[00:01] Runemoro: 'whois rebornlegend.tk' both on my machine and at geektools.com/whois.php doesn't return any NS information. [00:01] oh jeeze. no. I can't read. [00:01] sarnold, that's unusual... [00:02] Runemoro: sorry, it just isn't in the format I expected and apparently I can't read :) [00:02] This is what I get: http://pastebin.com/WrBqpLyF [00:04] Runemoro: how healthy is REBORNLEGEND.NO-IP.ORG? I can't ping it, I can't query it for dns [00:05] sarnold: I can, here's what I get: http://pastebin.com/B5iN5zMJ [00:07] Runemoro: when I traceroute to your IP, here's the last machine to respond to pings 199.127.224.68 [00:07] s/to pings// [00:08] sarnold, For me it gets to the end (199.127.226.65) [00:10] sarnold, Could it be because the reverse DNS isn't set up correctly? [00:12] Runemoro: probably not broken reverse dns.. I just can't communicate with your dns server. if you have a webserver on that machine, downforeveryoneorjustme.com also can't get there: http://www.downforeveryoneorjustme.com/rebornlegend.tk [00:12] <__dan__> hi there guys, anyone got any info on the status of btrfs / zfs on linux with the upcoming 14.04 release? [00:13] <__dan__> i'm thinking of replacing a freebsd box and robust filesystem is very important, i'm a big fan of zfs [00:14] sarnold, Yes, I do have a webserver, and it's not working because the DNS request isn't completing... [00:16] __dan__: you may do better in #zfsonlinux -- I haven't heard any 14.04 specific reports yet, but it feels like users who try to use zfs for root and /boot wind up fighting things, but just using it for a storage pool works well enough. [00:16] <__dan__> cool sarnold thanks for the info :) [00:16] Runemoro: any chance you can talk with the administrators of 199.127.224.68 and ask why traceroute doesn't get any further than their router? [00:17] Runemoro: http://paste.ubuntu.com/7252676/ [00:17] cause icmp is evil [00:17] Patrickdk: we hates it nassty nassty packets [00:19] wait, your attempting to run a dns server at home? [00:19] likely, like smtp, and everything else, it's blocked [00:19] don't do that [00:19] sarnold, I'm able to connect to my webserver by connecting to the IP directly. Just traceroute doesn't work [00:19] Patrickdk, no, It's on a VPS [00:19] Runemoro: oh crazy. http to the ip works fine. [00:20] ya, dns is not working [00:20] firewall? [00:20] nor is icmp. sigh. stupid broken providers... [00:20] iptables maybe? [00:20] Runemoro: do you need to fiddle with security groups on the thing to open up udp and tcp 53 and icmp? [00:21] sarnold, I don't understand the question... [00:21] I'm clearing all iptables rules right now to see if it works [00:21] Runemoro: AWS has a pile of 'security groups' -- you need to ask them to open up ports to specific IP ranges, etc [00:22] Runemoro: I'm wondering if your VPS provider has something similar, a firewall that is enforced separate from your host-based firewall [00:22] sarnold, No, I used the iptables command to set them up === justizin_ is now known as justizin [00:23] sarnold, after I've run "iptables --flush", traceroute is working [00:23] AND DNS TOO! :D YAY! [00:23] woo :) [00:24] Runemoro: both wfm :) nice [00:25] Thank you for your help :D [00:25] I'm glad you got it :) have fun [00:54] how do i prevent a kernel from being upgraded? all the tricks i found via google do not work [00:55] pmatulis: dpkg 'hold' too? [00:56] hmm, what's wrong with this squid line? [00:56] FATAL: Bungled /etc/squid3/squid.conf line 1056: http_access allow localnet [00:56] that's exactly how it's written in the inline comments... [00:56] http_access allow localnet [00:56] sarnold: i've tried 'echo linux-image-3.2.0-56-generic hold | sudo dpkg --set-selections' [00:56] lifeless: ^ any ideas? [00:57] pmatulis: oh, nuts. that was my best shot. [00:58] kirkland: does the previous line look sane? is there a localnet acl defined? [01:00] sarnold: that was it, thanks [01:00] woo :) [01:06] Installing Ubuntu 13.10 Server and getting "Continue without a default route" error. [01:06] Can someone tell me how to proceed? I am not clear on what a "default route" is. [01:07] DavidBorg: it's the default gateway. where packets are sent in the absence of a specific routing rule [01:07] I'm using internet sharing with my Mac [01:08] Don't have an ethernet cable long enough right now. [01:08] Should I manually input default route? [01:08] pmatulis thanks! [01:08] um [01:08] sounds like there's something funny about your network [01:08] Yes, clearl.y [01:08] :) [01:09] Should I just let it go