/srv/irclogs.ubuntu.com/2014/05/23/#ubuntu-server.txt

=== sander__ is now known as Sander^home
adam_gsmoser, around?01:16
=== RaptorJesus_ is now known as RaptorJesus
=== beisner- is now known as beisner
=== markthomas_ is now known as markthomas
=== sz0 is now known as sz0`
=== medberry is now known as Guest53340
=== sz0` is now known as sz0
=== sz0 is now known as sz0`
=== justizin_ is now known as justizin
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== Adri2000_ is now known as Adri2000
jdstrandhallyn: hrm.. both sarnold and I are now pinned on the saucy version06:49
jdstrandbut I'd be happy to try a new version06:49
=== Azelphur_ is now known as Azelphur
lordievaderGood morning.07:06
sarnoldjdstrand: did you notice mdes laur posted qemu updates to the security proposed ppa? I wondered if we were tripping over something that might have been fixed in the giant block level auditing...07:08
jdstrandsarnold: I say the call for testing. I did not do it yet. I hadn't considered that it would fix our issues because I figured the fixes were likely in 2.0, but if mdes laur patched trusty too, probably worth trying07:17
jdstrands/say/saw/07:17
sarnoldjdstrand: aww. I hadn't considered that they might not have affected trusty. now I'm dissapointed.07:19
jamespagegnuoy, https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/132249808:17
uvirtbotLaunchpad bug 1322498 in ceph "Unable to set swift container ACL's on existing containers" [High,Triaged]08:17
jamespagebuilding here - https://launchpad.net/~ceph-ubuntu/+archive/edgers/+build/603466208:17
gnuoyjamespage, thanks08:17
=== sz0` is now known as sz0
cocoa117when you using ProxyCommand to jump through hoops, you have to have authendication to those hoops machine on your local machine (public key wise), otherwise you can't get on to next one. Is there anyway to allow the machine connect to it authendicate this rather then the local machine initialised the connection?09:26
hxmhello09:34
lordievadero/09:36
morph-could anyone here help me with my ubuntu server? i ended up somehow installing a bunch of kernel images and headers and now i'm stuck booting into this one particular kernel. I just want to revert back to my old one but its a remote server so I can't actuallly see grub when it comes up09:44
mardraummorph-: you have a remote server without any management out-of-band that can't boot?09:52
morph-i can go into rescue mode or something09:52
morph-but I can't KVM or anything to actually mess with it while ist booting09:53
mardraumhow are you able to get it into "rescue" mode09:53
morph-go into OVH manager09:53
morph-select rescue09:53
orohi all, anyone has a workaround for trusty's network device reanming bug? (https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1284043)09:53
morph-from netboot09:54
uvirtbotLaunchpad bug 1284043 in biosdevname "udev renaming the same hardware network i/f to different name, breaks networking and firewall" [High,Confirmed]09:54
morph-then reboot the server09:54
morph-its a server from ovh.ie09:54
oroi am aware of udev's "predictable device naming" feature, but it's not predictable at all.09:54
mardraumdo they offer documentation about what that rescue mode does?09:54
morph-yea09:54
morph-1 sec09:54
mardraumI don't want a link, I want to know if you have read it :p09:54
morph-mardraum http://help.ovh.com/RescueMode09:55
morph-ive used it plenty of times09:55
morph-i dunno how to fix this09:55
morph-trust me i didnt coem in here and ask first09:55
mardraumif you can get access to the shell of your machine, can you remove the problem kernel packages?09:56
morph-yeah im ssh'd in my server right now09:56
morph-it works09:56
morph-its just this kernel keeps lagging me out09:56
morph-but i dunno how to undo all of this09:56
oroi have already put 80-net-name-slot.rules and 80-net-setup-link.rules and deleted, had it auto-recreated, and also edited 70-net-persistence-rules but it still unpredictable. sometimes my devs renamed to "rename5"09:57
mardraumremove the kernel packages09:57
mardraumleave the ones that WORKED09:57
morph-mardraum http://pastebin.com/w9yNncTr09:57
morph-thats from grub-mkconfig09:57
mardraumok?09:57
morph-Ubuntu, with Linux 3.8.0-41-generic09:58
morph-is the one i want09:58
morph-do i just like09:58
mardraumremove the others09:58
morph-go into /boot09:58
morph-and remove all this stuff?09:58
mardraumwell, I would use apt-get09:58
mardraumyou have used it before right?09:58
mardraumhow did you install these kernels....09:59
morph-some with apt-get10:00
morph-some with dpkg10:00
mardraumthat's ok then10:00
morph-i have no idea what the file names were though10:01
morph-they're not like /boot/initrd.img-3.13.5-vanilla10:02
morph-linux-image-3.13.5-vanilla?10:02
morph-is taht the format maybe?10:02
mardraumdpkg --list10:02
morph-yay10:03
morph-okay one more thing10:03
morph-i know when it gets down to it i wont be able to remove this kernel im booted into10:03
morph-it'll throw an error telling me i can corrupt everything blah blah10:04
morph-how do i get past that?10:04
mardraumI've not seen that sorry10:04
morph-mardraum http://puu.sh/8XEQu/6920cfaa56.png10:08
morph-marcoceppi10:17
morph-mardraum10:17
morph-I got it :)10:17
=== swebb is now known as zz_swebb
morph-thanks a ton mardraum10:21
=== sonne_ is now known as sonne
jamespagezul, https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/132256810:44
uvirtbotLaunchpad bug 1322568 in libvirt "nova interface-attach fails" [Undecided,New]10:44
jamespage:-)10:44
jamespagezul, not quite sure why I did not see that pre-release10:44
jamespageI'm pretty sure tempest does lots of those10:44
caribougnuoy: just following up to your answser in #juju as it pertains to the nova-cloud-controller charm10:47
gnuoycaribou, hi, I'm in an upgrade-charm debug session for nova-cloud-controller as I type10:48
caribougnuoy: in the compute_changed() function I just printed the migration_auth that comes from "relation_get('migration_auth_type')10:51
caribougnuoy: when running "juju upgrade-charm", it prints None as the value; I must be missing something10:51
gnuoycaribou, you need to give it the relid and unit id10:51
gnuoyhang on, I'll paste bin10:52
caribougnuoy: that's what I thought; I got misled by the fact that compute_changed doesn't ask for one; I can change that10:52
gnuoykk10:53
caribougnuoy: you can still paste what you have, it'll help me10:54
gnuoysure, one sec10:56
gnuoycaribou, sorry, I lost connectivity for a bit there. http://paste.ubuntu.com/7505148/11:02
caribougnuoy: np11:03
gnuoycaribou, Iwhen I run that I'm only getting the private address of the compute host so I guess the compute host is not setting anything when the relation is joined11:10
* gnuoy checks11:10
gnuoycaribou, do you have enable-live-migration enabled ?11:13
gnuoy'migration_auth_type' is not set by the compute node if enable-live-migration is not True11:13
caribougnuoy: well, my config file does set it11:14
caribougnuoy: maybe I should explain what I try to achieve instead11:14
gnuoysure11:14
caribougnuoy: I've fixed nova-cloud-controller & nova-compute to transfer authorized_keys/known_hosts files in multi-lines11:16
caribougnuoy: I'll get you the Merge Reqs:11:17
caribougnuoy: https://bugs.launchpad.net/+branch/~louis-bouchard/charms/precise/nova-cloud-controller/lp1313602-multiline-known-hosts11:18
cariboujamespage: suggested to rerun the hooks for relations in order to get that multi-line setup to be applied when we upgrade the charm11:20
caribougnuoy: my mistake is to suppose that all relations were available in 'upgrade-charm'.11:20
gnuoycaribou, they are all available, what makes you think they aren't ?11:21
caribougnuoy: well, I suppose they are if I explicitely call them by rid, in relation hooks there's no need for that apparently11:22
caribouif I understand it correctly11:22
