/srv/irclogs.ubuntu.com/2015/04/17/#ubuntu-server.txt

andre_pl	this live disk doesn't have smartctl, how can I get the serial number of a drive? I'm not sure which one I just wiped :)	00:10
sarnold	try lshw?	00:11
andre_pl	there we go, thanks :)	00:12
andre_pl	so, I booted my machine back into its original os (the same hardware that just had a working array) and on startup I get: mdadm: superblock on /dev/sdd doesn't match others - assembly aborted. then a bit further down [....] Cleaning up temporary files...	00:19
andre_pl	but it seems hung there	00:19
andre_pl	it eventually booted but theres no sign of the array here... :\	00:31
andre_pl	nothing in /proc/mdstat or mdadm --detail	00:31
ebonics	having an issue with dovecot.. it's not sending AUTH LOGIN. if anyone can check if my configs are wrong thatd be great: https://dpaste.de/aqcb	00:37
sarnold	ebonics: is there anything inthe logs?	00:40
ebonics	sarnold, not in mail.log or mail.err, but i have a feeling it's just configured wrong	00:42
sarnold	ebonics: does dovecot have its own log file?	00:42
ebonics	sarnold, afaik it just logs to those two	00:43
zerowaitstate	ebonics: it often does. rsyslogd has a config file that routes some syslog traffic to different files	00:43
andre_pl	anyone have any thoughts as to why the live CD auto assembled my array, but an older debian install won't due to the non-matching superblock?	00:43
andre_pl	or how I can safely correct it?	00:44
ebonics	hmm ok ill investigate zerowaitstate thanks	00:44
ebonics	ok sarnold zerowaitstate it's just using method=PLAIN	00:46
ebonics	is there some reason why it would default to that?	00:47
zerowaitstate	as opposed to what?	00:48
ebonics	auth_mechanisms = plain login	00:48
ebonics	isn't login a method?	00:48
zerowaitstate	what type of login mechanism do you want?	00:49
ebonics	i thought that "LOGIN" was a mechanism, which explains the AUTH LOGIN smtp packet header	00:49
ebonics	i had it working before but i guess i broke something	00:49
zerowaitstate	are we talking about SMTP or dovecot?	00:51
ebonics	dovecot	00:51
zerowaitstate	SMTP is Postfix, not dovecot	00:51
ebonics	so when i telnet to port 587 what protocol is that ?	00:51
zerowaitstate	ESMTP	00:52
ebonics	which is dovecot right?	00:52
zerowaitstate	which is being handled by Postfix, as shown in your dpaste	00:52
ebonics	oh..	00:52
ebonics	i thought that it just meant that dovecot was delegating to postfix	00:52
ebonics	shouldn't it be going through dovecat?	00:53
zerowaitstate	there is some interaction yes, because dovecot needs to know where postfix is storing messages for that domain	00:53
zerowaitstate	postfix handles SMTP, dovecot handles POP3/IMAP	00:53
zerowaitstate	I realize it's confusing	00:53
ebonics	like for a mail client i have it configured to port 587 and under imap	00:54
ebonics	and yet when i telnet to port 587 it's using ESMTP	00:54
ebonics	so i don't really understand	00:54
zerowaitstate	SMTP is what your mail client is using to SEND MAIL. IMAP is what your client is using to CHECK MAIL.	00:54
ebonics	oh wow my mail client is using port 143.. what the	00:54
zerowaitstate	they are two totally different protocols. for historical reasons, mostly, they are handled by two different software packages	00:55
ebonics	okay i understand now zerowaitstate thanks	00:55
ebonics	so really postfix is my problem zerowaitstate?	00:56
zerowaitstate	are you having problems sending mail, or checking mail?	00:56
ebonics	i'm hitting spambox in my tests when i send mail. so i tried telnetting and realised it wasnt sending the AUTH LOGIN packet so i assume that has to do with it	00:57
zerowaitstate	hitting spambox...i don't follow	00:57
ebonics	my mail is being sent to spam	00:57
ebonics	because of some auth or validation related reason	00:58
ebonics	ie. it wasn't hitting spam earlier and it was using AUTH LOGIN	00:58
zerowaitstate	mail you are sending is being sent to the spam folder when someone else receives it?	00:58
ebonics	when i receive it	00:58
ebonics	yes	00:58
ebonics	my server -> my gmail account	00:58
zerowaitstate	ah, so you are testing by sending to yourself?	00:58
ebonics	gmail spamboxes it	00:58
ebonics	yes	00:59
zerowaitstate	okay. unfortunately, the answer is "it's complicated"	00:59
zerowaitstate	ebonics: your smtp server is functioning, however, Google does not fully trust it	00:59
zerowaitstate	ebonics: there are a number of reasons that can happen.	00:59
zerowaitstate	ebonics: lack of DKIM / SPF records for the domain can be one reason	01:00
zerowaitstate	ebonics: the lack of SSL support server-to-server can be another	01:00
ebonics	zerowaitstate, shouldn't it be using SSL	01:01
