/srv/irclogs.ubuntu.com/2014/05/17/#ubuntu-server.txt

lorfdscatdaemon…yes indeed00:00
Catdaemonuse key based authentication for good security, don't worry about blocking/changing the ssh port00:00
lorfdscatdaemon…isnt allow 80/tcp and allow 443/tcp the equivalent of allow http and https?00:00
sarnoldlorfds: well, blanket-allowing is probably fine, sshd hasn't had a huge problem in ages.00:00
lorfdsor does ipv6 change things?00:01
CatdaemonI like using the names as it adds both rules by itself but it doesn't matter00:01
lorfdswhat do you think about timezone?00:02
lorfdsis utc best?00:03
lorfdsi havent set up my own production server in a while, and i dont know what the kids are doing these days00:03
lorfdsdamn kids00:03
lorfds:P00:03
Catdaemondepends what you're doing I guess00:03
lorfdsweb server00:03
CatdaemonI use UTC because it's the same as GMT and I live in london so it's gr800:03
lorfdsserving u.s. mostly00:03
sarnoldif you have staff/users in multiple timezones then I'd do UTC, but if you're the only admin, local is fine00:04
lorfdsi am…for now00:04
Catdaemonjust use UTC so you know it's UTC and don't have to worry about programs being weird00:04
lorfdsyeah thats why im thinking00:04
sarnoldCatdaemon: eh? I thought UK did summer-time as well and moves away from UTC for a few months each year?00:04
Catdaemonyeah we do have BST but for 6 months of the year the time is correct00:05
Catdaemona broken clock is right twice a day!00:05
sarnold:D00:05
ahmadgbghi guys, so i have my ubuntu server and i was thing about backup systems. What do you recommend? Nas with UPS?00:24
ahmadgbgHi guys, i have a ubuntu server and i wonder what is the best way to back it up? NAS with UPS?00:37
sarnoldahmadgbg: "best" varies from person to person..00:38
sarnoldahmadgbg: some people like making CDs or tapes of their data, it's easy to store those off-site ..00:38
sarnoldahmadgbg: some people like rsync t oanother server, as you've described00:38
qman__Cost, convenience, retention all go into that mix00:38
sarnoldahmadgbg: some people like to upload to e.g. amazon glacier00:38
ahmadgbgsarnold: So if i back it up with NAS, is that a good solution for ubuntu?00:42
sarnoldahmadgbg: it can be, yes00:43
ahmadgbgsarnold: how does the backup work? do i need the same drives as in the server (storage)?00:43
ahmadgbgsarnold: or will i create a raid in the nas?00:44
sarnoldahmadgbg: no, you can use whatever you want in the NAS system00:44
sarnoldahmadgbg: you'll run a program like rsnapshot or rsync or amanda or bacula or duplicity or whatever to back up to your NAS system00:45
ahmadgbgsarnold: lets say a drive failes in the server in a raid, the NAS drives are seperate from that right?00:45
ahmadgbgsarnold: the backup is just the files right? not the whole raid system for the server00:47
sarnoldahmadgbg: right, your NAS-based backup should still be there00:52
sarnoldahmadgbg: depending upon your backup type, maybe your NAS would have synced from the server and destroyed some of the backup data.00:53
sarnoldyou need to evaluate the software you pick to make sure it can recover what it needs to when you need it00:53
ahmadgbgsarnold: okey! thanks!00:55
zombu2evening i m trying to get channel bonding to work on ubuntu server 14.04 but no dice so far02:09
zombu2any help would be apreciated02:09
FlamI'm highly confused but for some reason my server can't connect to services at 127.0.0.1.  I checked /etc/hosts and it's mapped to localhost.  Unsurprisingly, localhost doesn't work either.04:45
Flami.e.: GET http://localhost:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED  // GET http://127.0.0.1:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED04:46
zombu2firewall on?04:48
Flamiptables yes04:50
Flambut i opened those ports04:50
Flam-A INPUT -p tcp --dport 3001 -j ACCEPT04:51
Flam-A INPUT -p udp --dport 3001 -j ACCEPT04:51
