[00:14] <heydrick> are the S3 regional mirrors recommended for general use?
[00:14] <heydrick> it's unclear if the mirrors mentioned at http://cloud.ubuntu.com/2012/01/regional-s3-backed-ec2-mirrors-available-for-testing/ are still considered "testing"
[00:15] <sarnold> heydrick: they probably make more sense for people who are using AWS services than general users
[00:16] <sarnold> heydrick: .. and once in a while, those s3 mirrors go out of sync, and even though they're often spotted quickly, it seems to take a few hours to fix
[00:17] <sarnold> heydrick: .. in those few hours, they might be taken out of the more general archive DNS rotation, but if you're using them specifically, every once in a while you'll need to change from east to west, or vice-versa, at least for a few hours.
[00:19] <justizin> guys i'm trying to deal with a script that fails when run as part of automation because apt wants to ask some questions, what's the easiest way to prefill those? i know about using debconf, e.g. the way the oracle jvm license is accepted and whatnot, just not sure the easiest way to figure out what the settings are called for the questions i'm asked
[00:19] <justizin> can i record the output of an interactive session where i answer the q's ?
[00:21] <sarnold> justizin: if it is apt asking the questions, apt-get -y ... ought to do it
[00:21] <sarnold> justizin: apt-get -y --force-yes if you've read the warning in the manpage :)
[00:21] <justizin> some questions don't have a 'yes' answer ;)
[00:21] <justizin> i'm doing -y --force-yes
[00:21] <sarnold> justizin: if it is debconf then you'll have to look at dpkg-preconfigure, I think
[00:22] <justizin> gotcha
[00:22] <justizin> that does sound like what i'm looking for, thanks sarnold !
[00:22] <heydrick> sarnold: thanks. this is for EC2 clients. i'll give it a spin
[00:24] <sarnold> heydrick: I'm curious how much that'll save on transit costs.. it feels like it'll add up, over time, to enough to make it worth doing :)
[00:38] <heydrick> sarnold: EC2 inbound transfer is free so there's no real cost benefit but it should speed up package updates
[00:39] <sarnold> heydrick: ahh, I hadn't realized inbound was -free-
[00:40] <heydrick> sarnold: yeah, it's nice. if the s3 mirror is still slow I can always put a cache in front of it
[00:41] <sarnold> heydrick: good idea, squid-deb-proxy seemed to speed things up for me quite a bit, even when it doesn't actually provide any cache hits :)
[00:42] <heydrick> sarnold: i've had good luck with both squid-deb-proxy and apt-cacher-ng before. helps to crank up the cache size limits
[00:48] <sarnold> heydrick: I really liked apt-cacher-ng until I lost half a day debugging why no packages would install correctly.. hash sum mismatches all over the place :(
[01:00]  * maxb seconds that about apt-cacher-ng
[01:00] <maxb> Though to be fair, it seems to screw up less than approx
[01:07] <hallyn> definately still pays off fo rme here
[02:55] <justizin> hm, you guys, so -y --force-yes somehow seemed to work earlier, but i must have done something manually.  the question it's refusing to silence is about automatically restarting services for libc upgrade
[02:56] <sarnold> justizin: I wonder if the unattended upgrades contraption handles that better / differently -- and if you can use it to do what you're trying to do
[02:58] <justizin> well, it seems to pull a newer libc when i ask it to install libvirt-bin
[02:58] <justizin> i'm not actually trying to automate updates
[02:59] <justizin> ah.. ahhh.. (facepalm)
[02:59] <justizin> i mean it's basically the same, but i didn't notice this is a debian box lol
[02:59] <justizin> i was like wtf is jessie.box or whatevs
[02:59] <sarnold> heh :)
[02:59] <justizin> yeah this explains a lot..
[02:59] <justizin> i'm going to try this against trusty ;)
[03:07] <justizin> boosh! and on ubuntu, it works fine :-P
[03:08] <justizin> no idea why these guys ditched ubuntu, whatever
[03:10] <justizin> boy it really builds faster, i'm sure debian "trims" a bunch of shit you need when you want lxc and libvirt and all that
[03:34] <hallyn> jdstrand: good evening -y ou were just paged in bug 1004606 :)  though the commit seems questinable since i assume 'deny' just means "be quiet about the fact that you were denying"
[04:04] <radius> hello
[04:04] <radius> I have an lxc on 14.04 question
[04:04] <radius> when I create an LVM backed container say with 10gb size
[04:05] <radius> those 10GB are mounted as /run/shm
[04:05] <radius> why is that?