without a default route so I can get the install going? [01:09] Will this be something I will regret not fixing now? [01:09] so you have (internet)<-(wifi)->mac<-(cable)->server you are installing? [01:10] i dunno, if the server is going to be in a different network when you're really using it i guess you don't need to fix it now... [01:11] Yea, it's just a stupid hack due to a cable shortage [01:11] It's for a simple minecraft box [01:11] Nothing too high-tech [01:11] DavidBorg: do you have a keyboard and monitor that you can hook up to it when you -do- move it? [01:11] No real need for security. [01:11] Yes [01:11] woo :) [01:11] It's setup on a KVM [01:12] DavidBorg: good good. when the time comes, check out /etc/network/interfaces and configure it as needed [01:17] KK, partitioning now. :) [01:17] I hope I don't regret configuring it like this. [01:18] DavidBorg: fixing networking parameters is easy enough as long as you can actually get a shell prompt :) hehe === peter is now known as Guest33665 [01:45] I am using 13.10 and want to autoconfig the eth0 network settings. [01:45] How do I do this? [01:46] sarnold: fyi, http://paste.ubuntu.com/7252966/ [01:48] DavidBorg, you mean obtain an IP via DHCP instead of setting it static? [01:48] Yes [01:48] I believe that is what I need to do [01:49] I'm on a rather odd ad hoc network that is a shared connection with a Mac. [01:49] WIFI -> MacBook Pro -> Ethernet Port -> Unmanaged Switch -> Ubuntu Server [01:50] DavidBorg, https://help.ubuntu.com/12.04/serverguide/network-configuration.html walks you through both static and DCHP [01:50] DavidBorg: the interfaces(5) manpage is a bit verbose, but something like "iface eth0 inet dhcp" would be a good start [01:50] Yes, I am novice with the CLI [01:51] pmatulis: ah! cool :) thanks [01:51] vonsyd0w, this is the solutions, it seems - "To configure your server to use DHCP for dynamic address assignment, add the dhcp method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0." [01:51] vonsyd0w: nice, that's a lot easier to read than interfaces(5) :) [01:52] How do I "add the dhcp method" to the inet address family statment? [01:52] DavidBorg, do you know how to use nano or any CLI text editor? [01:53] you want to open /etc/network/interfaces and edit it as stated in the web link i provided. You're at the right section of that web page [01:54] What do I edit? How do I edit it? [01:54] sudo nano /etc/network/interfaces [01:54] I went to interfaces.d [01:55] ignore interfaces.d, that directory is to make tool-based network interface management easier, or help configure systems with many network interfaces [01:56] I am in the nano editor now, and it looks to already be configured for auto DHCP [01:56] I can't ping google.com [01:58] DavidBorg: so, if you run 'ifup eth0' or 'ifdown eth0', does the right thing appear to happen? [01:59] sarnold, when I type ifup, I get "failed to open lockfile" [02:00] DavidBorg: try again with 'sudo' [02:00] you need to be root, so use sudo [02:00] (sorry I left it out, there's a certain number of commands that require administrative privileges to run, and I forget that not everyone knows which ones those are..) [02:01] eth1 already configured [02:01] "ignoring unknown interfae eth0 [02:02] DavidBorg: okay, how about ifconfig -a ? does that show that you've got a reasonable-looking IP address and netmask? [02:02] sarnold, I'm trying the alternate port [02:02] Perhaps I'm mixing them up [02:03] ugh, nothing still [02:05] DavidBorg, deep breaths :) [02:06] Should I reboot the server now that I've flip flopped the ethernet ports? [02:06] I think I may have had it plugged into the wrong port, and now it is working - however, it isn't giving me any IP address, only IPv6 [02:06] DavidBorg: run ifup for the interface you just moved to [02:06] Already configured [02:07] DavidBorg: I hate rebooting as a debugging method, but that might be the easier approach to take to get your NICs into an expected state. probably both are running dhclient or similar at this point, and only one of them -should- have an address, etc. a reboot is a quick way to tear it all down again and bring it allback up... [03:14] kirkland: 3.2 IIRC adds more builtin acls, so you can't redefine them [03:15] lifeless: thanks [03:21] kirkland: see squid.conf.default which will have different comments around there ;) === dv81 is now known as dv812 [05:06] hello [05:06] I just upgraded openssl, and I'm getting this: Server should be SSL-aware but has no certificate configured [05:06] ^ when trying to restart