/srv/irclogs.ubuntu.com/2015/05/15/#ubuntu-server.txt

sarnoldIronDev: openstack is a collection of multiple services00:07
darius93IronDev, look on openstack wiki about finding the tools needed for it00:07
sarnoldIronDev: if you've got enough machines handy, this looks like a great starting point http://www.ubuntu.com/download/cloud/install-ubuntu-openstack00:07
IronDevsarnold Can I use ESXi00:08
sarnoldIronDev: yes, though note that nested virtualization will be quite a bit slower than having enough physical machines00:08
IronDevsarnold Is there a detailed guide00:11
=== idafyaid is now known as bebilonu
sarnoldIronDev: looks like the openstack website isn't happy; this should help though https://web.archive.org/web/20150407215942/http://docs.openstack.org/icehouse/install-guide/install/apt/content/00:16
IronDevsarnold Hehe thx00:16
=== zz_DenBeiren is now known as DenBeiren
=== markthomas is now known as markthomas|away
nubycan anybod help me02:48
nubyhello02:49
nubyanyone02:52
sarnoldnuby: irc works best if you ask specific questions02:55
nubycan anybody help be03:10
sarnoldnuby: enjoy http://www.catb.org/~esr/faqs/smart-questions.html03:10
nubyi need someone to test my website03:11
jrwrenhttp://downforeveryoneorjustme.com can do that for you03:26
trammelhello03:31
trammelanyone down to help me with a problem03:31
trammelis anyone on out of the 445 users?03:32
mrmylanmantrammel - I might be able to help; what's up03:32
trammelbasically, my power went out today, there was no hardware damage, however for some weird reason I can no longer ssh to my ubuntu server, nor can I connect to mysql, mumble, or my apache and glassfish servers running off my ubuntu server03:33
trammelhowever, it has internet access and I can ping it03:34
mrmylanmantrammel - is it a physical server or through a hosting provider?03:34
trammelit is a physical server03:35
mrmylanmanDo you have physical access to it?03:35
trammelyes03:35
mrmylanmanHave you looked at the logs yet to see any errors? It's possible that something got corrupted if there was a power loss03:35
trammelI have not. What log should I look at?03:36
mrmylanmanYou can type dmesg to view the kernel output messages to see if anything looks suspicious, as well as files within /var/log or /var/log/upstart03:37
mrmylanmanYou'll maybe need sudo access to view files in /var/log/upstart03:38
sarnoldtrammel: maybe check firewall rules too? perhaps you had added some rules to allow access in the past, but not saved them?03:38
trammelok, so the dmesg log is super long but at the bottom there are a few things03:39
trammelext4-fs (sda2): unable to read superblock03:39
JanCor the firewall rules used fixed IP which now changed...?03:39
trammelFAT-fs (sda2): invalid media value03:39
trammelno, my IP is the same and my firewalls all look fine, i even tried shutting them off to see if that was it03:40
trammelmy router IP, server IP and public IP have not changed03:40
trammelqnx4: no qnx4 filesystem (no root dir)03:40
trammelthat one is weird03:40
trammelufs: You didn't specify the type of your ufs filesystem03:41
trammelcan't find a hfs filesystem on dev sda203:41
sarnoldmost of those are probably fine to ignore; that looks like something probin gthe partition to determine what type of filesystem it is.03:41
sarnoldand sadly the best way to probe is to actually try mounting it in two dozen different ways.03:42
mrmylanmancan you run "cat /etc/mtab" and paste the lines for sda2, but like sarnold said it's probably probing the FS type03:42
trammeli cannot paste them unfortunately, ssh doesn't work03:42
sarnold.. but if you expected /dev/sda2 to have an ext2, ext3, or ext4 filesystem on there, that might be trouble ;)03:42
sarnoldtrammel: heh :(03:42
mrmylanmanis there "ro" in the file, that could be the problem03:42
trammeli do not see a ro03:43
trammelwhen i try to ssh, btw, this may be significant03:44
trammelI originally got this03:44
