[01:44] <axiom> question, I'm new to linux, been off and on with the desktop, with that being said. I want to fully move away from windows. I have a desktop pc that I dont use and want to install ubuntu server on it. My primary focus on it as of right now is setting it up to do backups of my labtop and possibly external hd. What all area's of a server system should I start and focus on?
[01:45] <sarnold> axiom: I'd give a quick read to the server guide: https://help.ubuntu.com/14.04/serverguide/
[01:45] <sarnold> axiom: feel free to skip things that don't make sense (and skip DM-multipath entirely)
[01:45] <sarnold> hopefully you'll find interesting things to do with it :)
[01:48] <axiom> I'm also new to irc, not sure how u replied in red but ty for the link. hopefully that will help get me going. Would u recommend backup software or a cron script for it?
[01:49] <sarnold> axiom: I just typed your name in the front of the line :) -- most irc clients will highlight whatever lines have the nickname in it..
[01:50] <sarnold> axiom: .. and to type 'axiom' it's even easier than that, I just type 'ax<tab>' and my client fills in the rest -- yours probably does too
[01:51] <axiom> sarnold, lol that it does. learn something new every day :)
[01:51] <sarnold> axiom: I use rsnapshot for backups; there's a lot of choices for backups, it's hard finding the "right" one to use..
[01:51] <Patrickdk> but dm-multipath is nice :)
[01:51] <Patrickdk> works good for my dual ported disks :)
[01:52] <sarnold> axiom: bacula, amanda, rsnapshot, dejadup, duplicity, etc. etc. etc. you can go crazy trying to compare them all.
[01:52] <Patrickdk> wait? all you want is to backup your laptop to it?
[01:52] <axiom> sarnold, I have a book on backup and restore, and they talk about bacula, ntbackup, tar, dd, amanda,
[01:52] <sarnold> Patrickdk: hehe yeah, I had a fun two days reading the dm-multipath docs before coming to terms with the fact that I just can't afford that kind of hardware
[01:53] <Patrickdk> simple to just use the build in backup in ubuntu to other server ssh account :)
[01:53] <Patrickdk> sarnold, heh
[01:53] <sarnold> axiom: tar and dd are fantastic tools but you wouldn't want to start there for a full backup system :)
[01:54] <axiom> Patrickdk, thats just a start to get me working with the server side. eventually i'm going to build a rackmout to host vm's firewall and other things
[01:54] <Patrickdk> ya, tar/dd aren't really for backups, unless your doing offline backups
[01:54] <sarnold> Patrickdk: though I did get to wondering about some sata<-> sas interposers I've heard about... would they increase reliability by adding new lanes? or decrease reliability because HOLY COW SATA WASN"T MEANT FOR THAT!! :)
[01:54] <Patrickdk> sarnold, depends on how you use it :)
[01:54] <Patrickdk> you must only use one lane at a time, normally with those
[01:55] <Patrickdk> they increase reliability, due to path failure (cable/hba/...)
[01:55] <Patrickdk> not due to disk failure
[01:55] <Patrickdk> and your still limited to 1/4th the bandwidth sas would have
[01:55] <sarnold> not 1/2?
[01:55] <Patrickdk> nope
[01:55] <sarnold> cripes
[01:55] <Patrickdk> two ports, bi-directional
[01:56] <Patrickdk> sata is half duplex
[01:56] <sarnold> omg how am I just now learning that?
[01:56] <Patrickdk> though I will say, most sas systems don't use both ports at once
[01:56] <Patrickdk> I'm doing a loadbalancing thing
[01:56] <sarnold> *sigh* I wish you were close enough to answer my stupid questions over beers or something. :)
[01:56] <Patrickdk> do keep down cache clutter on the disks :)
[01:56] <Patrickdk> it switches sas path's every other 1MB of disk space
[01:57] <sarnold> wow, why so fast?
[01:57] <Patrickdk> hmm?
[01:57] <Patrickdk> I have the extra wires, why not make them do something more than failover
[01:57] <sarnold> isn't that switching some 20-30 times per second?
[01:57] <Patrickdk> no, no
[01:58] <Patrickdk> the disk appears as two disks
[01:58] <Patrickdk> cause of the two ports
[01:58] <sarnold> *boggle*
[01:58] <Patrickdk> for odd megs, I read/write using port 1, and evens on port 2
[01:58] <Patrickdk> do double speed, and better latency
[01:59] <Patrickdk> the issue normally with using both ports randomly
[01:59] <FFForever2> How do I solve ingoring unknown interface eth0=eth0 when trying to configure a static IP after installation without networking? I added it the debian way in /etc/network/interfaces (with auto eth0)
[01:59] <Patrickdk> is they have a habbit of flushing cache when you access the same place on both ports
[01:59] <Patrickdk> and that happens suprisingly often
[02:00] <sarnold> Patrickdk: oh! I could see that.
