[00:31] <IronDev> Hey guys so I just installed Ubuntu Server and I hooked it up to my MacBook via ethernet then I ran ifconfig, but the only thing I saw was lo
[00:42] <PryMar56> IronDev, is the linux box now connected to a router and to the MacBk?
[00:43] <IronDev> PryMar56 Directly to the mac
[00:45] <PryMar56> IronDev, you might need to make a static config for the NIC on Linux to match the subnet for Mac.. like 10.0.2.0 or ?
[00:47] <IronDev> PryMar56 Can I use a DHCP server
[00:47] <harushimo> for the openstack installation on ubuntu-server, I was going to setup 3 node cluster
[00:47] <harushimo> what is the best way to setup openstack?
[00:48] <IronDev> harushimo theres an iso
[00:48] <harushimo> I have the ubuntu server iso
[00:48] <harushimo> I installed it on VM
[00:49] <PryMar56> IronDev, I can't grok your setup
[00:49] <IronDev> prymar56 grok?
[00:49] <PryMar56> picture it
[00:49] <harushimo> IronDev: is there a openstack iso just for ubuntu?
[00:51] <PryMar56> IronDev, what was supposed to happen? Is the Mac on Wifi, then you used the spare ethernet port to bridge the Linux to internet?
[00:52] <IronDev> harushimo http://www.ubuntu.com/cloud/ubuntu-openstack
[00:53] <IronDev> prymar56 exactly theres a feature in mb settings
[00:54] <PryMar56> IronDev, do you know all the config files for Ubuntu?
[00:54] <PryMar56> */interfaces, fstab, resolv.conf
[00:55] <IronDev> PryMar56 interfaces only
[00:55] <vonsyd0w> Internet sharing on Mac OSX has little to do with ubuntu
[01:00] <IronDev> vonsyd0w A small bit of info wont change the topic will it?
[01:01] <harushimo> IronDev: do I have to create seven VMs?
[01:01] <harushimo> IronDev: http://www.ubuntu.com/download/cloud/install-ubuntu-openstack
[01:02] <harushimo> i'm looking at these instructions
[01:04] <IronDev> harushimo I dont think so but 3 is good
[01:04] <harushimo> IronDev: Right now, I setup node 1, node2, node3
[01:04] <harushimo> thanks
[01:04] <harushimo> I'm reading the documentation on openstack site too
[01:05] <harushimo> IronDev: thanks for the help
[01:06] <IronDev> harushimo no prob
[01:06] <harushimo> IronDev: Can I ask you one other small question?
[01:06] <IronDev> ye
[01:07] <harushimo> IronDev: from step 2 onwards, does those repos need to be install on every node?
[01:08] <harushimo> IronDev: then I'll do it on all the nodes
[01:10] <IronDev> harushimo Ya I think
[01:11] <harushimo> IronDev: I'll keep you to update
[01:11] <harushimo> thanks again
[01:11] <IronDev> harushimo I gtg soon
[01:11] <IronDev> harushimo But you can memoserv
[01:12] <harushimo> IronDev: I'm good right now
[01:12] <harushimo> what's memoserv?
[02:41] <stooj> Hi all. I'm putting together a mail server but must have messed up somewhere. Using postfix + spamassassin + spamass-milter, communicating through a socket. But my mail.log contains the following every time the pipe is used:
[02:41] <stooj> May  2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: unreasonable packet length: 1397768525 > 1073741823
[02:41] <stooj> May  2 05:44:41 myhostname postfix/smtpd[15597]: warning: milter unix:/spamassassin/spamd.sock: read error in initial handshake
[02:42] <stooj> Anyone seen this before and recognise the problem?
[07:33] <Alina-malina> hello all, i need to forward ssh tunneling when someone connecting to my server from outside? i need to proxychain that connection to 127.0.0.1:777 how can i do this?
[08:51] <lordievader> Good morning.
[08:53] <swizgard> hi. the local dnsmasq thing does not really work out for me (it's flaky, sometimes hostnames don't get resolved for some tries and then they do. problems i don't have when the dns is in /etc/resolv.conf directly)
[08:54] <swizgard> any solutions for keeping networkmanager for the most part but not for dnsmasq?
