[01:11] <thurstylark> is there a specific place that it is prefered i go to ask about minecraft server questions, or can I ask here?
=== gfrog_meeting is now known as gfrog
[08:38] <shodan45> does /boot have some magical (apparmor? selinux?) size limit? I don't have a separate partition, just a single big one, yet I'm getting out of space errors when trying to update kernels.
[08:38] <shodan45> and if so how do I get rid of the #^%@!*& thing? >_>
[08:38] <cfhowlett> shodan45, spring cleaning time: empty out the old kernels
[08:40] <shodan45> cfhowlett: apt won't let me, no matter what I do, I get out of space errors from apt
[08:41] <shodan45> I have 1.3GB free space; I have no idea why it thinks it's out of space.
[08:42] <shodan45> which goes back to my original question: does /boot have some "invisible" space limit?
[08:42] <cfhowlett> shodan45, dannnngggg!  I feel for you.  IIRC, boot is where the kernels get store.  linux doesn't autodelete upgraded kernels for obvious reasons and the "running out of space" alert doesn't seem to be designed in so ... one day you log in and no go.
[08:42] <cfhowlett> shodan45, ask in channel or over on #ubuntu - I've only hit this error myself one time.  deleting old kernels doesn't require apt
[08:43] <shodan45> cfhowlett: this is particular to ubuntu (debian?)... never seen this in RHEL >_>
[08:44] <cfhowlett> shodan45, I don't have enough background to answer that
[08:44] <cfhowlett> https://help.ubuntu.com/community/Kernel
[08:44] <maxb> There is no invisible space limit on /boot unless it's a separate partition
[08:45] <maxb> perhaps you should pastebin the output of 'df -h' so we can be sure about your filesystem layout
[08:47] <shodan45> maxb: sure. http://paste.ubuntu.com/6565613/
[08:48] <maxb> Hmm... I don't suppose you're in a VM with a sparsely allocated disk image, and the host has run out of space and can't expand it?
[08:48] <maxb> (Noting that your root is a virtio device)
[08:49] <shodan45> I asked about some "invisible" space limit because /boot is almost at 128MB: http://paste.ubuntu.com/6565618/
[08:50] <cfhowlett> shodan45, mine is at 94 ...
[08:50] <cfhowlett> shodan45, and didn't I read that /boot is auto set to 100 MB?
[08:50] <shodan45> maxb: it's a KVM VM, and the disk image is located in the same place as that ~3TB /storage NFS mount
[08:51] <shodan45> cfhowlett: I use custom partitioning
[08:51] <maxb> I think it's definitely worth double-checking that there's free space where the disk image is located before puzzling on it further
=== Ursinha-afk is now known as Ursinha
[08:53] <shodan45> here's apt complaining about no space left: http://paste.ubuntu.com/6565631/
[08:54] <shodan45> not seeing anything in dmesg either
[08:55] <maxb> The pathname in the error shows that it's not /boot that's the problem
[08:55] <maxb> Oh, also, you could be out of inodes
[08:55] <shodan45> maxb: ahhh didn't think of that
[08:56] <shodan45> although, not sure how or why that could happen, this VM doesn't do much
[08:56] <maxb> shodan45: 'df -i'
[08:56] <shodan45> maxb: bingo :) 99% used
[08:57] <shodan45> maxb: thanks!
[08:57] <maxb> You're welcome :-)
[09:02]  * shodan45 learned to not take his inodes for granted today
[09:02]  * cfhowlett learned he doesn't know his inodes from his unodes
[09:25] <jamespage> zul, adam_g: https://code.launchpad.net/~james-page/swift/daemon-test-fix/+merge/198892
[09:26] <jamespage> well infact any ubuntu-server-dev or core-dev would do
[09:26] <jamespage> :-)
[09:26] <jamespage> rbasak, ^^
[09:26] <yolanda> jamespage, have you seen feedback about API headers? https://review.openstack.org/#/c/61128/
[09:27] <jamespage> yolanda, makes alot of sense
[09:27] <jamespage> do it in one place, then everything gets it
[09:28] <jamespage> yolanda, its positive it was not a nack
[09:28] <jamespage> but a - just do it somewhere else :-)
[09:28] <yolanda> i can take a look, they aren't objecting about sending extra headers in API calls, yes
[09:28] <jamespage> yolanda, +1
[09:29] <yolanda> i'll take a look today, will be great if we fix it on one place for all the packages
[09:51] <igalic> I have the following cron job: * */3 * * * /usr/local/sbin/backup-gitlab.sh -- which produces the following, disk-filling backups: http://dpaste.com/1502915/ and.. I'm an idiot.
