tc0nn_ | Beatstreet: logrotate | 00:08 |
---|---|---|
=== freeflying_away is now known as freeflying | ||
tc0nn_ | or move the file, restart rsyslog | 00:09 |
=== robbyf_ is now known as RobbyF | ||
=== thumper-afk is now known as thumper | ||
=== tc0nn_ is now known as tc0nn | ||
=== Mapley is now known as Mapley|group | ||
=== Laogeodritt| is now known as Laogeodritt | ||
sond | Howdy all.. has anyone here installed ScriptCase manually on a headless Ubuntu Server ? | 05:28 |
sond | * installed ScriptCase on a headless Ubuntu Server | 05:30 |
ancaster | Hi! I have a server with an external USB backup drive (flakey, I know). I'd like to mount it somehow so if the drive is removed, my backups don't fill up the disk where the mount point is. | 05:37 |
jkitchen | anyone else have issues with ganglia-monitor and upstart on 13.04? | 06:11 |
jkitchen | I would assume I need to have daemonize = no in gmond.conf for upstart | 06:12 |
jkitchen | but starting, stopping, whatever is just hanging there doing seemingly nothing. | 06:12 |
Carbon_Monoxide | Hi! I use USB thumb to install Ubuntu Server. The installation screen freezes on 'Language Selection' after I chose 'Basic Server Install'. It shows the language list but I can't move the highlight. | 06:33 |
=== Guest69245 is now known as bitnumus | ||
Rory | Carbon_Monoxide: Do you have access to a PS/2 keyboard instead of USB? | 09:29 |
Carbon_Monoxide | Rory: Not yet. This is what I'm going to try tonight after I read one of the question in Stackoverflow | 09:31 |
Carbon_Monoxide | Rory: I was using a Thinkpad USB keyboard which is not really common. It has a trackpoint on it. | 09:32 |
Rory | I think there's some sort of bug with USB keyboards | 09:40 |
Rory | I remember reading one shortly after 13.10's release, but I can't remember what all the affected systems had in common, besides using a USB keyboard | 09:40 |
=== freeflying is now known as freeflying_away | ||
Carbon_Monoxide | Rory: Thanks for the hint! | 10:52 |
jamespage | rbasak, you got these on your list for merging? - http://paste.ubuntu.com/6447537/ | 10:55 |
TazmainianDevil | hi all I need some help with running a program that is similar to git at startup. | 11:26 |
TazmainianDevil | I am having a problem with perforce I am running ubuntu 12.04 when I put the command /Perforce/p4d in the /etc/rc/local file the server starts but it does not start correctly. As in I cannot access the server although it is running. When log into the server and cd /Perforce and then ./p4d it works perfectly. | 11:32 |
=== freeflying_away is now known as freeflying | ||
=== io is now known as IdleOne | ||
gyre007 | guys....when I use --verify-passphrase can I still use /etc/crypttab to automatically mount encrypted device on boot ? ie does it have any effect on crypttab ...I dont want to be entering password on every boot... | 12:24 |
=== chuck__ is now known as zul | ||
TheOsprey | Hi all | 13:05 |
makara | do I need to restart an EC2 instance if I've added a port to the security group it is part of? | 13:35 |
=== exekias_ is now known as exekias | ||
rbasak | jamespage: they're both on the report. I will look at them, but probably not for a couple of weeks. yolanda: is https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/libnss-ldap/debian_merge/+merge/174993 relevant here? Was that supposed to have landed? | 13:42 |
mardraum | makara: no, just apply the change to the security group. | 13:43 |
yolanda | rbasak, that's merge i did on summer and was approved, wasn't landed in the package? | 13:43 |
yolanda | i don't have permissions to do it, but i assumed it landed | 13:43 |
mardraum | makara: the security group is like a firewall in front of your instance, it has nothing to do with the instance itself. | 13:43 |
rbasak | yolanda: I don't think it did: https://launchpad.net/ubuntu/+source/libnss-ldap | 13:43 |
makara | mardraum, so it should be instantaneous? | 13:44 |
mardraum | when you apply the change, yes | 13:44 |
makara | because nmap shouldn't show the port I just opened | 13:44 |
mardraum | perhaps nothing is listening our your connection is filtering outbound to it? | 13:44 |
makara | when I nmap localhost from ssh it shows the open port | 13:47 |
yolanda | rbasak, looks strange. version in trusty i see is 264-2.2ubuntu4, but version in my MP is (264-2.5ubuntu1. Not only my change, but some others are missing then | 13:48 |
makara | minus the ports 110 and 21 | 13:48 |
zul | jamespage: i get to use dh_autoreconf today lucky me | 14:01 |
jamespage | zul,\o/ | 14:02 |
makara | holy cow | 14:15 |