[09:00] <lordievader> swizgard: Change the NetworkManager's config.
[09:01] <lordievader> swizgard: In Gentoo you add dnsmasq by doing [1], so I guess try to find that and remove it. [1] https://wiki.gentoo.org/wiki/NetworkManager#Dnsmasq
[09:06] <swizgard> lordievader: i changed "dns=dnsmasq" to "dns=none", but this just makes dns stop working completely
[09:06] <lordievader> swizgard: Try commenting the line ;)
[09:08] <swizgard> huh!
[09:09] <swizgard> that almost sounds as if it might work (-:
[09:38] <Alina-malina> how to forward user ssh connection to proxychains on server side?
[09:41] <OpenTokix> Alina-malina: proxy chains?
[09:41] <Alina-malina> yes
[09:41] <Alina-malina> proxychains
[09:41] <OpenTokix> Never heard the term before
[09:41] <OpenTokix> what is it?
[09:41] <Alina-malina> a chain of proxies
[09:41] <OpenTokix> for ssh?
[09:42] <Alina-malina> no
[09:42] <Alina-malina> tcp connection
[09:42] <OpenTokix> You have [ client - proxy - proxy - proxy - proxy - destination ]
[09:43] <OpenTokix> And the proxy is a simple forwarder, ie. a router?
[09:45] <OpenTokix> If that is the case, client only knows about the first proxy/router
[09:46] <Alina-malina> no its not the case
[09:46] <Alina-malina> i have a client
[09:46] <Alina-malina> he connects to over ssh to my server via tunneling browsing webpages
[09:46] <Alina-malina> so what i want is to forward his browsing over proxychains and not my server ip directly
[09:46] <Alina-malina> got it?
[09:47] <OpenTokix> Alina-malina: I have no idea what you are saying, you are mixing up techologies in your explaination until it makes no sense.
[09:47] <Alina-malina> i want to controll his access
[09:47] <Alina-malina> wow ur stupid
[09:47] <Alina-malina> its basic stuff
[09:48] <OpenTokix> Alina-malina: Maybe ask the question to someone who speaks your native language, since clearly english is not yours.
[09:48] <lordievader> Alina-malina: Insulting people won't help you. Please be respectful. Are you trying to string along ssh tunnels?
[09:48] <Alina-malina> string?
[09:49] <lordievader> client -> ssh tunnel -> ssh tunnel -> ssh tunnel -> destination.
[09:49] <Alina-malina> nah
[09:49] <Alina-malina> client->ssh tunnel->proxychains -> destination
[09:50] <Alina-malina> and allow ONLY TCP connections for that user and nothing else
[09:50] <lordievader> So forward localhost:some-tcp-port to the beginning of the proxychain?
[09:51] <Alina-malina> from where?
[09:51] <lordievader> That depends on your configuration, I suppose.
[09:52] <Alina-malina> so why i cant just portforward that specific user to proxyhchain directly?
[09:53] <lordievader> You can? Portforward the endpoint of the ssh tunnel to the beginning of the proxychain, that was what I was trying to say with the line above.
[09:54] <Alina-malina> so the client have to do this from his side, i dont get it? or i can do that as root, to force him to use it so he cant do anything else rather then browsing webpages over proxychain i provide to him?
[09:55] <lordievader> If you have access to his box, you can control anything. (Given you have the rights)
[09:56] <Alina-malina> yes root
[09:57] <lordievader> So you have full control ;)
[10:00] <Alina-malina> so i need to do this forwrading on iptables level or what? you just speak theoretically, no sense
[10:01] <Alina-malina> or user access control?
[10:51] <lordievader> Alina-malina: Iptables it probably easiest, yes.
[10:51] <Alina-malina> yes i already figure it out
[11:37] <Voyage> HI
[11:37] <Voyage>  I have apache on my vps and I was thinking to make a user named "developer" and put the website directory in his home dir. By this way, he would have access to the files via ssh, sftp and I dont have to give root password to him. Is that a good idea?
[11:38] <lordievader> Voyage: Yes, also look into apache's mod_userdir, or however it is called.
