/srv/irclogs.ubuntu.com/2014/05/27/#ubuntu-server.txt

TJ-lorenz: I think at the shell prompt you'll probably need to do  "export quiet=n; set -x" ". scripts/functions" ".scripts/local" "mountroot"00:00
lorenzTJ-: Where?00:00
TJ-lorenz: on the kernel command-line it should be "linux .... break=mountroot"00:00
lorenzTJ-: Oh! I thought I needed to modify the maybe_break in init00:01
TJ-lorenz: That'll drop the the shell prompt in /init just before the mountroot is done, so you can then do it manually using the commands above ^^^00:01
TJ-lorenz: oh! no... they're clever ways for the script to test if you want it to stop at that point, and they use the kernel command-line to find out by looking for "break=xxxx"00:01
TJ-lorenz: if "xxxx" matches a "maybe_break xxxx" then the script stops at that point and drops to the shell prompt00:02
lorenzTJ-: Kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)00:05
TJ-lorenz: hmmm!00:06
TJ-lorenz: possibly a side-effect of not quite having the correct manual steps, but did you get any debug output from the scripts to give us a clue?00:07
TJ-lorenz: when you call "mountroot" that's from "scripts/local", which first calls "pre_mountroot" in the same script file. That should be bombing you with useful info00:08
lorenzTJ-: I got in :) I adjusted my build process for the initrd's a bit00:08
TJ-OK :)00:09
lorenzTJ-: Verbosity level is up, should I now launch mountroot?00:10
TJ-lorenz: do all the steps I outlined above ^^^00:11
TJ-lorenz: "export quiet=n; set -x" ". scripts/functions" ".scripts/local" "mountroot"00:11
lorenzTJ-: Ok, done. produced a whole lot of output.00:12
TJ-lorenz: And do you have a read/write root file-system? "cat /proc/mounts"00:12
lorenzTJ-: https://imgur.com/3CJKH4c00:13
lorenzTJ-: ext4 ro ...00:13
TJ-OK... so its done that all correctly, so lets see if we can manually complete init00:13
lorenzTJ-: It's still read-only?00:14
TJ-It should be00:14
lorenzTJ-: Ok00:14
TJ-lorenz: I'm trying to figure out an 'easy' way to get that script to pick up where it left off.00:15
TJ-lorenz: actually, I may be wrong there, it might be supposed to be writeable00:18
TJ-lorenz: "mountroot" does, eventually: "mount ${roflag} ${FSTYPE:+-t ${FSTYPE} }${ROOTFLAGS} ${ROOT} ${rootmnt}"00:19
lorenzTJ-: So it should be read-only. But where will it be remounted?00:20
TJ-lorenz: Actually no it ought to be read/write. it's mounted to ${rootmount} right now00:20
TJ-can you do "echo ${roflag}"00:21
TJ-lorenz: That should be "-w"00:21
lorenzTJ-: It is actually -r00:21
TJ-lorenz: Which is set by "${readonly}" ... echo that one too please00:21
lorenzTJ: echo ${readonly}: y00:22
TJ-lorenz: OK, we were correct the first time, the default value is "export readonly=y"00:22
TJ-lorenz: That is also set if "ro" is on the kernel command-line00:23
lorenzTJ-: Yes, that argument is set on the grub cli00:24
TJ-lorenz: OK... so that is good. The switch to read/write will be done when the real root /etc/fstab is read by mountall00:26
TJ-lorenz: OK... I can't see an easy way right now to continue execution in the ./init script, so the best thing to do is reboot it.00:27
lorenzTJ-: Can I execute mountall?00:27
TJ-not from the initrd no, it needs a restart with "break=XXX"00:29
TJ-lorenz: **without** "break=XXX" !!!00:29
lorenzTJ-: break=mountall or without break at all?00:30
TJ-without it at all. It's not given us any better info unfortunately, aside from we know the rootfs isn't having a problem being mounted00:30
TJ-lorenz: so now I'm looking at what happens once the real root-fs /sbin/init starts00:30
lorenzTJ-: Still breaking at plymouth-upstart-bridge00:31
TJ-It's really hard to think it through without being able to explore it directly.00:32
lorenzTJ-: What should I do?00:33
lorenzTJ-: I saw something: EXT4-fs: re-mounted. Opts: (null)00:34
lorenzTJ-: Shouldn't that be remount,rw?00:34
TJ-lorenz: I'm at a loss right now; I'd be looking for ways to monitor the boot scripts to find out what's happening00:35
EzeQLhi, im trying to setup postfix and dovecot. I am getting : Initialization failed: namespace configuration error: inbox=yes namespace missing00:36
Maceri just moved all my gear and it's nice to know that when it came to the ubuntu server all i had to do is turn my UPS on heh00:36
Macerbooted, started my containers, done.00:36
lorenzEzeQL: Post your dovecot.conf somewhere00:37
TJ-lorenz: Check the "/etc/fstab" for the root file-system00:37
TJ-lorenz: Here I have "grep remount /var/log/dmesg"   "[   11.136487] EXT4-fs (dm-5): re-mounted. Opts: errors=remount-ro" and "/etc/fstab" "/dev/mapper/Hephaestion-Ubuntu_14.04_rootfs     /                         ext4    errors=remount-ro 0       1"00:38
lorenzTJ-: I got /dev/sda1 /  ext4   defaults 0   100:40
TJ-lorenz: that'd explain the null, but not why it doesn't remount rw00:41
