=== thumper-gym is now known as thumper === peter is now known as Guest82373 === Havenstance_ is now known as Havenstance === setuid is now known as _setuid [04:38] installing lxml via python-pip and I'm getting this on ubuntu saucy "/usr/bin/ld: cannot find -lz" [04:39] any ideas? [04:40] apt-get install zlib1g-dev [04:42] jamescarr repo enabled? [05:50] Good morning. [07:52] my LAMP installation 'hanged' on 'Configuring mysql-server-5.5' at 72% [07:52] should i kill it? === Smedles_ is now known as Smedles [09:11] I don't get it. my server is spending time swapping long before it's used its memory. setting vm.swappiness=1 "fixed" it, but it'd be nice if linux were a wee bit smarter [09:12] rbasak: ping === sanderj_ is now known as Sander^work === jtv1 is now known as jtv [09:23] caribou: pong [09:24] rbasak: quick question : is there a way with uvtool to remove one of the downloaded cloud-images ? [09:24] rbasak: like I have trusty i386 & amd64 & I want to remove i386 [09:24] caribou: not currently supported, unless simplestreams can rotate it out based on some filter. [09:24] caribou: you can hack it quite easily though [09:24] rbasak: yeah, I suppose I could go & delete the file once I can identify it [09:25] caribou: remove the corresponding metadata file in /var/lib/uvtool/libvirt/metadata (I think?) then sync. [09:25] rbasak: ok, will do. [09:25] rbasak: I'm also thinking of 'proposing' a "uvt-kvm create --wait" that would call the uvt-kvm wait from the create option [09:26] rbasak: I need to take a few minutes to look into it [09:26] caribou: that's a great idea. I filed bug 1301412 last week. I think your solution is maybe better. Or perhaps we need both. [09:26] Launchpad bug 1301412 in uvtool "uvt-kvm wait ... && uvt-kvm ssh ... is inconvenient and repetitive" [Wishlist,Triaged] https://launchpad.net/bugs/1301412 [09:28] rbasak: yeah, maybe both can be useful and/or complementary [09:29] caribou: also, how about a -l|--login option on the create subcommand that implies --wait and also does ssh to defaults? [09:29] rbasak: could be useful indeed [09:29] caribou: let me put this all into that bug [09:30] rbasak: ok, I'll subscribe to it [10:26] PHP Fatal error: Call to undefined method mysqli_result::fetch_all() [10:26] how do i fix this [10:26] phpinfo() shows that mysqli is loaded === inaddy is now known as tinoco === Havenstance is now known as Haven|Home [12:44] i have an ubuntu 12.04 server running with an x11vnc remote desktop thing [12:44] how do i make the resolution higher than 1024x768 [13:20] nvm [13:23] roaksoax, smoser: soooooo..... [13:23] roaksoax, smoser: I just upgraded to the lastest maas on 14.-4 [13:23] and I *think* the grub install is failing in the fast-path installer - I've tried on precise and trusty installs and I get the same issue [13:24] roaksoax, smoser: how do I debug this? [13:26] jamespage: ssh into the fastpath and look whats wro g [13:26] jamespage: you can prevent the target system from rebooting after install by editing /etc/maas/preseeds/curtin_userdata [13:27] there are a couple of lines "power_state:\n mode: reboot" you can comment out [13:27] jamespage: im going to start uploadling to saucy-proposed [13:27] jamespage: first, though restart the cluster controler and try again [13:27] zul, you can't [13:27] roaksoax, I already rebooted [13:27] jamespage: i cant? [13:27] zul, the nova sru is still blocking you [13:28] jamespage: oh...yeah.... [13:28] jamespage: check that fastpath is accesing the correct ip address for the cluster [13:28] roaksoax, OK [13:28] to download the root.tar [13:28] gz [13:29] roaksoax, I watch the console - that's all happening OK [13:29] the failure is quite late in install [13:29] jamespage: then probably curtin issue. yeah access the image and investigate why it fails. i think issues were reported but then magically fixed [13:30] roaksoax, OK - trying now [13:30] roaksoax, I should just be able to SSH to the FPI right? [13:30] no extra incantation required? [13:32] jamespage: you need the ephemeral backdoor [13:32] you need to activate it [13:35] roaksoax, ? [13:36] jamespage: https://lists.launchpad.net/maas-devel/msg00808.html [13:40] roaksoax, is that still applicable with the new boot-resources stuff? [13:42] smoser ^ [13:44] jamespage: the process is of course, the paths, no [13:44] roaksoax, yeah - got it [14:16] roaksoax, OK - I'm backdoored [14:18] roaksoax, well I was - juju just terminated me [14:19] jamespage: bummer! yeah juju now terminates you if deployment doesn't get completed, which sucks for debuggin [14:19] jamespage, https://bugs.launchpad.net/curtin/+bug/1303617 [14:19] Launchpad bug 1303617 in curtin "pc-grub install path broken in curtin" [Critical,Confirmed] [14:19] fix is just now uploaded. [14:19] you can apply revno 125 to trunk [14:20] er... you can cherry pick that to your local maas installation and it should fix it. [14:20] i just uploaded. [14:20] smoser, ok [14:20] smoser, I'll stop debugging - that looks like my problem [14:22] smoser, ok - I'm being dumb [14:23] curtin is not installed on my maas box? === Quintasan is now known as Doktorant_R4k === Doktorant_R4k is now known as Quintasan [14:34] jamespage, python-curtin === rbanffy_ is now known as rbanffy === tinoco is now known as inaddy === inaddy is now known as tinoco [14:41] jml, shoot. you actually need the curtin-common [14:41] s/jml/jamespage/ [14:41] sorry jml [14:41] smoser, I got there in the end [14:42] :-) [14:55] Hi I have a super micro server that I am attempting to install 12.04 server on. Everything goes fine with the install and then when it comes up to boot I get the grub menu but then if you select the regualr kernel option nothing happens. Funny thing is that if I select recovery console and then resume boot everything appears to work fine. any ideas as to how I can get grub to work properly from the start? [15:04] tmwsiy, likely need nomode or other video options to the kernel [15:04] jamespage: cinder rc2 is available [15:04] * jamespage leaps for joy! [15:04] zul, great - are you on it? or shall we let coreycb ? [15:05] jamespage: im on it [15:11] jamespage: just doing a local build now [15:14] zul, ack === alex88_ is now known as alex88 [15:21] jamespage: https://code.launchpad.net/~zulcss/cinder/2014.1.rc2/+merge/214565 [15:24] smoser, that fixed me up - thanks! === Havenstance is now known as Haven|Work [16:00] hello, I have some irc logs in unrecognized encoding [16:00] i use file to know which encoding is and it says 'data' [16:01] can I just use iconv -f data -t utf-8 ? [16:01] or it will make it worse [16:01] Any of you guys know of a way to completely manage virtual machines in KVM from the command line? I'm running it on a headless server machine that I don't have GUI access on... [16:01] I can get a vm created and started, but I can't seem to connect to it to install the operating system... [16:07] hello! [16:08] how I can install gnome with RDP on Ubuntu 13.10 [16:08] 64 bit [16:14] Install gnome and a rdp client. [16:30] bekks: its remote server [16:31] i heard its a bit tricky === deegee__ is now known as drussell [16:49] forex, are you asking how you'd install gnome while you're logged in with RDP? [16:50] sync0pate: there is remote ubuntu server [16:50] i with to access it via rdp [16:51] so I realise I would have to apt-get install gnome [16:51] how do you access it at the moment? [16:51] yuk [16:51] ssh [16:51] access via rdp is a huge hack ontop of a hack [16:51] just use vnc or nx [16:51] patdk-wk: so what do u use to access GUI? [16:51] any particular reason you wanna rdp in? [16:51] personally? I don't do gui [16:51] forex: We don't particularly use GUIs. [16:51] I mean, why exactly would I need one? [16:52] ssh is generally better [16:52] sync0pate: use GUI to install VM with Windows :D [16:52] and OSX [16:52] forex: https://help.ubuntu.com/community/ServerGUI [16:52] forex, no need for gui for that [16:52] but vnc seems to work better than rdp [16:52] sync0pate, the rdp works by talking ontop of vlc [16:52] forex: libvirt can run a vnc server for your vm's, no need to have the host run something X related. [16:52] vnc I mean [16:53] lordievader: hmmm how libvirt can do it? [16:53] sounds interesting [16:54] forex: Use 'virt-install' to provision a VM. [16:54] forex: virt-install --graphics vnc,listen=0.0.0.0 [16:54] forex: Those are the flags to enable a VNC server tunneled to the virtual machine. [16:54] yes I see [16:54] forex: You will need the other flags for the VM, disk, memory, etc. [16:55] i like gui alot I admit :D [16:55] and its handy and fast hehe for some tasks [16:55] I wouldn't abandon the GUI on my desktop [16:55] personally [16:55] but I never use it for servers [16:55] forex: Just install virt-manager on your desktop. [16:55] well its website - 0 emails 0 cc data [16:55] :D [16:56] forex: And connect to the libvirt socket on the server with ssh. [16:57] i like gui I get idea of command like yet I love love visuals [16:57] even on server [16:57] :D [16:57] its pleasing [16:57] True, but noone serious about their server farm would use a GUI. ;-) [16:58] they would use powershell! [17:00] Daviey: hey there is a