/srv/irclogs.ubuntu.com/2015/03/31/#ubuntu-server.txt

flybackim beanbag and I am back for more berating of this fucking stupid graphical bootloader and the default mode of "fail"00:05
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
=== zz_DenBeiren is now known as DenBeiren
ircfoxHello folks!02:45
ircfoxI am running a vpn server and I just configured but it is not connecting from my home computer, could someone help me try to figure what is going on at server side please?02:46
ircfoxI was just trying to analise the server log but to be honest I don't know which file to check.02:46
davidbowlbywhat kind of vpn are you using02:48
davidbowlbyPPTP (also known as the American Indian restroom)02:48
davidbowlbyL2TP02:49
davidbowlby?02:49
ircfoxpptp02:49
sarnolddavidbowlby: hahaha02:49
davidbowlbysarnold, that one never gets old if you ask me02:50
ircfoxyes02:50
davidbowlbyok, one sec02:50
sarnolddavidbowlby: I suspect I'll be 85 and start giggling to myself and be unable to convey to anyone else why I'm laughing...02:50
ircfoxok02:50
davidbowlbyircfox, if you check /var/log/syslog, you can grep on pptp02:51
davidbowlbyyou'll see some stuff there02:51
davidbowlbylike some idiot from korea trying to log into your server02:51
ircfoxdavidbowlby: I don't know how to use grep command :P02:52
davidbowlbyit's easy, I'll show you02:52
davidbowlbycat /var/log/syslog | grep pptp02:52
ircfoxok02:52
davidbowlbycat writes the file out ot console02:52
davidbowlbyyou "pipe" in secondary commands that handle that output02:52
davidbowlbygrep lets you filter on the content02:53
davidbowlbynow, something to remember02:53
davidbowlbyif you're looking for something with a space in it or two works02:53
davidbowlbysurround with quotes02:53
davidbowlbycat /var/log/syslog | grep "monkey login"02:53
davidbowlbyfor example02:53
ircfoxdavidbowlby: and what I dod with the result?02:53
ircfoxsomething like Mar 30 22:20:30 webfox pptpd[19631]: MGR: Manager process started02:53
ircfoxand MGR: Maximum of 100 connections available02:54
ircfoxand aximum of 100 connections reduced to 6, not enough IP addresses given02:54
davidbowlbyok02:54
davidbowlbyso you gave 6 IPs, but said to use 100 connections02:55
davidbowlbybut it's smarter than you, so it fixed that ;P02:55
davidbowlbynow I will introduce you to another command02:55
davidbowlbytail02:55
davidbowlbytail is your friend02:55
ircfoxdavidbowlby: to be honest I think this 6 ip's is default02:55
davidbowlbytail -f /var/log/syslog | grep pptp02:55
davidbowlbytry you connection02:55
davidbowlbysee what she says02:55
davidbowlbytail lets you watch the log as she populates02:55
ircfoxMGR: Maximum of 100 connections reduced to 6, not enough IP addresses given02:56
davidbowlbyyou pipe in the grep and you only see what you care about02:56
davidbowlbyright02:56
davidbowlbynow try to log in02:56
ircfoxMGR: Manager process started02:56
davidbowlbyyou should see pptp info messages02:56
davidbowlbytry to connect to you pptp02:56
ircfoxMGR: Maximum of 6 connections available02:56
davidbowlbyread the works that are coming out of my keyboard02:56
davidbowlby*words even :)02:56
ircfoxMy Mac says : The PPTP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.02:57
davidbowlbyah ok02:57
davidbowlbybut no log entries?02:57
ircfoxno02:58
davidbowlbysee, when I connect I get this:Mar 30 22:59:26 via pptpd[19944]: CTRL: Client 192.168.1.7 control connection started02:58
ircfoxno log entries02:58
davidbowlbyso, it sounds like you aren't getting connected to your pptp server02:58
davidbowlbywhich is exactly what your mac is telling you02:58
sarnoldyou might need to check logs on your os x02:58
davidbowlbybecause Macs are awesome02:58
sarnoldthere's some kind of event viewer there or console applicatioon that shuold show you your logs02:59
davidbowlbyok, so you can do this02:59
davidbowlbypptp default port is 172302:59
davidbowlby(which is how many folks fit in a pptp)02:59
davidbowlbyanyway02:59
davidbowlbyso you can just do a simple telnet check03:00
davidbowlbyopen Terminal03:00
davidbowlbyI'm assuming you know how to use your Mac03:00
ircfoxok03:00
ircfoxgo ahead please03:00
davidbowlbytelnet <the ip of your VPN> 172303:00
davidbowlbyyou should get "trying... connected to..."03:00
davidbowlbyif you don't03:00
davidbowlbyrut row, your firewall is kicking your nads03:00
davidbowlbyyes folks, you need to open ports to allow traffic to run to your pptp server :)03:01
ircfoxtrying is still trying and no log at tail03:01
* davidbowlby has to use the pptp03:01
davidbowlbyyeah, trying and trying means no connection03:01
davidbowlbywhich means you can't get in03:01
davidbowlbywhat are you using for your firewall03:02
* davidbowlby prepares for the facepalm03:02
ircfoxMmmm.. not sure default Ubuntu perhaps03:02
davidbowlby....ok03:02
sarnoldit could also be a firewall on your mac, or any firewall/router between the two machines03:03
davidbowlbyircfox, first you need to know your network infrastructure03:03
davidbowlbyircfox, start there03:03
davidbowlbyfor example, I have ((internet)) ---> <ubuntu server> ---> ufw firewall ---> pptp VPN03:04
ircfoxI will try to port foward my wifi03:05
davidbowlbyoh boy... that statement03:06
davidbowlbyircfox, ok, so how is your network configured03:06
ircfoxno, still not working03:06
davidbowlbyircfox, do you put the internet directly to the wifi router?03:06
ircfoxno, I got a modem (not wireless) and I got a wifi router connected to it.03:07
ircfoxbut I think I've bridged the modem and I cannot access it no longer, by the way it was a way long time ago03:07
davidbowlbyok, you probably need to access the modem03:08
davidbowlbyyou probably are natting on your wifi03:08
davidbowlbywhich isn't going to go over well depending on your setup03:08
sarnolddavidbowlby: did you mean "probably don't need to access the modem"?03:08
davidbowlbysarnold, I mean he will need to connect to the modem03:08
davidbowlbysarnold, modems have firewalls too these days, depending on your setup03:09
ircfoxI can turn ethernet on03:09
davidbowlbysarnold, I had to set mine to forward on to mine03:09
sarnolddavidbowlby: hmm. I could imagine some configurations might be easier that way, but I certainly hope this doesn't require replacing the router..03:09
davidbowlbysarnold, no, just configuring it03:09
ircfoxwould you mind to test if my vpn server is working for me?03:09
sarnolddavidbowlby: i'd hope most modems in bridge mode just forward packets without inspection03:09
davidbowlbysarnold, sometimes you have to connect to the modem to tell it to forward requests03:09
davidbowlbysarnold, some not all, we don't even know what he has03:10
ircfoxbefore it gets too radical please03:10
davidbowlbysarnold, nevertheless, he should be able to access the modem UI03:10
davidbowlbysarnold, if not, that's kinda a problem too03:10
davidbowlbyircfox, what's your IP, I'll telnet03:10
ircfoxdavidbowlby: I cannot access my modem config right now. As I said it is in bridge mode, I would have to reset it.03:11
* davidbowlby waits for the internal subnet03:11
sarnolddavidbowlby: heh, I've never once needed my modem's UI :)03:11
davidbowlbysarnold, I wish that were the case for me03:11
sarnolddavidbowlby: self-bought modems or ISP-provided?03:11
davidbowlbyircfox, actually that worked03:11
ircfoxdavidbowlby: yes?03:12
davidbowlbyircfox, sometimes modems don't like you hairpinning03:12
ircfoxmy lord!03:12
davidbowlbyircfox, actually, now that I think of it, there is a setting I believe03:12