EzeQLlorenz, http://pastebin.com/C0CNiDbE00:44
lorenzEzeQL: That file does nothing, when you remove the comments it just includes other stuff and nothing else00:46
EzeQLim following this: https://digitalocean.com/community/articles/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassasin00:47
EzeQLwhen i try to login using pop3: i get -ERR [SYS/TEMP] Internal error occurred. Refer to server log for more informatio00:47
EzeQLn.00:47
lorenzEzeQL: You missed step 4: You need to download the files from Dropbox00:48
TJ-lorenz:  do you have in "/var/log/dmesg" or from "dmesg" "EXT4-fs (sda1) mounted filesystem with ordered data mode" for the root file-system ?00:49
EzeQLlorenz, are you sure? https://www.dropbox.com/s/wmbe3bwy0vcficj/etc-dovecot-dovecot.conf.txt compared to mine have some diffs00:50
lorenzTJ-: How should I check that?00:50
lorenzTJ-: Could I inject a custom init-script that prints out stuff?00:51
TJ-lorenz: "dmesg | grep 'ordered' " or "grep 'ordered' /var/log/dmsg"00:51
lorenzTJ-: I don't have access to a shell00:52
TJ-lorenz: of course! Grrr00:53
EzeQLlorenz, any hint?00:53
EzeQLquite tired of working on this00:53
lorenzEzeQL: The guys from digitalocean commented the main namespace out00:55
lorenzEzeQL: I can give you my config00:55
EzeQLlorenz, ok!00:56
TJ-EzeQL: It looks like you uncommented "#inbox = no" in "/etc/dovcot/conf.d/10-mail.conf" but not the surrounding "namespace"... it shouldn't be needed in most cases00:57
lorenzEzeQL: http://paste.ubuntu.com/7525600/ (single file)00:57
lorenzTJ-: It seems like that upstart fails01:03
TJ-lorenz: hmmm01:05
TJ-lorenz: the root-fs is 60GB isn't it?01:05
lorenzTJ-: Yes01:05
lorenzTJ-: The new one is only 40GB01:05
TJ-lorenz: I'm digging but not finding any clues01:05
lorenzTJ-: I booted in verbose mode with --verbose and found out that upstart is starting the services in precisely 5-second-intervals which is exactly the standard respawn limit (http://manpages.ubuntu.com/manpages/natty/man5/init.5.html)01:07
TJ-are the same processes being respawned01:09
lorenzTJ-: Yes01:09
TJ-you know how upstart works? emits events which jobs do things like 'start on filesystem started'01:10
lorenzTJ-: Yes01:10
TJ-I'm wondering if an early job isn't emitting its signal01:10
TJ-The other thing I'm wondering about is how long it is until udev starts01:11
lorenzTJ-: I never saw udev starting01:12
TJ-lorenz: hmmm01:13
lorenzTJ-: It tries to start plymouth-upstart-bridge over and over again01:14
lorenzTJ-: At 86 seconds it first launched mountall and afterwards it handles plymouth-ready events all over the place, but it's still being restarted all the time01:15
TJ-lorenz: and that fires on the "startup" event... I wonder if that is firing repeatedly because, maybe, udev fails to start01:15
lorenzTJ-: It seems that it starts a new service around every 30s and restarting the other ones constantly at a rate of one per 5 seconds.01:16
TJ-I think it's worth trying on the kernel command-line one or both of "nolapic" and "noapic"01:22
lorenzTJ-: No effect, I also tried them before.01:24
lorenzTJ-: I need to get upstart to print errors01:24
TJ-lorenz: it was a long shot... that'd only really apply to bare metal anyhow01:24
TJ-lorenz: http://askubuntu.com/questions/465193/14-04-pxe-slow-boot-process-udev-upstart-systemd01:28
lorenzTJ-: Looks exactly like my issue, besides that mine doesn't start at all01:29
TJ-here's some helpful shell terminal for boot debuging upstart http://upstart.ubuntu.com/wiki/Debugging#Boot_Problems01:30
TJ-lorenz: I recall a critical issue during the last cycle where an upstart script had a syntax error that caused upstart to fail... I wish I could remember the bug ref01:33
lorenzTJ-: Could it help to remove upstart scripts?01:35
TJ-ahhh, that was a SIGSEGV of /sbin/init due to a bad alsa-utils config01:37
TJ-lorenz: Those and sysvinit scripts, but it's a case of figuring out which ones01:37
=== Gallomimia_ is now known as Gallomimia
TJ-lorenz: I wonder, have you tried updating the kernel to a newer release?01:44
lorenzTJ-: I can't do that anymore01:44
lorenzTJ-: I'm going to bed now. At least I know that the problem is upstart. I'll look into it tomorrow.01:45
lorenzTJ-: Thank you for your help, It's very appreciated.01:46
TJ-same here, it's almost 3am01:46
SachiruAnyone use ZFS on ubuntu for production and manage to get it run stable? How much RAM did it eat up as minimum system requirements?05:36
Sachiru_Anyone use ZFS on ubuntu for production and manage to get it run stable? How much RAM did it eat up as minimum system requirements?05:48
Oplexanyone running deluge web ui on headless server?? I am trying to figure out why my config file won't save ..06:02
=== Ursinha-afk is now known as Ursinha
=== Sachiru_ is now known as Sachiru
