/srv/irclogs.ubuntu.com/2015/05/04/#ubuntu-server.txt

IronDevHey guys so I just installed Ubuntu Server and I hooked it up to my MacBook via ethernet then I ran ifconfig, but the only thing I saw was lo00:31
PryMar56IronDev, is the linux box now connected to a router and to the MacBk?00:42
IronDevPryMar56 Directly to the mac00:43
PryMar56IronDev, you might need to make a static config for the NIC on Linux to match the subnet for Mac.. like 10.0.2.0 or ?00:45
IronDevPryMar56 Can I use a DHCP server00:47
harushimofor the openstack installation on ubuntu-server, I was going to setup 3 node cluster00:47
harushimowhat is the best way to setup openstack?00:47
IronDevharushimo theres an iso00:48
harushimoI have the ubuntu server iso00:48
harushimoI installed it on VM00:48
PryMar56IronDev, I can't grok your setup00:49
IronDevprymar56 grok?00:49
PryMar56picture it00:49
harushimoIronDev: is there a openstack iso just for ubuntu?00:49
PryMar56IronDev, what was supposed to happen? Is the Mac on Wifi, then you used the spare ethernet port to bridge the Linux to internet?00:51
IronDevharushimo http://www.ubuntu.com/cloud/ubuntu-openstack00:52
IronDevprymar56 exactly theres a feature in mb settings00:53
PryMar56IronDev, do you know all the config files for Ubuntu?00:54
PryMar56*/interfaces, fstab, resolv.conf00:54
IronDevPryMar56 interfaces only00:55
vonsyd0wInternet sharing on Mac OSX has little to do with ubuntu00:55
IronDevvonsyd0w A small bit of info wont change the topic will it?01:00
harushimoIronDev: do I have to create seven VMs?01:01
harushimoIronDev: http://www.ubuntu.com/download/cloud/install-ubuntu-openstack01:01
harushimoi'm looking at these instructions01:02
IronDevharushimo I dont think so but 3 is good01:04
harushimoIronDev: Right now, I setup node 1, node2, node301:04
harushimothanks01:04
harushimoI'm reading the documentation on openstack site too01:04
harushimoIronDev: thanks for the help01:05
IronDevharushimo no prob01:06
harushimoIronDev: Can I ask you one other small question?01:06
IronDevye01:06
harushimoIronDev: from step 2 onwards, does those repos need to be install on every node?01:07
harushimoIronDev: then I'll do it on all the nodes01:08
IronDevharushimo Ya I think01:10
harushimoIronDev: I'll keep you to update01:11
harushimothanks again01:11
IronDevharushimo I gtg soon01:11
IronDevharushimo But you can memoserv01:11
harushimoIronDev: I'm good right now01:12
harushimowhat's memoserv?01:12
=== zz_DenBeiren is now known as DenBeiren
=== zz_DenBeiren is now known as DenBeiren
=== cripperz is now known as CripperZ`
=== PryMar56 is now known as Fusaichi_Pegasus
stoojHi all. I'm putting together a mail server but must have messed up somewhere. Using postfix + spamassassin + spamass-milter, communicating through a socket. But my mail.log contains the following every time the pipe is used:02:41
stoojMay  2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: unreasonable packet length: 1397768525 > 107374182302:41
stoojMay  2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: read error in initial handshake02:41
stoojAnyone seen this before and recognise the problem?02:42
=== Lcawte|Away is now known as Lcawte
Alina-malinahello all, i need to forward ssh tunneling when someone connecting to my server from outside? i need to proxychain that connection to 127.0.0.1:777 how can i do this?07:33
lordievaderGood morning.08:51
swizgardhi. the local dnsmasq thing does not really work out for me (it's flaky, sometimes hostnames don't get resolved for some tries and then they do. problems i don't have when the dns is in /etc/resolv.conf directly)08:53
swizgardany solutions for keeping networkmanager for the most part but not for dnsmasq?08:54
lordievaderswizgard: Change the NetworkManager's config.09:00
lordievaderswizgard: In Gentoo you add dnsmasq by doing [1], so I guess try to find that and remove it. [1] https://wiki.gentoo.org/wiki/NetworkManager#Dnsmasq09:01
swizgardlordievader: i changed "dns=dnsmasq" to "dns=none", but this just makes dns stop working completely09:06
lordievaderswizgard: Try commenting the line ;)09:06
swizgardhuh!09:08
swizgardthat almost sounds as if it might work (-:09:09
Alina-malinahow to forward user ssh connection to proxychains on server side?09:38