caribougnuoy: I mean I do not need to supply the relation-id in a relation hook when doing 'relation-get'11:23
gnuoycaribou, you don't need to explicitly set relation id when you're in the context of that relation. But in upgrade charm your not in the context of any relation so it needs to be set explicitly11:23
=== Lcawte|Away is now known as Lcawte
caribougnuoy: sorry for all those nOOBs assumptions, I'm just getting into those charms mechanisms11:24
gnuoycaribou, don't apologise, no problem at all11:24
YamakasYhow can I make my mirror smaller ? it's 200GB!11:25
YamakasYanyone ?11:38
gnuoyYamakasY, have asked in #ubuntu-mirrors and looked https://wiki.ubuntu.com/Mirrors for expected mirror sizes ?11:41
gnuoy" The Ubuntu archive, as of 2013-04-04, uses about: 642GB of disk space for the Ubuntu package archive. "11:42
=== marlinc_ is now known as marlinc
YamakasYgnuoy: not loked there yet11:49
caribougnuoy: maybe I misunderstood what jamespage asked for11:51
jamespagecaribou, nope- the conversation above looks on the right track :-)11:52
cariboujamespage: thanks for the confirmation11:52
cariboujamespage: there is also a dependancy on the order of the upgrade : nova-cloud-controller must be upgraded first to make the new relations available to nova-compute11:53
jamespagecaribou, actually I don't think that will matter11:54
cariboujamespage: well, if nova-compute runs & no indexed relation is there, it will do nothing11:54
jamespagecaribou, if you do it the other way around, nova-cc will set the data and the nova-compute nodes will just pickup the new relation format11:54
jamespagecaribou, yes11:54
caribouhence nova-cc needs to be to the latest version first11:55
cariboujamespage: I mean it will not break anything, but just not use the multi-line format11:55
caribouso someone not knowing about the specific ordering requirement will not get a functional live-migration ssh key setup after the upgrade11:56
caribouif nova-compute is upgraded first11:56
* zul shakes his fist at tempest12:29
oroanyone has a workaround for trusty's network device reanming bug? (https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1284043)12:38
uvirtbotLaunchpad bug 1284043 in biosdevname "udev renaming the same hardware network i/f to different name, breaks networking and firewall" [High,Confirmed]12:38
cariboujamespage: gnuoy: running compute_changed() in a non relation hook context is rather difficult :12:54
jamespagecaribou, there should be lots of examples of how todo that already in the nova-cloud-controller charm12:54
cariboumany of the function used make the assumption that all relations are available12:54
gnuoycaribou, note that those which need to be called outside of a relation context allow the rid to be passed in12:55
gnuoydef compute_joined(rid=None, remote_restart=False):12:56
caribougnuoy: I fixed many of them, but the call to shh_compute_add fails because it calls helpers that expect  some environment variable to be there12:56
caribougnuoy: yeah, i've done all of this, the whole relation get/set is fixed accordingly12:56
caribougnuoy: here is an example : http://paste.ubuntu.com/7505499/12:58
gnuoycaribou, just to be pedantic "all relations are available" in all hook contexts. And there is no hook context where they're all available without having to set a rid for ones outside of the current context.13:00
caribougnuoy: agreed, that why I added rid & uid to the call so I have them, that works13:00
gnuoykk13:00
caribougnuoy: it's the call to ssh_directory_for_unit which calls remote_unit that expects $JUJU_REMOTE_UNIT to be set; maybe I should change that to use a unit passed as argument13:02
caribougnuoy: since I know it already13:02
gnuoysounds good to me13:02
caribougnuoy: just that the fix becomes more intrusive that I expected ( or rather that I'm used to)13:03
gnuoyyeah, I think you've been unlucky13:03
caribougnuoy: from the look of it, the current compute_joined was written to be called in a relation hook only13:03
caribougnuoy: I must change it to be called in any context13:04
caribougnuoy: I'm fine with it13:04
gnuoycaribou, no, it is called in other relation contexts already, hence the ability to pass in the rid13:04
gnuoyshared-db-relation-changed calls it for one13:05
caribougnuoy: it calls compute_joined, not compute_changed13:07
cariboucompute_changed is argumentless atm13:07
gnuoycaribou, ah, you said compute_joined in your previous comment "the current compute_joined was written to be called in a relation hook only"13:07
caribougnuoy: oops, sorry :-/13:07
gnuoynp :)13:08
caribouok, now that I got blessing for people who know, let's get that working :-)13:08
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
=== melmoth_ is now known as melmoth
=== sz0 is now known as sz0`
WerkenaHi, How do I make sure whenever a service e.g. apache stops to make sure it be restarted again.....apart from using cron to check on a timely basis.13:51
=== sz0` is now known as sz0
rberg_Werkena: upstart can restart processes that crash13:55
Werkenarberg: Can you take such an instances where the sysadmin wants to ....e.g. just unpluging a wifi usb AP and replugging it would make hostapd to freez/stop....so I have to restart it manually....or if some how the usb wifi is pluged after the hospad service already started, it wouldn't restart itself.....so I wanted it in such like scenario....13:57
rberg_for hardware events I would look at writing udev a rule14:00
=== sz0 is now known as sz0`
Werkenarberg: I think I understand you now, Should I only include the word "respawn" in the init.d of the script (for hostapd) like found in this post.....https://forums.plex.tv/index.php/topic/109449-respawn-on-crash/14:14
=== `ph8 is now known as ph8
klanderhey guys. whats the easiest way to port your deployed apps to apache 2.4 from apache 2.2 ?14:32
klanderthis blog mentions automated deployments but i really don't know what he's talking about: http://www.justgohome.co.uk/blog/2014/04/new-in-14-04-apache.html14:33
klanderdoes anyone know what he's referring to?14:33
TJ-klander: vrtualised instances using deployment and configuration management tools; Chef, Puppet, Salt, Ansible,  etc, etc,14:41
=== sz0` is now known as sz0
=== zz_swebb is now known as swebb
=== swebb is now known as zz_swebb
=== stoned is now known as stoned-
=== sz0 is now known as sz0`
=== sz0` is now known as sz0
caribougnuoy: jamespage: FYI, looks like I got the compute_changed() to work in non-relation hooks (i.e. upgrade-charms)16:17
caribouI'll give it more tests next monday & fix the unit-tests16:17
gnuoycaribou, excellent16:17
caribougnuoy: jamespage: your help was very valuable, thanks for it16:17
gnuoynp16:17
jamespagecaribou, yw16:18
smoserkirkland, bummer: https://bugs.launchpad.net/cloud-init/+bug/132269216:20
uvirtbotLaunchpad bug 1322692 in cloud-init "seed_random runs too early if local datasource used" [Medium,Confirmed]16:20
=== stoned- is now known as stoned
=== sz0 is now known as sz0`
adam_gsmoser, eeek https://bugs.launchpad.net/cloud-init/+bug/131647516:53
uvirtbotLaunchpad bug 1316475 in tripleo "trusty hang on first boot post deploy" [Critical,Triaged]16:53
smoseradam_g, bah.16:55
smosergood debugging.16:56
smoseradam_g, you can just disable that datasource16:57
smoserthats the easiest thing to do .16:57
adam_gsmoser, yeah..16:58
adam_gsmoser, how do i disable it?17:03
smoserdpkg-reconfigure cloud-init will allow you to select17:04
smoseror you can just pars/edit /etc/cloud/cloud.cfg.d/90_dpkg*17:05
smoseradam_g, that just plain sucks17:11
adam_gsmoser, yeah. its still not clear to me why its happening on a small percentage of our servers and not others. im happy to test whatever you come up with.17:24
smoseradam_g, well, it would not hang if either:17:29
smosera.) there was no ttyS117:29
smoserb.) there was data to read on the ttyS117:29
