[05:29] <hallyn> zul: smb: would one of you mind pushing the patchset for bug 1396070?  looks straightforward enough
[06:05] <Opswatch> Got a question anyone know any instructions on how to upload a windows image into Ubuntu maas on 14.10? I cant find any
[06:09] <Opswatch> Anyone?
[07:50] <LinStatSDR> Anyone having issues with MaaS region importing from the Ubuntu main archive ?
[08:14] <smb> hallyn, can have a look. assuming vivid (not that you would be expected to be around to answer as you likely have to struggle with a huge bird)
[10:11] <eto> hello
[10:11] <eto> anybody friendly enought to explain to me question 2 or 3 about packages?
[10:13] <lordievader> eto: Fire away ;)
[10:14] <eto> lordievader: we have several machines with external admins running ubuntu
[10:14] <eto> lordievader: on my oses i am using this thing https://launchpad.net/~cpick/+archive/ubuntu/pam-ssh-agent-auth <- which is provided by my os packaging
[10:15] <eto> lordievader: but it seesms that one is not in base in ubuntu right?
[10:15] <eto> lordievader: will my external admins trust that thing?
[10:15] <lordievader> !info pam-ssh-agent-auth
[10:16] <lordievader> eto: Depends on the admin, but likely not. Random ppa's are allways a bit sketchy ;)
[10:16] <eto> lordievader: okay what i my other options?
[10:16] <lordievader> !info libpam-ssh
[10:17] <lordievader> !info ssh-agent
[10:18] <eto> lordievader: ssh-agent is part of base ssh install
[10:18] <lordievader> eto: Jup just made that conclusion ;)
[10:19] <eto> lordievader: also i am using libpam-ssh but only personal machines - it's solving completely different problem though
[10:19] <lordievader> Ain't that an option?
[10:19] <lordievader> Ah, then I misunderstand the problem I think...
[10:20] <eto> lordievader: libpam-ssh is used to login interactively into machine using you ssh key password (instead of one in password databse) - if you have correct password, it will auth you for login and it can load key into ssh agent right away
[10:21] <eto> lordievader: so as lon you are logged you already have your key in session
[10:22] <eto> lordievader: pam-ssh-agent-auth does other thing though. when you are logged remotely through ssh, and you forward your local agent, you can instruct sudo, su and other programs to auth you based on key loaded into ssh agent
[10:23] <lordievader> Ah, interesting.
[10:24] <eto> lordievader: so i guess it's not used by ubuntu admins?
[10:25] <lordievader> !info libpam-sshauth
[10:25] <lordievader> Would it be ^
[10:26] <eto> lordievader: ty gonna research that!
[10:29] <eto> lordievader: great find but this seem to be actually exact oposite - it auths your local machine against remote one
[10:29] <eto> lordievader: :) pam-ssh-agent-auth works exactly other way - remote server auths you through your local agent
[10:29] <lordievader> Hrmm, furthermore nothing shows up when I search for "pam ssh"... :(
[10:30] <eto> lordievader: may i know where are you searching besides bot?
[10:32] <lordievader> eto: apt-cache search ;)
[10:39] <eto> lordievader: ty
[11:58] <adsc> I have two webservers that need to be configured so that if the first one goes down, the second one can take over...I thought about using mysql server replication and DRBD for synchronising file uploads, any thoughts about that?
[11:58] <adsc> so basically, both servers would run the full LAMP stack and be self-contained systems
[12:00] <adsc> I know the usual approach is to seperate DB and Storage into own dedicated redundant systems, but I can only have two servers
[12:20] <zul> hallyn:  sure wil do it this morning
[13:23] <soren> I have a server behind a firewall. It can't connect to an smtp server. I think sbuild pulled in nullmailer. I've now removed nullmailer, but I keep getting THOUSANDS of log entries from it.
[13:23] <soren> ...and I can't work out where they're coming from.
[13:24] <soren> The entries all look like this:
[13:24] <soren> Nov 27 12:15:16 uc1 nullmailer[52289]: message repeated 116 times: [ smtp: Failed: Connect failed]
[13:24] <soren> (with a varying number of repeats)
[13:25] <soren> The pid grows rapidly.
[13:25] <soren> I've not been able to identify what sends these messages.
[13:26] <soren> The pids are in the range of what new processes are assigned, so these aren't lingering messages. They
[13:26] <soren> 're fresh.
[13:27] <soren> Any idea on how to find the culprit?
[13:28] <jpds> soren: ps auxf and see who the parent is?
[13:28] <jpds> adsc: Seen percona?
[13:30] <soren> jpds: There's NO TRACE of them in the process table.
[13:31] <soren> Oh.
[13:31] <soren> Now it stopped.
[13:31] <soren> All of a sudden.
[13:36] <jpds> soren: Hmm.