jdstrandsoren: hi! did you ever get an answer to your question?06:42
MannerManSachiru: I'm running ZFS on Ubuntu 12.04, general recommendation is 1gb of ram per TB of storage for ZFS06:45
MannerManI have 3 disks alá 1TB, and have dedicated 4gb to ZFS, run without issue for 1.5 year06:45
jdstrandsoren: you probably want https://usn.ubuntu.com/usn-db/database.json.bz2 (https://usn.ubuntu.com/usn-db/database.json.bz2.sha256)06:47
jdstrandsoren: that will have all active releases. for all releases since we began tracking, you can use database-all.bz206:47
sorenjdstrand: Hi!07:02
sorenjdstrand: No, I didn't get a response yet.07:02
sorenjdstrand: I'll take a look at that database. That sounds like exactly what I need.07:02
jdstrandcool (and sorry I missed you before)07:03
sorenjdstrand: No worries. I pretty much wandered off right after asking and just came back now, so your timing couldn't have been better. :)07:03
sorenjdstrand: Still in Malta, I presume?07:03
sarnoldSachiru: check out #zfsonlinux -- ram usage depends if you turn on deduplication or not. you'll need at least one gigabyte per terabyte of storage that is being de-duplicated.07:05
sarnoldSachiru: there are known issues with memory accouting, you might wish to reduce the size of your ARC from the defaults if you're finding you're under significant memory pressure07:05
sarnoldSachiru: even though some people get zfs on / working, it feels like too much work to me. I'm intending on building a zfs storage box sometime soon and won't bother with zfs on root.07:06
ruben23hi guys is it possible to ssh tunnel to a multiple web server on a remote server..? scenario is i have 1 firewall(publicIP) and 2 local webserver, and water to access the webpage on this both local webserer using SSL, problem they might be using same port 443 - standard fro SSL07:09
Oplexi'm kinda putoff by deluge, i just want something slim that works and will integrate with other programs like sickbeard / couchpotato etc...07:14
sorenOplex: I think you have the wrong channel.07:15
=== Lcawte|Away is now known as Lcawte
jdstrandsoren: yes, which is why I missed you-- sprinting is hard :)07:18
morph-anyone here use symfony?08:41
=== EzeQL is now known as Guest57558
hxma spanish framework?09:50
hazmatstgraber, https://github.com/containers/container-rfc09:52
Guest57558hi10:06
=== Ursinha is now known as Ursinha-afk
=== EzeQL is now known as Guest97593
=== Ursinha-afk is now known as Ursinha
ruben23ok i have a windows PC and 2 remote linux server behind firewall..currently Linux1 is port frowarded for port 22 only and linux 2 are not.. this linux are both webserver with using SSL, 1. how to i ssh tunnel to linux1 to be able to display its SSL page on my windows PC browser and at the same time Linux 2 also same scenario, diaply the SSL page on my windows PC.11:37
pmatulis_morning11:39
Tazmainhi all , does anyone know of a good backup program that can do a backup to a ftp  ?11:42
OpenTokixTazmain: rsnapshot probably11:42
TazmainOpenTokix, I will have a look at that thank you.11:43
OpenTokixTazmain: does it have to be ftp?11:43
TazmainOpenTokix, as far as I am aware that is the only option that the place that hosts our server is giving us.11:44
TazmainIts a local ftp to them11:44
OpenTokixTazmain: ok11:45
loolstgraber: Would you know of a workaround or a patch for the unprivileged LXC bug?  LP #132206711:58
uvirtbotLaunchpad bug 1322067 in lxc "3.15.0-1.x breaks lxc-attach for unprivileged containers" [Undecided,Confirmed] https://launchpad.net/bugs/132206711:58
zulcontainers containers containers12:03
montekkihi all. how can i view packets that are dropped by interface? i know that for fedora there is dropwatch but i failed to make it work  on ubuntu12:06
stgraberlool: it's already fixed12:11
stgraberlool: just waiting for the security team to fix apparmor so lxc actually migrates to utopic12:11
=== Mez_ is now known as Mez
stgraber(kernel regression is making lxc's adt fail at the moment which in turn prevents cgmanager and systemd from migrating. jjohansen has a patch so this should be resolved soon)12:12
loolstgraber: oh sorry, I wonder why I still hit it12:13
loolstgraber: I'm on utopic12:13
sarnoldmontekki: if th epacket was dropped by the interface.. doesn't that mean it was -dropped-? as in, never makes it to the kernel?12:13
stgraberlool: unless you're using lxc from utopic-proposed, you don't have the fix, the fix will land in utopic's release pocket only once the utopic kernel is fixed and I can get lxc to pass adt testing again12:13
jjohansenlool: right, it passes the lxc tests, and I am putting together the pull request for the kt, it should go out in a few minutes12:14
loolkt?12:14
looloh12:14
looljjohansen: thanks12:14
loolso I guess workaround is to downgrade to older kernel12:14