ircfoxSo you think it is my modem?03:12
sarnoldohhhhh.. is the os x machine currently "inside" the same network?03:12
ircfoxsarnold: no03:12
davidbowlbyircfox, can you put your mac on a 3g/4g hotspot and try the connection outside of your network?03:14
ircfoxdavidbowlby: I am connecting to the same vpn server but with ssh right now. does it say anything about modem block?03:14
davidbowlbyno03:15
ircfoxdavidbowlby: I don't have any 3g/4g device.03:15
davidbowlby...what...03:15
* davidbowlby is amazed03:15
ircfoxyeah :P03:15
davidbowlbyyou are setting up pptp03:15
davidbowlbyand don't have cell data03:16
ircfoxI have a old nokia03:16
davidbowlby...whaaaat03:16
ircfoxyes, lol03:16
davidbowlbyok03:16
davidbowlbyok, is this running on a 486?03:16
davidbowlby;)03:16
davidbowlbyok ok, sry sry03:16
davidbowlbyok03:16
davidbowlbytry the telnet to your host using the port 2203:17
davidbowlbythis should work just fine03:17
davidbowlbyyou'll see what happy path should look like03:17
ircfoxyes03:17
ircfoxfine03:17
ircfoxSSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu203:17
davidbowlbyok, so that's happy path03:20
davidbowlbytry to telnet to 1723 again03:21
ircfoxno still not working03:21
davidbowlbymake sure you have port 1723 open on the wifi firewall and forwarded to your VPN server IP (should be on the wifi)03:21
davidbowlbyI should say, should be on the same network as the wifi or routable via the wifi03:22
davidbowlbyI still don't get your network topology03:22
davidbowlbyis the VPN server on a different network than the wifi router?03:22
davidbowlbyis the Mac on a different network than the wifi and VPN?03:22
davidbowlbybtw, to rule out the mac firewall, you can go to System Preferences > Security & Privacy > select Firewall tab, and turn it off03:23
ircfoxit said it is a invalid ip which should be set in the valid subnet of something03:23
davidbowlbyok03:24
davidbowlbylet's start here ircfox03:24
ircfoxright03:24
davidbowlbywhat is the "internal" IP of the wifi03:24
davidbowlbyrouter03:24
davidbowlby192. something or a 10. something03:24
davidbowlbyfor example03:24
ircfox192.168.1.22203:24
davidbowlbyok03:24
davidbowlbyvery good03:24
davidbowlbywait, sounds a little weird03:24
davidbowlbybut ok03:24
davidbowlbythat sounds more like a client IP03:25
davidbowlbybut ok03:25
davidbowlbyso that's the IP you configure the router with, right?03:25
ircfoxthis is my mac ip03:25
davidbowlby..03:25
davidbowlbywhat is the wifi router IP03:25
ircfoxthis is the ip I am using on my wifi router03:25
davidbowlbysomething like 192.168.1.1?03:25
ircfox192.168.1.25403:25
davidbowlbyno, that's the IP of your computer, not the wifi router03:25
davidbowlbyahhh03:25
davidbowlbynow were are getting somewhere03:25
davidbowlbyhmmm, sounds like UVerse03:26
davidbowlbyanyway03:26
davidbowlbycan't be, you have a nokia03:26
davidbowlbyanyway03:26
ircfoxhahaha..03:26
davidbowlbyok, so what is the IP of your VPN (internal only please, no real IPs here)03:26
ircfoxnot sure, let me check03:26
davidbowlbykinda important to know that03:27
davidbowlbyso you can set the firewall rule on the wifi router to point to it...03:27
ircfoxwhat is the command I use again please?03:28
davidbowlbyifconfig03:28
davidbowlbythis right here is why I start with teaching IP and network configuration before ANYTHING ELSE03:29
ircfox127.0.0.203:29
sarnoldthat's a localhost address03:30
sarnoldcheck for an eth0 or similar address03:30
ircfoxinet add is 127.0.0.103:30
davidbowlbyyou can use grep03:30
davidbowlbyifconfig | grep eth003:30
davidbowlbyor03:30
davidbowlbyifconfig -a | grep eth003:30
ircfoxnothing03:31
davidbowlbyifconfig -a | grep "inet addr"03:31
ircfoxI think it is called venet03:31
davidbowlbythat last one should do it03:31
ircfoxIt has lo, venet0 and venet0:003:31
davidbowlbyyes03:31
davidbowlbyand is one a 192 address?03:31
ircfoxvenet0:0 is03:32
ircfoxwell not 192 but not 127 either03:32
sarnoldvenet? o_O03:32
davidbowlbyircfox, what is the damn ip03:32
ircfoxsarnold: because it is a vps perhaps?03:32
davidbowlbyit's not your public one, is it03:32
ircfoxyes, it is03:33
davidbowlbywait, a vps03:33
davidbowlby... ok03:33
davidbowlbywho are you using03:33
davidbowlbyare they openstack?03:33
ircfoxcrissic03:33
davidbowlbybecause most VPS folks start with port 22 open, but everything else is locked shut03:33
sarnoldoh man so much more makes sense now!03:34
davidbowlbysarnold yeah03:34
sarnoldI hadn't considered that possibility.03:34
davidbowlbyircfox, first of all, you don't have to do anything on your wifi router03:34
davidbowlbyircfox, because the VPN isn't on your network03:34
davidbowlbyircfox, which would have been nice to know ;)03:34
ircfoxI did use this command when configuring the pptp : sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE03:35
ircfoxperhaps it is not working because there is no eth8?03:36
davidbowlbyircfox, yes, but with a hosted service, the system can have its own firewall, not just the VM03:36
davidbowlbyno, ircfox, the interface names are ok03:36
davidbowlbythey just told us you were running a different kind of network03:37
davidbowlbyircfox, I'm sorry, I'm not familiar with how they open ports up03:37
sarnoldand in fact if you're getting connection timeouts they almost certainly have all ports firewalled off except 22 and maybe 80...03:37
davidbowlbyircfox, there should be some kind of manual on how to open a port to your virtual machine03:37
davidbowlbysarnold, definitely03:37
davidbowlbyircfox, most of them have some kind of network profile you can edit to allow ports03:38
davidbowlbyon the virtual machine properties03:38
sarnoldircfox: check around their admin panel for firewalling or security groups, probably you have to do something to specify ports and networks allowed to use those ports03:38
* davidbowlby needs a drink now03:38
davidbowlbysarnold, I was able to connect to his 1723 though from my host03:40
davidbowlbysarnold, so something is still a lil off03:40
sarnolddavidbowlby: ohhhhhh03:40
sarnoldcolor me confused then :)03:40
davidbowlbysarnold, yeah, just remembered that ahah03:40
davidbowlbysarnold, it's client configuration, we're good here04:09
=== Negative- is now known as NegativeFlare
=== zz_DenBeiren is now known as DenBeiren
jamespageDaviey, yes it does and thankyou if you did it :-)07:00
lordievaderGood morning.07:09
=== bilde2910|away is now known as bilde2910
DenBeirengoodmorning,..07:15
DenBeirenwhen running an rsync from a server to a dreambox (linux based sat decoder) on gigabit network i get max speeds of 1.7MB07:16
DenBeirenshouldn't this be a lot more?07:16
lordievaderPerhaps, perhaps not.07:17
lordievaderWriting to a slow disk?07:17
DenBeirenit's a new WD blue or black (don't remember exactly)07:18
DenBeirenit's def. the "newer faster" technology,.. not ide07:19
lordievaderCongested network?07:20
DenBeireni'm guessing not,.. how could i find out? my (manageable) switch is not even breaking sweat07:24
DenBeirenthe server has bonding07:24
lordievaderDenBeiren: Do you get decent speeds when you download from some other server?07:26
DenBeirenthe server downloads ok,.. as fast as my internetconnection will allow me07:27
DenBeirenthe dreambox, i don't know,.. i don't normally download stuff with it07:27
DenBeireni'm now just pushing movies to it located on my server07:27
lordievaderTry it, you are trying to find out where the bottleneck may lie.07:30