trammel@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@03:44
trammel@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @03:44
trammel@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@03:44
trammelIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!03:44
trammelSomeone could be eavesdropping on you right now (man-in-the-middle attack)!03:44
trammelIt is also possible that a host key has just been changed.03:44
trammelthen fixed that03:44
trammeland now get this03:44
trammelPassword:03:44
trammelPassword:03:44
trammelPassword:03:44
trammelPermission denied (publickey,keyboard-interactive).03:44
mrmylanmanAre you accessing the right machine?03:44
trammelyes03:44
trammelI have tried with my hostname and the ip03:44
sarnolddoes 'ip addr list' show the IP you expected?03:45
mrmylanmanWhen you get that error it means either the installation changed, the machine is different than in the past, or something else along those lines has changed (thought I don't know what exactly causes the host ID to change)03:45
trammelyes it does03:46
trammelah wait03:47
trammelno03:47
trammeland i just sshed to it03:47
trammeland it worked03:47
trammelwhy would my ip change?03:47
sarnolddhcp is the usual culprit03:48
mrmylanmanIf you were using DHCP03:48
trammeli wasn't. I wanna blame the PGE power outage but I can't see how shutting the server off can do much03:49
trammelif not physically harm it03:49
trammelmy mumble server is still not working... hmmm03:50
mrmylanmanWell if the power went off when something was in progress you can corrupt stuff; I've had that happen with MySQL before03:51
mrmylanmanLong time ago though03:51
trammelluckily mysql is running fine, just checked it in the workbench03:51
JanCpossibly some checks / repairs took so long that certain services failed to start?03:52
trammelwho knows03:54
trammelanyway, I bid you all a farewell03:54
trammelthanks a million you guys are great03:54
trammelespecially mrmylanman, thank you a bunch!03:54
=== Lcawte|Away is now known as Lcawte
noteugeneHi people, I have problem with apt-get complaining that package is not authenticated (http://paste.ubuntu.com/11144078/). Looking at strace the last thing it does it executes /usr/lib/apt/methods/http, it reads greeting and quits.09:21
noteugeneit's literaly this http://paste.ubuntu.com/11144460/09:25
jellynoteugene: Does "apt-get update" complain of repos with missing keys?  What does "apt-cache policy libaio1; apt-cache policy" say?09:35
noteugeneapt-get fixes that problem temporarily (it returns again later)09:36
noteugenehttp://paste.ubuntu.com/11144605/09:36
noteugenethis error sometimes happens on server boot when chef-solo runs apt-get install. and I do run apt-get update before running chef. it's not specific to mysql/aio package, I've seen another packages failing exactly like this09:43
noteugenethe server I can reproduce this error at the moment has been running for 28 days, and apt-cache was updated the last time at 6:00 this morning via unattended-upgrades09:44
=== YamakasY1 is now known as YamakasY
=== Lcawte is now known as Lcawte|Away
=== liam_ is now known as Guest15928
=== pgraner-afk is now known as pgraner
=== utlemming_away is now known as utlemming
tewardany idea why vsftpd might suddenly start choking on this error in 14.04?  "500 OOPS: prctl PR_SET_SECCOMP failed"14:05
rbasakThat sounds familiar.14:06
tewardrbasak: it fubar'd my ability to update my wordpress blog for a month, only stumbled upon this workaround today: http://superuser.com/questions/908024/vsftpd-500-oops-prctl-pr-set-seccomp-failed14:06
tewardrbasak: i'm not really concerned since only two IPs (both mine) can actually communicate to vsftpd, and there's no other users on that server, but...14:07
teward(I also don't have it autostart - i turn it off and on manually xD)14:07
rbasakteward: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1219857 might be related14:07