smoserc.) the read failed.17:29
=== sz0` is now known as sz0
=== Lcawte is now known as Lcawte|Away
=== medberry is now known as Guest39402
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
kirklandsmoser: okay...suggestions?19:04
smoserno good suggestions at the moment19:06
vonsyd0wHello! I'm trying to get my dhcp server to dynamically update my dns server with hostnames, but dhcpd keeps spitting out these errors: dhcpd: Unable to add forward map from $HOSTNAME. to $IP: connection refused - Anyone familiar with it?19:22
sarnoldvonsyd0w: 'connection refused' could be generated by a firewall on the dhcp machine, a firewall on the dns machine, or the dns server not being configured to accept connections on that IP/port19:24
vonsyd0wfirewall on the dhcp! wow forgot19:29
vonsyd0wlet me check now...19:30
=== a1berto_ is now known as a1berto
kingbeowolfhow do you guys control your raid?19:53
dcosnettelekinetics19:55
dcosnetO:-)19:55
rberg_with mdadm.. how else?19:55
kingbeowolfso no hardware?19:55
kingbeowolfim looking at a 4 disk ssd raid19:55
kingbeowolfmaybe 519:55
rberg_I have used some hardware.. I find megacli obtuse19:56
kingbeowolfwhat do you think of this? http://www.amazon.com/gp/product/B004JPHAF0/ref=s9_wish_co_d0_g147_i4?ie=UTF8&colid=12KKAP4FH9RM4&coliid=I3TX9VQI5ZJ53U&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=typ-top-left-1&pf_rd_r=1ZG25XSSJ2F44974WDGZ&pf_rd_t=3201&pf_rd_p=1780082482&pf_rd_i=typ0119:57
rberg_personally I would stick to software raid for 4 or 5 disks19:59
kingbeowolfi think i have a bottle neck some where with this 4 disk raid 019:59
kingbeowolfusing mdadm19:59
vonsyd0wsarnold, that was it! A firewall issue. I forgot my dhcp server (my edgemax router) had explicit deny rules set. I had to create an allow rule for port 53, its working now20:00
sarnoldvonsyd0w: oh! nice :D20:02
sarnoldvonsyd0w: thanks for reporting back, I love learning what fixes things :)20:02
fridaynexthas anyone used this before? http://sourceforge.net/projects/automysqlbackup/?source=dlp20:02
fridaynextI'd like to set up a cron job to back up my mysql DB's, and that looks to fit the bill, but it hasn't been updated in over a year.20:02
remix_tjfridaynext: a collegue of mine implemented this, works well, dumps when requested-20:05
fridaynextremix_tj: recently?20:06
remix_tjlast july20:06
fridaynextremix_tj: meh, close enough. it's not like commands to back up a db have changed in 6 months.20:07
fridaynextmysqldump -u me -pblah, etc.20:07
remix_tjoh, yeah20:07
fridaynextI'd write the scripts myself, but I'm too lazy.20:07
[[lutchy]]What's wrong with just a routine mysql dump?20:07
vonsyd0wfridaynext, Percona XtraBackup is another option: http://www.percona.com/doc/percona-xtrabackup/2.1/20:07
vonsyd0wI haven't used it, but it seems well maintained20:08
vonsyd0wand good docs20:08
remix_tjautomysqlbackup also sends report, helps with a lot things for lazy sysadmins20:08
[[lutchy]]hmmmm...20:08
remix_tjand you know, you're not a senior sysadmin until you're lazy20:08
fridaynextremix_tj: have i been upgraded to senior??? nice!20:08
[[lutchy]]No offense, but it's like another software to keep up2date.20:09
fridaynextreally all I want to do is back up the db, zip it, and move it into the user's owncloud folder (daily).20:09
=== Guest39402 is now known as medberry
remix_tj[[lutchy]]: your code has to be tested and updated by yourself, drilling down problems when issue appears20:09
fridaynextdammmit, i'm just going to write the cron job for it.20:09
fridaynextno reason to install something else.20:09
remix_tjwhen the code is written by others for many people, it's well tested (hope) and problems are eventually drilled down by more people than yourself20:10
[[lutchy]]Now if I make it simple...20:10
[[lutchy]]s/now/not/20:10
remix_tjyeah20:11
remix_tjsimple means 2 lines of code20:11
[[lutchy]]I like simplicity when it comes to sysadmin...20:11
remix_tjmore than two is already on the road for "complex" :-P20:11
[[lutchy]]remix_tj, Yeah, only time it breaks, is bash or something else changed :-p20:11
remix_tjyup :-)20:12
[[lutchy]]In my experience, I've seen some folks come with complicated solutions to solve a simple solution (not sure if they are trying to impress someone or not)20:13
[[lutchy]]s/simple solution/simple issue/20:13
Joe_knockHello20:15
[[lutchy]]Hi20:18
Joe_knockWould it be possible to use wubi.exe to install ubuntu server alongside winXP? Using ubuntu12.04 server20:24
[[lutchy]]That's 'ubuntu12.04' part confused me a bit...20:25
Joe_knock[[lutchy]]: 12.04 is the version of ubuntu server that I have.20:27
[[lutchy]]Joe_knock, If I understood correctly, you want to install Ubuntu Server under ubuntu 12.04 along side winxp ?20:28
[[lutchy]]I have about 4 Ubuntu Server VMs, but I would assume that the installer, which I can test in a VM, will automatically recognize WinXP :/20:29
[[lutchy]]wubi.exe to install ubuntu, using ubuntu12.04? webi.exe is a Win program..20:30
lordievaderJoe_knock: Wubi hurts performace, not really what you want on a server.20:32
Joe_knocklordievader: I just need it for home-testing and playing around with it. It isn't a production server.20:33
Joe_knock[[lutchy]]: That is my point. I want to use wubi.exe to install ubuntu server alongside WinXP20:34
lordievaderStill, wubi is ugly and should die. But that is just my personal opinion.20:34
Joe_knocklordievader: I respect your opinion, but I am just clarifying whether it is possible or not. I am restrained in that I cannot make the system run ubuntu on its own.20:35
[[lutchy]]From what I understood, wubi was just a more easier way to install Ubuntu under Windows XP ?20:36
[[lutchy]]Not Windows XP, but under any Windows version that is supported20:36
lordievaderHmm, haven't done a wubi install in years. But I suppose that if it is possible to install the desktop the server part shouldn't be a problem.20:36
Joe_knock[[lutchy]],20:37
Joe_knock[[lutchy]]: Yes that is correct. It installs "within" windows. so ubuntu kind of lives on top of windows20:37
Joe_knocklordievader: Thanks20:37
guntbertJoe_knock: just why don't you use virtual machines?20:38
[[lutchy]]hehehe20:38
[[lutchy]]I have Windows Server 2012 R2, with the latest patches to Hyper V20:39
[[lutchy]]I have CentOS, and 2 Ubuntu VM Server20:40
[[lutchy]]My http://projects.lhprojects.net/ and http://scm.lhprojects.net/. both running from the same server and from VMs20:40
Joe_knockguntbert: The tower I intend using only has 512MB of memory20:40
[[lutchy]]Ok...20:41
[[lutchy]]Well, IIRC, 14.04 only support 64bit ?20:41
WACOMaltHey folks. I just checked munin on a largely inactive server, and I am seeing a lot of postfix activity http://i.imgur.com/x49HlKk.png20:42
WACOMaltshould I be worried?20:42
[[lutchy]]Joe_knock, Let me guess, no USB, no CD-ROM ?20:42
guntbertJoe_knock: thats really low, indeed20:42
lordievader!munin20:42
lordievaderHmm, thought there was something with munin.20:42
Joe_knock[[lutchy]]: It has USB and a CD-ROM drive, but I will install using a virtual drive.20:43
WACOMaltwell anyways, this server has never ever been used (intentionally) as a mail server.20:43
WACOMaltSo is this sign of someone using it agains tmy will?20:43
Joe_knockguntbert: Which is why I need full resources to try installing a couple of tools  I want to test20:43
Joe_knockWACOMalt: if that is the case, why is postfix installed on it?20:43
WACOMaltI would venture to guess it came with it20:44
[[lutchy]]Postfix by default, is pretty secure20:44
guntbertJoe_knock: I understand but cannto contribute anything to your wubi-question - I never used it, not even in a VM20:44
guntbert*cannot*20:44
WACOMalthow can I check if anyone has been using it?20:44
[[lutchy]]All my Ubuntu installations were basic with just openSSH20:44