apache. :/ [05:07] anyone? [05:36] | thelamest thomi three18ti thumax │ bekks │ | tom[] TREllis trevorj Tribaal tsimpson ttx TWWOC txomon|home tych0 tyhicks Tzunamii ubottu ubuntulog ulkesh Underbyte │ bekks [05:36] omg [05:36] sry :( === RaptorJesus_ is now known as RaptorJesus === dv81 is now known as wo0f === wo0f is now known as dv81 === dv81 is now known as teaj === teaj is now known as wo0f [09:03] hello, how long does it take for Ubuntu Server to complete the boot process? [09:04] your question is awfully subjective [09:04] I don't see it on my network [09:05] then go check the console [09:06] How can I do that if the signal coming out of the machine is out of my monitor's range? [09:07] hi in the webdav server what are the correct permissions? [09:08] oh and I cannot ssh to it [09:15] Rephrase: How may I access the console if it doesn't respond to crtl + alt + f1 [09:15] ? [09:20] is the computer on? === a1berto_ is now known as a1berto [09:25] sheptard: I hear it humming [09:47] i5150pc: boot into rescue mode, and/or use nomodeset kernel parameter === a1berto_ is now known as a1berto [09:59] i have a webdav, I can see the list of files but not its content [09:59] owner of files is www-data [09:59] what I do wrong? [10:01] this is what I get Mac-mini-de-hXm:webapp hxm$ cat header.php [10:01] cat: header.php: Interrupted system call [10:12] hxm: that indicates a proboem which has nothing to do with the owner. [10:13] *problem [10:18] hxm: interrupted system call? [10:18] check dmesg [10:18] what can be? Sandbox: webdavfs_agent(487) deny mach-lookup com.apple.networkd [10:33] hi guys how do i set up ssh auth sock in ubuntu 13.10? [10:33] Whats "ssh auth sock"? [10:34] ssh_auth_sock environment varible i need it so when i am using filezilla my cloud server ip will use it. [10:35] normally you can add i to filezilla but filezilla wants the format to be in ppk which is the puttykeygen ptivate key format. but i generated my private key using ssh key-gen so its not in a .ppk filde type [10:36] Why do you need to set that var at all? [10:36] And a ppk file is a putty private key, not a socket. [10:38] bekks i never said it was a socket. [10:38] i need it to use the private key to connect to my cloud server [10:38] filezilla ONLY access .ppk file type which is generated by putty key gen [10:39] the alternative is to set up a ssh_auth_sock variable [10:39] Guestwho: filezilla accesses all valid keyfiles, no matter wether generated by putty or not. [10:40] bekks go to "Edit"-> settings and click on SFTP. try adding on of your private key file that doesnt end with .ppk and see what happens [10:41] The file extension is irrelevant. It doesnt tell you anything about the content. [10:41] it will say is not in a format supported by filezilla [10:42] You can use any key generated from whatever as long as you name it .ppk - so filezilla checks the file extension, not the content. [10:42] if you have a passprase it will also say protected keyfiles are not supported by filezilla yet [10:47] bekks thanks [10:59] Segmentation fault occurred at 00000021000025ae in /usr/lib/apache2/mpm-prefork/apache2[apache2:9646] uid/euid:33/33 gid/egid:33/33, parent /usr/lib/apache2/mpm-prefork/apache2[apache2:18982] uid/euid:0/0 gid/egid:0/0 [10:59] this ocurrs when I try to reach the content of a file trought a webdav [11:14] Hello all - repeating the same question I put to #ubuntu: [11:14] Running an ubuntu 12.04 development server on our network. I'm finding network activity just a little bit laggy/slow compared with other machines on our network. Not really sure why this might be. It's wired directly rather than using wifi. Is there anything I can do to test or check what might be causing this lag? [11:15] Specifically, when I do a git pull or push on the dev server to bitbucket, it's not that responsive whereas when I run the same git pull/push on my mac which is on the same network, it responds pretty much immediately [11:16] have you benchmarked your network performance in general on the ubuntu host [11:16] or just using those commands [11:16] ikonia, no just those commands. Haven't done any benchmarking. I'm hoping someone might be able to suggest how [11:17] welly: a basic test is to just use the server to do some basic things, such as downloads, domain look ups etc etc, see how each responds [11:18] the most common things you describe is poor name server response [11:19] yeah.. that would make sense. I wonder if the name server settings are incorrect [11:19] who said they are incorrect [11:19] have