/srv/irclogs.ubuntu.com/2014/10/10/#ubuntu-server.txt

crazyhead42	Odd, I know I used sudo nano this time, and it still won't let me write the file.	00:03
crazyhead42	Why wouldn't I, being the first user and using sudo, be able to write a config file?	00:06
sarnold	crazyhead42: did nano give you an exact error message or just some "can't write" error message?	00:09
crazyhead42	"Permision Denied"	00:10
crazyhead42	[ Error in writing vsftpd: Persmission denied ]	00:12
sarnold	crazyhead42: what command did you use to start nano?	00:13
crazyhead42	sudo nano vstpd.conf	00:14
crazyhead42	I'd suspect it was because ftp is running, but that doesn't seem to be a problem in the instructions...	00:28
sarnold	depends; linux won't let you modify a currently-executing binary file, but I doubt that was what you did with nano :)	00:30
sarnold	(of course you can -delete- currently executing binary files no trouble. and you can modify libraries used by processes and they'll probably just crash. go figure.)	00:30
crazyhead42	If it makes things more wierd/clear/muddled, I can't save it as vsftpd1.config either.	00:36
sarnold	you probably don't have write privileges to the containing directory, which makes me wonder if you did use 'sudo' to start it, since root can override permissions on anything .. except for e.g. a read-only mount	00:37
crazyhead42	huh... sudo apt-get seemed to work well.	00:38
crazyhead42	I'll try rebooting though. How do I do that by commandline?	00:39
sarnold	sudo shutdown -r now	00:39
leopardweasel1	Does any one know why I would have a public IPv6 address during the installation of ubuntu server, but not after the installation?	00:41
sarnold	leopardweasel1: check your /etc/network/interfaces to see if you've got the ipv6 configuration defined properly	00:45
leopardweasel1	sarnold: it is set up with the default "auto eth0" and "iface eth0 inet dhcp". It is my router for my home network.	00:47
sarnold	leopardweasel1: aha; you'll need to add some 'inet6' stuff there too	00:48
sarnold	leopardweasel1: check out interfaces(5) for details	00:48
crazyhead42	Negative. It still says permission denied.	00:49
crazyhead42	Could a too long string do it?	00:49
sarnold	crazyhead42: no; if you tried to give a file name too long it would probably be "File name too long" error message instead	00:50
sarnold	crazyhead42: what commands are you running?	00:50
crazyhead42	still sudo nano, but I accidently ctrl z'd out, and now it's saying no write permission	00:51
sarnold	could you pastebin the last ten or twenty lines of your history?	00:52
crazyhead42	No, I'd have to type them one by one.	00:53
crazyhead42	And they aren't all showing up...	00:53
crazyhead42	WTH?! I've got history missing now!	00:53
sarnold	try this; sudo apt-get install pastebinit ; history \| tail -20 \| pastebinit	00:54
crazyhead42	Won't help, this is not my server. My server is on another computer.	00:54
crazyhead42	Unless pastebinit is meant to protect my history from disapearing unexplanibly?	00:54
sarnold	pastebinit just writes standard input to a pastebin site like paste.ubuntu.com. it saves you from having to copy-and-paste things by hand.	00:55
crazyhead42	Still would have to type it all out.	00:55
sarnold	why?	00:55
crazyhead42	Two different computers.	00:55
crazyhead42	My server is one, which I don't have working to the point where I can even access it from here (I think. I'm not ruling out issues on this end.) and I'm using a pc to manage the irc.	00:56
sarnold	... oh crazy, you don't even have working networking on it??	00:56
sarnold	wait now I'm really confused	00:57
crazyhead42	I can download stuff, but that's it.	00:57
sarnold	you said apt-get works... so how does -that- work but you can't ssh into it?	00:57
crazyhead42	I don't have access to it from my other computer. That's what I've been trying to fix.	00:57
sarnold	crazyhead42: install pastebinit, run the history \| tail -20 \| pastebinit, and then it'll give you an url like: http://paste.ubuntu.com/8528552/ that you'll have to retype. that's not the worst thing in the world...	00:57
sarnold	crazyhead42: and you can't just ssh into it?	00:58
crazyhead42	1. not sure I know what that means.	00:58
crazyhead42	2. I wouldn't rule out that I'm trying to set that up.	00:58
sarnold	why bother with vsftp if you can't even ssh in? seems like worrying about paint scratches on a car when there's no engine installed :) hehe	00:58
crazyhead42	wait? I'm not trying to get an engine? What have I been trying to install? SEATWARMERS?	00:59
sarnold	hehehe	00:59
crazyhead42	OH, and if I do have ssh on it, I might STILL be unable to access it. An engine is no good without being connected to the wheels.	01:00
sarnold	ah, that's a better analogy. you car's got an engine (kernel works, networking stack works), but without wheels (ssh) you can't drive it anywhere :)	01:01
sarnold	so, can you ping your server's IP address from the computer you're using?	01:01
crazyhead42	Actually, the wheels here might be me knowing what I'm doing.	01:01
crazyhead42	No. Not without careful instruction.	01:02
crazyhead42	I don't even know if windows has the ability to ping.	01:03
crazyhead42	I'd ASSUME so, but I've never seen it.	01:03
sarnold	run "ip addr" or "ifconfig" on the servre; look for an ip address that's not 127.0.0.1. on the pc, type "ping ipaddress"	01:03
crazyhead42	I'm not the only one on the network...	01:04
crazyhead42	How do I avoid pinging my mom?	01:04
sarnold	that's fine, ping sends little tiny 56 byte packets by default. and windows ping juts sends four before quitting.	01:04
sarnold	you find the IP address of the server and ping that.	01:04
crazyhead42	That wasn't thourough enough.	01:05
crazyhead42	The National Policy Institute, estimates that the total cost of mass deportation would be between $206 and $230 billion, or an average cost of between $41 and $46 billion annually over a five year period	01:06
crazyhead42	Oops	01:06
sarnold	crazyhead42: okay, here's my ifconfig and ip addr output: http://paste.ubuntu.com/8530141/	01:06
crazyhead42	Microsoft Windows [Version 6.3.9600]	01:07
crazyhead42	(c) 2013 Microsoft Corporation. All rights reserved.	01:07
crazyhead42	C:\Users\####>ifconfig	01:07
crazyhead42	'ifconfig' is not recognized as an internal or external command,	01:07
crazyhead42	operable program or batch file.	01:07
crazyhead42	C:\Users\####>ip addr	01:07
crazyhead42	'ip' is not recognized as an internal or external command,	01:07
crazyhead42	operable program or batch file.	01:07
crazyhead42	C:\Users\####>	01:07
sarnold	run those commands on your server, not your pc	01:07
sarnold	windows has an 'ipconfig' command if you ever want it though...	01:07
crazyhead42	Oh. You want the one from the server.	01:07
crazyhead42	I actually have that stored, assuming it didn't change.	01:08
crazyhead42	192.168.1.255 is one of them	01:08
crazyhead42	oops... I probably shouldn't have posted that	01:08
sarnold	that's probably a broadcast address	01:08
sarnold	if your netmask is 255.255.255.0, that's a broadcast address, it refers to all hosts on your local network.	01:09
