko | exactly... it's baffling me | 22:05 |
qhartman | Is the wildcard a new entry for guitars? | 22:05 |
qhartman | in the interim, I'd put in a www entry and see what happens | 22:05 |
qhartman | and/or make the webserver answer on the apex rather than redirecting, if that's an option | 22:06 |
qhartman | that way you can get the site up and fight with this at your leisure | 22:06 |
qhartman | and remember to increment the serial, if you're not using a tool that does it automatically | 22:06 |
Monotoko | hmmm alright, could it be propagation? I'm not sure when my bosses client actually moved this one | 22:06 |
qhartman | possible, but if it's a new entry | 22:07 |
qhartman | that shouldn't be an issue, it should be a cache miss, and queries should get directed to the authoritative server | 22:07 |
qhartman | yeah, if I query your server directly, I get an answer for www | 22:08 |
qhartman | but my usual server doesn't know who it is | 22:08 |
Monotoko | ahh... so if I add "www IN A 174.129.247.93" to it, it should be fine? | 22:09 |
qhartman | so it likely is a propagation issue | 22:09 |
Monotoko | ahh brilliant | 22:09 |
Monotoko | il check it tomorrow I guess | 22:09 |
qhartman | alright, I'm AFK for a bit... | 22:10 |
Monotoko | cheers pal | 22:10 |
sarnold | good luck qhartman :) | 22:11 |
adam_g | roaksoax, where in maas can i configure the apt server to use, or disable ? | 22:26 |
roaksoax | adam_g: if you are using raring on the webui under settings | 22:27 |
adam_g | roaksoax, quantal | 22:27 |
roaksoax | adam_g: in one of the preseeds: /usr/share/maas/preseeds/generic | 22:27 |
adam_g | roaksoax, thanks | 22:28 |
Daviey | adam_g: if you find yourself bored.. fancy adding href's to the c-a versions report, under ubuntu column? | 22:34 |
Daviey | adam_g: https://launchpad.net/ubuntu/+source/${package}/${version} | 22:34 |
adam_g | Daviey, at some point soon yea. where is this security-proposed pocket you were talking about? | 22:34 |
adam_g | Daviey, im trying to think of a good way to visualize scenario where: -proposed is > ubuntu but ubuntu's security update really makes it > -proposed | 22:36 |
Daviey | adam_g: Ah, doesn't look like it's quite ready | 22:36 |
adam_g | maybe just split the 'ubuntu' cells into $ubuntu-updates and $ubuntu-security | 22:37 |
Daviey | adam_g: We can make the staging PPA always empty, so if ${pacage} is *in* staging it's always higher, irrelevant of version number? | 22:37 |
Daviey | Hmm | 22:37 |
Daviey | that is a good idea.. you can verify if secuirty.ubuntu.com >= archive.ubuntu.com (-updates), then we need to care. | 22:38 |
Daviey | adam_g: Separately, we need a Havana report soon. | 22:39 |
adam_g | Daviey, well currently we use the staging PPA as the definitive list of what is in the rest of the pockets. are you saying flushing packegs from that PPA or just not including them in report? | 22:40 |
Daviey | adam_g: if there is a security-staging PPA, that can be flushed to only keep inflight packages | 22:41 |
Daviey | Not saying that is the best way.. just a suggestion | 22:41 |
=== wedgwood is now known as wedgwood_away | ||
adam_g | Daviey, as soon as https://launchpad.net/~ubuntu-cloud-archive/+archive/havana-staging gets populated we can start reporting | 22:42 |
=== wedgwood_away is now known as wedgwood | ||
sarnold | Daviey: https://launchpad.net/~ubuntu-security/+archive/ubuntu-security-staging | 22:42 |
Daviey | adam_g: We probably need to seed that with the contents of grizzly? | 22:42 |
Daviey | sarnold: This is the cloud archive, ubuntu-cloud.archive.canonical.com .. not primary archives | 22:43 |
sarnold | Daviey: ah :) | 22:43 |
Daviey | sarnold: At the moment, we are trying to see how we can make our reports easier to track | 22:44 |
adam_g | Daviey, thats how i think we did it last time. synced essex staging -> folsom staging, tracked against quantal and relevant bits of the report go red. then update accordingly | 22:44 |
Daviey | adam_g: done | 22:47 |
adam_g | Daviey, thanks | 22:50 |
Daviey | adam_g: I'll sync this up to -proposed and -updates aswell? | 22:57 |
adam_g | Daviey, yeah.. waiting for the PPA to publish those | 22:57 |
=== wedgwood is now known as wedgwood_away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!