DenBeirenwget doesn't give me a speed indication,.. am i forgetting an -option?07:36
lordievaderDenBeiren: It should. 'wget --output-document=/dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip' is what I use to test connections.07:40
DenBeirenConnecting to speedtest.wdc01.softlayer.com (208.43.102.250:80)07:42
DenBeirennull                   0% |                                               |  5098k  0:14:54 ETA07:42
Davieyjamespage: python3-oslo.serialization is now in main, should fix the depwait of python.oslo.log07:44
jamespageDaviey, thanks - the rest of kilo-3 is now trickling through as that's unlocked most depwaits07:45
Davieysuper07:46
jamespageDaviey, just manually twiddling rebuilds to workaround circular deps in neutron and its decomposed *aas packages...07:47
Davieyjamespage: Yeah, i didn't envy you this cycle....07:47
jamespageDaviey, we won't have all decomposed vendor drivers in for kilo07:48
Davieyjamespage: But, looks like splitting out is the way of the future... see cinder?07:48
jamespageinfact not many - the *aas ones are done - I'll probably target a few for release if possible07:48
jamespageDaviey, yeah07:48
jamespageDaviey, it makes sense07:48
jamespageDaviey, but it does increase the packaging complexity and quantity07:49
Davieyjamespage: Planning to have vendor PPA's?07:49
jamespageDaviey, I think that's likely yes07:49
jamespageDaviey, we'll probably use that for testing and then onboard into distro next cycle07:49
jamespagedepending on status07:49
jamespageit actually gives us a nicer QA process rather than accidentially packaging all vendor plugins as we have done in the past07:49
jamespagealot had out-of-archive deps hidden in them07:50
Davieyjamespage: What about UCA?07:50
jamespagearchive feeds UCA07:50
jamespagestill07:50
Davieyright, but for pulled out vendor drivers?07:50
jamespagewell for the first 9 months at least07:50
jamespageDaviey, we already do some UCA type things for vendors07:51
jamespageits not UCA07:51
jamespage'partner package archives'07:51
DavieySorry, i mean, Kilo on 14.04, will that have the vendor drievrs from PPA's or limited set from main on vivid?07:51
jamespageDaviey, most likely PPA's07:52
Davieyok, thanks07:52
jamespageDaviey, any of specific interest to you?07:52
jamespage(I was thinking for seeing if I could get vmware-nsx in as I have charm stuff that depends on that)07:52
Davieyjamespage: More curiosity than anything else.07:55
lordievaderDenBeiren: Is that a normal speed for your connection?08:03
memoryleakIs there a storage service you guys can recommend for backing up data of servers, other than AWS S3?08:38
=== Lcawte|Away is now known as Lcawte
R1ckhi. I have a Ubuntu 12.04 server, which has nsca 2.7.2. Ubuntu 14.04 has nsca 2.9.1, whats the best way to get that 2.9.1 package installed on a 12.04 server?09:29
lordievaderR1ck: See if there is a backports ppa?09:29
R1ckwell I found this: https://launchpad.net/~bli-linsang/+archive/ubuntu/nsca-backport09:30
R1ckso thats the "best" way?09:30
DjangoPythonistHi everyone, i have some trouble with an ubuntu 12.10 webServer. df tell me that i have a 91% (around 89G) of 94,28G of total use in a disk partition, but dcnu and du tell me that the total amount used is 44G. It's a production server and i need to free some disk space without pay for more Gigas, and this big difference from df to du make's me crazy. ¿Somebody can give me some light about what happend? Thks, and s09:31
lordievaderR1ck: Does it have pesky dependencies?09:32
lordievaderR1ck: I suppose upgrading to Tusty ain't an option?09:33
R1ckunfortunately not :)09:33
lordievaderYou could also package 2.9.1 yourself.09:35
lordievaderBut there you might run in to dependency problems.09:36
lordievaderYou absolutely need 2.9.1?09:36
R1ckyes, I'm beginning to get 2.9 clients that cannot communicate with a 2.7 daemon09:47
R1ck2.9.1 daemon is running :) backports package seems to work fine09:48
lordievaderR1ck: Ah, good to hear :)09:50
rbasakstrikov: ping, about Juju, for when you start today.10:04
strikovrbasak: i just started10:04
rbasakstrikov: oh, OK. Google Calendar seems to think you will start in another hour :)10:05
rbasakThough we just did go into daylight savings time in Europe so maybe that affects things?10:05
strikovrbasak: that's right, i have an appointment today, so i started earlier :)10:05
rbasakstrikov: oh, OK :)10:06
strikovrbasak: did you have a chance to look at the package?10:06
rbasakstrikov: yes. Great work!10:06
rbasakstrikov: I appreciate the amount of time you've had to spend on this.10:06
rbasakstrikov: the only review comments I have are things that I never mentioned to you - my fault.10:07
rbasakstrikov: only really minor - I can upload now anyway, but we can maybe fix these to save ourselves time next time.10:07
strikovrbasak: sure, let's do it today10:08
strikovrbasak: what do i need to fix?10:08
rbasakstrikov: first, we should mention the tracking bug in the changelog, so it auto-closes on upload. Eg "  * New upstream release (LP: #1416051)". No need for you to fix this - I can just do it before I upload.10:08
rbasakstrikov: then the only other thing is minor disparity with the PPA debian/control file. I noticed because I diffed debian/ against the PPA, just to make sure that Curtis hasn't made any packaging changes in the PPA that we need.10:09
rbasakstrikov: specifically these two differences help with backports. They aren't technically needed in Vivid, but we've made it so they will work in Vivid anyway, and that way when we push to Trusty we won't have to change the debian/control file, which would be easier for us to manage.10:10
strikovrbasak: oh, really? i did that comparison myself about a week ago and it looks like i missed something. sorry10:10
rbasakThe first is:10:10
rbasak-               gccgo-go [!amd64 !i386 !armhf],10:10
rbasak+               gccgo [!amd64 !i386 !armhf],10:10
rbasakThis was indeed broken on Vivid a while ago, but I added gccgo-go as a virtual package so now we can Build-Depend on it in Vivid without issues.10:11
rbasak(and it'll pull in gccgo on Vivid, and gccgo-go as a real package in previous releases)10:11
rbasakThe second is:10:11
rbasak-Depends: cloud-image-utils | cloud-utils,10:11
rbasak+Depends: cloud-image-utils,10:11
rbasakThis only happened after I uploaded the previous Juju packaging, and then forgot to tell you about it, so I wouldn't expect you to have known about it.10:12
rbasakcloud-utils got split a release or two ago, so we fall back to cloud-utils if cloud-image-utils doesn't exist.10:12
rbasakI asked Curtis to add this to PPA packaging, and said I'd sync into Ubuntu packaging, but forgot.10:12
rbasakstrikov: both of these I couldn't have expected you to have known about :)10:13
strikovrbasak: you told me about debdiff'ing against sinzui's ppa10:15
strikovrbasak: fixing it now, thanks for a review!10:16
rbasakstrikov: no problem. And good work! This isn't an easy package to work on :)10:16
rbasakstrikov: OK if you want to fix those up, then you can update the changelog with the bug reference and those other two changes, and then you can take all the credit for the upload :)10:17
rbasakThat'll help when you apply for upload rights.10:17
frudohi..10:18
frudohow can i off checkconfig serivce on ubuntu like linux I am not more familiar with ubuntu, can any one help on this10:19
rbasakfrudo: are you asking for the Debian/Ubuntu equivalent of chkconfig?10:23