[11:40] <Voyage> hm
[11:41] <Voyage> lordievader,  should I just set apache root to /home and allow each site to a different developer. for instance         apache root as /home         and site-1 at /home/developer1-name/site-1-files         and site-2 at /home/developer2-name/site-2-files
[11:42] <lordievader> That doesn't sound like a good idea. Since www-data then needs access to all those home-dirs.
[11:43] <Voyage> hm.. you mean www-data needs to be owner or those files or just a chmod 777 would do ?
[11:44] <lordievader> No, it needs read (and perhaps execute) rights. Chmodding things to 777 is allways a bad idea.
[11:50] <Voyage> lordievader,  yes, agreed.
[11:50] <Voyage> lordievader,  it would need to write in many cases as well.
[11:51] <Voyage> so what is the best solution here?
[11:52] <lordievader> Voyage: Make dir in /var/www/ that is owned by your user with group www-data which has rx rights?
[11:54] <Voyage> how about i do it in home dirs?
[11:54] <Voyage> lordievader,  should I just set apache root to /home and allow each site to a different developer. for instance         apache root as /home         and site-1 at /home/developer1-name/site-1-files         and site-2 at /home/developer2-name/site-2-files
[11:54] <Voyage> If I have to live with conventions, what should be done. I was thinking to add the user in the other group. dev to www-data group or www-data to dev group.. what should it be. (I have many devs and many sites...)
[11:54] <lordievader> Then www-data needs x rights to the home-dir, I personally do not like that.
[11:54] <Voyage> no, I will not give x to full home
[11:55] <Voyage> only to the site dir
[11:55] <Voyage> eg.:
[11:55] <lordievader> Voyage: www-data cannot get to a subdir if it cannot acces a parent dir ;)
[11:55] <Voyage>  .  /home/username/site-dir
[11:55] <Voyage> oh..
[11:56] <Voyage> then I cant make chroot jails either
[11:56] <Voyage> right?
[11:57] <lordievader> Err, I have no experience with chroot jails.
[11:57] <Voyage> chroot jails is something that wont allow a user to get out of his home dir. this is a security . the user will not see whats outside. the system is invisible
[11:59] <lordievader> I know what it is, but never used it ;). So I cannot judge if that will accomplish your goal.
[11:59] <Voyage> hm
[12:03] <Voyage> lordievader,  when you said the following, what did you meant by group? I mean which user to add in which group? Make dir in /var/www/ that is owned by your user with group www-data which has rx rights
[12:05] <lordievader> Voyage: Every dir is owned by a user and a group, noted usually like $user:$group, in many cases they are both your username or root (root:root). For all groups see /etc/group.
[12:06] <Voyage> ok.
[12:07] <Voyage> so you want me to give the directory as the developer:apache-group ?
[12:07] <Voyage> or what?
[12:09] <Voyage> will developer-name:www-data do for any dir?
[12:15] <Voyage> lordievader,  there are groups and users. each user hase a group.   so If I give permission, for a file, to a user: some-other-group-that-user-is-not-a-member-of          but the required www-data user is. will do ?
[12:18] <lordievader> Yes. The user does not need to be a member of www-data.
[12:18] <Voyage> but if I just do chown -R a:b /dir           and then 'a' comes and creates some new files. those files will have permission to what? == to 'a' and 'a's group, not ' b' group and its users. correct?
[12:19] <lordievader> Make the group sticky, read the chown man page ;)
[12:21] <Voyage> sticky?
[12:21] <Voyage> hm ok
[12:21] <Voyage> if you run "id" it will say your primary group. If you create new files and don't change the owner, it'll be owned by your user and your primary group
[12:21] <Voyage> ok. I will read
[12:21] <Voyage> thanks!
[12:25] <jrwren> Voyage: see the "Sharing Write Permissions" at the bottom of https://help.ubuntu.com/14.04/serverguide/httpd.html
[12:25] <Voyage> hm
[12:25] <jrwren> It does not really explain the sticky bit though. We should update that.
[12:27] <Voyage> would I have to chmode everytime I make an update/create a new file?
