[00:21] cryptodan, figure this one out: grub installs fine to the raid array drives as long as they're not sda and sdb during installation -- the first has to be sdb or higher -- bizarro errors [01:03] weird === Lcawte is now known as Lcawte|Away [01:32] Yeah. I didn't bother with LVM on this box, so I won't be able to resize root beyond 100G but I have a /home that's almost 1TB, plus another 8TB of space to work with, plus a NAS drive lol === negronjl_afk is now known as negronjl === Guest48642 is now known as rcj === rcj is now known as Guest3092 === zz_DenBeiren is now known as DenBeiren === Guest98005 is now known as IdleOne === zz_DenBeiren is now known as DenBeiren [07:11] ugh, zabbix with pgsql [07:16] hi guys any issue on my command to mount a share somehow..?? ---> http://pastebin.com/xpXYQ77d [07:16] mount -t cifs -o username=pabxuser //192.168.7.8/calls /mnt/nas/rec username=pabxuser,password=11cvk@5fgszxja,sec=ntlm === zz_DenBeiren is now known as DenBeiren [07:42] Good morning. === Guest87023 is now known as hxm === Lcawte|Away is now known as Lcawte === gema_ is now known as gema === Lcawte is now known as Lcawte|Away === Odd_Blok1 is now known as Odd_Bloke [09:37] How come the bootloader dosnt count down.. so it never boots? in ubuntu 14.01? === Lcawte|Away is now known as Lcawte === liam_ is now known as Guest28200 [09:54] Tribaal, gnuoy: would either of you have time to verify the fix for https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1081022 [09:54] Launchpad bug 1081022 in python2.7 "logging.SysLogHandler doesn't close UNIX socket when connection failed" [High,Fix committed] [09:54] as I did the change, I'd prefer not to check my own work! [09:55] jamespage, sure, I can take a look [09:59] hi - can anyone try and help explain what is occurring?? I have made a .deb package - it contains binary files that appear to exist i.e I can see with ls) however when you try to execute them you get 'No such file or directory' [09:59] i.e - ls -la /opt/monitiq-agent/jre/bin/java - can see '-rwxrwxrwx 1 root root 55903 Sep 8 16:33 /opt/monitiq-agent/jre/bin/java' [09:59] but when I run it [09:59] -bash: /opt/monitiq-agent/jre/bin/java: No such file or directory [10:00] how can this be happening ? [10:06] jamespage, tested fine, bug updated [10:11] gnuoy, ta [10:28] gnuoy, can you retag verification-done as well please [10:28] that lets the SRU team know its been tested OK === Lcawte is now known as Lcawte|Away [10:30] jamespage, I've s/needed/done/ but left mos alone ? what is mos? [10:30] gnuoy, mirantis openstack [10:30] ta [10:52] coreycb`, ceilometer uploaded [10:52] was ok with new pecan version === shredding_ is now known as shredding === suigeneris is now known as Kartagis [12:26] zul, rename oslo.concurrency to oslo_concurrency [12:26] joy! [12:27] fun fun [12:27] jamespage: happy new year! [12:27] roaksoax, happy new year to you as well! [12:27] roaksoax, did you have a nice christmas? [12:27] jamespage: i did indeed, how about yourself? [12:28] yup nice [12:28] * roaksoax still enjoying the beach :D [12:29] roaksoax: All my jealousy. :P [12:29] lol === coreycb` is now known as coreycb [12:52] tinoco, hey - would you be able to verify the pacemaker update that in proposed for utopic and trusty? === zz_DenBeiren is now known as DenBeiren === rbasak_ is now known as rbasak [13:41] jamespage: yeah tell me about it === Lcawte|Away is now known as Lcawte === Pici is now known as Guest50504 === Pici` is now known as Pici === Pici is now known as Guest63806 === Guest3092 is now known as rcj === Pici` is now known as Pici === Lcawte is now known as Lcawte|Away [14:28] coreycb, keystone uploaded and fix for SSL issues proposed upstream [14:28] jamespage, k [14:30] coreycb, +1 thats fine for us as zul reverted the offending piece of code in our version [14:37] gnuoy, fancy doing the first part of an MIR for a new openstack dependency? [14:39] jamespage, I'd very much like to make a start but fwiw I have a few bits and bobs going on [14:47] gnuoy, ack ok === martins-afk is now known as martinst === Guest93916 is now known as balloons [14:59] kirkland: would you happen to be around? === LarsN_ is now known as LarsN [15:05] LarsN: I am; in a meeting at the moment, but I'm here(ish) [15:07] kirkland: would you be a good source to talk to regarding an orange box? I have one and would love to know what additional documentation there is for them. === Lcawte|Away is now known as Lcawte === Stuxnet is now known as Stuxnet[A] [16:30] * Stuxnet[A] is now away - Reason : Away [16:54] Hi, could