tewardrbasak: regression perhaps?14:08
tewardor is that change still in there?14:08
rbasakI don't see any other updates.14:08
rbasakWhat kernel are you using?14:08
tewardy'know it'd help if i had set up landscape or something, I have... 148 upgrades to run14:09
tewardmy fault for being busy :/14:09
tewardi feel stupid because that's a lot of missed security updates O.O14:09
rbasakI just use unattended-upgrades and forget about it.14:09
tewardrbasak: i kinda threw this server up fast because another died :/14:09
tewardso i didn't do full configuration14:10
tewardstill i have... what, 6 - 8 servers now...?  maybe i should set up standalone (free?) landscape or something14:10
jcastroyou get 10 licenses so you've got 2 spare!14:11
tewardrbasak: is there a way to get unattended-upgrades to only apply security updates?14:11
jcastroteward: comment out the non-security lines in /etc/apt/apt.conf.d/50unattended-upgrades14:13
jcastroI believe by default it's security-only, but I could be wrong14:13
rbasakYes - I think it's security-only by default.14:15
tewardI'll check.  Thanks.14:25
tewardjcastro: i don't have a link handy to the standalone landscape, do you know where I can find that?14:25
rbasakteward: http://askubuntu.com/a/550625/7808 maybe?14:27
tewardrbasak: thank you kindlg!14:27
tewardkindly*14:27
tewardurgh i can't type... maybe i need more coffee14:27
* genii slides teward a fresh mug of the high octane stuff14:27
tewardrbasak: stupid question, do VPSes count as physical machines or virtual machines to Landscape?14:30
tewardgenii: not strong enough.  INCREASE THE CAFFEINE CONTENT MY A FACTOR OF TEN THOUSAND!14:30
teward:p14:30
rbasakNo idea, sorry14:30
tewardmeh no problem14:30
=== Lcawte|Away is now known as Lcawte
geniiteward: http://askubuntu.com/questions/549809/how-do-i-install-landscape-for-personal-use14:33
tewardgenii: that's what rbasak linked to :)14:34
tewardgenii: the question is whether VPSes apply as Virtual Machines, or Physical Machines14:34
geniiHm, not sure.14:34
tewardheh.14:35
tewardmeh, no problem.  :)14:35
=== markthomas|away is now known as markthomas
=== ashleyd is now known as ashd
tewardanyone know what the minimum system requirements are for a personal landscape standalone instance?16:32
fellayaboyis it possible to SSH -x (X11 forward) an app even though the server has no desktop environment?16:45
fellayaboyssh -x (x11 forward) from a ubuntu desktop client?16:46
smoserstrikov, rbasak17:02
rbasako/17:03
smoseri clearly have no idea how this works17:03
smoserhttp://paste.ubuntu.com/11150407/17:03
smoserrun that on vivid17:03
smosershows this:17:03
smoser http://paste.ubuntu.com/11150412/17:03
smosermy 'dd' of /dev/vdb somehow updated /proc/partitions17:03
smoseri'm pretty certain 'dd' did not call ioctl(fd, BLKRRPART);17:04
rbasakI didn't expect that.17:04
rbasakapw: ^^ kernel magic?17:04
smoserutopic behaves like i expected.17:06
smoserie, after final sleep , vdb1 is still there. and running 'blockdev --rereadpt /dev/vdb' will make it disappear17:06
strikovsmoser: sfdisk --no-reread shouldn't reread it as well i think17:06
strikovsmoser: it looks like kernel does its own work and by running BLKRRPART we do it twice on vivid17:07
strikovthat's why we observe this strange pattern of add/delete17:07
smoserstrikov, well, thats known behavior :)17:07
smosersilly behavior, but known.17:07
smoser'--no-reread' does not say "do not call BLKRRPART". it says "dont call it *before* you do anything"17:08
smoserit will still call it afterwards :)17:08
smoseri just can't believe the kernel is actually doing that17:09
smoseralmost impossible.17:09
strikovsmoser: side note, i just figured out that libparted doesn't create ext{3,4} that's silly but it takes these names as fs but do nothing for them, just partitions the drive17:12
strikovsmoser: so i predict world of pain with manual partitioning :)17:12
smoserthats what i thought :)17:14