[09:51] <jjohansen> stgraber, hallyn_: right. Its similar to the none stacking case with namespaces
[09:51] <jjohansen>   apparmor_parser -n <nsname> profile
[09:51] <jjohansen> will load a profile to a namespace nsname, and to execute a task within that namespace
[09:51] <jjohansen>   aa-exec -n <nsname> -p <profilename> -- cmd
[09:51] <jjohansen> will run the <cmd> confined by the profile in the namespace. Of course aa-exec is just using the change_profile interface. You can specify the profile and namespace directly
[09:58] <jjohansen>   aa-exec -p :nsname://profilename -- cmd
[09:58] <jjohansen> is the same as the above aa-exec using -n
[09:58] <jjohansen> For stacking, its similiar you will be able to use the aa-stack cmd, or library fn, but can get the same thing via change_profile
[09:58] <jjohansen>   aa-stack -n <nsname> -p <profilename> -- cmd
[09:58] <jjohansen> is equiv to
[09:58] <jjohansen>   aa-stack -p :<nsname>://<profilename> -- cmd
[09:58] <jjohansen> assuming a current profile of <currentprofile> is equiv to
[09:58] <jjohansen>   aa-exec -p <currentprofile>//&:<nsname>://<profilename> --cmd
[09:58] <jjohansen> the stack cmd/interface just lets you not have to deal with what the current profile confinement is.
[10:12] <yolanda> jamespage, one question. I'm trying to collect all peers from rabbitmq, to create the "hosts" settings. But with peer_units() i just have the unit name. Is there any way, given an unit name, to get the private ip? i only see unit_get working with current unit
[10:13] <jamespage> yolanda, relation_get(rid, unit, 'private-address')
[10:13] <jamespage> yolanda, look at the rabbitmq context - I think it already builds a list
[10:13] <jamespage> (I thought about this a bit last cycle)
[10:13] <yolanda> ok, i'll take a look
=== freeflying_away is now known as freeflying
[12:13] <WinstonSmith> hi. i seem to have found a bug related to the kernel and sshd, should i report that in the ubuntu bugtracker or on the kernel bugtracker?
[12:25] <rbasak> WinstonSmith: pick the most appropriate one, provide your best explanation of how they're related, and a triager will figure it out.
[12:26] <WinstonSmith> rbasak: maybe you could help me to pick the most appropriate?
[12:27] <WinstonSmith> as i don't think i am qualified enough to judge that
[12:49] <rbasak> HaltingState: one note for http://paste.ubuntu.com/6562305/: when you sync, you probably want to filter on arch as well. Then you won't download other arches' images, and you won't need an arch filter when you create.
[12:49] <rbasak> Sorry, that was for hallyn_ ^^
=== gary_poster|away is now known as gary_poster
=== psivaa_ is now known as psivaa
[13:43] <zul> jamespage:  when you get a chance: https://code.launchpad.net/~zulcss/trove/trove-cleanups
[13:43] <jamespage> zul, ditto the swift fixup above
[13:43] <zul> jamespage:  rbasak already +1ed it
[13:43] <jamespage> zul, sorry - missed that
[13:44] <jamespage> (was away)
[13:44] <zul> no worries
[13:44] <zul> jamespage:  thats why you have someone semi-conscious watching your back :)
[13:52] <jamespage> zul, good work on re-enabling swift units tests btw
[13:52] <jamespage> nice one
[13:52] <zul> jamespage:  thanks
[13:54] <jamespage> zul, swift needs a bit of polish - we are missing some upstart configurations and the man pages are all in one package
[13:54] <jamespage> zul, I'll add it to the blueprint
[13:55] <zul> jamespage:  ok
[13:56] <zul> jamespage:  so what do we say if our packages are rpms :)
[13:56] <jamespage> zul, ?
[13:56] <zul> jamespage:  power openstack doc
[13:59] <jamespage> zul, btw I have the openstack-on-openstack stuff working now with neutron overlay networking
[13:59] <jamespage> I can float IP's and everything
[14:00] <jamespage> zul, havana introduced some stuff that we needed
[14:00] <jamespage> (namely mac-address learning)
[14:00] <jamespage> so its all good now
[14:00] <zul> jamespage:  sweet
[14:00] <jamespage> zul, the procedure is pretty much as on bare metal
[14:00] <jamespage> but post deployment you add an extra nic to the quantum gateway and set it in its configuration
[14:00] <jamespage> then TADA!
[14:01] <zul> jamespage:  docs?
[14:01] <zul> jamespage:  we could possibly use this for lxc ci testing
[14:03] <jamespage> zul, dude - I only just hacked it together - docs next week!
