IronDev | Hey guys so I just installed Ubuntu Server and I hooked it up to my MacBook via ethernet then I ran ifconfig, but the only thing I saw was lo | 00:31 |
---|---|---|
PryMar56 | IronDev, is the linux box now connected to a router and to the MacBk? | 00:42 |
IronDev | PryMar56 Directly to the mac | 00:43 |
PryMar56 | IronDev, you might need to make a static config for the NIC on Linux to match the subnet for Mac.. like 10.0.2.0 or ? | 00:45 |
IronDev | PryMar56 Can I use a DHCP server | 00:47 |
harushimo | for the openstack installation on ubuntu-server, I was going to setup 3 node cluster | 00:47 |
harushimo | what is the best way to setup openstack? | 00:47 |
IronDev | harushimo theres an iso | 00:48 |
harushimo | I have the ubuntu server iso | 00:48 |
harushimo | I installed it on VM | 00:48 |
PryMar56 | IronDev, I can't grok your setup | 00:49 |
IronDev | prymar56 grok? | 00:49 |
PryMar56 | picture it | 00:49 |
harushimo | IronDev: is there a openstack iso just for ubuntu? | 00:49 |
PryMar56 | IronDev, what was supposed to happen? Is the Mac on Wifi, then you used the spare ethernet port to bridge the Linux to internet? | 00:51 |
IronDev | harushimo http://www.ubuntu.com/cloud/ubuntu-openstack | 00:52 |
IronDev | prymar56 exactly theres a feature in mb settings | 00:53 |
PryMar56 | IronDev, do you know all the config files for Ubuntu? | 00:54 |
PryMar56 | */interfaces, fstab, resolv.conf | 00:54 |
IronDev | PryMar56 interfaces only | 00:55 |
vonsyd0w | Internet sharing on Mac OSX has little to do with ubuntu | 00:55 |
IronDev | vonsyd0w A small bit of info wont change the topic will it? | 01:00 |
harushimo | IronDev: do I have to create seven VMs? | 01:01 |
harushimo | IronDev: http://www.ubuntu.com/download/cloud/install-ubuntu-openstack | 01:01 |
harushimo | i'm looking at these instructions | 01:02 |
IronDev | harushimo I dont think so but 3 is good | 01:04 |
harushimo | IronDev: Right now, I setup node 1, node2, node3 | 01:04 |
harushimo | thanks | 01:04 |
harushimo | I'm reading the documentation on openstack site too | 01:04 |
harushimo | IronDev: thanks for the help | 01:05 |
IronDev | harushimo no prob | 01:06 |
harushimo | IronDev: Can I ask you one other small question? | 01:06 |
IronDev | ye | 01:06 |
harushimo | IronDev: from step 2 onwards, does those repos need to be install on every node? | 01:07 |
harushimo | IronDev: then I'll do it on all the nodes | 01:08 |
IronDev | harushimo Ya I think | 01:10 |
harushimo | IronDev: I'll keep you to update | 01:11 |
harushimo | thanks again | 01:11 |
IronDev | harushimo I gtg soon | 01:11 |
IronDev | harushimo But you can memoserv | 01:11 |
harushimo | IronDev: I'm good right now | 01:12 |
harushimo | what's memoserv? | 01:12 |
=== zz_DenBeiren is now known as DenBeiren | ||
=== zz_DenBeiren is now known as DenBeiren | ||
=== cripperz is now known as CripperZ` | ||
=== PryMar56 is now known as Fusaichi_Pegasus | ||
stooj | Hi all. I'm putting together a mail server but must have messed up somewhere. Using postfix + spamassassin + spamass-milter, communicating through a socket. But my mail.log contains the following every time the pipe is used: | 02:41 |
stooj | May 2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: unreasonable packet length: 1397768525 > 1073741823 | 02:41 |
stooj | May 2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: read error in initial handshake | 02:41 |
stooj | Anyone seen this before and recognise the problem? | 02:42 |
=== Lcawte|Away is now known as Lcawte | ||
Alina-malina | hello all, i need to forward ssh tunneling when someone connecting to my server from outside? i need to proxychain that connection to 127.0.0.1:777 how can i do this? | 07:33 |
lordievader | Good morning. | 08:51 |
swizgard | hi. the local dnsmasq thing does not really work out for me (it's flaky, sometimes hostnames don't get resolved for some tries and then they do. problems i don't have when the dns is in /etc/resolv.conf directly) | 08:53 |
swizgard | any solutions for keeping networkmanager for the most part but not for dnsmasq? | 08:54 |
