[00:07] <sarnold> IronDev: openstack is a collection of multiple services
[00:07] <darius93> IronDev, look on openstack wiki about finding the tools needed for it
[00:07] <sarnold> IronDev: if you've got enough machines handy, this looks like a great starting point http://www.ubuntu.com/download/cloud/install-ubuntu-openstack
[00:08] <IronDev> sarnold Can I use ESXi
[00:08] <sarnold> IronDev: yes, though note that nested virtualization will be quite a bit slower than having enough physical machines
[00:11] <IronDev> sarnold Is there a detailed guide
=== idafyaid is now known as bebilonu
[00:16] <sarnold> IronDev: looks like the openstack website isn't happy; this should help though https://web.archive.org/web/20150407215942/http://docs.openstack.org/icehouse/install-guide/install/apt/content/
[00:16] <IronDev> sarnold Hehe thx
=== zz_DenBeiren is now known as DenBeiren
=== markthomas is now known as markthomas|away
[02:48] <nuby> can anybod help me
[02:49] <nuby> hello
[02:52] <nuby> anyone
[02:55] <sarnold> nuby: irc works best if you ask specific questions
[03:10] <nuby> can anybody help be
[03:10] <sarnold> nuby: enjoy http://www.catb.org/~esr/faqs/smart-questions.html
[03:11] <nuby> i need someone to test my website
[03:26] <jrwren> http://downforeveryoneorjustme.com can do that for you
[03:31] <trammel> hello
[03:31] <trammel> anyone down to help me with a problem
[03:32] <trammel> is anyone on out of the 445 users?
[03:32] <mrmylanman> trammel - I might be able to help; what's up
[03:33] <trammel> basically, my power went out today, there was no hardware damage, however for some weird reason I can no longer ssh to my ubuntu server, nor can I connect to mysql, mumble, or my apache and glassfish servers running off my ubuntu server
[03:34] <trammel> however, it has internet access and I can ping it
[03:34] <mrmylanman> trammel - is it a physical server or through a hosting provider?
[03:35] <trammel> it is a physical server
[03:35] <mrmylanman> Do you have physical access to it?
[03:35] <trammel> yes
[03:35] <mrmylanman> Have you looked at the logs yet to see any errors? It's possible that something got corrupted if there was a power loss
[03:36] <trammel> I have not. What log should I look at?
[03:37] <mrmylanman> You can type dmesg to view the kernel output messages to see if anything looks suspicious, as well as files within /var/log or /var/log/upstart
[03:38] <mrmylanman> You'll maybe need sudo access to view files in /var/log/upstart
[03:38] <sarnold> trammel: maybe check firewall rules too? perhaps you had added some rules to allow access in the past, but not saved them?
[03:39] <trammel> ok, so the dmesg log is super long but at the bottom there are a few things
[03:39] <trammel> ext4-fs (sda2): unable to read superblock
[03:39] <JanC> or the firewall rules used fixed IP which now changed...?
[03:39] <trammel> FAT-fs (sda2): invalid media value
[03:40] <trammel> no, my IP is the same and my firewalls all look fine, i even tried shutting them off to see if that was it
[03:40] <trammel> my router IP, server IP and public IP have not changed
[03:40] <trammel> qnx4: no qnx4 filesystem (no root dir)
[03:40] <trammel> that one is weird
[03:41] <trammel> ufs: You didn't specify the type of your ufs filesystem
[03:41] <trammel> can't find a hfs filesystem on dev sda2
[03:41] <sarnold> most of those are probably fine to ignore; that looks like something probin gthe partition to determine what type of filesystem it is.
[03:42] <sarnold> and sadly the best way to probe is to actually try mounting it in two dozen different ways.
[03:42] <mrmylanman> can you run "cat /etc/mtab" and paste the lines for sda2, but like sarnold said it's probably probing the FS type
[03:42] <trammel> i cannot paste them unfortunately, ssh doesn't work
[03:42] <sarnold> .. but if you expected /dev/sda2 to have an ext2, ext3, or ext4 filesystem on there, that might be trouble ;)
[03:42] <sarnold> trammel: heh :(
[03:42] <mrmylanman> is there "ro" in the file, that could be the problem
[03:43] <trammel> i do not see a ro
[03:44] <trammel> when i try to ssh, btw, this may be significant
[03:44] <trammel> I originally got this
[03:44] <trammel> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[03:44] <trammel> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
[03:44] <trammel> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[03:44] <trammel> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
[03:44] <trammel> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
[03:44] <trammel> It is also possible that a host key has just been changed.