you checked them ? [11:19] test them [11:19] i shall do this [11:26] ikonia, ok looks like the nameservers in resolveconf.d/base were incorrect or at least there was an additional nameserver was isn't a nameserver. it feels a little more "snappy" [11:30] is there an easy way in ubuntu to do link aggregation of two internet connections? [11:31] define easy? [11:31] oh, no [11:31] you can't link aggregation of internet [11:32] unless, you are using the same ip address on both internet connections [11:46] Patrickdk, i might be reading the wiki article incorrectly but here's a snippet "In addition there is a basic layer-3 aggregation (available at least from Windows XP SP3),[12] that allows servers with multiple IP interfaces on the same network to perform load balancing, and home users, with more than 1 internet connection, to increase connection speed by sharing the load on all interfaces." [11:46] http://en.wikipedia.org/wiki/Link_aggregation#Microsoft_Windows [11:47] this obviously for windows, but if it's doable in win, should be doable in ubuntu [11:48] it's not that simple [11:48] most websites don't like it when you login from multible ip addresses [11:49] and that is not link aggregation [11:49] that is multi-homed nat [11:52] Hi all, i need to run a simple server on the internet to serve 2-10 MB files to users, what program should I use? [11:52] Apache. [11:57] z thanks, ill check it oiut === a1berto_ is now known as a1berto [12:02] Patrickdk, what about failover - use the first connection and it stops working, start using the second one [12:06] vegnt: I think you're confusing link *aggregation* which is a L2 concept, with L3 load balancing. [12:07] vegnt: most L2 aggregation is done using L2/L3 hashing but at least in the case of 802.3ad both devices (on each end) must support it, and Linux's balance-alb or balance-tlb doesn't really work in a Dual WAN situation [12:08] vegnt: you *could* do it on a session-based basis so each flow goes out either Link A or out of Link B [12:09] but each WAN address is likely to be different so you have a masquerading (NAT) issue, and if the link properties (latency, throughput) aren't close/identical you may end up with a sucky user experience in active/active and want to do active/passive instead. [12:10] tl;dr - its entirely possible, it requires quite a lot of work, you could just look at pfSense or buy a box (i.e. a Firebrick) which does it for you [12:28] For some weird reason my server hasn't been logging to kern.log, syslog and messages since last monday. Anyone experienced this? [12:33] maveas: no. [12:34] everyone's syslog didn't just break on the same day. You need to investigate what is wrong with yours. [12:38] z, pfSense is something i stumbled upon - i might give it a try [12:42] jamespage: this is going to be fun cinder rc3 is out [12:45] zul, \o/ [12:47] Ownership of the mentioned logs had been changed.. very weird. [13:04] jamespage: i just pushed cinder rc3 i dont expect to see any more rc from now until thursday [13:04] zul, excellent [13:06] smb: awesome changelog for xen ;) [13:06] zul, Glad to be of entertainment value :) [13:07] jamespage: libvirt im going to leave as is in the CA since yesterday's change is going to break on precise [13:08] zul, it needs to be synced again - otherwise first security update has todo it [13:08] even if its just to revert that change ontop of our existing delta [13:10] jamespage: ok [13:20] Hi Folks, I'm having some trouble updating the kernel on my AWS instances, because update-grub-legacy-ec2 refuses to update /boot/grub/menu.lst, even though it finds the newer kernels. [13:20] `debconf-get-selections | grep grub-l` gives `grub-legacy-ec2    grub/update_grub_changeprompt_threeway    select    install_new` which I interpret as "use the new configuration" [13:20] I've also tried setting UCF_FORCE_CONFFNEW=1 when running update-grub-legacy-ec2, with no luck. [13:20] Finally, I've tried e-mailing the cloud-init maintainer to ask for directions from here, but I've had no luck [13:21] iri-: can you reproduce this on a fresh EC2 instance? [13:22] rbasak: I've spun up new instances and encountered the problem, yes, it has been going on for some time and it happens reliably to all of my instances. [13:22] rbasak: I havevn't spun up an instance for the purpose of *just* checking this though [13:23] iri-: if you can figure out a way that somebody else can independently reproduce the problem, then you can file a bug against cloud-init [13:23] (well, you can anyway, but that probably won't