/srv/irclogs.ubuntu.com/2014/04/09/#ubuntu-server.txt

zuljamespage:  when you get in https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/21485600:11
resnohow do you restart the network manager in 14.04?00:27
resno/etc/init.d/networking just sits00:27
resnoservice network-manager restart just sits00:27
sarnoldresno: hah, don't run that. that's a recipe for killing your machine00:27
sarnoldresno: why is network-manager on your server in the first place?00:27
resnoi dunno, im just trying to get my static ip :(00:28
resnoit didnt do anything00:28
resnoso i tried just interfacing directly with ifconfig00:28
resnoheh, rhetorical question and run ftw :)00:29
sarnoldresno: the 'best' way to configure networking on servers is to edit /etc/network/interfaces and once it is set up correctly 'ifup eth0' or whatever00:29
resnoah ifup now?00:29
sarnoldresno: yeah. and when you've got some time, figure out what dragged network-manager onto your machine and do your best to get it back off :) it's tolerable (barely) for laptops but servers deserve better :)00:30
resnoso, hopefully im not in a lost state00:31
resnomy ip is somehing i dont expect and "ifup eth0" says interface already configured00:31
sarnoldhrm00:31
sarnoldis it one of the 169.xxx whatever "local" network addresses?00:32
resnoah, there we go00:32
sarnoldor did you get assigned a DHCP from your pool? :)00:32
resnoifdown then ifup :)00:32
sarnold\o/00:32
resnois the upstart not used anymore?00:32
sarnoldifdown doesn't always manage to clean things up depending upon changes you may make to /etc/network/interfaces -- nie that it did the job this time00:33
sarnoldresno: check out /etc/init/network* -- there's a huge pile of interacting scripts to manage networking :/00:33
sarnoldresno: thankfully ifup/ifdown has continued to work even in the upstart age :)00:34
resnoah ok.00:35
=== peter is now known as Guest35689
=== arosales_ is now known as arosales
CinosIs the fixed OpenSSL (1.0.1g) available for Ubuntu Server? Trying to upgrade tells me it's the latest version, although it's showing up as being 1.0.1c01:48
mwhudsonwhich series?  it's not necessarily been updated to 1.0.1g everywhere, but the fix has been ported everywhere it was needed01:49
mwhudsonafaik01:49
CinosSeries?01:49
CinosHow do I check that01:49
shaunohttp://www.ubuntu.com/usn/usn-2165-1/   if your installed version matches the versions listed at the end, you're cool01:49
CinosSo I don't need to upgrade my openssl if I'm using those versions?01:50
CinosI have 12.1001:50
cfhowlettCinos dude!  12.10 is end of life and no longer supported = and you're stressing ssl?  upgrade, dammit!01:51
sarnoldcfhowlett: heh, 12.10 has another mumble-weeks life left01:51
cfhowlett!12.10|sarnold01:51
ubottusarnold: 12.10 (Quantal Quetzal) was the 17th release of Ubuntu. Download at http://releases.ubuntu.com/12.10/ - Release Notes: http://www.ubuntu.com/getubuntu/releasenotes/121001:51
sarnoldcfhowlett: it's 13.04 that's been dead..01:51
CinosHow would I even upgrade?01:52
cfhowlettsarnold d'oh!  okay then.  I mis-spoke.  sorry, cinos01:52
sarnoldcfhowlett: sudo apt-get update && sudo apt-get -u upgrade  :)01:52
CinosOne of my servers is showing as being 12.0401:52
sarnoldCinos: 12.04 is an LTS release, it will be supported for another three years :)01:52
Cinosah01:52
cfhowlettCinos 12.04 has 5 years support, but current is 12.04.4 so : sudo apt-get update && sudo apt-get dist-upgrade    will bring you current01:53
Cinosokay01:53
CinosI do that regularly01:53
cfhowlettsarnold : 5 years01:53
sarnoldCinos: but for your 12.10 machine, pay attention to its end of life when it comes; probably sudo do-release-upgrade will do the right thing, but pay attention when it happens01:53