makara | mardraum, corporate firewall was blocking my nmap scan to that port | 14:15 |
makara | is there a script I can run to check which ports my firewall is blocking? | 14:17 |
Novato__ | Hi people | 14:35 |
Novato__ | i have big problem in my server ubuntu 12.04 : Not found Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 14:35 |
Novato__ | I canot enter to asterisk and zoneminder because always i have this error Not found Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 14:36 |
Rory | Novato__: Where are you seeing that error? | 14:36 |
Rory | Novato__: Are there any errors in the apache error logs? | 14:36 |
Novato__ | in my server ubuntu example: I want enter to zoneminder: http: ip/zm = Not found Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 14:36 |
Novato__ | Http:ip:8088 (asterisk) = Not found Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 14:37 |
Novato__ | Rory: is apache | 14:37 |
Novato__ | ohh! so can repair this | 14:37 |
Novato__ | I´m new in this | 14:37 |
Novato__ | but I want to learn | 14:37 |
Rory | Novato__: That is probably a 404 error (page not found) | 14:37 |
Novato__ | i want ubuntu because is the best | 14:37 |
Novato__ | Rory: helpm me please! | 14:38 |
Rory | Novato__: You say you're going to http://ip/zm - did you already configure zoneminder under a directory called "zm" ? | 14:38 |
Rory | Novato__: Can you please paste your apache error log files (found in /var/log/apache2) | 14:38 |
Rory | !paste | 14:38 |
ubottu | For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 14:38 |
Novato__ | yes! i´m installed zoneminder | 14:38 |
Novato__ | Rory: http://paste.ubuntu.com/6448414/ | 14:39 |
Rory | Novato__: Can you please paste your apache error log files (found in /var/log/apache2) | 14:39 |
Rory | Novato__: That what you showed me was an error from some web browser | 14:39 |
Novato__ | ok! i´m in my server | 14:39 |
Rory | Novato__: I need you to run "sudo apt-get install pastebinit" | 14:40 |
Novato__ | in my server==?? | 14:40 |
Novato__ | why=? | 14:40 |
Rory | well i want you to pastebin your apache error logs | 14:40 |
Rory | I don't care how you do it lol | 14:40 |
Rory | That's just the easiest way | 14:40 |
Novato__ | Rory: ok | 14:42 |
Rory | Novato__: so a quick way to do that is this command | 14:43 |
Rory | sudo sh -c 'cat /var/log/apache2/*error*' | pastebinit | 14:43 |
Novato__ | Rory: so first sh -c | 14:43 |
Novato__ | wait please | 14:43 |
Rory | No, this whole command, copy and paste it | 14:43 |
Rory | that entire line: | 14:44 |
Rory | sudo sh -c 'cat /var/log/apache2/*error*' | pastebinit | 14:44 |
Novato__ | my server not respond | 14:44 |
patdk-wk | if I get asked to witelist 10.10.x.x one more time! | 14:44 |
Novato__ | Rory: http://imagebin.org/278036 | 14:45 |
Rory | Novato__: i need the paste.ubuntu.com url that is produced by running the command above | 14:46 |
Novato__ | Rory: http://paste.ubuntu.com/6448414/ | 14:47 |
Novato__ | this is error | 14:47 |
Rory | Novato__: I can't help you any more without that information | 14:47 |
Novato__ | Rory: but this is error: | 14:48 |
Novato__ | Opera's connection attempt to 192.168.5.188 was rejected. The website may be down, or your network may not be properly configured. | 14:48 |
Rory | Novato__: Please can you install the "pastebinit" program (sudo apt-get install pastebinit) and then show me your Apache error logs with the command: sudo sh -c 'cat /var/log/apache2/*error*' | pastebinit | 14:48 |
Novato__ | The requested URL /zm was not found on this server. Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 14:48 |
Rory | OK I'm done here :) | 14:48 |
Novato__ | Rory: i´m used wuindouxxxx | 14:48 |
Novato__ | in my laptop | 14:49 |
Novato__ | my server is ubuntu 12.04 | 14:49 |
Novato__ | Rory: http://paste.ubuntu.com/6448414/ | 14:49 |
Novato__ | Rory: http://paste.ubuntu.com/6448475/ | 14:50 |
Novato__ | i canot enter to y softwares in my server ubuntu 12.04 | 14:50 |
makara | why does htop show multiple PIDs for mysql for example | 14:51 |
Rory | makara: because it spawns multiple child processes | 14:51 |
ogra_ | makara, it shows one line for each thread by default | 14:51 |
Rory | ogra_: Is that the case? | 14:51 |
=== Jikan is now known as Jikai | ||
Rory | ogra_: I thought they were actual real UNIX processes? | 14:51 |
ogra_ | makara, go into the htop settings and disable userlan threads in the display options | 14:51 |
Novato__ | Rory: so=?? | 14:52 |
Novato__ | help me o no=? | 14:52 |
makara | ogra_, how to edit htop settings? | 14:52 |
