/srv/irclogs.ubuntu.com/2013/10/18/#ubuntu-server.txt

=== freeflying_away is now known as freeflying
=== freeflying is now known as freeflying_away
=== Jikan is now known as Jikai
pr3d4t0rGreetings.03:19
pr3d4t0rWorking on a turnkey server application based on Ubuntu Server.  I would like to disable apt, aptitude, dpkg, etc. altogether once the turnkey system is ready to ship.  Googling hasn't been fruitful - how to go about doing this?  Thanks in advance :)03:20
James_EpphitsujiTMO: I'll give it a shot, thanks!03:39
James_EpphitsujiTMO: it appears it is already the newest version03:40
andolpr3d4t0r: 1) Are you really sure it is desirable to fully disable the apt/dpkg tools? I mean, even if the user won't need to install any additional programs there is still the matter of (automatic) security upgrades, etc 2) Doubt you fully can disable these tools from a user with root access, and given how integrated they are into the systems there really isn't any clean way to uninstall them, even if I'm sure you can get some kind of ...04:14
andol... reinstall by manually deleting files or so.04:14
pr3d4t0randol: Yes.04:15
pr3d4t0randol: We're building the images in virtual machines.  If we need to update/upgrade something later, we'll do it on the master and then remove apt/dpkg/etc. as part of our ready-to-go process.04:15
pr3d4t0randol: Yeah, a root-level guy might be able to get things going again.04:16
pr3d4t0randol: We've ensured that no dev tools are installed, and the VMs are more or less jailed.04:16
pr3d4t0randol: The host server only has the hypervisor and minimal software to just get things going (we're leaving apt/dpkg in on that one).  The app servers, though, are jailed in their VM and we just want to slow things down if they are breached.04:19
pr3d4t0randol: Did that address your concerns about what we're doing?04:19
* pr3d4t0r considers just deleting them if that's the only way for now.04:20
andolpr3d4t0r: Well, my gut suggests that there is more cost than benefit to what you are doing.04:30
andolNot that you neccesarily should base any decision on the gut feeling of a random stranger on the Internet :-)04:30
pr3d4t0randol: :)04:31
pr3d4t0randol: If you can think of a clean way of removing said components it'll be fantastic.  Otherwise just /usr/bin/rm for apt, dpkg, aptitude, and /etc/apt/* ought to be it :(04:32
=== Jikai is now known as Jikan
=== Jikan is now known as Jikai
DenBeirenHi all,.. I'm looking for someone with a successful nic bonding config on 12.4.310:05
sgranhmm.  With today's pull of the cloud-repo, havana's horizon is failing in neutron client10:05
sgranFile "/usr/lib/python2.7/dist-packages/neutronclient/client.py" in authenticate10:06
sgran  224.         token_url = self.auth_url + "/tokens"10:06
sgranException Value: unsupported operand type(s) for +: 'NoneType' and 'str'10:06
lotiahi all. any pointers on setting limits on open files for non-root jobs on 10.04 LTS?11:03
lotiasorry, I mean upstart jobs11:03
babinlonstonwhile ssh login i get this message Ubuntu 10.04.4 LTS11:12
babinlonstonHow can i remove it11:12
rbasaklotia: you do it directly in the upstart job11:24
rbasaklotia: http://bryanmarty.com/blog/2012/02/10/setting-nofile-limit-upstart/ and see init(5)11:24
rbasaklotia: http://upstart.ubuntu.com/wiki/Stanzas#limit11:24
jamespagesgran, can you check that you have auth_url set in local_settings.py11:30
jamespagesgran, lemme check in my install as well11:30
sgranI most certainly do not11:31
sgranbut I never have, as far as I can tell11:32
jamespagesgran, no - sorry - that was a red herring11:33
jamespageOPENSTACK_KEYSTONE_URL maybe11:33
sgranyeah, that's set11:34
sgransec11:34
sgranjamespage: http://paste.debian.net/59175/11:35
sgranhorizon doesn't send through anything about auth_url11:35
sgranit creates the neutron client with a token11:36
jamespagesgran, I'm definately not seeing the same issue; was this functional pre-update and what update actually happened11:36
jamespage?11:36
jamespage/var/log/apt should tell you I think11:37