help much) [13:24] rbasak: trying now. In any case I need some pointers for backing out of this trouble if possible [13:25] smoser: so http://pastebin.ubuntu.com/7255270/ is what I had to do just now to get cloud instances started with automatic updates. How do you feel about adding a boolean flag that achieves this? [13:25] since I need to upgrade the machines I have now [13:25] iri-: I can only suggest stepping through the code. Or trying to reproduce on a fresh instance to get to a root cause, which could result in pointers. [13:25] rbasak, why the runcmd ? [13:26] i dont have an issue with a toggle that accomplishes that [13:26] smoser: unattended-upgrades is seeded via software-properties-common [13:26] smoser: thus it's already there, so needs a reconfigure [13:26] rbasak: we've tried stepping through the code, it's a debconf thing, and it is very non-intuitive. It seems that debconf or UCF decide not to update the file, but we couldnt' find a root cause [13:26] *very* strangely, if you interrupt update-grub-legacy-ec2, then it updates the file. [13:27] iri-: works for me, so it's pretty hard to guess what your issue might be. [13:28] rbasak, ah. [13:28] isnt that then an example of 'debconf-as-a-registry' bug ? [13:28] rbasak: what works? When I run update-grub-legacy-ec2, it *looks* like it is working, it lists all of the kernels, correctly, but then it doesn't actually update /boot/grub/menu.lst [13:28] I'm just trying on a fresh instance now. [13:29] iri-: I just ran update-grub-legacy-ec2, and my /boot/grub/menu.lst was updated. [13:29] At least it said it updated it and it had a current timestamp afterwards. [13:29] rbasak: aha! It *SAYS* it does, I actually get output that looks like it is doing so, and it updates the timestamp, but the contents are unchanged [13:29] I see "Updating /boot/grub/menu.lst ... done" and everything [13:30] smoser: a bug? debconf is working as designed here I think. debconf-set-selections isn't supposed to reconfigure packages if they're already installed. [13:30] rbasak: and unsurprisingly, I can't reproduce on a fresh instance. But I have a suspicion as to what might be happening, perhaps. [13:30] iri-: then it sounds like it's enumerating the kernels wrong or soething? [13:30] rbasak, no, because when it lists the kernels the list is correct [13:30] Or have you modified it? [13:30] I haven't modified /boot/grub/menu.lst [13:31] However, when I first ran "apt-get dist-upgrade" on the machine I did so from salt, i,e, not from a terminal [13:31] and since I just ran apt-get dist-upgrade from a terminal on this new one, it asked me what I wanted to do about the file, the default was to keep the package maintainer's version [13:31] Hi, I have this use case. server1 has php application running under apache, and server2 has nginx for front-end app, What I want to do is from front-end it sends a request i.e. server2 to server1 to create a virtualhost in server2, for the virtualhost part i have a bash script file that will create the vhost, so my question is how do i connect to server2 from server1 i.e.(the flow is server2 sends post request to server1 with subdomain name, server1 [13:31] parses it and runs the bash script that is located in server2 and gets response and sends the response back to the server2 ? [13:33] rbasak, it is an example of using debconf as a registry [13:33] shafox: this is the the sort of problem that juju solves really well [13:33] i think [13:34] rbasak, we are not using juju, but if you can tell me how to do it with ssh or any other way that would be great. [13:35] smoser: I don't see how. To change the answer to any question asked with debconf, you always have to run debconf-set-selections and then dpkg-reconfigure. [13:35] That's how it's supposed to work. [13:36] but you're not supposed to store data in debconf. [13:36] smoser: an alternative would be to write out /etc/apt/apt.conf.d/20unattended-upgrades by hand. [13:36] changing the file is "the right way" to do it. [13:36] smoser: I'm not storing data. I'm *setting* the answer to the question "yes, automatic updates please". [13:36] because as it is right now, if the user changes that file, and then dpkg-reconfigure gets run, it will destroy the data they wrote there. [13:37] If it did that, then *that* would be a bug. [13:37] well, it clearly is. [13:37] how else could it work ? [13:37] you're giving it a value, and running dpkg-reconfigure [13:37] ucf conffile handling? I hope that's what it's doing. [13:37] and its going to write that value into that