smoserat least i'd heard that at some point.17:14
strikovsmoser: 'i told you so' :)17:18
strikovsmoser: dd somehow triggers udev remove event17:18
smoseryeah, it sure does.17:18
smoserit is crazy17:19
=== pgraner is now known as pgraner-afk
strikovsmoser: did you try older kernel?17:29
smoserwlel... investigating that.17:31
darius93is it safe to use debian packages on ubuntu? like add it to the source list to be installed via apt-get?17:34
geniidarius93: It is not recommended17:35
genii( or supported )17:36
rbasaksmoser: I wonder if something's being clever in userspace. systemd inotifying on the device node and sending the kernel the BLKRRPART ioctl when it detects change and close maybe for example?17:39
rbasakSeems unlikely, but so is your behaviour.17:39
darius93genii, i know its not recommended but since there isnt any ppa of the package i wish to install (trying to use any other version of ubuntu wouldnt work since it would require packages that isnt available on trusty) that is up to date (or have the fixes im looking for) that what lead me to ask. I could build the application from source but i was informed its not wise to do a system install (eg make install) due to problems it could bring17:40
smoserrbasak, yea, it would seem like that.17:41
smoserbut think about what that means...17:42
smoserif someone is using the device for something else than a partition... as a raw device.17:42
smoserthen arbitrary open/close could trigger udev events and such17:42
geniidarius93: I would try instead to temporarily add whatever repo it uses, and then follow https://help.ubuntu.com/community/UpdatingADeb to make a deb installable for Ubuntu from the Debian sources.17:45
smoserrbasak, well.. something is watching for sure.17:45
strikovrbasak: smoser: my understanding was that's not systemd because we tried with vivid/upstart17:45
genii( that example shows to apply a patch but process is the same )17:45
smoserbut crazy...17:46
smoseri run 'udevadm monitor'17:46
smoserand then17:46
smosersudo dd if=/dev/zero bs=1 count=1 of=/dev/vdb17:46
smoserKERNEL[101461.100081] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)17:46
smoserUDEV  [101461.237178] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)17:46
smosereven this triggers the events17:47
smoserand on utopic17:48
smosersudo python -c 'with open("/dev/vdb", "w") as fp: pass'17:48
smoserwow. so pretyt much any time open in rw occurs on a block device, kernel sends event.17:48
smoserthat was completely unexpected for me.17:49
strikovsmoser: open or close?17:50
smoserwell, close. i suspect.17:50
smoserstrikov, it is on close17:53
strikovsmoser:17:54
strikov# watch metadata changes by tools closing the device after writing17:54
strikovKERNEL!="sr*", OPTIONS+="watch"17:54
strikov/lib/udev/rules.d/60-persistent-storage.rules17:54
smoseryeah.17:58
smoserstrikov, in vivid17:59
smoserhttp://paste.ubuntu.com/11151254/17:59
smoserthat is /lib/udev/rules.d/60-persistent-storage-dm.rules17:59
strikovsmoser: yeah, i'm not sure which one actually triggers it but it's definitely one of them18:02
smoserits not18:02
=== phunyguy is now known as phunygal
=== phunygal is now known as phunyguy
strikovsmoser: Drop me email please if you find a root cause for this. Weather is very bad in Moscow and I'll be hacking during the weekend.18:51
smoser:)18:51
smoserk. this just seems like madness18:51
smosersheer madness18:51
strikovsmoser: why did you say that it's not watch? you tried to remove it from rules and checked?18:52
smoseryeah, i think.18:52
smoseri have done so many things since then . i forgot :)18:52
strikovsmoser: I see :) Happy hacking then. See you on Monday.18:54
caliculkHey, I am on LTS 14.04.2, and after running Nessus, I found that my server is running an unsecure version of Samba. However, looking through the package list, the most recent version of samba seems to be pretty out of date (by more a little more than a year). I was wondering why Samba hasn't been upgraded or secureity releases haven't been rolled into an upgraded samba package?19:16
