/srv/irclogs.ubuntu.com/2014/07/15/#ubuntu-server.txt

axiom	question, I'm new to linux, been off and on with the desktop, with that being said. I want to fully move away from windows. I have a desktop pc that I dont use and want to install ubuntu server on it. My primary focus on it as of right now is setting it up to do backups of my labtop and possibly external hd. What all area's of a server system should I start and focus on?	01:44
sarnold	axiom: I'd give a quick read to the server guide: https://help.ubuntu.com/14.04/serverguide/	01:45
sarnold	axiom: feel free to skip things that don't make sense (and skip DM-multipath entirely)	01:45
sarnold	hopefully you'll find interesting things to do with it :)	01:45
axiom	I'm also new to irc, not sure how u replied in red but ty for the link. hopefully that will help get me going. Would u recommend backup software or a cron script for it?	01:48
sarnold	axiom: I just typed your name in the front of the line :) -- most irc clients will highlight whatever lines have the nickname in it..	01:49
sarnold	axiom: .. and to type 'axiom' it's even easier than that, I just type 'ax<tab>' and my client fills in the rest -- yours probably does too	01:50
axiom	sarnold, lol that it does. learn something new every day :)	01:51
sarnold	axiom: I use rsnapshot for backups; there's a lot of choices for backups, it's hard finding the "right" one to use..	01:51
Patrickdk	but dm-multipath is nice :)	01:51
Patrickdk	works good for my dual ported disks :)	01:51
sarnold	axiom: bacula, amanda, rsnapshot, dejadup, duplicity, etc. etc. etc. you can go crazy trying to compare them all.	01:52
Patrickdk	wait? all you want is to backup your laptop to it?	01:52
axiom	sarnold, I have a book on backup and restore, and they talk about bacula, ntbackup, tar, dd, amanda,	01:52
sarnold	Patrickdk: hehe yeah, I had a fun two days reading the dm-multipath docs before coming to terms with the fact that I just can't afford that kind of hardware	01:52
Patrickdk	simple to just use the build in backup in ubuntu to other server ssh account :)	01:53
Patrickdk	sarnold, heh	01:53
sarnold	axiom: tar and dd are fantastic tools but you wouldn't want to start there for a full backup system :)	01:53
axiom	Patrickdk, thats just a start to get me working with the server side. eventually i'm going to build a rackmout to host vm's firewall and other things	01:54
Patrickdk	ya, tar/dd aren't really for backups, unless your doing offline backups	01:54
sarnold	Patrickdk: though I did get to wondering about some sata<-> sas interposers I've heard about... would they increase reliability by adding new lanes? or decrease reliability because HOLY COW SATA WASN"T MEANT FOR THAT!! :)	01:54
Patrickdk	sarnold, depends on how you use it :)	01:54
Patrickdk	you must only use one lane at a time, normally with those	01:54
Patrickdk	they increase reliability, due to path failure (cable/hba/...)	01:55
Patrickdk	not due to disk failure	01:55
Patrickdk	and your still limited to 1/4th the bandwidth sas would have	01:55
sarnold	not 1/2?	01:55
Patrickdk	nope	01:55
sarnold	cripes	01:55
Patrickdk	two ports, bi-directional	01:55
Patrickdk	sata is half duplex	01:56
sarnold	omg how am I just now learning that?	01:56
Patrickdk	though I will say, most sas systems don't use both ports at once	01:56
Patrickdk	I'm doing a loadbalancing thing	01:56
sarnold	sigh I wish you were close enough to answer my stupid questions over beers or something. :)	01:56
Patrickdk	do keep down cache clutter on the disks :)	01:56
Patrickdk	it switches sas path's every other 1MB of disk space	01:56
sarnold	wow, why so fast?	01:57
Patrickdk	hmm?	01:57
Patrickdk	I have the extra wires, why not make them do something more than failover	01:57
sarnold	isn't that switching some 20-30 times per second?	01:57
Patrickdk	no, no	01:57
Patrickdk	the disk appears as two disks	01:58
Patrickdk	cause of the two ports	01:58
sarnold	boggle	01:58
Patrickdk	for odd megs, I read/write using port 1, and evens on port 2	01:58
Patrickdk	do double speed, and better latency	01:58
Patrickdk	the issue normally with using both ports randomly	01:59