OpenTokixAlina-malina: proxy chains?09:41
Alina-malinayes09:41
Alina-malinaproxychains09:41
OpenTokixNever heard the term before09:41
OpenTokixwhat is it?09:41
Alina-malinaa chain of proxies09:41
OpenTokixfor ssh?09:41
Alina-malinano09:42
Alina-malinatcp connection09:42
OpenTokixYou have [ client - proxy - proxy - proxy - proxy - destination ]09:42
OpenTokixAnd the proxy is a simple forwarder, ie. a router?09:43
OpenTokixIf that is the case, client only knows about the first proxy/router09:45
Alina-malinano its not the case09:46
Alina-malinai have a client09:46
Alina-malinahe connects to over ssh to my server via tunneling browsing webpages09:46
Alina-malinaso what i want is to forward his browsing over proxychains and not my server ip directly09:46
Alina-malinagot it?09:46
OpenTokixAlina-malina: I have no idea what you are saying, you are mixing up techologies in your explaination until it makes no sense.09:47
Alina-malinai want to controll his access09:47
Alina-malinawow ur stupid09:47
Alina-malinaits basic stuff09:47
OpenTokixAlina-malina: Maybe ask the question to someone who speaks your native language, since clearly english is not yours.09:48
lordievaderAlina-malina: Insulting people won't help you. Please be respectful. Are you trying to string along ssh tunnels?09:48
Alina-malinastring?09:48
lordievaderclient -> ssh tunnel -> ssh tunnel -> ssh tunnel -> destination.09:49
Alina-malinanah09:49
Alina-malinaclient->ssh tunnel->proxychains -> destination09:49
Alina-malinaand allow ONLY TCP connections for that user and nothing else09:50
lordievaderSo forward localhost:some-tcp-port to the beginning of the proxychain?09:50
Alina-malinafrom where?09:51
lordievaderThat depends on your configuration, I suppose.09:51
Alina-malinaso why i cant just portforward that specific user to proxyhchain directly?09:52
lordievaderYou can? Portforward the endpoint of the ssh tunnel to the beginning of the proxychain, that was what I was trying to say with the line above.09:53
Alina-malinaso the client have to do this from his side, i dont get it? or i can do that as root, to force him to use it so he cant do anything else rather then browsing webpages over proxychain i provide to him?09:54
lordievaderIf you have access to his box, you can control anything. (Given you have the rights)09:55
Alina-malinayes root09:56
lordievaderSo you have full control ;)09:57
Alina-malinaso i need to do this forwrading on iptables level or what? you just speak theoretically, no sense10:00
Alina-malinaor user access control?10:01
lordievaderAlina-malina: Iptables it probably easiest, yes.10:51
Alina-malinayes i already figure it out10:51
VoyageHI11:37
Voyage I have apache on my vps and I was thinking to make a user named "developer" and put the website directory in his home dir. By this way, he would have access to the files via ssh, sftp and I dont have to give root password to him. Is that a good idea?11:37
lordievaderVoyage: Yes, also look into apache's mod_userdir, or however it is called.11:38
Voyagehm11:40
Voyagelordievader,  should I just set apache root to /home and allow each site to a different developer. for instance         apache root as /home         and site-1 at /home/developer1-name/site-1-files         and site-2 at /home/developer2-name/site-2-files11:41
lordievaderThat doesn't sound like a good idea. Since www-data then needs access to all those home-dirs.11:42
Voyagehm.. you mean www-data needs to be owner or those files or just a chmod 777 would do ?11:43
lordievaderNo, it needs read (and perhaps execute) rights. Chmodding things to 777 is allways a bad idea.11:44
Voyagelordievader,  yes, agreed.11:50
Voyagelordievader,  it would need to write in many cases as well.11:50
Voyageso what is the best solution here?11:51
lordievaderVoyage: Make dir in /var/www/ that is owned by your user with group www-data which has rx rights?11:52
Voyagehow about i do it in home dirs?11:54
Voyagelordievader,  should I just set apache root to /home and allow each site to a different developer. for instance         apache root as /home         and site-1 at /home/developer1-name/site-1-files         and site-2 at /home/developer2-name/site-2-files11:54