crazyhead42	Okay, I'm getting several of them.	01:09
sarnold	twenty years ago you could use that to find all the computers o na network -- ping 192.168.1.255 -- and you'd get back responses from five, ten, twenty, or two hundred machines, all at once. :) but most computers don't reply to broadcast pings any more :(	01:10
crazyhead42	Okay... so now that I have a bunch of IP addresses, what do I do with them?	01:10
sarnold	I'm surprised you have "a bunch" -- how many network cards does that machine have?	01:11
crazyhead42	There should only be one (and there is only one ethernet cord), but I can only tell the loopback apart from the other kinds.	01:11
sarnold	you're probably looking for eth0's ip address	01:12
crazyhead42	Okay, I know I used this comand previously, but I don't remember quite how it went. It was ip addr \| [something] eth	01:14
sarnold	grep	01:14
crazyhead42	ummmmmmmmmmmmmmm	01:15
crazyhead42	lots of stuffes	01:15
sarnold	hmm, and actually none of those are the ip address anyway..	01:15
crazyhead42	but I have to go, I need to make dinner.	01:16
sarnold	try this: ip addr \| grep 192	01:16
crazyhead42	I have an inet and a grd	01:28
crazyhead42	inet ends with a number a slash then another number, the grd ends in 255.	01:28
crazyhead42	Is the inet the one I want?	01:28
sarnold	yeah	01:29
crazyhead42	Okay, got it then. what is it I'm going to do with it?	01:29
sarnold	ping it from the windows machine and see if routing works between the two computers	01:29
crazyhead42	How do I ping with windows? Linux is easy, the command IS ping. No clue when it comes to the pc.	01:30
sarnold	ping	01:30
crazyhead42	do I include the slash and the numbers after it?	01:31
sarnold	no, leave that part off	01:31
crazyhead42	four replys	01:31
sarnold	sweet, success	01:31
sarnold	okay, on the pc run "telnet ipaddress 22" -- that should give you some output like: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2	01:32
sarnold	this will see if openssh-server is installed and running	01:32
crazyhead42	false. Could not connect.	01:33
=== peter is now known as Guest59771
crazyhead42	TTL, what's TTL?	01:33
sarnold	time to live	01:33
crazyhead42	O.O tell me "live" is programer speak for something less disturbing	01:33
sarnold	hehe	01:34
sarnold	to ensure packets don't route around the internet forever, they each have a 'time to live' number embedded within them; every router subtracts one and then passes along the packet to the next hop. if any router ever sees it hit '0' it drops the packet on the floor.	01:34
crazyhead42	Oh. That is... a little disturbing in discription, but an acceptablle concept	01:35
sarnold	dns has a slightly different meaning for "time to live", but it'll make sense when you get there :) hehe	01:35
crazyhead42	Darn it. changing the nmber didn't fix it.	01:35
sarnold	which numbre did you change?	01:36
crazyhead42	the 22. I used the number after the / and also 21	01:36
sarnold	aha :)	01:36
crazyhead42	21 because I think I've seen it somewhere while reading the code.	01:37
crazyhead42	"code"	01:37
sarnold	22 is the listening port on the server; 22 is usual for ssh; 21 is usual for ftp, 23 for telnet, etc...	01:37
crazyhead42	yeah. It's probably the ftp I grabbed it from.	01:37
sarnold	but since you had a connection rejected, you probably don't have openssh-server installed and running; on the server, run 'apt-get install openssh-server'	01:37
crazyhead42	not something I'd doubt. But why wouldn't ubuntu server come with that?	01:39
crazyhead42	(This, by the way, is why people use macs and PCs, this is WAYYYY over my head.	01:39
sarnold	crazyhead42: okay, it's time for me to run, but once you've got openssh-server installed, install this onto your windows machine, and use it to connect to your server's IP address: http://en.wikipedia.org/wiki/PuTTY	01:40
sarnold	crazyhead42: I'msurprised it isn't installed and running to be honest.	01:40
crazyhead42	Maybe it dissapeared when I purged samba. (which I later decided was a BAD idea)	01:40
crazyhead42	Do I need to restart before I can test this?	01:41
sarnold	no	01:41
sarnold	you almost never need to reboot linux machines	01:41
sarnold	I had one that was up and running for over a thousand days between reboots.	01:41
sarnold	okay, off ;) have fun	01:42
crazyhead42	Oh, you have to go. Before you do, can you tell me if I at least seem intellegent on this thing? I don't know if I'm an intellegent beginner or some moron trying to use this wrong.	01:42
sarnold	you understand surprising things, don't know other things. it's not what I'd expect :) I've got good hopes for you.	01:42
crazyhead42	?? I'll ask you about that tomorrow then...	01:43
crazyhead42	Well, openssl-server didn't seem to change what happened on ping... is anyone on that can help me with the next step?	02:48
crazyhead42	Scratch that. I was typing in "ipaddress" instead of the ip address	02:52
lkthomas	hey guys	03:01
crazyhead42	Hi, hope you're not looking for anyone.	03:08
lkthomas	huh	03:10
lkthomas	I am not :P	03:10
crazyhead42	Are you a helper, or someone who needs help?	03:13
lkthomas	I was having issue with locale and I fixed it. thanks for asking	03:13
crazyhead42	If you needed help, I'd just direct you to #ubuntu. I can't help you, I spent quite a while dealling with trying to connect to a server with ip address "ipaddress"	03:16
Sachiru	What just happened?	03:18
lkthomas	huh ?! what happen ?!	03:18
lkthomas	I am wondering how you guys scale up syslog server	03:19
lkthomas	imagine 1000 servers have log almost every second	03:19
lkthomas	it send to one single rsyslog server	03:19
lkthomas	I would imagine it will be super busy	03:19
=== Sachiru is now known as Guest2019
=== Sachiru_ is now known as Sachiru
Sachiru	@lkthomas: That's easy. Don't send log to a single syslog server	03:23
Sachiru	Use something like the ELK stack or Splunk	03:23
lkthomas	how does it help ?!	03:24
Sachiru	Reduce load	03:24
Sachiru	Have three servers as log agents/collectors, and one as coordinator	03:24
Sachiru	Then use something like Kibana or Splunk to do automated analysis	03:24
lkthomas	Splunk isn't free	03:24
lkthomas	any alternative ?	03:24
Sachiru	Like email you when syslog from server 694 reports that apache is down	03:24
Sachiru	ELK stack	03:24
Sachiru	Elasticsearch-Logstash-Kibana	03:25
Sachiru	All free	03:25
lkthomas	let me have a look, thanks	03:25
Sachiru	https://www.youtube.com/watch?v=Kqs7UcCJquM <-- ELK stack in action	03:26
Sachiru	You can even use ELK to create nice-looking NOC Dashboards, like the ones here: http://www.networkassassin.com/elk-for-network-operations/	03:28
lkthomas	looks interesting	03:28
crazyhead42	YAY! I have a server now! <3 Now to spend some time compressing my stuff so it can transfer off my pc.	03:28
lkthomas	Sachiru: seems I need to spend couple weeks to learn how to deploy it	03:29
Sachiru	Integrate ELK + Observium + some form of netflow analyzer + transparent net proxy with orionsniffer and you not only see network stats, but network usage as well	03:31