sgranthis was functional pre-update (running grizzly from the same repo)11:37
sgransince the update to havana, it has not worked11:37
sgranthis morning I removed all config for horizon and reinstalled the package, but no better11:38
jamespagesgran, hmm11:38
sgranah, I think I may have a piece of string to follow11:38
jamespagethat was my next suggestion11:38
jamespagethere where alot of changes; I noted that when I was updating the charm to work again for havana11:38
sgranI see that neutron client will try to use the token if it's supplied with one, and only fall back to normal auth methods if that fails11:38
sgranthat suggests my token isn't validating11:38
sgranI think I've seen this before11:38
sgranlet me chase that up11:39
sgranthanks!11:39
jamespagesgran, np11:39
=== zz_Gurkenmaster is now known as Gurkenmaster
sgranjamespage: got it12:13
sgranincomplete transition in my environment from quantum to neutron - I had wrong keystone credentials12:14
sgranfor the service, that is, not for my user12:14
lotiarbasak: thanks12:27
lotiahow do I set it for non-root users and have it obeyed.12:31
rbasaklotia: non-root users cannot increase the limit12:35
rbasaklotia: I'm guessing that you need to increase the limit for the user's login session first; otherwise the user cannot run an upstart that can increase the limit. /etc/security/limits.conf for that. THat's just a guess, though.12:35
=== Jikai is now known as Jikan
jamespagesgran, right12:52
jamespagesgran, I think that transitions going to catch alot of upgraders12:52
fgfgHI EVERYONE12:56
=== Jikan is now known as Jikai
fgfgthis is the first time I use xchat13:05
irvgetting an error when trying to run autoremove, umnet dependencies: linux-server Depends linux-image-server (=3.2.0.43.51) but 3.2.0.54.64 is installed, Depends linux-headers-server (=3.2.0.43.51) but 3.2.0.54.64 is installed13:26
irvthen when i try to run sudo apt-get -f install  it says that linux-server will be installed and also upgraded13:26
irvbut then, says dependency problems prevent configuration of linux-server: linux-server depends on linux-image-server (=3.2.0.43.51) however version of linux-image-server on system is 3.2.0.54.6413:27
irvetc13:27
irverror processing linux-server13:27
irvso it seems like i'm stuck in a loop13:27
irvthere we go, removed linux-server13:30
irvgood to go :)13:30
hitsujiTMOirv that is your kernel13:31
hitsujiTMOirv what is the outpur of: uname -r     and what is the output of: dpkg --get-selections | grep "linux-image"13:32
=== freeflying_away is now known as freeflying
=== Jikai is now known as Jikan
=== gary_poster is now known as gary_poster|away
irv3.2.0-54-generic14:17
irvand i have a bunch of linux-image-3.2.0-41 through -54 and linux-image-server14:17
nomiusHello14:18
nomiusIf I install unattended-upgrades and I don't modify 10periodic, it wouldn't do it automatically but only when I run sudo unattended-upgrade?14:20
=== gary_poster|away is now known as gary_poster
=== freeflying is now known as freeflying_away
=== gary_poster is now known as gary_poster|away
=== gary_poster|away is now known as gary_poster
rbasaknomius: dpkg-reconfigure unattended-upgrades to ask it to do it automatically.14:46
rbasaknomius: it drops something into /etc/apt.conf.d/ when you ask it to do it that way, which enables the cron job to actually do the work.14:46
nomiusGreat, thanks rbasak14:48
SpamapSrbasak: http://activity.openstack.org/dash/releases/company.html?company=HP <-- you may want to check on why you are on this list.. or.. did you make a move I didn't hear about? ;)15:04
rbasakSpamapS: NFI. Amusing though. Any idea where that comes from?15:10
SpamapSrbasak: well, I thought it came from here: https://git.openstack.org/cgit/openstack-infra/activity-board/tree/browser/data/affs/openstack-community-affs.csv  .. but that is "correct"15:11
SpamapSrbasak: you may want to login to www.openstack.org and make sure your profile has Canonical in it.15:11
rbasakSpamapS: I'm not aware of even having a login. Unless you need one to submit stuff to gerrit. My password manager says no to that as well though :-/15:13