lordievader | swizgard: Change the NetworkManager's config. | 09:00 |
lordievader | swizgard: In Gentoo you add dnsmasq by doing [1], so I guess try to find that and remove it. [1] https://wiki.gentoo.org/wiki/NetworkManager#Dnsmasq | 09:01 |
swizgard | lordievader: i changed "dns=dnsmasq" to "dns=none", but this just makes dns stop working completely | 09:06 |
lordievader | swizgard: Try commenting the line ;) | 09:06 |
swizgard | huh! | 09:08 |
swizgard | that almost sounds as if it might work (-: | 09:09 |
Alina-malina | how to forward user ssh connection to proxychains on server side? | 09:38 |
OpenTokix | Alina-malina: proxy chains? | 09:41 |
Alina-malina | yes | 09:41 |
Alina-malina | proxychains | 09:41 |
OpenTokix | Never heard the term before | 09:41 |
OpenTokix | what is it? | 09:41 |
Alina-malina | a chain of proxies | 09:41 |
OpenTokix | for ssh? | 09:41 |
Alina-malina | no | 09:42 |
Alina-malina | tcp connection | 09:42 |
OpenTokix | You have [ client - proxy - proxy - proxy - proxy - destination ] | 09:42 |
OpenTokix | And the proxy is a simple forwarder, ie. a router? | 09:43 |
OpenTokix | If that is the case, client only knows about the first proxy/router | 09:45 |
Alina-malina | no its not the case | 09:46 |
Alina-malina | i have a client | 09:46 |
Alina-malina | he connects to over ssh to my server via tunneling browsing webpages | 09:46 |
Alina-malina | so what i want is to forward his browsing over proxychains and not my server ip directly | 09:46 |
Alina-malina | got it? | 09:46 |
OpenTokix | Alina-malina: I have no idea what you are saying, you are mixing up techologies in your explaination until it makes no sense. | 09:47 |
Alina-malina | i want to controll his access | 09:47 |
Alina-malina | wow ur stupid | 09:47 |
Alina-malina | its basic stuff | 09:47 |
OpenTokix | Alina-malina: Maybe ask the question to someone who speaks your native language, since clearly english is not yours. | 09:48 |
lordievader | Alina-malina: Insulting people won't help you. Please be respectful. Are you trying to string along ssh tunnels? | 09:48 |
Alina-malina | string? | 09:48 |
lordievader | client -> ssh tunnel -> ssh tunnel -> ssh tunnel -> destination. | 09:49 |
Alina-malina | nah | 09:49 |
Alina-malina | client->ssh tunnel->proxychains -> destination | 09:49 |
Alina-malina | and allow ONLY TCP connections for that user and nothing else | 09:50 |
lordievader | So forward localhost:some-tcp-port to the beginning of the proxychain? | 09:50 |
Alina-malina | from where? | 09:51 |
lordievader | That depends on your configuration, I suppose. | 09:51 |
Alina-malina | so why i cant just portforward that specific user to proxyhchain directly? | 09:52 |
lordievader | You can? Portforward the endpoint of the ssh tunnel to the beginning of the proxychain, that was what I was trying to say with the line above. | 09:53 |
Alina-malina | so the client have to do this from his side, i dont get it? or i can do that as root, to force him to use it so he cant do anything else rather then browsing webpages over proxychain i provide to him? | 09:54 |
lordievader | If you have access to his box, you can control anything. (Given you have the rights) | 09:55 |
Alina-malina | yes root | 09:56 |
lordievader | So you have full control ;) | 09:57 |
Alina-malina | so i need to do this forwrading on iptables level or what? you just speak theoretically, no sense | 10:00 |
Alina-malina | or user access control? | 10:01 |
lordievader | Alina-malina: Iptables it probably easiest, yes. | 10:51 |
Alina-malina | yes i already figure it out | 10:51 |
Voyage | HI | 11:37 |
Voyage | I have apache on my vps and I was thinking to make a user named "developer" and put the website directory in his home dir. By this way, he would have access to the files via ssh, sftp and I dont have to give root password to him. Is that a good idea? | 11:37 |
lordievader | Voyage: Yes, also look into apache's mod_userdir, or however it is called. | 11:38 |
Voyage | hm | 11:40 |