Sachiru	Anyone tries to browse porn, it instantly shows up on the NOC dashboard as well as where he's getting it and what kind of porn he's looking at. Netflix on work network? Instantly see a breakdown of traffic on a per-protocol/per-application basis and pinpoint which guy is streaming Game of Thrones on his work PC	03:32
Sachiru	I should know, that's what I have here right now.	03:32
crazyhead42	O.O Just one more reason NOT to use the school network	03:36
Sachiru	Granted I have quite a big budget for IT	03:36
Sachiru	Running that level of monitoring is not cheap	03:36
Sachiru	Then again, it's better to spend that much on monitoring than to lose even more due to slow network	03:37
crazyhead42	Are there any ways around this kind of monitoring?	03:37
Sachiru	Sure	03:37
Sachiru	Tor	03:37
Sachiru	Or a VPN	03:37
Sachiru	They'd know that you're using Tor or a VPN, but not know what you're using it for	03:38
Sachiru	Basically all they'd see is how much traffic is tunneled through Tor/VPN, but not what kind of traffic it is	03:38
crazyhead42	what are those?	03:38
Sachiru	Even so, carrier-grade (ISP-grade) network monitoring tools can still sniff into Tor/VPN	03:38
Sachiru	A VPN essentially creates an encrypted tunnel to a server on the outside of the network	03:39
Sachiru	Which acts as an exit point for your network activity	03:39
crazyhead42	so a proxy?	03:39
Sachiru	A bit more and a bit less than a proxy	03:39
Sachiru	More in the sense that it tunnels EVERYTHING (proxies tunnel only HTTP traffic), and a bit less in that it's more detectable than using a proxy	03:40
crazyhead42	Is there any way for someone to grab my login information to, let's say my email, while I'm on their server?	03:41
Sachiru	Tor is VPN on steroids, creates multiple encrypted tunnels to multiple exit points, and selects across them at random, so few can know exactly which tunnel you're using at a given time.	03:41
crazyhead42	*network	03:41
Sachiru	Sure	03:41
Sachiru	But it's not easy	03:41
crazyhead42	Nice to know it's not as easy as I thought.	03:41
Sachiru	Webmail is typically protected by HTTPS, so it takes immense computational power to crack	03:41
Sachiru	If you were at school and I wanted your webmail password, given a choice of buying $5 billion worth of servers to run a massive cracking array or hiring a $500 security guard to beat you up until you told me your password, you can imagine which approach I'd use	03:42
crazyhead42	even if I establish the connection through the network?	03:42
Sachiru	As for Tor: https://www.torproject.org/	03:43
Sachiru	the thing is people who are extremely paranoid about netsec do not understand the idea behind cracking encryption and thus do not see why nobody would bother to crack their passwords via computers	03:44
Sachiru	It takes an immense amount of computing power to crack something like RSA, so typically governments and the like are the only ones capable of it, and even then they use it against targets where the money would be put to good use	03:44
Sachiru	Even the government will not spend billions of dollars just to get your grandma's secret yogurt recipe	03:45
Sachiru	And even so, if they really wanted your access details they'd use cheaper and easier methods, like blackmail or eavesdropping, to get it, instead of all this hypothetical supermachine cracking array	03:45
Sachiru	If someone says that it's not secure, my typical counterargument is this: "Let's say that the government DOES have that capability, my question is are you that important that the government would spend huge sums just to get at you instead of bigger targets like say the current leader of the Taliban?"	03:46
Sachiru	Even on my current network I usually don't use the sniffing capabilities unless management asks me to	03:47
Sachiru	Too many clients to keep an eye on that it's not worth my time to look at all of them	03:48
crazyhead42	I just thought because my computer has to talk to the external server to choose encryption type, the encryption type would be easily avalible.	03:50
crazyhead42	Is there a way to modify the configuration of my server to put deleted items in a trash file instead of perminintly deleting them the first time?	03:56
Sachiru	What's your server?	04:02
Sachiru	I mean, what services is it exposing?	04:02
crazyhead42	It's just a ftp server	04:04
crazyhead42	just got openssl working	04:04
crazyhead42	using filezilla as a go between.	04:04
Sachiru	What's your FTP server?	04:07
Sachiru	What software are you using to act as FTP server?	04:07
crazyhead42	Ubuntu server, openssl-server	04:08
crazyhead42	Or at least I think that's the active portion	04:08
Sachiru	OpenSSL refers only to the SSL layer	04:42
Sachiru	What FTP daemon are you using?	04:42
crazyhead42	Ummm... default?	04:42
crazyhead42	I've done no successful customizations beyond downloads.	04:44
crazyhead42	And I say sucessful because my write privliges don't seem to function, even as su + sudo combined	04:48
Sachiru	wait, you sudo as root?	05:00
=== elliotd123_ is now known as elliotd123
=== kickinz1\|afk is now known as kickinz1
Doc-Saintly	How do I install offline?	07:00
Doc-Saintly	bleh. just strung a network cable across the floor. oh well	07:19
Doc-Saintly	thanks anyway	07:19
=== kickinz1 is now known as kickinz1\|afk
=== Lcawte\|Away is now known as Lcawte
=== kickinz1\|afk is now known as kickinz1
=== kickinz1 is now known as kickinz1\|afk
=== markthomas\|away is now known as markthomas
=== kickinz1\|afk is now known as kickinz1
=== nath\|off is now known as nathema
lordievader	Good morning.	08:23
=== Lcawte is now known as Lcawte\|Away
Repox	Hi! I'm trying to understand the basics of UFW, and I'm hacing a little issue connecting from the outside. I've currently set UFW up so that all internal network has the access needed to reach eachother ( http://pastie.org/private/i07wxhnois18azddrjldg ) - and it seems like that works exactly as it should. But when trying to access with my-own-ip, I'm rejected for any other port than port 22.	09:03
abhishek	how can I extend /opt partition	09:20
abhishek	I have storage via nfs	09:20
=== Lcawte\|Away is now known as Lcawte
lordievader	abhishek: Stop the nfs service, repartition your drive, start nfs service.	09:25
vedic_	Hi, I have purchased access to a dedicated server where the OS was installed by the company which do this business. I see there are several users listed which I think are not required on the server. for example: games, irc, whoopsie, landscape etc.	09:32
vedic_	Is the ok to remove those users?	09:32
vedic_	I also see they have enabled root login and created a directory in /home as: admintech. This admintech is not a user as "passwd admintech" doesn't allow to create password	09:33
vedic_	before disabling root, I want to disable all users which are not required. I will be ruuning a web server on this. Once that is done, create a user give password to it and then disable root so that I am not locked out. I hope this is correct process	09:34
=== nathema is now known as nath\|off
=== nath\|off is now known as nathema
