[11:21] <caribou> hallyn: did someone report issues with dnsmasq spinning up at 100% CPU on Trusty ?
[11:21] <caribou> hallyn: the dsnmasq processes started by libvirt-bin btw
[11:48] <bobharry> Can someone help me with this issue with mysql not installing correctly http://paste.ubuntu.com/7594137/
[12:03] <bobharry> Can someone help me with this issue with mysql not installing correctly http://paste.ubuntu.com/7594137/
[12:08] <bobharry> Can someone help me with this issue with mysql not installing correctly http://paste.ubuntu.com/7594137/
[12:36] <bobharry> Can someone help me with this issue with mysql not installing correctly http://paste.ubuntu.com/7594137/
[12:37] <cfhowlett> bobharry ask the ##liinux channel
[12:39] <bobharry> Urgh everyone keeps directing me xD
[12:48] <zetheroo> for a while now we have been looking to replace out Windows 2003 server with something open source, and we were looking at Zentyal lately, but are now looking to other options - so I am wondering if Ubuntu Server is able to do what Zentyal does - we are looking primarily for replacement of AD
[13:02] <f0x_> Dear all, i have a question about Ubuntu MAAS this is the right section ?
[13:05] <rbasak> f0x_: #maas is probably best, but here would also be fine. The MAAS devs follow #maas more closely though.
[13:06] <rbasak> zetheroo: Zentyal is based on Ubuntu AFAIK. We have Zentyal packages that the Zentyal guys pushed a couple of cycles ago. I'm not sure of current status, so probably best to check with them.
[13:07] <zetheroo> rbasak: right, but without Zentyal packages can Ubuntu Server do the same things more or less?
[13:07] <rbasak> zetheroo: as far as I'm aware, yes. The point of Zentyal is to make it easy. That's AFAIK - I have no direct experience.
[13:07] <zetheroo> rbasak: ok
[13:08] <rbasak> It's rare to see AD/Samba questions on this channel though.
[13:08] <rbasak> You're welcome here if you're using Ubuntu Server to do it of course, but you may have issues getting help without clubbing together with the guys working on the stuff all the time.
[13:08] <zetheroo> does that mean nobody is really doing this?
[13:08] <rbasak> I used to do this kind of thing for a living. With samba. I wasn't on IRC much at that time though.
[13:08] <rbasak> So there probably are, but I don't know of a good rallying point.
[13:09] <zetheroo> I see
[13:10] <rbasak> zetheroo: https://wiki.ubuntu.com/Enterprise might be of help.
[13:10] <rbasak> I see recent and relevant-looking threads on https://lists.launchpad.net/enterprise-ubuntu/
[13:10] <rbasak> So https://launchpad.net/~enterprise-ubuntu
[13:10] <f0x_> Thanks for replay, my question is verry simple, at my work i have serveral PCS's, and my objective is to use all these PCS's to process some data at night, and i need a MAAS server that boot all machines on a LIVE Ubuntu, it is possible ?
[13:11] <rbasak> That's not what MAAS is really meant for. You might be able to hack it, but it might be easier to just do it by hand - it's quite far off the main MAAS use case.
[13:13] <f0x_> Ok, mass is designed to install OS's no ?
[13:13] <cfhowlett> rbasak I am NOT a sysadmin and have no experience but wouldnt the LTSP method that edubuntu be the right solution in his case?
[13:14] <rbasak> f0x_: it's designed to give you a cloud-like API with OS installation happening in the background as needed. So MAAS owns your workstation's hard drives. OTOH you can hack it, eg. in commissioning mode it runs on an ephemeral image without touching the disk.
[13:15] <rbasak> f0x_: however, you're departing from the use case, so you'll need to be able to grok the code and hack it yourself really. If you aren't comfortable doing that directly yourself I'd avoid it.
[13:15] <rbasak> cfhowlett: I'm unfamiliar with that, but that sounds like a good avenue to investigate. LTSP-style seems like a better fit to me if the goal is to not take over the machine's disk.
[13:16] <cfhowlett> !ltsp
[13:16] <f0x_> Thanks for the quick answers, so its better for me to manualy create a PXE infrastructure than hacking MAAS ?
[13:16] <rbasak> f0x_: I'd say it's an either way thing, but to hack MAAS you'll need to understand PXE *and* what MAAS already tries to do for you.
[13:16] <rbasak> I'm not sure you'll get much benefit from it.
[13:17] <f0x_> The problem is that we need an infrastructure as i describbed, and don't know what is the faster and easyest way to do that
[13:18] <f0x_> DO you have a suggestion for me ?