stgraberlool: that or pull lxc directly from utopic-proposed12:15
jjohansenlool: right, if you drop back to the last 3.13 kernel it will work12:15
hxmhi, I am migrating a server and I want to create exactly the same user as it is in the old server, a part of use the same username, what else do I need to copy, the id and something more?12:17
loolstgraber: ah ok; I thought kernel upload was still pending in utopic; utopic-proposed packages worked12:18
loolthanks all12:18
montekkisarnold: nope in fact not, if kernel drops a packet due to some reason (like ipv6 when the host is not configured for it) this drop will also inc the counter of dropped packets in ifconfig12:19
montekkisarnold: at least i believe it is true for kernels newer than 2.6.something12:19
sarnoldmontekki: ahhh. thanks.12:22
lorenz_TJ-: I replaced Upstart with systemd and figured out that udev causes the boot to hang12:35
TJ-lorenz_: Hmmm, is that a permanent fix or a proof of problem?12:37
lorenz_TJ-: More a proof of problem. systemd also hangs at udev12:37
lorenz_TJ-: At least it shows where it hangs12:38
TJ-lorenz_: OK. Those PPAs on that system, do any of them add custom udev rules "/etc/udev/rules.d/*" ?12:38
TJ-lorenz_: Or in "/lib/udev/rules.d/*"12:38
lorenz_TJ-: I tried removing the complete /etc/udev/, replacing it with other versions, no luck. I haven't checked /lib/udev/rules.d yet12:39
TJ-lorenz_: if you can chroot mount the root file-system, you can do "dpkg-query -S /lib/udev/rules.d" to find any packages that add to that location12:40
lorenz_TJ-: Yes, it worked: udev, consolekit, systemd, libsane:amd64, qemu-system-common, bridge-utils, hdparm, biosdevname, btrfs-tools, crda, keyboard-configuration, gnupg, dmsetup, docker.io, pulseaudio, xserver-xorg-core, util-linux, udisks2, librbd1, colord: /lib/udev/rules.d12:40
TJ-lorenz_: OK... I'm going to point at PPA-packages, like docker.io first as things to read and possibly disable12:42
lorenz_TJ-: docker.io is from universe, but I'm gonna disable it anyways12:42
TJ-Is it? OK, hadn't realised that.12:43
TJ-lorenz_: Whilst you've got a full chroot, I'm wondering if it may be worth doing "apt-get --reinstall install udev udev libudev1 upstart" in case there is some corruption in the binary installation ?12:45
lorenz_TJ: Done! I'm trying to boot now.12:46
lorenz_TJ-: No luck. Still hanging at udev12:46
TJ-lorenz_: This is with systemd-init ?12:47
lorenz_TJ-: Yes12:47
TJ-lorenz_: OK... have you had chance to use that debug technique I pointed to yesterday, where you start with init=/bin/sh, start a 2nd terminal "getty -8 -n -l /bin/sh 38400 tty2 &", , then do "exec /sbin/init" in the first terminal ?12:49
TJ-lorenz_: If that approach works, then you can move on to running "udevadm monitor ..." in the 2nd terminal12:49
lorenz_TJ-: Nothing in dmesg, logs were not changed12:49
lorenz_TJ-: I can do that12:50
lorenz_TJ-: Hangs at /devices/virtual/vtconsole/vtcon012:54
TJ-lorenz_: oooo, real data at last :)12:54
TJ-lorenz_: I'd suggest expanding the usage now you know it works, by doing "udevadm monitor --kernel --property" so we can see the KEY=VALUEs being fed through12:55
lorenz_TJ-: Ok, doing that12:55
TJ-lorenz_: that report was it very similar to "KERNEL[13.267429] add      /devices/virtual/vtconsole/vtcon0 (vtconsole)"12:56
lorenz_TJ-: Exactly that line (just another time)12:56
TJ-Great... I can follow your progress by viewing my local "/var/log/udev"12:57
TJ-lorenz_: Is the server self-contained, or, does it rely on an external service for authentication, such as using pam_console to query an LDAP server12:59
lorenz_TJ-: nothing new hangs at the same position but shows now SEQNUM=1910 SUBSYSTEM=vtconsole UDEV_LOG=712:59
TJ-UDEV_LOG=7 ... will likely be the "debug" log setting13:01
TJ-Well, now we know what to look at... console.... so, any recent changes to the underlying console drivers, or graphics drivers (drm stuff maybe?)13:02
lorenz_TJ-: Well, it doesn't have any special graphic drivers (it normally runs without a screen and is installed without a GUI)13:03
TJ-lorenz_: OK... here's what should come next (from my local udev log) http://paste.ubuntu.com/7529123/13:04
lorenz_TJ-: Mine stops at vtcon013:04
TJ-lorenz_: OK, another tack... how many CPUs have you allocated to the VM guest?13:06
lorenz_TJ-: 2 CPUs13:06
TJ-Can you try it with 1?13:07
lorenz_TJ-: Now udevadm monitor outputs "add /module/zswap (module)" as last line13:10
TJ-lorenz_: OK ... so this could be a kernel freeze up then13:10
TJ-lorenz_: what we see from udevadm is the events being supplied by the kernel... looks like they are drying up13:11
lorenz_TJ-: I have no swap, so zswap is unlikely the issue13:11