Voyage | lordievader, should I just set apache root to /home and allow each site to a different developer. for instance apache root as /home and site-1 at /home/developer1-name/site-1-files and site-2 at /home/developer2-name/site-2-files | 11:41 |
lordievader | That doesn't sound like a good idea. Since www-data then needs access to all those home-dirs. | 11:42 |
Voyage | hm.. you mean www-data needs to be owner or those files or just a chmod 777 would do ? | 11:43 |
lordievader | No, it needs read (and perhaps execute) rights. Chmodding things to 777 is allways a bad idea. | 11:44 |
Voyage | lordievader, yes, agreed. | 11:50 |
Voyage | lordievader, it would need to write in many cases as well. | 11:50 |
Voyage | so what is the best solution here? | 11:51 |
lordievader | Voyage: Make dir in /var/www/ that is owned by your user with group www-data which has rx rights? | 11:52 |
Voyage | how about i do it in home dirs? | 11:54 |
Voyage | lordievader, should I just set apache root to /home and allow each site to a different developer. for instance apache root as /home and site-1 at /home/developer1-name/site-1-files and site-2 at /home/developer2-name/site-2-files | 11:54 |
Voyage | If I have to live with conventions, what should be done. I was thinking to add the user in the other group. dev to www-data group or www-data to dev group.. what should it be. (I have many devs and many sites...) | 11:54 |
lordievader | Then www-data needs x rights to the home-dir, I personally do not like that. | 11:54 |
Voyage | no, I will not give x to full home | 11:54 |
=== DW-10297 is now known as Teduardo | ||
Voyage | only to the site dir | 11:55 |
Voyage | eg.: | 11:55 |
lordievader | Voyage: www-data cannot get to a subdir if it cannot acces a parent dir ;) | 11:55 |
Voyage | . /home/username/site-dir | 11:55 |
Voyage | oh.. | 11:55 |
Voyage | then I cant make chroot jails either | 11:56 |
Voyage | right? | 11:56 |
lordievader | Err, I have no experience with chroot jails. | 11:57 |
Voyage | chroot jails is something that wont allow a user to get out of his home dir. this is a security . the user will not see whats outside. the system is invisible | 11:57 |
lordievader | I know what it is, but never used it ;). So I cannot judge if that will accomplish your goal. | 11:59 |
Voyage | hm | 11:59 |
Voyage | lordievader, when you said the following, what did you meant by group? I mean which user to add in which group? Make dir in /var/www/ that is owned by your user with group www-data which has rx rights | 12:03 |
lordievader | Voyage: Every dir is owned by a user and a group, noted usually like $user:$group, in many cases they are both your username or root (root:root). For all groups see /etc/group. | 12:05 |
Voyage | ok. | 12:06 |
Voyage | so you want me to give the directory as the developer:apache-group ? | 12:07 |
Voyage | or what? | 12:07 |
Voyage | will developer-name:www-data do for any dir? | 12:09 |
Voyage | lordievader, there are groups and users. each user hase a group. so If I give permission, for a file, to a user: some-other-group-that-user-is-not-a-member-of but the required www-data user is. will do ? | 12:15 |
lordievader | Yes. The user does not need to be a member of www-data. | 12:18 |
Voyage | but if I just do chown -R a:b /dir and then 'a' comes and creates some new files. those files will have permission to what? == to 'a' and 'a's group, not ' b' group and its users. correct? | 12:18 |
lordievader | Make the group sticky, read the chown man page ;) | 12:19 |
Voyage | sticky? | 12:21 |
Voyage | hm ok | 12:21 |
Voyage | if you run "id" it will say your primary group. If you create new files and don't change the owner, it'll be owned by your user and your primary group | 12:21 |
Voyage | ok. I will read | 12:21 |
Voyage | thanks! | 12:21 |
jrwren | Voyage: see the "Sharing Write Permissions" at the bottom of https://help.ubuntu.com/14.04/serverguide/httpd.html | 12:25 |
Voyage | hm | 12:25 |
jrwren | It does not really explain the sticky bit though. We should update that. | 12:25 |
Voyage | would I have to chmode everytime I make an update/create a new file? | 12:27 |
