/srv/irclogs.ubuntu.com/2013/05/22/#ubuntu-server.txt

_PehdeN_Party in #moshpit everyone is op!01:05
Neozonzhello04:53
NeozonzI've used ufw allow 1033604:53
Neozonzbut when i do a port scan on my server it doesnt allow it04:53
=== bigbrovar__ is now known as bigbrovar
jamespageadam_g, https://code.launchpad.net/~james-page/charms/precise/nova-cloud-controller/grizzly-upgrade/+merge/16503208:36
jamespageglance looks OK08:36
jamespageadam_g, and https://code.launchpad.net/~james-page/charms/precise/nova-compute/grizzly-upgrade/+merge/16503308:45
=== klaas- is now known as klaas
PhoenixxlDo any of you have experience installing MOM ?09:18
PhoenixxlI have 2 guests that do things that have low cpu requirements , and do fine with 192 mb ram .. but one of them needs to inflate to about 512 for an hour every day .. If there's other options than mom i'm open to suggestions .09:18
Phoenixxlit's not on a regular basis and it's automated.. so a cron job is not possible09:19
EnichI am currently using apt-cacher-ng to in a project.  I was wondering if anyone could tell me the pros and cons regarding using bindaddress: 0.0.0.0(listen on all interfaces, as far as i understand) compared to defining the server ip address.    I can imagene that it is best practice to set the specific interface address and not using 0.0.0.0, but i was wondering if someone could give me some hints why :)09:32
Phoenixxl@enich , mainly security and management reasons.09:37
jamespageEnich, I'd only set a specific interface if the server has multiple external network interfaces and you want to restrict where it can be accessed from09:37
Phoenixxlyour firewall might give out while you mess with it09:37
Phoenixxlin that case the port used would be open to the outside world09:38
Phoenixxlalso when setting up rules in your firewall it's easier to have a specific nic the thing is bound on09:39
jamespageEnich, fyi squid-deb-proxy covered most of apt-cacher-ng plus is has nice features such as supporting proxy peering/chaining09:39
PhoenixxlI personally have some servers that are running on my lan nic so i can limit traffic , ie transmission .09:41
Enichjamespage, that is actually a great piece of info, regarding squid-deb-proxy..     where does it fall short ?   (you write it covers most)09:42
jamespageEnich, I see one awkward features09:42
Enichjamespage, im not sure what you mean?09:42
jamespageapt-cacher-ng maps all *.archive.ubuntu.com requests to the same locally cached files09:42
EnichPhoenixxl, thanks for the info09:42
jamespageEnich, so you need to ensure that all clients are using exactly the same mirror09:43
jamespagewith squid-deb-proxy09:43
Ngif everything in the world could stop being named foo-ng, that would be great :D09:43
jamespageEnich, I'm tempted to trust the scalability of squid more than I am apt-cacher-ng as well :-)09:44
* rbasak has called on project foo-nih, because foo-ng already existed09:44
Ngrbasak: since -nih doesn't make irssi highlight me, I am ok with that ;)09:44
Enichi will take a look, though i think apt-cacher-ng is my solution, i am doing a fully automated setup with several servers etc, and i have a part of my script,which checks for the existence of the  apt-cacher.. if people want to reinstall the environemnt.   (im sorry if taht makes not sense.. im a bit off atm)09:44
jamespageEnich, you can restrict access to squid-deb-proxy using ACL's as well - it defaults to all private network ranges09:45
Enichjamespage, scalability is not a issue, i am doing a project where bandwidth preservation is highly important, though only about 10 servers are spun up via kickstarter files and so on.09:45
jamespageEnich, ok - well you know about the alternative if you hit issues with apt-cacher-ng :-)09:46
jamespagefwiw I used to use apt-cacher-ng but switched to squid-deb-proxy09:46
jamespagespecifically for the peering features09:46
jamespageand for the avahi enabled client (squid-deb-proxy advertises its services)09:46
Enichyeah, that is really good to know.  There is currrently only 1 interface in the vm running the apt-cacher and the ip addresses will be the same for each install (its a learning environment that people can run on there own machine)09:47
Enichby peering features, what do you mean?  having several mirrored squid proxies etc ?09:48