[03:44] <trammel> then fixed that
[03:44] <trammel> and now get this
[03:44] <trammel> Password:
[03:44] <trammel> Password:
[03:44] <trammel> Password:
[03:44] <trammel> Permission denied (publickey,keyboard-interactive).
[03:44] <mrmylanman> Are you accessing the right machine?
[03:44] <trammel> yes
[03:44] <trammel> I have tried with my hostname and the ip
[03:45] <sarnold> does 'ip addr list' show the IP you expected?
[03:45] <mrmylanman> When you get that error it means either the installation changed, the machine is different than in the past, or something else along those lines has changed (thought I don't know what exactly causes the host ID to change)
[03:46] <trammel> yes it does
[03:47] <trammel> ah wait
[03:47] <trammel> no
[03:47] <trammel> and i just sshed to it
[03:47] <trammel> and it worked
[03:47] <trammel> why would my ip change?
[03:48] <sarnold> dhcp is the usual culprit
[03:48] <mrmylanman> If you were using DHCP
[03:49] <trammel> i wasn't. I wanna blame the PGE power outage but I can't see how shutting the server off can do much
[03:49] <trammel> if not physically harm it
[03:50] <trammel> my mumble server is still not working... hmmm
[03:51] <mrmylanman> Well if the power went off when something was in progress you can corrupt stuff; I've had that happen with MySQL before
[03:51] <mrmylanman> Long time ago though
[03:51] <trammel> luckily mysql is running fine, just checked it in the workbench
[03:52] <JanC> possibly some checks / repairs took so long that certain services failed to start?
[03:54] <trammel> who knows
[03:54] <trammel> anyway, I bid you all a farewell
[03:54] <trammel> thanks a million you guys are great
[03:54] <trammel> especially mrmylanman, thank you a bunch!
=== Lcawte|Away is now known as Lcawte
[09:21] <noteugene> Hi people, I have problem with apt-get complaining that package is not authenticated (http://paste.ubuntu.com/11144078/). Looking at strace the last thing it does it executes /usr/lib/apt/methods/http, it reads greeting and quits.
[09:25] <noteugene> it's literaly this http://paste.ubuntu.com/11144460/
[09:35] <jelly> noteugene: Does "apt-get update" complain of repos with missing keys?  What does "apt-cache policy libaio1; apt-cache policy" say?
[09:36] <noteugene> apt-get fixes that problem temporarily (it returns again later)
[09:36] <noteugene> http://paste.ubuntu.com/11144605/
[09:43] <noteugene> this error sometimes happens on server boot when chef-solo runs apt-get install. and I do run apt-get update before running chef. it's not specific to mysql/aio package, I've seen another packages failing exactly like this
[09:44] <noteugene> the server I can reproduce this error at the moment has been running for 28 days, and apt-cache was updated the last time at 6:00 this morning via unattended-upgrades
=== YamakasY1 is now known as YamakasY
=== Lcawte is now known as Lcawte|Away
=== liam_ is now known as Guest15928
=== pgraner-afk is now known as pgraner
=== utlemming_away is now known as utlemming
[14:05] <teward> any idea why vsftpd might suddenly start choking on this error in 14.04?  "500 OOPS: prctl PR_SET_SECCOMP failed"
[14:06] <rbasak> That sounds familiar.
[14:06] <teward> rbasak: it fubar'd my ability to update my wordpress blog for a month, only stumbled upon this workaround today: http://superuser.com/questions/908024/vsftpd-500-oops-prctl-pr-set-seccomp-failed
[14:07] <teward> rbasak: i'm not really concerned since only two IPs (both mine) can actually communicate to vsftpd, and there's no other users on that server, but...
[14:07] <teward> (I also don't have it autostart - i turn it off and on manually xD)
[14:07] <rbasak> teward: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1219857 might be related
[14:08] <teward> rbasak: regression perhaps?
[14:08] <teward> or is that change still in there?
[14:08] <rbasak> I don't see any other updates.
[14:08] <rbasak> What kernel are you using?
[14:09] <teward> y'know it'd help if i had set up landscape or something, I have... 148 upgrades to run
[14:09] <teward> my fault for being busy :/
[14:09] <teward> i feel stupid because that's a lot of missed security updates O.O
[14:09] <rbasak> I just use unattended-upgrades and forget about it.