[12:27] <Voyage> chmod/chown
[12:28] <Voyage> jrwren, ^
[12:28] <jrwren> no, that is the point of the sticky bit or ACL
[12:28] <Voyage>  I cant come to a final conclusion...  I want 3 people to have access to a dir and subdirs, create files, read/write but also want www-data:www-data to read/write those dirs.  I dont want to chmod/chown evertime theres a change in dir. so what should I do?     will this help?https://help.ubuntu.com/14.04/serverguide/httpd.html#http-directory-permissions
[12:28] <Voyage> jrwren, hm ACL. how to do that?
[12:28] <jrwren> I think sticky group will do everything you want.
[12:28] <jrwren> try it.
[12:29] <Voyage> ok
[12:30] <Voyage> wait. how about i just make a new user an add him to www-data group as his pri group?
[12:30] <jrwren> try it.
[12:31] <lordievader> Voyage: You don't really want to give the www-data too much write access ;)
[12:35] <Voyage> lordievader,  ya, but those users will be only for website management.
[12:35] <Voyage> how about I make pri group of www-data for all the 3 users?
[12:39] <lordievader> I was more talking about the security aspect of giving www-data, read apache, read the world, write acces ;)
[12:40] <Voyage> ya but ultimately the site content should be r/w by apache. so what ever dir it is.
[12:40] <lordievader> Why write?
[12:40] <jrwren> no, write by apache is generally not a good idea.
[12:40] <Voyage> wordpress and other stuff needs write access
[12:41] <Voyage> so www-data should have write access
[12:41] <jrwren> and wordpress has a vulnerability every week :)
[12:41] <Voyage> true
[12:41] <Voyage> but have to live with it
[12:41] <jrwren> indeed.
[12:41] <patdk-wk> I thought it had 3 last week
[12:41] <jrwren> patdk-wk: lol
[12:41] <Voyage> it does a lot of things. .htaccess writes, configs, plugins install etc
[12:41] <Voyage> so need write access
[12:41] <Voyage> so...
[12:42] <patdk-wk> you should not give write access to apache
[12:42] <patdk-wk> run wordpress as a different user
[12:42] <lordievader> Voyage: Give very specific write access.
[12:42] <patdk-wk> atleast limit it's damage it can do
[12:42] <Voyage> patdk-wk,  run? the apache runs the site/wp not the user and apache is ran by www-data
[12:42] <lordievader> For as far as I know it needs write acces to a couple of tmp folders.
[12:42] <patdk-wk> apache doesn't run crap
[12:42] <patdk-wk> php runs wordpress
[12:43] <patdk-wk> lordievader, autoupdates
[12:43] <Voyage> patdk-wk,  isnt php ran by apahce?
[12:43] <lordievader> On most of my wordpress stuff ww-data can only read.
[12:43] <Voyage> patdk-wk,  isnt php ran by apahce/www-data?
[12:43] <lordievader> patdk-wk: That is broken here ;)
[12:43] <patdk-wk> Voyage, only if your insanely lazy, and use mod_php
[12:44] <Voyage> patdk-wk,  actually I did... well, In installed apt-get apache2 php5 and it all went by itself
[12:44] <patdk-wk> use php5-fpm
[12:44] <jrwren> and then there is this: https://insights.ubuntu.com/2015/04/22/rewriting-wordpress-juju-charms-for-security-and-ha-on-openstack/
[12:45] <Voyage> fpm?
[12:45] <jrwren> ut oh, sounds like the wordpress chapter of the server guide needs some rewriting too.
[12:45] <Voyage> hm.. this sounds sane but I have read a lot
[12:45] <Voyage> so there are no simple things.
[12:46] <Voyage> I wonder how cpanel and web hosts do stuff. they deliver my theory in practical terms
[12:46] <patdk-wk> if things where simple, everyone would be doing it, and no one would have problems :)
[12:47] <patdk-wk> I would say, making a nice apparmor wrapper for wordpress would work great
[12:47] <patdk-wk> but would also be annoying to make and maintain
[12:47] <lordievader> And so no one does it ;)
[12:48] <patdk-wk> I did, it worked, till 4.1.2 last week
[12:48] <patdk-wk> I have to work on it again
[12:48] <lordievader> Hihi ;)
[12:48] <patdk-wk> and now we are on 4.2.1
[12:58] <Voyage> hm
[13:55] <Onionnion> I'm trying to add rules to UFW to deny some IPs that are showing in our logs, but when I add them I still get traffic from them
[13:56] <Onionnion> I'm using 'sudo ufw deny from <ip>'
[13:56] <Onionnion> and in ufw status it is loaded
[13:56] <Voyage> no rewrite logs appearing. did LogLevel        alert rewrite:trace5. I dont think rewrite is even working. How can I redirect every page to google.com?
