=== zz_DenBeiren is now known as DenBeiren
=== zz_DenBeiren is now known as DenBeiren
[03:33] <pmatulis> Vadim_: vim :)
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
=== DenBeiren is now known as zz_DenBeiren
[06:22] <makara> hi. Snappy discussion here?
=== TDJACR_ is now known as NotADJ
[06:42] <abhishek> I have nfs storage entry in fstab file. will it remount automatically if I restart the nfs service ?
[06:58] <makara> abhishek: why don't you just try it?
[06:59] <makara> "The fstab file is read by the mount command, which happens automatically at boot time to determine the overall file system structure, and thereafter when a user executes the mount command to modify that structure."
[07:02] <abhishek> I know it .. I want to know how nfs service works .. I mean is it read fstab entry during start up ??
[07:03] <abhishek> this is resolved now ..  I doesn't ... you have to remount nfs partition after nfs start up :)
=== negronjl is now known as negronjl_afk
[08:22] <makara> Snappy anyone?
=== Lcawte|Away is now known as Lcawte
[09:30] <jamespage> makara, #snappy :-)
[09:35] <makara> thanks
[09:35] <makara> i'm trying to setup a proxy server in ec2
[09:36] <makara> i see no snappy images yet so I just used the standard
[09:36] <makara> i can't connect through the elastic ip
[09:36] <makara> the security group allows all ports and protocols
[09:38] <makara> I've done this last year, but today they require creating a VPC
[09:39] <makara> how can I troubleshoot this?
=== Lcawte is now known as Lcawte|Away
=== zz_DenBeiren is now known as DenBeiren
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== martins-afk is now known as martinst
[14:44] <adsc> for some reason, i can no longer login using pubkey over ssh
[14:45] <adsc> i repeat the steps, create a new key, copy key over to authorized_keys on server, try again, no luck
[14:56] <teward> adsc: is the server configured for ssh key auth being enabled?
[14:59] <adsc> yeah, it already worked
[14:59] <adsc> until i did updates today
[15:00] <adsc> after the updates and reboot because of kernelupdate, it no longer works
[15:01] <patdk-wk> how many keys do you have configured on your machine your logging in as?
[15:02] <patdk-wk> each key counts as a login attempt
[15:02] <patdk-wk> so having too many private keys, till it locates the right one, will not allow logins
[15:02] <adsc> i can tell you how i set it up
[15:02] <patdk-wk> what does setup have to do with anything?
[15:02] <adsc> it's a bit unconventional, because it's basically a shared key
[15:03] <adsc> i have an account xadmin on the server i want to log in to
[15:03] <adsc> i run ssh-keygen on this server, not on the local computer
[15:03] <adsc> i cat the public key into authorized keys of xadmin user on the server
[15:04] <adsc> then i get the private key onto the client's computer
[15:07] <adsc> client then logs in with ssh -i keyfile xadmin@server
[15:22] <lordievader> Good afternoon.
[15:48] <adsc> this it must have to do with hostname resolution
=== bilde2910|away is now known as bilde2910
=== Lcawte|Away is now known as Lcawte
=== martinst is now known as martins-afk
[16:45] <NTQ> Hi. Is it possible to use the wheezy-backports in Ubuntu 12.04 LTS Server for upgrading dovecot from version 2.0.19 to 2.2.9?
=== markthomas|away is now known as markthomas
[16:59] <avid_fan> How many have upgraded using the "do-release-upgrade"?
[17:03] <andol> NTQ: If the dependecies line up, probably.
[17:03] <andol> avid_fan: Do you really expect to get a number? :)
[17:07] <avid_fan> andol: I see your point. :-) Let me rephrase. Has anyone tried an upgrade using the "do-release-upgrade" command and have it work properly? Does anyone here use this as their first choice when performing an upgrade?
[17:07] <kasad> aloha guys and well guys, we all know our women stay away from places like this :P
[17:08] <Pici> uhh...
[17:08] <kasad> avid_fan: that's something I've been considering for a while, but alas, I have plesk installed and I am afraid it will be very ugly scenario once I do the upgrade
[17:09] <Pici> kasad: We'd appreciate if you didn't make comments like that here.  There are plenty of men and women here that don't particularly like seeing such comments in this channel.