[14:09] <teward> rbasak: i kinda threw this server up fast because another died :/
[14:10] <teward> so i didn't do full configuration
[14:10] <teward> still i have... what, 6 - 8 servers now...?  maybe i should set up standalone (free?) landscape or something
[14:11] <jcastro> you get 10 licenses so you've got 2 spare!
[14:11] <teward> rbasak: is there a way to get unattended-upgrades to only apply security updates?
[14:13] <jcastro> teward: comment out the non-security lines in /etc/apt/apt.conf.d/50unattended-upgrades
[14:13] <jcastro> I believe by default it's security-only, but I could be wrong
[14:15] <rbasak> Yes - I think it's security-only by default.
[14:25] <teward> I'll check.  Thanks.
[14:25] <teward> jcastro: i don't have a link handy to the standalone landscape, do you know where I can find that?
[14:27] <rbasak> teward: http://askubuntu.com/a/550625/7808 maybe?
[14:27] <teward> rbasak: thank you kindlg!
[14:27] <teward> kindly*
[14:27] <teward> urgh i can't type... maybe i need more coffee
[14:27]  * genii slides teward a fresh mug of the high octane stuff
[14:30] <teward> rbasak: stupid question, do VPSes count as physical machines or virtual machines to Landscape?
[14:30] <teward> genii: not strong enough.  INCREASE THE CAFFEINE CONTENT MY A FACTOR OF TEN THOUSAND!
[14:30] <teward> :p
[14:30] <rbasak> No idea, sorry
[14:30] <teward> meh no problem
=== Lcawte|Away is now known as Lcawte
[14:33] <genii> teward: http://askubuntu.com/questions/549809/how-do-i-install-landscape-for-personal-use
[14:34] <teward> genii: that's what rbasak linked to :)
[14:34] <teward> genii: the question is whether VPSes apply as Virtual Machines, or Physical Machines
[14:34] <genii> Hm, not sure.
[14:35] <teward> heh.
[14:35] <teward> meh, no problem.  :)
=== markthomas|away is now known as markthomas
=== ashleyd is now known as ashd
[16:32] <teward> anyone know what the minimum system requirements are for a personal landscape standalone instance?
[16:45] <fellayaboy> is it possible to SSH -x (X11 forward) an app even though the server has no desktop environment?
[16:46] <fellayaboy> ssh -x (x11 forward) from a ubuntu desktop client?
[17:02] <smoser> strikov, rbasak
[17:03] <rbasak> o/
[17:03] <smoser> i clearly have no idea how this works
[17:03] <smoser> http://paste.ubuntu.com/11150407/
[17:03] <smoser> run that on vivid
[17:03] <smoser> shows this:
[17:03] <smoser>  http://paste.ubuntu.com/11150412/
[17:03] <smoser> my 'dd' of /dev/vdb somehow updated /proc/partitions
[17:04] <smoser> i'm pretty certain 'dd' did not call ioctl(fd, BLKRRPART);
[17:04] <rbasak> I didn't expect that.
[17:04] <rbasak> apw: ^^ kernel magic?
[17:06] <smoser> utopic behaves like i expected.
[17:06] <smoser> ie, after final sleep , vdb1 is still there. and running 'blockdev --rereadpt /dev/vdb' will make it disappear
[17:06] <strikov> smoser: sfdisk --no-reread shouldn't reread it as well i think
[17:07] <strikov> smoser: it looks like kernel does its own work and by running BLKRRPART we do it twice on vivid
[17:07] <strikov> that's why we observe this strange pattern of add/delete
[17:07] <smoser> strikov, well, thats known behavior :)
[17:07] <smoser> silly behavior, but known.
[17:08] <smoser> '--no-reread' does not say "do not call BLKRRPART". it says "dont call it *before* you do anything"
[17:08] <smoser> it will still call it afterwards :)
[17:09] <smoser> i just can't believe the kernel is actually doing that
[17:09] <smoser> almost impossible.
[17:12] <strikov> smoser: side note, i just figured out that libparted doesn't create ext{3,4} that's silly but it takes these names as fs but do nothing for them, just partitions the drive
[17:12] <strikov> smoser: so i predict world of pain with manual partitioning :)
[17:14] <smoser> thats what i thought :)
[17:14] <smoser> at least i'd heard that at some point.