[14:00] <lordievader> Onionnion: Could you paste the output of 'iptables-save' and state the ip you are trying to block?
[14:02] <jpds> Onionnion: Pastebin: sudo ufw status verbose
[14:02] <Voyage> I am only redirecting by .htaccess file. do I need to enable mode_rewrite?
[14:05] <patdk-wk> you can't redirect in .htaccess without mod_rewrite
[14:05] <maxb> Voyage: Which modules you need depends on which functions and configuration you want to use - *not* which file you put the configuration in
[14:06] <Onionnion> jpds, http://pastebin.com/6Zv0EZQp
[14:06] <Onionnion> trying to block 24.123.82.46 and a couple others
[14:06] <maxb> patdk-wk: Why do you say that? Redirect is valid in .htaccess scope
[14:06] <patdk-wk> does that not depend on rewrite mod?
[14:06] <maxb> no
[14:06] <patdk-wk> oh he was using wordpress though
[14:07] <jpds> Onionnion: Which port are you trying to block?
[14:07] <patdk-wk> that does depend on mod_rewrite
[14:07] <lordievader> Onionnion: Could you pastebin the iptables-save too :)
[14:07] <Onionnion> jpds, trying to drop anything from it
[14:07] <Onionnion> lordievader, on that now
[14:07] <lordievader> \o/
[14:07] <jpds> Onionnion: Your problem is that the DENY comes AFTER the allows.
[14:08] <Onionnion> ahh
[14:08] <lordievader> Ah, yes. Indeed.
[14:08] <Onionnion> ufw instert ?
[14:09] <Onionnion> insert*
[14:09] <jpds> Onionnion: Yep.
[14:09] <jpds> Onionnion: Also, blocking by individual IP like this is never going to scale.
[14:09] <lordievader> Onionnion: Take a look at ipset.
[14:10] <Onionnion> jpds, we've been getting hard traffic from these 4 specific IPs over the weekend
[14:10] <jpds> Onionnion: On specific ports?
[14:13] <Onionnion> jpds, haven't checked ports, but they're requesting a wpad.dat and it's been so hard that it's brough apache down a few times
[14:13] <Onionnion> over 5000 times within the most recent access.log
[14:13] <jpds> Onionnion: You could try something like: sudo ufw delete allow 80/tcp && sudo ufw limit 80/tcp
[14:14] <Onionnion> not familiar with limit
[14:14] <jpds> Onionnion: 6 new requests/IP/30 seconds.
[14:15] <Onionnion> well it's only been from 4 specific ips
[14:15] <maxb> A limit that strict sounds like it could impact normal website serving
[14:16] <patdk-wk> it would
[14:16] <maxb> wpad == web proxy auto discovery - therefore this sounds like it could just be incompetent config rather than malicious activity
[14:18] <lordievader> maxb: The point there is that it only limits sources which show a lot of connection in a short period. Normal serving should not show that behaviour.
[14:18] <lordievader> But as allways, it's a trade off.
[14:18] <patdk-wk> why not just add a rewrite 403 rule to the wpad?
[14:18] <patdk-wk> apache can easily handle thousands of those per second
[14:19] <maxb> All you need is a couple of users behind a NAT browsing a site with a moderate amount of images / css / js files, and you'd trivially hit [B[B[B[B[B[B[B6 new requests/IP/30 seconds
[14:19] <patdk-wk> I routinely hit 50 connections per ip
[14:20] <patdk-wk> and giving a single browser will only do 6
[14:20] <patdk-wk> Philippines have a huge /24 of just proxy servers that just blast out requests
[14:20] <patdk-wk> smaller, block, but more traffic, than aol
[14:21] <maxb> 6? I thought the common browser connection limits were 4 or 2?