Rory | Novato__: Please can you install the "pastebinit" program (sudo apt-get install pastebinit) and then show me your Apache error logs with the command: sudo sh -c 'cat /var/log/apache2/*error*' | pastebinit | 14:52 |
Rory | Novato__: Do the above on your server | 14:52 |
makara | ok | 14:53 |
ogra_ | makara, see at the bottom ... "setup" | 14:53 |
Novato__ | Rory: http://paste.ubuntu.com/6448508/ | 14:55 |
Novato__ | Rory: check the web =? | 14:56 |
Rory | ok Novato__ so I can see when you browse to "http://yoursite/zm" then Apache is looking in the folder /var/www/zm but that doesn't exist. | 14:56 |
makara | ogra_, should 8 Apache2 workers still be showing, cos I see them | 14:56 |
Rory | Novato__: how did you install zoneminder, were you following a guide? | 14:57 |
Novato__ | Rory: i´m used guide for the other server is ok | 14:57 |
ogra_ | makara, well, it will only switch off threads, if there are separately started processes they will indeed show | 14:57 |
Novato__ | is teh same guide | 14:57 |
Rory | Novato__: Could you link me the guide so I can see? | 14:57 |
Novato__ | Rory: http://www.zoneminder.com/wiki/index.php/Ubuntu_Server_12.04_64-bit_with_Zoneminder_1.25.0_the_easy_way | 14:58 |
Rory | Novato__: Did you follow every step? Could you please run the command "pastebinit /etc/apache2/conf.d/zoneminder.conf" | 14:59 |
Novato__ | the diferent in the guide in the step of IP | 14:59 |
Rory | It looks like you probably missed at least one step. ignore IP | 14:59 |
Novato__ | because my ip is dhcp not is IP | 14:59 |
Rory | yes that isn't the problem here | 14:59 |
Rory | The problem is that apache has no idea where zoneminder is. Can you run that command above so I can see the apache config file for zoneminder? | 15:00 |
Novato__ | Rory: tell me the command for repair the apache | 15:02 |
=== Jikai is now known as Jikan | ||
Novato__ | o check the apache | 15:02 |
Rory | "pastebinit /etc/apache2/conf.d/zoneminder.conf" | 15:02 |
Novato__ | Rory: I dont have nothing | 15:03 |
Novato__ | all is black jejeje | 15:04 |
Rory | Novato__: OK then you have missed a step from the tutorial | 15:04 |
Novato__ | Rory: v | 15:04 |
Novato__ | any words or numbers | 15:04 |
Rory | Novato__: It looks like you ran the command: ln -s /etc/zm/apache.conf /etc/apache2/conf.d/zoneminder.conf | 15:04 |
Rory | Novato__: But you need to run that with sudo, like this: sudo ln -s /etc/zm/apache.conf /etc/apache2/conf.d/zoneminder.conf | 15:04 |
Rory | and then "sudo service apache2 reload" | 15:04 |
Novato__ | Rory: http://paste.ubuntu.com/6448553/ | 15:05 |
Novato__ | this is ok! | 15:05 |
Rory | Novato__: Ok so now does it work? | 15:06 |
Novato__ | wwwwwwwwwwwwwwwwwwwwwwwuuuuuuuuuuuuuuuuuuuuuuuuuuuueeeeeeeeeeeeeeeeeeeeeeeeeeee | 15:06 |
Novato__ | yupi congratulations | 15:06 |
Rory | !yay | 15:06 |
ubottu | Glad you made it! :-) | 15:06 |
Novato__ | Rory: thnaks boy | 15:06 |
Novato__ | thanks | 15:06 |
Novato__ | wue wue | 15:06 |
Novato__ | ;) | 15:06 |
Novato__ | gracias! | 15:06 |
Novato__ | danke! | 15:06 |
Rory | No problem | 15:07 |
Novato__ | Rory: so the asterisk is same | 15:07 |
xpistos | hey all. is there some way I can lighten the load on my home server. when I ssh in it says the load is higher than 2.0? | 15:07 |
Rory | Novato__: What is that? | 15:08 |
Rory | Novato__: again, you need to make sure there is a configuration file for it | 15:08 |
Novato__ | ok! the asterisk I can install all ok but | 15:08 |
Novato__ | error 404 dont found | 15:09 |
Rory | xpistos: if you run the "top" or "htop" commands do you see any processes using a high CPU% ? | 15:09 |
Novato__ | the same error of zm | 15:09 |
Rory | Novato__: Are you following a guide to install it? | 15:09 |
Novato__ | yes | 15:09 |
Novato__ | wait please | 15:09 |
Novato__ | Rory: http://www.joseschenone.com.ar/2012/11/instalacion-de-asterisk-en-10-sobre.html | 15:09 |
Novato__ | Rory: if do you have other web site best that this ! | 15:10 |
xpistos | Rory: init | 15:10 |
Novato__ | o best guide! | 15:10 |
Rory | Novato__: Asterisk has its own web server it doesn't use apache. You need to go to http://yoursite:8080 not http://yoursite/8080 | 15:11 |
Novato__ | yes! mi http:ip/8088 | 15:11 |
Novato__ | Rory: The requested URL /8080 was not found on this server. | 15:11 |
Novato__ | Rory: Apache/2.2.22 (Ubuntu) Server at 192.168.5.188 Port 80 | 15:11 |
Rory | You need to go to http://yoursite:8080 not http://yoursite/8080 | 15:11 |
Rory | That is a : not a / | 15:12 |
Novato__ | Rory: This webpage is not available | 15:12 |
Novato__ | Rory: The connection to 192.168.5.188 was interrupted. | 15:12 |
Novato__ | same | 15:12 |
