[00:17] <Ironlenny> I am trying to setup a license server. My problem is, the server deamon is hard coded to look for mac address at eth*, but they are enumerated as em*. Thus the deamon cannot find the mac address and refuses to boot. I have tried changing udev rules, but it either doesn't take affect or does and I lose network connectivity. I have also tried setting biosdevname=0. This again works (the nics are enumarted as eth*), but I lose
[00:17] <Ironlenny> network connectivity. Does anyone have any suggestions?
[00:22] <sarnold> Ironlenny: try "sudo ip link set dev em<n> alias eth0"  ?
[00:30] <Ironlenny> sarnold: sudo ip link set dev em4 alias eth0
[00:30] <Ironlenny> ifconfig: em4
[00:30] <mapleton> so.. playing a little with permissions, it seems that I'd need to do 777s all down the line backtoward /   so, I'm assuming using ACLs is the answer (if I want to leave the directories as user root.root) but give access to a particular user
[00:30] <sarnold> Ironlenny: no luck? :(
[00:31] <Ironlenny> sarnold: nope
[00:31] <sarnold> mapleton: yeah, anytime the solution looks like 777 it's probably not a great solution :)
[00:31] <sarnold> mapleton: what's still busted? it sounded like you were close before
[00:41] <mapleton> Sorry.. wife aggro.  It was "Failed to connect to /usr/local/samba/private/dns/sam.ldb", figured it out by noticing I couldn't change directory INTO the private and DNS directories
[00:42] <mapleton> as a regular user... of course not normally a prob because bind normally runs as root, but I don't run anything as root if I can help it
[00:43] <sarnold> mapleton: was that from bind or samba? did any other log messages say why it couldn't "connect to" the file? (that is a file, right? not a socket?)
[00:43] <mapleton> I'm guessing bind since samba is still root
[00:54] <mapleton> Yeah, now adding execute to those (but not 777) the message is "samba_dlz: ldb: module partition initialization failed : insufficient access rights," so just learn how to ACL and apply those and sounds like I should have this figured out
[01:09] <rsully> Is there any difference between https://cloud-images.ubuntu.com/releases/trusty/release/ and https://cloud-images.ubuntu.com/releases/14.04.1/release/ ?
[01:12] <jrwren> rsully: nope.
[01:13] <rsully> ok just needless duplication :/
[01:22] <jrwren> pretty sure its symlinks under the hood
[01:22] <rsully> ah ok - if it did it on the frontend it would be much less confusing
[01:23] <jrwren> rsully: you can always look at the SHA256SUMS files and see if they match
[01:24] <rsully> not reasonably with my current internet speed :p
[01:24] <rsully> ah i see - the actual files
[01:27] <jrwren> right.
[03:03] <D3V> does anyone have a copy of webmin deb the sourceforge for it is down
[03:23] <LinStatSDR> Sourceforge is down D3V?!?
[03:23] <D3V> yeah LinStatSDR
[03:24] <LinStatSDR> This is not good.
[03:26] <sarnold> both apt repositories listed at http://www.webmin.com/deb.html are alive and well; please reconsider if you really want to use webmin or cpanel or other similar tools; they are often easily hacked.
[03:26] <sarnold> if you don't mind sharing your computer with the russian mafia or the chinese military or the NSA, knock yourself out :)
[03:27] <LinStatSDR> um what sarnold?
[03:28] <Patrickdk> :)
[03:28] <Patrickdk> ya, they so wanted to install new *management* software to run everything here
[03:28] <Patrickdk> user accounts, billing, ...
[03:28] <Patrickdk> I installed it
[03:28] <Patrickdk> took 4 hours
[03:28] <LinStatSDR> System Center 2012
[03:28] <LinStatSDR> Go go!
[03:29] <Patrickdk> found out the *admin* password is md5 hash, no salt
[03:29] <Patrickdk> filed a bug report, they never fixed the issue, we never used the software
[03:29] <LinStatSDR> don't tell me, the plaintext was admin1234
[03:29] <LinStatSDR> or password
[03:29] <Patrickdk> plaintext doesn't matter
[03:29] <Patrickdk> I could have been an extreemly good password
[03:29] <Patrickdk> doesn't help against rainbow tables
[03:30] <LinStatSDR> Yeah, this isn't a skiddles commercial where tasting the rainbow is a good thing.