Voyage | chmod/chown | 12:27 |
Voyage | jrwren, ^ | 12:28 |
jrwren | no, that is the point of the sticky bit or ACL | 12:28 |
Voyage | I cant come to a final conclusion... I want 3 people to have access to a dir and subdirs, create files, read/write but also want www-data:www-data to read/write those dirs. I dont want to chmod/chown evertime theres a change in dir. so what should I do? will this help?https://help.ubuntu.com/14.04/serverguide/httpd.html#http-directory-permissions | 12:28 |
Voyage | jrwren, hm ACL. how to do that? | 12:28 |
jrwren | I think sticky group will do everything you want. | 12:28 |
jrwren | try it. | 12:28 |
Voyage | ok | 12:29 |
Voyage | wait. how about i just make a new user an add him to www-data group as his pri group? | 12:30 |
jrwren | try it. | 12:30 |
lordievader | Voyage: You don't really want to give the www-data too much write access ;) | 12:31 |
Voyage | lordievader, ya, but those users will be only for website management. | 12:35 |
Voyage | how about I make pri group of www-data for all the 3 users? | 12:35 |
lordievader | I was more talking about the security aspect of giving www-data, read apache, read the world, write acces ;) | 12:39 |
Voyage | ya but ultimately the site content should be r/w by apache. so what ever dir it is. | 12:40 |
lordievader | Why write? | 12:40 |
jrwren | no, write by apache is generally not a good idea. | 12:40 |
Voyage | wordpress and other stuff needs write access | 12:40 |
Voyage | so www-data should have write access | 12:41 |
jrwren | and wordpress has a vulnerability every week :) | 12:41 |
Voyage | true | 12:41 |
Voyage | but have to live with it | 12:41 |
jrwren | indeed. | 12:41 |
patdk-wk | I thought it had 3 last week | 12:41 |
jrwren | patdk-wk: lol | 12:41 |
Voyage | it does a lot of things. .htaccess writes, configs, plugins install etc | 12:41 |
Voyage | so need write access | 12:41 |
Voyage | so... | 12:41 |
patdk-wk | you should not give write access to apache | 12:42 |
patdk-wk | run wordpress as a different user | 12:42 |
lordievader | Voyage: Give very specific write access. | 12:42 |
patdk-wk | atleast limit it's damage it can do | 12:42 |
Voyage | patdk-wk, run? the apache runs the site/wp not the user and apache is ran by www-data | 12:42 |
lordievader | For as far as I know it needs write acces to a couple of tmp folders. | 12:42 |
patdk-wk | apache doesn't run crap | 12:42 |
patdk-wk | php runs wordpress | 12:42 |
patdk-wk | lordievader, autoupdates | 12:43 |
Voyage | patdk-wk, isnt php ran by apahce? | 12:43 |
lordievader | On most of my wordpress stuff ww-data can only read. | 12:43 |
Voyage | patdk-wk, isnt php ran by apahce/www-data? | 12:43 |
lordievader | patdk-wk: That is broken here ;) | 12:43 |
patdk-wk | Voyage, only if your insanely lazy, and use mod_php | 12:43 |
Voyage | patdk-wk, actually I did... well, In installed apt-get apache2 php5 and it all went by itself | 12:44 |
patdk-wk | use php5-fpm | 12:44 |
jrwren | and then there is this: https://insights.ubuntu.com/2015/04/22/rewriting-wordpress-juju-charms-for-security-and-ha-on-openstack/ | 12:44 |
Voyage | fpm? | 12:45 |
jrwren | ut oh, sounds like the wordpress chapter of the server guide needs some rewriting too. | 12:45 |
Voyage | hm.. this sounds sane but I have read a lot | 12:45 |
Voyage | so there are no simple things. | 12:45 |
Voyage | I wonder how cpanel and web hosts do stuff. they deliver my theory in practical terms | 12:46 |
patdk-wk | if things where simple, everyone would be doing it, and no one would have problems :) | 12:46 |
patdk-wk | I would say, making a nice apparmor wrapper for wordpress would work great | 12:47 |
patdk-wk | but would also be annoying to make and maintain | 12:47 |
lordievader | And so no one does it ;) | 12:47 |
patdk-wk | I did, it worked, till 4.1.2 last week | 12:48 |
patdk-wk | I have to work on it again | 12:48 |
lordievader | Hihi ;) | 12:48 |
patdk-wk | and now we are on 4.2.1 | 12:48 |
Voyage | hm | 12:58 |
=== erlon_awaY is now known as erlon | ||
=== Voyage_ is now known as Voyage | ||