cinder rc2 in the queue as well [17:01] http://seb.so/vnc-from-boot-without-logging-in-ubuntu-lubuntu-xubuntu-and-mint-lmde/ [17:01] interesting idea :D [17:03] forex: nice documentation, I've wondered about "vnc into existing X" vs "vnc in and create a new X" -- it's nice to see it documented here :) [17:04] is there a way to troubleshoot booting problems on a remote headless server? [17:04] I install some packages, reboot, and it won't come back up [17:04] I can boot a 'rescue system' to mount the filesystem after the fact and such, and reboot, but I can't figure out whats stopping it from booting? [17:05] moparisthebest: best is soemthing like serial console or an "integrated lights out" management interface on the server [17:05] can I setup and connect to a serial console over the network? [17:07] moparisthebest: there are some serial console servers, sometimes even integrated into power strips :) wonderful things [17:08] so sarnold I install gnome then vnc and then I follow that howto right? :D [17:08] forex: looks like it :) hehe [17:08] :))) [17:12] zul, https://code.launchpad.net/~james-page/neutron/rc1-fixes/+merge/214582 [17:13] i wonder why add-apt-repository ppa:gnome3-team/gnome3-next is not working [17:13] zul, I'm still not sure that the l3/vpn agent stuff is right but I can't track down anyone to tell me authoratively [17:13] bizzare [17:13] I decided while I am at it install latest gnome :) [17:16] jamespage: +1 [17:17] patdk-wk: Hihi, ps, haha [17:17] zul, ok merged [17:18] hallyn_: need any testing for bug 1286500 ? [17:18] Launchpad bug 1286500 in virtinst "Can't perform an HTTP VM install with virt-manager" [Medium,Confirmed] https://launchpad.net/bugs/1286500 [17:18] zul, I think the two agents do overlap - I can quite happily run stuff that relies on l3-agent with just the vpn-agent running [17:18] forex: It's good to get a habit of managing your servers through the command line :) [17:18] jamespage: ack.. [17:19] pmatulis: I think this needs to wait until we can merge the next version (which needs a few MIRs). [17:20] I disagree with comment #4, btw. you can d/l an iso this is does not render essential functionality broken [17:22] hallyn_: have you had anyone reporting issues with qemu segfaulting? [17:23] mdeslaur: no [17:23] mdeslaur: other than -ppc [17:29] Adding group `nopasswdlogin' (GID 110) ... [17:29] hmm [17:29] why no passwd :D [17:29] o well [17:57] nearly there [17:57] login works fine however then remote desktop goes back to login screen [17:57] :) [17:58] GConf-WARNING **: Client failed to connect to the D-BUS daemon: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11 [18:01] mdeslaur: any more details? are you easily able to reproduce that? [18:02] hallyn_: still poking at it...looks like quantal i386 guest with the vmvga driver causes it [18:02] hallyn_: but still testing [18:03] ::))) [18:03] magical ubuntu [18:59] Ubuntu server 12.04 doesn't seem to detect my SATA FDM, any idea if they're supported in 14.04? [19:01] sata fdm? [19:02] if it's sata, the issue is, your sata chipset [19:06] That makes sense that it's a chipset issue, it doesn't detect the network interfaces either... [20:06] hey guys, what's the default MTA in ubuntu 13.10? [20:07] still postfix? [20:07] bitfury: yep [20:07] and 14.04, too [20:08] lamont, do you know if it gets automatically removed when installing sendmail or any other MTA? [20:10] bitfury: by policy, the MTAs all conflict with (and provide) mail-transport-agent, so you cannot install more than one at a time [20:10] unless you do it in a chroot, of course. === DavidDuffey is now known as dduffey === AntORG_ is now known as AntORG === Ursinha_ is now known as Ursinha [20:10] bitfury: see, for example, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307186 [20:11] Debian bug 307186 in postfix "Postfix conflicts with sendmail" [Wishlist,Open] [20:11] that'd be in the "wontfix" category, since the change it asks for would be a release-critical, policy-violating bug [20:14] lamont, thanks [20:26] Daviey: ping can you review cinder rc2 please [20:29] zul, done === hxm- is now known as hxm [20:30] Daviey: thanks [21:18] hmmm [21:18] I installed xrdp - it says connected [21:18] and closes window :D [21:19] bizzare? [21:23] Nope. Dont use RDP but vnc or nx. [21:24] xrdp seems to be supporting vnc too [21:28] anyone know if there is a backport of openssl available for 1.0.1g, or otherwise addressing the heartbleed problem? [21:28] forex: Keep i mind that both rdp and vnc arent secure. [21:28] in which way?