file. [13:37] Via ucf I hope. [13:37] i dont think ucf changes anything. [13:38] you now have 2 places where a user can set the value. [13:38] Indeed, it's via ucf. [13:38] preseed or file. [13:38] If the user sets the file by hand, the postinst won't touch it, thanks to ucf. [13:38] debconf is helping with just the packaging *preference*. [13:39] The user is still king in /etc/ [13:39] THe rigiht way to set the default is via packaging preference, via debconf via ucf. [13:39] Then the user won't be told that he changed the file on upgrade. [13:39] It will just remember his debconf preference. [13:40] ok. i think you've convinced me. [13:40] :) [13:40] any idea why i'd see this; [13:40] https://launchpadlibrarian.net/172834901/buildlog_ubuntu-precise-amd64.subunit_0.0.18-0ubuntu7%7Ectools0_FAILEDTOBUILD.txt.gz [13:41] Is --shebang a new dh_python3 thing in >precise? [13:41] ah.i htink i know. [13:41] subunit doesn't build-depend on dh_python3 [13:42] so the newer version (which is available there) doesn't get installed [13:42] but must already be in the build root [13:42] Looks like --shebang is new [13:43] rbasak: that advise was relevant to me, too. I did debconf-set-selections and dpkg-reconfigure, but it really seems that /boot/grub/menu.lst isn't being updated because ucf or debconf doesn't feel like it [13:43] so how can I diagnose problems with debconf or ucf? [13:43] iri-: it sounds like your debconf might have remembered that you "said no" to updating the file, because that was the default. [13:44] iri-: install debconf-utils, then run "dpkg-get-selections", and see if you can spot the relevant answer there. [13:44] rbasak, but I've set it in the debconf-set-selections.. [13:44] iri-: if that's the case, then you can override it with debconf-set-selections [13:44] hm.. no that doens't make sense. [13:44] rbasak: that was the first thing I pasted when I arrived [13:44] grub-legacy-ec2 grub/update_grub_changeprompt_threeway select install_new [13:44] rbasak, i have trusty-level dh-python in that archive. [13:44] so I've chosen install_new, and it seems to be ignoring me [13:45] iri-: do you get a prompt if you set DEBIAN_PRIORITY=low [13:45] ? [13:48] smoser: I'm a little confused that I don't see a dh-python build-dep in trusty [13:50] smoser: that looks broken to me. Try adding one? [13:50] rbasak, yeah, thats what i'm doing. [13:50] i think thats the bug. [13:51] its just inside build roots [13:51] I agree. [13:51] rbasak, and then say dpkg-reconfigure, or update-grub-legacy-ec2? [13:51] iri-: update... I think [13:51] Assuming that's what prompted you the first time? [13:51] (that you didn't see) [13:54] smb, nice changelog comment btw [13:54] rbasak, no prompt [13:54] jamespage, ta. :) [13:55] jamespage: ok libvirt/xen uploaded [13:55] smb/hallyn: no more please ;) [13:55] hm? [13:56] hallyn: no more libvirt changes ;) [13:56] zul, Oh and I wanted to do another libvirt just for fun. :-P [13:56] just kidding [13:56] smb: nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo [14:05] rbasak: is there any other way to get dpkg-reconfigure to re-ask questions? [14:06] I can't get it nor update-grub-legacy-ec2 to ask. [14:06] rbasak, can I do it with ssh ? [14:07] rbasak: on my fresh machine, I just edited the grub configuration and now update-grub-legacy-ec2 refuses to update it [14:08] iri-: I don't know, sorry. There is a "seen" flag associated with each question you should be able to reset. [14:09] iri-: but I don't see why setting what you need with debconf-set-selections doesn't change behaviour. [14:20] rbasak: any idea where I can find the "seen" fflag? [14:24] one of my servers seems to be the target of an attack. in my access logs there are tons of requests for various ad networks, including ads.yahoo.com, ads.mediafem.com, ads.sonital.com, and many others. i was able to stop the attack by tightening up my firewall rules. however, im not too sure how or why this could have been happening. any suggestions on where i should start looking to try and figure this out? [14:26] not without seeing the entries in your access log [14:28] ah, found it, it's in /var/cache/debconf/config.dat [14:28] iri-: that's exactly what debconf-get-selections and debconf-set-selections manipulate by default, AFAIK [14:28] removing it didn't cause me to me reprompted [14:29] (the Flags: seen line) [14:29] patdk-wk: an example one from ip address 142.91.245.140 "GET http://pm.5188bh.com/header53621.php HTTP/1.0" 301 462 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" [14:29] the ip