=== freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === Jikan is now known as Jikai [03:19] Greetings. [03:20] Working on a turnkey server application based on Ubuntu Server. I would like to disable apt, aptitude, dpkg, etc. altogether once the turnkey system is ready to ship. Googling hasn't been fruitful - how to go about doing this? Thanks in advance :) [03:39] hitsujiTMO: I'll give it a shot, thanks! [03:40] hitsujiTMO: it appears it is already the newest version [04:14] pr3d4t0r: 1) Are you really sure it is desirable to fully disable the apt/dpkg tools? I mean, even if the user won't need to install any additional programs there is still the matter of (automatic) security upgrades, etc 2) Doubt you fully can disable these tools from a user with root access, and given how integrated they are into the systems there really isn't any clean way to uninstall them, even if I'm sure you can get some kind of ... [04:14] ... reinstall by manually deleting files or so. [04:15] andol: Yes. [04:15] andol: We're building the images in virtual machines. If we need to update/upgrade something later, we'll do it on the master and then remove apt/dpkg/etc. as part of our ready-to-go process. [04:16] andol: Yeah, a root-level guy might be able to get things going again. [04:16] andol: We've ensured that no dev tools are installed, and the VMs are more or less jailed. [04:19] andol: The host server only has the hypervisor and minimal software to just get things going (we're leaving apt/dpkg in on that one). The app servers, though, are jailed in their VM and we just want to slow things down if they are breached. [04:19] andol: Did that address your concerns about what we're doing? [04:20] * pr3d4t0r considers just deleting them if that's the only way for now. [04:30] pr3d4t0r: Well, my gut suggests that there is more cost than benefit to what you are doing. [04:30] Not that you neccesarily should base any decision on the gut feeling of a random stranger on the Internet :-) [04:31] andol: :) [04:32] andol: If you can think of a clean way of removing said components it'll be fantastic. Otherwise just /usr/bin/rm for apt, dpkg, aptitude, and /etc/apt/* ought to be it :( === Jikai is now known as Jikan === Jikan is now known as Jikai [10:05] Hi all,.. I'm looking for someone with a successful nic bonding config on 12.4.3 [10:05] hmm. With today's pull of the cloud-repo, havana's horizon is failing in neutron client [10:06] File "/usr/lib/python2.7/dist-packages/neutronclient/client.py" in authenticate [10:06] 224. token_url = self.auth_url + "/tokens" [10:06] Exception Value: unsupported operand type(s) for +: 'NoneType' and 'str' [11:03] hi all. any pointers on setting limits on open files for non-root jobs on 10.04 LTS? [11:03] sorry, I mean upstart jobs [11:12] while ssh login i get this message Ubuntu 10.04.4 LTS [11:12] How can i remove it [11:24] lotia: you do it directly in the upstart job [11:24] lotia: http://bryanmarty.com/blog/2012/02/10/setting-nofile-limit-upstart/ and see init(5) [11:24] lotia: http://upstart.ubuntu.com/wiki/Stanzas#limit [11:30] sgran, can you check that you have auth_url set in local_settings.py [11:30] sgran, lemme check in my install as well [11:31] I most certainly do not [11:32] but I never have, as far as I can tell [11:33] sgran, no - sorry - that was a red herring [11:33] OPENSTACK_KEYSTONE_URL maybe [11:34] yeah, that's set [11:34] sec [11:35] jamespage: http://paste.debian.net/59175/ [11:35] horizon doesn't send through anything about auth_url [11:36] it creates the neutron client with a token [11:36] sgran, I'm definately not seeing the same issue; was this functional pre-update and what update actually happened [11:36] ? [11:37] /var/log/apt should tell you I think [11:37] this was functional pre-update (running grizzly from the same repo) [11:37] since the update to havana, it has not worked [11:38] this morning I removed all config for horizon and reinstalled the package, but no better [11:38] sgran, hmm [11:38] ah, I think I may have a piece of string to follow [11:38] that was my next suggestion [11:38] there where alot of changes; I noted that when I was updating the charm to work again for havana [11:38] I see that neutron client will try to use the token if it's supplied with one, and only fall back to normal auth methods if that fails [11:38] that suggests my token isn't validating [11:38] I think I've seen this before [11:39] let me chase that up [11:39] thanks! [11:39] sgran, np === zz_Gurkenmaster is now known as Gurkenmaster [12:13] jamespage: got it [12:14] incomplete transition in my environment from quantum to neutron - I had wrong keystone credentials [12:14] for the service, that is, not for my user [12:27] rbasak: thanks [12:31] how do I set it for non-root users