[03:30] <LinStatSDR> skittles
[03:30] <acmehandle> Is rsync being installed a security risk?
[03:32] <Patrickdk> depends
[03:32] <Patrickdk> a computer even existing, is a security risk
[03:32] <Patrickdk> having any employees, including yourself, is a huge security risk
[03:33] <acmehandle> Right now when I run service --status-all rsync has a minus next to it.  But I want to be sure it is completely disabled.
[03:34] <acmehandle> I received a logwatch email and one of the packages recently installed is rsync.  So I'm looking over the packages and I'm trying to determine how much I need to have rsync
[03:35] <jrwren> a good password does help against rainbow tables. that is the whole point.
[03:38] <Patrickdk> jrwren, no
[03:38] <Patrickdk> a good password hopefully hasn't been rainbowed yet
[03:38] <Patrickdk> but salts are what helps, cause it makes the rainbow tables that much larger
[03:41] <jrwren> Patrickdk: yes. :)
[03:41] <jrwren> Patrickdk: rainbow tables have probably grown since I last looked.
[03:42] <jrwren> Patrickdk: do they go to 20+ character of [a-zA-Z0-9!@#$%^&*()-_=[]{}\|;;"',<.>/?] yet?
[03:42] <Patrickdk> they have for awhile
[03:42] <Patrickdk> ones you can order
[03:42] <Patrickdk> I'm sure peoples personal collections are larger
[03:42] <jrwren> Patrickdk: ouch.
[04:01] <acmehandle> On a different note, I am going to run nginx -> gunicorn -> django
[04:01] <acmehandle> According to gunicorn docs:  http://docs.gunicorn.org/en/latest/run.html#django
[04:01] <acmehandle> It suggests one way to run gunicorn and django.  But nothing that correlates with how ubuntu seems to have implemented gunicorn
[04:02] <acmehandle> I have a gunicorn-django command and I dont know that I should use it.
[04:02] <acmehandle> I have a gunicorn.d directory in etc for the config files.
[04:02] <acmehandle> But again, no reference near as I can tell in the docs.  Unless I missed something,.
[04:03] <jrwren> acmehandle: i don't know gunicorn, but if debian does things to it like they do it uwsgi, its a debian/ubuntu thing. i think that is what /etc/dunicorn.d is all about.
[04:03] <jrwren> acmehandle: did you read the README.Debian file from gunicorn pkg?
[04:04] <acmehandle> jrwren, I have not.
[04:04] <acmehandle> How do I read the README file?
[04:04] <jrwren> acmehandle: dpkg -L gunicorn
[04:05] <jrwren> acmehandle: its probably a file in /usr/share/doc/gunicorn
[04:06] <acmehandle> It appears there are examples to go by in /usr/share/docs/gunicorn/examples
[04:07] <acmehandle> But no README with any relevant info.  Just a brief list of django versions
[04:07] <acmehandle> and dpkg -L yields a longer list.
[05:53] <xibalba> any tshark ninjas in here? i need some help dumping the data going across http
[05:53] <xibalba> this is what i've got so far, tshark -i en0 -f "port 3000" -d tcp.port==3000,http -Y http -e http.response -T fields -e ip.host -e tcp.port -e http.request.full_uri -e http.request.method -e http.response.code -e http.response.phrase -e http.content_length -e data -e text  -o "ip.use_geoip:FALSE" -V
[05:53] <xibalba> though it displays the TCP data too (headerS) which i doont care for. i just want to see the post/response data o my http server
[05:54] <pmatulis> what's a tshark?
[05:54] <xibalba> wireshark cli
[05:55] <pmatulis> dunno, i use tcpdump
[05:55] <xibalba> i do too usually
[05:55] <xibalba> tshark can go a little further
[05:55] <pmatulis> how so?
[05:55] <xibalba> protocol decoding
[05:56] <pmatulis> will study thx
[05:56] <xibalba> how would you spew out the http traffic in tcpdump?
[05:56] <xibalba> w/out all the hex, i know you can use -X
[06:17] <lordievader> Good morning.
[07:19] <whatupx> load the tcpdump file in wireshark
[07:22] <whatupx> https://stackoverflow.com/questions/19597903/how-to-capture-remote-system-network-traffic
[08:13] <Kartagis> whatupx: can tcpdump listen to a wireless network? if yes, should I listen to wlan0?