> [21:28] forex: In every way. [21:29] well means they are good [21:29] whats with gui fobia [21:29] :))) [21:29] forex: Thats nonsense. RDP and VNC arent secured, they arent encrypted, vital data is transferred as plain text. [21:29] wtf [21:30] vnc can run via ssh [21:30] rdp probably too [21:30] which doesnt magically make vnc and rdp secure - all it does is encapsulating vnc/rdp into a secure ssh transport. [21:31] vital data is transferred as plain text. [21:31] :D [21:31] then its secured [21:31] Just use nxm, which does all that automatically. [21:31] *nx [21:34] sounds fine [21:34] it it can work out of box and secure then its good find :D [21:36] NX is an exciting new technology for remote display. It provides near local speed application responsiveness over high latency, low bandwidth links. [21:36] awesome! [21:43] hallyn_: re MIRs, i'm not sure i follow. are you saying bug 1286500 will go unfixed for trusty? [21:43] Launchpad bug 1286500 in virtinst "Can't perform an HTTP VM install with virt-manager" [Medium,Confirmed] https://launchpad.net/bugs/1286500 [21:44] bekks: so there is open source and paid version or just paid? [21:44] reading on it now :D [21:44] pmatulis: it may, yes. [21:44] wow, ok. virt-install is a main way for using preseeding [21:45] i'm looking into 1304008 right now, i can look some mor einto that one after, [21:45] pmatulis: but you can preseed and use virtinst with an iso, [21:45] hallyn_: oh, i can't find how. --location (preseeds) doesn't work with --cdrom (iso) [21:45] pmatulis: i had to look quite awhiel to even find an http location tht worked, [21:45] hm [21:46] pmatulis: can you add the precise command line you use to the bug report? [21:46] i'll see what i can do [21:46] since cgmanager is'nt currently blowing up in my face :) [21:46] hallyn_: i'll do it now [21:46] thanks [22:28] pmatulis: (not seeing it in that bug yet, assuming im' looking in the right place) [22:34] hmm [22:35] what's the deal with ping: icmp open socket: Operation not permitted. in 14.04?.. [22:36] atpa8a: please dmesg | grep DENIED | tail [22:36] (and pastebinit if there's more than one or two lines :) [22:37] sarnold: none! [22:37] atpa8a: do you have auditd installed? check /var/log/audit/audit.log to see [22:38] i don't have that... [22:38] this is a clean brand new install [22:38] atpa8a: drat. well, that is itself fine. it just means that my theory doesn't help you :/ [22:38] :) [22:38] thanks anyway [22:40] apparently ping is missing -s... [22:41] Hey guys, I am really sorry but this OpenSSL Vuln, all the releases I find say 1.0.1f is the new version I need, however I am new to the ubuntu space, and I see the version with ubuntu is labeled when I do dpkg as 1.0.1-4ubuntu5.11 [22:41] is that the f version? [22:41] now... is this just a bug or "by design"?.. [22:42] nextdoorwarren, learn how distros work [22:43] you don't *upgrade* to a patched version, you apply the patch to the current version [22:43] so no, it is not the f version, it is the pre-a version [22:43] which was the channel for development stuff?.. [22:43] and if you only see 5.11 you need to do an update [22:44] @Patrickdk thanks [22:44] nextdoorwarren, http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html [22:44] Patrickdk: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160) [22:46] nextdoorwarren: which ubuntu release are you on? [22:46] 12.04 LTS [23:31] how would i block port X that isn't coming from within my LAN network 10.10.10.0/24 [23:31] with iptables [23:31] what might cause apt-get update to fail with this error: Reading package lists... Error! [23:32] xibalba, do you need to block a specific port? [23:32] yes, port 111 [23:32] rpcbind [23:32] I prefer to block everything except what is explicitly permitted [23:32] iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable [23:32] right the ASA is blocking everything else. personally i hate the ASA [23:32] as your lst rule [23:33] mgw: there's nothing else nearby to suggest what the error might be? o_O [23:33] not nearby [23:33] maybe in some log somewhere [23:34] sarnold: ^ [23:34] mgw: bleh. well, you can probably just get away with deleting all the lists in /var/lib/apt/lists/ and trying again [23:35] out of diskspace? disk readonly? [23:36] Patrickdk: one of the systems has /run full (fixing that) but the other has plenty of space [23:36] sarnold: That's safe? [23:37] yes, it will just redownload and rebuild [23:37] hmm, /run filling up, kindof strange [23:37] so I guess we need to wait until newer version openssl pkg available? [23:37] axisys, sure, like 2hours ago [23:37] mgw: yes, the next time you