Joe_knockWACOMalt: It looks like only 6 mails have been deferred. Unless I am misinterpreting the graph. so it isnt a lot, compared to previous activity20:45
WACOMaltcan I check what user initiated those?20:45
Joe_knockguntbert: I will test it out in a couple of minutes time.20:45
guntbertJoe_knock: Good luck!20:46
Joe_knockWACOMalt: yes, you should be able to see activity of sent/received emails. Do you have access to the server?20:46
WACOMaltI do, but have no experience with postfix to know where to look20:46
Joe_knockWACOMalt: Are you comfortable with the commandline?20:47
Joe_knockguntbert: Thanks20:47
[[lutchy]]The Mail log, will not tell you who initiated in terms of a *user*... It will tell you the host20:47
WACOMaltyes, provided I can get some help as to what to type :P20:47
[[lutchy]]Who asked the Mail to be relayed20:47
WACOMaltthat works [[lutchy]]20:47
[[lutchy]]Unless you have SASL auth20:47
[[lutchy]]Then you will get a *user*20:47
WACOMalt-\(°_o)/¯20:48
WACOMaltI never set that up, so I guess I wont get a user20:48
WACOMaltso how do I check?20:48
[[lutchy]]How do you want the E-Mail server to be setup ?20:48
Joe_knock[[lutchy]]: Wouldn't all that is needed to identify the person is the email address that tried to send the email? Based on the graph, it seems somebody or 6 people or 1-6 people tried to send a total of 6 emails that were "deferred"20:48
[[lutchy]]Postfix is very documented and features typically work as expected20:49
WACOMalt[[lutchy]], not at all preferably20:49
lordievaderWACOMalt: Have you by any change installed logwatch?20:49
WACOMaltnope20:49
[[lutchy]]Joe_knock, no, I can telnet to your server and enter whatever mail from person I like20:49
Joe_knock[[lutchy]]: true, but it may be possible that some end-user is trying to send an email.20:50
WACOMaltso, how do I check?20:50
[[lutchy]]logwatch is really good20:50
Joe_knockWACOMalt: Do you want us to check what commands to type in for you? lol20:51
[[lutchy]]It's very useful ... I thinking of another program to aggregate results from different servers.. I found logstash20:51
Joe_knockWACOMalt: Perhaps this might help -- http://www.postfix.org/postqueue.1.html20:52
[[lutchy]]Joe_knock, It's not about if user will or will not send mail... it's based on the policy of the mail server to reject it20:52
Joe_knockWACOMalt: I see that the -p part is where you may be looking.20:53
[[lutchy]]I have two postfix servers relaying mail..20:53
[[lutchy]]I don't know why you would suggest postqueue20:53
[[lutchy]]When postqueue is about whatever mail that's currently in the 'queue'20:53
Joe_knock[[lutchy]]: I am trying to help him as best I can. Feel free to make a better recommendation20:54
[[lutchy]]Yeah, it's about helping one another ...20:56
[[lutchy]]I had asked earlier how he wanted his E-Mail server to be setup20:56
[[lutchy]]I doubt, when you 'apt-get install postfix', it leaves you as open RELAY20:56
WACOMalt[[lutchy]], I answered that question with "not at all"20:57
[[lutchy]]Postfix, being complex, has a very simple and well documented20:57
[[lutchy]]configuration20:57
WACOMaltit looks like one of my users has set up an email address, and they have google set to recieve that for them in their gmail20:57
WACOMaltthats all the acticity I can see in postqueue20:58
WACOMaltso I guess things are fine?20:58
[[lutchy]]Read what postqueue is far ...20:59
[[lutchy]]postqueue does not produce logs20:59
[[lutchy]]Postfix is simple a MTA, if it's allowed to TRANSFER email, then it's likely a faulty in security21:00
WACOMaltok, then I'm just uninstalling it21:01
[[lutchy]]If you don't need a MTA, then yeah, but keep in mind... programs that need a sendmail program will fail21:01
[[lutchy]]Bottom line, who accessing your Computer ?21:02
WACOMalthonestly, at this point I dont even know. I have 3 authorized users. And I'm about as unfit of a server admin as has ever existed21:02
WACOMalt:)21:02
Joe_knock[[lutchy]]: the emails weren't delivered, which means they're sitting in the queue, which is why postqueue can tell what emails are there.21:02
[[lutchy]]Ok21:02
Joe_knockWACOMalt: Do you recognise the email address?21:03
[[lutchy]]WACOMalt, There are few things you can to secure it up21:03
WACOMaltyes, and no21:03
WACOMaltthere is www-data@myserver.com21:03
WACOMaltand then a few that are actually users21:03
WACOMaltbut all are trying to send to gmail servers21:03
Joe_knockWACOMalt: Identify with the company bureaucracy whether you are allowed to access email accounts, if yes, then maybe you can access the content of the email to see what it says.21:04
WACOMalt"the company beaurocracy" = me21:04
WACOMaltits just a guy (me) with a box21:04
[[lutchy]]What piss you off the most21:04
Joe_knockWACOMalt: I think what is happening is that they're using mail-forwarding, and those 6 emails weren't forwarded for some reason.21:04
[[lutchy]]The fact, 3 authorized people send Mail21:05
[[lutchy]]Or the targets of the E-Mail, by one person, is wrong21:05
[[lutchy]]That information can help21:05
WACOMaltyeah I'm gonna talk to those 3 people21:05
WACOMaltthey dont use the emails any more, but I know they had them set up at once point. Gonna askt hemt o remove them from gmail21:05
[[lutchy]]BTW, when it's local mail21:06
[[lutchy]]It's logged by user21:06
[[lutchy]]So, if they send a mail from 'sendmail' program from the server, it will be logged by who21:06
Joe_knockWACOMalt: Are they just forwarding from myemail@domain.com to myemail@gmail.com or are you using gmail as your email provider?21:06
[[lutchy]]Postfix behaves differently when it comes to local sent mail21:07
WACOMaltJoe, the former example21:07
[[lutchy]]There is a different daemon that handles local mail21:07
[[lutchy]]That should be log, what Ubuntu server do you have ?21:07
WACOMaltAt current I see nothing to hint at someone misusing the server. So I'm not worried and will jsut ask the users to disconnect google if they arent using the address any more21:07
WACOMalt10.04 :/21:08
Joe_knockWACOMalt: Based on what you say, it is actually the automated email forwarder that has placed the emails in the queue (my assumption based on info).21:08
WACOMalthmm possibly21:08
Joe_knockWACOMalt: Disconnecting google won't fix it. You need to stop mail-forwarding from: myemail@mydomain.com . What email client do you have access to?21:09
WACOMaltyou mean on the server?21:09
WACOMaltor on my local desktop21:09
WACOMaltlocally I think I have windows live mail which could connect to those addresses21:10
Joe_knockYes, you need to configure mail-forwarding to be stopped. Find out how the 3 other users setup mail-forwarding previously and tell them to reverse that process.21:10
WACOMaltrighto. I'll have to look into that tonight though21:10
WACOMaltI have to leave for the time being.21:10
Joe_knockWACOMalt: Perhaps a webmail client like squirrel or something else might help. Good luck21:11
WACOMaltThank you both for the help. At least my mail wasnt being used for nefarious purposes21:11
Joe_knockWACOMalt: If you don't need postfix, best to remove it then.21:11
WACOMaltyeah I'll check if anyone else is actually using it, but it certainly looks like they arent21:12
WACOMaltok, I'm off. thanks again!21:13
fridaynextwhat permissions does a mysql user need to be able to dumb a DB?21:15
[[lutchy]]root21:15
fridaynexti have all my users set at SELECT, UPDATE, INSERT, DELETE21:15
[[lutchy]]Depends, the entire DB directory ?21:15
fridaynextoh, so only root can dump a db?21:15
fridaynextno just individual DB's21:15
fridaynextI want to dump DB's daily for my clients running WP sites on my server21:15
serverhorrorfridaynext: usage and select (on all object) may be enough if you do a mysqldump. but it really depends on the kind of backup you want to do21:16
fridaynextserverhorror: just basic.21:16
[[lutchy]]thanks serverhorror21:16
fridaynextmysqldump -u someone -pblah summatDB > summatDB_today.sql21:16
