[00:03] <crazyhead42> Odd, I know I used sudo nano this time, and it still won't let me write the file.
[00:06] <crazyhead42> Why wouldn't I, being the first user and using sudo, be able to write a config file?
[00:09] <sarnold> crazyhead42: did nano give you an exact error message or just some "can't write" error message?
[00:10] <crazyhead42> "Permision Denied"
[00:12] <crazyhead42> [ Error in writing vsftpd: Persmission denied ]
[00:13] <sarnold> crazyhead42: what command did you use to start nano?
[00:14] <crazyhead42> sudo nano vstpd.conf
[00:28] <crazyhead42> I'd suspect it was because ftp is running, but that doesn't seem to be a problem in the instructions...
[00:30] <sarnold> depends; linux won't let you modify a currently-executing binary file, but I doubt that was what you did with nano :)
[00:30] <sarnold> (of course you can -delete- currently executing binary files no trouble. and you can modify libraries used by processes and they'll probably just crash. go figure.)
[00:36] <crazyhead42> If it makes things more wierd/clear/muddled, I can't save it as vsftpd1.config either.
[00:37] <sarnold> you probably don't have write privileges to the containing directory, which makes me wonder if you did use 'sudo' to start it, since root can override permissions on anything .. except for e.g. a read-only mount
[00:38] <crazyhead42> huh... sudo apt-get seemed to work well.
[00:39] <crazyhead42> I'll try rebooting though. How do I do that by commandline?
[00:39] <sarnold> sudo shutdown -r now
[00:41] <leopardweasel1> Does any one know why I would have a public IPv6 address during the installation of ubuntu server, but not after the installation?
[00:45] <sarnold> leopardweasel1: check your /etc/network/interfaces to see if you've got the ipv6 configuration defined properly
[00:47] <leopardweasel1> sarnold: it is set up with the default "auto eth0" and "iface eth0 inet dhcp". It is my router for my home network.
[00:48] <sarnold> leopardweasel1: aha; you'll need to add some 'inet6' stuff there too
[00:48] <sarnold> leopardweasel1: check out interfaces(5) for details
[00:49] <crazyhead42> Negative. It still says permission denied.
[00:49] <crazyhead42> Could a too long string do it?
[00:50] <sarnold> crazyhead42: no; if you tried to give a file name too long it would probably be "File name too long" error message instead
[00:50] <sarnold> crazyhead42: what commands are you running?
[00:51] <crazyhead42> still sudo nano, but I accidently ctrl z'd out, and now it's saying no write permission
[00:52] <sarnold> could you pastebin the last ten or twenty lines of your history?
[00:53] <crazyhead42> No, I'd have to type them one by one.
[00:53] <crazyhead42> And they aren't all showing up...
[00:53] <crazyhead42> WTH?! I've got history missing now!
[00:54] <sarnold> try this; sudo apt-get install pastebinit ; history | tail -20 | pastebinit
[00:54] <crazyhead42> Won't help, this is not my server. My server is on another computer.
[00:54] <crazyhead42> Unless pastebinit is meant to protect my history from disapearing unexplanibly?
[00:55] <sarnold> pastebinit just writes standard input to a pastebin site like paste.ubuntu.com. it saves you from having to copy-and-paste things by hand.
[00:55] <crazyhead42> Still would have to type it all out.
[00:55] <sarnold> why?
[00:55] <crazyhead42> Two different computers.
[00:56] <crazyhead42> My server is one, which I don't have working to the point where I can even access it from here (I think. I'm not ruling out issues on this end.) and I'm using a pc to manage the irc.
[00:56] <sarnold> ... oh crazy, you don't even have working networking on it??
[00:57] <sarnold> wait now I'm really confused
[00:57] <crazyhead42> I can download stuff, but that's it.
[00:57] <sarnold> you said apt-get works... so how does -that- work but you can't ssh into it?
[00:57] <crazyhead42> I don't have access to it from my other computer. That's what I've been trying to fix.
[00:57] <sarnold> crazyhead42: install pastebinit, run the history | tail -20 | pastebinit, and then it'll give you an url like: http://paste.ubuntu.com/8528552/  that you'll have to retype. that's not the worst thing in the world...
[00:58] <sarnold> crazyhead42: and you can't just ssh into it?
[00:58] <crazyhead42> 1. not sure I know what that means.
[00:58] <crazyhead42> 2. I wouldn't rule out that I'm trying to set that up.
[00:58] <sarnold> why bother with vsftp if you can't even ssh in? seems like worrying about paint scratches on a car when there's no engine installed :) hehe
[00:59] <crazyhead42> wait? I'm not trying to get an engine? What have I been trying to install? SEATWARMERS?
[00:59] <sarnold> hehehe
[01:00] <crazyhead42> OH, and if I do have ssh on it, I might STILL be unable to access it. An engine is no good without being connected to the wheels.
[01:01] <sarnold> ah, that's a better analogy. you car's got an engine (kernel works, networking stack works), but without wheels (ssh) you can't drive it anywhere :)
[01:01] <sarnold> so, can you ping your server's IP address from the computer you're using?
[01:01] <crazyhead42> Actually, the wheels here might be me knowing what I'm doing.
[01:02] <crazyhead42> No. Not without careful instruction.
[01:03] <crazyhead42> I don't even know if windows has the ability to ping.
[01:03] <crazyhead42> I'd ASSUME so, but I've never seen it.
[01:03] <sarnold> run "ip addr" or "ifconfig" on the servre; look for an ip address that's not 127.0.0.1. on the pc, type "ping ipaddress"
[01:04] <crazyhead42> I'm not the only one on the network...
[01:04] <crazyhead42> How do I avoid pinging my mom?
[01:04] <sarnold> that's fine, ping sends little tiny 56 byte packets by default. and windows ping juts sends four before quitting.
[01:04] <sarnold> you find the IP address of the server and ping that.
[01:05] <crazyhead42> That wasn't thourough enough.
[01:06] <crazyhead42> The National Policy Institute, estimates that the total cost of mass deportation would be between $206 and $230 billion, or an average cost of between $41 and $46 billion annually over a five year period
[01:06] <crazyhead42> Oops
[01:06] <sarnold> crazyhead42: okay, here's my ifconfig and ip addr output: http://paste.ubuntu.com/8530141/
[01:07] <crazyhead42> Microsoft Windows [Version 6.3.9600]
[01:07] <crazyhead42> (c) 2013 Microsoft Corporation. All rights reserved.
[01:07] <crazyhead42> C:\Users\####>ifconfig
[01:07] <crazyhead42> 'ifconfig' is not recognized as an internal or external command,
[01:07] <crazyhead42> operable program or batch file.
[01:07] <crazyhead42> C:\Users\####>ip addr
[01:07] <crazyhead42> 'ip' is not recognized as an internal or external command,
[01:07] <crazyhead42> operable program or batch file.
[01:07] <crazyhead42> C:\Users\####>
[01:07] <sarnold> run those commands on your server, not your pc
[01:07] <sarnold> windows has an 'ipconfig' command if you ever want it though...
[01:07] <crazyhead42> Oh. You want the one from the server.
[01:08] <crazyhead42> I actually have that stored, assuming it didn't change.