FFForever2	How do I solve ingoring unknown interface eth0=eth0 when trying to configure a static IP after installation without networking? I added it the debian way in /etc/network/interfaces (with auto eth0)	01:59
Patrickdk	is they have a habbit of flushing cache when you access the same place on both ports	01:59
Patrickdk	and that happens suprisingly often	01:59
sarnold	Patrickdk: oh! I could see that.	02:00
sarnold	FFForever2: can you pastebin your /etc/network/interfaces file?	02:00
sarnold	Patrickdk: at least, if I were a drive firmware author, I'd be sorely tempted to do the same :)	02:00
sarnold	Patrickdk: how do those drives show up if they look like two drives? how do you add them to your pools?	02:01
Patrickdk	really though, I normally use linux multipath for iscsi/fc	02:01
Patrickdk	and do most of my sas multipath on solaris	02:01
sarnold	ahhhhhh	02:01
Patrickdk	they show up as two disks	02:01
Patrickdk	you use dm-multipath to join them into a single disk (based on wwn)	02:01
FFForever2	sarnold, I'm an idiot. I had to save locally and cp it as I forgot to sudo vi. I copied it to /etc/interfaces... whoops. Fixed. Sorry to waste your guy's time.	02:01
Patrickdk	then add the dm-multipath devices to your pool	02:02
sarnold	FFForever2: success :)	02:02
sarnold	Patrickdk: cool :) so.... would those interposers fit into a standard disk chassis? or do they only work for desktop-style systems with loads of clearance behind the drives?	02:03
Patrickdk	both, depending	02:03
Patrickdk	like dell, their trays have two mounting options	02:04
Patrickdk	sas and sata	02:04
Patrickdk	the sata is where you mount a sata with interposer	02:04
Patrickdk	and sas if you don't use the interposer	02:04
Patrickdk	so it will depend on your chassis	02:04
FFForever2	I added two nameserver entries for 8.8.8.8/8.8.4.4 to /etc/resolv but I still can't ping google.com. I can ping both of the addresses though.	02:05
sarnold	FFForever2: resolv or resolv.conf?	02:06
FFForever2	sarnold, I need coffee and fast.	02:07
sarnold	FFForever2 :) might be good to go take care of that before much more typing, hehe	02:08
Patrickdk	sarnold, just setup iscsi :)	02:11
Patrickdk	that is the most simple solution to playing with dm-multipath	02:11
sarnold	Patrickdk: well, the box I hope to build -would- make a nice iscsi target	02:12
sarnold	Patrickdk: and i'd given up on mutlipath on that both but now you've got me wondering again :)	02:12
Patrickdk	it's fun to play with :)	02:12
Patrickdk	multipath wins over lacp any day :)	02:13
sarnold	Patrickdk: oooooo	02:13
Patrickdk	well, lacp caps you at the max speed of a single one	02:14
Patrickdk	sure you could make like 8 connections, but no guarrentee they will load up evenly	02:14
Patrickdk	multipath makes one per path, and depending on how you want to use them, loads them all up evenly	02:15
Patrickdk	and just stops using broken ones as needed	02:15
Patrickdk	goes through ip addresses quicker though	02:15
sarnold	Patrickdk: does the linux iscsi stuff work well enough with multipath? or is that another case where you'd rather use illumos / solaris?	02:16
Patrickdk	I haven't attempted it as a server	02:16
Patrickdk	but shouldn't matter much	02:16
Patrickdk	for client side, on linux it's much simpler, as it's just normal iscsi clients and normal dm-multipath	02:17
Patrickdk	but for iscsi target, it would matter	02:17
Patrickdk	I would be suprised though, if it fell apart on you, as it should be a normal usecase for esxi	02:18
axiom_1	that was a pain trying to register a nickname lol	02:18
sarnold	axiom_1: yes :)	02:18
axiom_1	should I set the server to install security updates automatically or whats best for a sys admin approach?	02:19
Patrickdk	depends on how much you watch it :)	02:19
Patrickdk	do you want it to randomly break on it's own? or only when you break it?	02:19
Patrickdk	that last php security update, cause some breakage	02:20
axiom_1	well i'm always on my computers, i have no life lol. and wanting to get a jump start to my cs career	02:20
Patrickdk	if you don't mine random issues sometimes, I would go for autoupdate	02:20