zombu2hmm04:52
Flamwget http://localhost and wget http://127.0.0.1 worked.  Weeeird.04:52
zombu2sometimes ufw get in the way too04:53
FlamAh solved it, I'm stupid haha.  It was JS running 127.0.0.1, which is ran on my machine04:53
zombu2ah04:53
FlamLol fail04:53
zombu2meh happens04:53
=== InFierno is now known as InFierno|AFK
=== esde is now known as Guest57172
eagles0513875hey guys I have a number of accounts which are already on my server. What would be the easiest way to set a password expiration on them all at once08:03
bekksfor acc in account1 account2 account3; do sudo passwd -d $acc; done   # untested08:05
eagles0513875bekks: any tested manner?08:06
bekksJust test it out.08:06
bekksI wont do anything automagically reading from /etc/passwd since you might accidentially disable a needed account, too.08:07
eagles0513875bekks: so in a nutshell you are saying its safer to just do it individually08:10
bekksYes.08:10
eagles0513875ok no problem gives me a good opportunity to clear out old accounts08:11
=== geowany_ is now known as geowany
lordievaderGood morning.09:48
=== Guest57172 is now known as esde
rostamhi during installation of third party kernel module, lttng, I get  following error: Can't read private key. Here is the pastebin for it:   http://paste.debian.net/100134/11:58
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== ciscam5 is now known as ciscam
=== dw3 is now known as dw1
catphishi have some servers where init appears to have gone a little insane at 2.5GB RAM and 80-100% cpu usage, is there any way i can investigate this?20:52
catphishi enabled the debug log, it seems to be in a constant loop of "init: job_register: Registered instance /com/ubuntu/Upstart/jobs/network_2dinterface_2dsecurity/network_2dinterface_2fvethQMF01R" with various interfaces21:08
catphishi fear there are too many NICs "registered"21:14
bekksSo how many interfaces are registered?21:15
catphishi don't know, how can i find out?21:15
bekksifconfig -a would be a start21:15
catphishthere are about 350 currently active interfaces21:17
bekksIn a single server? :)21:17
catphishindeed :)21:17
bekksWhich hardware is that? :P21:17
dasjoeSounds like a docker host21:17
catphishit is a lxc host, yes21:18
catphishbut by itself, that's not a problem, i have a recently rebooted host with the same numbr of instances and no load from upstart21:18
catphishso i'm thinking that over time an increasing number of old no longer used interfaces might be getting registered with some database21:19
catphishno, on second thoughts, it's not that, that only happens once when changing the log level, i don't know what's actually upsetting it :(21:26
catphishi also have another server that's not started any services after a reboot, i'm hoping it's just running a rather long disk check, but it's been an hour :(21:40
=== Malediction_ is now known as Malediction
xeno2Sorry, but this is probably the better place anyway.23:05
xeno2So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.23:06
Yeluxeno2, hi23:06
xeno2Sorry, but this is probably the better place anyway.23:06
xeno2So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.23:06
Yeluxeno2, I agree23:06
xeno2Is that in VBoxManage?23:06
xeno2(and actually, these are VBox questions, so perhaps this isn't the best either)23:07
Yeluno, we are talking about interfaces file in your guest. - vbox doesn't let you change ips from the outside23:07
Yeluxeo2, PM me?23:07
xeno2PM?23:09
Yeluxeo2, only a suggestion, if you want to talk privately via "private messages" (PM) here.23:09
xeno2Ok.  In /etc/network directory or some such?23:10
Yeluxeno2, yes23:10
xeno2Thank you for your patience.23:10
Yeluxeno2, I got time, and had similar problems, also it's fun. - You're welcome ;)23:11
xeno2Ubuntu doesn't work with the mouse.23:12
xeno2I see a line:  iface eth0 inet dhcp23:13
xeno2In interfaces already.23:13