[04:26] <jetsaredim> is there an easy way to setup something like a proxy server that would just log all requests?
[05:19] <radius> all web requests?
[05:19] <radius> easy it depends on your knowledge level
[05:20] <radius> but I guess squid + lightsquid would do nicely
[05:50] <ryanplyler> ryan-c:
[05:50] <ryanplyler> ryan-c: hey
[08:14] <jdzielny> Hi everyone.  I'm trying to set up a bunch of ubuntu-based virtual machines which are encrypted with LUKS, but I want them to be able to be autobooted from a command line.  I don't want to store the key on the unencrypted boot partition.  I'm thinking in order to do this I'll configure the initiramfs to ssh into a remote server download a keyfile into a temporary ramdisk which is wiped as soon as the main drive is decrypted,
[08:14] <jdzielny> and I'm hoping to bounce this idea off some knowledgeable people to see what flaws or issues might come up
[08:15] <jdzielny> the remote server doesn't necessarily haveto be far away, it could be a machine on the local network
[08:15] <fiodor> hola
[08:15] <jdzielny> hola fiodor
[08:16] <fiodor> alguien habla español por aca?
[08:16] <fiodor> hola jd
[08:16] <fiodor> una consulta
[08:17] <fiodor> como cambio de idioma mi server instalado?
[08:17] <fiodor> gracias
[08:18] <jdzielny> sorry fiodor olvide me espanol
[08:18] <jdzielny> english
[08:20] <jdzielny> brb
[08:20] <fiodor> ok
[08:21] <fiodor> as language change my server
[08:22] <fiodor> how to change language my server?
[08:23] <jdzielny> which version?
[08:26] <jdzielny> fiodor, ubuntu server 14.04?
[08:28] <fiodor> Trusty Tahr
[08:28] <fiodor> yes
[08:28] <fiodor> trusty tahr
[08:31] <jdzielny> http://www.thomas-krenn.com/en/wiki/Configure_Locales_in_Ubuntu  <-- for 11.10, probably similar on 14.04
[08:33] <fiodor> ok thank you
[08:48] <lordievader> Good morning.
[10:33] <Quoexl> anyone alive in here cause I got questions
[10:35] <rbasak> !ask | Quoexl
[10:36] <Quoexl> I was checking to see if the person with the question was still here to receive the answer, thank you very much
[11:08] <pmatulis> Quoexl: yes, you appear to still be here
[11:10] <Quoexl> yup, I are, still muddling with apache openmeeting
[11:11] <Quoexl> waiting of ffmpeg to compile once again, sippin whiskey and reading about litecoins
[11:12] <Quoexl> what are you doing up at this nasty time of day?
[11:20] <pmatulis> just woke up to be honest (to a blanket of fresh snow)
[11:23] <Quoexl> yuck snow, you keep it
[11:28] <Ergo> hello, whats the proper way to increase ulimits for containers and processes started by supervisord?
[12:50] <jetsaredim> anyone in here have experience with setting up squid?
[12:51] <jpds> It's fairly simple to configure.
[12:52] <pmatulis> jetsaredim: what's your question?
[12:52] <jetsaredim> I'm trying to set it up as a standalone such that I can have it just log all access requests from any system that passes through it
[12:53] <jetsaredim> just changed the http_access to allow all
[12:54] <jetsaredim> but when I watch the log I'm not seeing any traffic even after I updated the client to use proxy
[13:03] <jetsaredim> jpds pmatulis: thoughts?
[13:03] <jpds> jetsaredim: Well, can the machine see the port being open?
[13:04] <jetsaredim> crap - that must be it
[13:05] <jetsaredim> i'm trying to log all traffic to a genymotion android VM and for some reason the network keeps getting reset to host-only instead of bridged
[13:09] <jpds> Always start with the basics.
[13:09] <jetsaredim> nope - i got it
[13:36] <zul> coreycb: did someone merge trove and cinder for you?
[14:05] <coreycb> zul, trove was merged. cinder still needs review.
[14:06] <zul> coreycb:  k gimme a sec
[14:33] <negronjl> alway
[15:22] <jamespage> coreycb, sahara in the queue
[15:23] <jamespage> coreycb, do you want me to look at horizon? even if pint is not yet in main, I can build and test and upload anyway
[15:23] <jamespage> it will then appear on component-mismatches
[15:23] <coreycb> jamespage, sure if that's ok - btw I'm making a few tweaks to pint to get more tests to run, etc
[15:23] <jamespage> coreycb, awesome
[15:31] <GeekDude> My server is no longer responding to ssh or ping, but I can still ping out from the server (using a keyboard and screen), as well as use wget
[15:32] <GeekDude> I don't recall making any configuration changes on the server, but I did enable multicast on the router recently
[15:45] <lordievader> GeekDude: Firewall?