ebonics	i implemented a cert	01:01
zerowaitstate	ebonics: also, if you are sending from an IP block that is a previous known abuser, it may be blacklisted	01:01
ebonics	and zerowaitstate thanks for the info, however i wasn't hitting spambox earlier and i noticed in my telnet adventures that it was sending AUTH LOGIN, while now it's not	01:02
ebonics	so i feel like that's likely the problem at hand at this moment	01:02
ebonics	zerowaitstate, are you saying the AUTH LOGIN is handled by postfix?	01:03
zerowaitstate	ebonics: AUTH LOGIN is what the client sends, not the server	01:03
ebonics	zerowaitstate, how :\| i swear it was sending AUTH LOGIN earlier..	01:03
=== markthomas is now known as markthomas\|away
zerowaitstate	ebonics: and yes, SMTP is handled by postfix, so the config you're interesting in is there	01:04
zerowaitstate	ebonics: ah, yeah, you definitely have a postfix problem	01:04
zerowaitstate	ebonics: it looks like you are operating an open SMTP without authentication	01:04
ebonics	lol	01:04
ebonics	:\|	01:04
zerowaitstate	ebonics: however there is a little caveat. It may be that postfix is set up to support pop-before-smtp which allows you to use smtp from an ip address without authentication if you used pop/imap from that same address recently	01:07
ebonics	zerowaitstate, i haven't enabled pop3 as far as i know	01:08
ebonics	zerowaitstate, shall i post my postfix conf?	01:08
zerowaitstate	yeah, but the same is true for imap I believe	01:08
ebonics	zerowaitstate, https://dpaste.de/yObJ	01:09
zerowaitstate	I actually have to go in a sec. However, I would recommend you check smtp from a different IP address that has not checked mail via POP/IMAP to that server recently.	01:09
ebonics	zerowaitstate, okay, thanks for the help.	01:09
zerowaitstate	ebonics: based on my prior experience with dovecot, my guess is you checked mail from your computer, then ran your smtp test and it didn't attempt to authenticate you due to dovecot telling postfix via SASL that you were already legit.	01:10
zerowaitstate	ebonics: the reason imap-before-smtp is used is so people putting in their email stuff on their phones, etc, don't have to enter a username/password twice for both imap and smtp	01:11
ebonics	zerowaitstate, that's possible. i'm using thunderbird so it will be using my ip	01:11
zerowaitstate	ebonics: i think it's poor security personally	01:12
zerowaitstate	ebonics: but it's a very popular default configuration	01:12
ebonics	zerowaitstate, it seems good for large scale systems for performance	01:12
zerowaitstate	http://en.wikipedia.org/wiki/POP_before_SMTP	01:12
zerowaitstate	http://wiki2.dovecot.org/HowTo/PopBSMTPAndDovecot	01:13
ebonics	zerowaitstate, do you know how i can flush the session or whatever it is so i can do proper testing	01:13
zerowaitstate	no idea, but it's probably in the dovecot docs	01:13
zerowaitstate	since dovecot is handling the user database	01:13
zerowaitstate	ebonics: performance has nothing to do with it. there is very little performance hit in checking a password, especially compared to doing things like TLS	01:14
ebonics	zerowaitstate, there could be if the database isn't threadsafe	01:15
zerowaitstate	ebonics: also, NAT screws up POP before SMTP	01:15
zerowaitstate	ebonics: username/password databases are key value stores. it's very easy to make a key-value store threadsafe	01:15
zerowaitstate	ebonics: anyway, I got to eat. take it easy	01:15
ebonics	seeya zerowaitstate thanks for the help	01:16
andre_pl	patdk-lap: as I suspected, mdadm says the 2TB is too small to replace the 3, so i'm going commando	01:37
cyclob\|work	hi guys, trying to set up munin cgi using this guide: http://munin-monitoring.org/wiki/MuninConfigurationMasterCGI but all i get is 403 forbidden :S any help on what to do	01:37
patdk-lap	hmm	01:37
andre_pl	is it basically fail & remove /dev/sdX1, then add /dev/sdX	01:37
andre_pl	no format in between?	01:38
patdk-lap	you can	01:38
andre_pl	from your reply i gather there is a better way?	01:39
patdk-lap	not really	01:39
patdk-lap	have two options	01:39
patdk-lap	get a larger disk to rotate with	01:39
patdk-lap	or make your raid array with your 2tb, and copy it all over	01:39
patdk-lap	and copy it all back	01:39
patdk-lap	would be the only 100% safe way	01:40
andre_pl	i'll take my chances with the swaps	01:40
patdk-lap	doing a drop and add is ok	01:40
patdk-lap	but there can be risk during the time	01:40
andre_pl	by doing that as I said above, it will use the full disk instead of a partition, and I'll get the full 3tb each once it's all done?	01:40
patdk-lap	it will see the full 3tb	01:41
patdk-lap	but it won't use it till you tell it to grow	01:41