xpistos | Rory: Also Landscape jumps ump and down as well | 15:12 |
Rory | Novato__: "sudo service asterisk restart" | 15:12 |
Novato__ | : o with / | 15:13 |
Novato__ | same error | 15:13 |
Rory | Novato__: What is the output of "sudo service asterisk restart" ? | 15:13 |
Novato__ | Rory: http://paste.ubuntu.com/6448592/ | 15:14 |
Rory | Sorry Novato__ it is http://ip:8088 | 15:15 |
Rory | Novato__: From the guide: Para acceder al panel de administración web, ingresamos a http://ip_del_servidor:8088 | 15:15 |
Rory | Novato__: You can see what port it is using by editing the file /etc/asterisk/http.conf | 15:16 |
Novato__ | Rory: hablas español=? | 15:22 |
Rory | No | 15:22 |
Rory | !es | 15:22 |
ubottu | En la mayoría de los canales de Ubuntu, se habla sólo en inglés. Si busca ayuda en español entre al canal #ubuntu-es; escriba "/join #ubuntu-es" (sin comillas) y presione intro. | 15:22 |
Novato__ | ubottu: no hablo contigo | 15:22 |
ubottu | Novato__: I am only a bot, please don't think I'm intelligent :) | 15:22 |
Novato__ | ubottu: family of kubot ahhhhhhhhhhhhhhh | 15:23 |
ubottu | Novato__: I am only a bot, please don't think I'm intelligent :) | 15:23 |
Novato__ | Rory: nothing | 15:23 |
Novato__ | Rory: i´m reinstal astrisk ok | 15:23 |
Novato__ | asterisk | 15:23 |
Rory | Novato__: "pastebinit /etc/asterisk/http.conf" | 15:23 |
Novato__ | ok | 15:24 |
Novato__ | Rory: http://paste.ubuntu.com/6448640/ | 15:25 |
Rory | Novato__: i suppose you could try reinstalling asterix | 15:26 |
Novato__ | Rory: check the web of pastebin | 15:27 |
Rory | yes Novato__ I saw that | 15:27 |
Rory | Novato__: Can you double-check you are typing it properly, go to http://ip:8088 | 15:28 |
Novato__ | Rory: so reinstall asterisk | 15:28 |
Novato__ | how eraser the asterisk | 15:28 |
Novato__ | because canot reinstall | 15:28 |
hispeed67 | anybody know if there has been any success with wnda3100 v2 usb wireless working? | 15:29 |
Novato__ | Rory: if install asterisk = asterisk is already the newest version. | 15:29 |
Rory | Novato__: sudo apt-get install --reinstall asterisk | 15:29 |
Novato__ | Rory: you are genous | 15:30 |
Novato__ | genious | 15:30 |
Novato__ | jejeje | 15:30 |
Novato__ | ;) | 15:30 |
Rory | genius* | 15:30 |
Rory | And yes, yes I am | 15:30 |
Novato__ | Rory: in 15 minutes i´m send the message | 15:30 |
Novato__ | sotrry for my english | 15:30 |
Rory | it's OK | 15:30 |
Rory | try #ubuntu-es also | 15:31 |
gyre007 | is it me or is LUKS simply BROKEN ?? https://gist.github.com/milosgajdos83/7565570 | 15:57 |
gyre007 | why is it giving me some NONEXISTENT UUID ? | 15:57 |
gyre007 | arrghh | 15:57 |
xnox | gyre007: because symlinks are not updated by udev, when you reformat with cryptsetup? | 15:58 |
xnox | gyre007: and a new uuid is generated when you format it. | 15:58 |
xnox | gyre007: reboot and check again. | 15:58 |
gyre007 | is there any way to reload udev then ? | 16:00 |
gyre007 | without rebooting ? | 16:00 |
gyre007 | this is confusing the hell out of me | 16:00 |
gyre007 | also is that the UUID I should be using in fstab to mount the encrypted device automatically ? | 16:01 |
Novato__ | Rory: fail! the asterisk | 16:07 |
Novato__ | dont up! | 16:07 |
Novato__ | s down :( | 16:08 |
Novato__ | kell me ! bum | 16:08 |
Novato__ | Rory: where arledy=? | 16:10 |
gyre007 | xnox: I found out that the mapper device after reboot totally disappears w00000t ?! | 16:21 |
ancaster | Hey all. I've got a server in our lab backing up to external USB drives and NFS shares (rsnapshot). | 16:21 |
gyre007 | mapper device created by cryptsetup | 16:21 |
ancaster | Is there anyway to ensure the drives/shares are mounted before backup begins so that if not the drive they are mounted on doesn't fill up? | 16:21 |
ancaster | Flaky set up, I know. | 16:21 |
zerick | ancaster, maybe this could help http://stackoverflow.com/questions/17612004/linux-shell-script-how-to-detect-nfs-mount-point-or-the-server-is-dead | 16:33 |
ancaster | zerick: thanks. I just also found the 'mountpoint' utility. returns true if a path is a mount point. | 16:36 |
tonyyarusso | You could also start by reading /etc/mtab or the 'mount' output | 16:37 |
ancaster | zerick: I also considered placing the mount points in a tmpfs filesystem so that, worst case, the tmpfs filesystem fills up. | 16:37 |
ancaster | tonyyarusso: ... and just grepping it. yeah, okay that works too. | 16:43 |
novato | hi! | 16:57 |
novato | next of install ubuntu server what can doit in this server for segurity | 16:57 |
novato | fortinet o firewall=? | 16:57 |