[17:09] <adsc> ooh boy, I just found out the cause of my ssh publickey auth problem: encrypted home dir
[17:09] <kasad> so if you are not in a rush, I will probably find a way to virtualize that server in next 24 hours and can report you results
[17:10] <adsc> it's actually the first point on the troubleshooting list here: https://help.ubuntu.com/community/SSH/OpenSSH/Keys#Troubleshooting
[17:10] <kasad> Pici: it was a joke, mostly geared towards my fiancee who is reading what I type
[17:10] <kasad> I apologize if i offended anyone
[17:10] <adsc> so if someone else has this problem in the future, just link him there
[17:11] <adsc> the reason why it worked previously on my end was probably because I had another console open where I was still logged in, and thus the home dir unencrypted
[17:11] <avid_fan> kasad: No rush. I've just never tried it. I've always started from scratch and migrated whatever I might need from the old. Just curious to know if it's something often used.
[17:12] <kasad> avid_fan if that is your usual nickname, I can pm you after I perform the upgrade. Need to finish setting up few other things (just moved to new place so everything is in chaos)
[17:12] <qman__> NTQ: possible? Maybe. Good idea? Most definitely not.
[17:13] <kasad> and a weird thing happened, since I was moving, and was without net for couple days and my WS doesn't have wifi adapter, and I needed desktop enviroment
[17:13] <qman__> avid_fan: do-release-upgrade is the supported upgrade method, and I have used it with great success many, many times over the years
[17:13] <kasad> I installed lubuntu-desktop via apt-get install lubuntu-desktop
[17:13] <kasad> and now peculiar thing happened, wlan0 became eth1
[17:14] <NTQ> qman__: The problem is that I want to use dsync to migrate my mails from an external mail server to my own. And it seems that you need 2.1.4+ for this: http://wiki2.dovecot.org/Migration/Dsync
[17:14] <kasad> and there's no option for configuring wlan (eth1) in gui
[17:14] <avid_fan> kasad: It is my usual nickname. But don't go through it just for me. I have a possible server, not running anything mission critical, I can try. From the amount of replies, it doesn't sound like an often used approach.
[17:14] <avid_fan> qman__: Thanks for the feedback.
[17:14] <kasad> avid_fan: I am doing it anyway, I am currently on 10.04.4 LTS
[17:14] <qman__> NTQ: if there is not already an ubuntu backport or ppa available, the correct way is to build an ubuntu package yourself
[17:15] <avid_fan> kasad: Best of luck. :-)
[17:15] <qman__> NTQ: mixing distro sources is never a good idea
[17:15] <NTQ> qman__: I know. That's the reason I am here.
[17:16] <kasad> avid_fan: so as soon as I virtualize this setup (because company I worked for full time, now part time, uses plesk setup, and I managed to mush plesk 9 which doesn't ask for licence and lets you host single domain (so I can host other projects/domains) as subdomains and successfully mirror their production setup
[17:17] <kasad> but considering that it's plesk  (9.54 to be precise), it will break horribly once I upgrade
[17:18] <kasad> but first I need to fix this wireless, since I need to setup one dd-wrt, and would like to have net and be able to use the router at the same time
[17:18] <kasad> anyone got idea how to setup wifi, now that wlan mysteriously turned into eth1
[17:19] <kasad> and mostly completely ignores me (no configuration options in gui, I tried this: (psl wait sec for paste link)
[17:20] <qman__> NTQ: you might use https://launchpad.net/~pdiffs/+archive/ubuntu/dovecot-backports
[17:21] <kasad> http://hastebin.com/owekotureb.hs
[17:22] <kasad> but nada (192.168.1.1 is dd-wrt), but it doesn't even try to connect
[17:23] <kasad> now in the meantime I figure that due to nature of dd-wrt I have to have 2 different subnets, but that's beside the point, wlan (eth1) was disconnected
[17:23] <kasad> anyone with suggestion?
[17:23] <kasad> any*
[17:23] <kasad> /s/suggestion/sugesstions
=== martins-afk is now known as martinst
[19:04] <thebozz> Hi guys, we're having trouble deploying Openstack over MAAS using openstack-install. We're using this tutorial: http://www.ubuntu.com/download/cloud/install-ubuntu-openstack . We're at step 4, and we're getting this output: http://pastebin.com/Byaxct7c
[19:04] <jhobbs> thebozz: whast your juju status say?