patdk-lap	and it won't grow till your done	01:41
andre_pl	ok I just saw something frightening	01:42
andre_pl	resync claims to be WAY faster than last time, and if I'm reading it right, mdadm says there's only 2tb of data instead of 5ish	01:43
andre_pl	Used Dev Size: is that per disk? or total occupied space?	01:44
patdk-lap	per disk I think	01:44
andre_pl	I guess I can mount it and see if anything is missing?	01:44
andre_pl	it seem wierd that a ton of data would just disappear like that	01:44
andre_pl	but i'm also worried about how the previous OS wouldn't reassemble the array	01:44
patdk-lap	ya, per disk	01:45
andre_pl	phew	01:45
patdk-lap	Array size is total	01:45
andre_pl	the resync is gonna take 350 mins.. last time it was 1200	01:46
andre_pl	i dont think these disks are that much faster	01:46
patdk-lap	newer faster disks	01:46
andre_pl	possible I guess...	01:47
andre_pl	scary.. I should have looked closer at the files to make sure they were all there	01:47
=== zz_DenBeiren is now known as DenBeiren
=== NiTeMaRe is now known as NiTe
=== NiTe is now known as NiTeMare
=== NiTeMare is now known as NiTeMaRe
=== sl0wz is now known as slowz
=== slowz is now known as Guest63161
=== slowz_ is now known as slowz
ruben23	hi guys	05:20
ruben23	i have an existing ubuntu server with apps - when i do apt-get update does it effect the other apps installed or update them also..?	05:20
ruben23	any idea guys	05:20
sarnold	ruben23: how did you install those other apps?	05:21
ruben23	i worry my server might get broken when i run - apt-get update	05:21
ruben23	they are install by package, some are by source	05:21
sarnold	when you built packages by source, did you install them into /opt/ or /usr/local or did you install them into /usr?	05:22
ruben23	/usr/local some are /usr/src	05:22
sarnold	okay, those should be left alone, packages should leave /usr/local alone, some packages od install into /usr/src but that's mostly kernel headers, I think...	05:23
sarnold	now, the packages, how did you install those packages? did you download .deb files and use dpkg -i on them? or did you add new repositories to your /etc/apt/sources* files?	05:24
=== Lcawte\|Away is now known as Lcawte
=== Lcawte is now known as Lcawte\|Away
=== cipi is now known as CiPi
arcsky	i did chmod -R 700 /home/user and now all files are green	08:55
lordievader	Good morning.	08:55
jrwren	arcsky: dont' do that. :)	09:08
ebonics	anyone know if its common for GNU mailman with default settings to be hitting gmail spambox on postfix (DKIM + SPF enabled) setup? i don't hit spambox when just sending through postfix	09:08
arcsky	jrwren: how should i make it then? if i dont want other users to list my home dir?	09:31
=== Lcawte\|Away is now known as Lcawte
=== 20WAA3BE8 is now known as misty_g3ar
=== misty_g3ar is now known as g3ar
=== g3ar is now known as misty_gear
=== misty_gear is now known as gear
=== misty_g3ar is now known as g3ar
jrwren	arcsky: without the -R	09:53
jrwren	arcsky: -R means recurse. It sets mode on all files and dirs in that dir recursiverly	09:54
arcsky	jrwren: danke	10:04
arcsky	jrwren: how can i switch back fist to default mode?	10:06
jrwren	arcsky: you cannot.	10:12
spyridonas	Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)"	11:06
spyridonas	The mailbox path is wrong but i can't find it to change it , where is it located?	11:06
spyridonas	Any ideas?	11:16
=== Lcawte is now known as Lcawte\|Away
spyridonas	Hello guys i tried to setup postfix/dovecot with virtual emails but i recieve the following error "status=bounced (cannot update mailbox /home/admin//var/vmail for user admin unable to create lock file /home/username//var/vmail.lock: No such file or directory)"	11:34
spyridonas	The mailbox path is wrong but i can't find it to change it , where is it located?	11:34
strikov	spyridonas: http://www.postfix.org/postconf.5.html#home_mailbox	11:49
strikov	'Optional pathname of a mailbox file relative to a local(8) user's home directory.'	11:49
spyridonas	Oh , how i see the user home directory?	11:50
spyridonas	strikov : cat /etc/passwd says vmail:x:2000:2000:Virtual Mailboxes,,,:/var/vmail:/usr/sbin/nologin	12:00
spyridonas	strikov: can i modify it so its /var/vmail?	12:03
strikov	spyridonas: it depends on what you want to achieve; 'If set, mail_spool_directory specifies an absolute path where mail gets delivered. Alternatively, if set, home_mailbox specifies a mailbox relative to the user's home directory where mail gets delivered.'	12:05
strikov	spyridonas: you seems to have home_mailbox=/var/vmail which is probably wrong	12:08
spyridonas	strikov: thanks this seems to fix it but no i don't recieve the email at all, and no errors to be found	12:08