[13:32] <rbasak> f0x_: maybe LTSP is your best bet. Failing that I think you'll either need to do a ton of research and experimentation or bring someone in.
[13:32] <jrwren> f0x_: imo manually craeteing a PXE is not much more difficult than either of those 2 things.
[13:33] <rbasak> I could do it too myself, no problem. I just wonder how hard it is for someone unfamiliar with all the pieces
[13:34] <rbasak> I can imagine myself spending a week figuring it out if I didn't know about it already
[13:34] <ndee_> hey guys, how do you get around long fsck times when you reboot a server which uses ext3 as a file-system?
[13:35] <rbasak> ndee_: are you sure you're using ext3? It's the same as ext2 but with a journal, and one of the benefits is that you get fast recovery. So are you sure you have a journal?
[13:36] <jrwren> ndee_: we use XFS instead. sorry, that isn't a good answer :(
[13:36] <rbasak> ndee_: Oh, or are you talking about scheduled checks? You can tune the frequency of those with tune2fs.
[13:36] <ndee_> jup, in the /etc/fstab, the "type" is ext3.
[13:37] <ndee_> rbasak I rebooted a production server and it told me after 377 days, there should be a fsck and it took longer than 30 minutes, so I had to cancel it since it was a production server
[13:37] <rbasak> ndee_: right, OK. Yeah, use tune2fs to adjust that.
[13:37] <rbasak> Or turn it entirely off if you want.
[13:37] <rbasak> You can also use tune2fs to detect if there will be a check on next reboot.
[13:38] <rbasak> Create a monitoring check for that status, schedule downtime, etc :)
[13:48] <ndee_> rbasak: guess that's the way to go ;)
[13:53] <tych0> hi rbasak, did you see https://code.launchpad.net/~tycho-s/uvtool/no-start/+merge/222049 ?
[13:56] <rbasak> tych0: yes. Sorry I've not looked at it yet. Sounds absolutely fine to me.
[13:57]  * rbasak needs to find some time to work on all the outstanding uvtool stuff :-/
[13:57] <rbasak> There's a progress bar MP as well
[13:57] <tych0> rbasak: ok, no worries
[13:58] <tych0> just wanted to make sure you saw it
[13:58] <tych0> and it didn't get buried in some set of launchpad emails :-)
[13:59] <tomdickharry> hey folks I purged maria db 10 and added maria 5.5 to apt list
[14:00] <tomdickharry> now when I run apt-get install I get  Errors were encountered while processing:  /var/cache/apt/archives/mariadb-server-5.5_5.5.37+maria-1~trusty_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
[14:00] <tomdickharry> any ideas how to fix it?
[14:01] <rbasak> tomdickharry: try clearing out /var/lib/mysql. There's no migration path for the actual database I don't think.
[14:02] <EzeQL> Anyone working with sublimetext3 and ubuntu 14.04?
[14:20] <kotedo`> Hi guys!  I am trying to figure out how I can see the compiler flags for openssl
[14:30] <rbasak> kotedo`: https://launchpad.net/~ubuntu-security/+archive/ppa/+build/6062683 and click on buildlog
[14:30] <rbasak> kotedo`: you can get there from https://launchpad.net/ubuntu/+source/openssl if you click through the version and architecture
[14:32] <kotedo> rbasak: Fantastic!  Thank you so much!
[14:34] <tomdickharry>  rbasak u mean delete /var/lib/mysql ?
[14:35] <kotedo> rbasak: Maybe I am not seeing it ... Where do I see the compilerflags per OpenSSL build?
[14:36] <rbasak> kotedo: well, you can see each compiler call line, with flags included
[14:36] <tomdickharry> in makefile?
[14:36] <rbasak> That's everything it was actually built with, as opposed to what any build component tried to do.