[15:45] <GeekDude> I'm not competent enough to be sure
[15:46] <GeekDude> I'm awful with ufw
[15:46] <GeekDude> Would the firewall just automatically block incoming connections for no apparent reason?
[15:46] <lordievader> If it is set to do that, yes.
[15:53] <coreycb> jamespage, zul: can one of you review these python-pint updates?  https://code.launchpad.net/~corey.bryant/ubuntu/vivid/python-pint/0.6/+merge/245755
[19:53] <GeekDude> lordievader: I think I've just done something very stupid
[19:53] <GeekDude> The machine just got a new IP address, it's not having strange firewall issues at all
[22:04] <farway> how can I determin why „apt-get remove nginx“ would neither uninstall the binary nor the startupscript?
[22:05] <farway> it tells that it will uninstall, and after that if i call it another time it tells me that it is not installed anymore, while it clearly still exists
[22:09] <cryptodan> can you do an updatedb then a locate on nginx?
[22:13] <farway> cyphermox: before the updatedb ‚locate‘  showed ‚locate: can not stat () `/var/lib/mlocate/mlocate.db': No such file or directory’  now it list all corredponding files
[22:14] <cyphermox> hum, hello ;)
[22:14] <cryptodan> does nginx show up?
[22:15] <farway> cyphermox: after updatedb it list nginx
[22:16] <cryptodan> farway: then you had two instances
[22:17] <cyphermox> what you likely want to remove if you want to get rid of the nginx binary from /usr/sbin is the nginx-core package
[22:18] <farway> thats strang, well I didn’t install it initially. So i don’t knwo if the one how did messed up with the installation
[22:18] <cyphermox> (or nginx-full, or nginx-light)
[22:19] <cyphermox> the nginx package just depends on one of these to provide the binary, it doesn't provide anything by itself
[22:22] <cyphermox> fwiw, the init script is in nginx-common, so you'll probably want to remove that, too
[22:27] <farway> cyphermox: ok now it seems to work. A last question, you said there  where two instances? I don’t see any sign why there should haven been two, there is no entry in the source.list or somehwere else. Is that an indication that the one who installed nginx tried to install it e.g. by hand or from another source and did not correctly clean up later?
[22:33] <cyphermox> I didn't say there were two instances, cryptodan did
[22:34] <cyphermox> if you updatedb and run locate again, you might not see nginx files anymore
[23:16] <Voyage> any help with openvpn issue. http://pastebin.com/ntfBaBk3
[23:24] <collizion> Voyage: I'm fairly good with openvpn.
[23:26] <Voyage> collizion,  hm. so what do you think is wrong?
[23:27] <collizion> Voyage: First, is the server configured for NAT? Second, does the VPN network (10.8.0.0) conflict with a private network on either side?
[23:27] <Voyage> the ip route will tell a lot
[23:28] <Voyage> its in the paste
[23:28] <Voyage> give ma  a sec
[23:29] <Voyage> collizion,  i did this :  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0:0 -j SNAT --to 168.235.66.43
[23:30] <Voyage> collizion,  you there?
[23:31] <collizion> Voyage: I am, yes. Try removing the -o portion of your iptables rule.
[23:31] <Voyage> -o portion
[23:32] <Voyage> on server. ifconfig says venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
[23:32] <Voyage>           inet addr:168.235.66.43
[23:32] <Voyage> so should I just type      iptables -t nat -A POSTROUTING -s 10.8.0.0/24  -j SNAT --to 168.235.66.43         ?
[23:33] <collizion> Try that.
[23:34] <Voyage> ok. be right back. disconnection is expected
[23:36] <sde> Hey guys, any recommendations for a good daemon that can restart services on failure with some logging?
[23:36] <sde> Looking at upstart right now and in the midst of reading but looks like its an init replacement?
[23:37] <Voyage> collizion,  should I do iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE now?
[23:38] <sarnold> sde: check out daemontools
[23:40] <sde> looks like monit might be a better choice
[23:41] <sarnold> could be, djb is Opinionated
[23:41] <sarnold> which works fine if you share his opinions :)
[23:42] <Voyage_> your last command worked collizion  and I am now talking via server
[23:42] <Voyage_> Thanks!
[23:45] <sde> sarnold, thanks, sticking with monit for now, looks like digital ocean favors this as well