TJ-I don't think the events we see are linked to the problem; I think there's something else going on. Are you booting with "debug" on the kernel command-line? I think we ought to be able to capture the kernel boot messages (maybe over a serial console connection) and review them carefully.13:14
TJ-This is where testing alternative kernel versions might help13:15
lorenz_TJ-: I tried a lot of kernels, didn't help13:16
TJ-lorenz_: Do you have "/lib/udev/rules.d/85-lvm2.rules"13:21
lorenz_TJ-: No13:21
TJ-OK ... strike one possible cause then :)13:22
TJ-lorenz_: On that 2nd (or a 3rd console) when it hangs can you capture "ps -efly" and let me see it?13:24
TJ-lorenz_: I'm exploring whether udev is modprobe-ing a kernel module which gets stuck13:25
lorenz_TJ-: ps -efly hangs too13:28
TJ-So... kernel issue then13:28
TJ-so now we need to capture the kernel log (over serial maybe) as I described, and analyse it13:28
lorenz_TJ-: Ok, so it works. How can I increase the verbosity, because it seems that it doesn't log much more than on the screen13:36
TJ-lorenz_: If you have "debug" on the kernel command-line that'll be max verbosity13:37
TJ-lorenz_: obviously, remove any "quiet" option since that is minimal logging13:37
lorenz_TJ-: I found https://wiki.archlinux.org/index.php/Boot_debugging, I'm setting it to Heavy Debugging13:37
TJ-lorenz_: OK... the main benefit there is log_buf_len=10M... one thing to bear in mind, if the root issue is a timing issue, then adding too much debug output can actual slow things down enough to workaround the issue so it goes away :)13:39
lorenz_TJ-: Well, I now get a lot of systemd messages, but still not more kernel messages13:44
lorenz_TJ-: [    1.598937] systemd[1]: systemd-random-seed-load.service changed dead -> start [    1.601965] systemd[1]: Accepted connection on private bus. These are the last two systemd lines13:44
TJ-Grrr @ systemd hijacking the kernel logging13:45
hallynwtf - rackspace suddenly seems to only have ubuntu 10.04 and 12.04 images for creating a server?13:52
hallyni seem to be on an ancient view.... newest fedora is 1713:52
hallynzul: projected date for new libvirt?14:03
Havenstanceis there a working tutorial on how to make mdadm send email notification of a failure event?14:07
HavenstanceI know to process it needs a mail client to send with. I have SSMTP up but I can't seem to get it working for whatever reason.14:07
raubSo I just updated postfix in my 12.04LTS server. And one of the things it did was to delete http://pastebin.com/0PrTwUkb from my main.cf. Does anyone know why?14:19
TJ-raub: did the postconf ask to replace the existing config file?14:20
raubTJ-: nope. It was completely automatic14:21
raubTJ-: I will not mention it also decided to reset my tls cert14:22
TJ-raub: updates should always prompt if you've changed the config file from standard14:22
raubI do agree, which why this was very, well, not pleasing14:22
TJ-raub: I *think* there should be upgrade logs in /var/log/apt/ or /var/log/dpkg/ or similar... can't recall if 12.04 has those or where they are, though14:23
TJ-raub: which version of postfix? I haven't seen an update in a while14:24
raubThe file in question would be /var/log/apt/term.log14:24
TJ-raub: The latest update I have is "postfix (2.9.6-1~12.04.1)" from Febrauary14:26
raubdovecot-postfix 1:2.0.19-0ubuntu214:26
raubI will need to check the postfix package version14:26
TJ-Oh... dovcot!14:26
lorenz_TJ-: I'm going to reinstall. Nothing seems to work :(14:26
TJ-raub: "dovecot (1:2.0.19-0ubuntu2.1)" ... May 14th14:27
TJ-lorenz_: It's very strange... wish I had access I'm intrigued as to what you've got there14:27
raubTJ-: http://pastebin.com/PE3qKqub14:27
raubmain.cf is postfix14:27
TJ-raub: that *is* bad!, especially for a silent upgrade14:28
TJ-raub: bug-report it, that's really not good14:28
TJ-raub: I'm not using that package which is why I didn't see it14:29
raubI do not even know about mail-stack-delivery14:29
raubAnd, I now see I should not have used the postfix-dovecot "helpful" package, instead installing both separately as Xenu wanted14:30
TJ-raub: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3430.html14:31
uvirtbotTJ-: Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430)14:31
raubI should be running dovecot 214:31
raubLemme check14:31
raub2.0.19. still behind times (I get mocked at #dovecot a lot) but not 1.114:32
raubhmmm, the more I read the CVE the more confused I am about the version number thingie14:33
sarnoldheh, yeah, that's not a great summary.14:33
TJ-dovecot has several parallel 'stable' branches14:34
raubAFAIk they do want you to go to 2.X14:34
raubOn an unrelated note, does any of you run sudo-ldap in 14.04? It is core dumping on me14:36
sarnold10.04 LTS EOLs in eleven months, hopefully the few still using it will be upgrading soon :)14:36
=== swebb is now known as zz_swebb
raubsarnold: you are such a joker14:36