[02:00] <sarnold> FFForever2: can you pastebin your /etc/network/interfaces file?
[02:00] <sarnold> Patrickdk: at least, if I were a drive firmware author, I'd be sorely tempted to do the same :)
[02:01] <sarnold> Patrickdk: how do those drives show up if they look like two drives? how do you add them to your pools?
[02:01] <Patrickdk> really though, I normally use linux multipath for iscsi/fc
[02:01] <Patrickdk> and do most of my sas multipath on solaris
[02:01] <sarnold> ahhhhhh
[02:01] <Patrickdk> they show up as two disks
[02:01] <Patrickdk> you use dm-multipath to join them into a single disk (based on wwn)
[02:01] <FFForever2> sarnold, I'm an idiot. I had to save locally and cp it as I forgot to sudo vi. I copied it to /etc/interfaces... whoops. Fixed. Sorry to waste your guy's time.
[02:02] <Patrickdk> then add the dm-multipath devices to your pool
[02:02] <sarnold> FFForever2: success :)
[02:03] <sarnold> Patrickdk: cool :) so.... would those interposers fit into a standard disk chassis? or do they only work for desktop-style systems with loads of clearance behind the drives?
[02:03] <Patrickdk> both, depending
[02:04] <Patrickdk> like dell, their trays have two mounting options
[02:04] <Patrickdk> sas and sata
[02:04] <Patrickdk> the sata is where you mount a sata with interposer
[02:04] <Patrickdk> and sas if you don't use the interposer
[02:04] <Patrickdk> so it will depend on your chassis
[02:05] <FFForever2> I added two nameserver entries for 8.8.8.8/8.8.4.4 to /etc/resolv but I still can't ping google.com. I can ping both of the addresses though.
[02:06] <sarnold> FFForever2: resolv or resolv.conf?
[02:07] <FFForever2> sarnold, I need coffee and fast.
[02:08] <sarnold> FFForever2 :) might be good to go take care of that before much more typing, hehe
[02:11] <Patrickdk> sarnold, just setup iscsi :)
[02:11] <Patrickdk> that is the most simple solution to playing with dm-multipath
[02:12] <sarnold> Patrickdk: well, the box I hope to build -would- make a nice iscsi target
[02:12] <sarnold> Patrickdk: and i'd given up on mutlipath on that both but now you've got me wondering again :)
[02:12] <Patrickdk> it's fun to play with :)
[02:13] <Patrickdk> multipath wins over lacp any day :)
[02:13] <sarnold> Patrickdk: oooooo
[02:14] <Patrickdk> well, lacp caps you at the max speed of a single one
[02:14] <Patrickdk> sure you could make like 8 connections, but no guarrentee they will load up evenly
[02:15] <Patrickdk> multipath makes one per path, and depending on how you want to use them, loads them all up evenly
[02:15] <Patrickdk> and just stops using broken ones as needed
[02:15] <Patrickdk> goes through ip addresses quicker though
[02:16] <sarnold> Patrickdk: does the linux iscsi stuff work well enough with multipath? or is that another case where you'd rather use illumos / solaris?
[02:16] <Patrickdk> I haven't attempted it as a server
[02:16] <Patrickdk> but shouldn't matter much
[02:17] <Patrickdk> for client side, on linux it's much simpler, as it's just normal iscsi clients and normal dm-multipath
[02:17] <Patrickdk> but for iscsi target, it would matter
[02:18] <Patrickdk> I would be suprised though, if it fell apart on you, as it should be a normal usecase for esxi
[02:18] <axiom_1> that was a pain trying to register a nickname lol
[02:18] <sarnold> axiom_1: yes :)
[02:19] <axiom_1> should I set the server to install security updates automatically or whats best for a sys admin approach?
[02:19] <Patrickdk> depends on how much you watch it :)
[02:19] <Patrickdk> do you want it to randomly break on it's own? or only when you break it?