[19:22] <thebozz> jhobbs: hey, sup? Unfortunately, I can't see it now... my boss decided to reinstall MAAS to document the process up to where we're now. We'll try again later and see what we can find.
[19:23] <jhobbs> ok
=== martinst is now known as martins-afk
[19:24] <happyraver1958> Details here:  http://ubuntuforums.org/showthread.php?t=2255175&p=13187916#post13187916
[19:24] <happyraver1958> anybody here familiar with BIND9?
[19:24] <happyraver1958> I've been looking for help on this for awhile and it's weird
[19:25] <happyraver1958> I'm using Ubuntu 14.04.1, BIND9, trying to set up a server with views for both internal and external name resolution
[19:25] <happyraver1958> but when the server is configured with views and rfc1918 zone file and reverse lookup, it won't respond to DNS queries, but as soon as I remove reverse lookup and rfc1918 zone file, it works just fine
[19:25] <happyraver1958> anybody has had that problem before?
[19:26] <sarnold> happyraver1958: it's probably a bad idea to try server example.com yourself
[19:26] <happyraver1958> well, that's just for privacy, and it's a generic name
[19:26] <sarnold> ah
[19:26] <happyraver1958> but my real DNS name is being used in the configuration files
[19:37] <patdk-wk> there is no config file info
[19:37] <patdk-wk> nothing in that post
[19:37] <patdk-wk> except an error
[19:37] <happyraver1958> which post?
[19:37] <patdk-wk> Details here:
[19:37] <patdk-wk> did you post another one?
[19:37] <happyraver1958> I just clicked on my link and it takes me straight to my post on ubuntu forums
[19:37] <patdk-wk> yes
[19:38] <happyraver1958> Post ID is 13187916
[19:38] <patdk-wk> there is only a single log line there
[19:38] <happyraver1958> if that helps :)
[19:38] <patdk-wk> so what help would you like?
[19:38] <patdk-wk> we don't have access to your server
[19:38] <happyraver1958> you may have to scroll up to see the rest of the post
[19:38] <patdk-wk> we cant see the config
[19:38] <happyraver1958> http://ubuntuforums.org/showthread.php?t=2255175
[19:38] <patdk-wk> ah, infomation overload
[19:38] <happyraver1958> try this other one
[19:40] <happyraver1958> 21st century = information overload... the next step in evolutionary history
[19:41] <happyraver1958> I've removed the RFC1918 zone file altogether from the configuration to avoid that issue, I may add it later once I figure out why that config file is wrecking my server
[19:41] <patdk-wk> well, the firs tissue
[19:42] <patdk-wk> dig, cannot connect to server
[19:42] <happyraver1958> I've only added my reverse lookup config files
[19:42] <patdk-wk> that has nothing to do with the problem in bind
[19:42] <happyraver1958> I may have to re-punch a hole in my firewall for that to work
[19:42] <patdk-wk> wait, notify?
[19:42] <patdk-wk> why is it receiving a notify?
[19:42] <patdk-wk> it's not a slave server
[19:43] <happyraver1958> it is most certainly not a slave server
[19:43] <patdk-wk> ya, none of this is making sense
[19:43] <patdk-wk> so much random info posted
=== martins-afk is now known as martinst
[19:43] <patdk-wk> and it has all been muged
[19:44] <happyraver1958> the weird thing is, when I remove the reverse lookup config, it works! which means I'm screwing something up in the reverse lookup configuration to wreck the forward lookup... somehow...
[19:45] <happyraver1958> I can narrow down any part of the configuration to make things easy, but I'd need to know which parts of the configuration you need to look at
[19:49] <patdk-wk> well, what is the *current* issue?