[01:08] <crazyhead42> 192.168.1.255 is one of them
[01:08] <crazyhead42> oops... I probably shouldn't have posted that
[01:08] <sarnold> that's probably a broadcast address
[01:09] <sarnold> if your netmask is 255.255.255.0, that's a broadcast address, it refers to all hosts on your local network.
[01:09] <crazyhead42> Okay, I'm getting several of them.
[01:10] <sarnold> twenty years ago you could use that to find all the computers o na network -- ping 192.168.1.255 -- and you'd get back responses from five, ten, twenty, or two hundred machines, all at once. :) but most computers don't reply to broadcast pings any more :(
[01:10] <crazyhead42> Okay... so now that I have a bunch of IP addresses, what do I do with them?
[01:11] <sarnold> I'm surprised you have "a bunch" -- how many network cards does that machine have?
[01:11] <crazyhead42> There should only be one (and there is only one ethernet cord), but I can only tell the loopback apart from the other kinds.
[01:12] <sarnold> you're probably looking for eth0's ip address
[01:14] <crazyhead42> Okay, I know I used this comand previously, but I don't remember quite how it went. It was ip addr | [something] eth
[01:14] <sarnold> grep
[01:15] <crazyhead42> ummmmmmmmmmmmmmm
[01:15] <crazyhead42> lots of stuffes
[01:15] <sarnold> hmm, and actually none of those are the ip address anyway..
[01:16] <crazyhead42> but I have to go, I need to make dinner.
[01:16] <sarnold> try this: ip addr | grep 192
[01:28] <crazyhead42> I have an inet and a grd
[01:28] <crazyhead42> inet ends with a number a slash then another number, the grd ends in 255.
[01:28] <crazyhead42> Is the inet the one I want?
[01:29] <sarnold> yeah
[01:29] <crazyhead42> Okay, got it then. what is it I'm going to do with it?
[01:29] <sarnold> ping it from the windows machine and see if routing works between the two computers
[01:30] <crazyhead42> How do I ping with windows? Linux is easy, the command IS ping. No clue when it comes to the pc.
[01:30] <sarnold> ping
[01:31] <crazyhead42> do I include the slash and the numbers after it?
[01:31] <sarnold> no, leave that part off
[01:31] <crazyhead42> four replys
[01:31] <sarnold> sweet, success
[01:32] <sarnold> okay, on the pc run "telnet ipaddress 22" -- that should give you some output like: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
[01:32] <sarnold> this will see if openssh-server is installed and running
[01:33] <crazyhead42> false. Could not connect.
[01:33] <crazyhead42> TTL, what's TTL?
[01:33] <sarnold> time to live
[01:33] <crazyhead42> O.O tell me "live" is programer speak for something less disturbing
[01:34] <sarnold> hehe
[01:34] <sarnold> to ensure packets don't route around the internet forever, they each have a 'time to live' number embedded within them; every router subtracts one and then passes along the packet to the next hop. if any router ever sees it hit '0' it drops the packet on the floor.
[01:35] <crazyhead42> Oh. That is... a little disturbing in discription, but an acceptablle concept
[01:35] <sarnold> dns has a slightly different meaning for "time to live", but it'll make sense when you get there :) hehe
[01:35] <crazyhead42> Darn it. changing the nmber didn't fix it.
[01:36] <sarnold> which numbre did you change?
[01:36] <crazyhead42> the 22. I used the number after the / and also 21
[01:36] <sarnold> aha :)
[01:37] <crazyhead42> 21 because I think I've seen it somewhere while reading the code.
[01:37] <crazyhead42> "code"
[01:37] <sarnold> 22 is the listening port on the server; 22 is usual for ssh; 21 is usual for ftp, 23 for telnet, etc...
[01:37] <crazyhead42> yeah. It's probably the ftp I grabbed it from.
[01:37] <sarnold> but since you had a connection rejected, you probably don't have openssh-server installed and running; on the server, run 'apt-get install openssh-server'
[01:39] <crazyhead42> not something I'd doubt. But why wouldn't ubuntu server come with that?
[01:39] <crazyhead42> (This, by the way, is why people use macs and PCs, this is WAYYYY over my head.
[01:40] <sarnold> crazyhead42: okay, it's time for me to run, but once you've got openssh-server installed, install this onto your windows machine, and use it to connect to your server's IP address:  http://en.wikipedia.org/wiki/PuTTY
[01:40] <sarnold> crazyhead42: I'msurprised it isn't installed and running to be honest.
[01:40] <crazyhead42> Maybe it dissapeared when I purged samba. (which I later decided was a BAD idea)
[01:41] <crazyhead42> Do I need to restart before I can test this?
[01:41] <sarnold> no
[01:41] <sarnold> you almost never need to reboot linux machines
[01:41] <sarnold> I had one that was up and running for over a thousand days between reboots.
[01:42] <sarnold> okay, off ;) have fun
[01:42] <crazyhead42> Oh, you have to go. Before you do, can you tell me if I at least seem intellegent on this thing? I don't know if I'm an intellegent beginner or some moron trying to use this wrong.
[01:42] <sarnold> you understand surprising things, don't know other things. it's not what I'd expect :) I've got good hopes for you.
[01:43] <crazyhead42> ?? I'll ask you about that tomorrow then...
[02:48] <crazyhead42> Well, openssl-server didn't seem to change what happened on ping... is anyone on that can help me with the next step?
[02:52] <crazyhead42> Scratch that. I was typing in "ipaddress" instead of the ip address
[03:01] <lkthomas> hey guys
[03:08] <crazyhead42> Hi, hope you're not looking for anyone.
[03:10] <lkthomas> huh
[03:10] <lkthomas> I am not :P
[03:13] <crazyhead42> Are you a helper, or someone who needs help?
[03:13] <lkthomas> I was having issue with locale and I fixed it. thanks for asking
[03:16] <crazyhead42> If you needed help, I'd just direct you to #ubuntu. I can't help you, I spent quite a while dealling with trying to connect to a server with ip address "ipaddress"
[03:18] <Sachiru> What just happened?
[03:18] <lkthomas> huh ?! what happen ?!
[03:19] <lkthomas> I am wondering how you guys scale up syslog server
[03:19] <lkthomas> imagine 1000 servers have log almost every second
[03:19] <lkthomas> it send to one single rsyslog server
[03:19] <lkthomas> I would imagine it will be super busy
[03:23] <Sachiru> @lkthomas: That's easy. Don't send log to a single syslog server
[03:23] <Sachiru> Use something like the ELK stack or Splunk
[03:24] <lkthomas> how does it help ?!
[03:24] <Sachiru> Reduce load
[03:24] <Sachiru> Have three servers as log agents/collectors, and one as coordinator
[03:24] <Sachiru> Then use something like Kibana or Splunk to do automated analysis
[03:24] <lkthomas> Splunk isn't free
[03:24] <lkthomas> any alternative ?
[03:24] <Sachiru> Like email you when syslog from server 694 reports that apache is down
[03:24] <Sachiru> ELK stack
[03:25] <Sachiru> Elasticsearch-Logstash-Kibana
[03:25] <Sachiru> All free
[03:25] <lkthomas> let me have a look, thanks
[03:26] <Sachiru> https://www.youtube.com/watch?v=Kqs7UcCJquM <-- ELK stack in action
[03:28] <Sachiru> You can even use ELK to create nice-looking NOC Dashboards, like the ones here: http://www.networkassassin.com/elk-for-network-operations/
[03:28] <lkthomas> looks interesting
[03:28] <crazyhead42> YAY! I have a server now! <3 Now to spend some time compressing my stuff so it can transfer off my pc.
