[00:00] <lorfds> catdaemon…yes indeed
[00:00] <Catdaemon> use key based authentication for good security, don't worry about blocking/changing the ssh port
[00:00] <lorfds> catdaemon…isnt allow 80/tcp and allow 443/tcp the equivalent of allow http and https?
[00:00] <sarnold> lorfds: well, blanket-allowing is probably fine, sshd hasn't had a huge problem in ages.
[00:01] <lorfds> or does ipv6 change things?
[00:01] <Catdaemon> I like using the names as it adds both rules by itself but it doesn't matter
[00:02] <lorfds> what do you think about timezone?
[00:03] <lorfds> is utc best?
[00:03] <lorfds> i havent set up my own production server in a while, and i dont know what the kids are doing these days
[00:03] <lorfds> damn kids
[00:03] <lorfds> :P
[00:03] <Catdaemon> depends what you're doing I guess
[00:03] <lorfds> web server
[00:03] <Catdaemon> I use UTC because it's the same as GMT and I live in london so it's gr8
[00:03] <lorfds> serving u.s. mostly
[00:04] <sarnold> if you have staff/users in multiple timezones then I'd do UTC, but if you're the only admin, local is fine
[00:04] <lorfds> i am…for now
[00:04] <Catdaemon> just use UTC so you know it's UTC and don't have to worry about programs being weird
[00:04] <lorfds> yeah thats why im thinking
[00:04] <sarnold> Catdaemon: eh? I thought UK did summer-time as well and moves away from UTC for a few months each year?
[00:05] <Catdaemon> yeah we do have BST but for 6 months of the year the time is correct
[00:05] <Catdaemon> a broken clock is right twice a day!
[00:05] <sarnold> :D
[00:24] <ahmadgbg> hi guys, so i have my ubuntu server and i was thing about backup systems. What do you recommend? Nas with UPS?
[00:37] <ahmadgbg> Hi guys, i have a ubuntu server and i wonder what is the best way to back it up? NAS with UPS?
[00:38] <sarnold> ahmadgbg: "best" varies from person to person..
[00:38] <sarnold> ahmadgbg: some people like making CDs or tapes of their data, it's easy to store those off-site ..
[00:38] <sarnold> ahmadgbg: some people like rsync t oanother server, as you've described
[00:38] <qman__> Cost, convenience, retention all go into that mix
[00:38] <sarnold> ahmadgbg: some people like to upload to e.g. amazon glacier
[00:42] <ahmadgbg> sarnold: So if i back it up with NAS, is that a good solution for ubuntu?
[00:43] <sarnold> ahmadgbg: it can be, yes
[00:43] <ahmadgbg> sarnold: how does the backup work? do i need the same drives as in the server (storage)?
[00:44] <ahmadgbg> sarnold: or will i create a raid in the nas?
[00:44] <sarnold> ahmadgbg: no, you can use whatever you want in the NAS system
[00:45] <sarnold> ahmadgbg: you'll run a program like rsnapshot or rsync or amanda or bacula or duplicity or whatever to back up to your NAS system
[00:45] <ahmadgbg> sarnold: lets say a drive failes in the server in a raid, the NAS drives are seperate from that right?
[00:47] <ahmadgbg> sarnold: the backup is just the files right? not the whole raid system for the server
[00:52] <sarnold> ahmadgbg: right, your NAS-based backup should still be there
[00:53] <sarnold> ahmadgbg: depending upon your backup type, maybe your NAS would have synced from the server and destroyed some of the backup data.
[00:53] <sarnold> you need to evaluate the software you pick to make sure it can recover what it needs to when you need it
[00:55] <ahmadgbg> sarnold: okey! thanks!
[02:09] <zombu2> evening i m trying to get channel bonding to work on ubuntu server 14.04 but no dice so far
[02:09] <zombu2> any help would be apreciated
[04:45] <Flam> I'm highly confused but for some reason my server can't connect to services at 127.0.0.1.  I checked /etc/hosts and it's mapped to localhost.  Unsurprisingly, localhost doesn't work either.
[04:46] <Flam> i.e.: GET http://localhost:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED  // GET http://127.0.0.1:3001/socket.io/1/?t=1400301947427 net::ERR_CONNECTION_REFUSED
[04:48] <zombu2> firewall on?
[04:50] <Flam> iptables yes
[04:50] <Flam> but i opened those ports
[04:51] <Flam> -A INPUT -p tcp --dport 3001 -j ACCEPT
[04:51] <Flam> -A INPUT -p udp --dport 3001 -j ACCEPT
[04:52] <zombu2> hmm
[04:52] <Flam> wget http://localhost and wget http://127.0.0.1 worked.  Weeeird.