[09:08] <tiny> mounting NFS share takes to long. If I mount from debian box NFS share instantly mounted. Enabling NEED_GSSD=YES didn't solve the problem. Tips welcomed.
[09:12] <tiny> this is a client issue since others can mount and mount fast
[09:12] <tiny> I've enabled debug nfs on client and I'm not seeing other issues except:
[09:12] <tiny> Dec  4 10:04:58 arhiv kernel: [   77.092159] RPC: AUTH_GSS upcall timed out.
[09:12] <tiny> Dec  4 10:04:58 arhiv kernel: [   77.092159] Please check user daemon is running.
[09:35] <tiny> Just fyi,  someone should fix captcha on "create new account" for bug reports. I tried to fill in one but failed.
[09:35] <tiny> This is clearly an issue with latest LTS server. Other reporting.
[09:39] <wildwind> Please point me to some good guides on setting up PXE environment. I want to have several Linux images on the server (different distros, releases, archs etc.) for testing purposes and clients on the network able to quickly boot any of them. For client, it should be the same experience as booting LiveCD.
[10:04] <erhuio> hello anyone there ?
[10:11] <Thumpxr> hey, i have a root with ispconfig for managing my website. this stores the website-files/folders in /var/www/xyz.   but as i have 2 partitions (/home and /) i run out of space in "/". is there a way to store the files in /home/www/xyz but make them usable as if they are in /var/www/xyz ?
[10:17] <mardraum> Thumpxr: move the files and change the relevant configuration in your web server
[10:18] <Thumpxr> mardraum: i thought about this. but will php etc still compile ?
[10:20] <Thumpxr> mardraum: or suexec ?
[10:22] <mardraum> I don't think they have any relation to where you locate files for your web server to serve
[10:24] <wildwind> Thumpxr: if you maintain access rights on those files the same, everything should work as before. Also don't forget to change paths in ALL config files involved.
[10:24] <Thumpxr> ok
[13:20] <NigeyS> morning :)
[13:54] <caribou> is there an 'easy' way to get cloud images into the local uvtools repository when they're not in cloud-images.ubuntu.com/daily
[13:55] <caribou> I mean, I want to add a vivid image to my synced repo
[13:56] <caribou> should I create my own local simplestream repo for those ?
[14:01] <caribou> nevermind; I found what I needed : --source http://cloud-images.ubuntu.com/daily
[14:01] <Kartagis> can tcpdump listen to my wireless network? if yes, should I listen to wlan0?
[14:03] <caribou> Kartagis: just try it & see if you see packets go by : tcpdump -i wlan0 (or is it -I)
[14:03] <Kartagis> -i
[14:03] <caribou> Kartagis: tcpdump -i wlan0 works for me
[14:04] <caribou> well, sudo tcpdump
[14:31]  * smb pokes hallyn again (qemu in vivid missing to create kvm-spice symlink)
[14:46] <nivv> Hey! My ubuntu 12.04 server running nginx have some problem. I asked tech support and they said there might be a botnet and or root kits on my server
[14:47] <nivv> Problem is that some process is hogging all of the network bandwidth so I can barely SSH into it
[14:47] <nivv> He gave me this log: http://paste.jesse-obrien.ca/1ber
[14:48] <miccheck> hi there. i'm trying to scp from a local mac to a remote ubuntu vps. it keeps asking for my user password for the vps account. can i include the ssh private key in the scp call so that i don't have to provide a password?
[14:52] <Pici> iirc, use the -i argument: -i /path/to/keyfile
[14:54] <miccheck> ok, so that works with any command then?
[14:54] <miccheck> another question. if i wanted to setup an autobackup cron on the vps to scp stuff back to my mac, i would have to have a static ip address, right?
[14:54] <nivv> Is PID always the same for a process?
[14:54] <miccheck> or is it doable another way?
[15:03] <nivv> No ideas?
[15:10] <Pici> nivv: PIDs are static for the entire lifetime of a process. Of course if the process is run again, it will be assigned a different PID
[15:11] <nivv> Pici, ok, thought so.
[15:12] <nivv> Pici, what am I supposed to do if a bogus process is using up bandwidth?