[02:20] <Patrickdk> that last php security update, cause some breakage
[02:20] <axiom_1> well i'm always on my computers, i have no life lol. and wanting to get a jump start to my cs career
[02:20] <Patrickdk> if you don't mine random issues sometimes, I would go for autoupdate
[02:20] <Patrickdk> as you can be more lazy
[02:20] <axiom_1> well either way, the logs should be able to tell me what happen, I would hope lol
[02:20] <Patrickdk> if you do maintain it every week, manual is fine
[02:21] <axiom_1> guess im going for the manual to learn the hard way :)
[02:21] <sarnold> well, that's just "apt-get update && apt-get -u dist-upgrade"  every day or so :)
[02:21] <Patrickdk> well, for all updates not just security :)
[02:22] <Patrickdk> but that is what I do
[02:22] <Patrickdk> I watch the security bullitens, and run an update on my test machine
[02:22] <Patrickdk> then I push it out to the others
[02:22] <Patrickdk> probably why I don't have that apt-cacher-ng multiaccess issue you have sarnold
[02:23] <Patrickdk> test run is good for something :)
[02:24] <axiom_1> Patrickdk, ok i know this is going to sound dumb, how do u push it down to your other clients?
[02:24] <sarnold> Patrickdk: well, I abused the heck out of that poor cacher; a dozen build schroots, a dozen VMs, plus local use. I'd routinely start up a handful of updates at a time just to keep the cache hot :) hehe
[02:26] <Patrickdk> push it down?
[02:26] <axiom_1> yea
[02:26] <sarnold> axiom_1: updates are best pulled on every client machine on their own schedule..
[02:26] <sarnold> axiom_1: if you've got more than a handful of systems to do updates, you'd want a tool like landscape or puppet or chef or ansible to help you keep track of them all
[02:27] <Patrickdk> or cluster-ssh, apt-get dist-upgrade :)
[02:27] <Patrickdk> na, I just have a nice large bash script I use to kick them all off
[02:28] <Patrickdk> puppet I use, chef, I dunno, I just can't get around that one
[02:28] <sarnold> heh, understood
[02:28] <Patrickdk> but I like my bash script :)
[02:28] <axiom_1> sarnold, ah k, yea i was thinking of a script or some tool like you said.
[02:28] <axiom_1> yea i can't rap my head around bash or python :(
[02:28] <Patrickdk> it tells my loadbalancer to take it offline, runs the updates, reboots, then turns it back on the loadbalancer
[02:28] <Patrickdk> around bash? it's just command line in a file
[02:29] <Patrickdk> just like dos batch files :)
[02:29] <axiom_1> I never really messed with dos batch files
[02:29] <sarnold> except less horrible
[02:29] <sarnold> Patrickdk: nice; how far apart between your updates?
[02:29] <Patrickdk> between systems?
[02:29] <Patrickdk> normally 1 or 2 min
[02:30] <Patrickdk> it waits for it to come backon, before moving to the next server in the same cluster
[02:30] <axiom_1> Patrickdk, is this your personal setup or your work environment?
[02:30] <Patrickdk> both
[02:30] <sarnold> :)
[02:31] <axiom_1> nice
[02:31] <Patrickdk> my personal work enviroment, as I own the company
[02:31] <axiom_1> what kind of company is that if you don't mind me asking?
[02:31] <Patrickdk> this one, just webhosting/email
[02:32] <axiom_1> see, I have no clue how any of that would work lol
[02:33] <sarnold> axiom_1: apt-get install apache    or apt-get install nginx  and start fiddling with it :) hehe
[02:34] <axiom_1> should I let kexec-tool handle reboots?
[02:34] <FFForever2> How can I figure out why post-up isn't executing?
[02:34] <FFForever2> (in /etc/network/interfaces for eth0)
[02:34] <sarnold> axiom_1: email is far more complicated. time was you'd just throw up a mail server, imap server, and call it a day, but modern anti-spam means mail servers need tons of love and care. it's a royal hassle.
[02:35] <axiom_1> lol i got alot of reading to do. There goes what life I had if any
[02:35] <Patrickdk> web is the same, as soon as you install your first cgi :)
[02:35] <sarnold> FFForever2: check exec bits on referenced files, use full paths...