strikov	spyridonas: what did you do exactly?	12:08
spyridonas	strikov: the logs says everything is ok	12:09
spyridonas	strikov: i commented out the home_mailbox and set mail_spool_directory to be /var/vmail	12:09
strikov	spyridonas: i think you receive mail w/o any issues now but it gets placed to some unexpected folder	12:09
strikov	spyridonas: it should be placed into /var/vmail then	12:09
spyridonas	strikov: but i have virtual mailboxes that defined like that mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes	12:10
spyridonas	strikov: but that's inside dovecot	12:11
spyridonas	strikov: i also have "virtual_mailbox_base = /var/vmail"	12:12
spyridonas	strikov: on postfix	12:12
strikov	spyridonas: i'm not an expert but i assume that you have two options	12:12
strikov	spyridonas: you either store mail for user X inside /home/X/<something>	12:12
strikov	spyridonas: or you store all the mail inside /var/vmail/ and do sorting there	12:13
strikov	spyridonas: which way you want?	12:13
strikov	If you want 1st way (which is simpler) you do home_mailbox = Maildir/	12:13
spyridonas	strikov: the 1st because virtual emails are stored like so "/var/vmail/domain/user/"	12:13
strikov	and then (when you receive mail) mutt -f ~/Maildir	12:14
strikov	this dir should exist i think	12:14
spyridonas	strikov: that means i have to delete everything postfixadmin created and redo the whole virtual mail boxes setup....	12:15
strikov	spyridonas: you want 2nd way then (I think) not 1st	12:15
spyridonas	strikov: the problem is that the directories are variables	12:16
spyridonas	strikov: i don't want all emails to /var/vmail , i want the email from admin@example.com to be on /var/example/admin/ and the email from admin@example2.com to be on /var/example2/admin.	12:17
strikov	spyridonas: try to comment out both mail_spool_directory and home_mailbox	12:18
strikov	spyridonas: it seems to me that you have a working config but this home_mailbox thing simply broke everything	12:19
spyridonas	strikov: hmm... still nothing	12:20
strikov	spyridonas: define 'nothing'	12:21
spyridonas	strikov: i wonder why virtual_mailbox_base doesn't simple override everything	12:21
strikov	spyridonas: check /var/vmail/*	12:21
strikov	spyridonas: i assume that you should get mail to /var/vmail/%d/%n/Maildir as you defined in the config	12:21
spyridonas	strikov: /var/vmail has nothing delivered to it and the domain folders i cant understard if something was just added	12:21
spyridonas	strikov: the Maildir has .Archive, .Drafts etc...	12:22
spyridonas	strikov: but nothing delivered to it	12:22
strikov	spyridonas: Maildir is used only when home_mailbox is set	12:23
strikov	spyridonas: you either use it or not	12:23
strikov	spyridonas: we came to conclusion that you don't want to have it	12:23
spyridonas	strikov: ok i dont want it then	12:24
spyridonas	strikov: sure	12:24
strikov	spyridonas: so, you don't have home_mailbox in the config?	12:24
strikov	spyridonas: you don't forget to restart the thing, right?	12:24
spyridonas	strikov: i do have it commented out because its relative the user	12:25
spyridonas	strikov: home_mailbox	12:25
spyridonas	strikov: relative to user means /home/vmail but i have it on /var/vmail. Should i just delete the Maildir part of "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes"	12:27
spyridonas	strikov: but then indexes doesn't exist...	12:27
spyridonas	strikov: should i simply copy the folder to /home/vmail instead ?	12:29
strikov	spyridonas: /var/vmail/%d/%n/Maildir means that mail will be stored at /var/vmail/<domain>/<user>/Maildir	12:30
strikov	spyridonas: you either want this or not	12:30
strikov	info@example.com will be store at /var/vmail/example.com/info/Maildir	12:30
spyridonas	strikov: i don't mind if i copy it to the parrent folder, the problem is the parrent folder doesn't have indexes folder which its used latter	12:31
strikov	spyridonas: i don't understand you problem	12:31
spyridonas	strikov: "mail_location = maildir:/var/vmail/%d/%n/Maildir:INDEX=/var/vmail/%d/%n/Maildir/indexes"	12:31
spyridonas	strikov: says on dovecot	12:31
spyridonas	strikov: i can simple made it "mail_location = maildir:/var/vmail/%d/%n"	12:32
spyridonas	strikov: but i wont have the indexes part	12:32
strikov	spyridonas: for what reason?	12:32
spyridonas	strikov: because i dont want to user Maildir	12:32
strikov	spyridonas: you want to 'convert' existing mail database into a new hierarchy of folders?	12:33
spyridonas	strikov: no i don't care the existing mail database is empty	12:33
strikov	spyridonas: i don't know if Maildir name is required or not by some other components	12:34