[19:49] <happyraver1958> the same issue as before, my DNS server will not respond to queries when views are being used
[19:50] <happyraver1958> if I remove reverse lookups, it works, but I need to have reverse lookups configured for my DNS configuration to be complete
[19:50] <happyraver1958> and have an actual working DNS server, and I don't know why it won't work with the combination of forward lookups and reverse lookups
[19:50] <happyraver1958> the daemon runs, but it won't respond to queries when views and reverse lookups are active
[19:51] <happyraver1958> if I remove views, it works just fine with reverse lookups and all, but as soon as I activate views AND reverse lookups, it won't respond to queries
[19:51] <happyraver1958> I've been at it for weeks now  :(
[19:52] <zzxc> So I have a question. Where should I put the build directory for our app on a production machine?
[19:53] <patdk-wk> ideally, you don't build on a production machine, ever
[19:55] <sarnold> zzxc: if the app runs as a user, the user's homedir seems fair
[19:56] <happyraver1958> zzxc: If you absolutely have to put the build directory on your production server, you could use /usr/local/bin, it works ok for us and it doesn't interfere with our database or apps
[19:56] <patdk-wk> happyraver1958, ah, that is your isuse
[19:56] <patdk-wk> you have bad ordering
[19:56] <patdk-wk> your { any; }; MUST be last
[19:56] <happyraver1958> zzxc: and yes, the home directory of the non-root user would be ideal!
[19:56] <patdk-wk> so when you put something before it, it's screwed up :)
[19:56] <happyraver1958> my { ANY; } must be last, in which configuration file?
[19:56] <patdk-wk> like, zone.rfc1918
[19:57] <patdk-wk> the whole zone.rfc1918 file
[19:57] <zzxc> patdk-wk: True. Unfortantly we don't have a good system for building the application remotely currently, and we haven't really run into proformance issue for building the app during heavy usage.
[19:57] <patdk-wk> the reverse-loopup view
[19:57] <patdk-wk> your internal view MUST be before any less restrictive view
[19:58] <patdk-wk> zzxc, the issue is, production is assumed to be a vaunerability, risk to hacking
[19:58] <patdk-wk> so you don't want to build your stuff on it ever
[19:58] <patdk-wk> but other than that, anywhere you deem fit?
[19:58] <patdk-wk> probably a users folder, or maybe in /opt
[19:59] <happyraver1958> patdk-wk: I'm checking it out right now...
[20:01] <happyraver1958> I ran a named-checkconf and my "view "external" { match-clients { any; }; }; is the very last view in my configuration.  I have reverse lookup first, then Internal, then External, which is the one with the {  any;  }; in match-clients
[20:01] <zzxc> patdk-wk: Yeah I'm aware of that. I've been trying to get building moved over to a build server running jenkins, but progress on that has been pretty slow.
[20:02] <happyraver1958> both my reverse lookup and internal zones have match-clients [ 192.168/16; };
[20:02] <patdk-wk> they all have any except internal
[20:03] <patdk-wk> view "reverse-lookup"  {
[20:03] <patdk-wk>     match-clients  {  any;  };
[20:03] <patdk-wk> view "reverse-addresses" IN  {
[20:03] <patdk-wk>     match-clients  {  any;  };
[20:04] <happyraver1958> I've been trying to many things that I've changed that while trying these many things
[20:04] <patdk-wk> I can only comment on the *current* config I can see
[20:06] <happyraver1958> nowmy configuration looks like this:  http://pastebin.com/FGeci7Aj
[20:07] <patdk-wk> you have forward first, but no forwarders?
[20:08] <happyraver1958> I intend on adding the configuration for that once I get the server to work
[20:10] <happyraver1958> I've just removed that forward first and it's still the same :(
[20:10] <happyraver1958> I know I'm missing something somewhere, which may seem intuitive and obvious to somebody else
[20:10] <patdk-wk> what was the test?
[20:11] <happyraver1958> from the server itself, I run nslookup host.example.com 192.168.151.25
[20:11] <happyraver1958> which is the IP address of the server at the end
[20:12] <happyraver1958> and it will respond with either SERVFAIL or it will resolve the host name and give me the IP address
[20:13] <happyraver1958> I can most definitely telnet into port 53, I ran that test too to make sure the port is open
[20:13] <patdk-wk> can you test from a different computer?
[20:13] <patdk-wk> not sure if localhost is causing an issue
[20:14] <patdk-wk> or even ipv6
[20:14] <patdk-wk> with that limited scope
[20:15] <patdk-wk> and, what happens if you merge those two vies? since they are the same anyways?