novato | what=' | 16:57 |
novato | recommendations please | 16:58 |
gyre007 | anyone has seen that dm-crypt device would disappear after reboot ? | 16:59 |
novato | =? | 16:59 |
gyre007 | thats basically the reason why my luks encryption isnt working | 16:59 |
gyre007 | for some reason dev mapper device just disappears after reboot | 16:59 |
gyre007 | w000t | 16:59 |
smoser | hallyn_, do you have thoughts on this: | 17:00 |
smoser | http://askubuntu.com/questions/376345/allow-loop-mounting-files-inside-lxc-containers | 17:00 |
hallyn_ | smoser: can you get dmesg output by chance? | 17:02 |
smoser | I probably *can* :) | 17:02 |
hallyn_ | smoser: the two first possibilities would be (a) apparmor and (b) the loop file is one with partitions. | 17:03 |
smoser | hallyn_, 'b' is not true | 17:05 |
smoser | i'll see if i can't reproduce | 17:05 |
hallyn_ | smoser: so something has done an losetup i assume? | 17:06 |
smoser | well, 'mount -o loop,ro' does | 17:07 |
smoser | but, yeah. | 17:07 |
hallyn_ | well at the end there is | 17:07 |
hallyn_ | root@maaslxc2:~# mount /dev/loop0 /mnt | 17:07 |
hallyn_ | mount: block device /dev/loop0 is write-protected, mounting read-only | 17:07 |
smoser | that was as a simple example | 17:08 |
hallyn_ | man the messed-up syslog is really being a pain | 17:17 |
hallyn_ | smoser: it's simply apparmor. add a rule to allow mounting anything to /mnt to a custom profile, and it works. | 17:20 |
smoser | hallyn_, example ? | 17:23 |
hallyn_ | smoser: well simplest is to just set lxc.aa_profile = unconfined, | 17:23 |
hallyn_ | but you can also just add | 17:23 |
hallyn_ | 'mount,' to /etc/apparmor.d/lxc/lxc-default-with-nesting | 17:24 |
hallyn_ | or 'mount -> /mnt/**, mount -> /mnt/'. | 17:24 |
smoser | hallyn_, the /mnt confuses me. | 17:25 |
smoser | thats interpreted in the containerized namespace ? | 17:25 |
hallyn_ | yes | 17:27 |
smoser | how is that even useful ? | 17:28 |
hallyn_ | don't you want to be able to mount /dev/loop0 to /mnt in the container? | 17:28 |
smoser | well, i dont really care where it is mounted to. most likely i want to mount it into a tmpdir | 17:28 |
hallyn_ | then you'll have to allow mounting to '/tmp/**'. | 17:28 |
smoser | it just seems odd to me that apparmor would interpret the targets from the containerized namespace | 17:29 |
hallyn_ | it has pivot_root. it's the pathname, period. | 17:30 |
hallyn_ | *pivot_root()ed | 17:30 |
hallyn_ | that means / in the container does not have a parent dir | 17:31 |
hallyn_ | (if it did, then the classic chroot escape would work, barring LSM) | 17:32 |
gyre007 | guys anyone knows why would luks dm-crypt device disappear after the reboot ? | 17:32 |
hallyn_ | (and /proc/self/maps and related output would show the whole pathanme) | 17:32 |
gyre007 | I just dont get it | 17:32 |
hallyn_ | do you need to load a module that isn't being autoloaded? | 17:32 |
smoser | hallyn_, "mount fstype=fuse.*," | 17:33 |
smoser | isn't that generally a lot more dangerous than loopback mount ? | 17:33 |
smoser | and its enabled (apparently) by default | 17:34 |
hallyn_ | smoser: any unprivileged user on host can use fuse, therefore it is not an escalation. | 17:34 |
hallyn_ | smoser: the difference is, loopback mounts let you exercise the in-kernel superblock parser for all built-in filesystems | 17:34 |
hallyn_ | fuse sb parsers are in userspace | 17:34 |
smoser | really? | 17:35 |
smoser | fuse is allowed by default? | 17:35 |
hallyn_ | that's what i'm told. stgraber ^ ? | 17:35 |
hallyn_ | smoser: plus, what we absolutely positively want to avoid is /proc and /sys being remounted elsewhere (and debugfs, securityfs, etc). | 17:36 |
hallyn_ | until we can specify per-fstype apparmor rules | 17:36 |
hallyn_ | probably "mount fstype=ext*," would be safe to allow in containers, imo | 17:37 |
smoser | well, that is possibly/likely explolitable into kernel crash | 17:38 |
smoser | at least as i'm told such things are possible (if you can mount a bad filesystem, that checks are limited) | 17:38 |
hallyn_ | smoser: yes, but i like to think that ext2/3/4 are safer than others. maybe i'm delusional. | 17:40 |
hallyn_ | somebody does need to vet those at some point! :) | 17:40 |
stgraber | smoser: fuse sure is enabled by default, that's how all of the gvfs mounts on the desktop works and how sshfs and others work too | 17:40 |
jdstrand | hallyn_: apparmor.d tells me that fstype is supported in mount rules (I've not done it personally) | 17:47 |
jdstrand | hallyn_: man apparmor.d that it | 17:47 |
jdstrand | is* | 17:47 |
