=== Lingo is now known as IronDev === Lcawte is now known as Lcawte|Away === zz_DenBeiren is now known as DenBeiren === markthomas|away is now known as markthomas [01:45] how can I run debian jessie in lxc with network? [01:46] trusty runs fine in lxc with network, but jessie, as setup by the download lxc template doesn't bring network interface up [01:46] no /run/network dir and so ifup fails /run/network/.ifstate.lock === markthomas_ is now known as markthomas === markthomas is now known as markthomas|away [06:15] good morning! [06:15] regarding the logjam exploit, is it planned to backport http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslopensslconfcmd functionality to Ubuntu 12.04 (apache2/mod_ssl)? [06:22] good morning radish_; that's currently under investigation; it may require backporting pieces of openssl functionality as well === kickinzA|afk is now known as kickinz1 === Lcawte|Away is now known as Lcawte [08:35] I need some help. How can I have automatic "sudo apt-get update" but NOT download the updates? somehow I have configured it to check for updates and download them if they exist, but I need only to check - not download unless I do it manually [08:38] even though i have "APT::Periodic::Download-Upgradeable-Packages "0";" in /etc/apt/apt.conf.d/10periodic [08:38] perhaps with the --download-only switch ? [08:38] oh, update [08:38] ignore me [08:40] and no allowed origins in /etc/apt/apt.conf.d/10periodic [08:41] but my systems still download the updates - not install them, just download which is annoying [08:41] apt-get -update --no-download [08:41] apt-get update --no-download [08:42] where do I config this in "unattended-upgrades" config? [08:42] i'm not referring to manual "sudo apt-get update" [08:43] this is done automatically [08:44] StathisA: I am not sure what you want. - you want unattended upgrades running, but not upgrade? [08:48] ok here's the thing. I have installed "unattended-upgrades" package, and I have configured it to NOT upgrade anything but do a "sudo apt-get update" periodically and get a notification with "apticron" that updates are needed [08:48] this is working as intended, nothing is getting installed automatically [08:48] but as soon as it checks for the updates, it downloads them too [08:48] which is not wanted === ashleyd is now known as ashd [08:49] now as soon as I login to a server, I can sudo apt-get dist-upgrade and the system installs the downloaded updates [08:49] I just dont want it to download them automatically, since this is getting run on multiple systems, and we end up starving for bandwidth when this occues [08:49] occurs [08:51] StathisA, I know it is not what you are looking for, but why not put one apt proxy in your infrastructure, i.e. apt-cacher-ng, that will cache only the necessary packages? This way each time you update your servers, you will only download one time from external archive. [08:54] kickinz1: +1 [08:57] kickinz1, this is a good advice, but a but a bit of an overkill for what I want to achieve [09:01] StathisA, not so overkill, you need just to apt-get install apt-cache-ng, then add a /etc/apt/apt.conf.d/01Proxy file with 'acquire::http:Proxy "http://ip.of.the.prox:3142";' line in it to your servers. Now each time a server download a package, it will be cache for use by the others, it is not a full mirror. [09:02] even if I go that way, the server will still "download" the update from the cacher - which is exactly what I want to avoid [09:03] it just minimizes internet b/w [09:03] I dont mind systems -checking- for updates over the internet, thats not too much of a hassle [09:04] I dont wat systems to download stuff automatically [09:04] *want === ashleyd is now known as ashd [09:05] Based on https://wiki.debian.org/UnattendedUpgrades it looks like you're looking for the APT::Periodic::Download-Upgradeable-Packages line [09:05] StathisA, I asked mvo, who is the writer og unattended-upgrades, and the maintainer of apt. [09:06] StathisA, it is in /etc/apt/apt.conf.d/20auto-upgrades [09:06] although if you're just fighting with local network saturation, I'd be tempted to just offset the cron jobs so they're not all running at the same time [09:06] 50auto-upgrades on my server. [09:07] i can see 20auto-upgrades in mine [09:07] what do I change? [09:07] nothing to resemble "auto-download" [09:08] just APT::Periodic::Update-Package-Lists "1"; [09:08] APT::Periodic::Unattended-Upgrade "1"; [09:13] i do have "APT::Periodic::Download-Upgradeable-Packages "0";" in 10periodic [09:14] but no such option in the default 20auto-upgrades [09:14] I could add it, but i'm not sure === ashleyd is now known as ashd [09:27] mvo: StathisA would like to know how to disable the downloading of upgrades, so unattended-upgrades just tells the admin he has to update things manually. [09:27] mvo: nut don't download automatically packages. [09:28] hello, mvo [09:28] StathisA: best is