addresses are from the most part different as well === benrodrigue is now known as brod [14:31] erictr1ck, that is a proxy request [14:31] do you have proxy enabled? cause you shouldn't [14:34] patdk-wk: it doesnt look like the apache proxy mod is enabled. but they still must be proxy requests [14:35] smoser: I see that you're chairing today's meeting. [14:35] smoser: just wanted to let you know that I will not be able to attend, nothing particular to bring up [14:36] erictr1ck, what ip is the server at? [14:37] patdk-wk: it is at 184.106.91.248. but it is behind a load balancer and to block the requests, i now only allow requests from the load balancer [14:38] ah [14:38] the lb ip then? [14:38] or did doing that stop it all? [14:39] doing that stopped it, they were hitting that one server directly [14:39] the load balancer is at 198.61.151.10 [14:40] the lb is doing strange things to it [14:40] patdk-wk: how so? [14:40] it's not really fixing it, it's just they haven't noticed they need to use your lb instead of direct [14:41] the good thing is, yes, your protected, and not doing someting stupid [14:41] and there isn't much you can do about it, people will always request junk [14:42] you could setup a rewritecond to match those url's, like anything starting with http, and return a 403 if you want [14:42] this url might help you, https://wiki.apache.org/httpd/ProxyAbuse [14:42] but it's not a security issue, just random internet junk [14:44] patdk-wk: i see, thanks for the help. i'll have to dig deep and see why it is accepting proxy requests. it doesnt look like mod_proxy is enabled. [14:45] it's not accepting them [14:45] it's just receiving them [14:45] and following the rules you setup [14:46] but your currently rules don't notice a proxy request, so it's just making a mess of it :) [14:46] i see.... [14:47] How do I disable the encryption pass phrase on boot? It is causing the system to halt prior to booting, and I really regret setting it up that way. [14:52] Can someone help me with removing the passphrase for encryption on boot? [14:56] I love you all. [15:01] Anyone here? [15:01] DavidBorg: Jup, many. But most idle. [15:02] Also see !patience. [15:02] !patience [15:02] Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/ [15:03] Don't ask for help too frequently in an idle chatroom. The lurkers may get upset. LOL [15:14] hmm, 2 days before the world ends [15:18] jamespage: im running the stable/havana triggers fyi [15:18] zul, oh good [15:18] zul, glance is still not accepted btw [15:19] jamespage: crappers [15:32] zul, did you see taskflow update is blocked in proposed in trusty? [15:32] jamespage: no [15:32] im on it [15:34] caribou, thanks for the heads up. [15:35] zul, promoting wahts in staging havana -> proposed now [15:36] jamespage: ack [15:36] zul, was there a keystone release btw? [15:36] jamespage: for keystone? [15:36] sorry for havana? [15:36] jamespage: yes for havana [15:36] zul, its not in any queues [15:37] jamespage: lemme check [15:38] i uploaded it === Havenstance2 is now known as Haven|Work [15:38] coreycb: can you check to see if you got a reject message for keystone? [15:38] coreycb: keystone-2013.2.3-0ubuntu1 [15:38] zul, no, I didn't [15:40] alright lemme re-upload this then [15:41] jamespage: re-uploaded it...i could have swore i uploaded it though [15:41] zul, lolz [15:42] zul, it was not rejected so must be a wetcode error [15:42] jamespage: black hole [15:43] zul: "dput /dev/null keystone_...._source.changes" [15:43] jamespage, zul: btw I don't think I get reject messages. likely b/c I don't push? [15:43] that works in no way I can imagine [15:43] coreycb, as the changer you should have [15:43] coreycb, did you get a pending approval message? [15:43] jamespage: its like that disney movie [15:45] jamespage, I get messages for merge approved/denied and things like that [15:56] How do I force dependencies to be downloaded and installed when running apt-get install? [15:57] I'm trying to get apt-get install php* [15:57] Dependencies are causing it to error out. [16:30] looks like we'll be stuck with ancient openldap software for another 5 years... === lutostag is now known as lutostag-away [16:53] zul, cinder and swift in [16:54] still waiting on neutron [16:54] jamespage: i saw [18:32] jamespage: taskflow fixed just doing one more test [18:40] Fresh install of ubuntu server 13.10 on both boxes. Both boxes appear to be running fine, and doing their jobs well. However, I noticed whoopsie in htop on both boxes. When I end the whoopsie process, these