[14:19] <kevindf> I'm running a OpenVPN server on my Ubuntu 14.04 server and i'm able to connect to the VPN without any problem but when my ufw firewall with iptables is enabled on my server I have no internet connection, when I disable the firewall I have a internet connection without any problems. I've tried analyze the kern.log to see the UFW blocks but I noticed that it's blocking loads of attempts all on different ports. Anyone that has expe
[14:19] <kevindf> I will put the kern.log on pastebin
[14:20] <kevindf> http://pastebin.com/jCY0ruMH
[14:21] <lordievader> Your dns is likely broken when you enable your firewall.
[14:22] <lordievader> UDP port 53 ;)
[14:23] <kevindf> I have port 53 UDP allowed from anywhere in my iptables rules
[14:24] <zul> hallyn/smb: done
[14:24] <smb> zul, fuck
[14:24] <lordievader> kevindf: It is being blocked though.
[14:25] <smb> zul, Would be nice if you checked whether someone else has put himself as assign in the bug
[14:25] <kevindf> I'll do a double check for the iptables, thanks
[14:25] <zul> smb: sorry
[15:32] <bananapie> I can't seem to find the option in dnsmasq that let's me specify for which IPs DNSMASQ will do recursive queries. can someone point me in the right direction?
[15:33] <kevindf> lordievader: I've checked my Iptables rules and i've got these configured: " -A INPUT -p udp -m udp --dport 53 -j ACCEPT"     "-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT"             "-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT"   yet it's still blocking port 53
[15:37] <lordievader> kevindf: "iptables -I FORWARD 1 -i tun+ -o eth0  -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT" Assuming here you have a rule allowing RELATED & ESTABLISHED.
[15:38] <kevindf> I got "iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" will try out the rule
[15:38] <kevindf> thanks
[15:39] <lordievader> kevindf: Could you pastebin the output of "iptables -vnL --line-numbers"?
[15:40] <lordievader> Also, conntrack != state: http://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
[15:40] <kevindf> lordievader: http://pastebin.com/kxR0ncb3
[15:43]  * lordievader stupid ufw...
[15:43] <kevindf> :)
[15:43] <lordievader> kevindf: iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISED,RELATED -j ACCEPT
[15:44] <kevindf> iptables v1.4.21: Bad ctstate "ESTABLISED,RELATED" is the output i get
[15:45] <lordievader> kevindf: iptables -I FORWARD 1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
[15:45] <kevindf> that worked
[15:46] <lordievader> kevindf: Does nslookup still timeout?
[15:46] <kevindf> Will try it out now
[15:47] <kevindf> Still doesn't work unfortantly
[15:48] <lordievader> kevindf: "tail /var/log/syslog|grep 53" does that give output?
[15:48] <kevindf> Yes
[15:49] <lordievader> kevindf: Please pastebin it.
[15:49] <kevindf> http://pastebin.com/bSdA0fXt
[15:50] <lordievader> DNS should be fine...
[15:52] <kevindf> I will try to connect again when i'm at home, as i'm on a private network here that might be blocking something too
[15:52] <kevindf> Thanks for the help again
[15:52] <lordievader> kevindf: No problem ;)
[15:52] <kevindf> Have a nice day futher, bye :)
[18:12] <j-horowitz> hey all, if Im trying to install ubuntu server using RAID 1, Im having some difficulty getting to boot
[18:12] <j-horowitz> Im currently using the onboard RAID that came with my motherboard
[18:12] <j-horowitz> should I scrap that and use the RAID setup that comes with Ubuntu?
[18:13] <j-horowitz> f
[18:14] <j-horowitz> i.e. is it better to have the RAID setup through my motherboard or through the software that comes with Ubuntu?
[18:15] <pmatulis> j-horowitz: yes, scrap the m/b (fakeraid) stuff
[18:16] <j-horowitz> pmatulis: ok why is that the better option? and also isn't using the ubuntu raid software also considered a "fakeraid"?
[18:16] <pmatulis> j-horowitz: fakeraid is stupid
[18:16] <j-horowitz> hah
[18:17] <j-horowitz> well I just want it to serve the purpose.. have 2 disks in raid 1
[18:17] <j-horowitz> will the ubuntu raid software accomplish that all the same?
[18:17] <pmatulis> j-horowitz: enter the bios, remove the raid array, and the disable the raid feature
[18:18] <pmatulis> j-horowitz: when you install the server you can configure raid
[20:28] <Noskcaj> zul, Could you please bump the epoch of python-novaclient to be equal with debian (2)?
[20:29] <zul> Noskcaj:  why?
[20:29] <Noskcaj> tuskar-ui (and probably other packages) have versioned deps on novaclient
[20:29] <Noskcaj> Or would it be better to patch the deps
[20:31] <zul> Noskcaj: patch the deps
[20:31] <Noskcaj> ok
[20:37] <Vladimirski> How do I open a new screen tab ?
[20:37] <Vladimirski> not a whole new session of screen, but just another tab
[20:38] <sheptard> ^A-c
[20:38] <sheptard> er
[20:38] <sheptard> ^a-c
[20:39] <Vladimirski> thanks guys
[20:39] <Vladimirski> thanks sheptard
[20:39] <Vladimirski> :D
[20:39] <Vladimirski> alot