=== psivaa_ is now known as psivaa-off
=== thumper is now known as thumper-afk
=== thumper-afk is now known as thumper
=== thesheff17_ is now known as thesheff17
=== danley_ is now known as danley
=== yofel_ is now known as yofel
pds_hello guys i'm trying to kickstart a ubuntu server 14.04LTS from a 12.04LTS desktop , i'm using the following tutorial http://digitalsanctum.com/2013/03/22/how-to-setup-a-pxe-server-on-ubuntu/. I wonder how i can use a kickstart file that i host remotely , and if i only need to provide the boot.iso file in nginx08:31
ronator st8:Qk!Lo-W09:01
stemidin 12.04 LTS, latest patches, I am still having a problem with isc-dhcp-server where /var/lib/dhcp/leases* change ownership whenever the service is restarted. or the OS is restarted. when it is owned by root dhcp can't rotate the leases file and it grows uncontrollably.09:18
stemidthis has gone on for many months, I thought it would be patched.09:18
peetaur2you could edit the init.d file to add some chown ... or remove what is there09:19
stemidI did that under start|stop but the last time the OS was restarted not even that helped09:19
stemidI've been forced to setup a nagios alert on the ownership of the leases file. and so far this alert has saved me the last two times the service has restarted or the OS restarted.09:19
peetaur2what is the wrong and right owner?09:20
peetaur2hmm it seems my dhcp server is 10.04 rather than 12.04, and has the user as dhcpd, and the path is /var/lib/dhcp3/dhcpd.leases09:21
peetaur2so good thing I didn't use 12.04 then? ;)09:21
stemid12.04 path is /var/lib/dhcp and dhcpd:dhcpd is correct09:21
stemidI can re-create this bug anytime, just sudo service isc-dhcp-server restart09:22
stemidbut now I have removed the chown from the script09:22
stemidseems to me that the script should be patched upstream by ubuntu09:22
peetaur2does it literally say "chown root" in there?09:23
peetaur2or some variable?09:23
stemidthe script does no chown on its own09:25
stemidI have no idea how this happens09:25
stemiddhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf09:25
stemidobviously root starts it09:25
stemidand then it drops privs09:25
stemidbut why create leases before dropping privs?09:26
stemidand no setgid set on the parent dir09:26
stemidI could setgid on parent dir, chown it to dhcpd09:26
stemidthen all files will be created with dhcpd as owner09:26
peetaur2maybe you could also use ACLs to make sure dhcpd always has access09:28
stemidworkarounds are possible09:28
uvirtbotLaunchpad bug 1186662 in isc-dhcp "isc-dhcp-server fails to renew lease file" [Undecided,Triaged]09:29
stemidI should post there though09:29
stemidaha it's apparmor09:29
peetaur2since when does apparmor chown things?09:29
stemidit can prevent chown09:29
stemidby the dhcpd process09:30
peetaur2can't you just modify the apparmor profile so it is allowed to chown and have full control of the file?09:34
stemidpeetaur2: will check09:34
DarkStar1Hi all I have a SSL question regarding a domain "catch-all" certificate12:09
ronatoryou must have too much money ;-)12:10
DarkStar1if I need to reuse the certificate on another server bearing the domain name how can I? As I understand it the key that I used to generate the csr upon which the cert was created is for that server only12:11
DarkStar1ronator: not me. someone who's got the cert and wants me to install it for them on another server12:11
DarkStar1but I am poor and damn near desolate12:12
ronatorcatch-all certificate would mean you can have *.yourdomain.com - "normally" that is done on one machine with several virtual hosts. not sure If I understood your Q12:14
ronatordeploy a catch -all cert for different machines ... goood question :D12:14
DarkStar1different machines yes12:15
ronatoryou _could_ do as you said, but it is not recommended12:17
peetaur2of course you can put a cert on many independent machines... all SSL does is validate that a CA cert (eg. in the browser) is the one that signed the server cert, and the browser has no idea which other servers have the same key, and doesn't care.12:20