[03:29] <lkthomas> Sachiru: seems I need to spend couple weeks to learn how to deploy it
[03:31] <Sachiru> Integrate ELK + Observium + some form of netflow analyzer + transparent net proxy with orionsniffer and you not only see network stats, but network usage as well
[03:32] <Sachiru> Anyone tries to browse porn, it instantly shows up on the NOC dashboard as well as where he's getting it and what kind of porn he's looking at. Netflix on work network? Instantly see a breakdown of traffic on a per-protocol/per-application basis and pinpoint which guy is streaming Game of Thrones on his work PC
[03:32] <Sachiru> I should know, that's what I have here right now.
[03:36] <crazyhead42> O.O Just one more reason NOT to use the school network
[03:36] <Sachiru> Granted I have quite a big budget for IT
[03:36] <Sachiru> Running that level of monitoring is not cheap
[03:37] <Sachiru> Then again, it's better to spend that much on monitoring than to lose even more due to slow network
[03:37] <crazyhead42> Are there any ways around this kind of monitoring?
[03:37] <Sachiru> Sure
[03:37] <Sachiru> Tor
[03:37] <Sachiru> Or a VPN
[03:38] <Sachiru> They'd know that you're using Tor or a VPN, but not know what you're using it for
[03:38] <Sachiru> Basically all they'd see is how much traffic is tunneled through Tor/VPN, but not what kind of traffic it is
[03:38] <crazyhead42> what are those?
[03:38] <Sachiru> Even so, carrier-grade (ISP-grade) network monitoring tools can still sniff into Tor/VPN
[03:39] <Sachiru> A VPN essentially creates an encrypted tunnel to a server on the outside of the network
[03:39] <Sachiru> Which acts as an exit point for your network activity
[03:39] <crazyhead42> so a proxy?
[03:39] <Sachiru> A bit more and a bit less than a proxy
[03:40] <Sachiru> More in the sense that it tunnels EVERYTHING (proxies tunnel only HTTP traffic), and a bit less in that it's more detectable than using a proxy
[03:41] <crazyhead42> Is there any way for someone to grab my login information to, let's say my email, while I'm on their server?
[03:41] <Sachiru> Tor is VPN on steroids, creates multiple encrypted tunnels to multiple exit points, and selects across them at random, so few can know exactly which tunnel you're using at a given time.
[03:41] <crazyhead42> *network
[03:41] <Sachiru> Sure
[03:41] <Sachiru> But it's not easy
[03:41] <crazyhead42> Nice to know it's not as easy as I thought.
[03:41] <Sachiru> Webmail is typically protected by HTTPS, so it takes immense computational power to crack
[03:42] <Sachiru> If you were at school and I wanted your webmail password, given a choice of buying $5 billion worth of servers to run a massive cracking array or hiring a $500 security guard to beat you up until you told me your password, you can imagine which approach I'd use
[03:42] <crazyhead42> even if I establish the connection through the network?
[03:43] <Sachiru> As for Tor: https://www.torproject.org/
[03:44] <Sachiru> the thing is people who are extremely paranoid about netsec do not understand the idea behind cracking encryption and thus do not see why nobody would bother to crack their passwords via computers
[03:44] <Sachiru> It takes an immense amount of computing power to crack something like RSA, so typically governments and the like are the only ones capable of it, and even then they use it against targets where the money would be put to good use
[03:45] <Sachiru> Even the government will not spend billions of dollars just to get your grandma's secret yogurt recipe
[03:45] <Sachiru> And even so, if they really wanted your access details they'd use cheaper and easier methods, like blackmail or eavesdropping, to get it, instead of all this hypothetical supermachine cracking array
[03:46] <Sachiru> If someone says that it's not secure, my typical counterargument is this: "Let's say that the government DOES have that capability, my question is are you *that important* that the government would spend huge sums just to get at you instead of bigger targets like say the current leader of the Taliban?"
[03:47] <Sachiru> Even on my current network I usually don't use the sniffing capabilities unless management asks me to
[03:48] <Sachiru> Too many clients to keep an eye on that it's not worth my time to look at all of them
[03:50] <crazyhead42> I just thought because my computer has to talk to the external server to choose encryption type, the encryption type would be easily avalible.
[03:56] <crazyhead42> Is there a way to modify the configuration of my server to put deleted items in a trash file instead of perminintly deleting them the first time?
[04:02] <Sachiru> What's your server?
[04:02] <Sachiru> I mean, what services is it exposing?
[04:04] <crazyhead42> It's just a ftp server
[04:04] <crazyhead42> just got openssl working
[04:04] <crazyhead42> using filezilla as a go between.
[04:07] <Sachiru> What's your FTP server?
[04:07] <Sachiru> What software are you using to act as FTP server?
[04:08] <crazyhead42> Ubuntu server, openssl-server
[04:08] <crazyhead42> Or at least I think that's the active portion
[04:42] <Sachiru> OpenSSL refers only to the SSL layer
[04:42] <Sachiru> What FTP daemon are you using?
[04:42] <crazyhead42> Ummm... default?
[04:44] <crazyhead42> I've done no successful customizations beyond downloads.
[04:48] <crazyhead42> And I say sucessful because my write privliges don't seem to function, even as su + sudo combined
[05:00] <Sachiru> wait, you sudo as root?
[07:00] <Doc-Saintly> How do I install offline?
[07:19] <Doc-Saintly> bleh. just strung a network cable across the floor. oh well
[07:19] <Doc-Saintly> thanks anyway
[08:23] <lordievader> Good morning.
[09:03] <Repox> Hi! I'm trying to understand the basics of UFW, and I'm hacing a little issue connecting from the outside. I've currently set UFW up so that all internal network has the access needed to reach eachother ( http://pastie.org/private/i07wxhnois18azddrjldg ) - and it seems like that works exactly as it should. But when trying to access with my-own-ip, I'm rejected for any other port than port 22.
[09:20] <abhishek> how can I extend /opt partition
[09:20] <abhishek> I have storage via nfs
[09:25] <lordievader> abhishek: Stop the nfs service, repartition your drive, start nfs service.
[09:32] <vedic_> Hi, I have purchased access to a dedicated server where the OS was installed by the company which do this business. I see there are several users listed which I think are not required on the server. for example: games, irc, whoopsie, landscape etc.
[09:32] <vedic_> Is the ok to remove those users?
[09:33] <vedic_> I also see they have enabled root login and created a directory in /home as: admintech. This admintech is not a user as "passwd admintech" doesn't allow to create password
[09:34] <vedic_> before disabling root, I want to disable all users which are not required. I will be ruuning a web server on this. Once that is done, create a user give password to it and then disable root so that I am not locked out. I hope this is correct process
[09:46] <lordievader> vedic_: Likely your hoster has someway of accessing and maintaining the server. It might be that some of the things you've listed are part of that.