strikov	spyridonas: i'd stick with a regular way and don't invent the wheel	12:34
spyridonas	strikov: i will delete i then	12:34
spyridonas	strikov: if that doesn't work i will re-do it	12:35
spyridonas	strikov: it doesn't work.. i will re-do it again, thanks for helping me out	12:39
strikov	spyridonas: yw	12:39
spyridonas	Hello guys is there any way to track a directory when new files are created?	13:42
dasjoe	inotify?	13:46
purplehorace	Hi looking for some help on a strange problem with ubuntu server and apache2	13:47
purplehorace	I have the system set up and there is an index.html being served in /var/www/	13:48
Sling	spyridonas: yeah, inotify could be used for this, you can let it 'monitor' a specific location	13:48
Sling	use the google power to find out how exactly	13:48
purplehorace	I have tried to remove the index.html to try and use an index.php but no matter what I do it always returns the content of the index.php even if I move it out of the way ???	13:49
Sling	purplehorace: most likely due to browser caching	13:49
spyridonas	Sling: Thanks, i can't recieve emails but i can't understand where the files end up.	13:49
Sling	purplehorace: or do you mean it returns the contents of index.html instead of index.php ?	13:49
teward	purplehorace: purge your browser cache and retry	13:49
purplehorace	The browser is rendering the index.html and the server isn't serving the index.php even though its there. I thought it should use the php if the html isn't there	13:54
dasjoe	purplehorace: check /etc/apache2/sites-enabled/ for enabled sites and their docroot	13:55
purplehorace	OK I'll have a check of settings, thanks	13:56
Sling	purplehorace: make sure DirectoryIndex lists index.php before index.html	13:59
Sling	but still, if index.html doesn't exist and your browser still 'gets' the index.html contents, its definitely caching	13:59
Error404NotFound	How do I know which screen session i am connected to from within a screen session, assuming have multiple screen sessions running and I am connected to others too from same machine.	14:07
Sling	Error404NotFound: screen -list will show the PID's	14:15
Sling	so from within one of the screens do echo $PPID	14:15
Sling	and that should correspond to one of them	14:15
Error404NotFound	hmmm, let me try	14:15
Sling	assuming your shell is a child process of the screen process	14:15
Error404NotFound	Sling: awesome	14:17
Error404NotFound	thanks	14:17
spyridonas	Hey guys how can i change postfix default email save location?	14:20
Sling	spyridonas: postfix is usually not the daemon 'saving' email	14:21
Sling	its an MTA	14:21
spyridonas	if i change home_mailbox = it only appends whatever i type to /home/username/whatever/i/typed/	14:21
Sling	ah	14:22
Sling	spyridonas: the most flexible would be letting postfix deliver it to procmail	14:22
Sling	and then each user can have its own procmail rules	14:22
spyridonas	Sling: i have already setup dovecot/postfix, currently it doesn't work because emails end up on wrong directories	14:23
spyridonas	Sling: i have them setup with virtual domains and emails	14:23
Sling	spyridonas: so what does your main.cf look like?	14:24
Sling	you would normally have something like "virtual_transport = lmtp:unix:private/dovecot-lmtp" for a postfix+dovecot stack	14:24
Sling	and then have lmpt listed in the 'protocols' section in dovecot.conf	14:25
spyridonas	Sling: like this http://pastebin.com/mFjyh5uG	14:25
spyridonas	Sling: i dont have what you said	14:27
Sling	I see that	14:27
Sling	is this a new setup you're building or/	14:28
spyridonas	Sling: it's new i dont care if i loose emails, i followed this guide http://serion.co.nz/howto/howto-setup-mailserver-using-postfix-mysql-dovecot-postfixadmin-amavis-new	14:28
spyridonas	Sling: i need postfixadmin	14:28
Sling	why?	14:28
spyridonas	Sling: map files are exactly the same with this guide	14:30
spyridonas	Sling: i need to have multiple hosts with accounts end up in the same server	14:30
Sling	what I use is mysql for storing the domains/maps/aliases	14:31
Sling	like, virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf	14:31
Sling	which then contains something like http://paste2.org/I1BUI5O4	14:31
Sling	then you can use SQL to manage your postfix stuff, or phpmyadmin, etc	14:32
Sling	but maybe this is a topic for #postfix :)	14:32
spyridonas	Sling: well i only need to change the directory , everything else works	14:33
spyridonas	Sling: i can send emails , all emails have ssl, dmarc,dkim, and a bunch of stuff	14:33
Sling	dovecot should be storing your incoming mails	14:33
Sling	not postfix	14:33
spyridonas	Sling: i can't recieve them because that config doens't work... :S	14:34