peetaur2but copies of the private key all around mean more risk if one system is compromised.12:20
patdk-wkthis is what certificate copies are for12:24
patdk-wkmake a the same cert with many different private keys12:24
patdk-wkif one server gets compromised, only that one needs to be revoked12:24
LachezarHello all. I had a problem installing Ubuntu Server yesterday, and it was suggested that I use 10.04 installation disk. It worked. Today I did a release upgrade, and now I have a 12.04 with '3.2.0-65-generic-pae #99-Ubuntu SMP Fri Jul 4 21:17:05 UTC 2014 i686 i686 i386 GNU/Linux' kernel.13:37
LachezarDoes that mean, that my hardware actually has PAE support? Can I do a release upgrade to 14.04 now?>13:37
jrwrenno, it just means your kernel has pae support.13:39
LachezarActually... I have other 12.04 Ubuntu Server machines (two), that show no available release upgrade... Is that correct?13:39
jrwrengrep --color pae /proc/cpuinfo   # to see if your CPU supports PAE13:39
Lachezarjrwren: Ahha! cpuinfo flags has 'pae'. So that might not be the reason why 14.04 Server CD hangs on language selection (upon boot, not when installing!0.13:41
jrwrenwhy not run 64bit?13:42
Lachezarjrwren: Old hardware: Intel(R) Celeron(R) CPU 2.53GHz, low memory: 1G13:45
=== Smark[Gone] is now known as Smark
=== sforshee` is now known as sforshee
=== RobertLaptop_ is now known as RobertLaptop
=== whaley_ is now known as whaley
=== SierraRazgriz is now known as SierraAR
=== acrocity_ is now known as acrocity
=== rmk` is now known as rmk
=== daker_ is now known as daker
jrwrenoh. you don't need a pae kernel at all.13:50
=== jeremy_carroll__ is now known as jeremy_carroll_
Lachezarjrwren: I don't need PAE, but it seems I have no choice (apart from recompiling my own).14:00
=== ming is now known as Guest98993
leotrhello. I have one (only one) server with 6 HDDs and 64 Gb ram. I want to setup MAAS on it and then use juju for administering it. Is it possible?14:50
leotri mean is it true that one server is enough for that14:50
jrwrenyes, its true.14:53
leotrshould i download ubuntu for cloud cd in this case?14:55
leotr*ubuntu server for cloud14:55
Xbertare aa-logprof and aa-genprof broken in 14.04?15:12
peetaur2Xbert: I haven't tried them but heard yes they are15:20
=== SpamapS_ is now known as SpamapS
peetaur2Xbert: #apparmor is on the irc.oftc.net network, maybe they know a fix15:21
tyhicksXbert: hi - they're not in great shape in 14.0415:21
Xbertpeetaur2, its seem that way from my experience too, pfft nice for a LTS15:22
peetaur2Xbert: someone once said that the LTS releases are not officially LTS until some point .. maybe that's the key to stability15:22
tyhicksXbert: we've got fixes for a majority of the bugs in the upstream code repo, but no one has yet had a chance to SRU them to 14.0415:22
peetaur2and it makes obvious sense since any release in general is the same15:23
Xbertthey bragged out having apparmor only a few years ago, now they let is die15:23
tyhicksit's not dying15:23
tyhicksthe tools were rewritten in python (from perl)15:24
tyhicksand the rewrite introduced a number of bugs15:24
Xbert14.04 is tested for months, apparmor is in based install and it been months since 14.04 release, i would expect it to work15:24
tyhicksit was unfortunate that the upstream rewrite happened prior to 14.0415:24
Xbertfor me it completely broken15:24
peetaur2ah cool, python is probably an improvement15:25
peetaur2but now we're beta testing ;)15:25
tyhicksXbert: filing bugs is a big help15:25
peetaur2can you simply install the old apparmor tools from the old repo?15:25
Xberti thought the problem with me doing an in place upgrade, i just did a fresh install and its the same15:25
tyhickspeetaur2: yes, that should be fine15:25
peetaur2on non-beta testing servers of course ;)15:25
Xbertthe bug has been reported 3 times already15:25
Xbertlast back in may15:26
tyhicksXbert: what's the bug number?15:26