[02:35] <sarnold> Patrickdk: *shudder*
[02:35] <axiom_1> ya'll are going to make my brain explode :)
[02:36] <sarnold> axiom_1: that's my feeling every time talking with Patrickdk :) hehe
[02:37] <Patrickdk> heh, my issue is, I like to learn
[02:37] <Patrickdk> and I must know everything from the base up
[02:37] <sarnold> *nod* *nod*
[02:37] <axiom_1> my issue is I have a hard time learning
[02:37] <Patrickdk> just grab some rfc's and have a bathroom break :)
[02:37] <sarnold> axiom_1: you're here, you're tring things :) that's most of it, right there
[02:37] <sarnold> dinner time :)
[02:37] <axiom_1> sarnold, enjoy
[02:37] <Patrickdk> I've been playing, since I was 8
[02:38] <Patrickdk> and on linux since well, v1.2
[02:39] <axiom_1> I started late, I've been off and on with ubuntu desktop. But I finally getting my hands around the desktop portion somewhat. Still having issues with the terminal but I'm sure time will get me there
[02:39] <Patrickdk> big thing is, don't follow tutorials/blogs
[02:39] <axiom_1> well damn
[02:39] <Patrickdk> if something looks ok, make sure you crosscheck it with the manual
[02:39] <axiom_1> maybe thats why im having issues :)
[02:40] <Patrickdk> I even apply that to ubuntu serverguide
[02:40] <axiom_1> Patrickdk, would u recommend kexec-tools to handle reboots or should I do it manually?, the ubuntu server guide doesn't say anything about it.
[02:41] <Patrickdk> mainly cause the serverguide is normally the bare basics to make it work, not specifically functional
[02:41] <Patrickdk> I thought kexec was a payed for service
[02:41] <axiom_1> nope, I just downloaded and installed it
[02:41] <Patrickdk> so the tools will be useless without the kexec patches you get from that service
[02:41] <axiom_1> well damn
[02:42] <Patrickdk> and that would only handle kernel vaunerabilities, and cause it so you don't need to reboot
[02:42] <Patrickdk> but you still need to install and restart applications
[02:42] <Patrickdk> s/install/update
[02:43] <Patrickdk> oh, kexec isn't what I thought it was
[02:43] <axiom_1> lol
[02:43] <Patrickdk> it's like solaris fastboot
[02:43] <axiom_1> oh k
[02:43] <Patrickdk> it will depend on your hardware and drivers
[02:43] <Patrickdk> if it works or not
[02:43] <axiom_1> well i pressed no for it to handle reboots
[02:44] <axiom_1> I can always play around with it and see how it goes
[02:44] <axiom_1> it's just a learning comp atm anyways
[02:45] <Patrickdk> I was thinking of ksplice
[03:54] <sarkis> hey all, i can't get libcurl.a to install on 14.04
[03:55] <sarkis> anyone know which package provides it? it's apparently not libcurl4-openssl-dev
[04:31] <soren> sarkis: http://packages.ubuntu.com/search?searchon=contents&keywords=libcurl.a&mode=exactfilename&suite=trusty&arch=any
[04:31] <soren> sarkis: apt-file will also answer that sort of question for you.
[06:27] <Abhijit> kindly help me with ubuntu preseed issue as described here http://ubuntuforums.org/showthread.php?t=2234480&p=13073762#post13073762
[06:27] <Abhijit> this is not a cobbler issue.
[06:27] <Abhijit> its purely preseed + ubuntu issue.
[06:39] <sarnold> Abhijit: are you confident the mini iso supports the preseed files?
[06:40] <Abhijit> sarnold, i tried with serveriso too. same issue.
[06:40] <Abhijit> let me try once again to be sure.
[06:50] <Abhijit> sarnold, same issue with server iso. why does it try to configure network with dhcp? centos never ask me for dhcp. dhcp server is already running and its already assigned the ip to nic of target machine. then why ubuntu again ask me to run dhcp? how can i disable dhcp from kickstart or preseed?
[06:50] <Abhijit> also i tried both kickstart and preseed file for ubunt. both gives same error.
[06:50] <sarnold> Abhijit: sorry, I've never used preseed files, no idea why it is failing
[06:50] <Abhijit> ok
[06:50] <Abhijit> sarnold, did you used kickstart/
[06:51] <sarnold> Abhijit: no
[06:51] <Abhijit> ok.np.
[07:09] <Abhijit> sarnold, is there any other alternate automating and provisioning softaware which works 100% compatible with ubuntu / debian?
[08:34] <see1> hello
[08:34] <see1> what means this? W: GPG error: http://de.archive.ubuntu.com precise-security Release: Unknown error executing gpgv
[10:53] <hxm> i have installed the package gitweb and it asked nothing, how can I see what is the url path?