cloudman1happy with 12.04 here at the moment, still having problems installing Virtualmin on 14.04, webmin is ok though on it14:37
cloudman1On a fresh install of 14.04 seem to be having problems with  libapache2-mod-fcgid, wont install for some reason14:38
sarnoldraub: hehe yeah, lucid isn't so bad. I was happy to say goodbye to hardy though. :)14:39
=== Lcawte is now known as Lcawte|Away
Havenstanceanyone know of a decent tutorial on SSMTP?15:04
=== Lcawte|Away is now known as Lcawte
qman__I use postfix regardless of how simple or complex the task, because it's easy to set up and widely supported15:12
hydruidHavenstance: the configuration for SSMTP is super simple, not much to it15:12
=== zz_swebb is now known as swebb
raubHavenstance: what do you need to do with it?15:18
raubOf course I mean beyond sending mail out, but the particulars15:19
Havenstancetrying to configure MDADM to use it to email failure notifications15:19
Havenstancebut with my setup SSMTP will not authenticate properly15:20
raubCan you pastebin a defanged version of the config?15:20
HavenstanceI've tried several different versions based on lots of different tutorials i've tried with it15:20
HavenstanceIf someone could pastebin a working one and I could sub my info maybe that might work?15:21
Havenstancei'll throw in what i have and what the terminal reads tho to help :)15:21
raubHavenstance: http://unixwars.blogspot.com/2013/08/installing-ssmtp-in-redhatcentos.html15:22
raubignore the redhat/centos part15:22
raubAlso has some test thingies15:22
HavenstanceThis is the pastebin of the config and the terminal readout from the attempted test pastebin.ubuntu.com/7530107/15:30
Havenstancehttp://pastebin.ubuntu.com/7530107/15:30
Havenstancethere15:30
Havenstanceit does not use SSL/TLS at all either15:31
HavenstanceUsername & PW Are correct also15:31
raubCan you telnet to mail.royscorner.com port 2626 and send email by hand?15:32
raubAlso, I like to do ssmtp -v when testing15:32
raubAnd, is the machine in question in the internet or behind a firewall natting its way?15:33
zulhallyn:  next week15:35
zul1.2.5 is out next week so thats the next one15:35
hallynzul: so you're waiting for 1.2.5 for utopic?15:36
zulyep15:37
hallynsuddenly rackspace gives me modern images again.  starts building, now sits at 80% created for 3 minutes.15:37
hallynzul: ok15:37
* hallyn should look into digitalocean15:37
arosalesmatsubara, I am yet again late on sending out the meeting minutes.  I got the blog, email, and wikis updated.  However, since this is such late notice that you are up next I am fine with chairing this week unless you would like too :-)15:38
raubHavenstance: testing smtp auth using telnet: http://www.ndchost.com/wiki/mail/test-smtp-auth-telnet15:39
zulhallyn:  problems?15:40
matsubaraarosales, I can do it. No worries, you paid your due already heh15:44
arosalesthank you matsubara :-)15:44
=== psivaa is now known as psivaa-sprint
hallynzul: 9915:54
zulhallyn: ?15:58
=== mrmist is now known as mist
hallynsorry just jokingly referencing http://youtu.be/WwoM5fLITfk15:59
hallynbut yeah rackspace is being very weird today16:00
hallynand the build (jessie vm) is STILL at 80% built16:00
zulhallyn:  are you joining the containers meeting on #openstack-meeting-alt?16:01
hallyni'd thought this woudl be faster than building msyelf a new vm locally.  i was wrong16:01
hallynzul: hm, i guess. it conflicts :)16:01
zulhallyn:  yep16:01
FrEaKmAn_hi all.. I want to block a request from certain websites.. what is the best way to solve it? firewall?16:19
cfhowlettFrEaKmAn_ or blocked at the router ...16:20
FrEaKmAn_no, I'm using VPS16:20
cfhowlettFrEaKmAn_ you could also edit your DNS to block16:20
FrEaKmAn_ubuntu 12.04...16:20
FrEaKmAn_but I'm no sure if I can block by ip16:21
FrEaKmAn_but by referrer16:21
TJ-FrEaKmAn_: what do you mean by "block a request"? Web-sites don't generally make requests directly to other servers, their clients do16:21
FrEaKmAn_http://semalt.com/16:22
FrEaKmAn_somebody is using this service to crawl/check my websites16:22
FrEaKmAn_and it's getting on my nerves because it's killing my metrics16:22
gaughenmatsubara, I think you set the new land speed record on getting the irc mtg done ;-)16:22
TJ-FrEaKmAn_: that sounds like blocking based on user-agent, or source IP range16:23
TJ-FrEaKmAn_: This might get you started: http://httpd.apache.org/docs/2.2/rewrite/access.html16:23
matsubaragaughen, heh I tend to rush these thing over. Hopefully I didn't miss anything16:23
FrEaKmAn_TJ-, thanks.. I will check it out16:25
FrEaKmAn_other question is which firewall do you recommend?16:25
FrEaKmAn_I have few apps running at different ports and want to block access16:25
TJ-FrEaKmAn_: the one that's already there! netfilters, controlled by iptables or some higher-level tool16:25