Sling	..	14:34
=== Lcawte\|Away is now known as Lcawte
=== markthomas\|away is now known as markthomas
=== utlemming is now known as utlemming_kitche
tash	anyone know if you can configure unattended upgrades to notify only, but not actually upgrade?	16:25
tash	i can't seem to find it in docs	16:26
rbasak	tash: maybe --dry-run?	16:29
rbasak	tash: you might have to modify /etc/cron.daily/apt though	16:30
rbasak	tash: also note that you can run /usr/lib/update-manager/apt-check from a script	16:30
rbasak	(I'm not sure that's "official" API though)	16:31
=== martins-afk is now known as martinst
ebonics	is it normal for mailman to be getting spam filtered by gmail with default settings (im using postfix with DKIM and SFP setup)? note: i dont get the same results with just postfix alone.	16:48
=== martinst is now known as martins-afk
=== ruben_ is now known as Guest34824
=== martins-afk is now known as martinst
=== martinst is now known as martins-afk
lhorace	Hello	19:17
lhorace	I have a KVM with 238MB.... Webmin fits nicely but when it runs apt-show-versions... OOM get's excuted	19:17
lhorace	I am just curious, apt-show-versions needs a lot memory to run? I assume it loading stuff into MEM?	19:18
=== lhorace is now known as Negor
=== Negor is now known as lhorace
ebonics	lhorace, https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04	19:21
lhorace	ebonics: I know how... The KVM came with template but since you mention that	19:22
lhorace	I am going to see if I can add swap	19:22
lordievader	lhorace: Is apache running on the same box?	19:29
lhorace	Nope, just mail box	19:30
lhorace	just Postfix, webmin	19:30
lhorace	sshd	19:31
lhorace	There extra process that I am not using and I am going to kill	19:31
lhorace	dbus,init, and kernel pids	19:32
lhorace	I don't recall how to resize EXT4 so I am looking up that information	19:33
lordievader	resize2fs	19:33
lordievader	Anyhow 238Mb is really tiny...	19:33
lhorace	The assigned size is... 9.9GB total with 1.1Gb in use	19:33
lordievader	Assigned size of what?	19:34
lhorace	For the plan that I have	19:34
lordievader	What?	19:34
lhorace	It's 238MB with 9,9GB	19:34
lhorace	I am renting a KVM from a hoster and they assigned me 238MB with 9.9GB	19:34
bekks	Can you pastebin "free -m" please?	19:35
lhorace	I am also renting another KVM, which is 512MB, a bit bigger but I am using for something else	19:36
lhorace	They are Cloud Service	19:37
lhorace	http://pastie.org/10098764	19:37
lhorace	Both have Ubuntu 14.04	19:37
bekks	!webmin	19:38
ubottu	webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.	19:38
lhorace	bekks: I don't have issues with Webmin on Ubuntu	19:38
bekks	For a small mailserver, the 154M free would be ok. For nothing else.	19:38
bekks	Well, it isnt supported anymore on Ubuntu.	19:39
lhorace	Okay, thanks	19:39
lhorace	Umm, where you get 154M?	19:39
lhorace	You adding the cache and free?	19:39
lhorace	BTW, This box relays mail to another box	19:39
bekks	Yes. Because thats the RAM available to applications.	19:39
bekks	http://www.linuxatemyram.com/	19:40
lhorace	That does the actual deveilvery	19:40
lhorace	bekks: Thanks, I read up Linux memory management actually	19:40
lhorace	If I sound dumb, not trying to be	19:41
lhorace	I think swap of size 300MB should be good enough	19:44
lhorace	I can't resize2fs, it's online	19:48
lhorace	"resize2fs: On-line shrinking not supported", I am going to have to ask the admins to do it for me	19:50
lordievader	What kind of filesystem is it?	19:55
lhorace	Ext4, I am going to look into a swap file	19:56
lordievader	Ah, shrinking... live extending is supported. Read that wrong...	19:58
lhorace	yeah	19:58
lhorace	I was going to make room for a swap partition since that's most recommended	19:59
lhorace	swapfile is the most easiest fixed and the admins are not in the mood	19:59
lhorace	bekks: lordievader http://pastie.org/10098824	20:06
bekks	And?	20:07
lhorace	Thanks for the suggestion, that really helped me a lot, wasn't sure how to solve the problem... I was thinking of disabling Webmin from running apt-show-version... When it runs, it jumps, then processes based on score start to be killed	20:07
lhorace	bekks: Just show you I resolve the problem	20:07
lhorace	bekks: Better?	20:07
bekks	So you added a swap file then?	20:09
lhorace	yup	20:09
bekks	Did you change swappiness too, as well as changing the default behaviour of the OOM killer?	20:10
lhorace	Uh, I was thinking about swappiness but as for OOM killer behavior.. I still have more to read	20:10
lhorace	I think, with 60, that should be good enough, I am not sure I really want to go for agressive swappiness	20:11