Onionnion | I'm trying to add rules to UFW to deny some IPs that are showing in our logs, but when I add them I still get traffic from them | 13:55 |
Onionnion | I'm using 'sudo ufw deny from <ip>' | 13:56 |
Onionnion | and in ufw status it is loaded | 13:56 |
Voyage | no rewrite logs appearing. did LogLevel alert rewrite:trace5. I dont think rewrite is even working. How can I redirect every page to google.com? | 13:56 |
lordievader | Onionnion: Could you paste the output of 'iptables-save' and state the ip you are trying to block? | 14:00 |
jpds | Onionnion: Pastebin: sudo ufw status verbose | 14:02 |
Voyage | I am only redirecting by .htaccess file. do I need to enable mode_rewrite? | 14:02 |
patdk-wk | you can't redirect in .htaccess without mod_rewrite | 14:05 |
maxb | Voyage: Which modules you need depends on which functions and configuration you want to use - *not* which file you put the configuration in | 14:05 |
Onionnion | jpds, http://pastebin.com/6Zv0EZQp | 14:06 |
Onionnion | trying to block 24.123.82.46 and a couple others | 14:06 |
maxb | patdk-wk: Why do you say that? Redirect is valid in .htaccess scope | 14:06 |
patdk-wk | does that not depend on rewrite mod? | 14:06 |
maxb | no | 14:06 |
patdk-wk | oh he was using wordpress though | 14:06 |
jpds | Onionnion: Which port are you trying to block? | 14:07 |
patdk-wk | that does depend on mod_rewrite | 14:07 |
lordievader | Onionnion: Could you pastebin the iptables-save too :) | 14:07 |
Onionnion | jpds, trying to drop anything from it | 14:07 |
Onionnion | lordievader, on that now | 14:07 |
lordievader | \o/ | 14:07 |
jpds | Onionnion: Your problem is that the DENY comes AFTER the allows. | 14:07 |
Onionnion | ahh | 14:08 |
lordievader | Ah, yes. Indeed. | 14:08 |
Onionnion | ufw instert ? | 14:08 |
Onionnion | insert* | 14:09 |
jpds | Onionnion: Yep. | 14:09 |
jpds | Onionnion: Also, blocking by individual IP like this is never going to scale. | 14:09 |
lordievader | Onionnion: Take a look at ipset. | 14:09 |
Onionnion | jpds, we've been getting hard traffic from these 4 specific IPs over the weekend | 14:10 |
jpds | Onionnion: On specific ports? | 14:10 |
Onionnion | jpds, haven't checked ports, but they're requesting a wpad.dat and it's been so hard that it's brough apache down a few times | 14:13 |
Onionnion | over 5000 times within the most recent access.log | 14:13 |
jpds | Onionnion: You could try something like: sudo ufw delete allow 80/tcp && sudo ufw limit 80/tcp | 14:13 |
Onionnion | not familiar with limit | 14:14 |
jpds | Onionnion: 6 new requests/IP/30 seconds. | 14:14 |
Onionnion | well it's only been from 4 specific ips | 14:15 |
maxb | A limit that strict sounds like it could impact normal website serving | 14:15 |
patdk-wk | it would | 14:16 |
maxb | wpad == web proxy auto discovery - therefore this sounds like it could just be incompetent config rather than malicious activity | 14:16 |
lordievader | maxb: The point there is that it only limits sources which show a lot of connection in a short period. Normal serving should not show that behaviour. | 14:18 |
lordievader | But as allways, it's a trade off. | 14:18 |
patdk-wk | why not just add a rewrite 403 rule to the wpad? | 14:18 |
patdk-wk | apache can easily handle thousands of those per second | 14:18 |
maxb | All you need is a couple of users behind a NAT browsing a site with a moderate amount of images / css / js files, and you'd trivially hit [B[B[B[B[B[B[B6 new requests/IP/30 seconds | 14:19 |
patdk-wk | I routinely hit 50 connections per ip | 14:19 |
patdk-wk | and giving a single browser will only do 6 | 14:20 |
patdk-wk | Philippines have a huge /24 of just proxy servers that just blast out requests | 14:20 |
patdk-wk | smaller, block, but more traffic, than aol | 14:20 |
maxb | 6? I thought the common browser connection limits were 4 or 2? | 14:21 |
patdk-wk | 4-6 | 14:21 |
OpenTokix | Onionnion: If it is a problem, rate-limit port 80 | 14:26 |
OpenTokix | with iptables | 14:26 |