[04:53] <zombu2> sometimes ufw get in the way too
[04:53] <Flam> Ah solved it, I'm stupid haha.  It was JS running 127.0.0.1, which is ran on my machine
[04:53] <zombu2> ah
[04:53] <Flam> Lol fail
[04:53] <zombu2> meh happens
[08:03] <eagles0513875> hey guys I have a number of accounts which are already on my server. What would be the easiest way to set a password expiration on them all at once
[08:05] <bekks> for acc in account1 account2 account3; do sudo passwd -d $acc; done   # untested
[08:06] <eagles0513875> bekks: any tested manner?
[08:06] <bekks> Just test it out.
[08:07] <bekks> I wont do anything automagically reading from /etc/passwd since you might accidentially disable a needed account, too.
[08:10] <eagles0513875> bekks: so in a nutshell you are saying its safer to just do it individually
[08:10] <bekks> Yes.
[08:11] <eagles0513875> ok no problem gives me a good opportunity to clear out old accounts
[09:48] <lordievader> Good morning.
[11:58] <rostam> hi during installation of third party kernel module, lttng, I get  following error: Can't read private key. Here is the pastebin for it:   http://paste.debian.net/100134/
[20:52] <catphish> i have some servers where init appears to have gone a little insane at 2.5GB RAM and 80-100% cpu usage, is there any way i can investigate this?
[21:08] <catphish> i enabled the debug log, it seems to be in a constant loop of "init: job_register: Registered instance /com/ubuntu/Upstart/jobs/network_2dinterface_2dsecurity/network_2dinterface_2fvethQMF01R" with various interfaces
[21:14] <catphish> i fear there are too many NICs "registered"
[21:15] <bekks> So how many interfaces are registered?
[21:15] <catphish> i don't know, how can i find out?
[21:15] <bekks> ifconfig -a would be a start
[21:17] <catphish> there are about 350 currently active interfaces
[21:17] <bekks> In a single server? :)
[21:17] <catphish> indeed :)
[21:17] <bekks> Which hardware is that? :P
[21:17] <dasjoe> Sounds like a docker host
[21:18] <catphish> it is a lxc host, yes
[21:18] <catphish> but by itself, that's not a problem, i have a recently rebooted host with the same numbr of instances and no load from upstart
[21:19] <catphish> so i'm thinking that over time an increasing number of old no longer used interfaces might be getting registered with some database
[21:26] <catphish> no, on second thoughts, it's not that, that only happens once when changing the log level, i don't know what's actually upsetting it :(
[21:40] <catphish> i also have another server that's not started any services after a reboot, i'm hoping it's just running a rather long disk check, but it's been an hour :(
[23:05] <xeno2> Sorry, but this is probably the better place anyway.
[23:06] <xeno2> So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.
[23:06] <Yelu> xeno2, hi
[23:06] <xeno2> Sorry, but this is probably the better place anyway.
[23:06] <xeno2> So, the interface file. I don't see a place for that in vbox gui.  I"ll ask on #vbox too.
[23:06] <Yelu> xeno2, I agree
[23:06] <xeno2> Is that in VBoxManage?
[23:07] <xeno2> (and actually, these are VBox questions, so perhaps this isn't the best either)
[23:07] <Yelu> no, we are talking about interfaces file in your guest. - vbox doesn't let you change ips from the outside
[23:07] <Yelu> xeo2, PM me?
[23:09] <xeno2> PM?
[23:09] <Yelu> xeo2, only a suggestion, if you want to talk privately via "private messages" (PM) here.
[23:10] <xeno2> Ok.  In /etc/network directory or some such?
[23:10] <Yelu> xeno2, yes
[23:10] <xeno2> Thank you for your patience.
[23:11] <Yelu> xeno2, I got time, and had similar problems, also it's fun. - You're welcome ;)
[23:12] <xeno2> Ubuntu doesn't work with the mouse.
[23:13] <xeno2> I see a line:  iface eth0 inet dhcp
[23:13] <xeno2> In interfaces already.
[23:13] <xeno2> Above that auto eth0
[23:13] <Yelu> that'S okay
[23:13] <xeno2> Then before that lo is defined first.
[23:13] <Yelu> perfect
[23:14] <Yelu> so should it be
[23:14] <Yelu> iterfaces = checked.