VoyageIf I have to live with conventions, what should be done. I was thinking to add the user in the other group. dev to www-data group or www-data to dev group.. what should it be. (I have many devs and many sites...)11:54
lordievaderThen www-data needs x rights to the home-dir, I personally do not like that.11:54
Voyageno, I will not give x to full home11:54
=== DW-10297 is now known as Teduardo
Voyageonly to the site dir11:55
Voyageeg.:11:55
lordievaderVoyage: www-data cannot get to a subdir if it cannot acces a parent dir ;)11:55
Voyage .  /home/username/site-dir11:55
Voyageoh..11:55
Voyagethen I cant make chroot jails either11:56
Voyageright?11:56
lordievaderErr, I have no experience with chroot jails.11:57
Voyagechroot jails is something that wont allow a user to get out of his home dir. this is a security . the user will not see whats outside. the system is invisible11:57
lordievaderI know what it is, but never used it ;). So I cannot judge if that will accomplish your goal.11:59
Voyagehm11:59
Voyagelordievader,  when you said the following, what did you meant by group? I mean which user to add in which group? Make dir in /var/www/ that is owned by your user with group www-data which has rx rights12:03
lordievaderVoyage: Every dir is owned by a user and a group, noted usually like $user:$group, in many cases they are both your username or root (root:root). For all groups see /etc/group.12:05
Voyageok.12:06
Voyageso you want me to give the directory as the developer:apache-group ?12:07
Voyageor what?12:07
Voyagewill developer-name:www-data do for any dir?12:09
Voyagelordievader,  there are groups and users. each user hase a group.   so If I give permission, for a file, to a user: some-other-group-that-user-is-not-a-member-of          but the required www-data user is. will do ?12:15
lordievaderYes. The user does not need to be a member of www-data.12:18
Voyagebut if I just do chown -R a:b /dir           and then 'a' comes and creates some new files. those files will have permission to what? == to 'a' and 'a's group, not ' b' group and its users. correct?12:18
lordievaderMake the group sticky, read the chown man page ;)12:19
Voyagesticky?12:21
Voyagehm ok12:21
Voyageif you run "id" it will say your primary group. If you create new files and don't change the owner, it'll be owned by your user and your primary group12:21
Voyageok. I will read12:21
Voyagethanks!12:21
jrwrenVoyage: see the "Sharing Write Permissions" at the bottom of https://help.ubuntu.com/14.04/serverguide/httpd.html12:25
Voyagehm12:25
jrwrenIt does not really explain the sticky bit though. We should update that.12:25
Voyagewould I have to chmode everytime I make an update/create a new file?12:27
Voyagechmod/chown12:27
Voyagejrwren, ^12:28
jrwrenno, that is the point of the sticky bit or ACL12:28
Voyage I cant come to a final conclusion...  I want 3 people to have access to a dir and subdirs, create files, read/write but also want www-data:www-data to read/write those dirs.  I dont want to chmod/chown evertime theres a change in dir. so what should I do?     will this help?https://help.ubuntu.com/14.04/serverguide/httpd.html#http-directory-permissions12:28
Voyagejrwren, hm ACL. how to do that?12:28
jrwrenI think sticky group will do everything you want.12:28
jrwrentry it.12:28
Voyageok12:29
Voyagewait. how about i just make a new user an add him to www-data group as his pri group?12:30
jrwrentry it.12:30
lordievaderVoyage: You don't really want to give the www-data too much write access ;)12:31
Voyagelordievader,  ya, but those users will be only for website management.12:35
Voyagehow about I make pri group of www-data for all the 3 users?12:35
lordievaderI was more talking about the security aspect of giving www-data, read apache, read the world, write acces ;)12:39
Voyageya but ultimately the site content should be r/w by apache. so what ever dir it is.12:40
lordievaderWhy write?12:40
jrwrenno, write by apache is generally not a good idea.12:40
Voyagewordpress and other stuff needs write access12:40
Voyageso www-data should have write access12:41
jrwrenand wordpress has a vulnerability every week :)12:41
Voyagetrue12:41
Voyagebut have to live with it12:41
jrwrenindeed.12:41