lordievader	vedic_: Likely your hoster has someway of accessing and maintaining the server. It might be that some of the things you've listed are part of that.	09:46
vedic_	lordievader: It is not meant to be managed. I need to ensure that I give max security to server. The user admintech is actually the user. I have typo so it was not taking password. I have set password for that. The reason that comes to my mind on enabling root is that they	09:48
vedic_	are not used to Ubuntu. They have ready systems for CentOS, RedHat but not Ubuntu. That may be the reason to enable root	09:48
vedic_	But is there any use for these users: games, irc etc?	09:49
vedic_	I am not going to run any of these on that server	09:49
lordievader	games and irc seem to be default users, perhaps from the legacy from the early days.	09:50
lordievader	Their shell is set to /usr/sbin/nologin	09:51
lordievader	So you cannot login as those users.	09:51
vedic_	hmm... that makes sense.	09:52
vedic_	Is there any way to check if the server was installed as minimal install option or not?	09:56
lordievader	vedic_: You mean with the mini iso?	09:57
vedic_	lordievader: nope. I mean during installation of ubuntun server, It gives modes in which to install. One of them is Minimal Install where the installer will install only the bare minimal packages	09:58
lordievader	vedic_: I suppose you can look at the package list to see fi there are optional packages installed.	10:01
=== kickinz1 is now known as kickinz1\|afk
vedic_	If there is .local file along with .conf file for services like fail2ban, will .local take precedence?	11:13
=== markthomas is now known as markthomas\|away
=== Lcawte is now known as Lcawte\|Away
=== nathema is now known as nath\|off
jamespage	zul, https://bugs.launchpad.net/horizon/+bug/1379761 fyi	11:50
uvirtbot	Launchpad bug 1379761 in horizon "Asset compression does not happen unless debug mode is enabled" [Undecided,New]	11:50
zul	jamespage: lovely	12:07
zul	jamespage: did you see nova rc2?	12:16
=== nath\|off is now known as nathema
=== markthomas\|away is now known as markthomas
coreycb	zul, jamespage: I'll kick off the nova and neutron rc2's if you haven't already	12:40
zul	ack	12:40
jamespage	coreycb, awesome	12:42
jamespage	coreycb, zul: ooo - just found a cracking neutron bug	12:48
coreycb	jamespage, oh?	12:49
jamespage	coreycb, ovs agent explodes trying to management iptables	12:50
zul	jamespage: that doesnt sound too cracking	12:50
jamespage	zul, https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1379779	12:51
uvirtbot	Launchpad bug 1379779 in neutron "neutron-openvswitch-agent fails to apply iptables rules" [Undecided,New]	12:51
zul	jamespage: you should really stop breaking things ;)	12:52
jamespage	zul, this is called testing	12:52
jremydeaton	question... if i run sudo tasksel, then select mail server, add my mail domain info in the "wizard", Should that work out of the box for sending and recieving?	12:53
jremydeaton	running a dev server so minimal config is ok	12:55
jamespage	zul, coreycb: hold fire on the neutron rc2, that needs some packaging fixes	13:06
coreycb	jamespage, ok	13:07
jamespage	coreycb, zul: new for rc1 - https://github.com/openstack/neutron/commit/2562a9271c828e982a74593e8fd07be13b0cfc4a	13:08
jamespage	hmm its optional but it certainly would help with iptables management	13:08
zul	jamespage: ipset is in universe	13:09
jamespage	zul, erm yes	13:09
jamespage	craps	13:09
jamespage	zul, it would just be that new dependency	13:13
zul	jamespage: want me to do the mir?	13:13
jamespage	zul, yes please; I'll handle the neutron bits	13:13
jamespage	coreycb, i got neutron rc2	13:14
jamespage	:-(	13:14
coreycb	jamespage, ok	13:14
jamespage	zul, will that land in jdstrands lap?	13:17
zul	jamespage: i dont think so its pretty small https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1379789	13:17
uvirtbot	Launchpad bug 1379789 in ipset "[MIR] ipset" [High,New]	13:17
zul	its an iptables add-on	13:18
jamespage	gaughen, ^^ you should be aware of this discovery	13:25
jamespage	zul, some of your detail is wrong - its not python	13:28
zul	fixed	13:29
coreycb	zul, can you review? https://code.launchpad.net/~corey.bryant/nova/2014.2-rc2/+merge/237976	13:38
zul	coreycb: uploading	13:39
coreycb	zul, thx	13:39
jamespage	zul, oo - its has DEP-8 tests!	13:44
DammitJim	I just updated my DNS servers in my /etc/network/interfaces file	13:45
DammitJim	how do I kick the server for the changes to take effect?	13:45
DammitJim	/etc/init.d/networking restart doesn't do it	13:45
jamespage	DammitJim, you need to down/up the interface	13:45
DammitJim	oh, so one can't do that over ssh?	13:46
jamespage	using ifdown/ifup	13:46
jamespage	DammitJim, hmm - well you probably can still	13:46
=== nathema is now known as nath\|off
DammitJim	how?	13:47
jamespage	zul, coreycb: neutron uploaded with the new ipset stuff enabled	14:15
jamespage	it will build fine but pulls a new runtime dep	14:15
coreycb	jamespage, ok	14:16
=== esde is now known as Guest68239
=== Lcawte\|Away is now known as Lcawte
ayr-ton	Under ubuntu 13.10 I tried a sudo do-release-upgrade --mode=server -d, but it says that theres no updates. I removed a bunch of files, but without success. Someone does know how to fix it?	14:37
genii	ayr-ton: Saucy is now End-Of-Life and it's repositories were archived to old-releases.ubuntu.com	14:43
rbasak	smoser: for bug 1068756, is it even right that files are being placed that affect the system during the image build process, rather than in packaging?	14:55
uvirtbot	Launchpad bug 1068756 in procps "IPv6 Privacy Extensions enabled on Ubuntu Server by default" [Undecided,Confirmed] https://launchpad.net/bugs/1068756	14:55
smoser	rbasak, how would you propose to fix that ?	14:59
smoser	we want "server specific config"	14:59
rbasak	smoser: I don't know. But I think it's wrong to do it by effectively hacking the built image.	15:00
rbasak	Maybe a question for ubuntu-devel.	15:00
rbasak	smoser: what if cloud-init had a setting to enable or disable privacy extensions, and you decided the default?	15:01
smoser	rbasak, we've done other "cloud specific config" before in image build process	15:16
smoser	we definitely do want to limit it (and do).	15:16
smoser	and in that bug, one of the things i said was "figure out the right way to do this".	15:16
rbasak	smoser: I'm fine with a hack in the meantime. Better modify the build process than have this bug languishing. But we should keep something open to fix it properly.	15:18
rbasak	smoser: what do you think of cloud-init doing it?	15:18
smoser	well, we want "server" fixed too	15:19
smoser	generally the setting is silly	15:19
smoser	so cloud-init doing it is a fix for a subset of thigns.	15:19
rbasak	Agreed.	15:19
coreycb	zul, can you review please? https://code.launchpad.net/~corey.bryant/keystone/2014.1.3-2/+merge/238002	15:25
=== Lcawte is now known as Lcawte\|Away
=== markthomas is now known as markthomas\|away
zul	coreycb: yep right after lunch	16:02
=== nath\|off is now known as nathema
=== nathema is now known as nath\|off