frickler | anyone into systemd here yet? I'm having trouble with my rc.local being run before network is up on vivid. And yes, I know it is kind of legacy to use that :-" | 14:35 |
lordievader | frickler: Convert the actions taken there to a systemd script? | 14:36 |
frickler | yes, might be possible, but this comes from an auto-install system that at the same time still should work with 12.04 | 14:49 |
jkyle1 | I'm seeing the hostname service is masked in ubuntu 15.04 | 14:53 |
jkyle1 | why's this? | 14:53 |
cluelessperson | Hey guys | 15:17 |
cluelessperson | I must have moronically typed a command wrong, my user doesn't appear to be sudo anymore. | 15:17 |
=== smoser` is now known as smoser | ||
cluelessperson | How can I add myself to sudo again without root access? Can I boot into a recovery mode or something? I do have console | 15:18 |
balloons | cluelessperson, without root you'll need to boot via recovery and access root that way, re-edit the file, then continue | 15:19 |
diegoaguilar | lordievader, | 15:34 |
diegoaguilar | good morning | 15:34 |
swizgard | lordievader: commenting the dns= line in NetworkManager.conf was exactly the right thing! | 15:38 |
swizgard | thank you 1000x | 15:38 |
=== mfisch is now known as Guest65197 | ||
K4k | I have a question about running an Ubuntu release mirror. I've got it all set up and it works great but there is a small stylesheet issue with the page. When I look at any release mirror page it has background colors and font colors to match the Ubuntu color theme but my Ubuntu release mirror does not have the background colors. | 15:43 |
K4k | The CSS is coming from an @import in the <style> tag in the header and the page is formatted correctly w/ the exception of the colors. | 15:43 |
K4k | Does something need to be enabled in apache2 to make this work? | 15:44 |
t4nk842 | ola | 15:58 |
diegoaguilar | Hello, I have an issue while running a ssh server on a new 14.04 server | 16:12 |
diegoaguilar | I reviewed everything, from ports, firewall and daemon but cant login | 16:12 |
diegoaguilar | I posted a question here with whole extended details http://serverfault.com/questions/687019 | 16:12 |
teward | diegoaguilar: sshd is listening on 127.0.0.1 | 16:13 |
teward | diegoaguilar: that's localhost, and that means local to the system only. | 16:14 |
teward | you need to tell sshd to listen on a different IP, either the internal IP on the system or 0.0.0.0 | 16:14 |
teward | (which is AnyIP) | 16:14 |
teward | diegoaguilar: can internal traffic reach the box? | 16:15 |
diegoaguilar | teward | 16:15 |
diegoaguilar | that was it | 16:15 |
diegoaguilar | god damn it | 16:15 |
diegoaguilar | BUT before, the new brand installed ssh HAD * | 16:16 |
diegoaguilar | ListenAddress * | 16:16 |
diegoaguilar | and wasnt working | 16:16 |
teward | yeah that's not nice | 16:16 |
diegoaguilar | any reason why it would be like it | 16:16 |
teward | but ListenAddress LocalIP or ListenAddress 0.0.0.0 and ListenAddress :: might solve it | 16:16 |
teward | diegoaguilar: no idea, I usually don't use a default config file for SSH | 16:17 |
teward | i have one that i just copy into place | 16:17 |
teward | (with a lot of additional configuration needed on my servers) | 16:17 |
teward | diegoaguilar: i answered that question as well, you may want to check | 16:21 |
diegoaguilar | thanks teward | 16:23 |
diegoaguilar | I accepted ur answer | 16:23 |
=== mfisch is now known as Guest19502 | ||
=== jkyle1 is now known as jkyle | ||
teward | is there a server team meeting this week> | 16:41 |
jkyle | when installing wireshark on 15.04 I get errors from policykit | 17:05 |
sarnold | jkyle: can you pastebin the command you ran and the errors you got? | 17:09 |
=== Guest19502 is now known as mfisch | ||
lordievader | swizgard: No problem ;) | 17:27 |
jkyle | sure | 17:28 |
hallyn | utlemming: smoser: when I fire up a vivid image using uvtool (i.e. cloud images), the image doesn' tseem to send its hostname to dhcp. After a reboot, it does. (so i can query the hostname of my 192.168.1.1 ns) | 17:31 |
hallyn | with trusty it immediately works. i'm not sure with cloud-init in the pictur where th eproblem would be | 17:31 |