xeno2Above that auto eth023:13
Yeluthat'S okay23:13
xeno2Then before that lo is defined first.23:13
Yeluperfect23:13
Yeluso should it be23:14
Yeluiterfaces = checked.23:14
Yelunext step: the network-manager in your gui23:14
Yeluwe define eth0 as static interface23:14
xeno2This server doesn't have a GUI.  It's not nice like the Debian one.23:16
Yeluxeno2, I'm so sorry, my bad. we are on a server then? okay23:17
xeno2Isn't there a plain iface command?  You used to be able to use ifconfig to define these, but I've never done it with iface.23:17
bekksSo just use ifconfig23:17
Yeluso we want to change the /etc/network/interfaces with "sudo nano ..."23:17
Yelubekks, why23:18
bekksYelu: cheater ;)23:18
Yelubekks, hi, thank you for the cheater, but why I'm? :)23:18
bekksYelu: Why not? ifconfig works, so no need to learn new commands for a tasks solution with known commands23:18
bekksYelu: Because that was the most obvious approach ;)23:19
Yelubekks, xeno2, so we do it as a team, okay?23:19
bekksConsider me being level 2 support at this point ;)23:19
Yelunice23:20
xeno2Okay, I tried a few things from a web example, and so far it rejects.23:20
Yeluxeno2, your are awake?23:20
xeno2I cannot pull it off, because no network connection.23:20
Yeluok23:20
xeno2So there is no cut and past of examples, because ubuntu server doesn't handle that well.23:21
Yeluxeno2, I'll give you my interfaces, please be patient a short time ... thx23:21
xeno2But if I can see one that works, I can transcribe it.  I found http://askubuntu.com/questions/342705/how-to-set-a-static-ip-address, but that multi-line thing doesn't seem to work for me.23:21
Yeluxeno2, here you go => http://paste.ubuntu.com/7480860/23:25
xeno2I will try.23:25
Yeluxeno2, you have to pick an ip out of your subnet range of your (real) local lan, which isn't used23:26
xeno2It is saying "Cannot find device eth0"23:26
Yeluxeno2, anf thiink about your firewall23:26
Yeluxeno2, and think about your firewall23:27
xeno2And I try the syntax, and I get around the restart failures except that.23:27
xeno2No firewall.23:27
xeno2Just behind cable ISP.23:27
xeno2Keep in mind, the original vm works.  It's just the clone that doesn't pick up the dhcp.23:27
donvitolol ubuntu 12.04 only 64bit?23:27
xeno2That makes me think it's something that gets dropped in the cloning.23:27
Yeluwhat is the outcome of ifdown eth0 and ifup eth023:27
xeno2...I'll try.23:28
Yeluyes, you cloned a guest ... mmmh23:28
xeno2interface eth0 not configured.23:28
xeno2That was the ifdown response.23:28
donvitolol ubuntu 14.04 only 64bit?23:28
xeno2So 14.04 didn't do this, but Chef server won't work with 14.04.23:29
a1fahello, is there a way to encrypt root file system that will boot system w/o password, but wont allow single user boot w/o password?23:29
Yelurataplan for ifup23:29
xeno2What is rataplan?23:29
Yeluif you beat a drum (like at a execution ...)23:29
Yeluonly joking ...23:30
xeno2I wonder if there is something that just automatically gets dropped from the vm in cloning.23:30
a1fayo-yo!23:30
xeno2It might be something 14.04 and Debian work around fine, but 12.04 Ubuntu didn't work with.23:30
Yeluxeo2, another way could be, to power down the vm and delete the interface and set it up as new23:31
xeno2Ok.  I'll try that.23:31
Yeluxeno2, or to leave the first interface as is and set up an additinal one (which is to add in the guest again)23:31
xeno2Yes.23:32
xeno2Weird.  It only allows me one eth, and that's eth0.23:33
xeno2This was a full clone, not a linked, by the way.23:33
xeno2It doesn't want to let me change it through the GUI.23:34
Yeluxeno2, but it isn't running? - Then you can't change things there.23:35
xeno2No, it was powered down.23:36
xeno2You cannot use NAT Network at that point.  It won't save.23:37
Yeluxeno2, ok, another approach would be, to try to give the vm a new interace via VMBoxManage with CLI23:37