[14:21] <patdk-wk> 4-6
[14:26] <OpenTokix> Onionnion: If it is a problem, rate-limit port 80
[14:26] <OpenTokix> with iptables
[14:35] <frickler> anyone into systemd here yet? I'm having trouble with my rc.local being run before network is up on vivid. And yes, I know it is kind of legacy to use that :-"
[14:36] <lordievader> frickler: Convert the actions taken there to a systemd script?
[14:49] <frickler> yes, might be possible, but this comes from an auto-install system that at the same time still should work with 12.04
[14:53] <jkyle1> I'm seeing the hostname service is masked in ubuntu 15.04
[14:53] <jkyle1> why's this?
[15:17] <cluelessperson> Hey guys
[15:17] <cluelessperson> I must have moronically typed a command wrong, my user doesn't appear to be sudo anymore.
[15:18] <cluelessperson> How can I add myself to sudo again without root access?  Can I boot into a recovery mode or something?  I do have console
[15:19] <balloons> cluelessperson, without root you'll need to boot via recovery and access root that way, re-edit the file, then continue
[15:34] <diegoaguilar> lordievader,
[15:34] <diegoaguilar> good morning
[15:38] <swizgard> lordievader: commenting the dns= line in NetworkManager.conf was exactly the right thing!
[15:38] <swizgard> thank you 1000x
[15:43] <K4k> I have a question about running an Ubuntu release mirror. I've got it all set up and it works great but there is a small stylesheet issue with the page. When I look at any release mirror page it has background colors and font colors to match the Ubuntu color theme but my Ubuntu release mirror does not have the background colors.
[15:43] <K4k> The CSS is coming from an @import in the <style> tag in the header and the page is formatted correctly w/ the exception of the colors.
[15:44] <K4k> Does something need to be enabled in apache2 to make this work?
[15:58] <t4nk842> ola
[16:12] <diegoaguilar> Hello, I have an issue while running a ssh server on a new 14.04 server
[16:12] <diegoaguilar> I reviewed everything, from ports, firewall and daemon but cant login
[16:12] <diegoaguilar> I posted a question here with whole extended details http://serverfault.com/questions/687019
[16:13] <teward> diegoaguilar: sshd is listening on 127.0.0.1
[16:14] <teward> diegoaguilar: that's localhost, and that means local to the system only.
[16:14] <teward> you need to tell sshd to listen on a different IP, either the internal IP on the system or 0.0.0.0
[16:14] <teward> (which is AnyIP)
[16:15] <teward> diegoaguilar: can internal traffic reach the box?
[16:15] <diegoaguilar> teward
[16:15] <diegoaguilar> that was it
[16:15] <diegoaguilar> god damn it
[16:16] <diegoaguilar> BUT before, the new brand installed ssh HAD *
[16:16] <diegoaguilar> ListenAddress *
[16:16] <diegoaguilar> and wasnt working
[16:16] <teward> yeah that's not nice
[16:16] <diegoaguilar> any reason why it would be like it
[16:16] <teward> but ListenAddress LocalIP    or ListenAddress 0.0.0.0 and ListenAddress ::   might solve it
[16:17] <teward> diegoaguilar: no idea, I usually don't use a default config file for SSH
[16:17] <teward> i have one that i just copy into place
[16:17] <teward> (with a lot of additional configuration needed on my servers)
[16:21] <teward> diegoaguilar: i answered that question as well, you may want to check
[16:23] <diegoaguilar> thanks teward
[16:23] <diegoaguilar> I accepted ur answer
[16:41] <teward> is there a server team meeting this week>
[17:05] <jkyle> when installing wireshark on 15.04 I get errors from policykit
[17:09] <sarnold> jkyle: can you pastebin the command you ran and the errors you got?
[17:27] <lordievader> swizgard: No problem ;)
[17:28] <jkyle> sure
[17:31] <hallyn> utlemming: smoser: when I fire up a vivid image using uvtool (i.e. cloud images), the image doesn' tseem to send its hostname to dhcp.  After a reboot, it does.  (so i can query the hostname of my 192.168.1.1 ns)
[17:31] <hallyn> with trusty it immediately works.  i'm not sure with cloud-init in the pictur where th eproblem would be
[17:33] <jkyle> sarnold: https://gist.github.com/jameskyle/6b182a013814d4e2f3f2
[17:35]  * teward waves at sarnold
[17:35] <sarnold> jkyle: please file a bug against systemd for that
[17:35] <sarnold> jkyle: I don't know what it hsould be doing but probably not that :)
[17:35] <sarnold> heya teward :)
[17:35] <teward> sarnold: got a few minutes for a PM?