rbasakfrudo: update-rc.d is used to adjust Sys V init script execution. For upstart jobs, you edit service definitions directly in /etc/init/.10:23
rbasakFor systemd, you copy /lib/systemd/service/... to /etc/systemd/service and then edit it.10:23
frudothanks. rbasak. i will try for zabbix serivce..10:29
frudoon ubuntu machine10:29
strikovrbasak: why 'Depends: cloud-image-utils | cloud-utils' is needed? maybe just cloud-utils is okay, because it's available everywhere (including precise where cloud-image-utils is not available)10:36
strikovrbasak: okay, i figured it out myself, cloud-image-utils might be installed manually without a metapackage10:37
strikovrbasak: okay10:37
rbasakstrikov: yes. Also, won't cloud-utils pull in cloud-guest-utils also, which we don't need in this case?10:38
rbasakThat was the reason it was split.10:38
rbasakkickinz1: is http://askubuntu.com/q/582038/7808 relevant to your work?10:38
frudoupdate-rc.d nginx disable  this commad is wirking but when i trying to do update-rc.d zabbix-agent disable  its not working10:40
kickinz1rbasak: yes, we are in the process to make it work on armhf. Docker is ready, working on owncloud 810:40
kickinz1rbasak (docker-1.5.0 armhf package  is ready, just need to wait for some code in the store to have it uploaded)10:41
strikovrbasak: just fyi, gccgo-go is not available on precise (just in case we'll make decision to package current juju there)10:54
rbasakstrikov: OK, thanks. I think probably there is no gcc go package to use regardless of name on Precise?10:57
rbasakstrikov: so that should be OK10:57
strikovrbasak: gccgo is available: http://packages.ubuntu.com/precise/gccgo10:57
rbasakstrikov: Oh, OK10:57
rbasakstrikov: I don't think there will be a demand for Juju on Precise for non-Intel that doesn't exist already, so let's just aim for parity with the PPA for now, and we can both change together later if necessary.10:59
rbasakThen the diff against the PPA can remain smaller10:59
rbasakstrikov: thank you for pointing it out though11:00
rbasakjamespage: what was the state of arm64 support in docker.io in the archive, please? I saw some back and forthing of support in the changelog, so wasn't sure of the previous status.11:07
jamespagerbasak, it needs dropping for now11:07
rbasakjamespage: I ask because we're having some issues with arm64 but I think we have everything else working, so am wondering if this is actually a regression in functionality or not.11:07
jamespageits incomplete (specifically in one of the deps)11:07
rbasakkickinz1: ^^11:07
jamespageand its never worked11:07
strikovrbasak: debian.tgz and .dsc are in your inbox; thanks!11:07
kickinz1rbasak: OK11:08
rbasakjamespage: "its never worked" is perfect for a justification for an FTBFS in the FFe bug - thanks :)11:08
rbasakstrikov: thanks!11:08
jamespagerbasak, sorry - I mean't todo that before handing over11:08
rbasakjamespage: no problem11:08
rbasakkirkland: hey. byobu.co seems to redirect to www.byobu.co that doesn't resolve.11:35
strikovrbasak: it is accessible for me12:03
strikovrbasak: i mean byobu.co12:03
strikovrbasak: http://www.downforeveryoneorjustme.com/http://byobu.co12:04
rbasak$ host byobu.co12:04
rbasakHost byobu.co not found: 2(SERVFAIL)12:04
strikovrbasak: http://pastebin.ubuntu.com/10711691/12:06
strikovrbasak: you may use sshuttle or something with dns forwarding12:07
rbasakstrikov: thanks. I don't know why this fails for me. Firefox isn't being clear on why it complains about www.byobu.co. I see no redirect accessing it by hand over HTTP.12:08
bwmHaving problem setting keep alive timeout in Apache2 default virtual host12:13
bwmI set the timeout in the virtual host on a clean apache2 install on 14.04 and it has not effect.12:14
bwms/not/no/12:14
OpenTokixbwm: you enable keepalive in the main config, not per vhost12:14
bwmOpenTokix: that's not what the apache doc says12:15
bwm... let me check that ...12:15
OpenTokixbwm: I have never set it per vhost, but maybe you can then. - What is the problem you are seeing?12:15
bwm[Context:server config, virtual host]12:16
OpenTokixSo you set KeepAlive On - and you dont get a keepalive? - How do you check?12:17
bwmIts just ignored.  I have a little curl based test.  If I run it with keepalive configured in the default vhost - then connections are dropped.12:17
bwmIf I run the same test with keepalive timeout set in the global config then then connections remain open12:17
OpenTokixno loadbalancer?12:18
bwmIf I munge the default host config to mess up the docroot I get 404's - so the virtual host config is being used12:18
OpenTokixAnd no user agent sniffign browsermatch-directives?12:18
bwmNot in this test case - the reason I'm doing this is my production load balancer config is having problems and i've traced it to the keepalive possibly being the issue12:19
bwmno browermatch directives - never heard of them :(12:20
OpenTokixWhat load balancer are you using?12:20
OpenTokixKeepalive is.... not always optimal ebhind a load balancer12:20
bwmI'm not in this test case.  In production is an AWS loadbalancer12:20
OpenTokixIs that a proxying or routing load balancer?12:21
bwmStrictly - I don't know.12:21
bwmI'm guessing the load balancing is done in the routers12:22
OpenTokixIf its routing, keepalive should be on - if its proxying, off12:22
OpenTokixEsp. if you have a lot of traffic12:22
bwmThe AWS config assumes the keepalive is on.  We have it on - but I'm seeing occasional gateway timeout errors which can be due the loadbalancer keep alive timeout being longer than the servers keepalive timeout12:23
OpenTokixWhat is the host-ip you see in yo uaccesslog? - Is it clients or the load balancer?12:24
bwmclient12:26
bwmactually - we see both12:28
OpenTokixYes, but what is the clientip, and the other is probably forward-for header?12:29
bwmthe other is X-Forwarded-For header12:30
OpenTokixThen its proxying12:30
OpenTokixThen  your apache threads will be busy with waiting for the  proxy to send a new connection while keepalive timeout is timeing out.12:30
OpenTokixand your proxy will open a new connection for each new client12:31
bwmConfession: I'm a bit new to all this.12:33
bwmOpenTokix: I have no idea what the LB's policy is.  It does expect keep alive to be on.12:34
bwmOpenTokix: Any thoughts on why my little experiment with setting keepalive timeout on the default virtual host isn't working?12:35
OpenTokixbwm: The timeout is ignored?12:35
bwmOpenTokix: the timeout setting in the virtual host is ignored.  The server wide timeout is used.12:36
OpenTokixIn a name-based virtual host context, the value of the first defined virtual host (the default host) in a set of NameVirtualHost will be used. The other values will be ignored.12:36
OpenTokixIt is used in the first namebased vhost12:36
bwmIn my test setup I only have one virtual host - 000-default.conf12:37
OpenTokixok12:39
bwmOpenTokix: one of the things I wanted to check here was that there is nothing special about the default VH, e.g. you can't override main config settings in it.12:41
=== CripperZ is now known as CripperZ-
OpenTokixbwm: there is nothing special about it - just the default12:49
Adri2000how supported and developed vmbuilder is these days? I thought at some point it was abandoned12:53
strikovrbasak: i have an appointment right now and will return back in 1 hours; just fyi12:54
ircfox_could someone help me figure why I am unable to connect to a pptp server please?12:56
=== ircfox_ is now known as ircfox
bwmOpenTokix:  Thanks for taking the time to answer my questions.12:57