someone tell me whether there is any mechanism which might be blocking outgoing connections on one port other than iptables? Can't get anything out on 25 (email) but the guys where I rent the server from have assured me (twice) that they're not blocking anything. [16:55] gnite: I'm assuming you've tried multiple remote servers that you can connect to on port 25 on other systems [16:55] collizion: Correct. [16:55] No response, all connections time out. [16:57] IPTables has everything on allowed and is disabled anyway. [16:57] gnite: Then something's got to be blocking it. [16:57] gnite: Which isn't a helpful observation, I know. :/ [16:58] Yup, it's slowly driving me insane. === markthomas|away is now known as markthomas [17:09] gnite: try tcptraceroute maybe? === keithzg_ is now known as keithzg [17:18] gnite: a lot of ISPs block outgoing SMTP [17:18] gnite: ask them if they have a smart relay host [17:19] rbasak: I've always done that manually with nping. There's a tool for it. GDI. [17:20] Yeah, thing is, it's not exactly a regular home ISP but a hosting provider with virtual and dedicated servers. [17:21] And they told me twice that they're not blocking 25 and everything should work fine if configured properly. [17:22] But as we found out, it's getting dropped at your second hop router. [17:22] Right, which makes it even more weird. [17:24] But hey, at least you have something to move forward with. [17:27] gnite: well, ask them if they've got a relay host [17:28] RoyK: I'll do that [18:01] zul, jamespage: glance is ready for review - https://code.launchpad.net/~corey.bryant/glance/2015.1-b1/+merge/245249 [18:02] coreycb: ok gimme a sec [18:07] coreycb: done [18:07] zul, thanks === kickinz1 is now known as kickinz1_afk [18:33] HI I am using ubuntu 14.0 server release. IWhat this indicates: " 2.19-0ubuntu6.3" ? thanks [18:33] rostam: It's a version of something, where do you see that? [18:34] rostam: 14.04? [18:35] lordievader, I get some package conflict during installation of apt-get It complains about libc6-i386 dependencis. I think something is broken in my private repo. [18:36] rostam: What package specifically? [18:36] lordievader, libc6 [18:37] !info libc6 trusty [18:37] lordievader, Thank you. [18:37] libc6 (source: eglibc): Embedded GNU C Library: Shared libraries. In component main, is required. Version 2.19-0ubuntu6.4 (trusty), package size 3908 kB, installed size 9250 kB [18:37] rostam: In the official repo there is a slightly newer version. [18:39] lordievader, is there a way I can force the 2.19-0ubuntu6.3 not to be updated with its newer version 2.19-0ubuntu6.4 ? [18:39] Pinning libc6 doesn't sound like a good idea to me... [18:40] lordievader, I have done something stupid not sure what, I use private repo for our embedded system and I upgrade that repo rarely. Somehow the repo is broken since I get this conflict. [18:42] Update the repo? [18:43] lordievader, yes, I am working toward that goal, thank you... [18:44] rostam: Could you pastebin the exact error you are seeing? [18:45] lordievader, thank you sure will take one min. [18:48] lordievader, http://paste.ubuntu.com/9678117/ [18:49] rostam: I suppose libc6-i386 comes from your repo and libc6 from the Ubuntu one? [18:50] lordievader, yes, that is correct. [18:51] Hmm, well you see the problem the one is updated and the other isn't. And libc6-i386 uses a fixed/precise dependecy (instead of >=). [18:52] lordievader, unfortunately I do not have enough knowledge why that has happened. [18:53] lordievader, is there a way to force libc6-i386 to be updated to the latest? [18:53] rostam: Update your libc6-i386 and you should be fine, or include an older libc6 in your private repo. [18:54] lordievader, apt-get upgrade libc6-i386 gives me the same error... [18:54] rostam: What is the output of 'apt-cache policy libc6-i386'? [18:54] !info libc6-i386 [18:54] !info libc6-i386 trusty [18:54] Package libc6-i386 does not exist in utopic [18:54] Package libc6-i386 does not exist in trusty [18:55] lordievader, http://paste.ubuntu.com/9678145 [18:57] Hmm, which package depends on libc-i386? [18:57] Seeing as it doesn't exist in trusty leads me to think that that package is not compatible/made-for trusty. [18:58] lordievader, we have a amd driver which requires 32 bit and 64 bit verson of libc6. [18:59] lordievader, could I remove it and reinstall it? [19:00] The bot seems to be lying, I can find a libc6-i386... [19:00] Stupid bot. [19:01] Is the trusty-updates repo enabled? [19:01] !info libc6-i386 trusty-updates [19:01] 'trusty-updates' is