probably to edit /etc/cron.daily/apt and put --dry-run behind unattended-upgrades [09:28] thanks for helping on this, much appreciated [09:29] ups, sorry [09:31] ? [09:32] Hello. I've been installing various linux distros on various vm and computers, but I've never been in a real server room with rack servers. Is there something special I need to know to install on IBM System x3650 M4? [09:32] StathisA, I think mvo meant sorry for he went out of the channel, and came back. [09:32] Like should I expect them to have some sort of keyboard/monitor setup ready that will work with no configuration? [09:32] oh ok, I dont see joins/leaves [09:32] StathisA: yeah, I accidently closed the window [09:32] also does USB boot commonly works on systems like this? [09:33] this will still allow apticron to send the notification about the existing updates i guess [09:33] barnex, you might encouter troubles on those if you install debian (due to ethernet drivers), for ubuntu, it is quite satndard install. === ashleyd is now known as ashd [09:37] So I can go there with USB stick only and expect to complete the installation? No PXE setups, serial consoles and stuff like that? [09:38] mvo, in /etc/apt/apt.conf.d there's a section "# download all upgradeable packages (if it is requested) [09:38] " [09:38] perhaps I need to do something there to avoid the download [09:38] StathisA: the default it "0" for that option, do you have a different value there? [09:39] barnex: it depends, if you want unattended install, you need to either make your own preseed and provide a way to make it load at boot (i.e. mod the usb, or PXE, or a Maas). If you want it to install without any keyboard/display, you will need some tools outside of your server. [09:39] in 10periodic i got "APT::Periodic::Download-Upgradeable-Packages "0" [09:39] in 20auto-upgrades, i dont have it at all [09:40] but somehow updates are still getting downloaded [09:40] StathisA: did you try if unattended-upgrades --dry-run also downloads the packages? it might do that, the reason is that for e..g. conf-file prompts it needs to inspect the data inside the package [09:40] barnex, I meant install is standard as any othe machine (I had previous x3650M3), but it won't be magic, it will still ask what you want to do (patitionning, language, etc...) [09:40] well there's not packages to download atm [09:40] StathisA: if so, we need a new option for u-u [09:40] kickinz1: thanks. So basically I need more info about what kind of infrastructure do they have on-site [09:40] if there's some sort of screen and keyboard I could borrow or some other setup needed [09:41] so I cannot really check what its gonna do next time it finds updates [09:41] barnex, except if you go MAAS/PXE/Preseed way, but you still will need some access to the server. [09:41] barnex: yes you will need a keyboard/display. [09:42] heh, i'm not asking for something radical like adding a new option. I thought that maybe someone else wanted this and found a way >< [09:42] Hi all, I have this problem : /dev/loop0p1: read failed after 0 of 4096 at 257884160: Input/output error. How can I identify where loop point to ? [09:44] StathisA: you could use "/usr/lib/update-notifier/apt_check.py --human-readable [09:44] " [09:45] 0 packages can be updated. [09:45] 0 updates are security updates. [09:47] * mvo needs to leave for some minutes to get lunch, bbiab === ashleyd is now known as ashd === kickinz1 is now known as kickinz1|afk === ashleyd is now known as ashd === ashleyd is now known as ashd === ashleyd is now known as ashd === ashleyd is now known as ashd === kickinz1|afk is now known as kickinz1 === ashleyd is now known as ashd === ashleyd is now known as ashd [11:34] hey all what do i need to do to keep from being disconnected when my ssh session is left idle [11:35] eagles0513875__: -o TCPKeepAlive [11:35] although that won't help if it's the network device killing idle [11:35] true [11:36] -o ServerAliveInterval=30 -o TCPKeepAlive=Yes [11:36] best you can do [11:36] OpenTokix: in which configuration file though [11:36] eagles0513875__: think about it [11:36] .ssh/config [11:36] eagles0513875__: or as a alias [11:37] eagles0513875__: are you making a server or client config === ashleyd is now known as ashd === ashleyd is now known as ashd === Thorn__ is now known as Thorn === _ruben_ is now known as _ruben [13:09] Howdy Y’all! I have two servers running 14.04.2: one was provisioned by my hosting provider, and another one – by me. When I apply updates to both of them, sometimes I have to reboot the one that I installed, especially for linux header updates, but it never prompts to reboot the one provisioned by the hosting provider. What’s the difference? [13:09] are they physical tin or virtual [13:10] ikonia: the one that I have to reboot is virtual, the other (no reboot required) is physical [13:11] hi. can anyone help me how to add read only user to samba