[10:53] <hxm> ah, found the gitweb.conf
[10:56] <Chris_hubu> hi guys
[10:56] <Chris_hubu> has anyone ever used opennebula on ubuntu server here?
[14:31] <MACscr> for a server, is ok to completely disable and possibly remove plymouth? Its a headless system, so i dont see a point in having it
[14:32] <MACscr> and is the only option for disabling it in grub?
[15:01] <rberg_> I found that you do need to have plymouth installed or else you break the recovery system
[15:01] <rberg_> at least on 12.04
[15:02] <rberg_> eg: if A disk is missing during boot you will be asked "skip or manual recovery" without plymouth installed there is no way to answer that question and the system will wait forever
[15:02] <qman> Same on 10.04
[15:03] <qman> Or at least very similar, mine just sat there with a blinking cursor, no messages
[15:11] <MACscr> that stinks
[15:12] <qman> Yep, but that's the way it is, just have to put up with plymouth if you want ubuntu to work properly
[15:16] <rberg_> you can install the txt theme
[15:16] <MACscr> i see a lot of these i my dmesg output http://pastie.org/pastes/9393758/text?key=asmwxhqvj6h1ksw7wbexqw
[15:32] <lordievader> Good afternoon.
[15:39] <RoyK> afternoon
[15:39] <lordievader> Hey RoyK, how are you?
[15:39] <RoyK> fine, thanks
[16:09] <rberg_> "install-keymap us-latin1" "unknown charset unicode - ignoring charset request"  what does this mean?
[16:09] <hxm> how to run a cron every 61 seconds?
[16:10] <rberg_> crontab to run every min with a sleep 1 ?
[16:11] <hxm> yes I was thinking that right now
[19:42] <punkgeek> how to encrypting root partition with LUKS?
[19:48] <pmatulis> punkgeek: use the installer
[19:48] <punkgeek> ont unstand :D
[19:48] <pmatulis> hm?
[19:50] <punkgeek> https://help.ubuntu.com/community/EncryptedFilesystem is it good for me?
[19:51] <lordievader> punkgeek: The installer will guide you through setting up an luks encrypted install.
[19:52] <xnox> punkgeek: desktop installer -> full disk encryption is one tickbox + password.
[19:52] <xnox> punkgeek: in server installer it's change default to encrypted + password.
[19:53] <punkgeek> ???
[19:54] <lordievader> !ir | punkgeek
[19:54] <lordievader> Might be easier ;)
[19:54] <punkgeek> its empthy :-"
[20:00] <ses1984> hi, i'm trying to use php5-imap module from the repositories and running into some weird problem. i do apt-get install php5-imap and it says i have the latest version installed. but then i try php -m | grep -i imap and it is not listed...what's going on? is there something else i need to do to complete the install?
[20:14] <zartoosh> hi I am trying to download a binary debian package (not install) and all it dependencies to a particular directory is this possible? thx
[20:40] <Chris_hubu> zartoosh, do you mean that you want to only download packages from apt-get?
[20:40] <Chris_hubu> apt-get has a "download only" option
[20:40] <Chris_hubu> -d, --download-only
[20:40] <Chris_hubu>      Download only; package files are only retrieved, not unpacked or installed.
[20:40] <Chris_hubu>      Configuration Item: APT::Get::Download-Only.
[20:48] <rberg_> I was thinking that except it wont download deps that are already installed
[20:53] <Chris_hubu> apt-get source maybe?
[20:59] <billy_ran_away> Can anyone help me with my ldap server at home? Upgrading the slapd package broke it...
[21:00] <billy_ran_away> This is what syslog says http://pastie.org/9394730
[21:04] <pmatulis> billy_ran_away: says 'invalid dn (cn=admin,dn=therobotis,dn=us)', are you sure that's correct?
[21:04] <pmatulis> and not 'cn=admin,dc=therobotis,dc=us' ?
[21:04] <billy_ran_away> pmatulis: It was last time I set it up
[21:05] <punkgeek> can i remove passphrase when booting?
[21:07] <pmatulis> punkgeek: remove passphrase of what?
[21:08] <punkgeek> see, i set password on file system, when i reboot my os, when is boot, need password
[21:08] <punkgeek> can i remove this?
[21:08] <pmatulis> punkgeek: what filesystem?
[21:08] <punkgeek> root
[21:09] <pmatulis> punkgeek: well how would the system boot?
[21:09] <zartoosh> Chris_hubu, that worked and thank you.
[21:09] <Chris_hubu> you're very welcome zartoosh, I'm glad I could help
[21:09] <punkgeek> ???