* pmatulis didn't know people still use PPTP12:57
bwmOpenTokix: I've just extended my test.  I added a second named virtual host that is a clone of the default.  It successfully overrides the keep alive timeout.12:57
bwmOpenTokix: I'm hesitant to say this because I am new to this - but this is looking suspiciously like a bug12:58
OpenTokixbwm: I never use the default host - so not sure it is a bug12:59
rbasakstrikov: OK, thanks12:59
bwmOpenTokix: agree - I'm not sure either.  I guess I have a choice between - a) change the main config; b) set LB keepalive timeout to 3s c) post details of my test as an issue - but don't know where13:01
OpenTokixbwm: I doubt it is a bug. - Why cant you change the config?13:01
bwmOpenTokix: policy.  I'm doing automatic deploys using chef.  I've got mechanisms to configure virtual hosts.  I don't want to change the main config because then I have to maintain different versions for different apache versions13:04
OpenTokixbwm: ok, and you always use the default vhost?13:04
rbasakbwm: can you reproduce on a fresh install? If Apache is documented to support that configuration option on virtual hosts, and it doesn't work, then it sounds like a bug to me.13:05
OpenTokixI have to test it now =)13:05
bwmrbasak: my test is running in virtualbox vm with a fresh clean install.13:05
rbasakbwm: which version?13:06
bwmrbasak:checking ...13:06
bwm apache2 -v13:06
bwmServer version: Apache/2.4.7 (Ubuntu)13:06
bwmServer built:   Mar 10 2015 13:05:5913:06
rbasakbwm: a clean install of your chef recipes, or a minimal test to exercise this issue?13:08
bwmrbasak,OpenTokix: I could put my configs and test script on gist or somewhere13:08
rbasakbwm: if it does it on a minimal test, I'd ask you to check Vivid and if that's affected then test on a build from the upstream source without packaging.13:09
OpenTokixbwm: I changed it on a test machine now13:09
bwmrbasak: of the chef recipe.  good point13:09
OpenTokixAnd chaking KeepAliveTimeout to 3, changed it from the default 5 - in 000-default.conf13:09
rbasakbwm: assuming your test is correct, I'd be interested in a report to upstream.13:09
OpenTokixrbasak: it is not a bug13:10
=== Techi is now known as Arrick
OpenTokixJust tested it on a 14.04 updated host with apache 2.4.713:10
rbasakOpenTokix: OK, thanks. Then it's just between you and bwm to figure out what you're doing differently :)13:11
OpenTokixhttp://pastebin.com/B85znLP3 <-- this is my 000-default.conf13:11
ArrickHey all, I am setting up a ubuntu 12.04 server at this time, and need to know how to pull the information for the current network, that will give me gateway, network, and dns that is currently drawn from dhcp... I need to setup static addressing, but ifconfig does not give me all the information presently.13:12
bwmOpenTokix: thank - I'll take a look13:12
Arrickcan anyone help me out with the right cmd?13:12
Arricksorry, 14.04 server, not 12.0413:12
OpenTokixArrick: ifconfig eth0 and ip route show13:12
OpenTokixArrick: and /etc/resolv.conf13:13
bwmOpenTokix: that looks exactly like what I did13:13
mnaserWhat are opinions here on running LTSL enablement stacks?13:13
bwmOnly I set mine to 12013:13
OpenTokixbwm: I used chrome developer tools to check the keepalive  settings13:13
mnaser*LTS13:13
OpenTokixbwm: What curl command are you using?13:14
bwmAh - hadn't thought of that - was using curl and watching it not keep the connection alive13:14
OpenTokixbwm: I get this from curl -v "* Connection #0 to host m01 left intact13:14
bwmCan I give you my curl test that shows what happens to the connection - the headings might say one thing and the server do something else13:15
OpenTokixbwm: if I put keepalive off. it say: * Closing connection 013:15
bwmAnd I get connection closed13:15
ArrickThanks open`13:15
ArrickOpenTokix, ^13:15
OpenTokixbwm: My curl dont say the timeout value13:15
OpenTokixArrick: your welcome, glad to help13:15
rbasakmnaser: I'm running the Trusty HWE kernel on a Precise bare metal server because I found the Precise kernel's IPv6 performance over a bridge to be terrible.13:15
rbasak(oddly IPv4 was fine, and the Trusty HWE kernel fixed the issue)13:16
rbasakIt was the easiest way to solve the problem. As an example.13:16
bwmI restricted the download rate and did two gets in curl - adjusted the rate so that it took a bit longer than 5 seconds to download index.html once13:16
mnaseri'm running all trusty here but my most recent server, i installed 14.04.2 and it turns out that had a newer kernel13:16
bwmCan you put your curl somewhere I can get at it?13:16
mnaserso I wasn't sure if I should keep all that consistent or not13:17
rbasakI'd stick to the same thing for consistency unless you have a reason to deviate.13:17
rbasakWith 14.04.2 you're on an HWE kernel upgrade treadmill which isn't ideal.13:17
rbasak(you'll need to roll up to  with the 16.04 HWE kernel eventually)13:18
rbasak(you'll need to roll up to the 16.04 HWE kernel eventually for full LTS-period support)13:18
bwmOpenTokix: curl -S -v --limit-rate 1K -S -o foo -o foo -o foo http://10.10.10.10/ http://10.10.10.10/ http://10.10.10.1013:18
OpenTokixbwm: http://pastebin.com/jmh8NFpM13:18
mnaseri'll likely have to upgrade myself to 16.04 anyways to keep up with openstack releases for example13:18
OpenTokixbwm: Sounds like a very weird way to make this test. - I am more and more suspecting your test is errornous than the config of the server.13:19
rbasakmnaser: then maybe it doesn't matter so much13:19
mnasergood information to have.. i'll chew on it a bit more13:19
rbasakWith running the Trusty HWE kernel on Precise I'm not on a treadmill, so the decision is easier for me.13:19
mnaseryep, i can see the value there but i won't be running releases that long most likely13:20
OpenTokixWhat is HWE-kernel?13:20
bwmOpenTokix: I'm not going to argue with that ; I'll try your curl on my setup13:20
mnaserOpenTokix: https://wiki.ubuntu.com/Kernel/LTSEnablementStack13:20
OpenTokixmnaser: thanks13:21
bwmOpenTokix: your evidence is that curl reports that it leaves the connection open after downloading one file.  My evidence is that when I download two files - the connection gets closed by the server after 5 seconds.13:22
bwmOpenTokix: i.e. between the downloads of the two files13:23
OpenTokixbwm: Default keepalivetimeout is 5s13:23
OpenTokixbwm: If you go above 10s - other things will close connection, like your tcp-settings and such - both client and server.13:23
bwmOpenTokix: Right - the default is 5 seconds.  And when I try to override it - its still 5 seconds.13:24
bwmOpenTokix: whatever the headers say - the connection is getting closed.13:24
OpenTokixbwm: Maybe you have aggressive tcp-settings on yiour client or are you testing via localhost?13:25
bwmOpenTokix: can you confirm the result I'm getting?  The connection is getting closed.13:26
OpenTokixbwm: I can't13:26
OpenTokixI cant see the time for the connection reset13:26
bwmOpenTokix: I'm on a default ubuntu config13:26
bwmOpenTokix: its not getting closed on a named VH which is a clone of the default.13:27
bwmOpenTokix: I think that lets tcp off the hook?13:27
OpenTokixbwm: Im not sure how to check it reliably13:28
Arrickif I get that /dev/sdb doesnt contain a valid parition table, does that mean I just need to create a partition and format it?13:29
bwmOpenTokix: well - if you have a big enough file to get, and ensure it takes between 5 and 10 seconds to download - then that controls the timing of when the second request goes in and whether it finds an open or closed connection13:29