stgraber | jdstrand: yeah, that's already how we allow fuse mounts (fstype=fuse.*) | 17:48 |
hallyn_ | jdstrand: yeah i wasn't saying apparmor doesn't allow it - *we* don't yet allow it :) | 17:54 |
hallyn_ | (fstype = ext*, that is) | 17:54 |
sarnold | man, is fuse better than ext in that respect? | 17:55 |
sarnold | I've always worked under the assumption that fuse could wedge a machine solid, anyway. is that an incorrect assumption? | 17:55 |
smoser | sarnold, i kind of had that same feeling. | 17:55 |
hallyn_ | i hope it's an obsolete assumption | 17:55 |
=== cmagina is now known as cmagina-lunch | ||
sarnold | obviously something that needs some investigating | 17:56 |
hallyn_ | agreed. i've not looked into it in years | 17:56 |
smoser | hallyn_, so what is the difference between | 17:57 |
smoser | /etc/apparmor.d/abstractions/lxc/container-base | 17:57 |
smoser | and | 17:57 |
smoser | /etc/apparmor.d/abstractions/lxc/start-container | 17:57 |
smoser | i understand (i think) the reason for such things | 17:57 |
smoser | but both are included from /etc/apparmor.d/lxc/lxc-default-with-nesting | 17:57 |
stgraber | start-container is the profile used for lxc-start, container-base is the profile used for the actual container | 17:58 |
sbeattie | smoser: can I ask what the need for loopback mounting is; is it a use case that wouldn't be satisfied by bsdtar? | 17:58 |
stgraber | with-nesting needs both as the container will also call lxc-start | 17:58 |
smoser | stgraber, so how is one profile chosen? | 17:58 |
hallyn_ | lxc-default is the default, if you want to run nested containers then you must change it to lxc-default-with-nesting | 17:59 |
smoser | sbeattie, you're suggesting that bsdtar can read an ext4 filesystem in a file ? | 17:59 |
hallyn_ | which is, obviously, much less sfae | 17:59 |
smoser | hallyn_, how do you change it ? | 18:00 |
stgraber | lxc.aa_profile in the config | 18:00 |
sbeattie | smoser: it can read iso9660, I can't remember if it can read ext4 (probably not) | 18:00 |
smoser | i didn't realize it could read iso9660, thats pretty neat. i'm not aware of any general user-space extX filesystem implementation. | 18:01 |
* hallyn_ chuckles, something about using qemu :) | 18:01 | |
hallyn_ | but obviously you really want to ship zfs, and use zfs-fuse in the container | 18:02 |
sarnold | blech please no zfs-fuse. yes it's an amazing accomplishment, no it isn't a replacement for ZoL. hehe. | 18:03 |
hallyn_ | sarnold: ah, but zfs-fuse would be allowed by default in the container, is my point | 18:03 |
smoser | https://github.com/gerard/ext4fuse might be able to accomplish what i need. but fuse. | 18:03 |
sbeattie | smoser: there's also fsarchiver, which claims to handle ext4 and btrfs, but I've forgotten how it well works, and it also advertises itself as not being ready for production use. | 18:03 |
sarnold | hallyn_: ah. still. fuse. | 18:04 |
hallyn_ | :) | 18:04 |
sarnold | :) | 18:04 |
sbeattie | oh hrm, not thinking very well, fsarchiver might not handle non-block devices | 18:05 |
* sbeattie really wants good solutions for pulling files from filesystems stored as images that don't require root privileges. | 18:06 | |
sarnold | hear hear | 18:06 |
smoser | ⟫ ls /var/lib/lxc/ | 18:06 |
smoser | ls: cannot open directory /var/lib/lxc/: Permission denied | 18:06 |
smoser | is that expected ? | 18:06 |
smoser | sbeattie, libguestfs really is a good solution | 18:06 |
smoser | its just heavy | 18:06 |
jamespage | jdstrand, are you able to attend the juju -> main session right now? | 18:07 |
smoser | it uses really well tested filesystem drivers (inside the linux kernel!) | 18:07 |
smoser | hallyn_, ^. | 18:07 |
jdstrand | jamespage: no-- mdeslaur is there | 18:07 |
sarnold | jamespage: mdeslaur and I are attending | 18:07 |
jdstrand | jamespage: and sarnold | 18:07 |
smoser | is it expected that /var/lib/lxc is non-readable by non-root ? | 18:07 |
jdstrand | sarnold: hah :) | 18:07 |
jdstrand | smoser: yes, that is a recent change | 18:08 |
hallyn_ | smoser: yes. | 18:09 |
hallyn_ | smoser: you can change it once and lxc won't re-set it for you, but alas it sort of has to be that way | 18:09 |
hallyn_ | the curse of setuid bit. if only we could do away with it | 18:09 |
smoser | hm... /me just finds it easiest to 'chmod 4755 /bin/bash' | 18:11 |
sarnold | lol | 18:12 |
hallyn_ | when i want information, i just get the username/password from any nsa employee willing to hand them over (which is most of them) and use their account to look at full history of, well, every bit xferred on the net. | 18:13 |