[21:10] <pmatulis> punkgeek: is / needed to boot up properly?  yes or no?
[21:11] <billy_ran_away> I don't get what changed in my LDAP setup...
[21:11] <billy_ran_away> God I wish LDAP wasn't so stupidly complicated...
[21:11] <pmatulis> billy_ran_away: use ldapwhoami to verify your root dn, the admin guy referred to above
[21:12] <billy_ran_away> pmatulis: missed that, I'm not on my regular irc client because I can't log in to my regular account and start znc
[21:12] <punkgeek> yes
[21:12] <punkgeek> i need boot without passpharse
[21:12] <pmatulis> punkgeek: so you need to decrypt it first right?
[21:13] <billy_ran_away> pmatulis: Here's the output http://pastie.org/9394750
[21:13] <pmatulis> billy_ran_away: you need to provide the usual arguments to ldapwhoami
[21:14] <billy_ran_away> pmatulis: Like what?
[21:14] <punkgeek> no no, see i need encrypt my file system, when done it, i see passphare on boot, so i need remove this, what should i do?
[21:14] <billy_ran_away> root@robot:~# ldapwhoami -h ldapi://ldap Could not create LDAP session handle for URI=ldap://ldapi:%2F%2Fldap (-9): Bad parameter to an ldap routine
[21:14] <punkgeek> just need remove passphare on booting
[21:14] <guntbert> punkgeek: thats the point of encryption
[21:14] <punkgeek> when booting is done, then i need enter passpharse
[21:17] <punkgeek> is it crazy thing?
[21:18] <pmatulis> billy_ran_away: ldapwhoami -x -D "cn=admin,dc=example,dc=com,dc=au" -w secret
[21:19] <pmatulis> punkgeek: no, it's not crazy.  you need to supply a password in order to decrypt your root filesystem.  that's all.  you might be able to keep some filesystems encrypted that are not necessary for booting however
[21:19] <billy_ran_away> pmatulis: Sweet that did it, but now what? http://pastie.org/9394769
[21:19] <pmatulis> billy_ran_away: congratulations.  you verified your root dn
[21:20] <billy_ran_away> pmatulis: Great, but that's exactly what I have in my ldap.conf
[21:20] <punkgeek> so what should i do?
[21:20] <pmatulis> billy_ran_away: now you need to figure out why your logs show a different root dn
[21:20] <pmatulis> punkgeek: supply the password
[21:20] <rberg_> punkgeek: maybe you can embed your passphrase in the initramfs.. but then why encrypt root at all?!
[21:20] <billy_ran_away> Jul 15 17:20:26 robot slapd[27226]: conn=1063 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)
[21:20] <billy_ran_away> pmatulis: They do?
[21:21] <pmatulis> billy_ran_away: yup.  now what is triggering that
[21:21] <billy_ran_away> pmatulis: Oh dn vs dc?
[21:21] <pmatulis> billy_ran_away: yep
[21:23] <pmatulis> i gotta go guys, good luck
[21:26] <punkgeek> can i encrypt just apache files?
[21:26] <sarnold> punkgeek: what is your goal?
[21:27] <billy_ran_away> grep -ri dn=therobotis /etc/ shows nothing...
[21:28] <punkgeek> see, i have any files in /var/www and i need encrypt this file, and then get backup os, and send it to users
[21:28] <punkgeek> php encyption is not good, so i need to do this work
[21:29] <sarnold> punkgeek: so, you want to serve encrypted files to your clients, and them decrypt the file?
[21:29] <punkgeek> and, php should be work on the web server
[21:30] <punkgeek> no
[21:33] <DeltaHeavy> punkgeek: PHP encryption is as good as the algo you use.
[21:34] <billy_ran_away> Anyone know much about slapd?
[21:35] <punkgeek> can i just encypt /var/www ?
[21:35] <DeltaHeavy> punkgeek: It sounds like you're going about this in all the wrong way. What exactly ware you trying to encrypt?
[21:38] <sarnold> punkgeek: who will decrypt its contents? how? why?
[21:38] <sarnold> punkgeek: what threat are you trying to mitigate?
[21:44] <billy_ran_away> anyone know how to change the dn slapd binds to?
[21:45] <sarnold> billy_ran_away: would that be in /etc/ldap/slapd.conf, rootdn? see e.g. https://help.ubuntu.com/community/OpenLDAPServer
[21:46] <billy_ran_away> sarnold: I don't have that file...