Enichwhen i look in the manpages for hostname, it says that SET NAME defines the hostname but it isnt persistant and will revert after a reboot, (edit /etc/hostname for permanent change)    is there a command line to make it pemanent, like hostnamectl set-hostname myhostname   on archlinux10:24
rbasakEnich: this is an Ubuntu channel. On Ubuntu, you can edit /etc/hostname to make it persistent. But you should check if there's an Arch support channel so that you can ask how to do it on Arch.10:29
jamespageadam_g, http://pad.ubuntu.com/openstack-series-upgrade-testing10:30
jamespageroaksoax, ^^10:30
jamespageroaksoax, promulgated hacluster charm - should appear in the store soon10:52
diegonathi guys, Ive got an instance on AWS but although I open the port 53, it is still filtered. Why? Anybody can help me?11:10
mardraumhow did you open it?11:11
diegonatI went to the consolde11:13
diegonatand in security group11:13
diegonatI added port 53 udp11:13
diegonatsource 0.0.0.0/011:13
diegonatmardraum is there any other way?11:14
patdk-lapyou did add it to the security group assigned to that instance?11:18
diegonatyep11:18
mardraumdns also really needs tco open for large queries and axfr etc11:26
mardraumtcp*11:26
diegonati opened tcp as well11:29
mardraumare you sure your daemon is actually listening?11:39
diegonatyes11:45
diegonathowever now ive got a problem that if I leave my ssh session idle for a few minutes, it drops. There is some problem11:46
patdk-lapisn't that normal?11:48
patdk-lapgenerally happens with nat11:48
diegonati dont think it is normal11:49
RoyKdiegonat: turn on ssh keepalives11:49
diegonatnever happened before11:49
diegonatroyk demon side ?11:50
RoyKclientside11:50
RoyKServerAliveInterval 5 in $HOME/.ssh/config11:50
RoyK5 seconds may be overkill, 60 should do, but then, bandwidth normally isn't an issue11:50
diegonathowever i dont understand why AWS is filtering my port 5311:52
diegonatdespite I think it is wierd11:52
diegonat;; global options: +cmd11:53
diegonat;; connection timed out; no servers could be reached11:53
RoyKsome (like what we do here) don't allow access to external DNS server in case they are hijacked or otherwise if the client is compromised and dns is changed by whoever or whatever compromised it11:54
RoyKso use amazon's dns servers11:55
diegonatis it free?11:57
diegonatbisogna pagare12:05
diegonatI should pay, i dont like paying =D12:06
lotiaHi All, If I want to run a script at boot on a 10.04 and 12.04 machine, is the best place to do so via an upstart job?12:14
lotiaThs script will be a python script.12:14
lotiaAnd need only run once.12:14
mollerup_lotia, depends if it depends on specific services an init-script should do. else you could make a crontab entry starting with @reboot, see man 5 crontab12:17
=== mollerup_ is now known as mollerup
Davieyrbasak: great to see your application in12:20
Daviey.12:20
rbasakThanks12:21
rbasakI was hoping for 3 June. I didn't consider that it would be full so soon.12:22
sorenWhich application? Core dev?12:22
rbasaksoren: well I don't know. Just the server set at the moment: https://lists.ubuntu.com/archives/devel-permissions/2013-May/000487.html12:23
lotiamollerup: I was under the impression that @reboot wouldn't run from cold boot12:24
Davieylotia: need only run once?  per boot, or forever?12:25
lotiaassuming I run it from upstart, non daemon jobs are well supported?12:25
rbasakIt's actually really easy to write an upstart job that isn't a daemon12:26
lotiathanks all12:26
rbasakYou just need a "start on" line, "task" and a "script" stanza12:27
rbasak"start on runlevel [2345]" to do it on boot12:27
lotiarbasak: that wouldbe a 'task' in upstart parlance?12:27
rbasakRight12:27
molleruplotia: @reboot is once at every start, be beware that it starts as soon as cron starts, which can be an issue if you depend on other services12:28
Davieystart on startup, is more readable IMO12:29
rbasakThat might happen before filesystems are mounted though - potentially too early12:31
mollerupDaviey: yeah, I only use it for starting up "services" on my own user, such as irssi in a screen and so forth12:31
lotiaI like the upstart route.12:34
Davieymollerup: upstart does have per-user stuff now.12:37
Davieymollerup: http://upstart.ubuntu.com/cookbook/#session-job12:37