[[lutchy]]I was thinking only 'select'21:16
serverhorrori think just about any right implies usage, but granting it makes it explicit in listing the rights also21:17
fridaynextthis is what i'm getting when i try to use a user's un/pw for a dump http://pastebin.com/TrcETmff21:18
serverhorrorfridaynext: actually any user can create a backup like this. if you “grant usage,select on myschema.public_table to ‘restricted_backupuser’@‘backuphost.invalid’” you’ll still get a backup just not of all the tables in the database ;)21:19
serverhorrors/database/schema21:19
Macer           0.25    0.00    2.61   26.12    0.00   71.0221:21
Maceri am getting 26.12 in iostat for iowait :/21:21
[[lutchy]]iostat?21:21
fridaynextserverhorror: what if I grant lock tables - will that fix the error in the pastebin?21:21
Macertop too21:22
Macerbut i wanted to see where it was.. .can't quite put my finger on where i'm getting the pause21:22
[[lutchy]]You know fridaynext, give users all access to the DB they OWN21:22
serverhorrorit should, but it will also …. LOCK your tables (no other client can write while the backup is running)21:23
fridaynext[[lutchy]]: i'm running wordpress sites, and wordpress codex suggests only granting select, insert, update, delete to mysql users.21:23
[[lutchy]]No..21:23
=== a1berto_ is now known as a1berto
[[lutchy]]You can grant access per db, even per table21:23
fridaynexthttp://codex.wordpress.org/Hardening_WordPress#Database_Security21:24
fridaynextI know I can do that, but this is just what the WordPress codex suggests.21:24
fridaynextI want to keep it as secure as possible.21:24
serverhorrorfridaynext: don’t use wordpress :)21:24
[[lutchy]]Macer, Install 'iotop', it can show you IO in terms of IO in regards of DISK usage21:24
fridaynextserverhorror: if i had a nickel.21:24
serverhorrorhehe21:25
[[lutchy]]Let me get this right...21:25
fridaynextbut until I can teach myself a new language and implement a secure e-commerce platform for the 12 sites i'm currently running - i'm stuck with WP.21:25
[[lutchy]]You know you can do that but you followed instructions blindly ?21:25
fridaynext[[lutchy]]: not blindly.21:25
Macerah ok. let me take a look at it21:26
serverhorrorfridaynext: truly the permissions depend on the backup. my default solution is to run a backup only slave and go from there (either xtrabackup, mysqldump, …) that at least won’t lock the clients out during backups21:26
serverhorrorfridaynext: e.g. I’m pretty sure mysqldump —opt … and mysqldump —single-transaction …  will need different sets of permissions21:27
fridaynextif I run mysqldump as root, and put that in a .sh file in the root directory, to be run with the root user's crontab - is that basically secure?21:27
[[lutchy]]Yes, but from he is telling me, he already knew beforehand, then apply permission per DB21:27
[[lutchy]]NEVER fridaynext21:27
serverhorrorfridaynext: just don’t21:27
fridaynextwhich part - the root user's cron job?21:27
fridaynextor running mysqldump as root?21:27
fridaynextor both?21:28
[[lutchy]]This is how I do it, as opposed to serverhorror21:28
Macer           0.25    0.00    2.61   26.12    0.00   71.0221:28
Maceroops21:28
Macer12015 be/4 root       48.19 K/s    0.00 B/s  0.00 % 98.63 % dpkg -i ./packages/zimbra-store_8.0.7.GA.6021.UBUNTU12.64_amd64.deb21:28
[[lutchy]]I use phpmyadmin, to select what permissions per user has21:28
Macerwow... wth?21:28
Maceris that because of some awkward lxc kernel translation or something? heh21:29
[[lutchy]]I just give full permission to that user to the db21:29
Maceriotop has dpkg @ 99% io?21:29
[[lutchy]]It avoids any permission issues moving forward21:29
serverhorrorfridaynext: make it secure: use ssl all over the place (expect about 30% of the original performance). never use root but dedicated role accounts. get rid of the [debian|ubuntu] mysql user21:29
fridaynextserverhorror: i've been converting all sites to 100% ssl over the past week, so that much is being taken care of.21:30
serverhorrorfridaynext: practically I’m having dedicated schema owners and use those for maintenance like backups…21:30
serverhorrorfridaynext: on the webserver part or the mysql part21:30
fridaynextwebserver21:30
serverhorrorfridaynext: i’m talking about mysql21:30
fridaynexti didn't know using ssl was possible within the same machine21:30
fridaynextfor mysql21:30
fridaynextsince it's all on localhost, that is.21:30
[[lutchy]]Macer, snippets... do not work.. I can't see headers, you expect people understand what you pasting21:31
serverhorrorfridaynext: it is. mysql just has the habit of being overly friendly and actually uses the unix socket instead of the tcp socket if you specify localhost but you can tell the (at least) the mysql client to use the tcp socket21:31
[[lutchy]]MySQL and SSL serverhorror .. it's frustrating21:31
[[lutchy]]Not all clients support SSL with MySQL21:32
[[lutchy]]I have stunnel setup .. :)21:32
Macerhm. zfs seems to be giving me some pretty bad speeds21:32
serverhorror[[lutchy]]: as i said: 30% of the original performance (not 30% drop) 30% left of what you had21:32
fridaynextserverhorror: wow that's a huge drop21:32
serverhorror(rough estimates of course)21:32
[[lutchy]]serverhorror, You didn't say from what I am reading just in case21:33
Macer[[lutchy]]: sorry.. it's not zfs. the i/o to the zfs isn't bad. i don't know what is holding it up21:33
Macerdpkg in a container seems to be getting held up somewhere21:33
serverhorror[[lutchy]]: I was referring to the frustration. I’d drop mysql without a blink if I had the chance too21:34
Macer  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND21:34
Macer12015 be/4 root        0.00 B/s    0.00 B/s  0.00 % 99.84 % dpkg -i ./packages/zimbra-store_8.0.7.GA.6021.UBUNTU12.64_amd64.deb21:34
[[lutchy]]The socket issue is a problem21:34
Macerit's not the disk.. :/21:34
fridaynextso how do i avoid doing a mysqldump with locktables? (is that even possible?(21:35
[[lutchy]]Especially when I am using stunnel, but just specifying the IP of the localhost should resolve that21:35
[[lutchy]]fridaynext, read the error carefully21:35
fridaynext[[lutchy]]: it looks like it is definitely going to lock the tables while performing the db backup.21:35
[[lutchy]]I would have to defer to serverhorror ....21:36
fridaynextoh it's that percent sign, isn't it.21:36
[[lutchy]]How big is the DB ? Why can't you schedule a time  ?21:36
fridaynextIt's probably 30MB21:36
fridaynextI can schedule a time, but I'm testing the mysqldump command as the owner of the db before setting up a cronjob that won't work when it's fired21:37
[[lutchy]]Regardless, I still have to defer to serverhorror...21:37
fridaynext[[lutchy]]: I don't get it - defer b/c I'm too daft to understand, or you don't know what to tell me next?21:37
[[lutchy]]My question to serverhorror, if you know, does mysqldump 'lock'?21:37
serverhorror30M should be done in well under a minute with almost any hardware today. depends on your requirements wether that can still be locked or not21:37
fridaynext[[lutchy]]: oh.21:37
[[lutchy]]Yeah, I agree with serverhorror21:39
[[lutchy]]But, are you doing back per user ?21:39
[[lutchy]]s/back/backup/21:39
[[lutchy]]That's inefficient21:40
serverhorror[[lutchy]], fridaynext: look for “—add-locks” there’s also a “—no-add-locks” (or any other —no…. options for that matter) so it doesn’t necesarily lock. but then it doesn’t guarantee consistency (read: you could get a broken backup, missing posts, etc. but 30MB doesn’t sound like a high traffic blog) —21:40
serverhorrorhttp://manpages.debian.org/cgi-bin/man.cgi?query=mysqldump&apropos=0&sektion=0&manpath=Debian+7.0+wheezy&format=html&locale=en21:40
[[lutchy]]Thank serverhorror :)21:40
[[lutchy]]Thank you* serverhorror21:40
serverhorrorpersonally i do mysqldump —single-transaction —opt —triggers —add-drop-triggers ….21:41