apt-get update they'll be redownloaded. no big deal there. [23:38] Patrickdk: not strange, i had a big core file in there [23:38] Patrickdk: I knew I am late in the show.. [23:38] mgw, odd to have core files :) [23:38] axisys, new packages were released today [23:38] mgw: for precise ? [23:38] sarnold: those cover today's security notice, right? [23:38] yes [23:38] mgw: yes [23:38] axisys, all my 12.04 have updates packages [23:38] 5.12 [23:39] next would be rotating all your ssl certs :( [23:39] sarnold: different topic - should we be upgrading anything other than openssl and libssl to cover that exploit? [23:39] so sudo apt-get install openssl ? [23:40] Patrickdk: ^ [23:40] libssl [23:40] Patrickdk: right.. we have few ssh keys [23:40] mgw: restarting your services is a must, regenerating your keys is a good conservative step. [23:40] ssh isn't so much an issue [23:40] as it has both the static key and the hourly rotated key [23:40] that is what that split key is suppost to stop [23:40] atpa8a, sarnold: regarding ping, bug: https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1302192 [23:40] Launchpad bug 1302192 in iputils "ping is not setuid root" [Undecided,Confirmed] [23:41] but still, wouldn't hurt to do also [23:41] sudo apt-get install libssl [23:41] Package libssl is not available, but is referred to by another package. [23:41] beisner: awesome! :) thanks [23:41] axisys, you failed to apt-get update [23:41] oops! always make that mistake [23:42] still same error after the upgrade [23:42] libssl1.0.0 [23:42] is the package on ubuntu 12.04 [23:42] axisys: ^ [23:43] sarnold: should I wipe out lock and partial too, or just everything else in that dir? [23:43] mgw: that worked [23:43] $ openssl version [23:43] OpenSSL 1.0.1 14 Mar 2012 [23:43] oh ya, it is [23:43] heh [23:43] shouldn't it be higher ? [23:43] You guys talking about the Heartbleed bug? [23:43] mgw: normally just "everything else" works for me, but I haven't seen the specific thing you've got [23:43] axisys, no, it shouldn't be HIGHER [23:44] I dunno how many times I must explain that [23:44] Patrickdk: may be in /topic :P [23:44] Patrickdk: we've got an url for that :) https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions [23:44] sarnold, ubibot token for it? [23:44] Patrickdk: dunno.. I don't know our bot vrey well [23:44] neigher do I [23:45] Patrickdk: and when people complain, the debian one too :) https://www.debian.org/security/faq#version [23:45] apt-cache policy libssl1.0.0 does not say anything either.. I will read that url [23:45] 1.0.1-4ubuntu5.12 is the fixed version, axisys [23:45] this is what reading cve's are for [23:46] sarnold: same error — [23:46] Fetched 20.3 MB in 10s (1,871 kB/s) [23:46] Reading package lists... Error! === bigjools_ is now known as bigjools [23:46] http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html [23:46] Patrickdk: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160) [23:46] mgw: hrm, could try removing the locks and partial at the same time? :( [23:47] I am going to have to prove someone in security that it is not running a exploited version.. would be nice if some says somewhere about this [23:49] axisys, I just posted it [23:49] you point them to the CVE I just posted [23:49] then you show them, dpkg -l | grep libssl [23:49] sarnold: still getting the error [23:49] I wiped everything in /var/lib/apt/lists [23:50] sarnold, stupid bot isn't even following the ubuntubots instructions [23:50] mgw: nuts. time to bring out 'strace' to try to figur eout what's going on :( [23:50] Patrickdk: hrm, I don't even know who to turn to for more information on the bot === arosales_ is now known as arosales [23:52] soren hansen [23:52] axisys: make sure that your versions as reported by dpkg -l *ssl* match the version numbers recorded here: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html [23:52] oh wait [23:52] sarnold: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160) [23:52] I should be talking to the *OTHER* bot [23:52] damn it too many bots [23:52] haha [23:55] Patrickdk, sarnold : thanks a lot [23:56] sarnold, there isn't one, closest is [23:56] !latest [23:56] Packages in Ubuntu may not be the latest. Ubuntu aims for stability, so "latest" may not be a good idea. Post-release updates are only considered if they are fixes for security vulnerabilities, high impact bug fixes, or unintrusive bug fixes with substantial benefit. See also !backports, !sru, and !ppa. [23:56] but that doesn't really doesn't read right for this case [23:59] Patrickdk: yeah, it's not bad but not perfect