[17:35] <sarnold> teward: sure
[17:36] <jkyle> sarnold: triggers are a apt packaging stage, right?
[17:36] <sarnold> jkyle: I think dpkg
[17:36] <jkyle> right. so this isn't a systemd error
[17:37] <sarnold> I'm assuming it is an error in systemd's triggers or pre/post inst/rm hooks
[17:37] <jkyle> it's a packaging error, if I recall systemd doesn't need policykit anymore. so probably shouldn't be triggering any changes in policykit
[17:38] <smoser> hallyn, how does uvtool set its hostname ?
[17:39] <sarnold> jkyle: either way, pitti will nkow what to do :) the easiest way to get it on his plate for a fix is a bugreport against systemd
[17:40] <smoser> hallyn, i think its just a race condition
[17:41] <smoser> i think you were just lucky on trusty
[17:41] <smoser> pretty sure that in both cases, ifup eth0 is not blocked on finding the datasource which provides cloud-init its hostname
[17:44] <hallyn> rbasak: offhand do you recall how uvtool sets the hostname on create?  Doe sit do it through user-data?
[17:44] <hallyn> maybe setting the hostname triggers an action under upstart which it doesn't under systemd?
[17:50] <smoser> hallyn, it uses NoCloud dataosoruce
[17:51] <smoser> pretty sure.
[17:51] <smoser> so i'm pretty sure you were just lucky before
[17:51] <hallyn> then how should that be fixed so we are always lucky?
[18:29] <Vasquez2> Anyone heard of a mobo with dual nic swapping the mac addresses when the eth cable is swapped to the other port?
[18:29] <rbasak> hallyn, smoser: through userdata. The datasource that cloud-localds creates.
[18:31] <rbasak> I'm not sure how I feel about dhclient sending hostname from cloud-init. It means the logic has to be the other way round when the hostname is picked up from DHCP+network metadata. So it seems like a nice-to-have for development and debugging perhaps, but nothing should rely on it, and it'd have to be a feature in cloud-init to cope well with both cases.
[18:35] <rattking> Vasquez2 the bonding driver can do that now
[18:35] <Vasquez2> Neat, thanks
[18:35] <rattking> (if your switch supports it)
[18:36] <Vasquez2> some kind of magic packets to re-auth?
[18:38] <rattking> I am not sure how active-backup works off the top of my head
[18:55] <diegoaguilar> Hello, Im running a linux server, on every ssh login I get a message at server like
[18:55] <diegoaguilar> FAT-ds (sdb1): FAT read failed (blocknr 34)
[18:55] <diegoaguilar> what should I do
[19:11] <xcyclist> I'm getting a warning when trying to upgrade an AWS ubuntu Ubuntu 12.04.5 LTS \n \l, and it warns me not to do it on an SSH connection.
[19:11] <xcyclist> What is recommended instead?  We only have ssh connections to this cloud server?
[19:12] <sarnold> xcyclist: I think I'd try it in tmux or screen so if your ssh connection dies, you can at least try to re-attach
[19:12] <xcyclist> Ok.  I'll look at those.  Thank you.
[19:24] <jrwren> why does a cloudimg install OOTB not ask me for a password to sudo as ubuntu user, but lxc does?  shadow entry for ubuntu is same and sudoers file is same on both.
[19:25] <xcyclist> Okay, I am in tmux, but perhaps I don't understand.  It still seems to require ssh access on top of tmux, right?
[19:26] <xcyclist> Oh, I guess that is implied in your statement.  Sorry.
[19:27] <xcyclist> It also makes the statement:  If you continue, an additional ssh daemon will be started at port  '1022'.
[19:29] <sarnold> xcyclist: be sure to run tmux on the aws instance, not the local machine :) well, nothing wrong with running it locally, too, if you want...