* hallyn_ grumbles something about millions spent on security evaluations by nsa, only to have their employees hand over pwds... | 18:13 | |
hallyn_ | (in other words, why NOT just chmod 4755 /bin/bash) | 18:14 |
sarnold | because bash defeats that. bash is no fun. | 18:15 |
hallyn_ | lol | 18:17 |
smoser | it does ? | 18:17 |
hallyn_ | yeah | 18:17 |
hallyn_ | which really has messed me up in the past when i tried testing file capabilities wrt scripts. | 18:17 |
jrwren | smoser: i missed the cloud-images session :( I wanted to share my list of packages which I find superfluous. aptitude, os-prober, ppp, rsync, tcpd, usbutils, wirelesstools, wpasupplicant | 18:20 |
sarnold | rsync? really? | 18:21 |
smoser | jrwren, thanks for the input. those are definitely useful input. | 18:21 |
smoser | aptitude was on my list. | 18:21 |
jrwren | one can always apt-get it. it certainly isn't needed for many cloud systems. | 18:21 |
smoser | apparently lots of people use it though. | 18:21 |
jrwren | i just wanted to share. some were strange to me, if not removed maybe some docs around why they are there. especially the wireless and wpa | 18:22 |
smoser | jrwren, the primary issue with just removing stuff is that cloud-image is superset of server. server is superset of standard ... | 18:22 |
smoser | thats where a bunch of them come in. | 18:22 |
smoser | we can do some things though. | 18:22 |
smoser | thanks for your input. | 18:23 |
smoser | (many things end up getting pulled in from 'recommends by default') | 18:23 |
jrwren | i see. i didn't know it was superset of server | 18:23 |
smoser | it always has been. there isn't a *huge* reason for that. | 18:24 |
jdstrand | jamespage: mdeslaur filled me in on the outcomes. sounds very reasonable. thanks! :) | 18:46 |
jamespage | jdstrand, np | 18:46 |
vlad_sta_ | Question: Having Ubuntu 12.04.3 LTS. MD RAID 1. After reboot got this in syslog: "md1: detected capacity change from 0 to 999069384704" and "md1: unknown partition table". It waited awhile and then booted successfully. Is it a bug or anything I should worry about? Thnx. | 19:14 |
=== Jikan is now known as Jikai | ||
=== cmagina-lunch is now known as cmagina | ||
=== Jikai is now known as Jikan | ||
Rory | vlad_sta_: If it boots sucesfully from your RAID array, then it is obviously working. They're usually warnings, not errors | 19:37 |
Rory | vlad_sta_: If you really had an invalid partition table there wouldn't even *be* a syslog to read :) | 19:37 |
vlad_sta_ | Rory: OK:) | 19:37 |
jamespage | mdeslaur, reflecting on the fact that 5.5 is support until 2018 makes me reticent to jump to 5.6 for 14.04 | 20:02 |
mdeslaur | jamespage: yeah, I agree | 20:03 |
mdeslaur | jamespage: although...that would still leave us with a year without support possibly | 20:03 |
mdeslaur | 14.04 -> 19.04 | 20:03 |
mdeslaur | problem is we have no idea what the security fixes are, so there's no way for us to backport them even if we wanted to during that year | 20:04 |
=== Ursinha is now known as Ursinha-afk | ||
henkjan | jamespage: what are the arguments against 5.6? | 20:10 |
lifeless | 5.6 of? mysql? | 20:13 |
Novato | hi people | 20:17 |
Novato | how I can reinstall asterisk | 20:17 |
=== Ursinha-afk is now known as Ursinha | ||
Novato | because when I write to terminal: sudo apt-get install asterisk = asterisk is already the newest version. | 20:18 |
Novato | Rory: hi! how are you=?? | 20:19 |
Novato | Rory: remember the command of reinstall asterisk | 20:19 |
Novato | =? | 20:19 |
Novato | help me with asterisk in ubuntu please | 20:21 |
Novato | I need reinstall this software | 20:21 |
=== Jikan is now known as Jikai | ||
leecallen35 | Greetings fellow ubuntunians... | 20:30 |
leecallen35 | I am configuring some ubuntu servers for headless operation, for use in places where they cannot easily be accessed. | 20:30 |
leecallen35 | What strategies can I use to minimize the chance of a corrupted filesystem throwing the system into maintenance mode? | 20:30 |
leecallen35 | (besides booting from read-only media, which seems to be too onerous to set up) | 20:31 |
=== Jikai is now known as Jikan | ||
leecallen35 | Okay I will start... | 20:44 |
leecallen35 | What I can think of: separate partitions for / /boot /usr /home and data... | 20:45 |
leecallen35 | use mirroring, and a fs like ext4 with journalling | 20:45 |
leecallen35 | and zfs for my big data filesystem (which will be a media server) | 20:46 |
leecallen35 | (oops left out /var -- definitely a separate partition for /var) | 20:49 |
Arrick | !lamp | 20:59 |
ubottu | LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process. | 20:59 |