patdk-wkI thought it had 3 last week12:41
jrwrenpatdk-wk: lol12:41
Voyageit does a lot of things. .htaccess writes, configs, plugins install etc12:41
Voyageso need write access12:41
Voyageso...12:41
patdk-wkyou should not give write access to apache12:42
patdk-wkrun wordpress as a different user12:42
lordievaderVoyage: Give very specific write access.12:42
patdk-wkatleast limit it's damage it can do12:42
Voyagepatdk-wk,  run? the apache runs the site/wp not the user and apache is ran by www-data12:42
lordievaderFor as far as I know it needs write acces to a couple of tmp folders.12:42
patdk-wkapache doesn't run crap12:42
patdk-wkphp runs wordpress12:42
patdk-wklordievader, autoupdates12:43
Voyagepatdk-wk,  isnt php ran by apahce?12:43
lordievaderOn most of my wordpress stuff ww-data can only read.12:43
Voyagepatdk-wk,  isnt php ran by apahce/www-data?12:43
lordievaderpatdk-wk: That is broken here ;)12:43
patdk-wkVoyage, only if your insanely lazy, and use mod_php12:43
Voyagepatdk-wk,  actually I did... well, In installed apt-get apache2 php5 and it all went by itself12:44
patdk-wkuse php5-fpm12:44
jrwrenand then there is this: https://insights.ubuntu.com/2015/04/22/rewriting-wordpress-juju-charms-for-security-and-ha-on-openstack/12:44
Voyagefpm?12:45
jrwrenut oh, sounds like the wordpress chapter of the server guide needs some rewriting too.12:45
Voyagehm.. this sounds sane but I have read a lot12:45
Voyageso there are no simple things.12:45
VoyageI wonder how cpanel and web hosts do stuff. they deliver my theory in practical terms12:46
patdk-wkif things where simple, everyone would be doing it, and no one would have problems :)12:46
patdk-wkI would say, making a nice apparmor wrapper for wordpress would work great12:47
patdk-wkbut would also be annoying to make and maintain12:47
lordievaderAnd so no one does it ;)12:47
patdk-wkI did, it worked, till 4.1.2 last week12:48
patdk-wkI have to work on it again12:48
lordievaderHihi ;)12:48
patdk-wkand now we are on 4.2.112:48
Voyagehm12:58
=== erlon_awaY is now known as erlon
=== Voyage_ is now known as Voyage
OnionnionI'm trying to add rules to UFW to deny some IPs that are showing in our logs, but when I add them I still get traffic from them13:55
OnionnionI'm using 'sudo ufw deny from <ip>'13:56
Onionnionand in ufw status it is loaded13:56
Voyageno rewrite logs appearing. did LogLevel        alert rewrite:trace5. I dont think rewrite is even working. How can I redirect every page to google.com?13:56
lordievaderOnionnion: Could you paste the output of 'iptables-save' and state the ip you are trying to block?14:00
jpdsOnionnion: Pastebin: sudo ufw status verbose14:02
VoyageI am only redirecting by .htaccess file. do I need to enable mode_rewrite?14:02
patdk-wkyou can't redirect in .htaccess without mod_rewrite14:05
maxbVoyage: Which modules you need depends on which functions and configuration you want to use - *not* which file you put the configuration in14:05
Onionnionjpds, http://pastebin.com/6Zv0EZQp14:06
Onionniontrying to block 24.123.82.46 and a couple others14:06
maxbpatdk-wk: Why do you say that? Redirect is valid in .htaccess scope14:06
patdk-wkdoes that not depend on rewrite mod?14:06
maxbno14:06
patdk-wkoh he was using wordpress though14:06
jpdsOnionnion: Which port are you trying to block?14:07
patdk-wkthat does depend on mod_rewrite14:07
lordievaderOnionnion: Could you pastebin the iptables-save too :)14:07
Onionnionjpds, trying to drop anything from it14:07
Onionnionlordievader, on that now14:07
lordievader\o/14:07
jpdsOnionnion: Your problem is that the DENY comes AFTER the allows.14:07
Onionnionahh14:08
lordievaderAh, yes. Indeed.14:08
Onionnionufw instert ?14:08
Onionnioninsert*14:09
jpdsOnionnion: Yep.14:09
jpdsOnionnion: Also, blocking by individual IP like this is never going to scale.14:09
lordievaderOnionnion: Take a look at ipset.14:09
Onionnionjpds, we've been getting hard traffic from these 4 specific IPs over the weekend14:10
jpdsOnionnion: On specific ports?14:10
Onionnionjpds, haven't checked ports, but they're requesting a wpad.dat and it's been so hard that it's brough apache down a few times14:13
Onionnionover 5000 times within the most recent access.log14:13