=== hazmat` is now known as hazmat
Davieyzul: do we want WI's with a leading *?12:44
zuli think so12:44
mollerupDaviey: thanks for the info, but my personal servers run FreeBSD :)12:44
Davieymollerup: Ah, there is a discussion about upstart support for GNU/kFreeBSD Debian right now :)12:46
sorenrbasak: I see. Well, good luck.12:46
rbasakThanks!12:46
lotiaDaviey: need to do stuff as superuser. So would stick it in /etc/init12:49
zuljamespage:  hey can you look at my horizon branch again?12:50
lotiaSo what would be my stopon value for an upstart job that calls a script. That called script will just exit when done.12:54
rbasaklotia: if you're using "task", AIUI you don't need any stop conditions defined at all.12:54
jamespagezul, url?12:54
zuljamespage:  hold on12:54
zulhttps://code.launchpad.net/~zulcss/horizon/horizon-pbr/+merge/16491412:55
lotiaare tasks available in the upstart version in 10.04?12:55
lotiaDo software raid devices get started by upstart, or is that done once the box is considered "started"12:58
jamespagezul:acked13:08
zuljamespage:  thanks13:09
zuljamespage/yolanda: https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/16512313:26
jcastrorbasak: have you replied to the auth thread yet? I'm thinking it should be on -server instead of -devel-discuss13:29
jcastrorbasak: or do you think it touches enough packages to be a distro-wide thing?13:30
jcastroman, Timo really is all over it though, heh13:31
MonkeyDusti'm looking for graphical ISA-like serversoftware for linux - I found smoothwall - any other suggestion?13:31
tjaalton:)13:31
tjaaltonit's a client thing mostly13:31
tjaaltonwhatever the client is13:31
MonkeyDustit's not for me, the person in question is a windows administrator in a local school13:32
yolandazul, looks good to me, the only question is why there are 2 different entries in changelog for debian/control13:33
zulyolanda: ok ill clean that  up13:34
yolandaand python-testtools is duplicated in debian/control?13:34
tjaaltonMonkeyDust: sorry, it was for jcastro13:34
jamespagezul, comments in MP13:37
zulack13:37
xnoxlotia: depends. those that are needed to mount the root file system are started in the initramfs. generally all of them are started by udev rules.13:45
zuljamespage:  fixed13:47
jacobwWhat's the fastest way to Openstack from Ubuntu Server?13:49
=== wedgwood_away is now known as wedgwood
MonkeyDustis Firestarter still being maintained?13:55
PiciI was under the impression that it was not.13:55
=== hachre_ is now known as hachre
jcastrojacobw: https://help.ubuntu.com/community/UbuntuCloudInfrastructure14:05
zulyolanda:  ping https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/16512314:47
yolandazul, the only thing i see is the 2 lines in debian/control14:49
zulyolanda:  http://bazaar.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/revision/7014:49
sk1pperhi all, how can I check if there is an active reversed ssh tunnel on my box?14:50
yolandain debian/changelog i mean14:50
lunaphyte_sk1pper: something like ps or lsof could be used for that14:55
zulyolanda:  huh?14:57
yolanda+  * debian/control: Add python-pbr and python-d2to1 as build depends.14:58
yolanda9+  * debian/control: Add python-testtools and testrepository as build depends.14:58
sk1pperlunaphyte_:i used netstat -tan | grep 22 but i don't know if that is enough14:59
lunaphyte_sk1pper: to start with, the method you'd use depends on which computer you're checking on14:59
lunaphyte_the computer you're sshing from, or the computer you're sshing to?15:00
sk1pperlunaphyte_: on the computer behind the FW, meaning on the computer which is NATed15:01
lunaphyte_the computer you're sshing from, or the computer you're sshing to?15:01
sk1pperthe computer i am sshing to15:01
sk1pperlunaphyte_: does it make a difference actually? with netstat -tan | grep 22 i can see the established connection, does it make a difference to which computer i am checking?15:03
lunaphyte_that tells you nothing about a tunnel.15:03
lunaphyte_ssh connection != ssh tunnel15:03
sk1pperlunaphyte_: how can I check then?15:05
lunaphyte_what is the ssh command you're using?15:08
sk1pperlunaphyte_: i am not trying to create one, I want to check if already exists, meaning if someone got access on my box and created an reversed ssh tunnel, how can I check if it's still active?15:10