Patrickdk	as you can be more lazy	02:20
axiom_1	well either way, the logs should be able to tell me what happen, I would hope lol	02:20
Patrickdk	if you do maintain it every week, manual is fine	02:20
axiom_1	guess im going for the manual to learn the hard way :)	02:21
sarnold	well, that's just "apt-get update && apt-get -u dist-upgrade" every day or so :)	02:21
Patrickdk	well, for all updates not just security :)	02:21
Patrickdk	but that is what I do	02:22
Patrickdk	I watch the security bullitens, and run an update on my test machine	02:22
Patrickdk	then I push it out to the others	02:22
Patrickdk	probably why I don't have that apt-cacher-ng multiaccess issue you have sarnold	02:22
Patrickdk	test run is good for something :)	02:23
axiom_1	Patrickdk, ok i know this is going to sound dumb, how do u push it down to your other clients?	02:24
sarnold	Patrickdk: well, I abused the heck out of that poor cacher; a dozen build schroots, a dozen VMs, plus local use. I'd routinely start up a handful of updates at a time just to keep the cache hot :) hehe	02:24
Patrickdk	push it down?	02:26
axiom_1	yea	02:26
sarnold	axiom_1: updates are best pulled on every client machine on their own schedule..	02:26
sarnold	axiom_1: if you've got more than a handful of systems to do updates, you'd want a tool like landscape or puppet or chef or ansible to help you keep track of them all	02:26
Patrickdk	or cluster-ssh, apt-get dist-upgrade :)	02:27
Patrickdk	na, I just have a nice large bash script I use to kick them all off	02:27
Patrickdk	puppet I use, chef, I dunno, I just can't get around that one	02:28
sarnold	heh, understood	02:28
Patrickdk	but I like my bash script :)	02:28
axiom_1	sarnold, ah k, yea i was thinking of a script or some tool like you said.	02:28
axiom_1	yea i can't rap my head around bash or python :(	02:28
Patrickdk	it tells my loadbalancer to take it offline, runs the updates, reboots, then turns it back on the loadbalancer	02:28
Patrickdk	around bash? it's just command line in a file	02:28
Patrickdk	just like dos batch files :)	02:29
axiom_1	I never really messed with dos batch files	02:29
sarnold	except less horrible	02:29
sarnold	Patrickdk: nice; how far apart between your updates?	02:29
Patrickdk	between systems?	02:29
Patrickdk	normally 1 or 2 min	02:29
Patrickdk	it waits for it to come backon, before moving to the next server in the same cluster	02:30
axiom_1	Patrickdk, is this your personal setup or your work environment?	02:30
Patrickdk	both	02:30
sarnold	:)	02:30
axiom_1	nice	02:31
Patrickdk	my personal work enviroment, as I own the company	02:31
axiom_1	what kind of company is that if you don't mind me asking?	02:31
Patrickdk	this one, just webhosting/email	02:31
axiom_1	see, I have no clue how any of that would work lol	02:32
sarnold	axiom_1: apt-get install apache or apt-get install nginx and start fiddling with it :) hehe	02:33
axiom_1	should I let kexec-tool handle reboots?	02:34
FFForever2	How can I figure out why post-up isn't executing?	02:34
FFForever2	(in /etc/network/interfaces for eth0)	02:34
sarnold	axiom_1: email is far more complicated. time was you'd just throw up a mail server, imap server, and call it a day, but modern anti-spam means mail servers need tons of love and care. it's a royal hassle.	02:34
axiom_1	lol i got alot of reading to do. There goes what life I had if any	02:35
Patrickdk	web is the same, as soon as you install your first cgi :)	02:35
sarnold	FFForever2: check exec bits on referenced files, use full paths...	02:35
sarnold	Patrickdk: shudder	02:35
axiom_1	ya'll are going to make my brain explode :)	02:35
sarnold	axiom_1: that's my feeling every time talking with Patrickdk :) hehe	02:36
Patrickdk	heh, my issue is, I like to learn	02:37
Patrickdk	and I must know everything from the base up	02:37
sarnold	nod nod	02:37
axiom_1	my issue is I have a hard time learning	02:37
Patrickdk	just grab some rfc's and have a bathroom break :)	02:37
sarnold	axiom_1: you're here, you're tring things :) that's most of it, right there	02:37
sarnold	dinner time :)	02:37
axiom_1	sarnold, enjoy	02:37