[23:14] <Yelu> next step: the network-manager in your gui
[23:14] <Yelu> we define eth0 as static interface
[23:16] <xeno2> This server doesn't have a GUI.  It's not nice like the Debian one.
[23:17] <Yelu> xeno2, I'm so sorry, my bad. we are on a server then? okay
[23:17] <xeno2> Isn't there a plain iface command?  You used to be able to use ifconfig to define these, but I've never done it with iface.
[23:17] <bekks> So just use ifconfig
[23:17] <Yelu> so we want to change the /etc/network/interfaces with "sudo nano ..."
[23:18] <Yelu> bekks, why
[23:18] <bekks> Yelu: cheater ;)
[23:18] <Yelu> bekks, hi, thank you for the cheater, but why I'm? :)
[23:18] <bekks> Yelu: Why not? ifconfig works, so no need to learn new commands for a tasks solution with known commands
[23:19] <bekks> Yelu: Because that was the most obvious approach ;)
[23:19] <Yelu> bekks, xeno2, so we do it as a team, okay?
[23:19] <bekks> Consider me being level 2 support at this point ;)
[23:20] <Yelu> nice
[23:20] <xeno2> Okay, I tried a few things from a web example, and so far it rejects.
[23:20] <Yelu> xeno2, your are awake?
[23:20] <xeno2> I cannot pull it off, because no network connection.
[23:20] <Yelu> ok
[23:21] <xeno2> So there is no cut and past of examples, because ubuntu server doesn't handle that well.
[23:21] <Yelu> xeno2, I'll give you my interfaces, please be patient a short time ... thx
[23:21] <xeno2> But if I can see one that works, I can transcribe it.  I found http://askubuntu.com/questions/342705/how-to-set-a-static-ip-address, but that multi-line thing doesn't seem to work for me.
[23:25] <Yelu> xeno2, here you go => http://paste.ubuntu.com/7480860/
[23:25] <xeno2> I will try.
[23:26] <Yelu> xeno2, you have to pick an ip out of your subnet range of your (real) local lan, which isn't used
[23:26] <xeno2> It is saying "Cannot find device eth0"
[23:26] <Yelu> xeno2, anf thiink about your firewall
[23:27] <Yelu> xeno2, and think about your firewall
[23:27] <xeno2> And I try the syntax, and I get around the restart failures except that.
[23:27] <xeno2> No firewall.
[23:27] <xeno2> Just behind cable ISP.
[23:27] <xeno2> Keep in mind, the original vm works.  It's just the clone that doesn't pick up the dhcp.
[23:27] <donvito> lol ubuntu 12.04 only 64bit?
[23:27] <xeno2> That makes me think it's something that gets dropped in the cloning.
[23:27] <Yelu> what is the outcome of ifdown eth0 and ifup eth0
[23:28] <xeno2> ...I'll try.
[23:28] <Yelu> yes, you cloned a guest ... mmmh
[23:28] <xeno2> interface eth0 not configured.
[23:28] <xeno2> That was the ifdown response.
[23:28] <donvito> lol ubuntu 14.04 only 64bit?
[23:29] <xeno2> So 14.04 didn't do this, but Chef server won't work with 14.04.
[23:29] <a1fa> hello, is there a way to encrypt root file system that will boot system w/o password, but wont allow single user boot w/o password?
[23:29] <Yelu> rataplan for ifup
[23:29] <xeno2> What is rataplan?
[23:29] <Yelu> if you beat a drum (like at a execution ...)
[23:30] <Yelu> only joking ...
[23:30] <xeno2> I wonder if there is something that just automatically gets dropped from the vm in cloning.
[23:30] <a1fa> yo-yo!
[23:30] <xeno2> It might be something 14.04 and Debian work around fine, but 12.04 Ubuntu didn't work with.
[23:31] <Yelu> xeo2, another way could be, to power down the vm and delete the interface and set it up as new
[23:31] <xeno2> Ok.  I'll try that.
[23:31] <Yelu> xeno2, or to leave the first interface as is and set up an additinal one (which is to add in the guest again)
[23:32] <xeno2> Yes.
[23:33] <xeno2> Weird.  It only allows me one eth, and that's eth0.
[23:33] <xeno2> This was a full clone, not a linked, by the way.
[23:34] <xeno2> It doesn't want to let me change it through the GUI.
[23:35] <Yelu> xeno2, but it isn't running? - Then you can't change things there.
[23:36] <xeno2> No, it was powered down.