not a valid distribution: extras, kubuntu-backports, kubuntu-experimental, kubuntu-updates, lucid, lucid-backports, lucid-proposed, partner, precise, precise-backports, precise-proposed, stable, testing, trusty, trusty-backports, trusty-proposed, unstable, utopic, utopic-backports, utopic-proposed, vivid, vivid-backports, vivid-proposed [19:01] !info libc6-i386 trusty-backports [19:01] Package libc6-i386 does not exist in trusty-backports [19:02] Pff [19:02] rostam: This is what I get: http://paste.ubuntu.com/9678178/ [19:05] lordievader, okay I see that ... [19:07] lordievader, do you know the apt-cache policy reads which files ? thanks [19:07] rostam: It checks the dpkg database. Could you answer my question about the trusty-updates repo? === Lcawte is now known as Lcawte|Away [19:10] lordievader, some of the packages of trusty-updates is maintained in my new repo. When I do apt-get upgrade pointing to new repo, it does not upgrade libc6-i386. .. [19:12] rostam: Enable the trusty-update repo, update your sources and try to update again. [19:13] lordievader, ok will do that thanks so much for your help. [19:23] Hi Guys, so good news, I finally managed to get Ispconfig 3 up and running so now my problem is that I am not seeing my website via my domain so I need some help troubleshooting the DNS setup / nameservers etc. [19:25] So my domain registrar allows for running my own nameservers. I set that up pointing it to my public LAN IP number that is exposed to the web. Is that correct? [19:38] no [19:39] Tobbe-82|Server: running your own nameservers isn't something you should do on a whim :) it'd be worth reading about it for a while first [19:39] technically it's the domain registrar that runs the nameserver [19:40] your registrar does not allow you to run your own nameserver. it allows you to point to an official, 3rd party nameserver [19:40] ok, I can set an IP for the nameservers [19:40] yes [19:41] so how do I start pointing my domain name towards my network and webserver? [19:41] find a nameserver (dns service provider) [19:42] which you will need to pay for of course [19:42] but who knows, there may be free stuff [19:42] i use dyndns [19:43] http://dyn.com/ [19:44] ok, how would I use dyn to point my domain name to webserver? [19:45] (Still wrapping my hand around the schematics or the flow of it all) [19:45] tell it about your domain. fill in the fields. pay $35 per year. done [19:45] http://dyn.com/standard-dns/ [19:48] Thanks pmatulis, I'll check that out [19:50] i can vouch for these guys Tobbe-82|Server . it used to be you needed to wait 30 minutes to be reflected on the internet. all the changes i make at dyn are instantaneous. don't know if that's normal but i am always impressed [19:50] shit, you mean its instant propagating of nameserver changes? [19:50] dunno how, but yeah [19:51] TTL of 5 minutes [19:51] thats like unheard of! [19:51] Sweet [19:51] very impressive. I mean that right there alone is worth the yearly [19:51] I use afraid.org, works really fast too [19:52] Well, relatively [19:53] Low TTL is expensive in terms of bandwidth [19:53] The lower the TTL, the more requests the server will get [19:54] Mine is 1 hou [19:54] R [19:55] where 'expensive' also depends upon how many hosts requests dns information on your hosts :) [19:55] if it's just you and some pals, five seconds might not even be noticable.. [19:55] well in this case I'm just going to host a few personal sites in a local web server (in my lan) [19:57] what is a sensible TTL setting to start with and after everything "pans out and works" can I tweak its value? [19:58] I would say as low as they allow, most providers will not let you set it lower than 5 minutes or so [19:59] dyndns seems to put 60seconds as standards dynamic dns value [19:59] Once things work, set it to something more sensible like 15, 30, or 60 [19:59] Or whatever you decide is the max time you want your site to be potentially inaccessible [20:00] yea [20:00] how often do you expect your IP address to change? [20:00] well not often, maybe in the beginning I have fibre 100/100 connection and have asked my ISP to give me static IP so === bilde2910|away is now known as bilde2910 [20:01] ok so I am adding a new hostname in Dyn. so I should point my domainname to this ? [20:03] Tobbe-82|Server: then I'd aim for something higher, like 300 seconds, but don't forget to lower the value -before- your IP changes, if you're deciding when IPs change :) [20:04] yea ;) [20:04] .. one nice aspect of higher ttls is that they can help keep your site