SpamapSrbasak: you do need a login, because you have to have one to sign the CLA.15:20
SpamapSrbasak: I also didn't have an entry in my password manager. :-P15:20
jrwrenrbasak: yesterday you mentioned you prefer your own tools to boto, or were you talking about aws-cli?15:41
fedeisashi guys! How can I make /var/www writable and readable for two users (www-data and my deploy user).15:59
andolfedeisas: Assuming you really want /var/www to writeable by www-data the easiest way to accomplish that is make that folder writeable by a group, containing both both users.16:04
jetolejoin #mint16:05
andolfedeisas: That said, sure the full /var/www needs to be writeable by the web server users, instead of perhaps just a specific sub directory?16:05
fedeisasyeah, probably just some storage folder16:05
fedeisasI'm trying to user setfacl but it's only confussing me worse16:06
jrwrenfedeisas: setfacl is going to require you mount the filesystem with acl support. if /var/www is mounted on / you can do that by editing /etc/fstab and adding acl to the options field, and then remounting /16:32
jrwrenfedeisas: then you can setfacl -m u:www-data:rwx,u:deployuser:rwx /var/www16:34
fedeisasjwren how can I remount fs? I never did that before :-( Thanaks16:53
jrwrenmount -o remount /16:59
fedeisasjwren LABEL=cloudimg-rootfs/ ext4defaults0 017:03
fedeisasno acl :-(17:03
jrwrenmount -o remount,acl /17:03
rbasakjrwren: I meant that the boto tools are a little bitrotted and there's usually a better tool outside boto that does the job better.17:23
rbasakjrwren: I presume aws-cli for all the stuff that it supports.17:23
fedeisasjrwren I still can't make it work with or without acl :-(17:28
jrwrenfedeisas: i don't know what to say other than works for me.17:35
jrwrenfedeisas: does getfacl show the acl ?17:35
fedeisasjrwren yes, but new files are written as deploy user (not www) so later nginx can't access them17:37
jrwrenthat is how acls work.17:38
fedeisasthat's the issue, I get mixed owner on folders and files, so later I can't operate on the files in one way or the other17:38
jrwrenyou need to set a default mask if you want new files to be writable17:38
fedeisasI want my deploy user (via ssh deploy script) and www-data to be able to operate on those files17:38
fedeisasis there any way to give those two users full rights on /var/www (like a co ownership)?17:39
jrwrenfedeisas: then you can setfacl -m u:www-data:rwx,u:deployuser:rwx:d:u:www-data:rwx,d:u:deployuser:rws /var/www17:39
sarnoldwhy do you want your webserver to modify files?17:39
jrwrenyou want that then.  default rules.17:39
fedeisassarnold logs and framework caches, etc17:40
sarnoldfedeisas: logs, sure, caches, I can understand, but won't both those live in different locations than "deployed" content?17:41
fedeisaswell, I'm using a php script that's similar to capistrano17:42
fedeisaswhere I have shared folders for logs and cache17:42
jrwreni just tested the default acls I showed you, and they work.17:43
fedeisasthis won't work on my machine: setfacl -m u:www-data:rwx,u:deployuser:rwx:d:u:www-data:rwx,d:u:deployuser:rws /var/www17:44
jrwrenyou'll want each dir that you want new files to behave as you said to have those default17:44
jrwrenbecause you wrote rws instead of rwx?17:44
jrwrenoh, I wrote rws too, sorry, typo.17:44
fedeisasoh, I thought the `s` was for new files like chmod g+s17:44
jrwrennope, typo.17:45
fedeisasthe x needs to be X?17:45
raubin previous versions of snmod, you could setup in snmpd.local rocommunity community ip.address to restrict to a given ip. How do you do it in 12.04?17:50
fedeisasjrwren my deploy script creates folder under the deploy:deploy ownership that are not readable by www-data, even when getfacl has user:www-data:rwx17:52
fedeisasjrwren my trouble folder has an #effective on getacl18:00
fedeisaswhat does that means?18:00
jrwrenits all in the getfacl/setfacl man pages.18:10
jrwrenif your deploy script creates new folders, you might have to run setfacl after each deploy. I can't recall if there is a way to default the defaults *sigh*18:10