Patrickdk	I've been playing, since I was 8	02:37
Patrickdk	and on linux since well, v1.2	02:38
axiom_1	I started late, I've been off and on with ubuntu desktop. But I finally getting my hands around the desktop portion somewhat. Still having issues with the terminal but I'm sure time will get me there	02:39
Patrickdk	big thing is, don't follow tutorials/blogs	02:39
axiom_1	well damn	02:39
Patrickdk	if something looks ok, make sure you crosscheck it with the manual	02:39
axiom_1	maybe thats why im having issues :)	02:39
Patrickdk	I even apply that to ubuntu serverguide	02:40
axiom_1	Patrickdk, would u recommend kexec-tools to handle reboots or should I do it manually?, the ubuntu server guide doesn't say anything about it.	02:40
Patrickdk	mainly cause the serverguide is normally the bare basics to make it work, not specifically functional	02:41
Patrickdk	I thought kexec was a payed for service	02:41
axiom_1	nope, I just downloaded and installed it	02:41
Patrickdk	so the tools will be useless without the kexec patches you get from that service	02:41
axiom_1	well damn	02:41
Patrickdk	and that would only handle kernel vaunerabilities, and cause it so you don't need to reboot	02:42
Patrickdk	but you still need to install and restart applications	02:42
Patrickdk	s/install/update	02:42
Patrickdk	oh, kexec isn't what I thought it was	02:43
axiom_1	lol	02:43
Patrickdk	it's like solaris fastboot	02:43
axiom_1	oh k	02:43
Patrickdk	it will depend on your hardware and drivers	02:43
Patrickdk	if it works or not	02:43
axiom_1	well i pressed no for it to handle reboots	02:43
axiom_1	I can always play around with it and see how it goes	02:44
axiom_1	it's just a learning comp atm anyways	02:44
Patrickdk	I was thinking of ksplice	02:45
=== jamescarr_ is now known as jamescarr
=== jamescarr_ is now known as jamescarr
=== maxb is now known as Guest41692
sarkis	hey all, i can't get libcurl.a to install on 14.04	03:54
sarkis	anyone know which package provides it? it's apparently not libcurl4-openssl-dev	03:55
=== CripperZ- is now known as cripperz
soren	sarkis: http://packages.ubuntu.com/search?searchon=contents&keywords=libcurl.a&mode=exactfilename&suite=trusty&arch=any	04:31
soren	sarkis: apt-file will also answer that sort of question for you.	04:31
Abhijit	kindly help me with ubuntu preseed issue as described here http://ubuntuforums.org/showthread.php?t=2234480&p=13073762#post13073762	06:27
Abhijit	this is not a cobbler issue.	06:27
Abhijit	its purely preseed + ubuntu issue.	06:27
=== cripperz is now known as CripperZ-
sarnold	Abhijit: are you confident the mini iso supports the preseed files?	06:39
Abhijit	sarnold, i tried with serveriso too. same issue.	06:40
Abhijit	let me try once again to be sure.	06:40
Abhijit	sarnold, same issue with server iso. why does it try to configure network with dhcp? centos never ask me for dhcp. dhcp server is already running and its already assigned the ip to nic of target machine. then why ubuntu again ask me to run dhcp? how can i disable dhcp from kickstart or preseed?	06:50
Abhijit	also i tried both kickstart and preseed file for ubunt. both gives same error.	06:50
sarnold	Abhijit: sorry, I've never used preseed files, no idea why it is failing	06:50
Abhijit	ok	06:50
Abhijit	sarnold, did you used kickstart/	06:50
sarnold	Abhijit: no	06:51
Abhijit	ok.np.	06:51
Abhijit	sarnold, is there any other alternate automating and provisioning softaware which works 100% compatible with ubuntu / debian?	07:09
=== Guest41692 is now known as maxb
see1	hello	08:34
see1	what means this? W: GPG error: http://de.archive.ubuntu.com precise-security Release: Unknown error executing gpgv	08:34
=== CripperZ- is now known as cripperz
=== cripperz is now known as N0DE`
=== N0DE` is now known as CripperZ-
hxm	i have installed the package gitweb and it asked nothing, how can I see what is the url path?	10:53
hxm	ah, found the gitweb.conf	10:53
Chris_hubu	hi guys	10:56
Chris_hubu	has anyone ever used opennebula on ubuntu server here?	10:56
=== stooj_ is now known as stooj
=== SolutionL is now known as Solution-X
=== psivaa is now known as psivaa-off