accessible if the DNS servers go down.. [20:05] ok well this is pretty cool. I am now getting access to the standard apache webserver index but not the actual site itself lol [20:05] does the domain reflect the /structure as well? [20:05] (in var land) [20:07] if you're using name based virtualhosts, the servername aliases in your config must include the one you're using [20:07] The default site is a catch-all [20:08] And should probably be disabled unless that's exactly what you want [20:08] I'm running Ubuntu server 14.10 [20:08] it's in /etc/apache2 somewhere? Cant quite remember where exactly [20:08] ? [20:09] Site configs are in /etc/apache2/sites-available, default site's webroot is /var/www/html [20:10] ahh and I should change this to reflect the site I want? [20:10] Yes, either change site config or put your site files there [20:15] Awesome thanks :) [20:54] smoser: hello, I have been told that I could talk to you regarding cloudinit (if not, could you point me in the right direction?) [21:07] zul, heat's ready for review https://code.launchpad.net/~corey.bryant/heat/2015.1-b1/+merge/245251 [21:07] sure gimme a sec [21:14] hello [21:15] I have a group dev-site. [21:15] hi, I need help to build a mail server. Just got some questions right now. Can anyone help? [21:15] I executed chgrp -R dev-site httpdocs/ [21:16] and next: chmod -R g+w httpdocs/ [21:16] Is it enough to give write permissions to dev-site? [21:20] lnxmen: you might also wish to turn on the setgid bit on the directories so new files will inherit the dev-site group owner [21:21] sarnold: Actually I can't write file. [21:21] save * [21:21] lnxmen: yes, but it won't do them any good unless they also have read and list permisson [21:21] !ask | dust_y [21:21] dust_y: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience [21:22] To do that easily, chmod -R g+rwX httpdocs [21:22] Note capital X [21:31] Okay, thank you. [21:31] I will try it in a minute. [21:31] But hmm, is it safe to give write access to all files? [21:33] lnxmen: if you trust all members of the group to exercise discipline when modifying files, it's fine [21:33] Okay, really appreciate your help sarnold, qman__. [21:33] lnxmen: some advice common in the debian and ubuntu communities is to give ownership of the files to the web server, which seems like utter lunacy to me -- I don't want the -server- to be modifying the files, I want -humans- to be modifying the files. [21:33] Thank you. === bilde2910 is now known as bilde2910|away [21:34] lnxmen: so I'm happy to see your suggestion to allow people in a group to edit the files; that seems like a far better approach to me. [21:35] sarnold: I also did not give ownership to the web server. Despite the fact that I need to learn about permisson yet, I think server is well configured. I hope so. [21:35] permissions * [21:36] lnxmen: unix permissions are suprising; at first they are confusing as sin, then eventually their simplicity and flexibility is amazing, and then they get frustrating again. :) [21:39] We will see, I am learning about web developement, server administration etc. [21:39] I think it's a good direction. [21:41] welcome aboard :) and have fun [21:41] What's most bad, although I am Gentoo Linux user from about 4-5 years (no, I do not want to boast or something), I do not know linux permissions well... [21:41] well, until you need them, it's easy to ignore them [21:41] Yes, exactly. [21:42] It wasn't important until now. [21:42] And besides, there are so many tutorials in the Internet that I am confused. [21:44] feel free to ignore just about every guide that includes "chmod 777" somewhere :) that'll knock out 70 to 80% of all the bad advice :) [21:45] Yes, you are right. [21:45] I did not executed this command, despite it's everywhere. [21:45] Okay, localhost would be fine with this. [21:45] But not public server. [21:46] .. and there'd be no need for it for small-use machines either :) hehe [21:50] sarnold: when are refreshed user's groups? [21:50] Every login? [21:50] lnxmen: yes [21:51] lnxmen: you can also use newgrp or sg to change to a group in a shell without logging in again, but it's less convenient than it sounds. === collizion is now known as Guest22452 === collizio1 is now known as collizion [21:58] I would rather login and logout. [21:58] It's simple. [21:58] But thank you for advice. [22:00] lnxmen: yeah, especially if it's just an ssh away :) === martinst is now known as martins-afk [22:10] Yup, but I wonder if I should use ssh keys instead of passwords in developement