and have it obeyed. [12:35] lotia: non-root users cannot increase the limit [12:35] lotia: I'm guessing that you need to increase the limit for the user's login session first; otherwise the user cannot run an upstart that can increase the limit. /etc/security/limits.conf for that. THat's just a guess, though. === Jikai is now known as Jikan [12:52] sgran, right [12:52] sgran, I think that transitions going to catch alot of upgraders [12:56] HI EVERYONE === Jikan is now known as Jikai [13:05] this is the first time I use xchat [13:26] getting an error when trying to run autoremove, umnet dependencies: linux-server Depends linux-image-server (=3.2.0.43.51) but 3.2.0.54.64 is installed, Depends linux-headers-server (=3.2.0.43.51) but 3.2.0.54.64 is installed [13:26] then when i try to run sudo apt-get -f install it says that linux-server will be installed and also upgraded [13:27] but then, says dependency problems prevent configuration of linux-server: linux-server depends on linux-image-server (=3.2.0.43.51) however version of linux-image-server on system is 3.2.0.54.64 [13:27] etc [13:27] error processing linux-server [13:27] so it seems like i'm stuck in a loop [13:30] there we go, removed linux-server [13:30] good to go :) [13:31] irv that is your kernel [13:32] irv what is the outpur of: uname -r and what is the output of: dpkg --get-selections | grep "linux-image" === freeflying_away is now known as freeflying === Jikai is now known as Jikan === gary_poster is now known as gary_poster|away [14:17] 3.2.0-54-generic [14:17] and i have a bunch of linux-image-3.2.0-41 through -54 and linux-image-server [14:18] Hello [14:20] If I install unattended-upgrades and I don't modify 10periodic, it wouldn't do it automatically but only when I run sudo unattended-upgrade? === gary_poster|away is now known as gary_poster === freeflying is now known as freeflying_away === gary_poster is now known as gary_poster|away === gary_poster|away is now known as gary_poster [14:46] nomius: dpkg-reconfigure unattended-upgrades to ask it to do it automatically. [14:46] nomius: it drops something into /etc/apt.conf.d/ when you ask it to do it that way, which enables the cron job to actually do the work. [14:48] Great, thanks rbasak [15:04] rbasak: http://activity.openstack.org/dash/releases/company.html?company=HP <-- you may want to check on why you are on this list.. or.. did you make a move I didn't hear about? ;) [15:10] SpamapS: NFI. Amusing though. Any idea where that comes from? [15:11] rbasak: well, I thought it came from here: https://git.openstack.org/cgit/openstack-infra/activity-board/tree/browser/data/affs/openstack-community-affs.csv .. but that is "correct" [15:11] rbasak: you may want to login to www.openstack.org and make sure your profile has Canonical in it. [15:13] SpamapS: I'm not aware of even having a login. Unless you need one to submit stuff to gerrit. My password manager says no to that as well though :-/ [15:20] rbasak: you do need a login, because you have to have one to sign the CLA. [15:20] rbasak: I also didn't have an entry in my password manager. :-P [15:41] rbasak: yesterday you mentioned you prefer your own tools to boto, or were you talking about aws-cli? [15:59] hi guys! How can I make /var/www writable and readable for two users (www-data and my deploy user). [16:04] fedeisas: Assuming you really want /var/www to writeable by www-data the easiest way to accomplish that is make that folder writeable by a group, containing both both users. [16:05] join #mint [16:05] fedeisas: That said, sure the full /var/www needs to be writeable by the web server users, instead of perhaps just a specific sub directory? [16:05] yeah, probably just some storage folder [16:06] I'm trying to user setfacl but it's only confussing me worse [16:32] fedeisas: setfacl is going to require you mount the filesystem with acl support. if /var/www is mounted on / you can do that by editing /etc/fstab and adding acl to the options field, and then remounting / [16:34] fedeisas: then you can setfacl -m u:www-data:rwx,u:deployuser:rwx /var/www [16:53] jwren how can I remount fs? I never did that before :-( Thanaks [16:59] mount -o remount / [17:03] jwren LABEL=cloudimg-rootfs / ext4 defaults 0 0 [17:03] no acl :-( [17:03] mount -o remount,acl / [17:23] jrwren: I meant that the boto tools are a little bitrotted and there's usually a better tool outside boto that does the job better. [17:23] jrwren: I presume aws-cli for all the stuff that it supports. [17:28] jrwren I still can't make it work with or without acl :-( [17:35] fedeisas: i don't know what to say other than works for me. [17:35] fedeisas: does getfacl show the acl ? [17:37] jrwren yes, but new files are written as deploy user (not www) so later nginx can't access them [17:38] that is how acls work. [17:38] that's the issue, I get mixed owner on folders and files, so later I can't operate on the files in one way or the other [17:38] you need to set a default mask if you want new files to be writable [17:38] I want my deploy user (via ssh deploy script) and www-data to be able to operate on those files [17:39] is there any way to give those two users full rights on /var/www (like a co ownership)? [17:39] fedeisas: then you can setfacl -m u:www-data:rwx,u:deployuser:rwx:d:u:www-data:rwx,d:u:deployuser:rws /var/www [17:39] why do you want your webserver to modify files? [17:39] you want that then. default rules. [17:40] sarnold logs and framework caches, etc [17:41] fedeisas: logs, sure, caches, I can understand, but won't both those live in different locations than "deployed" content? [17:42] well, I'm using a php script that's similar to capistrano [17:42] where I have shared folders for logs and cache [17:43] i just tested the default acls I showed you, and they work. [17:44] this won't work on my machine: setfacl -m u:www-data:rwx,u:deployuser:rwx:d:u:www-data:rwx,d:u:deployuser:rws /var/www [17:44] you'll want each dir that you want new files to behave as you said to have those default [17:44] because you wrote rws instead of rwx? [17:44] oh, I wrote rws too, sorry, typo. [17:44] oh, I thought the `s` was for new files like chmod g+s [17:45] nope, typo. [17:45] the x needs to be X? [17:50] in previous versions of snmod, you could setup in snmpd.local rocommunity community ip.address to restrict to a given ip. How do you do it in 12.04? [17:52] jrwren my deploy script creates folder under the deploy:deploy ownership that are not readable by www-data, even when getfacl has user:www-data:rwx [18:00] jrwren my trouble folder has an #effective on getacl [18:00] what does that means? [18:10] its all in the getfacl/setfacl man pages. [18:10] if your deploy script creates new folders, you might have to run setfacl after each deploy. I can't recall if there is a way to default the defaults *sigh* [18:14] jrwren I'll search. This is far too hard for just a deployment script :-( [18:18] if it is part of your script, you could do your copy, then find /var/www -type d -exec setfacl -m u:www-data:rwx,u:deployuser:rwx,d:u:www-data:rwx,d:u:deployuser:rwx \{\}+ ; find /var/www/ -type f -exec setfacl -m u:www-data:rwx,u:deployuser:rwx \{\}+ [18:31] thanks jrwren [18:31] one more thing [18:32] how can I debug why nginx it's not starting on ubuntu startup? [18:32] zul, if you're still around can you give a quick look to the 2013.1.4 reviews in https://code.launchpad.net/~ubuntu-server-dev/+activereviews [18:33] fedeisas: any entries in its logs? [18:38] fedeisas: is it set to start? i saw your rootfs is cloudimg. if you apt-get install nginx, it doesn't automatically set itself ot start, you must "invoke-rc.d nginx enable" [18:38] adam_g: +1 [18:40] hi [18:40] help me with ubuntu server [18:40] speak spanish=?? [18:40] hi! [18:40] sarnold jrwren no error logs, I have the nginx start script on my /etc/init.d folder [18:41] jrwren "invoke-rc.d: initscript nginx, action "enable" failed." [18:41] novato I speak spanish as well, hola amigo [18:41] fedeisas: speak spanish o english=?? [18:41] fedeisas: hola [18:41] sorry, update-rc.d instead of invoke-rc.d. [18:41] sabes de server ubuntu [18:41] jrwren System start/stop links for /etc/init.d/nginx already exist. [18:42] novato qué necesitás? contame. [18:42] fedeisas: tengo 3 servidores dell y necesito probarlos [18:42] dejar algo q dure dias y ver si se cae la aplicacion o no! [18:42] fedeisas: then it should start. if /var/log/nginx/error.log says nothing, you'll have to debug manually === NomadJim_ is now known as NomadJim [18:42] fedeisas: los servidores son nuevos y llegaron hoy y necesito probarlos con cualquier aplicacion [18:43] fedeisas: saber q si lo uso el lunes la aplicacion este muy bien y corriendo de maravilla [18:44] fedeisas: necesito instalar ubuntu server probarlo con una aplicacion y la misma ejecute bien sin problemas [18:45] jrwren it seems I can only start the service as sudo, right? [18:45] novato y cuál es el problema? [18:45] fedeisas: no sé como probar una server con una aplicación [18:45] qué aplicación? [18:46] fedeisas: necesito estar seguro q los server funcionen bien xq son para una sucursal en donde trabajo y deben estar bien [18:46] fedeisas: cualquier aplicacion q pruebe en ubuntu server [18:46] novato y bueno, instala ubuntu server y tu aplicaicón [18:46] fedeisas: pero no tengo aplicaci´n [18:46] fedeisas: no sé cual usar! [18:46] fedeisas: yes, only root user can start processes which listen on ports <1024 === lj1 is now known as lj [18:47] zul, thanks [18:51] hola [18:51] fedeisas: como podrías ayudarme x lo enos montar