fridaynextserverhorror: it's a super high trafficked site, but I just granted lock tables to the user, and it performed the dump in about 0.3 seconds.21:41
serverhorrorbut as I said: I always have a backup only slave so I have no problems with locks21:41
serverhorrorfridaynext: high traffic in that case means: it’s creating multiple posts per second as the lock would keep you from saving them but not from reading them21:42
fridaynextis that a separate mysql user with permissions on all DB's?21:42
[[lutchy]]I think the issue is, since fridaynext mentioned user, I still don't get why you don't give the use full privs?21:42
serverhorrorfridaynext: no it’s separate hardware that acts as a repliation slave21:42
fridaynext[[lutchy]]: I've had client's come to me whose sites have been hacked, and I want to keep my sites as secure as possible.21:42
[[lutchy]]Do you trust MySQL ?21:43
fridaynextI haven't read how mysql gets injected with malware, etc, but I figure as few permisisons as necessary is a good start to keeping it secure.21:43
serverhorrorfridaynext: the practical solution is actually a “schema owner” that can connect from trusted sources.21:43
[[lutchy]]It doesn't matter21:43
[[lutchy]]You can't prevent SQL injection from MySQL21:43
[[lutchy]]You can limit21:43
[[lutchy]]A user having entire access to his DB21:44
[[lutchy]]The information in his DB get corrupted is not really your issue21:44
serverhorrorfridaynext: most web apps (including wordpress) don’t get hacked because of the base installation but rather because of weak passwords and plugins (which are mostly …. let’s say audited to a lesser extent)21:44
serverhorrorreason no. 1 being weak passwords21:44
fridaynextserverhorror: and i'm already enforcing strong passwords, so I guess I don't even need to worry about the user having all permissions.21:45
serverhorroryou can’t possibly get your users to use secure passwords if the wp-admin is on the interwebs21:45
fridaynextserverhorror: not sure if sarcastic, but i've enforced strong passwords with a security plugin.21:46
serverhorrorpeople tend to use the same password all over the place so it’s not like you can actually help them. password leaks being everywhere and downloads of the files only a google search away21:46
[[lutchy]]No one suggested all permissions \21:46
fridaynext16:42 [[lutchy]]: I think the issue is, since fridaynext mentioned user, I still don't get why you don't give the use full privs?21:46
[[lutchy]]I suggest all permission on per user database21:46
[[lutchy]]Right21:47
fridaynextoh21:47
fridaynextthat's what I thought, and what I meant when I stated it just now.21:47
fridaynextso we're still on the same page.21:47
serverhorrorfridaynext: as i said “schema owner” (grant all on customer1.* to schema_owner@secured_host) that is what I use. everything else was impractical to manage for me21:47
[[lutchy]]I have been saying the same statement for the past 30 minutes21:48
fridaynextokay thanks for the help.21:48
serverhorrorok now for my question :)21:49
[[lutchy]]I think there was some level of miscommunication21:50
serverhorrorI’m looking for image deployment systems. should be able to handle about 50-100 images and scale to deploy to about 10K hosts/year21:50
serverhorror[[lutchy]]: I think so too. Practicality and security don’t always play well together :)21:50
[[lutchy]]uh... When you say Image ? Do you mean, image of a disk ?21:51
serverhorrortarget OS being: all things linux (debian, rhel, ubuntu, …)21:51
serverhorror[[lutchy]]: yes.21:51
serverhorrornot necessarily block based but definitely not the usual pxe boot/debootsrap/seed files21:51
serverhorrorrather something like pxe boot > do_magic.sh (which puts the image on the target, optionally runs post-script, or some kind of first-boot afterwards) > profit21:52
[[lutchy]]I am a intermediate sysadmin... I would like to see how you solve this large scare problem21:53
[[lutchy]]With tools that Ubuntu offer21:53
[[lutchy]]BTW, I don't like Debian... That's why I pick Ubunt21:53
bekkskickstart.21:53
[[lutchy]]I would think of backup system21:54
serverhorrorbekks: I thought kickstart was just the native RHEL way of running installation scripts like debian distros have preseed files and the installer21:54
bekksIt works fine on Ubuntu, too.21:54
bekksAnd it is much easier than preseed files.21:55
serverhorrorbekks: but will it use the “current package sources” or a frozen state (image deployment). I hav a requirement of “frozen state”21:55
bekksIt will use whatever your local mirror provides ;)21:55
bekksFor even larger use cases, you can use http://fai-project.org/ too.21:56
serverhorrorbekks: that is my problem. I don’t have control over the mirrors at our site and the requirement is not to introduce “unwanted changes”21:56
bekksSo set up your own mirror. Aint that hard :)21:57
serverhorrorbekks: If you get my management to sign that I’ll have it in an hour :)21:57
bekksBuild a test scenario, present it. It will be signed.21:58
[[lutchy]]hehehe21:58
sarnoldserverhorror: surely you want all the updates installed before deployment, right? :)21:58
serverhorrorsarnold: actually NO! that is the core part of the requirement21:58
bekksGet that part signed, too.21:58
bekksOtherwise you will be blamed for missing updates :)21:59
serverhorrorand please don’t …. image vs. installer based is postgres vs. mysql, vim vs. emacs ….21:59
sarnoldyikes, no updates? o_O21:59
sarnoldyou guys like heartbleed? :)21:59
bekks"No updates" is the core part of a totally broken design of how to develop things.22:00
[[lutchy]]postgres is way lighter than mysql on default install22:00
[[lutchy]]If I had choice, I would chose postgres, but I despise the way they auth22:00
serverhorrorsarnold: no just 100% verifiable system state. automated image updates are a big part of it. but I need to be able to deploy a system exatly like it was in the revision referenced by $DOCUMENTATION22:00
bekks"... includiing all that bugs which where fixed by updates."22:01
[[lutchy]]I am not sure if postgres is thinking of security if I have to define how host auth ?22:01
sarnoldserverhorror: fair enough, updates can always be installed after the system boots22:01
[[lutchy]]Am I wrong? :s22:01
[[lutchy]]In administrative way, for me to keep editing the host file when I create a new user..22:02
serverhorrorsarnold: we were done with heartbleed (software update) in about 12 hours and had all the certs revoked and reissued in 3 working days. I’d say that we were actually pretty fast22:02
[[lutchy]]ugg...22:02
bekksserverhorror: ubuntu software updates took about 3 hours. I guess you werent that fast, actually.22:03
[[lutchy]]Everyone is focuses on serverhorror22:03
[[lutchy]]If I have to read, there is a few core issues I disagree with22:04
serverhorror[[lutchy]]: pg_hba defines _how_ to do the auth, and the permissions define what to auth. actually a pretty nice separation22:04
[[lutchy]]One of them is 'rapid' response22:05
[[lutchy]]There is 6 billion people on earth, to expect everyone know the exploit with 24 hours.. uh.. then you had to wait for openSSL to apply a patch22:06
serverhorrorbekks: but installing the packages is of no help. you need to reboot all the hosts (or at least reastart the daemons). fix software, redeploy…. I’ll stick with pretty fast22:06
sarnold[[lutchy]]: sorry, I just don't know much about postgres details :)22:06
[[lutchy]]serverhorror, <[[lutchy]]> I am not sure if postgres is thinking of security if I have to define how host auth ? is that different from <serverhorror> [[lutchy]]: pg_hba defines _how_ to do the auth, and the permissions define what to auth. actually a pretty nice separation22:06
bekksserverhorror: Actually, we werent affected by heartbleed at all, since we had no systems using affected versions. :)22:07