[15:13] <nivv> The process was run as root accroding to the tech support
[15:13] <nivv> Problem is, it is really hard for me to check during the "attacks" because the only way I can reach the server is via SSH
[15:14] <nivv> Pici, does this say anything to you? http://paste.jesse-obrien.ca/1ber
[15:16] <nivv> full message: http://paste.jesse-obrien.ca/1bfK
[16:15] <Elion> hi, i'm on ubuntu server 14.04 x86_64 on a 4GB(4*1GB) RAM server, but in linux i only see 2G with free, how can i use the all 4GB ?
[16:16] <Elion> (with dmidecode -t 17 i found 4*1GB)
[16:17] <lordievader> Elion: 32bit os?
[16:17] <Elion> lordievader: x86_64 => 64bit
[16:18] <lordievader> Ah missed that, haven't said a thing ;)
[16:20] <Elion> lordievader: no problem :)
[16:24] <LinStatSDR> Hello all.
[16:24] <lordievader> Elion: Could you pastebin your "free -m" output?
[16:25] <Elion> fail : it's actually a debian server XD
[16:25] <Elion> lordievader: https://gist.github.com/Nox-404/5e6d8d078a14e391492b
[16:31] <lordievader> Well, ain't that odd...
[17:05] <pmatulis> Elion: dunno, maybe try a debian channel
[17:05] <Elion> pmatulis: j'y suis :)
[17:06] <pmatulis> Elion: merci
[17:08] <Elion> pmatulis: XD i answered in french
[17:26] <pmatulis> Elion: moi aussi!
[17:27] <acmehandle> I'm installing postgresql on my ubuntu-server and it says processing triggers, does it normally take a long time to do that?
[17:32] <pmatulis> acmehandle: how old is your hardware? :)
[17:35] <acmehandle> 4 core xeon.  But it seems to have finished.  I was just worried it was hung.
[17:44] <acmehandle> apt-getting postgresql-contrib now and thats processing triggers.
[17:44] <acmehandle> Looks like its taking longer than just postgresql
[17:48] <JayJ> tftpd-hpa is listining only on udp6:69 not on udp IP4. Can anyone tell me why it doesn't listen on udp ipv4? This is on Ubuntu 14.04
[17:52] <patdk-wk> I don't know what a udp6 is
[17:52] <patdk-wk> what does it *actually* say?
[17:55] <JayJ> udp6       0      0 :::69                   :::*                                997/in.tftpd
[17:55] <JayJ> patdk-wk: ^^^
[17:55] <JayJ> that's the netstat -anlp output
[17:56] <JayJ> patdk-wk: That's instead of just "udp" it is listning on "udp6"
[17:56] <patdk-wk> that doesn't mean ipv6 only though
[17:57] <patdk-wk> what does, sysctl net.ipv6.bindv6only, say
[17:57] <JayJ> net.ipv6.bindv6only = 0
[17:57] <patdk-wk> so anything that binds to ipv6 ::, also binds to ipv4
[17:57] <patdk-wk> cause ipv4 is mapped inside of ipv6 space
[17:57] <JayJ> Oh I see..
[18:00] <JayJ> I did a strace on tftpd, the requests are not even reaching the service. Server seem to be sitting in select call
[18:00] <JayJ> patdk-wk: ^^^^
[18:00] <patdk-wk> heh?
[18:00] <JayJ> patdk-wk: Any idea how do I debug this?
[18:00] <patdk-wk> and tcpdump shows them?
[18:00] <JayJ> patdk-wk: Basic PXE setup with dhcp, tftp
[18:00] <patdk-wk> not sure what pxe/dhcp/tftp have to do with tcpdump
[18:02] <JayJ> patdk-wk: I mean, I ran /usr/sbin/in.tftpd with strace. Its sitting in select system call. Client request does not seem to reach it
[18:03] <patdk-wk> yes, and I said, what does it have to do with testing using tcpdump?
[18:03] <patdk-wk> I asked about tcpdump, not in.tftpd
[18:07] <JayJ> patdk-wk: Sorry maybe some confusion. I am trying to debug why tftp server is not serving the pxelinux.0 files.
[18:07] <patdk-wk> and I said
[18:07] <patdk-wk> did you test using tcpdump yet?