=== zombu2 is now known as zombu2-km4daj
=== Malediction_ is now known as Malediction
=== kickinz1\|away is now known as kickinz1
MACscr	for a server, is ok to completely disable and possibly remove plymouth? Its a headless system, so i dont see a point in having it	14:31
MACscr	and is the only option for disabling it in grub?	14:32
rberg_	I found that you do need to have plymouth installed or else you break the recovery system	15:01
rberg_	at least on 12.04	15:01
rberg_	eg: if A disk is missing during boot you will be asked "skip or manual recovery" without plymouth installed there is no way to answer that question and the system will wait forever	15:02
qman	Same on 10.04	15:02
qman	Or at least very similar, mine just sat there with a blinking cursor, no messages	15:03
MACscr	that stinks	15:11
qman	Yep, but that's the way it is, just have to put up with plymouth if you want ubuntu to work properly	15:12
rberg_	you can install the txt theme	15:16
MACscr	i see a lot of these i my dmesg output http://pastie.org/pastes/9393758/text?key=asmwxhqvj6h1ksw7wbexqw	15:16
lordievader	Good afternoon.	15:32
RoyK	afternoon	15:39
lordievader	Hey RoyK, how are you?	15:39
RoyK	fine, thanks	15:39
=== lutostag_ is now known as lutostag
=== Solution-X is now known as Solution-X\|AFK
rberg_	"install-keymap us-latin1" "unknown charset unicode - ignoring charset request" what does this mean?	16:09
hxm	how to run a cron every 61 seconds?	16:09
rberg_	crontab to run every min with a sleep 1 ?	16:10
hxm	yes I was thinking that right now	16:11
=== ashleyd is now known as ashd
=== jdowdle is now known as jdowdle\|away
=== jdowdle\|away is now known as jdowdle
=== veebull is now known as veebull_away
=== kickinz1 is now known as kickinz1\|lunch
=== alexisb is now known as alexisb_lunch
=== kickinz1\|lunch is now known as kickinz1
punkgeek	how to encrypting root partition with LUKS?	19:42
=== matsubara is now known as matsubara-afk
pmatulis	punkgeek: use the installer	19:48
punkgeek	ont unstand :D	19:48
pmatulis	hm?	19:48
punkgeek	https://help.ubuntu.com/community/EncryptedFilesystem is it good for me?	19:50
lordievader	punkgeek: The installer will guide you through setting up an luks encrypted install.	19:51
xnox	punkgeek: desktop installer -> full disk encryption is one tickbox + password.	19:52
xnox	punkgeek: in server installer it's change default to encrypted + password.	19:52
punkgeek	???	19:53
lordievader	!ir \| punkgeek	19:54
ubottu	punkgeek: #ubuntu-ir baraye Farsi zabanan mibashad ke channele rasmie goroohe Iran-ie ubuntu ast. #ubuntu-ir برای فارسی زبانان می‌باشد که کانال رسمی گروه ایرانی اوبونتو است.	19:54
lordievader	Might be easier ;)	19:54
punkgeek	its empthy :-"	19:54
ses1984	hi, i'm trying to use php5-imap module from the repositories and running into some weird problem. i do apt-get install php5-imap and it says i have the latest version installed. but then i try php -m \| grep -i imap and it is not listed...what's going on? is there something else i need to do to complete the install?	20:00
zartoosh	hi I am trying to download a binary debian package (not install) and all it dependencies to a particular directory is this possible? thx	20:14
=== matsubara-afk is now known as matsubara
=== alexisb_lunch is now known as alexisb
Chris_hubu	zartoosh, do you mean that you want to only download packages from apt-get?	20:40
Chris_hubu	apt-get has a "download only" option	20:40
Chris_hubu	-d, --download-only	20:40
Chris_hubu	Download only; package files are only retrieved, not unpacked or installed.	20:40
Chris_hubu	Configuration Item: APT::Get::Download-Only.	20:40
rberg_	I was thinking that except it wont download deps that are already installed	20:48
Chris_hubu	apt-get source maybe?	20:53
billy_ran_away	Can anyone help me with my ldap server at home? Upgrading the slapd package broke it...	20:59
billy_ran_away	This is what syslog says http://pastie.org/9394730	21:00
pmatulis	billy_ran_away: says 'invalid dn (cn=admin,dn=therobotis,dn=us)', are you sure that's correct?	21:04
pmatulis	and not 'cn=admin,dc=therobotis,dc=us' ?	21:04
billy_ran_away	pmatulis: It was last time I set it up	21:04