[14:03] <jamespage> zul, I'm going to write up the juju-deployer configs, (and give those to jcastro as well) and then try to automate some testing that way
[14:04] <jamespage> I was going to try to have a pre-christmas week hack on the CI bits we need
[14:04] <jamespage> archive manager, build nodes, jenkins etc...
[14:04] <zul> jamespage:  coolio!
[14:14] <smoser> rbasak, http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/cloud-tools-next_versions.html
[14:14] <smoser> uvtool failed to build, could you just look at that ? i've done nothing more than look at that chart
[14:17] <smoser> and while i'm bothering you...
[14:17] <smoser> https://code.launchpad.net/~smoser/uvtool/sm-features00/+merge/198838
[14:21] <rbasak> smoser: I know why it failed to build. I'm doing stuff in tests that precise doesn't have. I didn't realise that uploading to trusty would make the backport attempt happen automatically, sorry.
[14:26] <rbasak> smoser: I'm confused by patch_filters.
=== mjohnson15_2 is now known as mjohnson15
[14:27] <rbasak> smoser: line 196 of the diff. Shouldn't that be % f?
[14:28] <rbasak> smoser: and then line 197 will never match if the user said "trusty"
[14:28] <rbasak> smoser: also, what if the user says "release=trusty"?
[14:29] <smoser> rbasak, yes. line 196 is wrong
[14:29] <smoser> if user says release=trusty they dont get this behavior.
[14:29] <smoser> in that case they should explicitly state their mirror.
[14:30] <rbasak> I think that's surprising. I think "trusty" could reasonably be expected to be an exact alias of "release=trusty"
[14:30] <rbasak> Also, what about "... sync release~(saucy|trusty)"?
[14:30] <smoser> thats fine. you can do that if you wnt.
[14:30] <smoser> right.
[14:30] <smoser> thats why you dont.
[14:31] <smoser> dont bother.
[14:31] <rbasak> With Ubuntu-specific knowledge, I know that release in the released stream correlates to release in the daily stream.
[14:32] <zetheroo1> what is the default Chunk size for a RAID1 mirrored array?
[14:32] <smoser> rbasak, yeah. you could just hit them both, and filter out 'daily'  somehow.
[14:32] <rbasak> zetheroo1: easiest to check /proc/mdstat?
[14:32] <smoser> but that requires the same basic flaw.
[14:32] <smoser> interpreting 'label~(alpha1|beta2|release)'
[14:33] <zetheroo1> rbasak: cat /proc/mdstat is not showing me much info
[14:33] <ikonia> zetheroo1: 64k I think
[14:34] <rbasak> zetheroo1: perhaps mdadm -E?
[14:35] <zetheroo1> ikonia: ok
[14:35] <zetheroo1> hmmm ... no Chunk Size info
[14:35] <zetheroo1> http://paste.ubuntu.com/6566983/
[14:36] <rbasak> zetheroo1: oh, RAID 1. In that case, what do you mean by chunk size?
[14:37] <zetheroo1> I am using Webmin to make a RAID1 mirror and it's asking what Chunk Size I want
[14:37] <rbasak> I could be mistaken, but I didn't think that chunk size made any sense on RAID 1.
[14:37] <rbasak> What does it mean, anyway?
[14:37] <rbasak> Also,
[14:37] <zetheroo1> I read that RAID1 doesn't use chunk size ...
[14:37] <rbasak> !webmin | zetheroo1
[14:37] <ubottu> zetheroo1: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
[14:37] <zetheroo1> but it's still asking me
[14:38] <zetheroo1> well we are using Ubuntu 12.04 ... and I think it was compatible with it back then ... no!?
[14:38] <rbasak> I don't think so.
[14:38] <ikonia> zetheroo1: it must use a chunk size as the disk is made up of blocks
[14:39] <ikonia> zetheroo1: it's been dead since before 10.04 (webmin0
[14:39] <ikonia> webmin
[14:39] <zetheroo1> oh shucks
[14:39] <zetheroo1> and there is no replacement or alternative ... ?
[14:39] <rbasak> zetheroo1: look into Zentyal. I'm not sure if it's an exact equivalent, though.
[14:39] <ikonia> they pushed ebox for a while....but I'd look at it before trying to use it
[14:40] <zetheroo1> rbasak: Zentyal is an entire server built on a Ubuntu backdrop - no!?
=== rdw200169_ is now known as rdw200169
[15:02] <zetheroo1> how do you see which groups a user is member of?
[15:04] <jrwren> zetheroo1: the id command is one way, maybe?
[15:04] <zetheroo1> ok
[15:08] <zetheroo1> doesn't look like zentyal is anything like webmin ...