Cinosokay01:53
CinosAnyway, so should I just be fine with the current version of OpenSSL that I have?01:54
sarnoldCinos: have you rebooted or restarted all your services after installing the update?01:54
CinosIt hasn't installed any updates01:54
sarnoldCinos: you may also wish to regenerate private keys and assume they have been compromised; perhaps expire web sessions, etc..01:55
Cinosapt-get update && apt-get upgrade just returns that there are no packages to update01:55
cfhowlettCinos apt-get dist-upgrade01:55
sarnoldCinos: and dpkg -l libssl* returns those right versionnumbers?01:55
CinosSame result01:55
Cinosone sec01:55
Cinosnope, it's showing 1.0.1c and 0.9.8o01:55
sarnoldCinos: ah, sorry, I forgot that dpkg cuts off version numbers :( try dpkg -l libssl* | cat01:56
sarnoldthat'lltrick it into showing the full width output01:56
Cinosit's showing the full length01:56
CinosI see things like "1.0.1c-3ubuntu2.7"01:56
mwhudsonright01:56
mwhudsonthat's what sarnold is asking for :)01:56
Cinosah01:56
sarnoldyay, 3ubuntu2.7 is the 'fixed' version at http://www.ubuntu.com/usn/usn-2165-1/01:57
mwhudsonyou can see here that this version includes the fix: https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.701:57
mwhudsonso this isn't version 1.0.1g it's version 1.0.1c + fixes01:57
Cinosah, so no need for me to panic01:58
CinosI haven't upgraded since before today01:58
sarnoldCinos: you may have the unattended-upgrades package installed01:58
Cinoshm01:58
sarnoldCinos: that will install security updates periodically; but this update also requires restarting affected services and since so many things use openssl, we've just recommended rebooting.01:59
BasedGeekhey folks anybody know anything about running a gopher server?02:57
BasedGeekpygopherd to be specific?02:57
sarnoldI can't believe I call myself a neckbeard without having run a gopherd myself.03:00
* BasedGeek sighs deeply03:00
sarnoldheh, looks like an awesome tool :)03:02
hallyngopher!  oh  how i miss gopher03:34
BasedGeekany tips on running pygopherd?03:36
valeechhello! is this a good channel to get help with MaaS and JuJu?04:53
[ghost]im running ubunut server 12.04 i'm trying to setup openvpn to connect to my server remotely. internal connection works i just can't connect to the internet. i tried bridge but no luck any suggestions.05:31
lordievaderGood morning.06:37
=== Milanito is now known as milanito
hadifarnoudhow can I just update SSL?08:17
hadifarnoudI mean openSSL08:18
cfhowletthadifarnoud is this for the heartbleed issue?08:23
hadifarnoudyes cfhowlett08:24
cfhowletthadifarnoud according to the discussion in main channel, the upgrade has already rolled out on supported versions, although the version doesn't display the new number.    do sudo apt-get upgrade08:25
cfhowletthadifarnoud ask in #ubuntu for more info08:25
hadifarnoudcfhowlett: that's the thing. I don't want to upgrade anything else08:25
cfhowletthadifarnoud ask in #ubuntu for more info08:26
=== ggherdov_ is now known as ggherdov
rbasakjamespage: I think I need to flag bug 130219210:08
uvirtbotLaunchpad bug 1302192 in iputils "ping is not setuid root" [Undecided,Confirmed] https://launchpad.net/bugs/130219210:09
rbasakjamespage: seems pretty critical to me. Everyone uses ping.10:09
rbasakjamespage: something to do with the way ISOs are built maybe?10:09
jamespagerbasak, maybe - that might be installed in the image-bit of the installer10:09
jamespagerbasak, can you give cjwatson a ping about this?10:10
rbasakWill do10:10
=== No_one_a1_all is now known as No_one_at_all
jamespagebeisner, roaksoax: is maas now functional from the ISO?11:07
jamespagereference bug 129855911:07