uvirtbotLaunchpad bug 1319830 in apparmor "aa-logprof will scan forever on Ubuntu 14.04 server (dup-of: 1307665)" [Undecided,New]15:27
uvirtbotLaunchpad bug 1307665 in apparmor "signal entries in audit.log send aa-logprof in infinite loop" [Medium,Fix committed]15:27
Xbertand https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/131982915:28
uvirtbotLaunchpad bug 1319829 in apparmor "aa-genprof will crash when select scan on Ubuntu 14.04 server" [Undecided,Confirmed]15:28
tyhicksXbert: we've got upstream fixes for those issues, now we need to go through the SRU process to update the package in 14.0415:29
Xberthow do i do that?15:29
tyhicksXbert: How do you do an SRU?15:30
lordievaderGood evening.15:30
Xberttyhicks, yes, i don't know what you mean15:30
tyhicksXbert: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure15:31
tyhicksXbert: it is quite involved, you're probably better off temporarily downgrading to the 13.10 package and waiting for us (Ubuntu Security) to do the SRU15:32
Xberttyhicks, ok i give that a go, thanks15:34
tyhicksXbert: sorry for the trouble :/15:34
=== paralle21_ is now known as parallel21
ndfis there a way to temporarily turn off kernel messages about I/O errors on a (usb)disk? [/dev/sdb]16:50
rarayis there a protocol/program for accelerated file transfer over the internet?17:33
rarayI want to transfer files from my server17:33
rarayFile transfer via ssh is very slow for some reason.17:33
rarayFTP over tls is ok, but only as fast as 1 tcp connection17:33
rarayis there a protocol/program using multiple connections or udp?17:33
K4kCan anyone think of any weirdness I might run in to if I rename GID 27 from "sudo" back to "wheel"?17:38
rbasakraray: TCP should scale to the available bandwidth. Even one connection. If it doesn't, you have a connection or TCP stack problem.17:39
rarayrbasak: the problem is my connection is over a shared medium17:40
rarayif i use 2 tcp connections it will be almost 2x as fast.17:40
rbasakraray: http://lartc.org/lartc.html has instructions to help you manage bandwidth and prioritise traffic17:42
rarayPriorize traffic? It's over the internet...17:44
rarayAnd the utilization on both devices is quite low17:45
raraythe problem is the ISP seems to be overselling the cables.17:45
raraythat means I can not priorize anything17:46
rbasakIf the ISP aren't stupid, then they'll be doing bandwidth management so each customer gets an equal amount of bandwidth under contention17:47
rarayrbasak: fact1 1: I have a quite slow connection at home. fact 2: if i use 2 tcp connections it is almost 2x as fast fact 3: I recently was in a fast wifi with my laptop and got 50mbits over 1 tcp connection to that same server17:51
rarayinstead of 1mbit17:51
rarayso the devices on both ends can't really be the problem17:52
sarnoldraray: wow. sounds like a stupid ISP17:53
sarnoldraray: you could probably use split to split a file into chunks then use multiple scp or multiple rsync connections to transfer the pieces, then re-assemble them on the far side17:54
sarnoldraray: the more you abuse it the more likely it is your isp will figure out how to rate limit per customer rather than per connection, which would doubltess be an improvement for nearly everyone :)17:54
raraysarnold: thats what I'm thinking17:55
raraysarnold: i already did the splitting and reassembling manually. The transfer was faster, but too much manual effort17:56
leotrhello. I have server with raid controller, 2 processors, 64 gb of ram. I want to use it for creating virtual machines for experiments. I would like to be able to use juju for fast vm creation and software deployment and so on... as i understand MAAS  is not  what I might want18:20
leotrcould you suggest me something for my task? what is the best option18:21
sarnoldleotr: you could use the juju-local provider to spin up LXC containers; it isn't VMs, so it won't be perfectly like using a cloud provider.. you could also manually create a pile of VMs and then use the manual provider...18:25
sarnoldleotr: see https://juju.ubuntu.com/docs/config-manual.html and https://juju.ubuntu.com/docs/config-local.html18:26