[21:46] <billy_ran_away> sarnold: root@robot:~# ls /etc/ldap/ sasl2  schema  slapd.d  ssl
[21:47] <sarnold> billy_ran_away: ahhh, I just found https://help.ubuntu.com/14.04/serverguide/openldap-server.html -- which has a the slapd.d configuration ... interesting
[21:48] <sarnold> it looks Complicated :)
[21:49] <billy_ran_away> why does this package have to break so often?
[21:49] <billy_ran_away> setting up an ldap server on ubuntu was a horrible mistake...
[21:58] <billy_ran_away> I'm stuck.
[21:58] <billy_ran_away> I'm just so pissed off.
[21:58] <billy_ran_away> I hate LDAP and I hate Ubuntu.
[21:59] <DeltaHeavy> billy_ran_away: Take a break :p
[21:59] <billy_ran_away> I don't understand why the package maintainers feel it necessary to break existing installs.
[22:02] <rbasak> billy_ran_away: it is *incredibly* difficult to manage feature updates in packages while also not breaking some user somewhere. There are hundreds of use cases, most of them unknown to package maintainers.
[22:02] <rbasak> billy_ran_away: this is the nature of server packages.
[22:02] <rbasak> billy_ran_away: to mitigate this, the only reasonable thing to do is to maintain your installation as a codified delta of the default, eg. with configuration management.
[22:02] <billy_ran_away> rbasak: That nature breaks Ubuntu for the hobbyist.
[22:03] <rbasak> billy_ran_away: it's a fundamental problem with the way server components are used. This nature isn't Ubuntu-specific. All distros have the same essential issue.
[22:04] <rbasak> billy_ran_away: we're trying to solve it with Juju and charms to codify specific use cases, rather than having users install some default and then customize it in some way that we don't know so can't provide an upgrade path for.
[22:04] <sarnold> it's rare software that the developers stop poking at it and changing things. if they do, people complaint it's "no longer maintained" and re-write it without learning the lessons from the existing tools. heh.
[22:04] <billy_ran_away> rbasak: Well I'm stuck and I have no idea where slapd is getting it's bind dn set from.
[22:05] <billy_ran_away> Because it's not /etc/ldap.conf as it used to be.
[22:05] <rbasak> sarnold: well, that happens too. But if you don't want to change things, then no need to upgrade to a new release.
[22:05] <rbasak> sarnold: if a majority did that, then we'd have longer supported LTSes :)
[22:06] <billy_ran_away> Jul 15 18:05:47 robot slapd[28299]: conn=1144 op=5 do_bind: invalid dn (cn=admin,dn=therobotis,dn=us)
[22:06] <billy_ran_away> where in the world is it getting those dn's from?
[22:06] <billy_ran_away> grep -r dn=therobotis /etc returns nothing
[22:06] <sarnold> billy_ran_away: grep -r therobotis /etc  ?
[22:06] <billy_ran_away> sarnold: grep -r dc=therobotis returns lots of stuff
[22:06] <rbasak> Isn't the bind DN a client thing?
[22:06] <billy_ran_away> but dn
[22:08] <rbasak> And how is dn= there twice? That makes no sense.
[22:08] <billy_ran_away> rbasak: That's what I'm wondering and I have no idea.
[22:09] <rbasak> billy_ran_away: I'm pretty sure that you have a client configuration problem there. Not slapd.
[22:09] <rbasak> But it's been a long time since I touched LDAP.
[22:17] <bitfury_> hi
[22:17] <billy_ran_away> LDAP is frustrating because all of it's configuration is in LDAP itself...
[22:17] <billy_ran_away> Like I want to raise the logging level so I can figure out where those errors are coming from
[22:18] <bitfury_> I'm trying to set up a simple load balancing in apache2 as follows: http://pastebin.com/ujP3Jtyp
[22:18] <bitfury_> but get: [proxy:crit] [pid 5543] AH02432: Cannot find LB Method: byrequests
[22:19] <bitfury_> [proxy_balancer:emerg] [pid 5543] (22)Invalid argument: AH01183: Cannot share balancer
[22:19] <bitfury_> [:emerg] [pid 5543] AH00020: Configuration Failed, exiting
[22:19] <bitfury_> what did i miss? :\
[22:21] <sarnold> bitfury_: try "a2enmod lbmethod_byrequests" ?
[22:22] <bitfury_> sarnold: wow it worked, not sure how I would live without IRC experts :D
[22:22] <bitfury_> thank you
[22:22] <bitfury_> been going at it for more than an hour. fml.