fedeisasjrwren I'll search. This is far too hard for just a deployment script :-(18:14
jrwrenif it is part of your script, you could do your copy, then find /var/www -type d -exec setfacl -m u:www-data:rwx,u:deployuser:rwx,d:u:www-data:rwx,d:u:deployuser:rwx \{\}+ ; find /var/www/ -type f -exec setfacl -m u:www-data:rwx,u:deployuser:rwx \{\}+18:18
fedeisasthanks jrwren18:31
fedeisasone more thing18:31
fedeisashow can I debug why nginx it's not starting on ubuntu startup?18:32
adam_gzul, if you're still around can you give a quick look to the 2013.1.4 reviews in https://code.launchpad.net/~ubuntu-server-dev/+activereviews18:32
sarnoldfedeisas: any entries in its logs?18:33
jrwrenfedeisas: is it set to start? i saw your rootfs is cloudimg.  if you apt-get install nginx, it doesn't automatically set itself ot start, you must "invoke-rc.d nginx enable"18:38
zuladam_g: +118:38
novatohi18:40
novatohelp me with ubuntu server18:40
novatospeak spanish=??18:40
novatohi!18:40
fedeisassarnold jrwren no error logs, I have the nginx start script on my /etc/init.d folder18:40
fedeisasjrwren "invoke-rc.d: initscript nginx, action "enable" failed."18:41
fedeisasnovato I speak spanish as well, hola amigo18:41
novatofedeisas:  speak spanish o english=??18:41
novatofedeisas: hola18:41
jrwrensorry, update-rc.d instead of invoke-rc.d.18:41
novatosabes de server ubuntu18:41
fedeisasjrwren System start/stop links for /etc/init.d/nginx already exist.18:41
fedeisasnovato qué necesitás? contame.18:42
novatofedeisas:  tengo 3 servidores  dell y necesito probarlos18:42
novatodejar algo q dure dias y ver si se cae la aplicacion o no!18:42
jrwrenfedeisas: then it should start. if /var/log/nginx/error.log says nothing, you'll have to debug manually18:42
=== NomadJim_ is now known as NomadJim
novatofedeisas:  los servidores son nuevos y llegaron hoy y necesito probarlos con cualquier aplicacion18:42
novatofedeisas: saber q si lo uso el lunes la aplicacion este muy bien y corriendo de maravilla18:43
novatofedeisas: necesito instalar ubuntu server probarlo con una aplicacion y la misma ejecute  bien sin problemas18:44
fedeisasjrwren it seems I can only start the service as sudo, right?18:45
fedeisasnovato y cuál es el problema?18:45
novatofedeisas:  no sé como probar una server con una aplicación18:45
fedeisasqué aplicación?18:45
novatofedeisas: necesito estar seguro q los server funcionen bien xq son para una sucursal en donde trabajo y deben estar bien18:46
novatofedeisas: cualquier aplicacion q pruebe en ubuntu server18:46
fedeisasnovato y bueno, instala ubuntu server y tu aplicaicón18:46
novatofedeisas: pero no tengo aplicaci´n18:46
novatofedeisas:  no sé cual usar!18:46
jrwrenfedeisas: yes, only root user can start processes which listen on ports <102418:46
=== lj1 is now known as lj
adam_gzul, thanks18:47
novatohola18:51
novatofedeisas:  como podrías ayudarme x lo enos montar un server de correo haber18:51
novatofedeisas: probar disk 10 días un correo haber si se cae o no!18:51
novatocomo monto un server ubuntu para correo18:51
fedeisasnovato no es tan fácil. Es tu primera vez con Ubuntu o Linux?18:52
novatoserver lo he visto x encima18:52
fedeisasnovato primero prueba instalando una distribución y configurando la red, dns, etc.18:52
fedeisasnovato qué software usan para correo?18:52
novatotengo una en mi maquina virtual18:52
novatopero no hace puente18:53
novatono encuentra un adapptador de red18:53
novatofedeisas:  aqui usan puro @gmail.com18:53
fedeisasnovato yo te recomeindo probar con VirtualBox y, si tienes que mantener 3 servers iguales, quizás aprendería chef o ansible18:53
fedeisaspara configurarlos18:53
fedeisasy provisionarlos18:54
novatofedeisas: ok18:54
novatotengo una virtual con virtual box pero al hacer un puente no puedo sabe este error:  red de aaptador 1; no hay adaptador para puente18:55
novatocuando cambio de nat a  adaptador puente18:55
fedeisasdejalo en NAT18:55
fedeisasdoes /etc/init.d/ files are run as sudo?>18:56
novatofedeisas:  y para hacer puente como hago!18:58