serverhorror[[lutchy]]: permissions are grant statements within postgres (authorization), pg_hba can actually do a multitude of authentication...22:07
bekksserverhorror: Thats what I call fast. :)22:07
serverhorrorbekks: cheater! ;)22:07
serverhorrorbekks: or is it slow because you didn’t apply updates and had an old openssl version …. SCNR22:08
bekksserverhorror: :D - No, in fact, most of the systems werent affected at all.22:09
sarnoldprecise is too new for you? :) gonna give it a bit more time to mature? :)22:09
serverhorrorthe more I read into this image deployment the more I actually want to schedule a meeting and set up my own mirrors....22:10
bekksNope. Solaris 10 wasnt affected at all, same as RHEL up to 6.4, etc.22:10
serverhorrorI wonder how amazon/rackspace are doing it22:11
[[lutchy]]serverhorror, I still like to use Postgres even now... But not many software support it that I like to use... But to consider in a multiple user environment? How would you solve it ?22:11
serverhorror[[lutchy]]: create role general_user_role nologin; create role1 ROLE general_user_role; …; create roleN ROLE general_user_role; assign rights and be done with it?22:13
serverhorror[[lutchy]]: actually i forgot the syntax. most of the time puppet does that for me :)22:14
[[lutchy]]I actually didn't't bother to look that up...22:16
[[lutchy]]Lucky you, you have your slave minions... :-p22:17
serverhorror[[lutchy]]: yeah lucky me … I also have compliance rules. There’s no technical problem as bad as having a compliance problem22:18
bekksMy minions are called kickstart, NIM, Jumpstart and AI :)22:19
serverhorrorAI?22:19
serverhorrorI’ll take 10!22:19
bekksS11 automated installation. :)22:19
=== Ursinha is now known as Ursinha-afk
serverhorrordarn…. artificial intelligence was my hope22:20
sarnoldNIM?22:21
bekksAIX network installation management.22:22
* genii sips and ponders ksplice22:23
sarnoldaix hunh? wow ;)22:23
sarnoldgenii: also look into http://lwn.net/Articles/584016/ -- our pals at suse re-did it, kgraft, what with oracle's being all oracly22:24
geniisarnold: Oooooo nice22:25
geniiAnd not all Oracly22:26
serverhorror<rant>I refuse to believe that there isn’t a decent system that actually let’s me manage image based deployment. I get all arguments regarding updates and having current systems, but heck: that can also be done right with images, it just needs a different set of practices. </rant>22:26
serverhorroreverything that comes up is essentially some linux that deploys a sysprepped windows22:27
[[lutchy]]I would like see what toolks that ubuntu-server offers ?22:27
serverhorroryeah me too :)22:27
[[lutchy]]If Ubuntu is another Debian22:27
bekkskickstart.22:28
[[lutchy]]I rather use Ubuntu because I don't like Debian22:28
[[lutchy]]Personally, I like a cross between openSUSE and Ubuntu22:28
serverhorrorah what the… I’ll fiddle around with my pi some more. Monday is coming soon enough, then I’ll at least get paid for research22:29
[[lutchy]]I would like a Ncusrse environment sometimes to make my life easier22:33
[[lutchy]]and basic.. ip .. etc rules22:33
sarnold[[lutchy]]: heh, like yast fifteen years ago? :)22:34
[[lutchy]]yast is so useful sometimes22:35
[[lutchy]]but it can get in the way22:35
[[lutchy]]For example, I din't know how you setup Interfaces in Ubuntu? or the syntax is being used ?22:36
[[lutchy]]Even after I made the modifications to /etc/network/interfaces, /etc/init.d/networking restarting would report error22:36
[[lutchy]]Even when I am root22:36
[[lutchy]]I had to end up ip.. add the 'Alias' with IP and assume on reboot...22:38
z1hazecan someone please help me add another website to my server? someone had set it up for me in the past and i dont really understand it22:39
[[lutchy]]That really depends.. Apache ?22:39
z1hazethe sites are in /home/www each have their own folder, but they arent shown as folders, they're listed as MS-DOS Applications .. how do I make another one?22:40
z1hazeyes apache22:40
z1hazethe stuff is in /etc/apache2 there is the /sites-available and the /sites-enabled folder i KIND of know what it does but not really.. ive got it working to basically the "It works" page22:40
sarnold[[lutchy]]: yeah, bad news there -- the 'right way' to do interfaces is 'ifup <ifname>' and 'ifdown <ifname>'. it's insanely confusing why the initscripts don't work, but it winds up completely breaking dbus or upstart or both.22:40
[[lutchy]]sarnold, I was discussing how to make me life easier as admin22:42
[[lutchy]]It's true22:43
sarnold[[lutchy]]: you can add the 'ip' commands right in /etc/network/interfaces. that appears to be the 'blessed' way to do that job.22:43
z1hazeso how can i add another website?22:43
[[lutchy]]sarnold, Keep in mind I am talking about 'Alias'22:44
[[lutchy]]sarnold, You can ?22:44
[[lutchy]]Ok22:44
serverhorror[[lutchy]]: still sarnold is right. “ip addr add 192.0.2.1/24 dev eth0” in /etc/network/interfaces is the way. post-up and pre-down will take care of adding/removing the ip when you run ifup eth0 (or ifdown)22:45
[[lutchy]]That's not the issue at the end of the day when I ask about tools to make my life easier as admin22:46
[[lutchy]]If you can add ip rules.. noted..22:46
serverhorrorz1haze: ‘kind of’ is really broad in that case is another website simply a folder within a virtual host or do you want another virtual host, is it a static site, some php/python/perl application. Your problem description is way to vague to actually give you iinformation22:47
[[lutchy]]With Yast, I can tab to network, select interface, and add the ip address22:47
z1hazei figured it out, thanks22:47
z1hazejust had to run the sudo a2ensite thing22:48
[[lutchy]]CentOS has 'system-network-tui'22:48
z1hazeand it makes the stuff for u22:48
serverhorror[[lutchy]]: but Yast will make your life more complicated if you just have ‘that one little setting yast doesn’t know about and keeps overwriting, but is needed so desparately’22:48
sarnoldserverhorror: btdt :)22:48
[[lutchy]]serverhorror, I have used Yast for the last 3 years22:50
[[lutchy]]I know it's limits22:50
serverhorror[[lutchy]]: another rather simple case where yast is not that helpful: 10 servers that are frontends for a web application. now go add 10 IP based vhosts to each of those hosts. It’s quite some fun actually running thru at least 300 config screens (assuming you can get there with just 3 screens) to the config on the hosts :)22:50
[[lutchy]]Not the case22:52
serverhorror[[lutchy]]: imho the only thing makes life easier is extracting the defining system of the use case and automating that to the point where you could be run over by a bus and nobody would notice because all the stuff is ‘self-service’ capable…. now that would be a reason for a big raise22:52
sarnoldonce you get more than two or three servres, using a tool like juju, chef, puppet, ansible, etc., would be the way to go :)22:52
serverhorrorautomation tools are always nice. it makes stuff repeatable and deterministic. i don’t do anything anymore that isn’t somehow “managed” (not even my workstation or home directory)22:54
[[lutchy]]What's important to me is managing and changing things to a server... How would it make my life easier ...22:56
sarnoldserverhorror: nice. I'm jealous. :)22:56
serverhorrorsarnold: it didn’t just appear at a spawn point. it actually took me 3 years or something to get to that point22:56
sarnoldserverhorror: lol22:57
[[lutchy]]So far, none of Ubuntu servers break22:58
[[lutchy]]My VPS had BLUETOOTH software22:58
[[lutchy]]I have to talk to host about that... their template is busted22:59
serverhorror[[lutchy]]: just scan around maybe it’ll find an Airbus or something that you can control :)22:59
[[lutchy]]serverhorror, One of my Ubuntu Servers is OpenVZ which a Bluetooth software as a service and running23:00