[17:18] <strikov> smoser: 'i told you so' :)
[17:18] <strikov> smoser: dd somehow triggers udev remove event
[17:18] <smoser> yeah, it sure does.
[17:19] <smoser> it is crazy
=== pgraner is now known as pgraner-afk
[17:29] <strikov> smoser: did you try older kernel?
[17:31] <smoser> wlel... investigating that.
[17:34] <darius93> is it safe to use debian packages on ubuntu? like add it to the source list to be installed via apt-get?
[17:35] <genii> darius93: It is not recommended
[17:36] <genii> ( or supported )
[17:39] <rbasak> smoser: I wonder if something's being clever in userspace. systemd inotifying on the device node and sending the kernel the BLKRRPART ioctl when it detects change and close maybe for example?
[17:39] <rbasak> Seems unlikely, but so is your behaviour.
[17:40] <darius93> genii, i know its not recommended but since there isnt any ppa of the package i wish to install (trying to use any other version of ubuntu wouldnt work since it would require packages that isnt available on trusty) that is up to date (or have the fixes im looking for) that what lead me to ask. I could build the application from source but i was informed its not wise to do a system install (eg make install) due to problems it could bring
[17:41] <smoser> rbasak, yea, it would seem like that.
[17:42] <smoser> but think about what that means...
[17:42] <smoser> if someone is using the device for something else than a partition... as a raw device.
[17:42] <smoser> then arbitrary open/close could trigger udev events and such
[17:45] <genii> darius93: I would try instead to temporarily add whatever repo it uses, and then follow https://help.ubuntu.com/community/UpdatingADeb to make a deb installable for Ubuntu from the Debian sources.
[17:45] <smoser> rbasak, well.. something is watching for sure.
[17:45] <strikov> rbasak: smoser: my understanding was that's not systemd because we tried with vivid/upstart
[17:45] <genii> ( that example shows to apply a patch but process is the same )
[17:46] <smoser> but crazy...
[17:46] <smoser> i run 'udevadm monitor'
[17:46] <smoser> and then
[17:46] <smoser> sudo dd if=/dev/zero bs=1 count=1 of=/dev/vdb
[17:46] <smoser> KERNEL[101461.100081] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)
[17:46] <smoser> UDEV  [101461.237178] change   /devices/pci0000:00/0000:00:04.0/virtio2/block/vdb (block)
[17:47] <smoser> even this triggers the events
[17:48] <smoser> and on utopic
[17:48] <smoser> sudo python -c 'with open("/dev/vdb", "w") as fp: pass'
[17:48] <smoser> wow. so pretyt much any time open in rw occurs on a block device, kernel sends event.
[17:49] <smoser> that was completely unexpected for me.
[17:50] <strikov> smoser: open or close?
[17:50] <smoser> well, close. i suspect.
[17:53] <smoser> strikov, it is on close
[17:54] <strikov> smoser:
[17:54] <strikov> # watch metadata changes by tools closing the device after writing
[17:54] <strikov> KERNEL!="sr*", OPTIONS+="watch"
[17:54] <strikov> /lib/udev/rules.d/60-persistent-storage.rules
[17:58] <smoser> yeah.
[17:59] <smoser> strikov, in vivid
[17:59] <smoser> http://paste.ubuntu.com/11151254/
[17:59] <smoser> that is /lib/udev/rules.d/60-persistent-storage-dm.rules
[18:02] <strikov> smoser: yeah, i'm not sure which one actually triggers it but it's definitely one of them
[18:02] <smoser> its not
=== phunyguy is now known as phunygal
=== phunygal is now known as phunyguy
[18:51] <strikov> smoser: Drop me email please if you find a root cause for this. Weather is very bad in Moscow and I'll be hacking during the weekend.
[18:51] <smoser> :)
[18:51] <smoser> k. this just seems like madness
[18:51] <smoser> sheer madness
[18:52] <strikov> smoser: why did you say that it's not watch? you tried to remove it from rules and checked?
[18:52] <smoser> yeah, i think.
[18:52] <smoser> i have done so many things since then . i forgot :)
[18:54] <strikov> smoser: I see :) Happy hacking then. See you on Monday.