[09:48] <vedic_> lordievader: It is not meant to be managed. I need to ensure that I give max security to server. The user admintech is actually the user. I have typo so it was not taking password. I have set password for that. The reason that comes to my mind on enabling root is that they
[09:48] <vedic_> are not used to Ubuntu. They have ready systems for CentOS, RedHat but not Ubuntu. That may be the reason to enable root
[09:49] <vedic_> But is there any use for these users: games, irc etc?
[09:49] <vedic_> I am not going to run any of these on that server
[09:50] <lordievader> games and irc seem to be default users, perhaps from the legacy from the early days.
[09:51] <lordievader> Their shell is set to /usr/sbin/nologin
[09:51] <lordievader> So you cannot login as those users.
[09:52] <vedic_> hmm... that makes sense.
[09:56] <vedic_> Is there any way to check if the server was installed as minimal install option or not?
[09:57] <lordievader> vedic_: You mean with the mini iso?
[09:58] <vedic_> lordievader: nope. I mean during installation of ubuntun server, It gives modes in which to install. One of them is Minimal Install where the installer will install only the bare minimal packages
[10:01] <lordievader> vedic_: I suppose you can look at the package list to see fi there are optional packages installed.
[11:13] <vedic_> If there is .local file along with .conf file for services like fail2ban, will .local take precedence?
[11:50] <jamespage> zul, https://bugs.launchpad.net/horizon/+bug/1379761 fyi
[12:07] <zul> jamespage:  lovely
[12:16] <zul> jamespage:  did you see nova rc2?
[12:40] <coreycb> zul, jamespage: I'll kick off the nova and neutron rc2's if you haven't already
[12:40] <zul> ack
[12:42] <jamespage> coreycb, awesome
[12:48] <jamespage> coreycb, zul: ooo - just found a cracking neutron bug
[12:49] <coreycb> jamespage, oh?
[12:50] <jamespage> coreycb, ovs agent explodes trying to management iptables
[12:50] <zul> jamespage:  that doesnt sound too cracking
[12:51] <jamespage> zul, https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1379779
[12:52] <zul> jamespage:  you should really stop breaking things ;)
[12:52] <jamespage> zul, this is called *testing*
[12:53] <jremydeaton> question... if i run sudo tasksel, then select mail server, add my mail domain info in the "wizard", Should that work out of the box for sending and recieving?
[12:55] <jremydeaton> running a dev server so minimal config is ok
[13:06] <jamespage> zul, coreycb: hold fire on the neutron rc2, that needs some packaging fixes
[13:07] <coreycb> jamespage, ok
[13:08] <jamespage> coreycb, zul: new for rc1 - https://github.com/openstack/neutron/commit/2562a9271c828e982a74593e8fd07be13b0cfc4a
[13:08] <jamespage> hmm its optional but it certainly would help with iptables management
[13:09] <zul> jamespage:  ipset is in universe
[13:09] <jamespage> zul, erm yes
[13:09] <jamespage> craps
[13:13] <jamespage> zul, it would just be that new dependency
[13:13] <zul> jamespage:  want me to do the mir?
[13:13] <jamespage> zul, yes please; I'll handle the neutron bits
[13:14] <jamespage> coreycb, i got neutron rc2
[13:14] <jamespage> :-(
[13:14] <coreycb> jamespage, ok
[13:17] <jamespage> zul, will that land in jdstrands lap?
[13:17] <zul> jamespage:  i dont think so its pretty small https://bugs.launchpad.net/ubuntu/+source/ipset/+bug/1379789
[13:18] <zul> its an iptables add-on
[13:25] <jamespage> gaughen, ^^ you should be aware of this discovery
[13:28] <jamespage> zul, some of your detail is wrong - its not python
[13:29] <zul> fixed
[13:38] <coreycb> zul, can you review? https://code.launchpad.net/~corey.bryant/nova/2014.2-rc2/+merge/237976
[13:39] <zul> coreycb: uploading
[13:39] <coreycb> zul, thx
[13:44] <jamespage> zul, oo - its has DEP-8 tests!
[13:45] <DammitJim> I just updated my DNS servers in my /etc/network/interfaces file
[13:45] <DammitJim> how do I kick the server for the changes to take effect?
[13:45] <DammitJim> /etc/init.d/networking restart doesn't do it
[13:45] <jamespage> DammitJim, you need to down/up the interface
[13:46] <DammitJim> oh, so one can't do that over ssh?
[13:46] <jamespage> using ifdown/ifup
[13:46] <jamespage> DammitJim, hmm - well you probably can still
[13:47] <DammitJim> how?
[14:15] <jamespage> zul, coreycb: neutron uploaded with the new ipset stuff enabled
[14:15] <jamespage> it will build fine but pulls a new runtime dep
[14:16] <coreycb> jamespage, ok
[14:37] <ayr-ton> Under ubuntu 13.10 I tried a sudo do-release-upgrade --mode=server -d, but it says that theres no updates. I removed a bunch of files, but without success. Someone does know how to fix it?
[14:43] <genii> ayr-ton: Saucy is now End-Of-Life and it's repositories were archived to old-releases.ubuntu.com
[14:55] <rbasak> smoser: for bug 1068756, is it even right that files are being placed that affect the system during the image build process, rather than in packaging?
[14:59] <smoser> rbasak, how would you propose to fix that ?
[14:59] <smoser> we want "server specific config"
[15:00] <rbasak> smoser: I don't know. But I think it's wrong to do it by effectively hacking the built image.
[15:00] <rbasak> Maybe a question for ubuntu-devel.
[15:01] <rbasak> smoser: what if cloud-init had a setting to enable or disable privacy extensions, and you decided the default?
[15:16] <smoser> rbasak, we've done other "cloud specific config" before in image build process
[15:16] <smoser> we definitely do want to limit it (and do).
[15:16] <smoser> and in that bug, one of the things i said was "figure out the right way to do this".
[15:18] <rbasak> smoser: I'm fine with a hack in the meantime. Better modify the build process than have this bug languishing. But we should keep something open to fix it properly.
[15:18] <rbasak> smoser: what do you think of cloud-init doing it?
[15:19] <smoser> well, we want "server" fixed too
[15:19] <smoser> generally the setting is silly
[15:19] <smoser> so cloud-init doing it is a fix for a subset of thigns.
[15:19] <rbasak> Agreed.
[15:25] <coreycb> zul, can you review please?  https://code.launchpad.net/~corey.bryant/keystone/2014.1.3-2/+merge/238002
[16:02] <zul> coreycb: yep right after lunch
[16:31] <vedic_> Has any used sendEmail (its sendEmail not sendmail). I am facing issue in sending email via smtp gmail on port 587
[16:32] <vedic_> Need guidance if you have used it
[16:34] <genii> vedic_: What does the bounce messaage say?
[16:35] <vedic_>  sendEmail[1530]: ERROR => ERROR => SMTP-AUTH: Authentication to smtp.gmail.com:587 failed.
[16:35] <vedic_> genii:
[16:35] <genii> vedic_: Are you using it with -xu username -xp password  ?
[16:35] <vedic_> genii: yea
[16:36] <vedic_> Same way as provided here (see first question in faq): http://caspian.dotconf.net/menu/Software/SendEmail/
[16:36] <genii> Hm
[16:41] <genii> vedic_: Could you give the exact type of way you are trying please? ( Just put sample stuff for the content/user/pass though of course)
[16:45] <vedic_> genii: sendEmail -f myemail@gmail.com -t youremail@gmail.com -s smtp.gmail.com:587 -xu myemail@incights.com -xp MyPass#% -u "Hello from sendEmail" -o tls=yes -m "How are you? I'm testing sendEmail from the command line."