xeno2I tried a NAT, and a Local.  It won't allow me to add a second eth, like eth1.  I only get eth0 Bridged.23:37
xeno2Yes..checking results after boot first.23:38
Yeluxeno2, how about changes to eth023:38
Yeluxeo2, also not possible?23:38
xeno2No, it still blocks on boot for waiting eth0.23:38
xeno2I looked at advanced, and that didn't seem to have anything interesting.  Specific suggestions?23:38
Yeluxeo2, not atm - thinking ...23:39
xeno2It did not pick up anything for any of my 3 interfaces.23:39
xeno2It's like NICS Aren't Us in Clones.23:39
Yeluxeno2, I did never have a vm, which behaved like that ehen it comes to changing interface parmeter and the like ...23:40
Yeluŵhen23:40
xeno2Well, I have seen Ubuntu behave this way otherwise, a little, but I don't have helpful knowledge to fix it.23:41
YeluI'll try to mimic your scenario here in my place - which is your setup? 14.04 Desktop as Vbox-Host? and a 14.04 Server as guest?23:42
xeno2I just checked the original once again, and it boots fine, and gets the network fine.23:42
Yeluxeno2, then make a file system copy of the .vdi and change the uuid of the machine , power down the origiinal (if running) nd start the new vm and ceck23:43
Yelu^check23:43
Yeluxeno2,if it behaves right, hust power down add or change the interface to your needs and check that.23:44
xeno2Okay,..uuid?23:44
Yeluxeno2, please stand by ...23:44
Yeluxeno2, vbox manual chapter 8.24 this is a command line interface cloning procedure23:47
xeno2Ok I'll look that up.23:47
Yeluxwno2, maybe this gives us also a proof, if it is the GUI function call which is causing your problem23:49
xeno2Okay, you are NOT saying this is what causes the problem, but cloning this way may avoid it?23:49
xeno2The term "registered virtual hard disk image" is confusing me.23:50
Yeluxeno2, I'm not sure, as I told you, that this behaviour is also unknown to me. - I wanted to test this next week23:50
Yeluxeo2, reading ...23:50
xeno2Yes.  Well, it appears I'm deadending on Chef server tonight.  I'm sorry.  It is better not to burn yourself out when you're not ready.  I will try to help you when you have time, and you can reach me at the email I gave you.23:51
Yeluxeno2, yes, registered is a machine, which is known by the progrm VirtualBox (you alreay cloned such a first machine)23:52
xeno2But I don't want to pull you in unfairly.23:52
a1fagentlemen, and ladies.. is there such thing as encrypted root fs w/o password, but single user mode would require pass?23:54
Yeluxeno2, I've got no boss, so it's up to me, how I spend my time. - But if you want to suspend the work, it's no problem ;)23:55
xeno2I just reviewed the 14.04 clone, and comes up clean and fast.23:55
xeno2So it is apparently specific to the 12.04 Ubuntu.23:56
Yeluxeno2, so this would be a good base to start again from?23:56
xeno2But it's only the clone of the 12.04, and not the original, that yields the problem.23:56
Yeluxeno2, I see23:56
Yeluxeno2, why not stick with 14.04?23:56
xeno2If you can suggest a bunch of combinations to clone by hand, I would be glad to try each one and see how they boot.23:56
xeno2Because chef server does not support it yet.  They only have a take home install for 12.04 and earlier.23:57
xeno2Everyone else works off the cloud, and perhaps that's what I should do.  However, I'd be happy to try the aforementioned combinations if you want, and it would be better for me to make it work.23:58
xeno2Otherwise, it just means I need to install on my original.23:58
xeno2And I can make more originals.23:58
xeno2So you don't hurt me to stop now, but I'm glad to go forward if you have some combination you'd like me to try.23:59
Yeluxeno2, I will give you a cli cloning command i a couple of minutes (have to re-read manual or re-find my script)23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!