=== lifeless1 is now known as lifeless
=== DalekSec_ is now known as DalekSec
=== krtaylor is now known as krtaylor_away
zartooshHI how could I have boot.log timestamped?20:41
=== NomadJim_ is now known as NomadJim
zmbmartinI am using ghostscript to compress pdfs. On my OSX machine the compressed pdf looks identical to the full pdf. In ubuntu the compressed pdf is missing some patterns and fills from the full pdf.21:09
zmbmartinSo if I run the full pdf through gs on OSX it outputs the same just compressed. But when I run the full pdf through gs on my ubuntu-server the file is compressed but patterns and fills are missing.21:10
=== ajmitch_ is now known as ajmitch
dustinspringmananyone around familiar with routing via VPN?22:50
billy_ran_awayWhy does the ldap package break my current ldap install so often?!?!22:51
billy_ran_awayAlso why can't I remember the password to my local account?!?!22:51
dustinspringmanso... i've got the tunnels up. The ubuntu-server can ping all the LANs, but I cannot route between LANS for some reason.. I think its related to IPTables, but the instructions I see online seem to imply that I'm an IPTables expert.. not the case.. thoughts on a good resource/walk-thru?23:03
sarnolddustinspringman: did you set e.g. /proc/sys/net/ipv4/conf/all/forwarding23:05
dustinspringmansarnold: I believe so, but I will double check, doing it now..23:05
billy_ran_awayanyone know how to pick up a currently running process?23:07
billy_ran_awayI ssh'ed in to my network server, ran screen. Then from there I ssh'ed in to another machine and kicked off a long running process.23:07
sarnoldbilly_ran_away: I normally used screen -RAD when reattaching screen sessions23:08
billy_ran_awaysarnold: I upgraded ldap on ubuntu and have since locked myself out of that machine...23:09
billy_ran_awaysarnold: But I still see the processes running on my local desktop...23:09
billy_ran_away➜  ~  ps -ef | grep -i heroku23:09
billy_ran_away  501 53623 53416   0  2:50PM ttys004    0:05.92 ruby /usr/local/Cellar/heroku-toolbelt/2.34.0/libexec/bin/heroku run console23:09
billy_ran_awayi'd like to just pick up the output of that heroku run console23:12
sarnoldbilly_ran_away: you can't really pick it up without re-attaching to that screen session23:14
billy_ran_awaysarnold: yea that was what I was afraid of23:14
billy_ran_awaysarnold: I can ssh in to my local user on my server that has the still running screen session with my ssh keys23:15
billy_ran_awaysarnold: but I can't remember that password so I can't sudo anything...23:15
dustinspringmansarnold: when I cat /proc/sys/net/ipv4/conf/all/forwarding I get 0 as a response... Do I change that to a 1?23:17
billy_ran_awayI hate ldap upgrades! I mean sure it's happened before to me when upgrading major versions of ubuntu, but the package maintainers wouldn't be so mean as to break compatibility between minor versions of that one package, or so I thought...23:17
sarnolddustinspringman: yeah, if you want to be a router :)23:18
sarnoldbilly_ran_away: argh. that's annoying :)23:18
dustinspringmansarnold: done, gonna test to some remote sites23:18
billy_ran_awaythanks for listening sarnold!23:19
billy_ran_awayi'm just going to wait for these processes to finish and then reboot the server in to single user mode23:19
billy_ran_awayit's just those long running processes were for work and I was asked about the progress of them and now I look like an idiot who locked himself out or I lie23:20
=== krtaylor_away is now known as krtaylor
sarnoldbilly_ran_away: heh, I used to keep a 'toor' account around for those kinds of issues.. haven't done that in a while though23:29
dustinspringmansarnold: I owe you a beer! that got me working! Thanks so much!23:30
sarnolddustinspringman: nice :D have fun!23:31
billy_ran_awaysarnold: Yea I have an lbill account, which has my ssh keys in it23:32
billy_ran_awaybut alas i forgot that password23:32

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!