[19:30] <jrwren> last time I ran do-release-upgrade it automatically started a tmux or screen for me. FYI
[19:30] <sarnold> jrwren: check the /etc/sudoers.d/ directory?
[19:30] <sarnold> jrwren: oo nice ;)
[19:30] <jrwren> sarnold: yes, that is it. strange that #includedir /etc/sudoers.d
[19:30] <jrwren> looks like a comment. its NOT a comment ;(
[19:31] <sarnold> heh especially bad with a grep -v ^# ...
[19:31] <jrwren> thanks sarnold
[19:32] <sarnold> *ahem* I'm halfway guilty of the same bad decision elsewhere, though... "but #include is standard cpp, it'll be familiar:
[19:33] <jrwren> yes. looks like cpp, still odd when # is a commnt. I get it. it is still surprising.
[19:33] <jrwren> I don't know that I've ever seen #include work in a language where # is a comment :)
[19:33] <jrwren> I have now :)
[19:34] <sarnold> apparmor, too. fwiw we also support plain 'include' but.. no one uses it. go figure. :)
[20:22] <hallyn> rbasak: uvt-kvm switch which sets a userdata bit which says sned the hostname?
[20:28] <jrwren> hallyn: you could likely ifdown eth0; ifup eth0; instead of reboot to restart dhclient and trigger the hostname send.
[20:43] <tyler_wy1ie> Greetings; I am wondering if anyone here has done a preseed.cfg for any of the newer releases of Ubuntu Server(we're using 14.04 specifically) and can help point me in the right direction
[20:50] <hallyn> jrwren: i'd have to get inside to do that :)  yes i could use cloudinit to do that, but i'm looking for a "it just works" way
[20:54] <jrwren> hallyn: --run-script-once when you uvt-kvm create ?
[20:54] <jrwren> hallyn: or is that not IJW enough?
[20:54] <hallyn> right, it's not IJW at all
[20:55] <tyler_wy1ie> Or if someone knows of a better way to deploy a large amount of Ubuntu servers with the same config; pretty barebones install actually
[20:55] <hallyn> if it was only for myself i'd be ok with it, but i can't be the only one who spins up a new fm then ssh's to '<vm-name>.lu'
[21:07] <sarnold> tyler_wy1ie: I know a channel regular used FAI -- fai-server, fai-client, fai-doc packages, http://fai-project.org/ -- you can also try to use maas (not really it's main purpose) or landscape (commercial)
[21:12] <tyler_wy1ie> sarnold: thanks, we will be checking out a few of these options :)
[21:13] <xcyclist> It finished without a disconnect anyway.
[21:13] <sarnold> xcyclist: nice :)
[21:39] <rattking> tyler_wy1ie: FWIW I use FAI on a wide variety of hardware with great success
[21:53] <tyler_wy1ie> rattking: I'm reading through the documentation right now, seems like it will do what we want.  C
[21:53] <tyler_wy1ie> rattking: Checking out Landscape too
[21:57] <rattking> cool. good luck. you can do about anything with fai and scripts.
[21:58] <tyler_wy1ie> Yea we'll just be doing barebones OS installs for clients; but manually doing it through iLO is a pain in the ass
[23:29] <rbasak> hallyn: the awkward thing is that although in the uvtool case the userdata (and thus the hostname set in there) can be known before DHCP, in the general case it cannot.
[23:29] <rbasak> Unless I'm mistaken about that.
[23:30] <rbasak> I'm assuming that there exist datasources which require DHCP to have happened to be able to retrieve userdata.
[23:30] <rbasak> Anyway, it's a cloud-init thing.
[23:30] <rbasak> uvtool will do whatever cloud-init does.
[23:31] <rbasak> I have no objection to uvtool setting userdata by default causes cloud-init to send the hostname set by userdata in the DHCP request.
[23:51] <mojtaba> Hi, Is there any web based monitoring tools for servers? (I have three servers and I want to monitor them all at once.)
[23:59] <sarnold> mojtaba: i've heard good things about elasticsearch and kibana, e.g. http://blog.trifork.com/2013/11/28/use-kibana-to-analyze-your-images/ -- but it all looks bit .. dashboardy to me, it's hard for me ot see the utility there.
[23:59] <mojtaba> sarnold: thx, I will check them