lunaphyte_oh, i see.15:10
sk1pperthat's why I thought that netstat -tan | grep 22 should show me if there is an active ssh tunnel15:12
hXmeverytime i use apt-get upgrade it says i should restart, but i wont stop the server15:12
hXmcan i remove that warning? makes me stress15:12
lunaphyte_sk1pper: why would someone create a reverse ssh tunnel on your computer?15:12
lunaphyte_meaning that they connected to your computer and then used ssh to create a reverse tunnel to somewhere else?15:13
sk1pperlunaphyte_: yes15:14
lunaphyte_oh, then just do ps -aefwww | grep -iF ssh15:14
lunaphyte_and look to see if any ssh processes exist that don't belong15:14
lunaphyte_you'll see -R for any reverse tunnels which have originated from your computer15:15
sk1pperlunaphyte_: i cannot see any -R in the output that i get from ps -aefwww | grep -iF ssh15:26
sk1pperthis mean that there is no reversed ssh tunnel?15:26
skritehey all, i am running software that sends text messages to agriculture customers that update them on their field conditions, but my email server (postfix) only accepts about 1 mail / second. How can i speed that up?15:33
=== wedgwood is now known as wedgwood_away
qhartmanskrite, have you looked at this? http://www.postfix.org/TUNING_README.html15:35
skriteqhartman: thanks15:36
qhartmansure15:36
skriteqhartman: still having trouble with it, adjusted the parameter that was supposed to slow things down, and not really any chnage.15:51
`brendananyone running an hp blade 420c gen8 with ubuntu 12.04 w/ emulex OneConnect 10gb NICs?15:55
`brendanhaving issues getting online with the be2net15:56
=== wedgwood_away is now known as wedgwood
`brendanjust installed 12.04.215:57
qhartmanskrite, how do you know that the mail server is only accepting about 1 mail per second? Also, what is the load on the server like? Is it a "real" server, or a low resource embedded system?16:00
skriteqhartman: it is a vm, and, according to top and htop, it isn't working all that hard. it seems that the delays get longer if sending to the same destination.16:02
skritewriting another test script to be sure16:03
qhartmanskrite, how is the postfix server configured? Does it pass the messages to a smart host or relay  upstream, or is it delivering the mail directly ? If it's passing it on to another interim mail server, it's entirely possible you're being throttled there, and no config changes in the world will fix it16:04
skriteno, i am delivering directly16:06
skriteand script shows same delay, actually about 3 seconds between mails out16:06
skritewhether to same destination or not (different mail server recipiants)16:07
qhartmanKind of an aside, but do you have an SPF record pointing at this machine as a valid sender for your domain?16:07
qhartmanWhat happens if you send mail to a local recipient, like root?16:07
skriteqhartman: will check16:08
=== medberry is now known as med_
skriteqhartman: no, do not think i have an SPF record.16:13
qhartmanskrite, that may not be related to this problem, but may cause you issues at some point.16:14
skriteok16:18
qhartmanAlso, it would be useful if you would paste log output into a pastebin or gist16:20
skriteqhartman: will do, also delay is still there if sending to another user on the localhost16:23
qhartmanok, then it's almost certain that you are dealing with a config issue16:23
qhartmanIs DNS on that box working correctly?16:24
qhartmandelays like that can be caused by DNS tomeouts16:24
qhartmans/tome/time/16:24
skritedns seems ok, can ping different domains and first hit is quick. also, the 3.1 delay on sending these messages out seems very specific.16:27
skritethink you are right. config16:28
adam_gzul, http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1_rebase/  + http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/  can you take a look plz?17:16
zuladam_g: +117:17
adam_gthanks17:17
adam_gzul: ugh https://launchpadlibrarian.net/140473550/buildlog_ubuntu-precise-i386.keystone_2012.2.4-0ubuntu2~cloud0_FAILEDTOBUILD.txt.gz17:35
zuladam_g:  interesting! :)17:36
adam_gnotAfter=May 18 19:41:42 2013 GMT17:36
adam_gwe apparently are not supposed to run tests after last saturday :P17:37
Davieyadam_g: Hmm, i'd like to find the commit where this went in17:39