[22:22] <sarnold> bitfury_: heh, it's just a knack for finding the gems amongst the weeds of the internet..
[22:23] <bitfury_> ;)
[22:31]  * Patrickdk wonders
[22:31] <Patrickdk> is sarnold a gem or weed
[22:31] <sarnold> Patrickdk: depends if I'm asking or answering the questions :) haha
[22:33] <Patrickdk> oh, I lately setup the apache lb
[22:36] <rbasak> billy_ran_away: AFAICS, they're coming from an LDAP client. Configuration of how your client connects to LDAP cannot be in LDAP  itself.
[22:36] <billy_ran_away> rbasak: Yea that makes sense... but the only client I have up right now is the server itself...
[22:37] <rbasak> I suppose it could be some kind of loopback thing
[22:37] <billy_ran_away> My one other server that uses ldap is currently fscking its filesystem after going 222 days without a check, ugh
[22:37] <rbasak> tcpdump/wireshark to eliminate network LDAP traffic?
[22:38] <rbasak> ANd if you do see network traffic and it's loopback, then track that down to a binary using lsof or netstat
[22:38] <billy_ran_away> oh shit I know what it is!
[22:41] <billy_ran_away> rbasak: THANK YOU!
[22:41] <billy_ran_away> rbasak: It was fucking kerio-connect that I never got working but left installed
[22:42] <K4k> has anyone here had any luck setting up auto-failback using heartbeat? I've gotten it to where node2 will assume the shared IP address if node1 goes offline but when node1 comes back up and re-assumes the shared IP, node2 doesn't release the IP. This results in node1 serving up the web traffic and node2 responding to pings and a myriad of other messiness...
[22:42] <sarnold> rbasak: magic as always :)
[22:42] <billy_ran_away> But now I think I know one reason why it didn't work...
[22:42] <rbasak> billy_ran_away: np. Glad you fixed it. Hope your impression of Ubuntu is better now :)
[22:43] <billy_ran_away> rbasak: thanks to you, yes
[22:43] <billy_ran_away> :)
[22:44] <Patrickdk> k4k, haven't used hearbeat
[22:44] <Patrickdk> I normally stick to pacemaker
[22:45] <K4k> Patrickdk: I wonder how they compare. I'm open to suggestion
[22:45] <Patrickdk> made by the same people
[22:46] <Patrickdk> but heartbeat almost never fit my needs
[22:46] <K4k> How does pacemaker differ?
[22:47] <K4k> I'm just looking for a way to get my web proxy to be aware if it goes down and fail the IP over to some other system.
[22:47] <Patrickdk> pacemaker doesn't any of that stuff
[22:47] <Patrickdk> it only manages resources
[22:47] <Patrickdk> it doesn't monitor, normally
[22:47] <Patrickdk> I think heartbeat monitors
[22:48] <rbasak> According to the package descriptions, heartbeat is "one of the messaging layers supported by the Pacemaker cluster resource manager."
[22:48] <Patrickdk> yep
[22:48] <rbasak> pacemaker depends on libheartbeat2
[22:48] <Patrickdk> heh? don't think so
[22:49] <Patrickdk> oh ya, it does have that
[22:49] <rbasak> Oh no, sorry
[22:49] <Patrickdk> but not the userland config
[22:49] <rbasak> Well
[22:49] <rbasak> also corosync | heartbeat
[22:49] <rbasak> Anyway, I don't know HA stuff very well
[22:49] <Patrickdk> yep, I use corosync
[22:49] <Patrickdk> corosync -> pacemaker
[22:49] <rbasak> I only know that it exists, and pacemaker+corosync seems to be the standard on Ubuntu.
[22:50] <Patrickdk> ya, I can't answer for his heartbeat issues
[22:50] <Patrickdk> I know pacemaker won't let that happen
[22:50] <Patrickdk> but he would likely want the stick resources options, so they don't auto-fallback
[22:50] <K4k> Yeah, it's something to do with the auto-failback I think. I'll look into the corosync|pacemaker
[22:50] <Patrickdk> how to do that on heartbeat, dunno
[22:53] <bitfury> !info redmine
[22:57] <K4k> stupid firewall
[22:58] <K4k> iptables was blocking the udp port that heartbeat was using to communicate
[22:58] <K4k> chears
[22:58] <K4k> cheers*
[22:58]  * K4k is going home...
[23:11] <Patrickdk> :)