share? [13:12] ikonia: could this be the reason? [13:12] wimpog:is it asking you to reboot ? [13:12] I suspect if it's kernel headers it's because the kernel is being provided from the hypervisor so you need to reboot to pick up differences as it's locekd at the hypervisor [13:13] ikonia: I have webmin on both and apply updates through it on both. The virtual one sometimes prompts for a reboot, especially happens when new kernel headers are applied, and the physical one never does that. [13:14] wimpog: there we go - webmin [13:14] at that point, I'll back away from this discussion [13:14] wimpog: webmin is an unsupported and not-recommended product, [13:14] ikonia: Oh ok. But I believe I also saw a prompt for a reboot at the command line [13:15] wimpog: not going to support your box with webmin on, sorry [13:15] ikonia: No, I’m not looking for support. I’m just wondering why the same OS on two different machines – one prompts for a reboot and one doesn’t. I think your explaination that the one is VM makes a lot of sense [13:16] ikonia: next time I apply updates I will take note of it... [13:16] wimpog: you are looking for support, you're asking for help as to why you are seeing different situations [13:16] ikonia: yeah, is that bad? [13:17] no, I just said I won't support your machines with webmin === ashleyd is now known as ashd [13:19] ikonia: ok, thanks. Not sure what’s wrong with webmin, and I only use it to check mailqueue and apply security updates… and maybe restart apache… that’s about it. Nothing more complex [13:21] wimpog would be worth learning how to do that from the shell, pretty simple stuff [13:22] ikonia: ok, thanks! [13:24] wimpog: webmin is considered hostile on ubuntu. don't use it. at all [13:25] pmatulis: ok, I will not. I didn’t know that it wasn’t desired. and yes rsully I can do all that from the shell, just quicker from webmin [13:26] wimpog when asking for help you should simplify the problem as much as possible, which means few dependencies. update from shell, see if you get prompted there. [13:26] wimpog: once you learn the shell and other basic things webmin will seem very slow and clunky [13:26] rsully: yeah. Definitely do it from shell next time and see what happens… [13:27] pmatulis: yeah, thanks! === ashleyd is now known as ashd === ashleyd is now known as ashd [13:50] hey guys how does one go about testing upstart scripts? === ashleyd is now known as ashd === ashleyd is now known as ashd === DenBeiren is now known as zz_DenBeiren === ashleyd is now known as ashd === Kick is now known as Guest72582 === Guest72582 is now known as kickinz1_ === kickinz1_ is now known as kickinz2 === kickinz2 is now known as kickinz1_ === ashleyd is now known as ashd === ashleyd is now known as ashd === ashleyd is now known as ashd === ashleyd is now known as ashd === ashleyd is now known as ashd === markthomas|away is now known as markthomas === kickinz1_ is now known as kickinz1|afk [16:11] Hi! is anyone here using a Broadcom NetXtreme II BCM57800 netword card? [16:12] I am plauged with "bnx2x 0000:01;00.2 eth2: MDC/MDIO access timeout” errors on 12.04.05 with the 3.13 series kernels.. [16:15] nope [16:18] thats fortunate I am not having any luck getting this thing to work :) === ashleyd is now known as ashd [16:34] is anyone aware of any case where systemd fails security expectations and threads of processes/services' master process get started as root instead of the user it's set to run as? [16:44] eagles0513875__: that's an interesting question :-) [16:44] eagles0513875__: of course you must add them to '/etc/init/' which is an interesting situation. [16:58] nevermind, my situation is unique, and actually my fault [16:58] :/ [16:59] * teward kicks himself around the room [17:40] hi. i have degraded storage (raid5) if i remove mount point from /etc/fstab (raid storage) and then reboot will boot skip this array check? or do i have somewhere else also to edit boot process? [17:44] im working on remote.. so i dont want to be stuck at boot control d and that.. :) [17:50] hardware raid 5 or software raid5? [17:50] software [17:54] and you have a separate boot disk? [17:55] yes [17:55] this is only storage [17:56] boot and lvm is separeted on raid1 2 different hard drives [18:02] anything? :P [18:03] my thought is that you should be ok, but I'm not 100% certian [18:04] I know that there is the —freeze-reshape option [18:04] but I don't think it applies in this case === sponzor- is now known as sponzor [18:10] hallyn_: is there a git tree somewhere w/ the latest qemu/ubuntu uploads in it? [18:11] ok server came back up so # at raid line in fstab worked fine :) [18:12] dannf: the latest version for development release is in the debian git tree, [18:12] git://anonscm.debian.org/pkg-qemu/qemu.git [18:12] hallyn_: ah - which branch? [18:12] ubuntu-dev branch [18:12] ok [18:13] hallyn_: looks like it's just back due to security updates [18:13] s/back/out-of-date/ [18:13] but that's good enough for me atm [18:13] oh, yeah [18:13] i need to import those - i was going to do that the next time that i merge (which i wanted to do this week, but probably wont' get to) === Lcawte is now known as Lcawte|Away [18:32] where should ipset be initialized [18:36] I can FTP using FileZilla, but when I try to do it via command line it logs in I can change directories, but I get this error if I try to put or list directory - 550 Command PORT failed [18:51] Forbidd3n, that is expected when your using nat [18:54] patdk-wk: it tries to get a directory listing and therefore won't allow me to upload any files [18:54] yes, that is expected [18:55] ls [18:56] Forbidd3n, if you want to make it work, fix your firewalls [18:56] otherwise, don't use PORT command [19:01] hey guys, during a fresh install of Ubuntu-Server 14.01 when you're prompted to put the machine's hostname, if I do a FQDN there when I log into the box would the hostname display the FQDN or just the hostname part? [19:01] ay_caramba: just the hostname part [19:02] cool, thanks quantic [19:02] ay_caramba: i used an fqdn when i installed this - hostname shows shortname, hostname -f shows fqdn [19:02] got it [19:17] patdk-wk: what exactly do I need to do to the firewalls on the remote server for this to work? [19:28] I dunno [19:28] and I never said it was the remote server that was the problem [19:28] the remote server must be able to make a connection from it, back to you [19:28] so it must be allowed to make outgoing connections [19:28] your firewall must accept those connections, and send them to your computer [19:28] normally when one uses nat, this is broken, cause the firewall has no idea where to send these connections to, so it rejects them [19:28] this is why nat is bad [19:28] this is also why people don't use ftp [19:28] besides it's insecure, full of problems, ... [19:32] anyone fluent in udev rules? [19:32] need some assistance [19:33] Forbidd3n: describe your requirements. maybe you don't need FTP [19:33] Forbidd3n: don't use FTP [19:33] nvm I have it working thanks [19:34] don't use antique protocols - I'm learning that the hard way since my boss chose to stick to Amanda backup until we've found something to replace it with - so we've used some weeks swearing about this :P [19:35] instead of just ditching the PoS and installing bacula or something - it'd taken far less amount of work and given a better result in the end [19:35] * RoyK is a *wee* bit frustrated [20:12] WWHat's the best way for me to remotely edit file on my Apache server? [20:15] Anyone there? [20:17] szronik: Likely most are currently occupied. Best to just wait a while, maybe ask again in 12-15 minutes after more people have left and arrived in the channel [20:22] genii: Okay, thanks. [20:58] What's the best way to remotely edit a file on my Apache server? I would like to edit the files directly in Sublime on my Windows machine. [20:59] does anyone know where I can get a newer sssd version for 14.04 ? [20:59] szronik, find an editor with sftp support [21:00] Well I thought of a couple of solutions [21:00] 1. Sync the files via ftp [21:00] 2. Use samba to share the dir [21:00] szronik is the server on your lan? [21:01] 3. Edit in Sublime and upload/repeat as needed [21:01] Yes, on the LAN [21:01] Generally it is best to use version control like git, and some type of deployment [21:01] Otherwise I would personally use SFTP and an editor [21:01] What do you mean by some type of deployment? [21:02] ssh and vim is always a option if you dont use any managment system like salt,puppet,chef [21:03] I just said I want to use Sublime though, not vim. [21:04] I can already ssh and use vim if I wanted to, but that's not what I need. [21:07] so then you are asking us how to transfer a file to you r server? [21:07] No, I'm asking about the best way to edit the file remotely. [21:08] But I want to edit it on another machine, in Sublime. [21:08] I could just create a share using samba, any other way? [21:12] szronik: sshfs [21:13] Oh, windows client [21:13] Not sure if there's anything else [21:13] I guess I'll just edit and upload. [21:14] szronik: vim [21:14] heh [21:15] or "nano" if you're a realy newbie https://xkcd.com/378/ [21:17] there goes vim again ;-) [21:18] Vim is what I use, too [21:21] szronik: try vimtutor [21:21] szronik: a command to start a tutor to vim - it's rather good [21:34] Hi. I have newbie question. For example i made project "myproject", where i need to store it on server? /root/myproject/ or /srv/myproject/ or /var/myproject/ or ...? === ashleyd is now known as ashd [21:37] ciao [21:37] qualcuno parla italiano [21:38] tiblock: store it in your home directory: echo ~/ [21:39] szronik, thank you [22:37] hello, is there a way to specify protocol number with ufw? not seeing example so far .. === Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away