lhorace	KVM is on SSD	20:11
bekks	Well, you actually dontwant to swap at all, if it can be avoided. So set vm.swappiness=5 or 10 in /etc/sysctl.conf	20:11
lhorace	Hmmm, good point	20:12
lhorace	I will see	20:13
bekks	And set vm.oom_kill_allocating_task=1 too	20:13
lhorace	What does that do?	20:13
bekks	When you are running out of memory, the OOM killer starts to randomly kill processes until the situation is resolved. You actually never want that. You want the process which causes the situation to be killed.	20:14
lhorace	bekks: Okay, my observation, apt-show-versions get's killed	20:15
lhorace	Then, I have tmux	20:15
lhorace	So, I don't see ramdoniess, thus far	20:15
lhorace	webmin which is the parent, get's killed but the time span	20:16
lhorace	The parent of 'apt-show-versions'	20:16
bekks	So if tmux causes the OOM situation, and webmin gets killed, thats random death.	20:16
lhorace	lol	20:16
lhorace	Okay	20:17
lhorace	I so a lot of tmux inovked OOM	20:17
lhorace	s/so/saw/	20:17
lhorace	For now, my critical serices keep running	20:17
lhorace	services*	20:18
lhorace	bekks: Actually, the template, so swapiness to 0	20:19
lhorace	s/so/set/ I don't have great spelling skills	20:19
bekks	So if tmux is causing the OOM, set vm.oom_kill_allocating_task=1 to make sure tmux gets killed then.	20:20
lhorace	okay, set	20:20
=== SJrX is now known as SJr
=== NomadJim_ is now known as NomadJim
=== Lcawte is now known as Lcawte\|Away
Peiniger	I’m logged in to a server that is rejecting all new connections. In /var/log/auth.log I’m seeing the following message: Connection closed by myipaddress [preauth]	22:45
Peiniger	I’ve restarted ssh and verified authorized_keys hasnt been changed.	22:46
lhorace	Peiniger: not enough information	22:51
lhorace	SSHD might be closing the connection just becaust	22:51
Peiniger	What other info would you like?	22:51
lhorace	You can put SSHD in DEBUG mode	22:52
Peiniger	Can I put it in debug mode without losing my current connection?	22:53
lhorace	Peiniger: openSSH spawns SSH clients	22:54
lhorace	so, you can restart SSHD witout affecting your current session	22:54
pmatulis	Peiniger: pastebin what you get with the client in verbose mode (ssh -v). could be a number of things. like permissions of .ssh directory or key files	22:54
Peiniger	no problem. 1 minute please	22:54
pmatulis	more v's are possible but one is usually good (ssh -vvv)	22:55
Peiniger	http://pastebin.com/YXbp1ZGC	22:56
pmatulis	Peiniger: so could be a few things. but i would first check auth.log on the server. pastebin the last few lines	22:57
lhorace	Umm pmatulis you explain or can I?	22:57
lhorace	Uhhh	22:57
pmatulis	lhorace: go ahead	22:57
lhorace	Well, the authentication mentods is publickey	22:57
lhorace	That's why it faied	22:58
lhorace	oops, failed*	22:58
lhorace	There is not other method to try	22:58
pmatulis	lhorace: ?	22:59
lhorace	Well, with my SSHD, I might keep it to just publickey	22:59
lhorace	But if you lose it, you need to find another way	23:00
pmatulis	Peiniger: anyway, provide auth.log. otherwise, this error can occur if you're connecting to the wrong user account or the public key is not installed in the remote ubuntu user's home directory	23:00
Peiniger	pmatulis: the only sshd error im getting in /var/log/auth.log is Connection closed by myipaddress [preauth]	23:00
lhorace	What SSHD tells me now is enough to know what is the problem	23:01
lhorace	Some of you need to read the openSSH docs	23:01
lhorace	It's clear as day in the pastebin	23:01
lhorace	debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1 ?	23:02
lhorace	that might be the problem	23:03
Peiniger	lhorace: can you elaborate?	23:04
sarnold	lhorace: but the command line asked for -i ~/Documents/someorg/ssh-keys/someorg-server1.pem and it appears it was tried.. debug1: Trying private key: /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem	23:04
lhorace	I keep my private key safe	23:05
lhorace	On, I have Arch Linux, Ubuntu, etc severs... I usally disable the password or any other mechnasim of auth on SSH	23:07
sarnold	Peiniger: are you confident the public portion of /Users/someuser/Documents/someorg/ssh-keys/someorg-server1.pem is in the authorized_keys of the user account on the remote server you're tryingt ouse?	23:07
Peiniger	I will double check	23:07
lhorace	Except for publickey	23:07
lhorace	sarnold: All the AUTH methods failed	23:09
Peiniger	the output of my .pem file is a private key.	23:09
Peiniger	what do you mean the public section?	23:09
lhorace	I didn't know that you keep private keys in PEM format	23:10
sarnold	Peiniger: most ssh clients store the privkey ina file named e.g. id_rsa and the public portion in afile named id_rsa.pub	23:10