uvirtbotLaunchpad bug 1298559 in maas "Internal Server Error after installing MAAS from Trusty daily ISO" [Critical,In progress] https://launchpad.net/bugs/129855911:07
zuljamespage:  https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/21485611:21
jamespagezul, +1 on horizon11:35
Siebjeewhen is the new openssl version 1.0.1g being released as ubuntu package ?11:41
bekksSiebjee: It was released two days ago.11:42
SiebjeeI don't see it in the repo on packages.ubuntu.org/11:42
Siebjeefor any release11:42
bekksSiebjee: http://www.ubuntu.com/usn/usn-2165-1/11:42
bekksSiebjee: The version was not bumped, the fix was applied.11:42
rbasakkirkland: are you planning to take care of bug 1304777?11:54
uvirtbotLaunchpad bug 1304777 in pollinate "entropy.ubuntu.com SSL certificate needs to be updated" [Undecided,New] https://launchpad.net/bugs/130477711:54
rbasakkirkland: also, what implications does a server cert change have, OOI? Does this break pollinate? I don't see any fallback.11:56
rbasakWhy does it not default to using the PKI?11:56
=== matsubara_ is now known as matsubara
caribouIs it a total waste of my time to try to use juju's local provider to deploy openstack ?12:37
zuljamespage:  neutron rc2 is out do you want me to take it?12:37
jamespagezul, sure12:40
jamespagecaribou, you can do it but you have to use the juju add-machine --to kvm:0 to create instances for nova-compute, quantum-gateway and other bits12:40
jamespagecaribou, see hazmat's email to the juju ML12:40
cariboujamespage: ok, thanks I'll look for that12:41
cariboujamespage: is hazmat's email in a recent thread ?12:57
cfhowlettfilippo.io/heartbleed/   asks for a hostname to test vulnerability - how do I proceed13:04
patdk-wkdunno, ubuntu doesn't run that website13:04
cfhowlettpatdk-wk how/where can I test the heartbleed patch?13:05
alex88cfhowlett: put the hostname?13:13
cfhowlettalex88 what hostname might we normally use for testing such as this?13:14
alex88cfhowlett: the hostname of the server you want to check for that bug13:14
alex88well, the endpoint more than the server13:14
cfhowlettalex88 got it.  thank you.13:14
alex88np13:15
jamespagecaribou, 'fast containers & dev workflow with juju 1.18'13:18
cariboujamespage: ok got that. I also found a blog post from stokachu who talks about it13:19
beisnerjamespage, roaksoax: as of yday's iso, no.13:22
jamespagebeisner, hmmm13:22
beisnerjamespage, will be kicking off that and other amd64 iso test runs shortly13:24
jamespagebeisner, ack - lemme know if that fails asap - we need to get that nailed before FF IMHO13:24
beisnerjamespage, ack, I agree.  if the feature is on the menu, we should make sure it works.  alt would be to rm the menu item and force install via apt.13:25
jamespageroaksoax, do you have time to work on this?13:26
roaksoaxjamespage: on what exactly? the bug from maas iso install?13:27
jamespageroaksoax, yes13:27
roaksoaxjamespage: i can try to look at it tonight13:27
jamespageroaksoax, I need a definate13:27
jamespagethis is a critical release bug13:27
roaksoaxbeisner: do you have the link for the ISO you are testing?13:28
=== manjo` is now known as manjo
beisnerhi roaksoax.  yep it's the daily build.  http://cdimage.ubuntu.com/ubuntu-server/daily/current/     http://cdimage.ubuntu.com/ubuntu-server/daily/current/trusty-server-amd64.iso13:29
roaksoaxjamespage: i'll give it a look now and let you know13:30
jamespageroaksoax, thanks13:30
zuljamespage:  https://code.launchpad.net/~zulcss/neutron/2014.1.rc2/+merge/21494713:31
jamespagezul, +113:32
zuljamespage:  we should be fine in the icehouse CA now (libvirt regression from yesterday)13:51
jamespagezul, looks weird but works OK "pc-i440fx-trusty"13:52
jamespagelol13:52
zuljamespage:  yeah13:54
zuljamespage:  rhel does the same thing apparently13:54