[20:15] <patdk-wk> as I wonder if it sees the first one, and never the second one, cause the first one matched
[20:16] <happyraver1958> I tested localhost too, I removed it from the configuration and all it does it change the error message from SERVFAIL to no response
[20:16] <patdk-wk> yes, views are first match serviced
[20:16] <patdk-wk> and any others WILL be ignored
[20:17] <patdk-wk> so you can't have all those views
[20:17] <patdk-wk> ""view clauses are processed in the order in which they appear in the named.conf file. Thus, in the example above the 'badguys' view clause matching condition (any) also satisfies the 'trusted' view matching condition. However, since 'trusted' appears first its matching condition is the first to be satisfied and view matching stops.
[20:19] <happyraver1958> in that case, the server should respond by matching that view with its corresponding zone file and resolving the host name
[20:19] <patdk-wk> no
[20:19] <happyraver1958> because that's what I'm trying to do; yes, I admit, it was by accident that I came up with that order of views
[20:19] <patdk-wk> the view that matches ONLY has the reverse-dns entries, not the forward
[20:19] <patdk-wk> so it never sees example.com
[20:20] <patdk-wk> you need to merge those two views
[20:20] <happyraver1958> WOW!!  I never thought of that!
[20:20] <patdk-wk> you can't have overlapping view ip address ranges
[20:20] <happyraver1958> I'm trying it right now!
[20:23] <happyraver1958> now the forward lookup works, but not the reverse lookup (sigh)
[20:24] <happyraver1958> don't get me wrong, I'm very grateful for your insight patdk-wk, THANKS1
[20:24] <happyraver1958> don't get me wrong, I'm very grateful for your insight patdk-wk, THANKS!
[20:24] <happyraver1958> I just feel frustrated that it doesn't work the way it should  :(
[20:26] <patdk-wk> it's bind :)
[20:26] <patdk-wk> no one knows how it *should* work
[20:26] <happyraver1958> LOL true
[20:26] <happyraver1958> I'll be right back
[20:27] <sarnold> defined by the source :) whatever it does is The Right Way
[20:31] <happyraver1958> I'll try to exclude with ! the local LAN in all those { any: }; clauses
[20:31] <happyraver1958> maybe that will prevent the unwanted matches
[20:34] <keithzg_> Is there a decent tutorial/wiki-page for setting up Dnsmasq for providing DNS on a local network? I see https://help.ubuntu.com/community/Dnsmasq but it references /etc/dnsmasq.conf which doesn't even seem to exist by default these days.
=== keithzg_ is now known as keithzg
[20:35] <sarnold> keithzg_: why not a real dns server like pdns or unbound or knot or djbdns or bind?
[20:35] <patdk-wk> unbound is not a dns server
[20:35]  * patdk-wk is confused though
[20:36] <keithzg> sarnold: well, I suppose I could look into those, it's mostly because in my own personal life I've always just had dnsmasq running on my home routers and it's been perfectly fine. Meanwhile the crazy djbdns+bind setup at my work here is causing nothing but problems, and djbdns is . . . not user friendly
[20:36] <patdk-wk> is he talking server or recursive?
[20:36] <keithzg> patdk-wk: Just internal, for resolving local names.
[20:36] <patdk-wk> that didn't answer anything
[20:37] <patdk-wk> is it *answering* questions? or is it *looking* up answers from other locations?
[20:37] <keithzg> Well I'm not going to claim I understand 100% what I'm talking about.
[20:37] <sarnold> patdk-wk: ah, thanks
[20:38] <keithzg> patdk-wk: ah, I see what you mean (I think). Answering.
[20:38] <patdk-wk> then your looking at pdns, nsd, bind, ...
[20:39] <patdk-wk> dnsmasq can do it, but it's very limited i nthat fasion
[20:40] <keithzg> Fair enough. I've just been beating my head against the djbdns setup that's existing right now (and where reverse lookups are completely failing, causing all sorts of havoc) and I'm looking to test a replacement that's as simple as possible.
[20:44] <sarnold> keithzg: I'm just routinely impressed at how many "newly discovered" dns implementation flaws don't affect djbdns over the last decade..