[16:47] <genii> I was thinking maybe tls was not specified but I see you do have it there
[16:49] <genii> vedic_: Have you tried putting the pass inside single quotes?
[16:49] <genii> ( there might be something in it which is being parsed
[16:49] <vedic_> genii: wow. It worked
[16:50] <vedic_> :) big thanks
[16:50] <genii> vedic_: You're welcome :)
[16:51] <zul> coreycb: buit fine?
[16:52] <coreycb> zul, yes
[16:55] <zul> coreycb: done
[16:55] <coreycb> zul, thanks
[17:43] <zartoosh> HI I am using ubuntu 14.04. how do I find out what HZ is set in my system? thanks
[17:44] <lordievader> zartoosh: HZ? Do you mean the clock frequency of your CPU?
[17:59] <rbasak> zartoosh: the command "grep ^CONFIG_HZ /boot/config-`uname -r`" will tell you. Looks like 250.
[17:59] <lordievader> Ah that HZ...
[18:17] <zartoosh> rbasak,  lordievader  thanks got it
[18:20] <vedic_> How to know if mta in installed?
[18:37] <vedic_> Is it possible to have minimal install of Ubuntu server on the cloud? Minimal install doesn't provide ssh. If no ssh then how to access server on the cloud? I want to give instructions to my cloud provider to install bare minimal packages. Currently it has got yum, rpm, sendmail and a whole lot other packages
[18:38] <RoyK> sendmail?!?
[18:39] <RoyK> IIRC exim is the default, I prefer postfix
[18:41] <vedic_> RoyK: yea, I am surprised how they have installed. I now need to give them instructions to make minimal install. But would that be possible on Ctrls?
[18:41] <vedic_> typo: ... But would that be possible on cloud?
[18:42] <RoyK> well, a cloud is just a bunch of VMs - everything's possible
[18:43] <vedic_> RoyK: hmm
[18:45] <vedic_> RoyK: are there any instructions on how to make minimal server install?
[18:45] <vedic_> I will send that link to them
[18:46] <sarnold> vedic_: look into these http://cloud-images.ubuntu.com/releases/14.04/release-20140927/
[18:48] <vedic_> sarnold: I am not yet on AWS.
[18:48] <sarnold> vedic_: scroll down.
[19:03] <vedic_> sarnold: I think if I install ubuntu-minimal and then remove all other packages except ubuntu-minimal that should do the trick.
[19:03] <vedic_> What do you thing?
[19:03] <vedic_> think
[19:04] <sarnold> vedic_: seems complicated compared to just starting with a tiny starting point..
[19:05] <vedic_> sarnold: I already have access to VM and I will ask them to terminate this and create another one which will take at least 24 to 48 hours
[19:05] <sarnold> vedic_: wow, I'm accustomed to a minute or two...
[19:05] <sarnold> vedic_: if turn-around time really is so horrible perhaps it is worth doing some goofing around with package management yourself :)
[19:06] <vedic_> sarnold: because it is you doing it. In my case, I can't install OS. They do it for each VM and they have process to follow
[19:06] <vedic_> hmm...
[19:07] <crazyhead42> sarnold, which putty should I be downloading? even if I only look at the ones for windows that have "putty" in them, there are quite a few.
[19:09] <sarnold> crazyhead42: I think the "A windows installer for everything except puttytel" -- you might not need the others right away but it'd be nice to have them installed and available
[19:10] <crazyhead42> so I wn't need puttytel for anything?
[19:10] <sarnold> probably not
[19:11] <qman__> puttytel is a standalone telnet client, unlikely you'll need it
[19:12] <crazyhead42> oh, tel as in telnet.
[19:13] <crazyhead42> Oh, and sarnold, I figured out why I couldn't connect to my server yesterday.
[19:13] <crazyhead42> my ip address wasn't "ipaddress"
[19:13] <sarnold> lol
[19:13] <sarnold> yeah :)
[19:14] <crazyhead42> I'm still curious though, what is it that surprised you?
[19:17] <sarnold> well, this :) hehe -- you knew how to install an ubuntu machine, got packages downloaded and installed, but didn't know "ipaddress" meant "put in the ip address that we had talked about"  :)
[19:18] <crazyhead42> That I figured out after actually LOOKING at the code.
[19:21] <crazyhead42> Does PUtty support drag and drop file transfers?
[19:24] <bekks> No.
[19:24] <bekks> crazyhead42: For drag and drop file transfers, just use filezilla.
[19:25] <crazyhead42> drat. Is there a way to transfer a whole directory/folder?
[19:25] <crazyhead42> And that didn't seem to work..
[19:27] <crazyhead42> oh, there it goes.
[19:41] <crazyhead42> What should I do about the fact I can't edit config files?
[19:43] <guntbert> crazyhead42: where?
[19:43] <crazyhead42> On my server, I tried to edit vsftpd.conf (using sudo nano, of course) and I didn't get write permissions
[19:44] <crazyhead42> Oh boy. What's the command for "this message begins with a /"?
[19:45] <qman__> What?
[19:45] <crazyhead42> I was going to type in the exact location of the file, but the system thinks I'm giving it a command.
[19:46] <qman__> Please pastebin your exact session, that doesn't make any sense
[19:46] <genii> Is / mounted read-only or something?
[19:47] <crazyhead42> I can't "pastebin
[19:47] <crazyhead42> my other computer is a server, not a desktop.
[19:47] <genii> !pastebinit
[19:47] <qman__> You have putty, are you not using it?
[19:48] <qman__> Highlight the text in putty to put it on the clipboard
[19:50] <crazyhead42> Okay, we're on seperate waveleighnths here. 1. my commands are being entered into the server itself, partially because I don't get kicked off every time I type something in wrong. 2. I am not not sure I know what pastebin is, because I was thinking it was like a clipboard for pc.
[19:51] <ikonia> you should not get kicked off if you type in a command wrong
[19:51] <qman__> Right, it would give you the error and return to the prompt
[19:51] <crazyhead42> I was using telnet. I JUST got putty, but I thought it was like filezilla
[19:52] <ikonia> I doubt you are using telnet
[19:52] <ikonia> telnet is not enabled by default
[19:53] <crazyhead42> I was accessing it on my pc manually.
[19:53] <crazyhead42> okay, so this is interesting. When I logged in, it said "failed to add entry for user lexi"
[19:54] <crazyhead42> GAH! Again with the identity!!!
[19:54] <ikonia> crazyhead42: I think you need to address what you are doing
[19:55] <ikonia> crazyhead42: 1.) telnet is not enabled - so I don't know what you where really doing
[19:55] <ikonia> 2.) I think you need to try to describe your issue clearly with the correct information
[19:56] <RoyK> what does raspbian do so well with resizing the root that my ubuntu thing on this bpi cannot do?
[19:57] <qman__> resize2fs?
[19:57] <RoyK> partition, not filesystem
[19:58] <qman__> I've always done that manually with fdisk, if not gparted for more complex changes
[19:58] <crazyhead42> Oh, that's not good...