[14:39] <hallyn> caribou: hi, it rings a bell, but offhand i' not sure.  actually i think there are bugs about *any* dnsmasq taking 100% cpu
[14:40] <caribou> hallyn: that was my suspicion. I'm getting this rather often these days; I'll try to look into it
[14:41] <tomdickharry> rbasak: working
[14:41] <tomdickharry> cheers
[14:42] <hallyn> caribou: i gues i was thinking bug 1314697
[14:42] <hallyn> except that was on utopic only
[14:42] <hallyn> so best to file a new bug :)
[14:42] <caribou> hallyn: I started to get this soon after trusty release
[14:43] <hallyn> hm, i've been running utopic until yesterday afternoon (downgraded to trusty temporarily bc utopic was unusably unstable)
[14:45] <caribou> hallyn: ok will look into this; I'm hitting this almost daily
[16:12] <hallyn> zul: yo
[16:13] <zul> hallyn:  whats up
[16:13] <hallyn> zul: ppl need bug 1321365 fixed.  if you're not ready with the 1.2.5 for me to test (last i checked it was ftbfs) i will go ahead and push a fix on the current version
[16:13] <hallyn> (see the dup)
[16:14] <hallyn> it's a 2 line change, no biggie, i don't mind doing it on the old version,
[16:14] <zul> hallyn:  lemme do one more build and upload to the ppa,
[16:14] <zul> hallyn:  sorry i got sidetracked
[16:14] <hallyn> ok, and you ahve the fix for 1321365 in there?
[16:15] <dw1> http://www.openssl.org/news/secadv_20140605.txt
[16:15] <hallyn> i'll prep my tester
[16:15] <hallyn> dw1: yeah seeing that posted in every irc channel just about :)
[16:15] <dw1> hallyn: ahh good :)
[16:15] <hallyn> dw1: presumably #ubuntu-hardened is all over it
[16:16] <dw1> cool a security team :)
[16:16] <hallyn> a security blanket
[16:16] <dw1> haha
[16:16]  * dw1 goes back to sleep
[16:18] <zul> hallyn:  just added it
[16:18] <hallyn> thx
[16:24] <jdstrand> dw1: http://www.ubuntu.com/usn/usn-2232-1/
[16:25] <dw1> ah-mazin' great work
[16:25] <zul> hallyn:  doing a testbuild first
[17:04] <zul> hallyn:  still failing for me can you upload the apparmor fix to the one that is in the archive now?
[17:04] <hallyn> zul: will do
[17:05] <hallyn> zul: i'm surprised though.  it built for me locally the other day with ebtables installed
[17:08] <hallyn> (pushed)
[18:51] <RoyK> https://lists.debian.org/debian-security-announce/2014/msg00129.html how fun
[18:53] <pmatulis> yep
[18:54] <qman> Yeah, been patching servers all morning
[18:54] <qman> No squeeze patch (yet?)
[18:54] <RoyK> perhaps someone should hire a bunch of programmers to do a code review of openssl :P
[18:54] <RoyK> or a rewrite :P
[18:55] <RoyK> OpenSSL (...) is a catastrophe waiting to happen.  In fact, the only thing that prevents attackers from  exploiting problems more actively, is that the source code is fundamentally unreadable and  impenetrable. -- Poul-Henning Kamp, 2010
[18:55] <pmatulis> RoyK: OpenBSD is re-writing
[18:55] <RoyK> pmatulis: nice - got a link to that project?
[18:55] <RoyK> (not openbsd)
[18:55] <pmatulis> RoyK: not handy no
[18:55] <qman> http://www.libressl.org/
[18:55] <pmatulis> ah yeah, that's the one
[18:55] <RoyK> google knows
[18:56] <RoyK> http://beta.slashdot.org/story/200775
[18:56] <RoyK>  At the moment we are too busy deleting and rewriting code to make a decent web page. No we don't want help making web pages, thank you.
[18:56] <RoyK> lol
[18:57] <willwhite> Anyone else seeing "Hash Sum mismatch" when running `apt-get update` on new instances booted from 14.04 instance-store AMI in us-east-1 (ami-3adb2f52) ?
[18:58] <qman> Also, no 12.04 libssl0.9.8 patch
[18:58] <qman> Only libssl1.0.0
[18:59] <RoyK> The NSA Is Behind This (tm)
[18:59] <RoyK> :)
[19:00] <sarnold> heh, I bet the libressl guys are feeling pretty cocky about dropping dtls support..
[19:04] <RoyK> erm. why?
[19:13] <sarnold> RoyK: at least two of the CVEs in today's pile were DTLS-specific
[19:18] <RoyK> ah
[19:41] <mdeslaur> sarnold: when did they drop dtls support?
[19:47] <axisys> lsof | grep tls shows every sshd process has /usr/lib/x86_64-linux-gnu/libgnutls.so.26.21.8 .. anyone else seeing it on 12.04 lts ?
[19:47] <sarnold> mdeslaur: drat, the freshbsd site with the commits is down and I can't find what I was thinking of on opensslrampage.org. I must have been wrong but I'd love to know what I was thinking of.