punkgeek	can i remove passphrase when booting?	21:05
pmatulis	punkgeek: remove passphrase of what?	21:07
=== hxm is now known as Guest9741
punkgeek	see, i set password on file system, when i reboot my os, when is boot, need password	21:08
punkgeek	can i remove this?	21:08
pmatulis	punkgeek: what filesystem?	21:08
punkgeek	root	21:08
pmatulis	punkgeek: well how would the system boot?	21:09
zartoosh	Chris_hubu, that worked and thank you.	21:09
Chris_hubu	you're very welcome zartoosh, I'm glad I could help	21:09
punkgeek	???	21:09
pmatulis	punkgeek: is / needed to boot up properly? yes or no?	21:10
billy_ran_away	I don't get what changed in my LDAP setup...	21:11
billy_ran_away	God I wish LDAP wasn't so stupidly complicated...	21:11
pmatulis	billy_ran_away: use ldapwhoami to verify your root dn, the admin guy referred to above	21:11
billy_ran_away	pmatulis: missed that, I'm not on my regular irc client because I can't log in to my regular account and start znc	21:12
punkgeek	yes	21:12
punkgeek	i need boot without passpharse	21:12
pmatulis	punkgeek: so you need to decrypt it first right?	21:12
billy_ran_away	pmatulis: Here's the output http://pastie.org/9394750	21:13
pmatulis	billy_ran_away: you need to provide the usual arguments to ldapwhoami	21:13
billy_ran_away	pmatulis: Like what?	21:14
punkgeek	no no, see i need encrypt my file system, when done it, i see passphare on boot, so i need remove this, what should i do?	21:14
billy_ran_away	root@robot:~# ldapwhoami -h ldapi://ldap Could not create LDAP session handle for URI=ldap://ldapi:%2F%2Fldap (-9): Bad parameter to an ldap routine	21:14
punkgeek	just need remove passphare on booting	21:14
guntbert	punkgeek: thats the point of encryption	21:14
punkgeek	when booting is done, then i need enter passpharse	21:14
punkgeek	is it crazy thing?	21:17
pmatulis	billy_ran_away: ldapwhoami -x -D "cn=admin,dc=example,dc=com,dc=au" -w secret	21:18
pmatulis	punkgeek: no, it's not crazy. you need to supply a password in order to decrypt your root filesystem. that's all. you might be able to keep some filesystems encrypted that are not necessary for booting however	21:19
billy_ran_away	pmatulis: Sweet that did it, but now what? http://pastie.org/9394769	21:19
pmatulis	billy_ran_away: congratulations. you verified your root dn	21:19
billy_ran_away	pmatulis: Great, but that's exactly what I have in my ldap.conf	21:20
punkgeek	so what should i do?	21:20
pmatulis	billy_ran_away: now you need to figure out why your logs show a different root dn	21:20
pmatulis	punkgeek: supply the password	21:20
rberg_	punkgeek: maybe you can embed your passphrase in the initramfs.. but then why encrypt root at all?!	21:20
billy_ran_away	Jul 15 17:20:26 robot slapd[27226]: conn=1063 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)	21:20
billy_ran_away	pmatulis: They do?	21:20
pmatulis	billy_ran_away: yup. now what is triggering that	21:21
billy_ran_away	pmatulis: Oh dn vs dc?	21:21
pmatulis	billy_ran_away: yep	21:21
pmatulis	i gotta go guys, good luck	21:23
punkgeek	can i encrypt just apache files?	21:26
sarnold	punkgeek: what is your goal?	21:26
billy_ran_away	grep -ri dn=therobotis /etc/ shows nothing...	21:27
punkgeek	see, i have any files in /var/www and i need encrypt this file, and then get backup os, and send it to users	21:28
punkgeek	php encyption is not good, so i need to do this work	21:28
sarnold	punkgeek: so, you want to serve encrypted files to your clients, and them decrypt the file?	21:29
punkgeek	and, php should be work on the web server	21:29
punkgeek	no	21:30
DeltaHeavy	punkgeek: PHP encryption is as good as the algo you use.	21:33
billy_ran_away	Anyone know much about slapd?	21:34
punkgeek	can i just encypt /var/www ?	21:35
=== kickinz1 is now known as kickinz1\|away
DeltaHeavy	punkgeek: It sounds like you're going about this in all the wrong way. What exactly ware you trying to encrypt?	21:35
sarnold	punkgeek: who will decrypt its contents? how? why?	21:38
sarnold	punkgeek: what threat are you trying to mitigate?	21:38
billy_ran_away	anyone know how to change the dn slapd binds to?	21:44