adam_gDaviey, i remember certs expiring in a stable branch in the past, but dont remember if it was keystone17:39
adam_gchecking now17:39
DavieyAh no.. I vaguely remember commenting on an expiring time.. but it wasn't keystone17:40
Davieyadam_g: Fancy landing the fix upstream first, then cutting a fresh snapshot? :)17:41
adam_gDaviey, ya. ill make sure the new expiry is +1 hour after our PPA build17:42
Davieyadam_g: lol.. clearly the proper fix for this is to change the buildd time in packaging.17:42
Davieyfor giggles, do it in postinst aswell.17:43
adam_g:)17:43
resnoi dont have the root password for a server, how can i change it? i tried going into single mode, but it required knowing the password18:07
sarnoldresno: quite often root doesn't even have a password configured18:07
resnooh! thats right18:07
resnoso im sunk to find the username and then reset password aye?18:08
sarnoldresno: if you boot init=/bin/sh, you'll be presented with a root shell, no password, and no standard services running. _you_ are init. you can fix problems like unknown root passwords :)18:08
=== marlinc is now known as Marlinc
=== skarface is now known as antix
=== thejoecarroll_ is now known as thejoecarroll
=== steveydeve is now known as steveydevey
ScottKresno: You have to upgrade through 10.04 though, you can't go straight to 12.04.19:51
smoserhttp://paste.ubuntu.com/5691513/19:56
resnoScottK: but it "should" work?19:56
ScottKAs long as you go via 10.04, yes.19:56
smoser"welcome to Ubuntu 13.04.  You can upgrade to Ubuntu 13.04"19:56
ScottKsmoser: IIRC there's an outstanding bug/SRU for that.19:57
kirklandsmoser: I fixed that in saucy, bdmurray was working on the SRU20:00
smosergood.20:01
=== sarnold_ is now known as sarnold
Jeeveswhy does my AD logins on my CLI only servers take so long to auth?20:53
sarnoldJeeves: often long delays can be traced to failing / timeout DNS resolving or reverse resolving.20:53
Jeevessarnold, how would one go about tracing that?20:53
Jeevessarnold, I'm sure that ONLY the AD servers are listed in the resolv.conf file20:54
sarnoldJeeves: you could throw tcpdump or wireshark on one of the clients, login, and see if DNS entries don't get answered quickly or correctly..20:54
sarnoldJeeves: .. and repeat on or near the AD server, to see if the slowdown is on the server trying to resolve the client hostnames20:54
sarnoldthere may be log entries about failing resolving somewhere, too; it never hurts to look to see if the software tells you why something is funny :)20:55
Jeevessarnold, ok, thanks.  I'm going to update the box, hit the gym, then have a look when I get home.  The VPN client from here is too slow to see what's going on.20:55
sarnoldJeeves: yikes20:55
sarnoldJeeves: good luck :)20:55
Jeevessarnold, thanks.20:55
Jeevessarnold, I'm using likewise-open.20:56
sarnoldJeeves: more directly, you could use host or dig or nslookup or ping to try resolving and reverse-resolving the server addresses on the client, and the client addresses on the server. ifthose all go quickly enough, you may need to look elsewhere anyhow..20:59
Jeeveslol, holly crap batman, that's FAST!21:02
Jeevesgood bye all. I'm going the gym to remind me how out of shape I am!21:08
lunaphyte_i'm doing a new install of 13.04, and having trouble installing grub.21:42
lunaphyte_the installer says "unable to install grub in /dev/sda.  executing grub-install /dev/sda failed."21:43
lunaphyte_the loggin console says "usr/sbin/grub-bios-setup: error: embedding is not possible, but this required for raid and lvm install"21:44
lunaphyte_i'm using the 13.04 mini iso [64 bit].21:44
lunaphyte_i have a gpt partition table, with a 25mb bios_grub partition, and the remainder an lvm partition.  this configuration works with 12.10 [and priot]21:46
lunaphyte_oh, hmm.  it seems to be trying to install grub to the usb disk i'm booting/installing from.  hmm.21:50
lunaphyte_aha, yes, that was it.21:52
lunaphyte_saying no to it's "default" attempt and then explicitely specifiying /dev/sdb seems to have worked.21:52
=== wedgwood is now known as wedgwood_away
adam_gjamespage, merged a buncha your pending stuff, filed some new ones and added some notes to http://pad.ubuntu.com/openstack-series-upgrade-testing23:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!