[[lutchy]]serverhorror, I didn't know that OpenVZ had Bluetooth device23:00
[[lutchy]]The Ubuntu Servers that I run when I installed them was with openSSH, that I mentioned earlier23:01
serverhorrorha! I found yet another discussion about host name schemas… time for some trolling :)23:05
miceikenis there some way to filter spam for mail server?23:09
=== acrocity_ is now known as acrocity
fridaynextmiceiken: spamassassin and dovecot sieves.23:10
fridaynextbtw serverhorror, I took your advice and created a new user with permissions on the tables I wanted said user to back up. works a charm.23:10
serverhorrorfridaynext: just restrict the host part and you should be fine. if your backup server is somewhat secure you should be fine23:11
fridaynextserverhorror: it's all on the same server.23:11
fridaynextdon't have the time/money to run two servers.23:11
serverhorrorso if you disk goes up in flames: how do you restore?23:11
miceikenhttp://upload.clusterbrain.net/2014-05-24_0111.png that's a lot of dependencies :P23:11
fridaynextserverhorror: well, this is my backup plan. the backups I've been asking you about.23:12
fridaynextI backup the db and wp-content folder to each user's owncloud data folder, and they sync with their computer so they always have an up-to-date version of their site's content.23:12
fridaynextand I pay for backups at my host (Linode), so if the specific disk goes up in flames, they can just restore the whole image.23:13
serverhorrorah makes sense then. for a budget backup that seems a nice option23:13
fridaynextserverhorror: thanks!23:13
fridaynextserverhorror: it's nice to not hear 'you're doing it wrong!' for once.23:14
serverhorrorfridaynext: would there be any chance of success suggesting another host with backup software, more time/money to invest and you not being able to actually provide value? — i guess no. so weighing the options: you have a remote backup (hoster) you _could_ even put the owncloud stuff as a addon feature to sell or list it for free on the ‘features’ page and gain some more customers.23:15
serverhorrorfridaynext: get some marketing, some more customers and then (and only then) when the risks get too high (hopefully before any disaster strikes) set up a system that fits the changed requirements… place that in the bookable options. make profit, get more customers, ….. :)23:17
fridaynextserverhorror: i'm not totally following.  are you basically saying, 'Please set up another server for backup" ?23:18
miceikenthanks fridaynext23:20
serverhorrorno I’m saying: You (like everyone else is too) are restricted by a budget. I truly think that with the options you have that is a sane choice. If, at some point later in time, you decide that the situation has changed, build a system that fits the situation. ALSO: You build something that is valuable, why not be transparent about it and let you customers hear that and make backup something that they23:20
serverhorrorcan choose to have (for a fee), or use it as a marketing instrument and place it on your website like “Full Backups included@23:20
serverhorrors/@/:23:21
serverhorrorcan’t type anymore sorry23:21
fridaynextserverhorror: that's a good idea, actually. To add backups as an extra cost.23:21
serverhorrorjust be sure it doesn’t backfire. lots of people expect that to just be there23:22
serverhorrordon’t talk about costs :) — add ‘extra value packages’ costs are bad, value is good :)23:22
serverhorror.oO(I have the feeling I had to many meetings with management)23:23
fridaynextnah, my clients up to this point are very good about paying the bills.23:23
fridaynextoh but you're saying, don't add a fee, change the hosting cost overall and explain the added value.23:24
[[lutchy]]I play to start a small VPS company....23:24
[[lutchy]]Hmm... 'Paying on time'23:25
[[lutchy]]s/play/plan/23:25
[[lutchy]]I am thinking, why is that so important to you fridaynext  ?23:26
Joe_knockfridaynext: all hosts provide the "full-backup" thing. You need to demonstrate that you provide genuine backups that the customer has access to on his own personal data storage, which you should be charging a little for in the full-price and not add it as a fee.23:28
fridaynext[[lutchy]]: i don't follow what you're asking23:28
[[lutchy]]fridaynext, I think I broached about the customers paying on time...What's important to you ?23:36
[[lutchy]]Personally, I don't want erratic customers .. I don't want customer who buy and want a refund later23:37
fridaynextOverall, what's important to me is that I have automation in place so that if anything goes tits up, I can get it back online easily, whether that means uploading back to my Linode server or even setting up a sub-par Hostgator shared hosting.23:37
fridaynext[[lutchy]]: yeah, fortunately, I have no customers like that.23:37
fridaynext[[lutchy]]: they're all very respectful of the time I put in to develop their sites / fix problems / etc.23:37
fridaynextand by respectful, I mean they pay the invoices in a timely fashion when I send them out.23:38
[[lutchy]]You offering me information23:38
[[lutchy]]fridaynext, I appreciate you opinion :)23:39
[[lutchy]]However23:39
fridaynextuh oh23:39
fridaynextthe dreaded however!23:39
[[lutchy]]I am still confused...Do you need them to pay to make (I think because you need to plan) because if they don't.. you can't pay your servers ?23:41
fridaynextThey all pay one year in advance, so they are paid up for hosting.23:42
fridaynext[[lutchy]]:  is that what you're asking?23:44
[[lutchy]]I am thinking23:44
fridaynext[[lutchy]]: or are you asking why I don't have a super hefty backup plan in place?23:44
[[lutchy]]I love to think23:44
fridaynext[[lutchy]]: me too :)23:44
[[lutchy]]Personally, My customer will have to make up their own backup plan23:44
fridaynext[[lutchy]]: well that's a weight off of your shoulders.23:45
fridaynextsee, I don't want my customers to do that, b/c that means they're installing PHP plugins on their wordpress sites to do that, and I've watched my server load spike as those PHP plugins backup huge directories.23:45
fridaynextSo that's why I'm setting up backups via cronjobs, sent to their owncloud directories, so it's all native *nix code.23:45
fridaynextno intensive PHP being run where it doesn't need to be.23:46
[[lutchy]]That would be a bonus23:48
fridaynexti like those server load numbers as close to 0.0 as possible :)23:48
[[lutchy]]That's not what I even care about ...23:48
[[lutchy]]But... It's interesting to see your point of view23:49
[[lutchy]]Personally... cost.. I don't mind suffer cost for 1 year23:49
fridaynextwell my story in a nutshell -23:49
fridaynextI started by hosting with HostGator shared.  Traffic / load got larger, so I upgraded to a VPS for $80/month.23:50
fridaynextit. was. horrible.23:51
fridaynextmysql crashing all the time, php crashing, apache crashing.23:51
fridaynextI asked hostgator wtf was up - and this was with only like 3 or 4 sites.23:51
fridaynextso their service was quite literally the worst customer service I've ever dealt with.23:52
fridaynextThey all but told me to stop hosting sites if I wanted faster performance.  Ridiculous.23:52
fridaynextSo i switched to Linode and figured, I'll just manage an Ubuntu 12.04 server all by myself.23:53
fridaynextAlso built a home media server with 12.04, so figured I could learn it in tandem.23:53
fridaynextAnd I've been strengthening my server/backup/troubleshooting skills ever since.23:53
Joe_knockhostgator are awesome for those shared 1-click install plans. As far as a VPS goes, you paid too much from them.23:58
Joe_knockI was running a decent-sized app on a 1 gig service for $7, granted, those guys fucked me around after a while. I'll never buy from a new outfit ever again.23:59
IdleOnecan we please keep the language clean in here23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!