[19:16] <caliculk> Hey, I am on LTS 14.04.2, and after running Nessus, I found that my server is running an unsecure version of Samba. However, looking through the package list, the most recent version of samba seems to be pretty out of date (by more a little more than a year). I was wondering why Samba hasn't been upgraded or secureity releases haven't been rolled into an upgraded samba package?
[19:17] <sarnold> caliculk: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version
[19:17] <sarnold> caliculk: nessus assumes everyone on the planet builds all their software from source themselves.
[19:18] <sarnold> caliculk: if that's what you do, feel free to take their advice :)
[19:18] <sarnold> caliculk: here's the ubuntu security's team view of what's outstanding in the 'samba' package: http://people.canonical.com/~ubuntu-security/cve/pkg/samba.html
[19:19] <caliculk> I know that the packages aren't routinely upgaded like that of 15.04 or a non LTS release. But, I would think that Code Execution would be a pretty serious issue, which has been patched for the past 5 months.
[19:20] <caliculk> I mean, it is easily fixed with a single line in the config, but, still.
[19:21] <sarnold> caliculk: hmm; do you have a CVE number handy?:
[19:21] <caliculk> https://www.samba.org/samba/security/CVE-2015-0240
[19:22] <sarnold> caliculk: http://www.ubuntu.com/usn/usn-2508-1/
[19:24] <caliculk> Well, I am on that version, but Nessus still reports that vulnerability.
[19:24] <caliculk> So... hm... alright
[19:24] <sarnold> that's because they aren't testing vulnerabilities, they are testing version numbers from banners.
[19:24] <sarnold> and that's a silly idea because almost no one uses software that way ...
=== CiPi is now known as cipi
[19:27] <caliculk> Hm, yeah, alright. Do you have any other suggestions on software similar to Nessus that actualyl tests vulnerabilities rather than just reporting version number?
[19:28] <cryptodan_laptop> caliculk: use google
[19:28] <sarnold> caliculk: the metasploit project is probably the best bet..
[19:29] <sarnold> Chrisfu: some folks are working on bringing OVAL to ubuntu, I suspect the end result of that would be something similar to version-scanning but with actual information about which package versions fixed which issues..
[19:29] <caliculk> Yeah I am in the process of installing that
[19:30] <sarnold> Chrisfu: sorry, tab-misfire, ignore me :)
[19:40] <patdk-wk> testing vaunerabilities are hard
[19:41] <patdk-wk> cause it depends on what is open for it to exploit
[19:41] <patdk-wk> there could be many entrances to get to something, such as an openssl exploit
[19:41] <patdk-wk> but openssl is easy to test against so far, as that is on the first layer normally
[19:42] <patdk-wk> something else, such as php, would be harder
[19:42] <patdk-wk> and nessus will do vaunerability testing, if you pay and enable it
[19:43] <sarnold> oh that's why they're still doing version number scraping..
[19:43] <sarnold> to do a poor enough job to be paid to do a better job :)
[19:43] <patdk-wk> lucky, I can't remember the last time a bank told me I failed their pci compliance scan
[19:44] <patdk-wk> they used to tell me that all the time, and I would respond back to tell them to fix their ssl scanner, incorrectly tagging stuff
[19:44] <patdk-wk> haven't heard from them in over a year
[19:44] <sarnold> :)
=== markthomas is now known as markthomas|away
[20:01] <YamakasY> is it possible that shopt it not found when running a bash script using puppet ?
[20:01] <bekks> YamakasY: Is it what you are experiencing?
[20:02] <sarnold> YamakasY: shopt is a shell builtin, built in to bash but not dash. are you using /bin/sh scripts?
[20:02] <YamakasY> snolahc1: whoops, no /bin/bash
[20:03] <YamakasY> bekks: not found
[20:03] <bekks> YamakasY: Then yes, it is possible. You are experiencing it, it is possible.
[20:04] <YamakasY> will try sh
[20:11] <RoyK> YamakasY: why isn't bash installed?
[20:25] <YamakasY> RoyK: it is was missing the !
[20:25] <YamakasY> ok, so fixed :()
[20:25] <YamakasY> thanks guys
=== cipi is now known as CiPi
[21:31] <Fun> hi
[21:31] <Fun> disk went funky
[21:31] <Fun> saying 1 bad sector
[21:31] <Fun> wont boot
[21:32] <Fun> seems some parts of boot partition ended up in that sector
=== Lingo is now known as IronDev
=== Lcawte is now known as Lcawte|Away
=== idafyaid is now known as bebonu