[18:07] <patdk-wk> you have to start at debugging step 1
[18:07] <patdk-wk> before you move to step 2
[18:08] <JayJ> patdk-wk: On it now :)
[18:11] <JayJ> patdk-wk: 13:11:11.047542 IP 172.16.2.25.34149 > puppet.tftp:  22 RRQ "pxelinux.0" netascii
[18:11] <JayJ> patdk-wk: The packets are reaching  tftp server
[18:16] <JayJ> patdk-wk: http://pastebin.com/PWt9pTg3
[18:29] <lordievader> JayJ: Lots of bad checksums...
[18:32] <acmehandle> Whats the difference between .bashrc and .bash_profile?
[18:32] <lordievader> acmehandle: When and where they are loaded.
[18:33] <lordievader> acmehandle: http://stackoverflow.com/questions/415403/whats-the-difference-between-bashrc-bash-profile-and-environment
[18:39] <acmehandle> HHhm, so I created a user where I want it to default to python3 virtual env but the log in is always over ssh
[18:39] <acmehandle> No, sorry wrong.
[18:39] <acmehandle> It could also be sudo user
[18:40] <acmehandle> I guess .bashrc
[18:44] <patdk-wk> jayj, heh? what is up with the bad checksums?
[18:45] <patdk-wk> I can understand if you did a tcpdump on the sending machine
[18:45] <patdk-wk> is this a kvm source or something?
[18:45] <patdk-wk> or xen?
[18:45] <patdk-wk> did you not disable checksum offloading on the nic?
[18:46] <acmehandle> If I install libpq-dev and python-dev how will I know they are good for python3?
[18:51] <jrwren> libpq-dev has nothing to do with python, its just C
[18:51] <jrwren> acmehandle: python3-dev is what you want for python3, IIRC
[19:00] <JayJ> patdk-wk:  host puppet (172.16.2.4) is a dhcp/pxe server which is a KVM guest. I'm teting it from 172.16.2.25 which is a baremetal. Ran the tcpdump again http://pastebin.com/cNw2yAu2
[19:02] <jazzzu> hi, im trying to set up postfix to forward email for a couple of (2 for now) websites. Am i correct in my understanding that i should first configure a 'canonical domain' for the whole machine (a vps) and then add virtual alias domains for the different websites?
[19:04] <patdk-wk> hmm
[19:05] <patdk-wk> no, the packet from 172.16.2.25 is bad, bad checksum
[19:05] <patdk-wk> that should never be the case
[19:05] <patdk-wk> I could understand if something FROM the machine running tcpdump is badchecksum if the checksum was offloaded
[19:05] <patdk-wk> but incoming packets should never have badchecksums ever
[19:05] <patdk-wk> that is why you don't see anything in tftp, cause bad checksums are dropped
[19:06] <patdk-wk> once you figure out the bad checksum problem, your probably be good
[19:06] <patdk-wk> try tcpdump on the host? instead of from within kvm?
[20:01] <keithzg_> Arghhh my day is not looking good. DNS lookup is taking an eternity on the local network, and to top it off, svn commits are telling folks that the post-commit script is failing with error 255 (no output), but the permissions look kosher and the script works fine when invoked manually . . .
[20:28] <YamakasY> do we need multiverse and restricted on servers ?
[20:30] <sarnold> YamakasY: maybe; the intel microcode update mechanism is in multiverse (now) and moving to restricted (real soon now)
[20:31] <YamakasY> sarnold: which mean, we need to pay ? :P
[20:32] <sarnold> YamakasY: no, just that the results aren't necessarily free software
[20:32] <YamakasY> ok, I'm checking my sources as my internal mirror has normal packages but fails on stuff, also on i386 which is odd
[20:39] <YamakasY> sarnold: do you have an idea on that or did we discuss that earlier ?
[20:39] <sarnold> YamakasY: once you said it, it sounded familiar, but I can't recall any details at this point
[20:40] <sarnold> YamakasY: I think I recall suggesting adding some [arch=amd64] lines to your APT sources lines or something like that, but left before I found out if that helped anything
[20:40] <YamakasY> sarnold: I think you were drunkk! :P
[20:40] <YamakasY> sarnold: you remembered well indeed
[20:43] <YamakasY> deb-src is not needed on servers which I provision is it ?
[20:44] <ej> hello
[20:45] <ej> my gateway isn't being set, I have to do route add default gw 1....
[20:45] <ej> how can I fix that?