vedic_	Has any used sendEmail (its sendEmail not sendmail). I am facing issue in sending email via smtp gmail on port 587	16:31
vedic_	Need guidance if you have used it	16:32
genii	vedic_: What does the bounce messaage say?	16:34
vedic_	sendEmail[1530]: ERROR => ERROR => SMTP-AUTH: Authentication to smtp.gmail.com:587 failed.	16:35
vedic_	genii:	16:35
genii	vedic_: Are you using it with -xu username -xp password ?	16:35
vedic_	genii: yea	16:35
vedic_	Same way as provided here (see first question in faq): http://caspian.dotconf.net/menu/Software/SendEmail/	16:36
genii	Hm	16:36
genii	vedic_: Could you give the exact type of way you are trying please? ( Just put sample stuff for the content/user/pass though of course)	16:41
vedic_	genii: sendEmail -f myemail@gmail.com -t youremail@gmail.com -s smtp.gmail.com:587 -xu myemail@incights.com -xp MyPass#% -u "Hello from sendEmail" -o tls=yes -m "How are you? I'm testing sendEmail from the command line."	16:45
genii	I was thinking maybe tls was not specified but I see you do have it there	16:47
genii	vedic_: Have you tried putting the pass inside single quotes?	16:49
genii	( there might be something in it which is being parsed	16:49
vedic_	genii: wow. It worked	16:49
vedic_	:) big thanks	16:50
genii	vedic_: You're welcome :)	16:50
zul	coreycb: buit fine?	16:51
coreycb	zul, yes	16:52
zul	coreycb: done	16:55
coreycb	zul, thanks	16:55
=== markthomas\|away is now known as markthomas
=== a1berto_ is now known as a1berto
zartoosh	HI I am using ubuntu 14.04. how do I find out what HZ is set in my system? thanks	17:43
lordievader	zartoosh: HZ? Do you mean the clock frequency of your CPU?	17:44
rbasak	zartoosh: the command "grep ^CONFIG_HZ /boot/config-`uname -r`" will tell you. Looks like 250.	17:59
lordievader	Ah that HZ...	17:59
zartoosh	rbasak, lordievader thanks got it	18:17
vedic_	How to know if mta in installed?	18:20
=== danwest_ is now known as danwest
vedic_	Is it possible to have minimal install of Ubuntu server on the cloud? Minimal install doesn't provide ssh. If no ssh then how to access server on the cloud? I want to give instructions to my cloud provider to install bare minimal packages. Currently it has got yum, rpm, sendmail and a whole lot other packages	18:37
RoyK	sendmail?!?	18:38
RoyK	IIRC exim is the default, I prefer postfix	18:39
vedic_	RoyK: yea, I am surprised how they have installed. I now need to give them instructions to make minimal install. But would that be possible on Ctrls?	18:41
vedic_	typo: ... But would that be possible on cloud?	18:41
RoyK	well, a cloud is just a bunch of VMs - everything's possible	18:42
vedic_	RoyK: hmm	18:43
vedic_	RoyK: are there any instructions on how to make minimal server install?	18:45
vedic_	I will send that link to them	18:45
sarnold	vedic_: look into these http://cloud-images.ubuntu.com/releases/14.04/release-20140927/	18:46
vedic_	sarnold: I am not yet on AWS.	18:48
sarnold	vedic_: scroll down.	18:48
=== nath\|off is now known as nathema
=== bilde2910 is now known as bilde2910\|away
vedic_	sarnold: I think if I install ubuntu-minimal and then remove all other packages except ubuntu-minimal that should do the trick.	19:03
vedic_	What do you thing?	19:03
vedic_	think	19:03
sarnold	vedic_: seems complicated compared to just starting with a tiny starting point..	19:04
vedic_	sarnold: I already have access to VM and I will ask them to terminate this and create another one which will take at least 24 to 48 hours	19:05
sarnold	vedic_: wow, I'm accustomed to a minute or two...	19:05
sarnold	vedic_: if turn-around time really is so horrible perhaps it is worth doing some goofing around with package management yourself :)	19:05
vedic_	sarnold: because it is you doing it. In my case, I can't install OS. They do it for each VM and they have process to follow	19:06
vedic_	hmm...	19:06
crazyhead42	sarnold, which putty should I be downloading? even if I only look at the ones for windows that have "putty" in them, there are quite a few.	19:07
sarnold	crazyhead42: I think the "A windows installer for everything except puttytel" -- you might not need the others right away but it'd be nice to have them installed and available	19:09
crazyhead42	so I wn't need puttytel for anything?	19:10
sarnold	probably not	19:10
qman__	puttytel is a standalone telnet client, unlikely you'll need it	19:11
crazyhead42	oh, tel as in telnet.	19:12
crazyhead42	Oh, and sarnold, I figured out why I couldn't connect to my server yesterday.	19:13
crazyhead42	my ip address wasn't "ipaddress"	19:13
sarnold	lol	19:13
sarnold	yeah :)	19:13
crazyhead42	I'm still curious though, what is it that surprised you?	19:14
sarnold	well, this :) hehe -- you knew how to install an ubuntu machine, got packages downloaded and installed, but didn't know "ipaddress" meant "put in the ip address that we had talked about" :)	19:17
crazyhead42	That I figured out after actually LOOKING at the code.	19:18
crazyhead42	Does PUtty support drag and drop file transfers?	19:21
bekks	No.	19:24
bekks	crazyhead42: For drag and drop file transfers, just use filezilla.	19:24
crazyhead42	drat. Is there a way to transfer a whole directory/folder?	19:25
crazyhead42	And that didn't seem to work..	19:25
crazyhead42	oh, there it goes.	19:27
crazyhead42	What should I do about the fact I can't edit config files?	19:41
guntbert	crazyhead42: where?	19:43
crazyhead42	On my server, I tried to edit vsftpd.conf (using sudo nano, of course) and I didn't get write permissions	19:43
crazyhead42	Oh boy. What's the command for "this message begins with a /"?	19:44
qman__	What?	19:45
crazyhead42	I was going to type in the exact location of the file, but the system thinks I'm giving it a command.	19:45
qman__	Please pastebin your exact session, that doesn't make any sense	19:46
genii	Is / mounted read-only or something?	19:46
crazyhead42	I can't "pastebin	19:47
crazyhead42	my other computer is a server, not a desktop.	19:47
genii	!pastebinit	19:47
ubottu	pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the « pastebinit » package from a package manager - Simple usage: command \| pastebinit -b http://paste.ubuntu.com	19:47
qman__	You have putty, are you not using it?	19:47
qman__	Highlight the text in putty to put it on the clipboard	19:48
crazyhead42	Okay, we're on seperate waveleighnths here. 1. my commands are being entered into the server itself, partially because I don't get kicked off every time I type something in wrong. 2. I am not not sure I know what pastebin is, because I was thinking it was like a clipboard for pc.	19:50
ikonia	you should not get kicked off if you type in a command wrong	19:51
qman__	Right, it would give you the error and return to the prompt	19:51
crazyhead42	I was using telnet. I JUST got putty, but I thought it was like filezilla	19:51
ikonia	I doubt you are using telnet	19:52
ikonia	telnet is not enabled by default	19:52
crazyhead42	I was accessing it on my pc manually.	19:53
crazyhead42	okay, so this is interesting. When I logged in, it said "failed to add entry for user lexi"	19:53
crazyhead42	GAH! Again with the identity!!!	19:54