jpdsOnionnion: You could try something like: sudo ufw delete allow 80/tcp && sudo ufw limit 80/tcp14:13
Onionnionnot familiar with limit14:14
jpdsOnionnion: 6 new requests/IP/30 seconds.14:14
Onionnionwell it's only been from 4 specific ips14:15
maxbA limit that strict sounds like it could impact normal website serving14:15
patdk-wkit would14:16
maxbwpad == web proxy auto discovery - therefore this sounds like it could just be incompetent config rather than malicious activity14:16
lordievadermaxb: The point there is that it only limits sources which show a lot of connection in a short period. Normal serving should not show that behaviour.14:18
lordievaderBut as allways, it's a trade off.14:18
patdk-wkwhy not just add a rewrite 403 rule to the wpad?14:18
patdk-wkapache can easily handle thousands of those per second14:18
maxbAll you need is a couple of users behind a NAT browsing a site with a moderate amount of images / css / js files, and you'd trivially hit [B[B[B[B[B[B[B6 new requests/IP/30 seconds14:19
patdk-wkI routinely hit 50 connections per ip14:19
patdk-wkand giving a single browser will only do 614:20
patdk-wkPhilippines have a huge /24 of just proxy servers that just blast out requests14:20
patdk-wksmaller, block, but more traffic, than aol14:20
maxb6? I thought the common browser connection limits were 4 or 2?14:21
patdk-wk4-614:21
OpenTokixOnionnion: If it is a problem, rate-limit port 8014:26
OpenTokixwith iptables14:26
frickleranyone into systemd here yet? I'm having trouble with my rc.local being run before network is up on vivid. And yes, I know it is kind of legacy to use that :-"14:35
lordievaderfrickler: Convert the actions taken there to a systemd script?14:36
frickleryes, might be possible, but this comes from an auto-install system that at the same time still should work with 12.0414:49
jkyle1I'm seeing the hostname service is masked in ubuntu 15.0414:53
jkyle1why's this?14:53
cluelesspersonHey guys15:17
cluelesspersonI must have moronically typed a command wrong, my user doesn't appear to be sudo anymore.15:17
=== smoser` is now known as smoser
cluelesspersonHow can I add myself to sudo again without root access?  Can I boot into a recovery mode or something?  I do have console15:18
balloonscluelessperson, without root you'll need to boot via recovery and access root that way, re-edit the file, then continue15:19
diegoaguilarlordievader,15:34
diegoaguilargood morning15:34
swizgardlordievader: commenting the dns= line in NetworkManager.conf was exactly the right thing!15:38
swizgardthank you 1000x15:38
=== mfisch is now known as Guest65197
K4kI have a question about running an Ubuntu release mirror. I've got it all set up and it works great but there is a small stylesheet issue with the page. When I look at any release mirror page it has background colors and font colors to match the Ubuntu color theme but my Ubuntu release mirror does not have the background colors.15:43
K4kThe CSS is coming from an @import in the <style> tag in the header and the page is formatted correctly w/ the exception of the colors.15:43
K4kDoes something need to be enabled in apache2 to make this work?15:44
t4nk842ola15:58
diegoaguilarHello, I have an issue while running a ssh server on a new 14.04 server16:12
diegoaguilarI reviewed everything, from ports, firewall and daemon but cant login16:12
diegoaguilarI posted a question here with whole extended details http://serverfault.com/questions/68701916:12
tewarddiegoaguilar: sshd is listening on 127.0.0.116:13
tewarddiegoaguilar: that's localhost, and that means local to the system only.16:14
tewardyou need to tell sshd to listen on a different IP, either the internal IP on the system or 0.0.0.016:14
teward(which is AnyIP)16:14
tewarddiegoaguilar: can internal traffic reach the box?16:15
diegoaguilarteward16:15
diegoaguilarthat was it16:15
diegoaguilargod damn it16:15
diegoaguilarBUT before, the new brand installed ssh HAD *16:16
diegoaguilarListenAddress *16:16
diegoaguilarand wasnt working16:16
tewardyeah that's not nice16:16
diegoaguilarany reason why it would be like it16:16
tewardbut ListenAddress LocalIP    or ListenAddress 0.0.0.0 and ListenAddress ::   might solve it16:16
tewarddiegoaguilar: no idea, I usually don't use a default config file for SSH16:17