bwmOpenTokix: the message I get is "* Connection 0 seems to be dead!"13:30
OpenTokixok13:30
OpenTokixbwm: Damn you, I got curious now =)13:39
bwmOpenTokix: I've been damned for quite a while now :)13:41
Adri2000hallyn: hi, can you tell me more about the status of vmbuilder? I thought it was abandoned13:48
kirklandrbasak: doh.  thanks for that.  I just fixed it13:48
davegarathHi all I'm trying to install an ubuntu 14.04 server with / crypted on a machine with an 12.04 installed with lvm ( /boot shared )13:48
OpenTokixbwm: I see it =) =)13:49
bwmOpenTokix: wondering what you have seen13:49
OpenTokixbwm: connection seems to be dead13:49
davegarathI configured my encrypted volume but I have an error message at the end of partitioning : "The attempt to mount a file system with type ext3 in Encypted volume (myvolname) at / failed13:50
davegarathand it ask to me to resume partitioning13:50
OpenTokixbwm: curl --verbose --limit-rate 2k -w "%{time_total}\n" http://m01/1 http://m01/3 http://m01/3 -o /dev/null -o /dev/null -o /dev/null <-- And 1,2,3 is a 10k random file.13:50
bwmOpenTokix: So confirmation?  And if you try it on a second vhost?13:50
=== mrt333_ is now known as mrt333
davegarathwhat I'm wrong ?13:50
OpenTokixbwm: if the config paramenter is inside the virtualhost -block, it will be ignored13:53
bwmOpenTokix:  by config parameter you mean the KeepAliveTimeout directive?13:54
OpenTokixyes13:55
OpenTokixAnd it works as expected13:55
bwmOpenTokix: If you test it in a named virtual host block, other than the default, I think you'll find it is not ignored.13:55
OpenTokixit is ignored if its inside the Virtualhost block13:56
bwmOpenTokix: irc is wonderful - but still a limited channel :(13:56
bwmOpen Tokix: do you mean in any virtualhost block13:57
bwm?13:57
OpenTokixbwm: it is not ignored inside the default block13:57
OpenTokixin the default file13:57
OpenTokixfor the * host13:58
OpenTokixbwm: if the default-config is enabled, it will take the default timeout and set it - if you disable the default (*) virtualhost. - Ie. The default values get added to the * vhost, if not stateed. - And that hjost that precende of any other host.14:00
bwmOpenTokix: I'm sorry but I'm not following you clearly.  Can we assume we have 3 apache config files, apache2.conf, 000-default.conf, and another-vhost.conf14:00
OpenTokixYou can only have one KeepAliveTimeout value - but even if you dont state it - the * will take the defautl value. - If you do a2dissite of the default host, - and change the keepalive timeout on another vhost, it will respect that value.14:01
OpenTokixbwm: if you disable 000-default.conf - it will respect the KeepAliveTimeout set in another-vhost.conf14:01
bwmOpenTokix: If I have keepAlivetimeout values of 5 in apache2.conf, 120 in 000-default.conf and 120 in another-host.conf then when I access the default vhost I get a timeout value of 5 and when I get access another-vhost I get a timeout value greater than 514:03
OpenTokixno, it will be set to 12014:03
bwmOpenTokix: so I can have different keepalive timeouts on different vhosts at the same time.14:03
OpenTokixbwm: no14:04
OpenTokixIt will take the first one, - and in your case 000-default14:04
OpenTokixunless you name your other vhost 000-another-vhost.conf14:04
bwmOpenTokix: ok - that sounds interesting - what is your evidence for that?14:04
OpenTokixbwm: My tests, and what the documentation say14:04
OpenTokixFrom docs: In a name-based virtual host context, the value of the first defined virtual host (the default host) in a set of NameVirtualHost will be used. The other values will be ignored.14:05
bwmOpenTokix: From the docs - the default vhost is not used when the hostname in the request matches the servername in the vhost config.14:06
bwmOpenTokix: those were my words - I'll go lookup the docs for the quote.14:07
OpenTokixbwm: no, that is for the requests14:07
OpenTokixbwm: has nothing to do with how the configuration is "built" whe nthe server is started14:07
OpenTokixbwm: That quote does not sound like it come from apache official docs.14:08
bwmOpenTokix: "f multiple virtual hosts contain the best matching IP address and port, the server selects from these virtual hosts the best match based on the requested hostname."14:08
OpenTokixbwm: yes, that is how virtual hosts mean -- but that has nothing to do how the configuration is built for the actual networking stack inside apache when you start it, two entierly different things14:08
bwmOpenTokix: Ah - can you tell me where in the docs I should look for how the config is 'built'14:08
OpenTokixbwm: no, not really - its more of a understanding how the configuration works with includes etc.14:09
rbasakkirkland: no problem. I don't understand why strikov coudn't reproduce it though? Anyway, no matter. Works for me now.14:09
OpenTokixbwm: apache start either a worker process, that divide the connections among threads, or it has a prefork model where there is different processes. - However, only one and only one process binds to port 80 and that divide the connection14:10
bwmOpenTokix: don't you think it would be a bit weird to explicitly allow the specification of a keepalivetimeout inside a vhost block and then not honour it?14:10
OpenTokixbwm: keepalivetimeout is set when you create the socket14:10
OpenTokixbwm: it is layer 2 in the OSI -model, and the vhost is much higher up14:10
bwmOpenTokix: I was asking for your evidence that you can't have different keepalive timeouts for different vhosts at the same time.  You mentioned you had a test that shows this.  Can you please describe the test.14:11
OpenTokixbwm: I created an extra vhost called mmm and I disabled 000-default.conf - then it respects the keepalivetimeout inside the vhostblock of mmm-vhost. - When 000-default is enabled, it will take the default value from apache2.conf14:13
bwmOpenTokix:  I believe there is a keepalive at the TCP level.  I don't think the keep alive were are talking about is the same thing?  I think Apache has its own keep alive mechanism.14:13
OpenTokixbwm: And if I disable 000-default.conf - it will take the first KeepAliveTimeout it finds, insde the block inside test.conf (that has the mmm vhost)14:13
OpenTokixbwm: Regardsless, you can only have one and exactly one KeepAliveTimeout per apache2 server instance14:15
bwmOpenTokix: a test - excellent.  I get a different effect.  When I enable both 000-default and mmm I get two different timeouts.14:16
OpenTokixAnd you have the KeepAliveTimeout inside the vhost block14:16
OpenTokix?14:16
bwmOpenTokix: yes.14:16
Pici/7/7014:17
kirklandrbasak: yeah, I'm confused as to how this happened too;  nothing has changed in my registrar in years14:17
OpenTokixbwm: I dont14:18
bwmOpenTokix: I've burned a lot of your time with this.  We could stop at this point and say we understand why we are getting different results.14:19
bwmOpenTokix:  I'll check my test14:20
OpenTokixbwm: Also confirm the timeout with devtools in chrome14:28
OpenTokixbwm: I am 100% sure about my config, since both tests show same results. - Bot curl with limit and devtools show same time.14:28
=== cmagina_ is now known as cmagina
bwmOpenTokix: I've just tried to reproduce my test showing multiple different timeout values and failed.  Not sure why - need to investigate further.  For now - my assumption is I screwed that test up somehow.14:40