[19:59] <crazyhead42> http://paste.ubuntu.com/8535205/ is my input
[19:59] <crazyhead42> Oh, oops, forgot a d
[19:59] <RoyK> qman__: so just changing the size with fdisk won't break anything?
[19:59] <ikonia> crazyhead42: why is that bad ?
[19:59] <qman__> crazyhead42: in that paste, you aren't using sudo, which you need to do to edit system files
[19:59] <crazyhead42> I was getting a new file instead of a file with "(Warning: no write permission)"
[20:00] <crazyhead42> Well I was getting the same warning with sudo!
[20:00] <ikonia> crazyhead42: that paste has nothing to do with a file
[20:00] <qman__> RoyK: as long as the starting point of the partitions stay the same, its ok
[20:00] <ikonia> crazyhead42: that's just a login
[20:00] <qman__> RoyK: then do partprobe, then resize2fs
[20:00] <ikonia> crazyhead42: explain your problem
[20:00] <crazyhead42> Yes, but I found the failure to add entry possibly relevant
[20:00] <ikonia> crazyhead42: you're just saying "that's not good" and it's not making any sense
[20:00] <ikonia> crazyhead42: you don't know what you are doing/saying
[20:01] <ikonia> crazyhead42: you're saying "something's not good" when you don't know what it is or what it relates to
[20:01] <ikonia> crazyhead42: just focus on your problem, what is the problem ?
[20:01] <RoyK> qman__: how do I change the end sector in fdisk? can't find it
[20:01] <crazyhead42> If I KNEW WHAT I WAS DOING, then I wouldn't be here. My problem is I tried to modify this file, using sudo, multiple times yesterday, but it wouldn't let me.
[20:01] <qman__> RoyK: have to delete and re-add
[20:01] <RoyK> qman__: sounds dangerous
[20:01] <ikonia> crazyhead42: "wouldn't let me" means nothing
[20:02] <ikonia> crazyhead42: 1.) what is the exact command you are running 2.) what is the error/problem you get
[20:02] <crazyhead42> Give me a moment to recreate it
[20:02] <qman__> RoyK: can be, backups are advisable, but as long as you get the starting sector right it works
[20:03] <RoyK> well, it's just a tiny banana pi - seems like it's booting correctly
[20:03] <qman__> RoyK: it gets complex if there are other partitons after the one you want to expand
[20:03] <RoyK> none there
[20:03] <genii> ikonia: I notice it says a rebbot is required on their paste.
[20:03] <genii> *reboot
[20:03] <ikonia> genii: who's/where ?
[20:04] <genii> ikonia: On crazyhead42's paste, line 19
[20:04] <RoyK> qman__: ta-taa! :D
[20:04] <RoyK> qman__: I owe you a beer
[20:04] <ikonia> genii: just because it's had updates applied and not rebooted yet
[20:05] <genii> ikonia: Does it remount ro until then?
[20:05] <ikonia> no
[20:05] <ikonia> (unless there is a problem)
[20:06] <qman__> RoyK: cool
[20:06] <crazyhead42> Huh, no argument this time. Why would it reject me on the server itself, but accept it when I'm doing it by remote? I should fix that...
[20:06] <ikonia> fix what ?
[20:06] <ikonia> there is no problem
[20:06] <ikonia> it sounds like a simple user error
[20:07] <RoyK> qman__: toys like a banana pi are nice :)
[20:07] <vedic_> genni: Any idea why fail2ban is failing to start when action = action_mwl and mta is set to sendEmail ?
[20:07] <crazyhead42> It allowed me to access it's configuration by remote. That's a security risk.
[20:07] <vedic_> genii:^
[20:07] <ikonia> crazyhead42: what ????
[20:07] <ikonia> crazyhead42: what was the command you did that is a security risk
[20:07]  * RoyK just needs to print out a chassis for that
[20:08] <vedic_> genii: In sendmail-whois-line.conf I have set the sendEmail configuration
[20:08] <guntbert> crazyhead42: you should really slow down, tell us the command you are using and the error message you got -
[20:08] <vedic_> sendEmail works from the cmd line
[20:08] <vedic_> genii: sendEmail works from the command line
[20:08] <qman__> Heh, I have a couple first rev raspi, and I got a robo3d but I haven't gotten it going yet
[20:08] <crazyhead42> Well it didn't give me one this time. for some reason it worked by remote. And the error I was getting on the machine was just "permission denied".
[20:08] <qman__> The laptop I tried to use the first time was too slow to keep up with it
[20:09] <ikonia> crazyhead42: what is the security issue you have ?
[20:09] <ikonia> eg what command do you think is a security issue
[20:10] <genii> vedic_: Apologies, work required me
[20:10] <crazyhead42> Not the command, but the access. I shouldn't have admin controls on my laptop.
[20:10] <ikonia> crazyhead42: why not ?
[20:10] <crazyhead42> I'll have to see if I can lock it.
[20:10] <ikonia> lock it ???
[20:10] <ikonia> what are you talking about
[20:10] <ikonia> explain the problem
[20:11] <genii> vedic_: As to your question regarding fail2ban, no idea
[20:11] <qman__> crazyhead42: working as designed, ssh is made for remote administration
[20:11] <qman__> crazyhead42: its as secure as your account
[20:11] <vedic_> genii: ok
[20:13] <vedic_> Can you suggest why fail2ban is failing to restart if I set action = action_mwl? The mta is set to sendEmail . I have configured sendEmail in sendmail-whois-lines.conf . The sendEmail lines in conf file works well when I try on cmd line
[20:14] <genii> vedic_: I'm not sure that sendemail is your actual MTA, it's probably underneath using something else like sendmail or exim, etc
[20:14] <genii> But just a guess
[20:14] <ikonia> sendmail isn't the default ubuntu mta
[20:15] <vedic_> genii: I have installed sendmail and postfix
[20:15] <vedic_> genii: I have UNinstalled
[20:15] <ikonia> you can't have both
[20:15] <vedic_> :)
[20:16] <vedic_> I mean I have uninstalled. "Install" was typo
[20:16] <ikonia> so what mta have you installed then
[20:16] <phillw> hi folks, https://bugzilla.redhat.com/show_bug.cgi?id=1151205 has two people reporting the bug as squashed as of todays updates.
[20:16] <vedic_> ikonia, genii: How do I check if I have mta
[20:16] <vedic_> I want to avoid sendmail as its not light weight
[20:16] <vedic_> I just need to sending. No receiving needed
[20:16] <ikonia> phillw: what does a redhat bug hav eto do with ubuntu ?
[20:16] <gQuigs> hi there.. in the 14.04 release notes here (https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes)    The "upgrade notes" under Apache 2.4 is a 404 link.. to the debian changelog.. is there a better place for it to be linked too
[20:16] <gQuigs> ?
[20:17] <phillw> ikonia: because it borked KVM in ubuntu :)
[20:17] <ikonia> phillw: it uses different versions to redhat
[20:17] <ikonia> so I don't understand why you are quoting the redhat bug, rather than the ubuntu one against the ubuntu version
[20:18] <ikonia> why are you logging bugs to redhat for ubuntu packages ?
[20:18] <phillw> ikonia: do pay attention... ikonia oh, it does? funny that within 24 hours of raising a critical bug it has filtered through debian and ubuntu repos. I've had this once before with a kernel bug.