tewardi have one that i just copy into place16:17
teward(with a lot of additional configuration needed on my servers)16:17
tewarddiegoaguilar: i answered that question as well, you may want to check16:21
diegoaguilarthanks teward16:23
diegoaguilarI accepted ur answer16:23
=== mfisch is now known as Guest19502
=== jkyle1 is now known as jkyle
tewardis there a server team meeting this week>16:41
jkylewhen installing wireshark on 15.04 I get errors from policykit17:05
sarnoldjkyle: can you pastebin the command you ran and the errors you got?17:09
=== Guest19502 is now known as mfisch
lordievaderswizgard: No problem ;)17:27
jkylesure17:28
hallynutlemming: smoser: when I fire up a vivid image using uvtool (i.e. cloud images), the image doesn' tseem to send its hostname to dhcp.  After a reboot, it does.  (so i can query the hostname of my 192.168.1.1 ns)17:31
hallynwith trusty it immediately works.  i'm not sure with cloud-init in the pictur where th eproblem would be17:31
jkylesarnold: https://gist.github.com/jameskyle/6b182a013814d4e2f3f217:33
* teward waves at sarnold17:35
sarnoldjkyle: please file a bug against systemd for that17:35
sarnoldjkyle: I don't know what it hsould be doing but probably not that :)17:35
sarnoldheya teward :)17:35
tewardsarnold: got a few minutes for a PM?17:35
sarnoldteward: sure17:35
jkylesarnold: triggers are a apt packaging stage, right?17:36
sarnoldjkyle: I think dpkg17:36
jkyleright. so this isn't a systemd error17:36
sarnoldI'm assuming it is an error in systemd's triggers or pre/post inst/rm hooks17:37
jkyleit's a packaging error, if I recall systemd doesn't need policykit anymore. so probably shouldn't be triggering any changes in policykit17:37
smoserhallyn, how does uvtool set its hostname ?17:38
sarnoldjkyle: either way, pitti will nkow what to do :) the easiest way to get it on his plate for a fix is a bugreport against systemd17:39
smoserhallyn, i think its just a race condition17:40
smoseri think you were just lucky on trusty17:41
smoserpretty sure that in both cases, ifup eth0 is not blocked on finding the datasource which provides cloud-init its hostname17:41
hallynrbasak: offhand do you recall how uvtool sets the hostname on create?  Doe sit do it through user-data?17:44
hallynmaybe setting the hostname triggers an action under upstart which it doesn't under systemd?17:44
smoserhallyn, it uses NoCloud dataosoruce17:50
smoserpretty sure.17:51
smoserso i'm pretty sure you were just lucky before17:51
hallynthen how should that be fixed so we are always lucky?17:51
Vasquez2Anyone heard of a mobo with dual nic swapping the mac addresses when the eth cable is swapped to the other port?18:29
rbasakhallyn, smoser: through userdata. The datasource that cloud-localds creates.18:29
rbasakI'm not sure how I feel about dhclient sending hostname from cloud-init. It means the logic has to be the other way round when the hostname is picked up from DHCP+network metadata. So it seems like a nice-to-have for development and debugging perhaps, but nothing should rely on it, and it'd have to be a feature in cloud-init to cope well with both cases.18:31
rattkingVasquez2 the bonding driver can do that now18:35
Vasquez2Neat, thanks18:35
rattking(if your switch supports it)18:35
Vasquez2some kind of magic packets to re-auth?18:36
rattkingI am not sure how active-backup works off the top of my head18:38
diegoaguilarHello, Im running a linux server, on every ssh login I get a message at server like18:55
diegoaguilarFAT-ds (sdb1): FAT read failed (blocknr 34)18:55
diegoaguilarwhat should I do18:55
xcyclistI'm getting a warning when trying to upgrade an AWS ubuntu Ubuntu 12.04.5 LTS \n \l, and it warns me not to do it on an SSH connection.19:11
xcyclistWhat is recommended instead?  We only have ssh connections to this cloud server?19:11
sarnoldxcyclist: I think I'd try it in tmux or screen so if your ssh connection dies, you can at least try to re-attach19:12
xcyclistOk.  I'll look at those.  Thank you.19:12
jrwrenwhy does a cloudimg install OOTB not ask me for a password to sudo as ubuntu user, but lxc does?  shadow entry for ubuntu is same and sudoers file is same on both.19:24