zuljamespage:  ceilometer testsuites have been disabled for the longest time so im whipping that back into shape13:55
jamespagezul, ok - but I remember they depend on a running MongoDB - is that still true?13:56
zuljamespage:  oh hell yes13:57
zuljamespage:  im just gonig to get the tests to use sqlite by default13:58
jamespagezul, OK13:58
zulwe are also missing a dependency on oslo.vmware as well13:58
kirklandrbasak: I've opened an RT14:12
rbasakkirkland: AIUI, it's the package that needs fixing, no?14:12
rbasakWith the pem embedded in it? That bug came from IS.14:13
kirklandrbasak: yes14:13
kirklandrbasak: okay, updating now...14:13
rbasakkirkland: OOI, why aren't you using PKI by default?14:14
kirklandrbasak: https://docs.google.com/presentation/d/1wj2HNoFguP6JycBB-uDHQKACyQQuEacjaK68cWQxTE0/edit#slide=id.g2b85e07b3_36714:16
kirklandrbasak: slide 4814:16
kirklandrbasak: sorry, slide 45/4614:16
rbasakkirkland: I see, OK. I suppose the trade-off is that older cloud images will now never successfully pollinate? That strikes me as a potential attack vector in itself, though I suppose no worse than a DoS.14:17
kirklandrbasak: it is a calculated tradeoff, unfortunately14:18
rbasakUnderstood. Fair enough.14:18
kirklandrbasak: the good news is that the bundled cert is actually working as designed :-)14:19
kirklandrbasak: ie, we changed the cert on the server (for a very good reason)14:19
kirklandrbasak: and now pollinate is appropriately "failing"14:19
kirklandrbasak: and, fwiw, you can certainly manually override pollinate's options, and disable the --cacert /etc/pollen/cert.pem --capath /dev/null options14:21
beisnerjamespage, roaksoax:  confirmed 'internal server error' is result of maas install from trusty 2014-apr-09 daily ISO.  bug: https://bugs.launchpad.net/ubuntu/trusty/+source/maas/+bug/129855914:26
uvirtbotLaunchpad bug 1298559 in maas "Internal Server Error after installing MAAS from Trusty daily ISO" [Critical,In progress]14:26
jamespagezul, promoting proposed->updates for icehouse14:30
jamespagezul, ceph will follow shortly14:30
jamespagezul, in ceilometer?14:32
jamespage<zul> we are also missing a dependency on oslo.vmware as well14:32
alieskyHello everyone14:34
alieskyI have a question about networking and dns-nameservers14:35
zuljamespage:  yeah python-oslo.vmware is missing as a build-deps, pydist picks it up anyways14:35
alieskyI have a PC with two NIC, each NIC with a different network, and each network have it's own DNS Servers14:36
alieskyhow to configure both nameservers?14:36
alieskydo I need to declare them separately in the network.conf file?14:37
bekksthere is no network.conf file. There is /etc/network/interfaces and you declare both on one line.14:38
bekksaliesky: https://help.ubuntu.com/12.04/serverguide/network-configuration.html14:38
alieskybekks: sorry, my bad14:38
alieskybekks: but each network interface have it's own configuration, and I can declare dns-nameservers in both14:39
jrwrenaliesky: you cannot. dns does not work that way14:39
jrwrenaliesky: choose one to prefer.14:40
alieskyjrwren: so i just put the dns-nameservers in one card?14:41
bekksaliesky: define them on the interface with the default route.14:43
alieskybekks: got it, thanks14:43
jrwrenaliesky: like bekks said, put nameservers under each correct interface, so that if one interface is down your resolv.conf will get written to use the up interface14:43
alieskyjrwen: then the main config will be the one in the preferred card, unless it be down, correct?14:45
jamescarrwhere does /usr/share/dict/words come from?14:55
jamescarris there a package for it?14:55
rbasakjamescarr: $ dpkg -S /usr/share/dict/words14:57
rbasakdiversion by dictionaries-common from: /usr/share/dict/words14:57