jkyle | sarnold: https://gist.github.com/jameskyle/6b182a013814d4e2f3f2 | 17:33 |
* teward waves at sarnold | 17:35 | |
sarnold | jkyle: please file a bug against systemd for that | 17:35 |
sarnold | jkyle: I don't know what it hsould be doing but probably not that :) | 17:35 |
sarnold | heya teward :) | 17:35 |
teward | sarnold: got a few minutes for a PM? | 17:35 |
sarnold | teward: sure | 17:35 |
jkyle | sarnold: triggers are a apt packaging stage, right? | 17:36 |
sarnold | jkyle: I think dpkg | 17:36 |
jkyle | right. so this isn't a systemd error | 17:36 |
sarnold | I'm assuming it is an error in systemd's triggers or pre/post inst/rm hooks | 17:37 |
jkyle | it's a packaging error, if I recall systemd doesn't need policykit anymore. so probably shouldn't be triggering any changes in policykit | 17:37 |
smoser | hallyn, how does uvtool set its hostname ? | 17:38 |
sarnold | jkyle: either way, pitti will nkow what to do :) the easiest way to get it on his plate for a fix is a bugreport against systemd | 17:39 |
smoser | hallyn, i think its just a race condition | 17:40 |
smoser | i think you were just lucky on trusty | 17:41 |
smoser | pretty sure that in both cases, ifup eth0 is not blocked on finding the datasource which provides cloud-init its hostname | 17:41 |
hallyn | rbasak: offhand do you recall how uvtool sets the hostname on create? Doe sit do it through user-data? | 17:44 |
hallyn | maybe setting the hostname triggers an action under upstart which it doesn't under systemd? | 17:44 |
smoser | hallyn, it uses NoCloud dataosoruce | 17:50 |
smoser | pretty sure. | 17:51 |
smoser | so i'm pretty sure you were just lucky before | 17:51 |
hallyn | then how should that be fixed so we are always lucky? | 17:51 |
Vasquez2 | Anyone heard of a mobo with dual nic swapping the mac addresses when the eth cable is swapped to the other port? | 18:29 |
rbasak | hallyn, smoser: through userdata. The datasource that cloud-localds creates. | 18:29 |
rbasak | I'm not sure how I feel about dhclient sending hostname from cloud-init. It means the logic has to be the other way round when the hostname is picked up from DHCP+network metadata. So it seems like a nice-to-have for development and debugging perhaps, but nothing should rely on it, and it'd have to be a feature in cloud-init to cope well with both cases. | 18:31 |
rattking | Vasquez2 the bonding driver can do that now | 18:35 |
Vasquez2 | Neat, thanks | 18:35 |
rattking | (if your switch supports it) | 18:35 |
Vasquez2 | some kind of magic packets to re-auth? | 18:36 |
rattking | I am not sure how active-backup works off the top of my head | 18:38 |
diegoaguilar | Hello, Im running a linux server, on every ssh login I get a message at server like | 18:55 |
diegoaguilar | FAT-ds (sdb1): FAT read failed (blocknr 34) | 18:55 |
diegoaguilar | what should I do | 18:55 |
xcyclist | I'm getting a warning when trying to upgrade an AWS ubuntu Ubuntu 12.04.5 LTS \n \l, and it warns me not to do it on an SSH connection. | 19:11 |
xcyclist | What is recommended instead? We only have ssh connections to this cloud server? | 19:11 |
sarnold | xcyclist: I think I'd try it in tmux or screen so if your ssh connection dies, you can at least try to re-attach | 19:12 |
xcyclist | Ok. I'll look at those. Thank you. | 19:12 |
jrwren | why does a cloudimg install OOTB not ask me for a password to sudo as ubuntu user, but lxc does? shadow entry for ubuntu is same and sudoers file is same on both. | 19:24 |
xcyclist | Okay, I am in tmux, but perhaps I don't understand. It still seems to require ssh access on top of tmux, right? | 19:25 |
xcyclist | Oh, I guess that is implied in your statement. Sorry. | 19:26 |
xcyclist | It also makes the statement: If you continue, an additional ssh daemon will be started at port '1022'. | 19:27 |
sarnold | xcyclist: be sure to run tmux on the aws instance, not the local machine :) well, nothing wrong with running it locally, too, if you want... | 19:29 |