entries keep showing up in syslog "GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.NetworkManager was not provided by any .service files". Any idea how I can track down what's crashing??? [19:25] I have a bit of a security dilemma. I have a VPS that I'd like to use encrypted disks for, encrypting /home, /tmp, /var/lib, /var/log, swap, and certain portions of /etc. (Not /boot or the whole /) The problem is the console access is through VNC, so during boot I'd have to enter the encryption passphrase over an unsecured VNC session. How might I be able to boot a minimal system that would be enough for me to make an SSH ... [19:25] ... connection and then mount the encrypted containers from there? [19:28] tonyyarusso: a) as long as someone has access to the physical host of the vps, he/she has full access to you vps b) encryption doesnt change a), c) not encrypting the whole system is fairly nonsense in terms of d) security by obscurity, which encryption of a vps basically is. [19:33] bekks: Well, the tinfoil-hatted thinking is if something came up such that I suspected the data was going to be targeted, I could shut the system down, and the encryption would kick in at that time. I'm aware that it's useless while booted up. [19:34] perhaps your vps image would be snapshotted while it is running, keeping the key nice and legible in memory? [19:35] I'd spend some more time thinking about what problems you're trying to solve -- who are your adversaries, what mechanisms do they have at their disposal, and how much can you mitigate against them? [19:43] I can't get LightDM to work via SSH using a Mac to Ubuntu Server 13.10 [19:44] Can someone tell me what command I should type after logging in with the ssh -X user@name command? === Ursinha is now known as Ursinha-afk [19:51] DavidBorg: you can't xforward Lightdm, you will need to use VNC for a graphical session or XDMCP === Ursinha-afk is now known as Ursinha === Rich__ is now known as Muesli_ === Muesli_ is now known as Muesli3 [20:47] Is there a more 'fresh' build of the ubuntu-server installer for the beta than the march ~27 'beta 2' one? Didn't see one under the dailies [20:47] er, installer? i meant ISO [20:49] http://cdimage.ubuntu.com/ubuntu-server/daily/current/ [20:51] ha- that makes sense! [22:26] ok, so everyday my ubuntu server loses its static ip set and gets a dhcp setting [22:26] if i do ifdown eth0 && ifup eth0 it gets the static ip back again [22:26] this is on ubuntu 14.04 [22:37] * resno yawns [22:37] resno: is dhclient still running? [23:12] resno: please file bug :) though I don't know what to file it against [23:12] resno: that doesn't sound like sometihng that should happen. [23:14] sarnold: heh ok, im not even sure what details to include [23:14] resno: if you can catch the dhcp client in action, that'd be nice.. [23:14] i know something is making it do it, because it happens at about the same time everyday [23:16] ya, its dhclient [23:18] hrm, there's lots of half-baked ways I can think of to tyr to figure out which process is kicking off dhclient, but none of them are quite what I'd like to suggest to someone else :) [23:18] mwhudson: dhclient is not installed [23:18] resno: special [23:19] somehow in the los dhclient is receving the request for the ip === sz0 is now known as sz0` [23:20] resno: the package is called isc-dhcp-client fwiw [23:20] the binary is dhclient though [23:20] i assume you must have some kind of dhcp client installed, or getting a dhcp address would be pretty amazing :) [23:21] yes it would [23:21] i magically get ips from dhcp through space [23:21] im just curious though how it would ignore the conf [23:21] sarnold: i think i've seen things where i've modded /etc/network/interfaces to change eth0 to static, ifdown ifup and dhclient is still running [23:21] sarnold: is that possible? expected? a bug? [23:22] i was pretty confused about what was going on when i saw this though [23:22] mwhudson: if you didn't ifdown the interface before editing interfaces, I wouldn't be too shocked. [23:22] resno: anything in syslog? [23:22] sarnold: oh, ifdown would only kill dhclient if the config still said auto? [23:22] that probably is what happened [23:23] mwhudson: ya, it mentions get the dhcpoffer [23:23] somehow i like to leave the gap between ifdown and ifup as short as possible, even if i'm editing on the serial console :) [23:23] mwhudson: as far as I'm concerned, there is much magic going on, and while we may hope for the best :) I suspect it's a bit cranky about details [23:24] heh, cranky