FrEaKmAn_ok16:26
=== Ursinha is now known as Ursinha-afk
hallynahs3: around?17:07
hallynahs3: http://people.canonical.com/~serge/netcf-src-0.2.4/netcf_0.2.4-1.dsc  appears to be testing well on jessie17:11
cloudman1Hi apparently I cannot install 12.04 on a new server I got because the hardware is too recent, whats that all about??17:12
hallynwaiting for some libvirt testing still, but i think it should be ready17:12
TJ-cloudman1: You'll need the HWE kernels (hardware enablement) https://wiki.ubuntu.com/Kernel/LTSEnablementStack17:13
cloudman1Thanks, will tell my server people17:14
cloudman1But I guess they will say we dont offer that etc17:15
cloudman1I think I see theyre point17:15
cloudman1thier17:15
cloudman1or is it their17:15
TJ-yes, it is17:16
cloudman1or they're17:16
TJ-"I before E except after C... except in their!17:16
TJ-they're is short for "they are" ... "their" is the possessive17:16
cloudman1that i before c is complete nosense17:17
cloudman1or i before e I mean17:17
cloudman1its why I dont code17:17
ahs3hallyn: dude.  cool.  could you drop me an email with that link in it so i don't forget?  i'll see if i can get to it this week.17:28
hallynahs3: thanks, will do17:30
ahs3hallyn: sweet.  thx.17:31
hallynttyl17:31
cloudman1TJ is that enable stack ok for 12.04 to 14.04??17:41
TJ-cloudman1: see https://lists.ubuntu.com/archives/ubuntu-devel/2014-February/038042.html17:46
tewardis rbasak alive at all?17:59
nikki1hi18:00
pmatulis_strange question teward18:00
tewardpmatulis_, strange question because i'm trying to see whether the bug importance change he did on an nginx bug was automated or not :p18:00
tewardsome of the bug importance changes by people, they seem automated almost :P18:01
pmatulis_teward: it just looks that way.  bug #?18:01
tewardgive me a minute to grab it, chrome just exploded on me18:01
pmatulis_ah18:02
tewardBug #132338718:02
uvirtbotLaunchpad bug 1323387 in nginx "Auth Request module does not seem to be loaded in the "extras" package" [Medium,New] https://launchpad.net/bugs/132338718:02
tewardnot entirely certain that's a 'medium' but meh18:02
teward:P18:02
teward(extras package != main last i checked)18:02
Havenstanceraub, it might be working now. I ran a test and it seemed to have went somewhere. took some playing18:08
pmatulis_teward: is the workaround to load the module manually?18:09
tewardpmatulis_, the workaround is a recompile, this isn't apache, so it's not as module-friendly18:09
tewardpmatulis_, nginx doesn't have plug-and-play modules like apache does18:09
pmatulis_ok18:09
pmatulis_teward: so unable to implement the old username/password stuff on nginx in Trusty?18:10
dasjoeI'm trying to semi-automate a debootstrap deployment, any idea on how to get grub-pc not to ask me where it should install itself?18:10
tewardpmatulis_, i... think it might be a bit different than basic username/password auth, AFAICT from the docs, it implements client auth based on the result of a subrequest18:11
tewardand based on the status codes returned, access is allowed or refused18:11
teward(basic username/password auth exists as part of the auth basic module)18:11
pmatulis_ah18:12
tewardpmatulis_, i've never had to actually use this module18:12
pmatulis_teward: why do you need it now?  just curious18:12
tewardpmatulis_, *points at the bug filer's name*18:12
tewardyou'll notice a difference between them and me :p18:12
pmatulis_it's not you?18:12
tewardpmatulis_, i'm just tryin to figure out why robie made it a medium18:12
tewardpmatulis_, no, my LP is ~teward18:13
tewardThomas Ward (~teward)18:13
tewardthat != trevor slocum (bug filer)18:13
tewardi just watch the nginx bugs like a hawk :P18:13
teward(USUALLY its my handiwork making minor patches for the package)18:13
pmatulis_teward: we need to understand the impact to increase the importance18:14
tewardpmatulis_, my concern is medium is too high18:14
tewardnot that it needs higher :P18:14
pmatulis_oh!18:14
tewardpmatulis_, two considerations on that:18:15
pmatulis_teward: then Medium is good18:15
tewardok18:15
pmatulis_teward: see https://wiki.ubuntu.com/Bugs/Bug%20importances18:15
tewardpmatulis_, i'd say low because "moderate impact on non-core"18:15
tewardand i'm familiar with bug importances, i do do triage work :P18:16
tewardbut meh18:16
pmatulis_gotcha18:16
* teward yawns18:16
tewardprobably *not* the best thing ot be doing triage while recovering from the flu18:16
tewardbut i'm bored out of my skull watching netflix >.>18:16
pmatulis_i watched a ghenkis khan (spelling?) one yesterday18:17
tewardheh18:17
rbasakteward: what importance do you think it should be?18:17
tewardrbasak, low, because "moderate impact on a non-core application"18:17
rbasakteward: sure. Go eahead and change it.18:17