[23:37] <xeno2> You cannot use NAT Network at that point.  It won't save.
[23:37] <Yelu> xeno2, ok, another approach would be, to try to give the vm a new interace via VMBoxManage with CLI
[23:37] <xeno2> I tried a NAT, and a Local.  It won't allow me to add a second eth, like eth1.  I only get eth0 Bridged.
[23:38] <xeno2> Yes..checking results after boot first.
[23:38] <Yelu> xeno2, how about changes to eth0
[23:38] <Yelu> xeo2, also not possible?
[23:38] <xeno2> No, it still blocks on boot for waiting eth0.
[23:38] <xeno2> I looked at advanced, and that didn't seem to have anything interesting.  Specific suggestions?
[23:39] <Yelu> xeo2, not atm - thinking ...
[23:39] <xeno2> It did not pick up anything for any of my 3 interfaces.
[23:39] <xeno2> It's like NICS Aren't Us in Clones.
[23:40] <Yelu> xeno2, I did never have a vm, which behaved like that ehen it comes to changing interface parmeter and the like ...
[23:40] <Yelu> ŵhen
[23:41] <xeno2> Well, I have seen Ubuntu behave this way otherwise, a little, but I don't have helpful knowledge to fix it.
[23:42] <Yelu> I'll try to mimic your scenario here in my place - which is your setup? 14.04 Desktop as Vbox-Host? and a 14.04 Server as guest?
[23:42] <xeno2> I just checked the original once again, and it boots fine, and gets the network fine.
[23:43] <Yelu> xeno2, then make a file system copy of the .vdi and change the uuid of the machine , power down the origiinal (if running) nd start the new vm and ceck
[23:43] <Yelu> ^check
[23:44] <Yelu> xeno2,if it behaves right, hust power down add or change the interface to your needs and check that.
[23:44] <xeno2> Okay,..uuid?
[23:44] <Yelu> xeno2, please stand by ...
[23:47] <Yelu> xeno2, vbox manual chapter 8.24 this is a command line interface cloning procedure
[23:47] <xeno2> Ok I'll look that up.
[23:49] <Yelu> xwno2, maybe this gives us also a proof, if it is the GUI function call which is causing your problem
[23:49] <xeno2> Okay, you are NOT saying this is what causes the problem, but cloning this way may avoid it?
[23:50] <xeno2> The term "registered virtual hard disk image" is confusing me.
[23:50] <Yelu> xeno2, I'm not sure, as I told you, that this behaviour is also unknown to me. - I wanted to test this next week
[23:50] <Yelu> xeo2, reading ...
[23:51] <xeno2> Yes.  Well, it appears I'm deadending on Chef server tonight.  I'm sorry.  It is better not to burn yourself out when you're not ready.  I will try to help you when you have time, and you can reach me at the email I gave you.
[23:52] <Yelu> xeno2, yes, registered is a machine, which is known by the progrm VirtualBox (you alreay cloned such a first machine)
[23:52] <xeno2> But I don't want to pull you in unfairly.
[23:54] <a1fa> gentlemen, and ladies.. is there such thing as encrypted root fs w/o password, but single user mode would require pass?
[23:55] <Yelu> xeno2, I've got no boss, so it's up to me, how I spend my time. - But if you want to suspend the work, it's no problem ;)
[23:55] <xeno2> I just reviewed the 14.04 clone, and comes up clean and fast.
[23:56] <xeno2> So it is apparently specific to the 12.04 Ubuntu.
[23:56] <Yelu> xeno2, so this would be a good base to start again from?
[23:56] <xeno2> But it's only the clone of the 12.04, and not the original, that yields the problem.
[23:56] <Yelu> xeno2, I see
[23:56] <Yelu> xeno2, why not stick with 14.04?
[23:56] <xeno2> If you can suggest a bunch of combinations to clone by hand, I would be glad to try each one and see how they boot.
[23:57] <xeno2> Because chef server does not support it yet.  They only have a take home install for 12.04 and earlier.
[23:58] <xeno2> Everyone else works off the cloud, and perhaps that's what I should do.  However, I'd be happy to try the aforementioned combinations if you want, and it would be better for me to make it work.
[23:58] <xeno2> Otherwise, it just means I need to install on my original.
[23:58] <xeno2> And I can make more originals.
[23:59] <xeno2> So you don't hurt me to stop now, but I'm glad to go forward if you have some combination you'd like me to try.
[23:59] <Yelu> xeno2, I will give you a cli cloning command i a couple of minutes (have to re-read manual or re-find my script)