[20:19] <ikonia> what are you on about ???
[20:19] <ikonia> why are you logging ubuntu bugs to redhat ?
[20:19] <phillw> ikonia: virt-manager is a red-hat maintained bug :)
[20:19] <ikonia> Redhat does not make/maintain the ubuntu packages
[20:19] <ikonia> phillw: no it's not
[20:19] <ikonia> redhat maintain the upstream package
[20:19] <ikonia> not the ubuntu packages
[20:19] <ikonia> so you should be logging the bug to ubuntu
[20:20] <phillw> ikonia: indeed, and upstream uses red hat bugzilla
[20:20] <ikonia> and it's for 14.10 ???
[20:20] <ikonia> what the devil are you doing ???
[20:20] <ikonia> yes, but you don't log it to upstream
[20:20] <ikonia> you log it ot ubuntu - not upstream
[20:20] <vedic_> genii, ikonia: how about installing nullmailer . Looks like its the lightweight
[20:20] <vedic_> It should provide mta
[20:20] <ikonia> vedic_: never used it, no idea about it
[20:21] <vedic_> ok
[20:21] <genii> Here either, I just use Postfix
[20:22] <phillw> ikonia: you will just sit on it and register it up stream... It was registered upstream and solved within 24 hours. I fail to see what your issue is with me breaking a bit of good news and going into attack mode?
[20:22] <ikonia> what ?????
[20:22] <ikonia> you have no idea what th eproblem was, what the fix was or where it came from
[20:22] <ikonia> you're not breakign good news
[20:22] <phillw> ikonia: I do, it is a GTK issue.
[20:23] <ikonia> phillw: there is nothing in that bug to say it's a gtk issue
[20:23] <ikonia> phillw: report the bugs to ubuntu
[20:23] <ikonia> especially for the dev release
[20:23] <ikonia> not to upsteam,
[20:23] <phillw> ikonia: and, at the end of the day.... virt-manager now works in 14.10 - That is what I popped on here to say... nothing more.
[20:23] <ikonia> who cares ?
[20:23] <ikonia> this is not 14.10 support
[20:24] <ikonia> that bug has nothing to do with this channel
[20:24] <phillw> ikonia: so, no one here tests server 14.10?
[20:24] <ikonia> and you're just not helping by bypassing the ubuntu QA process to go straight to upstream with an ubuntu issue on a development platform
[20:24] <phillw> I'll leave you with that thought.
[20:39] <phillw> ikonia: (21:24:37) ikonia: and you're just not helping by bypassing the ubuntu QA process to go straight to upstream with an ubuntu issue on a development platform .. erm, I was.. the fix is out. As the dev team and testers use KVM expediting the bug was correct. As a qualified Red Hat person, I am fully allowed to use their system to report bugs that affect both rpm and deb systems. We are all Linux.
[20:49] <rberg> Hi all, Can I use the newish xfs crc32 option with Precise and the Trusty HWE kernel? I hear it requires a updated mkfs.xfs.
[21:13] <ikonia> phillw: what the hell are you on about "as a fully qualified redhat person" ??
[21:13] <ikonia> bugzilla is open to all
[21:13] <ikonia> you need no qualifications to access it
[21:14] <ikonia> but apply common sense, if the problem is with a re-release ubuntu package, follow the QA process to fix the package and then to upstream , not direct to upsteam where it may /may not be relevant
[21:33] <phillw> ikonia: the application itself told me to report it upstream, it is a red hat project that gets ported over to debian.  As you lack common sense, do not reply when I use the correct way as per the application, to report a bug and have it fixed.
[21:34] <phillw> ikonia: Oh, and for your information I wrote a lot of the pages on QA wiki and held sessions with people.
[21:36] <phillw> ikonia: https://wiki.ubuntu.com/Testing/Activities/Classroom/Saucy/ you should read them, you will learn things
[21:42] <ikonia> phillw: you are lost
[21:44] <keithzg> Pshhh, who really gets lost these days? Ubiquitous GPS integration has pretty much eliminated that :P
[21:45] <phillw> ikonia: nah, I know where I go to report issues, it is you who is lost thinking that ubuntu / debian fix bugs on virt-manager :)
[21:46] <ikonia> where did I say that
[21:46] <genii> Wow, this is still going on?
[21:46] <ikonia> you should report it against the debian / ubuntu package and allow their maintainers to work with upstream / pull down a fix
[21:47] <phillw> ikonia: no, you report the bug to where the application says to report it to.
[21:47] <ikonia> no you don't
[21:47] <ikonia> as that's just a text file
[21:47] <ikonia> or a line in the application
[21:48] <ikonia> the fact that it's being packages/patched/not patched against different components/kernels/libraries by different distros makes going direct to upsteam unwise
[21:49] <phillw> ikonia: well, I did and it is fixed within 24 hours... so, you do it your way and I'll follow the application bug reporting system https://bugzilla.redhat.com/show_bug.cgi?id=1151205 But, as you still go on and on... I only came on here to say it was bug fixed
[21:49] <ikonia> phillw: that just doesn't seem plausable
[21:50] <sarnold> ikonia: .. and yet it worked.
[21:50] <ikonia> phillw: as that would mean the upstream package would have to have been fixed, then the debian package sync it, build it and test it, then the ubuntu team build it test it all in 24 hours
[21:50] <ikonia> sarnold: possibly because it wsn't that bug
[21:50] <ikonia> or it was patched or not
[21:50] <ikonia> who knows as there was no ubuntu bug for it
[21:50] <ikonia> which is the point
[21:50] <phillw> ikonia: nor does me plucking a fix for kernel from red hat and having it dropped into ubuntu kernel for a previous KVM issue... I'm a heavy KVM user :)
[21:51] <ikonia> phillw: I don't know what a prevsious bug has anythig o do with it
[21:51] <phillw> ikonia: it has to do with the fact I will chase a kvm bug down.
[21:51] <sarnold> phillw: do you happen to use any qcow2 images? seen this? :)  https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1292234
[21:51] <ikonia> chase it down ???
[21:51] <ikonia> you've not even logged an ubuntu bug for it
[21:52] <ikonia> and you did nothing in that bug but cut and paste an error message
[21:52] <ikonia> that's hardly chasing it down
[21:52] <phillw> ikonia: it was marked as won't fix :)
[21:52] <ikonia> (although I appreiciate you logging a bug in general)
[21:52] <ikonia> phillw: where was it marked as won't fix ?
[21:53] <phillw> ikonia: that was not logged by me
[21:53] <ikonia> what wasn't ??
[21:53] <ikonia> you've just posted a bug you logged
[21:53] <ikonia> now you're saying it was not logged by you ?
[21:53] <sarnold> ikonia: err, re-read. I posted a bug, I'm hoping phillw has seen it too :)
[21:53] <ikonia> apologies, I don't understand
[21:53] <ikonia> sarnold: ahhh you're bug
[21:53] <phillw> ikonia: no, the bugzilla bug
[21:53] <ikonia> phillw: you didn't log the bugzilla bug ?
[21:53] <ikonia> sarnold: "your" bug sorry
[21:54] <phillw> ikonia: https://bugzilla.redhat.com/show_bug.cgi?id=1151205
[21:54] <phillw> which has gone fix released
[21:54] <ikonia> phillw: you logged that didn't you ?