rbasakdiversion by dictionaries-common to: /usr/share/dict/words.pre-dictionaries-common14:57
ogra_jamescarr, dpkg -S /usr/share/dict/words14:57
rbasakwamerican, dictionaries-common: /usr/share/dict/words14:57
jamescarrthanks14:57
jrwrenalex88: there is no such thing as a preferred interface.15:30
alex88jrwren: wut?15:33
alex88oh nm, it wasn't for me :)15:33
jrwrenalex88: sorry, misdir15:33
jrwrenaliesky: there is no such thing as a preferred interface.15:33
semiosisjdstrand: jamespage: sarnold: any update re: the glusterfs MIR?  LP bug 127424715:42
uvirtbotLaunchpad bug 1274247 in glusterfs "[MIR] Glusterfs" [Undecided,Confirmed] https://launchpad.net/bugs/127424715:42
jdstrandsemiosis: sarnold is performing it now. I imagine it will be completed today or tomorrow15:57
semiosisthats great! thanks15:57
=== jamescarr_ is now known as jamescarr
jamespagesemiosis, jdstrand: that could be late for enabling the support in libvirt16:47
jamespagehallyn, zul: ^^16:48
zuljamespage:  apparently you need qemu support as well16:48
jamespage\o/16:49
zuljamespage:  too late imho16:49
jamespagejdstrand, semiosis: I'll defer to zul and hallyn for an opinion on timing16:49
zulhallyn:  too late imho16:50
semiosisonly qemu needs glusterfs support enabled.  afaik libvirt doesnt need anything special16:50
semiosiswell thats to be expected16:51
semiosisonly been waiting 2+ years for this MIR, what's another 6 months right?16:51
semiosisdisappointed that this was stalled pending security review for 6 weeks and only got looked at after it was too late16:53
semiosis6 weeks!16:53
zulsemiosis:  yes well the security team is a bit overworked we love them anyways16:56
semiosisi can relate16:56
semiosisI appreciate all your efforts17:03
hallynyeah that is really too bad.  but we can enable it in a ppa at least17:18
hallyntbh i got the impression from patches rolling by that glusterfs in libvirt had some issues still, but if i'm not mistaken on that then enablnig it lets us help stabilize it...17:19
hallynzul: can you reproduce bug 1305191 ?  (I suspect it has something to do with the change in machine type name from trusty to pc-i440fx-trusty, maybe he upgraded qemu packages between install and first boot??)17:30
uvirtbotLaunchpad bug 1305191 in virt-manager "virt-manager can not create new virtual machine" [Undecided,New] https://launchpad.net/bugs/130519117:30
beisnerhallyn, zul:  I'm upgrading my trusty virt machine host (it's a week old), then will also put some cycles into bug: 130519117:50
hallynbeisner: great, thx17:52
zulbeisner:  cool thanks17:53
zulhallyn:  yep right after i try to fix samba17:59
hallynzul: may?18:00
hallynsorry,18:00
=== tinoco is now known as inaddy
zulhallyn:  no worries18:02
zulbeisner:  should show up here when it builds https://launchpad.net/~zulcss/+archive/samba18:13
beisnerhallyn, zul: unable to reproduce bug 1305191 on up-to-date trusty18:24
uvirtbotLaunchpad bug 1305191 in virt-manager "virt-manager can not create new virtual machine" [High,New] https://launchpad.net/bugs/130519118:24
zulbeisner:  sweet18:24
hallynbeisner: phew.18:30
hallynmaybe i should've kept 'trusty' as an alias to the new type18:30
ShutterstromGood evening. Just a quick question: what happens with my settings in config files when using apt-get upgrade? Are they lost or will the system try to merge old and new settings?19:10
bekksShutterstrom: Personal configs are unchanges, global configs are asked to be modified on a per file basis.19:13
Shutterstromsay that I have done some edits in the config file for sshd and if the program gets upgraded, will theses changes be overwritten or till this be taken care of when using apt-get.19:13
bekksShutterstrom: global configs are asked to be modified, personal configs are left unchanged.19:15