stage. [22:11] Changing default ssh port, also would be a good thing to do. [22:11] Just not sure if others would come up with this idea. [22:13] ssh keys are wonderful things [22:14] ssh brute-force worms are one of the largest threats; disabling password authentication entirely is a good way to drastically cut back ssh abuse [22:16] I must convince them to do it. === markthomas is now known as markthomas|away === Lcawte|Away is now known as Lcawte [22:30] lnxmen: all our production systems are ssh keys only. users and keys are managed by puppet. [22:31] duxklr: Puppet? What is it? [22:31] automated configuration management for servers. [22:32] Is it worth using for someone who is learning? [22:33] You know, „automated” sounds good, but I would rather do most things myself. [22:36] Guess it depends on what you want to learn. If I was going to start over managing a group of servers I would learn some type of automation tools from the beginning it will make your life easier in the long run. For example, all the new servers I built for my personal lab are 99% built by puppet. I create the configs once, and I can build as many systems on this template as needs without any user interaction (after [22:37] the intial template is built). [22:37] If you are new to Linux in general. Getting the systems basics down is key, but keep automation in the back of your mind at least. [22:38] Nope, I am not new. [22:38] I just appreciate doing things myself. [22:38] But I will keep in mind you advice. [22:38] There is some wisdom in your line of thinking. [22:39] Now, server configuration is time consuming. [22:41] lnxmen: You are still doing it yourself, you have to build the puppet templates. But after that you can resuse your templates. Use it to install your baseline server config such as stock software, user accounts, firewall rules, sudoers, etc… [22:42] when you manage 100+ machines you will wonder how you ever lived without it. [22:42] Automation is always vital to managing linux systems in a clean and sane manner. [22:42] However -- automation is NOT an excuse for failing to master your environmental infrastructure's nuances. [22:42] IF your webservers crash every day at noon, the answer is NOT to write a puppet manifest to force daily reboots of the webapp at 12:01 [22:43] * Logos01 wishes he hadn't seen basically exactly that approach in a company you've heard of. [22:43] Logos01 has a good point, it can undo something you may have accidentally change in a production environment. Keeping that baseline clean. [22:43] Logos01: lol [22:43] sarnold: I was only at that company for about two months. [22:43] Logos01: good choice. [22:43] It ... was mutual. [22:44] By which I mean I was not informed when I was brought on that my official position was "company scapegoat" [22:44] Yea, that would be better done with a cron reboot, puppet is over kill [22:44] Logos01: ugh, that -really- sucks... [22:44] But once I realized it I kept my nose down and waited for the inevitable with as much dignity as I could muster. [22:45] It became clear quite quickly thankfully. [22:46] But yeah. That place was a poignant lesson in what is wrong with almost every Enterprise "DevOps" implementation. [22:46] Yes, that's unimaginable to configure 100+ servers manually. [22:46] I will try it in the future. === markthomas|away is now known as markthomas === Lcawte is now known as Lcawte|Away [23:10] Is there anything more sophisticated that I should know about server maintenance? [23:11] For instance, I do not know how to test if my configuration is good. [23:12] I heard that there are some features which allows to measure server workload with generated requests. [23:14] ubuntu server doesn't come with apt-add-repository, so... after adding a ppa to sources.list, could i have a reminder on how to fetch the signing key? [23:15] (also: hi everybody, long time no see) [23:15] maco: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys [23:16] (the one it complains about in apt-get update) [23:16] lutostag: thanks! [23:27] how can I check what took all of the space on my ubuntu-server? [23:28] there is 60gb drive - and it's only used for os. YEat I cannot install updates because "gzip: stdout: No space left on device" [23:33] danrik: I am not sure if it's a good way to do it, but check "du" command. [23:35] lnxmen, I think I figured it out. it was a /boot volume at 100% capacity. And turns out there were a lot of kernels. So I just had to apt-get autoremove [23:36] lnxmen, and now it works. thanks for the efforts though. [23:36] My pleasure.