strikovrbasak: do you have any idea why this package have such a strange naming: http://packages.ubuntu.com/vivid/libgnutls-deb0-2814:41
strikovrbasak: (a) what deb0 mean (b) why package is called -28 while it contains 3.3.814:42
OpenTokixbwm: sounds plausible14:44
bwmOpenTokix: thanks for all your help14:53
rbasakstrikov: I don't know what the deb0 means.14:53
rbasakstrikov: but the -28 often refers to a sover, so that multiple sovers can be installed concurrently. This is helpful during transitions.14:54
rbasakstrikov: yeah so /usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28 is where the 28 comes from14:55
rbasakAnd apparently libgnutls-deb0 is the soname, hence the package name14:55
rbasakstrikov:14:56
rbasakgnutls28 (3.3.2-2) experimental; urgency=high14:56
rbasak  * Fix crashes due to symbol clashes when a binary ends up being linked14:56
rbasak    against GnuTLS v2 and v3 by bumping library symbol-versioning (and14:56
rbasak    therefore also the soname) in a Debian specific way, to make sure there is14:56
rbasak    no conflict with future:14:56
strikovrbasak: i thought that sover mimics the actual version of the codebase but it seems to be wrong14:56
strikovrbasak: thanks a lot!14:56
zetherooHi -  I am trying something out here with Ubuntu - I have LAMP stack installed and tt-rss - the idea is to now have some kind of blog page on the same server which can be updated with short IT messages for staff such as "service xyz is down ... we are working on a solution" - I was going to install Wordpress for this purpose, but it seems overkill. Is there anything else which could work?14:57
rbasakstrikov: speaking of which, your latest Juju packaging is great and fine to upload. I have one very minor comment though, for next time.14:57
rbasak"Change build dependency from gccgo to gccgo-go." could do with a reason.14:57
rbasakAs we try to explain _why_ in a changelog entry, as well as what, for when someone asks years later :)14:57
rbasakNo need for an update this time though. I'll upload.14:58
strikovrbasak: yeah, good point; thanks14:58
bananapiesarnold => I used debootstrap to run Debian Wheezy in a chroot in Ubuntu. I migrated all my services without rebooting. All that is left now is to install the debian linux kernel and reboot. In the mean time, the server is running perfectly in the chroot :)15:08
rbasakstrikov: Juju uploaded. Thank you! That was not a trivial piece of work.15:08
strikovrbasak: thanks YOU! I volunteer for a next release packaging; I hope i'll take much less time because i know what to do.15:09
ircfoxI am trying to set a pptp server at a vpn but it is currently not working. could someone help me figure how to solve it please?15:31
=== Techi is now known as Arrick
ArrickI have a server I am working on, and I need to know if "ifdown em2 && ifup em2" is the proper way to restart a nic (I dont want to run down and then up, or else i have to go onsite and run the up command.15:38
rbasakArrick: define "restart"15:38
rbasakArrick: if you want to change /etc/network/interfaces, ifdown, then edit, then ifup.15:39
Arrickrbasak, I changed the dns in etc/network/interfaces and also in /etc/resolv.conf15:39
rbasakSometimes you can get away with editing first, but that's not the "proper way"15:39
rbasakFor DNS changes you can get away with it though :)15:39
Arrickthe edit has already been done, and I am at a remote site.15:39
Arrickso I am wondering how to make the 2 commands run, so I can get back in15:40
rbasakI would run screen, then inside the screen "ifdown em2; ifup em2"15:40
Arrickit worked, nevermind.15:40
rbasakNot &&, since you want to at least try run ifup even if ifdown fails.15:40
bwmOpenTokix: sorry - back again: you were sorta right about different VH not being able to have different keep alive timeouts. :)  The 'sorta' is that's true for VH's on the same IP and port.  I found the bit of documentation you referred to and I think I understand it now.16:02
bwmOpenTokix: I still read that documentation as saying that the first VH config should override the server wide config timeout setting.16:03
bwmOpenTokix:  I think we agree from our testing that is not happening.  I'm back just to check that and whether you agree that documentation says the override should happen.  Or am I missing something.16:05
=== markthomas|away is now known as markthomas
ArrickGood morning all... I made a change to my apache2 configuration to make it match the server I am migrating from, and when I go to restart Apache2, it gives me an error... AH00526: Syntax error on line 44 of /etc/apache2/sites-enabled/000-default.conf: Invalid command 'NTLMAuth', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed.16:09
Arrick You can see my .conf (scrubbed for security) file at http://paste.ubuntu.com/10712945/16:09
Arrickany help getting this resolved would make me grateful.16:09
ircfoxHow do I test a port to see if its open or closed?16:10
rbasakArrick: NTMLAuth sounds like it's for a module not shipped with Apache by default. I'm not sure though. So maybe you need to install the module?16:13
Arricknot sure, lol... I just performed an apt-cache search, no such animal16:13
Arricknice, sourceforge is temporarily offline16:15
fullstopI think that sourceforge is just waiting for everyone to leave16:27
Arrickoh really?16:54
hallynAdri2000: vmbuilder is basically abandoned, but i couldn't pull it from the archive bc my patches to replace it with uvtool in adt weren't accepted in time for 14.04.18:19
guitarzanhi folks, does this ring any bells? GPG error: http://ubuntu-cloud.archive.canonical.com precise-updates/havana Release: The following signatures were invalid: BADSIG 5EDB1B62EC4926EA Canonical Cloud Archive Signing Key <ftpmaster@canonical.com>18:35
guitarzanzul: jamespage: adam_g said you might know about this? ^^^18:35
mgagneguitarzan: have this package installed? http://packages.ubuntu.com/precise-updates/misc/ubuntu-cloud-keyring18:48
guitarzanI assume so, let me check that box18:49
guitarzanthe havana archive worked before today18:49
mgagneotherwise I have nothing else to suggest =)18:49
guitarzanmgagne: haha, ok :)18:49
jathanHello Ubuntu channel. Does someone know how can I redirect one domain to another domain with ssl certificate using Apache 2.4 in Ubuntu 14.04 please?19:02
jathanI tryied already with virtual host conf and .htaccess and follow this link http://stackoverflow.com/questions/14565560/redirect-all-traffic-from-one-domain-to-another19:03
jathanBut the second domian still without redirecting to the first one19:04
jathanCan some help me please?19:04
jathansomeone I mean sorry19:04
=== JanC is now known as Guest51961
=== JanC_ is now known as JanC
BrianBlaze420jathan: check #httpd19:13
jathanOk thanks BrianBlaze42019:15
BrianBlaze420sorry I can't help you more then that I too have been trying to work this out with my same version ubuntu server19:16
Slingjathan: so you want to redirect from a ssl vhost to another ssl vhost?19:16
Slingthat should work fine, just use Redirect and two virtualhosts each with valid certificates19:17
Slingif it doesn't, feel free to share vhost configuration and details on what's going wrong :)19:18
jathanOnly 1 domain has the SSL Certificate of the entity19:18
jathanAnd the second domain does not have19:18
jathanWhere can I paste you my conf?19:19
Slingjathan: apaste.info for example19:19
jathanOk19:19
Slingit has highlighting for httpd config19:19
jathanThanks Sling :)19:19
jathanDone. http://apaste.info/9Di and http://apaste.info/QYQ19:24