jrwren | last time I ran do-release-upgrade it automatically started a tmux or screen for me. FYI | 19:30 |
sarnold | jrwren: check the /etc/sudoers.d/ directory? | 19:30 |
sarnold | jrwren: oo nice ;) | 19:30 |
jrwren | sarnold: yes, that is it. strange that #includedir /etc/sudoers.d | 19:30 |
jrwren | looks like a comment. its NOT a comment ;( | 19:30 |
sarnold | heh especially bad with a grep -v ^# ... | 19:31 |
jrwren | thanks sarnold | 19:31 |
sarnold | *ahem* I'm halfway guilty of the same bad decision elsewhere, though... "but #include is standard cpp, it'll be familiar: | 19:32 |
jrwren | yes. looks like cpp, still odd when # is a commnt. I get it. it is still surprising. | 19:33 |
jrwren | I don't know that I've ever seen #include work in a language where # is a comment :) | 19:33 |
jrwren | I have now :) | 19:33 |
sarnold | apparmor, too. fwiw we also support plain 'include' but.. no one uses it. go figure. :) | 19:34 |
hallyn | rbasak: uvt-kvm switch which sets a userdata bit which says sned the hostname? | 20:22 |
jrwren | hallyn: you could likely ifdown eth0; ifup eth0; instead of reboot to restart dhclient and trigger the hostname send. | 20:28 |
tyler_wy1ie | Greetings; I am wondering if anyone here has done a preseed.cfg for any of the newer releases of Ubuntu Server(we're using 14.04 specifically) and can help point me in the right direction | 20:43 |
hallyn | jrwren: i'd have to get inside to do that :) yes i could use cloudinit to do that, but i'm looking for a "it just works" way | 20:50 |
jrwren | hallyn: --run-script-once when you uvt-kvm create ? | 20:54 |
jrwren | hallyn: or is that not IJW enough? | 20:54 |
hallyn | right, it's not IJW at all | 20:54 |
tyler_wy1ie | Or if someone knows of a better way to deploy a large amount of Ubuntu servers with the same config; pretty barebones install actually | 20:55 |
hallyn | if it was only for myself i'd be ok with it, but i can't be the only one who spins up a new fm then ssh's to '<vm-name>.lu' | 20:55 |
sarnold | tyler_wy1ie: I know a channel regular used FAI -- fai-server, fai-client, fai-doc packages, http://fai-project.org/ -- you can also try to use maas (not really it's main purpose) or landscape (commercial) | 21:07 |
tyler_wy1ie | sarnold: thanks, we will be checking out a few of these options :) | 21:12 |
xcyclist | It finished without a disconnect anyway. | 21:13 |
sarnold | xcyclist: nice :) | 21:13 |
rattking | tyler_wy1ie: FWIW I use FAI on a wide variety of hardware with great success | 21:39 |
tyler_wy1ie | rattking: I'm reading through the documentation right now, seems like it will do what we want. C | 21:53 |
tyler_wy1ie | rattking: Checking out Landscape too | 21:53 |
rattking | cool. good luck. you can do about anything with fai and scripts. | 21:57 |
tyler_wy1ie | Yea we'll just be doing barebones OS installs for clients; but manually doing it through iLO is a pain in the ass | 21:58 |
=== Lcawte is now known as Lcawte|Away | ||
rbasak | hallyn: the awkward thing is that although in the uvtool case the userdata (and thus the hostname set in there) can be known before DHCP, in the general case it cannot. | 23:29 |
rbasak | Unless I'm mistaken about that. | 23:29 |
rbasak | I'm assuming that there exist datasources which require DHCP to have happened to be able to retrieve userdata. | 23:30 |
rbasak | Anyway, it's a cloud-init thing. | 23:30 |
rbasak | uvtool will do whatever cloud-init does. | 23:30 |
rbasak | I have no objection to uvtool setting userdata by default causes cloud-init to send the hostname set by userdata in the DHCP request. | 23:31 |
=== mrt333_ is now known as mrt333 | ||
mojtaba | Hi, Is there any web based monitoring tools for servers? (I have three servers and I want to monitor them all at once.) | 23:51 |
sarnold | mojtaba: i've heard good things about elasticsearch and kibana, e.g. http://blog.trifork.com/2013/11/28/use-kibana-to-analyze-your-images/ -- but it all looks bit .. dashboardy to me, it's hard for me ot see the utility there. | 23:59 |
mojtaba | sarnold: thx, I will check them | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!