un server de correo haber [18:51] fedeisas: probar disk 10 días un correo haber si se cae o no! [18:51] como monto un server ubuntu para correo [18:52] novato no es tan fácil. Es tu primera vez con Ubuntu o Linux? [18:52] server lo he visto x encima [18:52] novato primero prueba instalando una distribución y configurando la red, dns, etc. [18:52] novato qué software usan para correo? [18:52] tengo una en mi maquina virtual [18:53] pero no hace puente [18:53] no encuentra un adapptador de red [18:53] fedeisas: aqui usan puro @gmail.com [18:53] novato yo te recomeindo probar con VirtualBox y, si tienes que mantener 3 servers iguales, quizás aprendería chef o ansible [18:53] para configurarlos [18:54] y provisionarlos [18:54] fedeisas: ok [18:55] tengo una virtual con virtual box pero al hacer un puente no puedo sabe este error: red de aaptador 1; no hay adaptador para puente [18:55] cuando cambio de nat a adaptador puente [18:55] dejalo en NAT [18:56] does /etc/init.d/ files are run as sudo?> [18:58] fedeisas: y para hacer puente como hago! [18:58] fedeisas: hago esto: ping www.yahoo.com y nada no sale nada [18:58] fedeisas: no encuenra el host! [18:59] mmm [18:59] hay un millón de variantes [18:59] quizás tu host (la pc donde corres vbox) no le permite tener acceso a internet a tu vbox [18:59] la red donde corres esto es muy cerrada? [18:59] tiene habilitado NAT? [18:59] fedeisas: no puede ser! como puedo corregir eso, es fatal [19:00] alli en red esta NA [19:00] NAT [19:00] como t envó una imagen para q veas lo q tengo=? [19:02] fedeisas: como reparo este problema=?? [19:02] instala las guest additions de vbox [19:03] ok! [19:04] fedeisas: aqui uso esta xqria de guindouxxx [19:04] 7 [19:04] pero en ubuntu se ahcerlo qui no [19:15] hi folks, I have an off topic question, it's about MX records. I have 2 domains. domainA.com has an mx record while domainB.com doesn't have an MX record. Am I correct that I can add an MX record for domainB.com on the same server that handles my domainA.com? This way, the mail delivery is on the same server. [19:27] fedeisas: estas=?? [19:28] novato si, pero no sé lo que me preguntás, perdón. [19:29] novato deberías primero buscar cómo hacer andar vbox bien [19:29] jugar con ubuntu-server [19:29] fedeisas: ya comenzé a instaar ubuntu server en 1 servidor [19:29] ah, ok [19:29] fedeisas: pero ahora tendré q pensar q debo instlar para poder probar el ubuntu server [19:29] un servidor web? [19:30] fedeisas: será o no sé q otra cosa puede ser! [19:32] novato trata de instalar LAMP para empezar a conocer el SO [19:32] ok eso me ayudara a probar el server [19:32] y eso de ansible [19:32] es ? [19:34] hi === cmagina_ is now known as cmagina [20:58] can I upgrade OpenSSL to on natty? [20:58] can I upgrade OpenSSL to 1.0.1 on natty? [21:02] yikes, best would be to replace natty entirely, it hasn't been supported for nearly a year [21:03] see e.g. https://wiki.ubuntu.com/Releases [21:03] yea, figured - thanks sarnold [21:07] Beatstreet: good luck. :) [21:07] ty [22:46] hi. is it possible to do a clean installation of 13.10 with a 13.04 cd? [22:48] or... if it's easy, in your opinion, i have the bios on that machine set with a static local ip [22:50] MraMaria: it is expected that installing 13.04 and upgrading to 13.10 should work fine, though it feels like I've seen more-than-usual number of bugreports about the updater failing. [22:51] sarnold: i did it... for some reason i got my display bad. goes of and on, at times [22:51] that's why i decided to do a clean install. i know i might fix it over ssh but i think it might be better to install [22:52] MraMaria: hrm. that's not good. please consider filing a bug before you overwrite it :) [22:53] I am trying to set up webmin on a Ubuntu 12.04 Amazon EC2 instance. I've installed it, but I cannot login. The help guide offers a method to change the password, but I can't find the file http://www.webmin.com/faq.html [22:53] sarnold: i'm not sure it it was my fault; i tried to install fluxbox before that start happening [22:54] sarnold: i did that to do some "house keeping" graphically [22:54] terrifying: "The Webmin Users and Groups module supports the encryption of passwords with the MD5 algorithm" [22:54] house cleaning.. [22:55] btw, sarnold, i have been running 13.10 for a couple weeks already, on other desktop machines, and no problems. [22:58] is ppl using webmin a lot, lately? i left it a couple yrs when there were some problems with ubuntu [23:03] hopefully very few people use webmin, they've had a horrible security history, I'm not sure they exercise proper programming discpline. [23:07] rbasak: after thought, I'm leaning toward pip install awscli in my cloud-config. Thanks for giving me the idea === Gurkenmaster is now known as zz_Gurkenmaster