ikonia	crazyhead42: I think you need to address what you are doing	19:54
ikonia	crazyhead42: 1.) telnet is not enabled - so I don't know what you where really doing	19:55
ikonia	2.) I think you need to try to describe your issue clearly with the correct information	19:55
RoyK	what does raspbian do so well with resizing the root that my ubuntu thing on this bpi cannot do?	19:56
qman__	resize2fs?	19:57
RoyK	partition, not filesystem	19:57
qman__	I've always done that manually with fdisk, if not gparted for more complex changes	19:58
=== nathema is now known as nath\|off
crazyhead42	Oh, that's not good...	19:58
crazyhead42	http://paste.ubuntu.com/8535205/ is my input	19:59
crazyhead42	Oh, oops, forgot a d	19:59
RoyK	qman__: so just changing the size with fdisk won't break anything?	19:59
ikonia	crazyhead42: why is that bad ?	19:59
qman__	crazyhead42: in that paste, you aren't using sudo, which you need to do to edit system files	19:59
crazyhead42	I was getting a new file instead of a file with "(Warning: no write permission)"	19:59
crazyhead42	Well I was getting the same warning with sudo!	20:00
ikonia	crazyhead42: that paste has nothing to do with a file	20:00
qman__	RoyK: as long as the starting point of the partitions stay the same, its ok	20:00
ikonia	crazyhead42: that's just a login	20:00
qman__	RoyK: then do partprobe, then resize2fs	20:00
ikonia	crazyhead42: explain your problem	20:00
crazyhead42	Yes, but I found the failure to add entry possibly relevant	20:00
ikonia	crazyhead42: you're just saying "that's not good" and it's not making any sense	20:00
ikonia	crazyhead42: you don't know what you are doing/saying	20:00
ikonia	crazyhead42: you're saying "something's not good" when you don't know what it is or what it relates to	20:01
ikonia	crazyhead42: just focus on your problem, what is the problem ?	20:01
RoyK	qman__: how do I change the end sector in fdisk? can't find it	20:01
crazyhead42	If I KNEW WHAT I WAS DOING, then I wouldn't be here. My problem is I tried to modify this file, using sudo, multiple times yesterday, but it wouldn't let me.	20:01
qman__	RoyK: have to delete and re-add	20:01
RoyK	qman__: sounds dangerous	20:01
ikonia	crazyhead42: "wouldn't let me" means nothing	20:01
ikonia	crazyhead42: 1.) what is the exact command you are running 2.) what is the error/problem you get	20:02
crazyhead42	Give me a moment to recreate it	20:02
qman__	RoyK: can be, backups are advisable, but as long as you get the starting sector right it works	20:02
RoyK	well, it's just a tiny banana pi - seems like it's booting correctly	20:03
qman__	RoyK: it gets complex if there are other partitons after the one you want to expand	20:03
RoyK	none there	20:03
genii	ikonia: I notice it says a rebbot is required on their paste.	20:03
genii	*reboot	20:03
ikonia	genii: who's/where ?	20:03
genii	ikonia: On crazyhead42's paste, line 19	20:04
RoyK	qman__: ta-taa! :D	20:04
RoyK	qman__: I owe you a beer	20:04
ikonia	genii: just because it's had updates applied and not rebooted yet	20:04
genii	ikonia: Does it remount ro until then?	20:05
ikonia	no	20:05
ikonia	(unless there is a problem)	20:05
qman__	RoyK: cool	20:06
crazyhead42	Huh, no argument this time. Why would it reject me on the server itself, but accept it when I'm doing it by remote? I should fix that...	20:06
ikonia	fix what ?	20:06
ikonia	there is no problem	20:06
ikonia	it sounds like a simple user error	20:06
=== JanC_ is now known as JanC
RoyK	qman__: toys like a banana pi are nice :)	20:07
vedic_	genni: Any idea why fail2ban is failing to start when action = action_mwl and mta is set to sendEmail ?	20:07
crazyhead42	It allowed me to access it's configuration by remote. That's a security risk.	20:07
vedic_	genii:^	20:07
ikonia	crazyhead42: what ????	20:07
ikonia	crazyhead42: what was the command you did that is a security risk	20:07
* RoyK just needs to print out a chassis for that		20:07
vedic_	genii: In sendmail-whois-line.conf I have set the sendEmail configuration	20:08
guntbert	crazyhead42: you should really slow down, tell us the command you are using and the error message you got -	20:08
vedic_	sendEmail works from the cmd line	20:08
vedic_	genii: sendEmail works from the command line	20:08
qman__	Heh, I have a couple first rev raspi, and I got a robo3d but I haven't gotten it going yet	20:08
crazyhead42	Well it didn't give me one this time. for some reason it worked by remote. And the error I was getting on the machine was just "permission denied".	20:08
qman__	The laptop I tried to use the first time was too slow to keep up with it	20:08
ikonia	crazyhead42: what is the security issue you have ?	20:09
ikonia	eg what command do you think is a security issue	20:09
genii	vedic_: Apologies, work required me	20:10
crazyhead42	Not the command, but the access. I shouldn't have admin controls on my laptop.	20:10
ikonia	crazyhead42: why not ?	20:10
crazyhead42	I'll have to see if I can lock it.	20:10
ikonia	lock it ???	20:10
ikonia	what are you talking about	20:10
ikonia	explain the problem	20:10
=== huats is now known as Guest27566
genii	vedic_: As to your question regarding fail2ban, no idea	20:11
qman__	crazyhead42: working as designed, ssh is made for remote administration	20:11
qman__	crazyhead42: its as secure as your account	20:11
vedic_	genii: ok	20:11
vedic_	Can you suggest why fail2ban is failing to restart if I set action = action_mwl? The mta is set to sendEmail . I have configured sendEmail in sendmail-whois-lines.conf . The sendEmail lines in conf file works well when I try on cmd line	20:13
genii	vedic_: I'm not sure that sendemail is your actual MTA, it's probably underneath using something else like sendmail or exim, etc	20:14
genii	But just a guess	20:14
ikonia	sendmail isn't the default ubuntu mta	20:14
vedic_	genii: I have installed sendmail and postfix	20:15
vedic_	genii: I have UNinstalled	20:15
ikonia	you can't have both	20:15
vedic_	:)	20:15
vedic_	I mean I have uninstalled. "Install" was typo	20:16
ikonia	so what mta have you installed then	20:16
phillw	hi folks, https://bugzilla.redhat.com/show_bug.cgi?id=1151205 has two people reporting the bug as squashed as of todays updates.	20:16
uvirtbot	phillw: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found	20:16
vedic_	ikonia, genii: How do I check if I have mta	20:16
vedic_	I want to avoid sendmail as its not light weight	20:16
vedic_	I just need to sending. No receiving needed	20:16
ikonia	phillw: what does a redhat bug hav eto do with ubuntu ?	20:16
gQuigs	hi there.. in the 14.04 release notes here (https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes) The "upgrade notes" under Apache 2.4 is a 404 link.. to the debian changelog.. is there a better place for it to be linked too	20:16
gQuigs	?	20:16
phillw	ikonia: because it borked KVM in ubuntu :)	20:17
ikonia	phillw: it uses different versions to redhat	20:17
ikonia	so I don't understand why you are quoting the redhat bug, rather than the ubuntu one against the ubuntu version	20:17
ikonia	why are you logging bugs to redhat for ubuntu packages ?	20:18