[19:47] <mdeslaur> sarnold: you were thinking of heartbeats
[19:47] <mdeslaur> all the issues were present in the libressl code base when I checked this morning
[19:47] <sarnold> mdeslaur: I thought it was something Big that someone would care about..
[20:08] <axisys> any idea why sshd process maps has gnutls library in 12.04 tls ? did not find much in google
[22:03] <sudormrf> hey guys, I am trying to understand repos a bit better.  I am working on testing something with a group of people.  one person synced a file to a repo, but the repo is not pingable or browseable so I think it won't work at all until he does something on his end...correct?
[22:03] <sudormrf> stupid question, I suppose, but I am second guessing myself
[23:03] <TheEmpath> hi.. having a really, really hard time setting up a local DNS server.  IS there anything that simplifies the process?
[23:04] <sudormrf> TheEmpath, in short, nothing I have found does.
[23:04] <sudormrf> I have been working on a bind9/dhcpd setup for a couple of weeks now (mostly in my down time).
[23:04] <sudormrf> what is the problem you are having with bind?
[23:04] <TheEmpath> im currently using bind9 right now
[23:04] <TheEmpath> but only one machine on my LAN sees it
[23:05] <sudormrf> so your other clients aren't getting the nameserver info?
[23:05] <TheEmpath> meaning, the bind9 serever is setup to "map" someLocalName.net to an IP
[23:05] <sudormrf> ok
[23:05] <TheEmpath> and one machine on my server can type someLocalName.net and it sees it
[23:05] <TheEmpath> but all other machines cannot
[23:05] <sudormrf> this could be a DHCP issue and not a DNS issue
[23:05] <sudormrf> have you setup isc-dhcp-server? or is DHCP being handled by something else?
[23:06] <TheEmpath> ahhh
[23:06] <TheEmpath> so i have a router that handles the DHCP
[23:06] <sudormrf> TheEmpath, because I have been fighting with the exact same issues.
[23:06] <sudormrf> ok, so in the router have you told the router to use your DNS server as the primary DNS server?
[23:06] <TheEmpath> lol @ your name btw
[23:06] <sudormrf> :)
[23:06] <TheEmpath> correct
[23:06] <TheEmpath> router knows to look at the bind9 server
[23:06] <sudormrf> also, have you set the FQDN in the router?
[23:06] <TheEmpath> i think i have
[23:07] <TheEmpath> how do i confirm?
[23:07] <sudormrf> what kind of router?
[23:07] <TheEmpath> consumer
[23:07] <sudormrf> lol I mean make/model :)
[23:07] <TheEmpath> dunno why that matters :O
[23:08] <sudormrf> TheEmpath, because you asked me how you check if you set the FQDN
[23:08] <sudormrf> it will be in different places on every router
[23:08] <TheEmpath> i know i wont be able to set such things on the router
[23:08] <sudormrf> and/or your router may not support it
[23:08] <TheEmpath> i have a dynamic dns pointing to my static IP however
[23:09] <TheEmpath> and that works fine
[23:09] <sudormrf> well as I understand it DHCP is what hands out the FQDN and the DNS server info to clients.  your clients are only querying the DNS server when looking up addresses (be they local or remote, you may have a forwarder setup).  the A records are created in BIND so that you can lookup something by hostname without fail, if I am not mistaken
[23:10] <sudormrf> and the PTR records are created as a reverse lookup method
[23:10] <TheEmpath> right.  i've setup the named.conf.options for that
[23:10] <TheEmpath> with the rev and the domain name im using
[23:12] <sudormrf> TheEmpath, aye, so what I am saying is that I would verify that your DHCP setup is working correctly
[23:12] <sudormrf> verify that the router knows to tell the clients where to look for DNS
[23:13] <TheEmpath> hrmmm
[23:13] <TheEmpath> it is true that the one machine that can access the DNS server is a static ip
[23:13] <TheEmpath> and hte one that cannot is DHCP
[23:14] <TheEmpath> but when i look at the DHCPed client... its networking configuration is correct
[23:14] <TheEmpath> the right ip range, the right gateway, netmask
[23:14] <TheEmpath> but you are saying an A record might be buggy?
[23:14] <TheEmpath> hrmm
[23:14] <TheEmpath> i did restart the DNS server
[23:14] <TheEmpath> that means i need to restart the client too
[23:14] <TheEmpath> lemme try that
[23:14] <sudormrf> k
[23:21] <TheEmpath> huzzah, good call sir :D
[23:23] <sudormrf> fixed?
[23:51] <TheEmpath> fixed :D
[23:51] <TheEmpath> now my VPN doesn't work, but thats a whoel other beast