[20:45] <sarnold> YamakasY: probably not; the deb-src lines are only needed if you want apt-get source to work
[20:46] <YamakasY> yeah don't need it
[20:46] <sarnold> ej: check /etc/network/interfaces for details
[20:46] <YamakasY> and I don't have them locally
[20:46] <ej> sarnold: I have gateway set in there
[20:47] <sarnold> ej: and is the gateway reachable with the IP / netmask selected in the same stanza?
[20:48] <ej> sarnold: yes, iface wlan0 inet static
[20:48] <ej>         address 192.168.0.2
[20:48] <ej>         netmask 255.255.255.0
[20:48] <ej>         gateway 192.168.0.1
[20:48] <YamakasY> wlan ?
[20:49] <YamakasY> oh that might be the issue
[20:49] <YamakasY> which card ?
[20:49] <ej> some usb adapter
[20:49] <ej> it works if I set route add default gw...
[20:49] <YamakasY> and if you set all to dhcp it works I guess
[20:50] <sarnold> interesting, that looks like it ought to have worked. are there any errors in the logs?
[20:50] <YamakasY> I have had that once... it sucked on a laptop
[21:10] <mapleton> I get really suspicious when I don't see an error in the syslog
[21:10] <mapleton> "its working too well"
[21:24] <sarnold> mapleton: yes :)
[23:41] <bananapie> Hi, I have my vm server ( kvm + libvirt + qemu ) which has a load of 25, but top says that the CPU is 90% idle
[23:42] <bananapie> How is the load average so high if the cpus are all sleeping ?
[23:44] <sarnold> bananapie: is the system actually unresponsive?
[23:45] <bananapie> it's randomly slugish and virsh isn't responding to anything
[23:45] <bananapie> but the vms are stable and not slugish
[23:46] <sarnold> bananapie: try running 'vmstat 1' -- look for the bi, bo, si, so columns, those show block in, block, swap in, swap out traffic; it might be slow disks or insufficient ram or both
[23:47] <bananapie> http://pastebin.com/M9LyrDBe
[23:47] <bananapie> bo is between 60 and 1500
[23:48] <sarnold> hmm, there's that theory shot :)
[23:48] <bananapie> bi is between 1 and 150, but I don't know what normal values are :|
[23:48] <sarnold> interrupts and context switches feel high, but I've not looked on a machine busy multiple busy VMs before, I'm not sure if those values are unreasonable or not
[23:49] <sarnold> bananapie: I -think- those are 1k "blocks", 152kBps is nothing to worry about :)
[23:50] <bananapie> ok I killed the only vm server that has any significant amount of network traffic, bi seems lower, bo is still high
[23:51] <bananapie> also, I just tried to kill -9 libvirtd -d, and nothing happened. It didn't exit.
[23:51] <sarnold> bananapie: if you're curious you could use the fatrace program to figure out where those writes are going to
[23:51] <sarnold> but really, those rates aren't going to be the issue...
[23:51] <sarnold> bananapie: oh, interesting..
[23:51] <bananapie> I suspect the libvirtd daemon is screwed.
[23:51] <bananapie> actually, I did kill -9 9660 where 9660 is the process id of libvirtd*
[23:52] <sarnold> bananapie: try this.. ps o pid,stat,comm,wchan -e
[23:52] <sarnold> the 'wchan' reports where the process might be asleep in the kernel..
[23:53] <bananapie> http://pastebin.com/gTZ5KfSq
[23:53] <bananapie> futex_wait_queue_me
[23:54] <sarnold> bananapie: ooh looks like a nice computer :) hehe
[23:55] <bananapie> :P
[23:55] <bananapie> is it normal to have libvirtd -d twice ?
[23:56] <sarnold> I only have one libvirtd process
[23:56] <sarnold> ... but currently no VMs running.
[23:56] <sarnold> lets start two vms and find out..
[23:57] <bananapie> ok, on my dev machine only one libvirtd
[23:57] <sarnold> yeah, only ever one libvirtd process
[23:57] <bananapie> and I have 4-5 vms.
[23:57] <bananapie> so I have one unkillable libvirtd and one that is now "defunct"
[23:58] <sarnold> can you kill its parent? that should reparent it to init, and init should clean up after it
[23:59] <bananapie> I've also about 30 defunct sshd and two defunct kvm