sarnold	billy_ran_away: would that be in /etc/ldap/slapd.conf, rootdn? see e.g. https://help.ubuntu.com/community/OpenLDAPServer	21:45
billy_ran_away	sarnold: I don't have that file...	21:46
billy_ran_away	sarnold: root@robot:~# ls /etc/ldap/ sasl2 schema slapd.d ssl	21:46
sarnold	billy_ran_away: ahhh, I just found https://help.ubuntu.com/14.04/serverguide/openldap-server.html -- which has a the slapd.d configuration ... interesting	21:47
sarnold	it looks Complicated :)	21:48
billy_ran_away	why does this package have to break so often?	21:49
billy_ran_away	setting up an ldap server on ubuntu was a horrible mistake...	21:49
billy_ran_away	I'm stuck.	21:58
billy_ran_away	I'm just so pissed off.	21:58
billy_ran_away	I hate LDAP and I hate Ubuntu.	21:58
DeltaHeavy	billy_ran_away: Take a break :p	21:59
billy_ran_away	I don't understand why the package maintainers feel it necessary to break existing installs.	21:59
rbasak	billy_ran_away: it is incredibly difficult to manage feature updates in packages while also not breaking some user somewhere. There are hundreds of use cases, most of them unknown to package maintainers.	22:02
rbasak	billy_ran_away: this is the nature of server packages.	22:02
rbasak	billy_ran_away: to mitigate this, the only reasonable thing to do is to maintain your installation as a codified delta of the default, eg. with configuration management.	22:02
billy_ran_away	rbasak: That nature breaks Ubuntu for the hobbyist.	22:02
rbasak	billy_ran_away: it's a fundamental problem with the way server components are used. This nature isn't Ubuntu-specific. All distros have the same essential issue.	22:03
rbasak	billy_ran_away: we're trying to solve it with Juju and charms to codify specific use cases, rather than having users install some default and then customize it in some way that we don't know so can't provide an upgrade path for.	22:04
sarnold	it's rare software that the developers stop poking at it and changing things. if they do, people complaint it's "no longer maintained" and re-write it without learning the lessons from the existing tools. heh.	22:04
billy_ran_away	rbasak: Well I'm stuck and I have no idea where slapd is getting it's bind dn set from.	22:04
billy_ran_away	Because it's not /etc/ldap.conf as it used to be.	22:05
rbasak	sarnold: well, that happens too. But if you don't want to change things, then no need to upgrade to a new release.	22:05
rbasak	sarnold: if a majority did that, then we'd have longer supported LTSes :)	22:05
billy_ran_away	Jul 15 18:05:47 robot slapd[28299]: conn=1144 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)	22:06
billy_ran_away	where in the world is it getting those dn's from?	22:06
billy_ran_away	grep -r dn=therobotis /etc returns nothing	22:06
sarnold	billy_ran_away: grep -r therobotis /etc ?	22:06
billy_ran_away	sarnold: grep -r dc=therobotis returns lots of stuff	22:06
rbasak	Isn't the bind DN a client thing?	22:06
billy_ran_away	but dn	22:06
rbasak	And how is dn= there twice? That makes no sense.	22:08
billy_ran_away	rbasak: That's what I'm wondering and I have no idea.	22:08
rbasak	billy_ran_away: I'm pretty sure that you have a client configuration problem there. Not slapd.	22:09
rbasak	But it's been a long time since I touched LDAP.	22:09
bitfury_	hi	22:17
billy_ran_away	LDAP is frustrating because all of it's configuration is in LDAP itself...	22:17
billy_ran_away	Like I want to raise the logging level so I can figure out where those errors are coming from	22:17
bitfury_	I'm trying to set up a simple load balancing in apache2 as follows: http://pastebin.com/ujP3Jtyp	22:18
bitfury_	but get: [proxy:crit] [pid 5543] AH02432: Cannot find LB Method: byrequests	22:18
bitfury_	[proxy_balancer:emerg] [pid 5543] (22)Invalid argument: AH01183: Cannot share balancer	22:19
=== Guest9741 is now known as hxm
bitfury_	[:emerg] [pid 5543] AH00020: Configuration Failed, exiting	22:19
bitfury_	what did i miss? :\	22:19
sarnold	bitfury_: try "a2enmod lbmethod_byrequests" ?	22:21
bitfury_	sarnold: wow it worked, not sure how I would live without IRC experts :D	22:22