tonyyarusso | So...does anyone understand the merits "UsePAM yes" vs "UsePAM no" in sshd_config? It looks like "yes" is the default, but I'm having some things that don't work unless it's set to "no", and I don't understand PAM well enough to understand why. | 21:05 |
Arrick | ok... whats the LAMP-server package called today? trying to install it on 12.04 lts | 21:07 |
tonyyarusso | Arrick: By today, do you mean in 13.10? | 21:07 |
tonyyarusso | oh, no | 21:08 |
tonyyarusso | Reading fail | 21:08 |
Arrick | no, 12.04 lts | 21:08 |
Arrick | lol | 21:08 |
Arrick | I tried lamp-server and nada. | 21:08 |
Arrick | first two lines of https://help.ubuntu.com/community/ApacheMySQLPHP work... it shows the root of the server though. | 21:08 |
tonyyarusso | Arrick: lamp-server^ - the ^ apparently marks it as a "task". | 21:09 |
Arrick | ahh... Ok, I used the tasksel install lamp-server and it installs... but when I drop an info.php file into the root, it doesnt display when I point at it directly | 21:10 |
tonyyarusso | What does it do instead? | 21:11 |
Arrick | page cannot be displayed | 21:11 |
Arrick | 404 error | 21:11 |
tonyyarusso | huh | 21:11 |
tonyyarusso | I would think both ways should work the same... | 21:12 |
Arrick | lol | 21:16 |
Arrick | I forgot to change the default directory of the default site. | 21:16 |
tonyyarusso | ha | 21:16 |
tonyyarusso | That'll do it | 21:16 |
=== Mapley|group is now known as Mapley | ||
=== Mapley is now known as Guest20302 | ||
=== Guest20302 is now known as Mapley | ||
Arrick | hey tonyyarusso what command do I run to tell me the current permissions of a directory? | 21:34 |
tonyyarusso | Arrick: ls -ld /path/to/directory | 21:35 |
tonyyarusso | Drop the d if you want the permissions of the stuff IN the directory rather than the dir itself, or replace it with a if you want to see both at once | 21:36 |
Arrick | so... refresh my memory, what does this mean? drwxrwxrwx 47 root root 4096 Nov 20 15:57 | 21:38 |
Arrick | root user, root group I understand... | 21:38 |
Pici | Which part is confusing? | 21:38 |
patdk-lap | 47 | 21:38 |
Arrick | is that 755, or 777? | 21:38 |
Arrick | and what is 47 | 21:39 |
Arrick | correct | 21:39 |
Pici | Thats 777, rwx for u g and o | 21:39 |
Arrick | ok | 21:39 |
Arrick | whats the 47? | 21:39 |
patdk-lap | inode? | 21:39 |
Pici | 47 is the number of links to the path. | 21:40 |
Pici | er, inode | 21:40 |
patdk-lap | links to the path, that is funny :) | 21:40 |
Arrick | ok | 21:40 |
TheLordOfTime | i see an "Out of memory: Kill process #### (processname) score 549 or sacrifice child" error, what does the score mean there, and how is that the deciding factor for the OOM kill? | 22:09 |
TheLordOfTime | (that message was in dmesg) | 22:09 |
Patrickdk | better than it used to be | 22:13 |
Patrickdk | OOM kill used to just pick one at random, or the one using most memory | 22:13 |
Patrickdk | bad idea to kill mysql, cause it uses a lot of memory, on a mysql dedicated machine | 22:13 |
sarnold | TheLordOfTime: http://lxr.linux.no/#linux+v3.12.1/Documentation/filesystems/proc.txt#L1366 | 22:39 |
Rory | TheLordOfTime: or... or *sacrifice child* | 23:07 |
Rory | I'd just like to point out that interesting recommendation by oom-killer there | 23:08 |
joeyy | were is the 32bit server img at for usbstick install | 23:35 |
sarnold | joeyy: try this? http://www.ubuntu.com/download/server/thank-you?distro=server&bits=32&release=lts | 23:37 |
joeyy | was loooking for img for usb stick or can i just dd that img | 23:38 |
=== freeflying is now known as freeflying_away | ||
xnox | joeyy: all our .isos can be dd to usb-stick. | 23:41 |
xnox | joeyy: and they will work in both BIOS and UEFI and SecureBoot modes. | 23:41 |
xnox | (well you need 64-bit one for UEFI & SecureBoot) | 23:41 |
joeyy | ah ok | 23:41 |
joeyy | what would u recmmend 32 bit or 64 bit on atom d510 1.66ghz with 2 gig ram | 23:42 |
xnox | joeyy: well that processor is 64-bit and 64-bit images are our default. But since it's only 2 gig of ram, you will have lower memory usage if you go with 32-bit image. | 23:45 |
sarnold | .. but then you've got more restricted registers in the compiled code. I'd probably go for 64 bit just to keep parity with other 64 bit devices I've got, but wouldn't really care one way or another | 23:46 |
xnox | yes, I value keeping environment homogenious. all my machines are 64-bit regardless of RAM size, it means that i can self-compile / recompile software once and deploy to all machines. | 23:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!