phillw	ikonia: do pay attention... ikonia oh, it does? funny that within 24 hours of raising a critical bug it has filtered through debian and ubuntu repos. I've had this once before with a kernel bug.	20:18
ikonia	what are you on about ???	20:19
ikonia	why are you logging ubuntu bugs to redhat ?	20:19
phillw	ikonia: virt-manager is a red-hat maintained bug :)	20:19
ikonia	Redhat does not make/maintain the ubuntu packages	20:19
ikonia	phillw: no it's not	20:19
ikonia	redhat maintain the upstream package	20:19
ikonia	not the ubuntu packages	20:19
ikonia	so you should be logging the bug to ubuntu	20:19
phillw	ikonia: indeed, and upstream uses red hat bugzilla	20:20
ikonia	and it's for 14.10 ???	20:20
ikonia	what the devil are you doing ???	20:20
ikonia	yes, but you don't log it to upstream	20:20
ikonia	you log it ot ubuntu - not upstream	20:20
vedic_	genii, ikonia: how about installing nullmailer . Looks like its the lightweight	20:20
vedic_	It should provide mta	20:20
ikonia	vedic_: never used it, no idea about it	20:20
vedic_	ok	20:21
genii	Here either, I just use Postfix	20:21
phillw	ikonia: you will just sit on it and register it up stream... It was registered upstream and solved within 24 hours. I fail to see what your issue is with me breaking a bit of good news and going into attack mode?	20:22
ikonia	what ?????	20:22
ikonia	you have no idea what th eproblem was, what the fix was or where it came from	20:22
ikonia	you're not breakign good news	20:22
phillw	ikonia: I do, it is a GTK issue.	20:22
ikonia	phillw: there is nothing in that bug to say it's a gtk issue	20:23
ikonia	phillw: report the bugs to ubuntu	20:23
ikonia	especially for the dev release	20:23
ikonia	not to upsteam,	20:23
phillw	ikonia: and, at the end of the day.... virt-manager now works in 14.10 - That is what I popped on here to say... nothing more.	20:23
ikonia	who cares ?	20:23
ikonia	this is not 14.10 support	20:23
ikonia	that bug has nothing to do with this channel	20:24
phillw	ikonia: so, no one here tests server 14.10?	20:24
ikonia	and you're just not helping by bypassing the ubuntu QA process to go straight to upstream with an ubuntu issue on a development platform	20:24
phillw	I'll leave you with that thought.	20:24
=== Lcawte\|Away is now known as Lcawte
phillw	ikonia: (21:24:37) ikonia: and you're just not helping by bypassing the ubuntu QA process to go straight to upstream with an ubuntu issue on a development platform .. erm, I was.. the fix is out. As the dev team and testers use KVM expediting the bug was correct. As a qualified Red Hat person, I am fully allowed to use their system to report bugs that affect both rpm and deb systems. We are all Linux.	20:39
rberg	Hi all, Can I use the newish xfs crc32 option with Precise and the Trusty HWE kernel? I hear it requires a updated mkfs.xfs.	20:49
ikonia	phillw: what the hell are you on about "as a fully qualified redhat person" ??	21:13
ikonia	bugzilla is open to all	21:13
ikonia	you need no qualifications to access it	21:13
ikonia	but apply common sense, if the problem is with a re-release ubuntu package, follow the QA process to fix the package and then to upstream , not direct to upsteam where it may /may not be relevant	21:14
phillw	ikonia: the application itself told me to report it upstream, it is a red hat project that gets ported over to debian. As you lack common sense, do not reply when I use the correct way as per the application, to report a bug and have it fixed.	21:33
phillw	ikonia: Oh, and for your information I wrote a lot of the pages on QA wiki and held sessions with people.	21:34
phillw	ikonia: https://wiki.ubuntu.com/Testing/Activities/Classroom/Saucy/ you should read them, you will learn things	21:36
ikonia	phillw: you are lost	21:42
keithzg	Pshhh, who really gets lost these days? Ubiquitous GPS integration has pretty much eliminated that :P	21:44
phillw	ikonia: nah, I know where I go to report issues, it is you who is lost thinking that ubuntu / debian fix bugs on virt-manager :)	21:45
ikonia	where did I say that	21:46
genii	Wow, this is still going on?	21:46
ikonia	you should report it against the debian / ubuntu package and allow their maintainers to work with upstream / pull down a fix	21:46
phillw	ikonia: no, you report the bug to where the application says to report it to.	21:47
ikonia	no you don't	21:47
ikonia	as that's just a text file	21:47
ikonia	or a line in the application	21:47
ikonia	the fact that it's being packages/patched/not patched against different components/kernels/libraries by different distros makes going direct to upsteam unwise	21:48
phillw	ikonia: well, I did and it is fixed within 24 hours... so, you do it your way and I'll follow the application bug reporting system https://bugzilla.redhat.com/show_bug.cgi?id=1151205 But, as you still go on and on... I only came on here to say it was bug fixed	21:49
uvirtbot	phillw: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found	21:49
ikonia	phillw: that just doesn't seem plausable	21:49
sarnold	ikonia: .. and yet it worked.	21:50
ikonia	phillw: as that would mean the upstream package would have to have been fixed, then the debian package sync it, build it and test it, then the ubuntu team build it test it all in 24 hours	21:50
ikonia	sarnold: possibly because it wsn't that bug	21:50
ikonia	or it was patched or not	21:50
ikonia	who knows as there was no ubuntu bug for it	21:50
ikonia	which is the point	21:50
phillw	ikonia: nor does me plucking a fix for kernel from red hat and having it dropped into ubuntu kernel for a previous KVM issue... I'm a heavy KVM user :)	21:50
ikonia	phillw: I don't know what a prevsious bug has anythig o do with it	21:51
phillw	ikonia: it has to do with the fact I will chase a kvm bug down.	21:51
sarnold	phillw: do you happen to use any qcow2 images? seen this? :) https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1292234	21:51
ikonia	chase it down ???	21:51
uvirtbot	Launchpad bug 1292234 in qemu "qcow2 image corruption in trusty (qemu 1.7 and 2.0 candidate)" [High,Confirmed]	21:51
ikonia	you've not even logged an ubuntu bug for it	21:51
ikonia	and you did nothing in that bug but cut and paste an error message	21:52
ikonia	that's hardly chasing it down	21:52
phillw	ikonia: it was marked as won't fix :)	21:52
ikonia	(although I appreiciate you logging a bug in general)	21:52
ikonia	phillw: where was it marked as won't fix ?	21:52
phillw	ikonia: that was not logged by me	21:53
ikonia	what wasn't ??	21:53
ikonia	you've just posted a bug you logged	21:53
ikonia	now you're saying it was not logged by you ?	21:53
sarnold	ikonia: err, re-read. I posted a bug, I'm hoping phillw has seen it too :)	21:53
ikonia	apologies, I don't understand	21:53
ikonia	sarnold: ahhh you're bug	21:53
phillw	ikonia: no, the bugzilla bug	21:53
ikonia	phillw: you didn't log the bugzilla bug ?	21:53
ikonia	sarnold: "your" bug sorry	21:53
phillw	ikonia: https://bugzilla.redhat.com/show_bug.cgi?id=1151205	21:54
uvirtbot	phillw: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found	21:54
phillw	which has gone fix released	21:54