bitfury_	thank you	22:22
bitfury_	been going at it for more than an hour. fml.	22:22
sarnold	bitfury_: heh, it's just a knack for finding the gems amongst the weeds of the internet..	22:22
bitfury_	;)	22:23
* Patrickdk wonders		22:31
Patrickdk	is sarnold a gem or weed	22:31
sarnold	Patrickdk: depends if I'm asking or answering the questions :) haha	22:31
Patrickdk	oh, I lately setup the apache lb	22:33
rbasak	billy_ran_away: AFAICS, they're coming from an LDAP client. Configuration of how your client connects to LDAP cannot be in LDAP itself.	22:36
billy_ran_away	rbasak: Yea that makes sense... but the only client I have up right now is the server itself...	22:36
rbasak	I suppose it could be some kind of loopback thing	22:37
billy_ran_away	My one other server that uses ldap is currently fscking its filesystem after going 222 days without a check, ugh	22:37
rbasak	tcpdump/wireshark to eliminate network LDAP traffic?	22:37
rbasak	ANd if you do see network traffic and it's loopback, then track that down to a binary using lsof or netstat	22:38
billy_ran_away	oh shit I know what it is!	22:38
billy_ran_away	rbasak: THANK YOU!	22:41
billy_ran_away	rbasak: It was fucking kerio-connect that I never got working but left installed	22:41
K4k	has anyone here had any luck setting up auto-failback using heartbeat? I've gotten it to where node2 will assume the shared IP address if node1 goes offline but when node1 comes back up and re-assumes the shared IP, node2 doesn't release the IP. This results in node1 serving up the web traffic and node2 responding to pings and a myriad of other messiness...	22:42
sarnold	rbasak: magic as always :)	22:42
billy_ran_away	But now I think I know one reason why it didn't work...	22:42
rbasak	billy_ran_away: np. Glad you fixed it. Hope your impression of Ubuntu is better now :)	22:42
billy_ran_away	rbasak: thanks to you, yes	22:43
billy_ran_away	:)	22:43
Patrickdk	k4k, haven't used hearbeat	22:44
Patrickdk	I normally stick to pacemaker	22:44
K4k	Patrickdk: I wonder how they compare. I'm open to suggestion	22:45
Patrickdk	made by the same people	22:45
Patrickdk	but heartbeat almost never fit my needs	22:46
K4k	How does pacemaker differ?	22:46
K4k	I'm just looking for a way to get my web proxy to be aware if it goes down and fail the IP over to some other system.	22:47
Patrickdk	pacemaker doesn't any of that stuff	22:47
Patrickdk	it only manages resources	22:47
Patrickdk	it doesn't monitor, normally	22:47
Patrickdk	I think heartbeat monitors	22:47
rbasak	According to the package descriptions, heartbeat is "one of the messaging layers supported by the Pacemaker cluster resource manager."	22:48
Patrickdk	yep	22:48
rbasak	pacemaker depends on libheartbeat2	22:48
Patrickdk	heh? don't think so	22:48
Patrickdk	oh ya, it does have that	22:49
rbasak	Oh no, sorry	22:49
Patrickdk	but not the userland config	22:49
rbasak	Well	22:49
rbasak	also corosync \| heartbeat	22:49
rbasak	Anyway, I don't know HA stuff very well	22:49
Patrickdk	yep, I use corosync	22:49
Patrickdk	corosync -> pacemaker	22:49
rbasak	I only know that it exists, and pacemaker+corosync seems to be the standard on Ubuntu.	22:49
Patrickdk	ya, I can't answer for his heartbeat issues	22:50
Patrickdk	I know pacemaker won't let that happen	22:50
Patrickdk	but he would likely want the stick resources options, so they don't auto-fallback	22:50
=== Lcawte is now known as Lcawte\|Away
K4k	Yeah, it's something to do with the auto-failback I think. I'll look into the corosync\|pacemaker	22:50
Patrickdk	how to do that on heartbeat, dunno	22:50
bitfury	!info redmine	22:53
ubottu	redmine (source: redmine): flexible project management web application. In component universe, is extra. Version 2.4.2-1 (trusty), package size 4434 kB, installed size 13445 kB	22:53
K4k	stupid firewall	22:57
K4k	iptables was blocking the udp port that heartbeat was using to communicate	22:58
K4k	chears	22:58
K4k	cheers*	22:58
* K4k is going home...		22:58
Patrickdk	:)	23:11
=== jdowdle is now known as jdowdle\|away
=== jdowdle\|away is now known as jdowdle

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!