novatofedeisas: hago esto: ping www.yahoo.com y nada no sale nada18:58
novatofedeisas:  no encuenra el host!18:58
fedeisasmmm18:59
fedeisashay un millón de variantes18:59
fedeisasquizás tu host (la pc donde corres vbox) no le permite tener acceso a internet a tu vbox18:59
fedeisasla red donde corres esto es muy cerrada?18:59
fedeisastiene habilitado NAT?18:59
novatofedeisas:  no puede ser! como puedo corregir eso, es fatal18:59
novatoalli en red esta NA19:00
novatoNAT19:00
novatocomo t envó una imagen para q veas lo q tengo=?19:00
novatofedeisas: como reparo este problema=??19:02
fedeisasinstala las guest additions de vbox19:02
novatook!19:03
novatofedeisas:  aqui uso esta xqria de guindouxxx19:04
novato719:04
novatopero en ubuntu se ahcerlo qui no19:04
defaultrohi folks, I have an off topic question, it's about MX records. I have 2 domains. domainA.com has an mx record while domainB.com doesn't have an MX record. Am I correct that I can add an MX record for domainB.com on the same server that handles my domainA.com? This way, the mail delivery is on the same server.19:15
novatofedeisas: estas=??19:27
fedeisasnovato si, pero no sé lo que me preguntás, perdón.19:28
fedeisasnovato deberías primero buscar cómo hacer andar vbox bien19:29
fedeisasjugar con ubuntu-server19:29
novatofedeisas: ya comenzé a instaar ubuntu server en 1 servidor19:29
fedeisasah, ok19:29
novatofedeisas: pero ahora tendré q pensar q debo instlar para poder probar el ubuntu server19:29
fedeisasun servidor web?19:29
novatofedeisas:  será o no sé q otra cosa puede ser!19:30
fedeisasnovato trata de instalar LAMP para empezar a conocer el SO19:32
novatook eso me ayudara a probar el server19:32
novatoy eso de ansible19:32
novato es ?19:32
kolarsk__hi19:34
=== cmagina_ is now known as cmagina
Beatstreetcan I upgrade OpenSSL to on natty?20:58
Beatstreetcan I upgrade OpenSSL to 1.0.1 on natty?20:58
sarnoldyikes, best would be to replace natty entirely, it hasn't been supported for nearly a year21:02
sarnoldsee e.g. https://wiki.ubuntu.com/Releases21:03
Beatstreetyea, figured - thanks sarnold21:03
sarnoldBeatstreet: good luck. :)21:07
Beatstreetty21:07
MraMariahi. is it possible to do a clean installation of 13.10 with a 13.04 cd?22:46
MraMariaor... if it's easy, in your opinion, i have the bios on that machine set with a static local ip22:48
sarnoldMraMaria: it is expected that installing 13.04 and upgrading to 13.10 should work fine, though it feels like I've seen more-than-usual number of bugreports about the updater failing.22:50
MraMariasarnold: i did it... for some reason i got my display bad. goes of and on, at times22:51
MraMariathat's why i decided to do a clean install. i know i might fix it over ssh but i think it might be better to install22:51
sarnoldMraMaria: hrm. that's not good. please consider filing a bug before you overwrite it :)22:52
MichaelI am trying to set up webmin on a Ubuntu 12.04 Amazon EC2 instance. I've installed it, but I cannot login. The help guide offers a method to change the password, but I can't find the file http://www.webmin.com/faq.html22:53
MraMariasarnold: i'm not sure it it was my fault; i tried to install fluxbox before that start happening22:53
MraMariasarnold: i did that to do some "house keeping" graphically22:54
sarnoldterrifying: "The Webmin Users and Groups module supports the encryption of passwords with the MD5 algorithm"22:54
MraMariahouse cleaning..22:54
MraMariabtw, sarnold, i have been running 13.10 for a couple weeks already, on other desktop machines, and no problems.22:55
MraMariais ppl using webmin a lot, lately? i left it a couple yrs when there were some problems with ubuntu22:58
sarnoldhopefully very few people use webmin, they've had a horrible security history, I'm not sure they exercise proper programming discpline.23:03
jrwrenrbasak: after thought, I'm leaning toward pip install awscli in my cloud-config. Thanks for giving me the idea23:07
=== Gurkenmaster is now known as zz_Gurkenmaster

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!