ikonia	phillw: you logged that didn't you ?	21:54
sarnold	dear uvirtbot -- when an url failed once, don't try again two minutes later. sigh.	21:54
keithzg	Can uvirtbot not handle https?	21:55
keithzg	(or maybe it's the http->https redirect that's screwing it up?)	21:56
phillw	ikonia: try https://bugzilla.redhat.com/show_bug.cgi?id=1151205	21:56
uvirtbot	phillw: Error: Could not parse XML returned by bugzilla.redhat.com: HTTP Error 404: Not Found	21:56
ikonia	phillw: you've posted that url 3 times	21:57
phillw	it may be just my cache	21:57
ikonia	phillw: I have that url	21:57
ikonia	it's still a "new" bug	21:57
ikonia	it's not closed / marked as fixed	21:57
phillw	read the notes :)	21:57
ikonia	I do'nt undestand why you keep posting it	21:57
ikonia	phillw: yeah the notes say nothing	21:57
ikonia	apart from you saying it magically started working	21:57
ikonia	and the bug still being open	21:57
ikonia	apologies, I'm not getting the relevence	21:58
phillw	ikonia: https://launchpad.net/ubuntu/+source/libvirt/1.2.8-0ubuntu11	21:58
ikonia	we've probably monopolised this channel longer than we should have done as this channel isn't anything to do with bug reporting or 14.10	21:58
ikonia	so apologies for that	21:58
sarnold	oh, hehe, our very own debfx wrote the patch :)	21:59
phillw	sarnold: that is how it goes :)	22:00
phillw	ikonia: do accept the invite	22:00
phillw	sarnold: we are linux, and patch / fix things... I just find bugs :D	22:01
ikonia	phillw: invite to what ?	22:02
phillw	ikonia: there...	22:02
ikonia	?	22:02
phillw	ikonia: try /j #phillw	22:03
qhartman	I'm running bind9 for internal DNS and it's working swimmingly, but all my apple clients are causing a ridiculous amount of log spam (and needless queries to upstream servers) with all their bonjour discovery monkeybusiness. Anyone have a good pointer to a config that will handle these more gracefully?	22:03
ikonia	phillw: no chance	22:03
maxb	qhartman: Not that I know anything about bonjour, but wouldn't you just need to set up some zone definition locally that the queries will fall into?	22:07
genii	qhartman: This looks somewhat relevant http://support.apple.com/kb/ht3789	22:08
qhartman	maxb, yeah, that's probably the solution, but the queries they are making are pretty non-sensical, it would take forever to pick them all apart. I'm hoping someone might have already compiled a bind config skeleton that could be a starting point	22:09
maxb	Nonsensical?	22:10
qhartman	genii, thanks for the pointer, but that would be the client-side stuff. I don't care if clients advertise, I just want my DNS server to correctly handle the queries it gets.	22:10
* maxb just read http://www.dns-sd.org/serversetup.html out of curiosity - I don't see anything particularly bizarre there		22:11
genii	qhartman: Ah, got it.	22:11
qhartman	maxb, I don't want to setup the clients to actually register services with my server, I'd have to touch hundreds of clients, most of which I don't own.	22:12
maxb	I understood that bit, but I don't understand what queries the clients would be making that would actually pose an annoyance	22:13
qhartman	maxb, here's an example: http://pastebin.com/8cq2SZ28	22:15
qhartman	Getting hundreds of those a minute logged. I'm having a hard time figuring out exactly what it's asking for. It seems like it's asking an upstream server for something liek a reverse DNS request	22:17
qhartman	I have reverse DNS for that block setup correctly and working for "normal" rDNS	22:17
maxb	Uhm, is that a direct copy/paste? Has it really managed to swap the order of the some of the bytes in the name?	22:17
qhartman	that is a direct copy/paste	22:17
maxb	0.8.10.10 vs. 8.10.10.0 !	22:18
maxb	wow	22:18
maxb	I cannot conceive of any sane way one octet of an IP could be moved to the other end of the IP address	22:18
qhartman	yeah, me either	22:18
qhartman	the longer you look at the logs, the less sense it all makes	22:18
qhartman	I'm no bind/DNS expert, but I feel like I understand it pretty well, and this is just driving me nuts.	22:21
maxb	199.7.83.42 is l.root-servers.net. It doesn't even make sense that any of the _dns-sd stuff would even be being sent/received there	22:21
qhartman	So far the most useful advice I've found is "yeah, that's annoying" and "Adjust your syslog config to blackhole those messages".	22:21
qhartman	right, and it shouldn't be, my server should be handling these requests, but since the requests seem so weird I'm having trouble piecing together somethign that would grab them	22:22
qhartman	even just something that would grab these and then send the client an error would be enough for me	22:23
qhartman	The errors are annoying themselves, but I'm more concerned about sending all the BS requests upstream. That's not very polite.	22:23
maxb	I'm a bit surprised they're going upstream at all. I thought modern bind knew to automatically blackhole in-addr.arpa queries for RFC1918 ranges	22:24
maxb	But even if that isn't the case, it seems like you could easily stop it by having a local zone for 10.in-addr.arpa	22:25
qhartman	hm, maybe it's not because I have setup reverse zones for those ranges?	22:25
maxb	I'm having difficulty understanding how "question section mismatch" could ever occur. At this point, I'd probably go to tcpdump/wireshark to verify for myself that the bytes on the wire really are what that seems to imply	22:27
qhartman	hm, it looks like somebody removed the inclusion of the zones.rfc1918 config that blackholes those requests	22:28
qhartman	but they should still be getting grabbed by my real reverse zones....	22:28
qhartman	(Yes, I inherited this system)	22:28
maxb	Is it at all possible that there's some sort of insane network device rewriting your DNS queries between you and the root servers?	22:30
maxb	"question section mismatch" seems like it means "something insane is breaking the protocol"	22:30
qhartman	I suppose it's possible, but if there is, it's something outside my control	22:31
maxb	I suppose it won't matter once you stop sending anything ending 10.in-addr.arpa upstream anyway	22:32
qhartman	aha, I might have it	22:32
qhartman	it looks like the reverse config for the 10.10.8 part of our network is busted	22:33
qhartman	none of the hosts in that block are reversing correctly	22:33
qhartman	alright, time to stare and compare	22:33
qhartman	wheee	22:33
qhartman	wheee... somebody created a zonefile for 8.10.10.10 but never enabled it in the config	22:37
qhartman	well that eliminated a ton of the bad traffic	22:37
qhartman	whee	22:37
qhartman	thanks for talking it through maxb, I don't think I would have thought to check that	22:38
qhartman	(at least not for a long long time	22:38
maxb	A zonefile for a single IPv4 address? do you really mean that?	22:39
qhartman	oh, no, too many 10's	22:39
qhartman	your fingers get on a roll	22:39
sarnold	boy you're gonna love ipv6 :)	22:40
qhartman	heh	22:40
qhartman	I wish we had an actual reason to use it	22:40
=== FreezingAlt is now known as FreezingCold
=== Lcawte is now known as Lcawte\|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!