Slingjathan: these are essentially the same vhost?19:26
Slingjust the servername/serveralias swapped19:26
Slingah no, but both are handling www.crieit.com.mx19:27
jathanyes19:27
Slingwhy?19:27
jathanwww.crieit.mx is the domain with SSL19:27
jathanIs not correct then19:28
jathanboth handle www.crieit.com.mx19:28
Slingi still don't know what you're trying to do exactly and why19:28
jathanOk. I will explain :)19:28
Slingalso the proxypass directives are not done correctly19:29
Slingthe path you give there should be part of the URI, not an absolute filesystem path19:29
jathanwww.crieit.mx is the main domain and the one that have the SSL authority certificate form entitity. www.crieit.com.mx has not no one SSL cetificate19:30
jathanAnd is the domain that I want that can redirect to www.crieit.mx19:30
Slingokay19:30
jathanDo I delete the proxy part?19:31
SlingI don't know why it's there19:31
Slingif you don't know either, remove it :)_19:31
jathanBecause I tried different methods ja19:31
jathanOOk19:31
Slingalso remove the mod_rewrite stuff too, you don't need that for redirecting19:31
Slingand remove the ServerAlias'es19:32
jathanOk19:32
jathanIn both files?19:32
Slingyou should have one <VirtualHost *:443> ServerName www.crieit.mx ... <VirtualHost> and one <VirtualHost *:80> ServerName www.crieit.com.mx ... <VirtualHost>19:32
Slingthen put 'Redirect / https://www.crieit.mx' in the non-ssl vhost19:33
Slingand you should be done19:33
jathanOk. Here I go.19:33
Slingsorry those '... <VirtualHost>' should be '... </VirtualHost>'19:34
Slingin the non-ssl vhost you don't need a DocumentRoot btw, just the ServerName and Redirect line are all19:34
Slingassuming you want to redirect *everything* landing there19:35
jathanI if activated .htaccess and created a file in both domains in /var/www/html/crieit.com.mx and /var/www/html/crieit.mx does this affect to virtual conf files in sites-available19:35
jathan?19:35
Slingno need for htaccess if you have access to the main config19:35
jathanOk19:35
Slingjust leave it disabled19:35
jathanDone Sling.19:45
jathanI restarted apache but still appearing Your connection is not private19:45
jathanif I enter https://www.crieit.com.mx/19:45
Slingwell, of course19:45
jathanI will paste you my files again19:46
Slingthat's not what you said you wanted19:46
Slingyou can only redirect http://www.crieit.com.mx to https://www.crieit.mx19:47
jathanSorry maybe I do not explained well. I refer that https://www.crieit.com.mx/ sends to https://www.crieit.mx/19:47
jathanIf it is possible19:47
jathan?19:47
Slingyou can only do that with a certificate that is valid for www.crieit.com.mx19:47
jathanAh I see19:47
Slingotherwise it would be a big flaw in the ssl protocol :)19:48
jathanjaja19:48
ArrickGood Afternoon All, I am trying to get a Totara Moodle site up and running all the way, however, I have an issue with a "broken helper" for the single signon with active directory.... Here is my 000-default.conf file,  http://paste.ubuntu.com/10712945/ and my errors can be found at http://pastebin.com/tkaJqDKkI am running Apache 2.4.7 on Ubuntu server 14.04.. Any help would be appreciated.19:49
jathanSo I can not link the url https://www.crieit.com.mx to https://www.crieit.mx as symbolic link (for mean something)19:49
bekksArrick: "This paste has been removed".19:50
Arrickok, pasting again.19:50
Arrickhttp://paste.ubuntu.com/10714203/19:51
Slingjathan: nope19:53
Slingthink about it, the http client (browser) sends a HTTPS request with the Host header 'www.crieit.com.mx' to the webserver, apache will pick the right vhost for this Host header, and then start a SSL negiotiation for that hostname19:54
Slingthen the SSL certificate is offered to the browser, which sees a different hostname in the certificate, and gives you an error19:55
Slingonly after the ssl handshake is done and the browser accepts the certificate, then the rest of your config like proxy's or serving files would be relevant19:55
SlingArrick: seen https://bugs.launchpad.net/ubuntu/+source/apache-mod-auth-ntlm-winbind/+bug/1304953/comments/2 ?19:58
jathanO wow. That was my problem all the time besides start to set up Web Servers19:58
ArrickSling, yep, tried it19:59
jathanThank you very much Sling. You helped me a lot and resolved my dudes :)19:59
Slingnp :)19:59
SlingArrick: ok :) no clue then, never used that module19:59
Arricklol20:00
ArrickI've been googling since I last posted in here, trying to find the answer on my own first.20:00
jathanIt is possible do the same with www.crieit.mx (without ssl link) to https://www.crieit.mx?20:09
jathanI created another virtual host for it, but does not work20:09
jathanFollowing the same for www.crieit.com.mx20:09
Arrickhey, based on this line in my 000-default.conf is there a module or something I need to install?  NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"20:10
jathanI only changed name server20:10
Slingjathan: read what i said before about the *:80 and *:443 vhost20:11
jathanOk Sling :)20:11
jathanThe fact is that I tried creating a fille named /etc/apache2/sites-available/crieit.mx_wssl.conf20:14
jathan)without ssl)20:14
jathanLeaving *:8020:14
jathanSince the beggining20:14
jathanOh I forgot enabled20:15
jathanwith the command20:15
jathanSorry let me check20:15
jathana2ensite20:16
jathanYes :)20:17
jathanThanks Sling20:17
Slingyw20:18
diphtherialhey, i've been having this inexplicable issue lately where every time i attempt to install a python package (say, via pip) even into a virtualenv, it reports that i don't have space on the device20:19
diphtherialdf isn't reporting that anything is full, though: https://dpaste.de/xORj20:19
tewarddiphtherial: actual error message?20:19
diphtherialteward: https://dpaste.de/hyrO20:20
Picidiphtherial: tmp is full though.20:21
teward^20:21
Slingrecreate the tmp mount with more space20:21
diphtherialtrue...hrm. i'm confused that it's only 1mb in size20:21
diphtheriali hadn't run into this problem before today and i've been using this VPS for a good two years now...20:21
Slingmount -t tmpfs -o size=<bytes>,mode=1777 overflow /tmp20:21
Slingafter unmounting the current one20:22
diphtherialSling: alright, sounds reasonable; thanks20:22
Slingdid your / fill up recently?20:22
diphtherialit did, but i resolved it by adding an extra volume to the VPS and moving my giant postgres db to it20:22
Slingthis is a remnant of ubuntu panicing about that :)20:22
diphtherialaha, fascinating20:23
diphtheriali'm kind of nervous to modify my fstab...the last time i did, the VPS became unbootable and i had to wait two days for my VPS maintainer to reboot the machine20:24
diphtherial(my VPS provider -- also my university -- doesn't have a means to get console access. they only you to access the server via ssh, which is impossible if it's halting before sshd comes online)20:24
diphtheriali'm having some trouble unmounting /tmp; the system is complaining that it's in use, which makes sense...20:26
tewardis remount a avlid option?20:28
tewardi.e. mount -t tmpfs -o remount,size=<bytes>,mode=1777 overflow /tmp20:29
teward(not sure, don't run unless someone confirms)20:29
diphtherialnoted, thanks. on a side note, what's a reasonable size for it? apparently 1mb is far too small20:30
=== markthomas is now known as markthomas|away
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== markthomas|away is now known as markthomas
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!