sarnoldcaliculk: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version19:17
sarnoldcaliculk: nessus assumes everyone on the planet builds all their software from source themselves.19:17
sarnoldcaliculk: if that's what you do, feel free to take their advice :)19:18
sarnoldcaliculk: here's the ubuntu security's team view of what's outstanding in the 'samba' package: http://people.canonical.com/~ubuntu-security/cve/pkg/samba.html19:18
caliculkI know that the packages aren't routinely upgaded like that of 15.04 or a non LTS release. But, I would think that Code Execution would be a pretty serious issue, which has been patched for the past 5 months.19:19
caliculkI mean, it is easily fixed with a single line in the config, but, still.19:20
sarnoldcaliculk: hmm; do you have a CVE number handy?:19:21
caliculkhttps://www.samba.org/samba/security/CVE-2015-024019:21
sarnoldcaliculk: http://www.ubuntu.com/usn/usn-2508-1/19:22
caliculkWell, I am on that version, but Nessus still reports that vulnerability.19:24
caliculkSo... hm... alright19:24
sarnoldthat's because they aren't testing vulnerabilities, they are testing version numbers from banners.19:24
sarnoldand that's a silly idea because almost no one uses software that way ...19:24
=== CiPi is now known as cipi
caliculkHm, yeah, alright. Do you have any other suggestions on software similar to Nessus that actualyl tests vulnerabilities rather than just reporting version number?19:27
cryptodan_laptopcaliculk: use google19:28
sarnoldcaliculk: the metasploit project is probably the best bet..19:28
sarnoldChrisfu: some folks are working on bringing OVAL to ubuntu, I suspect the end result of that would be something similar to version-scanning but with actual information about which package versions fixed which issues..19:29
caliculkYeah I am in the process of installing that19:29
sarnoldChrisfu: sorry, tab-misfire, ignore me :)19:30
patdk-wktesting vaunerabilities are hard19:40
patdk-wkcause it depends on what is open for it to exploit19:41
patdk-wkthere could be many entrances to get to something, such as an openssl exploit19:41
patdk-wkbut openssl is easy to test against so far, as that is on the first layer normally19:41
patdk-wksomething else, such as php, would be harder19:42
patdk-wkand nessus will do vaunerability testing, if you pay and enable it19:42
sarnoldoh that's why they're still doing version number scraping..19:43
sarnoldto do a poor enough job to be paid to do a better job :)19:43
patdk-wklucky, I can't remember the last time a bank told me I failed their pci compliance scan19:43
patdk-wkthey used to tell me that all the time, and I would respond back to tell them to fix their ssl scanner, incorrectly tagging stuff19:44
patdk-wkhaven't heard from them in over a year19:44
sarnold:)19:44
=== markthomas is now known as markthomas|away
YamakasYis it possible that shopt it not found when running a bash script using puppet ?20:01
bekksYamakasY: Is it what you are experiencing?20:01
sarnoldYamakasY: shopt is a shell builtin, built in to bash but not dash. are you using /bin/sh scripts?20:02
YamakasYsnolahc1: whoops, no /bin/bash20:02
YamakasYbekks: not found20:03
bekksYamakasY: Then yes, it is possible. You are experiencing it, it is possible.20:03
YamakasYwill try sh20:04
RoyKYamakasY: why isn't bash installed?20:11
YamakasYRoyK: it is was missing the !20:25
YamakasYok, so fixed :()20:25
YamakasYthanks guys20:25
=== cipi is now known as CiPi
Funhi21:31
Fundisk went funky21:31
Funsaying 1 bad sector21:31
Funwont boot21:31
Funseems some parts of boot partition ended up in that sector21:32
=== Lingo is now known as IronDev
=== Lcawte is now known as Lcawte|Away
=== idafyaid is now known as bebonu

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!