Shutterstrombekks: Thanks! Well, I haven't encountered this yet, but the thought have struck me. But now I know. Thanks!19:16
hallynoh, can't ahve multiple aliases, so that woudn't work19:17
t_dot_zilladid ubuntu push the updated version of openssl to 12.04 yet?19:26
mdeslaurt_dot_zilla: we did on monday. see http://www.ubuntu.com/usn/usn-2165-1/19:26
funcoland1i'm having an issue with the trusty PXE install. it gets to a point where it's looking for the "trusty-updates" repository to get some packages I guess? and it hangs with a 404. i don't understand why it's triyng to reach out to it19:45
funcoland1it's looking for http://<mypxeserver>/Ubuntu-Trustyx64/dists/trusty-updates/Release then blam.. 404 and hangs for 10+ minutes. the installation does continue after that long period however.19:45
bekks404 is pretty obvious, isnt it?19:45
funcoland1yeah it can't be found.. it's looking for trusty-updates though which isn't on the disc19:46
funcoland1i don't know maybe there's a preseed command that says "don't look for trusty-updates" ?19:46
bekksship a customizes sources.list then.19:47
jpdsMaybe you should just make your server sync trusty-updates ?19:47
jpdsThere's nothing there but it's going to need it... eventually.19:47
funcoland1i guess that is an option to just sync that entire directory or even repository to the server,  but i mean all of the before generations of ubuntu i've been able to do PXE installs off of with files that were included on just the disc19:48
jpdsRight, sounds like you're missing trusty-updates.19:50
xpistosHey all. how do I remove medibuntu stuff from my server list?20:13
bekksxpistos: you can use ppa-purge20:14
xpistosbekks: ppa-purge medibuntu or do I need to find a specific ppa20:15
bekksxpistos: you need to specify the ppa name20:16
xpistosbekks: 10-4 Thanks.20:16
bekksxpistos: ?20:16
xpistosbekks: It means "acknowledged"20:16
bekksah :)20:16
xpistosbekks: I don't have a medibuntu listed in my sources.list file? but I know it is there cause when I try to update they fail out20:21
xpistosoh wait. I see it now20:21
justizinxpistos: check /etc/sources.list.d/20:32
justizinoh, you found it ;d20:32
xpistosjustizin: I didn't have anything in sources.list.d20:33
xpistosI found a item in sources.list and then commented it out20:34
bekksxpistos: No you have to remove all packages that where installed from that ppa20:38
xpistosbekks: I will make sure to do that as well.20:40
=== mwhudson- is now known as mwhudson
=== Nolar2_ is now known as Nolar2
kyloorHey all. I have two servers each with three spare 1Gb NICs. I'd like to transfer data between them, but my switch doesn't support bonding. Any suggestions on how I can use all three without having to manually divide up the copy operation?21:50
kyloorI can actually directly connect NICs from server to server.21:51
ikoniakyloor: there is no benifit to what you want to do21:56
ikoniaif your switch doesn't support bonding, it probably won't deal with 6 x 1gb interfaces maxed out anyway21:57
CinosI have lost my root password. I'm assuming the only things I can do from here are reinstall or manually edit the passwords file somehow, right?23:11
bekks!password23:11
ubottuForgot your password? See https://help.ubuntu.com/community/LostPassword What's the root password? See !sudo. Don't see *** in password prompts? That's normal. Sudo doesn't ask for your password? It remembers you for several minutes. Please use strong passwords, see https://help.ubuntu.com/community/StrongPasswords23:11
makara_Cinos, mount the disk onto another PC, or LiveCD in and chroot to create a new user23:12
sarnoldbekks: heh, cool, that's usefull :)23:13
CinosThank you23:13

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!