[20:46] <patdk-wk> well, he was one to *overcode* things
[20:46] <patdk-wk> it has been a long time since I looked at the code
[20:46] <patdk-wk> but problem these days is, no one does input/type checking
[20:47] <sarnold> djb code isn't really meant to be -read-, I think...
[20:47] <keithzg> Oh, it does seem extremely secure. The guy was probably a genius in that respect. Unfortunately, he seriously *underdocumented* :P
[20:47] <patdk-wk> djb is known to all that use the internet :)
[20:47] <patdk-wk> you cant avoid his talks :)
[20:48]  * patdk-wk wonders off to add dnscurve support, so djb can talk to my dns servers :)
[20:50] <keithzg> At least on the server where we have djbdns installed, the tools don't even come with man pages or usage (--help does nothing; djb only helps those that help themselves, I suppose :P)
[20:50] <mgw> i'm trying to get dnsmasq+resolvconf+static ip working in a somewhat non-traditional way
[20:50] <mgw> I thought I had this working before, but it's not now
[20:51] <mgw> specifically, the resolvconf 'base' file is not getting applied to /var/run/dnsmasq/resolv.conf
[20:51] <keithzg> I've been getting SERVFAIL replies on reverse lookups, and the best documentation I've found for it is someone who read the code and figured out that many different errors are reported the same ( http://www.dqd.com/~mayoff/notes/djbdns/dnscache-log.html#servfail ) so . . . sigh.
[20:52] <mgw> i don't want to put my dns in /etc/network/interfaces, as I'd like to be able to update dns without bouncing the interface
[20:52] <patdk-wk> well, dns doesn't exactly have error messages
[20:52] <patdk-wk> mgw, don't use resolvconf?
[20:52] <mgw> patdk-wk: yeah, maybe that's the best idea
[20:52] <mgw> since it's not doing anything really anyway
[20:53] <mgw> now that I've eliminated dhcp
[20:54] <keithzg> patdk-wk: fair enough, but I would've hoped the log file for the service itself would. But it isn't any more verbose than the response messages are, just "servfail 206.186.1.10.in-addr.arpa. input/output error" and such.
[20:56]  * keithzg is a bit clueless about all this anyways; without any verbose logs to go on it's rather fruitless
[20:59] <mgw> patdk-wk: so if i'm using dnsmasq as a local caching resolver, what would be the logical place for my upstream dns resolv.conf?
[20:59] <mgw> resolvconf puts it in /var/run/dnsmasq, but that seems to be an odd place to put it manually
[21:14] <thebozz> jhobbs: after a full reinstall we got to the same step and it failed in the same way. I tried running `juju status`, and got 'environment "" not found'.
[21:16] <avid_fan> keithzg: Read your back-and-forth with patdk-wk. Are you trying to use DJB dnscache to resolve internal hosts? And those internal DNS zones, they're on a BIND server?
=== bilde2910 is now known as bilde2910|away
=== genii is now known as ChristmasPresent
=== ChristmasPresent is now known as genii
[21:45] <allen> I changed a directory to be "777" (/var/www/html/mywordpress)
[21:45] <allen> and have restarted apache, but the website says that i don't have permission to access?
[21:45] <allen> 403
[21:45] <allen> actually, not 403, but Forbidden nonetheless, sorry.
[21:51] <teward> 403 / Forbidden are identical
[21:51] <teward> but using 777 is, of course, a sign of failing, security wise
[21:52] <teward> allen: change the directory's owner and group to www-data (or root:www-data, but probably www-data:www-data) with `sudo chown1
[21:52] <teward> `sudo chown`  *
=== genii is now known as ChristmasPresent
=== ChristmasPresent is now known as genii
[21:58] <allen> teward, thank you for your help
=== genii is now known as ChristmasPresent
=== ChristmasPresent is now known as genii
=== MeltedLux is now known as MeltedDed
=== beisner- is now known as beisner
=== DenBeiren is now known as zz_DenBeiren
[23:20] <WhiteIntel_> my server stopps during boot at "stopping userspace bootsplash" (12.04) any idea?
[23:23] <patdk-wk> ya, something after that is having an issue
[23:36] <WhiteIntel_> yes but what^^
=== genii is now known as ChristmasPresent
=== ChristmasPresent is now known as genii
=== Lcawte is now known as Lcawte|Away