lhorace	Must be a new SSH feature	23:10
sarnold	lhorace: I think the .pem format was a feature of the ancient commercial ssh	23:10
bekks	The .pem file contains a SSL certificate, which is not a SSH key.	23:10
bekks	Isnt it?	23:11
Peiniger	“The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.”	23:11
sarnold	Peiniger: _browser_?	23:11
Peiniger	from the amazon docs	23:11
lhorace	As long of SSH that I have, I never seen SSH encode it in PEM format	23:11
sarnold	lhorace: be thankful :)	23:11
Peiniger	sarnold: i would ignore the browser piece	23:12
Peiniger	must download instructions	23:12
sarnold	lhorace: the old commercial ssh was verybadterrible	23:12
lhorace	I want to help Peiniger	23:12
Peiniger	Its for Amazon EC2 key pairs	23:12
lhorace	make sure he solved his issue	23:12
sarnold	lhorace: .. but this sounds like some funky amazonery rather than the old commercial ssh	23:12
lhorace	sarnold: Don't care about the backround	23:13
Peiniger	http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html	23:13
pmatulis	Peiniger: i can connect to Amazon instances with such a .pem key	23:13
pmatulis	Peiniger: the problem is probably you didn't choose the proper key when you created your instance	23:13
lhorace	It might end with .pem	23:13
Peiniger	pmatulis: the instance has been around for a while now	23:14
lhorace	the contents is different	23:14
Peiniger	ssh suddenly stopped working	23:14
Peiniger	i just happened to be logged in to it	23:14
pmatulis	interesting, "suddenly stopped working"	23:14
pmatulis	Peiniger: you have console access right?	23:15
lhorace	SSH will spawn a process	23:15
Peiniger	yes…i should have said stopped receiving new connections	23:15
lhorace	It stop working doesn't mean the deamon stopped	23:15
lhorace	I said, before, but SSHD in debug mode	23:16
Peiniger	lhorace: can i put it in debug mode without disconnecting my current session?	23:16
lhorace	Peiniger: It could be your SHELL that disconnect you	23:17
Peiniger	others are experiencing this problem too	23:17
lhorace	Peiniger: If you currently logged and ROOT authority .. yes	23:17
lhorace	SSHD spawns new process for clients under their priviledge	23:18
lhorace	Peiniger: When you say others, I need to know what Ubuntu Version?	23:19
Peiniger	lhorace: server is 14.04.1	23:20
lhorace	Okay, I have 4 14.04.1	23:21
lhorace	and Arch Linux.. etc	23:21
lhorace	You asked me a few times if making changes will destro your current session	23:22
lhorace	SSHD spawns Processes	23:23
lhorace	It means depends on how the program is program that one process shouldn't effect another	23:24
Peiniger	im with you. thanks for the explination	23:26
lhorace	I wanted to make sure everthing was goign alright with you Peiniger	23:29
lhorace	I just finish reading up on SSH and PEM	23:32
Peiniger	I need to get a port opened to run in debug mode	23:32
lhorace	That debug1: identity file /Users/someuser/Documents/someorg/ssh-keys/someorg-east.pem type -1	23:32
lhorace	that was your problem	23:32
lhorace	I took at my key, it's in PEM format	23:33
lhorace	It's not*	23:33
Peiniger	what is the problem?	23:34
lhorace	PEM and SSH key are both base64 but when you decode it.. it means something else	23:35
sarnold	I really don't think that's it; the command line asked for a specific (different) key, and that other key was tested later	23:36
sarnold	here's a successful login to my isp with half-dozen of those "type -1" lines: http://paste.ubuntu.com/10841461/	23:37
sarnold	I think you're better off putting that sshd into debug mode and hoping for more verbose messages that way	23:37
lhorace	RIGHT	23:38
Peiniger	Ill give that a shot once I can open another port	23:38
Peiniger	thanks for your help	23:38
sarnold	unforuntately I don't see much in the way of debugging messages when I search for "Connection reset by", they all show up on len==0 results from socket reads, e.g. http://sources.debian.net/src/openssh/1:6.7p1-3/packet.c/?hl=1137#L1137	23:41
sarnold	so debug mode may not help much, but it's worth trying	23:42
pmatulis	Peiniger: i asked before, did you confirm the public key is installed in the remote ubuntu user's home directory? even though it "suddenly stopped working", it is good to check	23:50
Peiniger	yes i did	23:51
sarnold	Peiniger: check ls -ld output for ~ ~/.ssh ~/.ssh/authorized_keys on the remote server; if owners, groups, or permissions are the least bit wrong, sshd will refuse to use it; I'd expect it to log something about it on the server, but the client often has no visibility about why the public key didn't work	23:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!