[21:54] <sarnold> dear uvirtbot -- when an url failed once, don't try again two minutes later. sigh.
[21:55] <keithzg> Can uvirtbot not handle https?
[21:56] <keithzg> (or maybe it's the http->https redirect that's screwing it up?)
[21:56] <phillw> ikonia: try https://bugzilla.redhat.com/show_bug.cgi?id=1151205
[21:57] <ikonia> phillw: you've posted that url 3 times
[21:57] <phillw> it may be just my cache
[21:57] <ikonia> phillw: I have that url
[21:57] <ikonia> it's still a "new" bug
[21:57] <ikonia> it's not closed / marked as fixed
[21:57] <phillw> read the notes :)
[21:57] <ikonia> I do'nt undestand why you keep posting it
[21:57] <ikonia> phillw: yeah the notes say nothing
[21:57] <ikonia> apart from you saying it magically started working
[21:57] <ikonia> and the bug still being open
[21:58] <ikonia> apologies, I'm not getting the relevence
[21:58] <phillw> ikonia: https://launchpad.net/ubuntu/+source/libvirt/1.2.8-0ubuntu11
[21:58] <ikonia> we've probably monopolised this channel longer than we should have done as this channel isn't anything to do with bug reporting or 14.10
[21:58] <ikonia> so apologies for that
[21:59] <sarnold> oh, hehe, our very own debfx wrote the patch :)
[22:00] <phillw> sarnold: that is how it goes :)
[22:00] <phillw> ikonia:  do accept the invite
[22:01] <phillw> sarnold: we are linux, and patch / fix things... I just find bugs :D
[22:02] <ikonia> phillw: invite to what ?
[22:02] <phillw> ikonia: there...
[22:02] <ikonia> ?
[22:03] <phillw> ikonia: try /j #phillw
[22:03] <qhartman> I'm running bind9 for internal DNS and it's working swimmingly, but all my apple clients are causing a ridiculous amount of log spam (and needless queries to upstream servers) with all their bonjour discovery monkeybusiness. Anyone have a good pointer to a config that will handle these more gracefully?
[22:03] <ikonia> phillw: no chance
[22:07] <maxb> qhartman: Not that I know anything about bonjour, but wouldn't you just need to set up some zone definition locally that the queries will fall into?
[22:08] <genii> qhartman: This looks somewhat relevant http://support.apple.com/kb/ht3789
[22:09] <qhartman> maxb, yeah, that's probably the solution, but the queries they are making are pretty non-sensical, it would take forever to pick them all apart. I'm hoping someone might have already compiled a bind config skeleton that could be a starting point
[22:10] <maxb> Nonsensical?
[22:10] <qhartman> genii, thanks for the pointer, but that would be the client-side stuff. I don't care if clients advertise, I just want my DNS server to correctly handle the queries it gets.
[22:11]  * maxb just read http://www.dns-sd.org/serversetup.html out of curiosity - I don't see anything particularly bizarre there
[22:11] <genii> qhartman: Ah, got it.
[22:12] <qhartman> maxb, I don't want to setup the clients to actually register services with my server, I'd have to touch hundreds of clients, most of which I don't own.
[22:13] <maxb> I understood that bit, but I don't understand what queries the clients would be making that would actually pose an annoyance
[22:15] <qhartman> maxb, here's an example: http://pastebin.com/8cq2SZ28
[22:17] <qhartman> Getting hundreds of those a minute logged. I'm having a hard time figuring out exactly what it's asking for. It seems like it's asking an upstream server for something liek a reverse DNS request
[22:17] <qhartman> I have reverse DNS for that block setup correctly and working for "normal" rDNS
[22:17] <maxb> Uhm, is that a direct copy/paste? Has it really managed to swap the order of the some of the bytes in the name?
[22:17] <qhartman> that is a direct copy/paste
[22:18] <maxb> 0.8.10.10 vs. 8.10.10.0 !
[22:18] <maxb> wow
[22:18] <maxb> I cannot conceive of any sane way one octet of an IP could be moved to the other end of the IP address
[22:18] <qhartman> yeah, me either
[22:18] <qhartman> the longer you look at the logs, the less sense it all makes
[22:21] <qhartman> I'm no bind/DNS expert, but I feel like I understand it pretty well, and this is just driving me nuts.
[22:21] <maxb> 199.7.83.42 is l.root-servers.net. It doesn't even make sense that any of the _dns-sd stuff would even be being sent/received there
[22:21] <qhartman> So far the most useful advice I've found is "yeah, that's annoying" and "Adjust your syslog config to blackhole those messages".
[22:22] <qhartman> right, and it shouldn't be, my server should be handling these requests, but since the requests seem so weird I'm having trouble piecing together somethign that would grab them
[22:23] <qhartman> even just something that would grab these and then send the client an error would be enough for me
[22:23] <qhartman> The errors are annoying themselves, but I'm more concerned about sending all the BS requests upstream. That's not very polite.
[22:24] <maxb> I'm a bit surprised they're going upstream at all. I thought modern bind knew to automatically blackhole in-addr.arpa queries for RFC1918 ranges
[22:25] <maxb> But even if that isn't the case, it seems like you could easily stop it by having a local zone for 10.in-addr.arpa
[22:25] <qhartman> hm, maybe it's not because I have setup reverse zones for those ranges?
[22:27] <maxb> I'm having difficulty understanding how "question section mismatch" could ever occur. At this point, I'd probably go to tcpdump/wireshark to verify for myself that the bytes on the wire really are what that seems to imply
[22:28] <qhartman> hm, it looks like somebody removed the inclusion of the zones.rfc1918 config that blackholes those requests
[22:28] <qhartman> but they should still be getting grabbed by my real reverse zones....
[22:28] <qhartman> (Yes, I inherited this system)
[22:30] <maxb> Is it at all possible that there's some sort of insane network device rewriting your DNS queries between you and the root servers?
[22:30] <maxb> "question section mismatch" seems like it means "something insane is breaking the protocol"
[22:31] <qhartman> I suppose it's possible, but if there is, it's something outside my control
[22:32] <maxb> I suppose it won't matter once you stop sending anything ending 10.in-addr.arpa upstream anyway
[22:32] <qhartman> aha, I might have it
[22:33] <qhartman> it looks like the reverse config for the 10.10.8 part of our network is busted
[22:33] <qhartman> none of the hosts in that block are reversing correctly
[22:33] <qhartman> alright, time to stare and compare
[22:33] <qhartman> wheee
[22:37] <qhartman> wheee... somebody created a zonefile for 8.10.10.10 but never enabled it in the config
[22:37] <qhartman> well that eliminated a ton of the bad traffic
[22:37] <qhartman> whee
[22:38] <qhartman> thanks for talking it through maxb, I don't think I would have thought to check that
[22:38] <qhartman> (at least not for a long long time
[22:39] <maxb> A zonefile for a single IPv4 address? do you really mean that?
[22:39] <qhartman> oh, no, too many 10's
[22:39] <qhartman> your fingers get on a roll
[22:40] <sarnold> boy you're gonna love ipv6 :)
[22:40] <qhartman> heh
[22:40] <qhartman> I wish we had an actual reason to use it