xcyclistOkay, I am in tmux, but perhaps I don't understand.  It still seems to require ssh access on top of tmux, right?19:25
xcyclistOh, I guess that is implied in your statement.  Sorry.19:26
xcyclistIt also makes the statement:  If you continue, an additional ssh daemon will be started at port  '1022'.19:27
sarnoldxcyclist: be sure to run tmux on the aws instance, not the local machine :) well, nothing wrong with running it locally, too, if you want...19:29
jrwrenlast time I ran do-release-upgrade it automatically started a tmux or screen for me. FYI19:30
sarnoldjrwren: check the /etc/sudoers.d/ directory?19:30
sarnoldjrwren: oo nice ;)19:30
jrwrensarnold: yes, that is it. strange that #includedir /etc/sudoers.d19:30
jrwrenlooks like a comment. its NOT a comment ;(19:30
sarnoldheh especially bad with a grep -v ^# ...19:31
jrwrenthanks sarnold19:31
sarnold*ahem* I'm halfway guilty of the same bad decision elsewhere, though... "but #include is standard cpp, it'll be familiar:19:32
jrwrenyes. looks like cpp, still odd when # is a commnt. I get it. it is still surprising.19:33
jrwrenI don't know that I've ever seen #include work in a language where # is a comment :)19:33
jrwrenI have now :)19:33
sarnoldapparmor, too. fwiw we also support plain 'include' but.. no one uses it. go figure. :)19:34
hallynrbasak: uvt-kvm switch which sets a userdata bit which says sned the hostname?20:22
jrwrenhallyn: you could likely ifdown eth0; ifup eth0; instead of reboot to restart dhclient and trigger the hostname send.20:28
tyler_wy1ieGreetings; I am wondering if anyone here has done a preseed.cfg for any of the newer releases of Ubuntu Server(we're using 14.04 specifically) and can help point me in the right direction20:43
hallynjrwren: i'd have to get inside to do that :)  yes i could use cloudinit to do that, but i'm looking for a "it just works" way20:50
jrwrenhallyn: --run-script-once when you uvt-kvm create ?20:54
jrwrenhallyn: or is that not IJW enough?20:54
hallynright, it's not IJW at all20:54
tyler_wy1ieOr if someone knows of a better way to deploy a large amount of Ubuntu servers with the same config; pretty barebones install actually20:55
hallynif it was only for myself i'd be ok with it, but i can't be the only one who spins up a new fm then ssh's to '<vm-name>.lu'20:55
sarnoldtyler_wy1ie: I know a channel regular used FAI -- fai-server, fai-client, fai-doc packages, http://fai-project.org/ -- you can also try to use maas (not really it's main purpose) or landscape (commercial)21:07
tyler_wy1iesarnold: thanks, we will be checking out a few of these options :)21:12
xcyclistIt finished without a disconnect anyway.21:13
sarnoldxcyclist: nice :)21:13
rattkingtyler_wy1ie: FWIW I use FAI on a wide variety of hardware with great success21:39
tyler_wy1ierattking: I'm reading through the documentation right now, seems like it will do what we want.  C21:53
tyler_wy1ierattking: Checking out Landscape too21:53
rattkingcool. good luck. you can do about anything with fai and scripts.21:57
tyler_wy1ieYea we'll just be doing barebones OS installs for clients; but manually doing it through iLO is a pain in the ass21:58
=== Lcawte is now known as Lcawte|Away
rbasakhallyn: the awkward thing is that although in the uvtool case the userdata (and thus the hostname set in there) can be known before DHCP, in the general case it cannot.23:29
rbasakUnless I'm mistaken about that.23:29
rbasakI'm assuming that there exist datasources which require DHCP to have happened to be able to retrieve userdata.23:30
rbasakAnyway, it's a cloud-init thing.23:30
rbasakuvtool will do whatever cloud-init does.23:30
rbasakI have no objection to uvtool setting userdata by default causes cloud-init to send the hostname set by userdata in the DHCP request.23:31
=== mrt333_ is now known as mrt333
mojtabaHi, Is there any web based monitoring tools for servers? (I have three servers and I want to monitor them all at once.)23:51
sarnoldmojtaba: i've heard good things about elasticsearch and kibana, e.g. http://blog.trifork.com/2013/11/28/use-kibana-to-analyze-your-images/ -- but it all looks bit .. dashboardy to me, it's hard for me ot see the utility there.23:59
mojtabasarnold: thx, I will check them23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!