[15:08] <zetheroo1> webmin was all about administrating the server itself ... too bad it's not compatible any longer ...
[15:10] <jrwren> does ssh a shell, coreutils and vim count as 'an alternative'?
[15:11] <zetheroo1> nope ;)
[15:11] <jrwren> every once in a while I wish I had a web interface
[15:11] <zetheroo1> but it looks like I have to stick to ssh term for now :P
[15:11] <jrwren> more for diagnostics than admin
[15:12] <jrwren> but maybe common admin tasks.
[15:12] <zetheroo1> it's strange that there are so many how-to's for installing it in 12.04 and even for 13.04 ...
[15:12] <zetheroo1> well I especially liked it for the RAID GUI
[15:31] <client> Hello
[15:42] <hallyn_> rbasak: yeah one of the examples in my blog used arch to sync right?  At home I don't care, I've got a fat pipe.
[15:43] <client> hallyn_ is it possible to setup A records if you're given a DNS without some CPanel type of setup?
[15:43] <ikonia> client: of course
[15:43] <ikonia> client: you set it up on the dns server
[15:45] <client> ikonia the DNS server is being provided by my VPS host. How would I get access to it?
[15:45] <ikonia> client: ask the vps host
[15:46] <client> ikonia, they recommend that clients use their DNS network. Can it really make a difference using a different DNS?
[15:46] <ikonia> client: yes
[15:48] <client> ikonia how close should the DNS be to the actual server?
[15:49] <ikonia> anywhere you want
[15:49] <ikonia> no set rule
[15:50] <client> Okay, I guess I will use 1 european DNS and 1 somewhere in the states
[15:50] <ikonia> why would you do that ?
[15:51] <client> Most of my users are in Europe and the States
[15:52] <ikonia> client: are you talking about dns servers as a resolver or as a host of your domain records
[15:54] <client> ikonia my host calls it "DNS provider"
[15:54] <ikonia> client: not asking what your host calls it, I'm asking what it does technically
[15:56] <client> They fail to mention that ikonia
[16:08] <rbasak> hallyn_: right
=== darmok_ is now known as darmok
=== marrusl_ is now known as marrusl
[17:59] <jamespage> krtaylor, hey!
[18:00] <krtaylor> jamespage, hey!
=== justizin_ is now known as justizin
=== genii_ is now known as genii
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
[22:18] <QnD>  Does anyone know a way of hardening against the ptmx exploit  on 12.04 server
[22:20] <QnD> hello ?
[22:21] <QnD> im gettn my box slammed and need to harden it quick..... but there seems to be no info about this exploit
[22:26] <sarnold> QnD: do you have a CVE number handy?
[22:27] <QnD> yeh 1sec... thx
[22:27] <sarnold> QnD: hrm, is this it? http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0160.html
[22:27] <uvirtbot> sarnold: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160)
[22:28] <QnD> (CVE-2013-0160  several cve's dependin on attack
[22:28] <uvirtbot> QnD: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0160)
[22:28] <QnD> yeh
[22:29] <sarnold> QnD: do you have one of those, or newer, kernels installed?
[22:29] <QnD> that and for some reason udev is actually mounting a strange device as /dev... im assuming for rkit purpose unless ubuntu has changed to some strange practice lol
[22:30] <QnD> im on plain ol 12.04.3 server
[22:30] <QnD> system got walked through like it was standing still a few times....
[22:31] <QnD> im ready to try to honeypot the attack without using a prepackaged service
[22:33] <QnD> im at a loss
[22:38] <QnD> sarnold r u still there ?
[22:39] <sarnold> QnD: yeah
[22:41] <QnD> any ideas on those issues... im stumped
[22:41] <mbnoimi> Does any one know any NAT 2 NAT server? I want to use a remote desktop by VNC in similar way to TeamViewer
[22:42] <sarnold> QnD: do you have the latestkernel updates installed? did you reboot into those newer kernels?
[22:43] <QnD> i tried both leaving it alone and with current sec updates including kernel
[22:43] <QnD> it looks like all kernels are getting hammered...
[22:44] <QnD> i updated a box and dumbed it down to just sshd running and I got hit
[22:44] <sarnold> QnD: how exactly did you discover that one of your users / processes was timing keystrokes via inotify?
[22:46] <QnD> basically I noticed FS changes
[22:46] <QnD> I had btrfs mirroring to a /dev that was logging stuff.... great idea... but not good !
[22:47] <QnD> i/dnode inconsistancies when I loaded backtrack to check out drive offline
[22:48] <QnD> it is a bad state when OSX takes lead for security :(
=== gary_poster is now known as gary_poster|away