tewardrbasak, and i'm basing that on the nginx-extras package, since it's not the nginx-core package that's in main18:18
tewardrbasak, done.18:18
pmatulis_that's true18:18
Havenstance2okay so this one is new... http://pastebin.ubuntu.com/7531067/18:18
Havenstance2any clues?18:18
rbasakteward: my main concern was to get the size of the server triage queue down.18:19
tewardrbasak, true.  i think we should be careful just activating arbitrary code though18:19
tewardthe code probably still exists in the code18:19
rbasakteward: and setting things to Low irks reporters sometimes, so maybe I err on the higher side to avoid getting into that debate.18:20
rbasakteward: is it supposed to be activated? That was what was implied in the bug to me. If not, then Wishlist?18:20
tewardrbasak, its listed in the package description supposedly, but I don't have Synaptic on this system to check (only Trusty cli in a very poorly-resourced VBox VM)18:20
tewardrbasak, i'm going to poke the changelog to see if it was ever deactivated18:21
rbasakteward: thanks for looking! Please do what you think is best (or leave it if you need to).18:23
tewardrbasak, i'm hesitant to turn it on, but i can't check upstream or the PPAs as easily through my non-Ubuntu system18:23
teward(my Ubuntu system is in the middle of a rather large rsync operation backing up /home/* and /etc/ and the package list of what's installed)18:23
teward(in preparation for Precise -> Trusty upgrade)18:24
tewardrbasak, the code exists, but it's probably supposed to be on but isn't.18:24
tewardhmm...18:25
tewardrbasak, this might be wishlist18:26
tewardrbasak, according to http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/nginx/trusty/view/head:/debian/control that module isn't listed under the nginx-extras package description18:26
Havenstance2Anyone have time to take a peek at something? I'm getting an error with SSMTP and Ubuntu Server18:27
Havenstance2http://pastebin.ubuntu.com/7531067/18:27
tewardrbasak, FYI, package status -> Incomplete because there's no confirmation on this18:29
teward(I'm curious where they're seeing this, when it's *not* listed in the package)18:29
tewards/package status/bug status/18:29
n88afternoon guys... i'm trying to migrate my pure-ftpd users from one server to a replacement server... I apt-got installed pure-ftpd, configured it, added the ftpgroup group and ftpuser user accounts with the same GID and UID of the server i'm migrating from18:31
n88copied over pure-ftpd.passwd and pure-ftpd.pdb18:32
n88pure-pw mkdb'ed... but no dice... pure-pw list shows the same accounts on both servers now but the new one isn't allowing login18:32
n88anyone done this before that can give me a hand ?18:33
tewardrbasak, update: they confused the Debian package with the Ubuntu package.  this is a Wishlist type bug.18:54
RoyKwhat's the reason noone's taking care of bug 1171945?18:58
uvirtbotLaunchpad bug 1171945 in mdadm "Nested RAID levels aren't started after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/117194518:58
hxmis it safe disable sendmail if I use postfix?19:03
LearGear1Hi - does anyone know if Dell T110 server with Dell SAS 6/iR Raid controller will work out of the box with ubuntu?19:18
lamonthxm: if you install the postfix package, it (1) removes the sendmail package and (2) provides a daemon called sendmail/19:23
hxmbut there is a cron (dont know where) that does this (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp) all the time19:25
hxmand is still running somehow19:26
hxmapt-get remove sendmail says there is no sendmail package to remove (already previously removed)19:26
=== Guest97593 is now known as EzeQL
=== alexisb is now known as alexisb_bbl
Kruggeranyone using any other good centralized authentication mechanism than LDAP + Kerberos?20:39
Patrickdkheh? ldap + kerberos?20:40
Patrickdkone could use ldap, or kerberos20:40
Patrickdkbut there is also radius20:40
Patrickdkalso saml20:40
KruggerI just needed to authenticate a couple of users in several ubuntu server that are running SSH20:43
Kruggerthe problem is kerberos doesn't create the home directories and makes sure all user ID are the same across the whole cluster20:44
Kruggerso I have to add LDAP in the mix20:44
Kruggerand I really hate LDAP20:44
Kruggerand NIS is an even worse solution20:45
Kruggerwas hoping someone had developed a nice solution for it20:46
=== mjohnson151 is now known as mjohnson15
nwilson5haven't done anything with lvm before, but I'm assuming it's possible if I took 2 3TB drives to set it up as one 6TB partition ?22:21
patdk-lapnwilson5, sure22:30
* genii resists the temptation to smack the crap out of copocaneta22:57
Patrickdkgenii, no need to resist23:04
=== swebb is now known as zz_swebb
=== thumper is now known as thumper-otp

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!