[01:45] <jrwren> how can I run debian jessie in lxc with network?
[01:46] <jrwren> trusty runs fine in lxc with network, but jessie, as setup by the download lxc template doesn't bring network interface up
[01:46] <jrwren> no /run/network dir and so ifup fails /run/network/.ifstate.lock
[06:15] <radish_> good morning!
[06:15] <radish_> regarding the logjam exploit, is it planned to backport http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslopensslconfcmd functionality to Ubuntu 12.04 (apache2/mod_ssl)?
[06:22] <sarnold> good morning radish_; that's currently under investigation; it may require backporting pieces of openssl functionality as well
[08:35] <StathisA> I need some help. How can I have automatic "sudo apt-get update" but NOT download the updates? somehow I have configured it to check for updates and download them if they exist, but I need only to check - not download unless I do it manually
[08:38] <StathisA> even though i have "APT::Periodic::Download-Upgradeable-Packages "0";" in  /etc/apt/apt.conf.d/10periodic
[08:38] <ogra_> perhaps with the --download-only switch ?
[08:38] <ogra_> oh, update
[08:38] <ogra_> ignore me
[08:40] <StathisA> and no allowed origins in  /etc/apt/apt.conf.d/10periodic
[08:41] <StathisA> but my systems still download the updates - not install them, just download which is annoying
[08:41] <OpenTokix> apt-get -update --no-download
[08:41] <OpenTokix> apt-get update --no-download
[08:42] <StathisA> where do I config this in "unattended-upgrades" config?
[08:42] <StathisA> i'm not referring to manual "sudo apt-get update"
[08:43] <StathisA> this is done automatically
[08:44] <OpenTokix> StathisA: I am not sure what you want. - you want unattended upgrades running, but not upgrade?
[08:48] <StathisA> ok here's the thing. I have installed "unattended-upgrades" package, and I have configured it to NOT upgrade anything but do a "sudo apt-get update" periodically and get a notification with "apticron" that updates are needed
[08:48] <StathisA> this is working as intended, nothing is getting installed automatically
[08:48] <StathisA> but as soon as it checks for the updates, it downloads them too
[08:48] <StathisA> which is not wanted
[08:49] <StathisA> now as soon as I login to a server, I can sudo apt-get dist-upgrade and the system installs the downloaded updates
[08:49] <StathisA> I just dont want it to download them automatically, since this is getting run on multiple systems, and we end up starving for bandwidth when this occues
[08:49] <StathisA> occurs
[08:51] <kickinz1> StathisA, I know it is not what you are looking for, but why not put one apt proxy in your infrastructure, i.e. apt-cacher-ng, that will cache only the necessary packages? This way each time you update your servers, you will only download one time from external archive.
[08:54] <OpenTokix> kickinz1: +1
[08:57] <StathisA> kickinz1, this is a good advice, but a but a bit of an overkill for what I want to achieve
[09:01] <kickinz1> StathisA, not so overkill, you need just to apt-get install apt-cache-ng, then add a /etc/apt/apt.conf.d/01Proxy file with 'acquire::http:Proxy "http://ip.of.the.prox:3142";' line in it to your servers. Now each time a server download a package, it will be cache for use by the others, it is not a full mirror.
[09:02] <StathisA> even if I go that way, the server will still "download" the update from the cacher - which is exactly what I want to avoid
[09:03] <StathisA> it just minimizes internet b/w
[09:03] <StathisA> I dont mind systems -checking- for updates over the internet, thats not too much of a hassle
[09:04] <StathisA> I dont wat systems to download stuff automatically
[09:04] <StathisA> *want
[09:05] <shauno> Based on https://wiki.debian.org/UnattendedUpgrades  it looks like you're looking for the APT::Periodic::Download-Upgradeable-Packages  line
[09:05] <kickinz1> StathisA, I asked mvo, who is the writer og unattended-upgrades, and the maintainer of apt.
[09:06] <kickinz1> StathisA, it is in /etc/apt/apt.conf.d/20auto-upgrades
[09:06] <shauno> although if you're just fighting with local network saturation, I'd be tempted to just offset the cron jobs so they're not all running at the same time
[09:06] <kickinz1> 50auto-upgrades on my server.
[09:07] <StathisA> i can see 20auto-upgrades in mine
[09:07] <StathisA> what do I change?
[09:07] <StathisA> nothing to resemble "auto-download"
[09:08] <StathisA> just APT::Periodic::Update-Package-Lists "1";
[09:08] <StathisA> APT::Periodic::Unattended-Upgrade "1";
[09:13] <StathisA> i do have "APT::Periodic::Download-Upgradeable-Packages "0";" in 10periodic
[09:14] <StathisA> but no such option in the default 20auto-upgrades
[09:14] <StathisA> I could add it, but i'm not sure
[09:27] <kickinz1> mvo: StathisA would like to know how to disable the downloading of upgrades, so unattended-upgrades just tells the admin he has to update things manually.
[09:27] <kickinz1> mvo: nut don't download automatically packages.
[09:28] <StathisA> hello, mvo
[09:28] <mvo> StathisA: best is probably to edit /etc/cron.daily/apt and put --dry-run behind unattended-upgrades
[09:28] <StathisA> thanks for helping on this, much appreciated
[09:29] <mvo> ups, sorry
[09:31] <StathisA> ?
[09:32] <barnex> Hello. I've been installing various linux distros on various vm and computers, but I've never been in a real server room with rack servers. Is there something special I need to know to install on IBM System x3650 M4?
[09:32] <kickinz1> StathisA, I think mvo meant sorry for he went out of the channel, and came back.
[09:32] <barnex> Like should I expect them to have some sort of keyboard/monitor setup ready that will work with no configuration?
[09:32] <StathisA> oh ok, I dont see joins/leaves
[09:32] <mvo> StathisA: yeah, I accidently closed the window
[09:32] <barnex> also does USB boot commonly works on systems like this?
[09:33] <StathisA> this will still allow apticron to send the notification about the existing updates i guess
[09:33] <kickinz1> barnex, you might encouter troubles on those if you install debian (due to ethernet drivers), for ubuntu, it is quite satndard install.
[09:37] <barnex> So I can go there with USB stick only and expect to complete the installation? No PXE setups, serial consoles and stuff like that?
[09:38] <StathisA> mvo, in /etc/apt/apt.conf.d there's a section "# download all upgradeable packages (if it is requested)
[09:38] <StathisA> "
[09:38] <StathisA> perhaps I need to do something there to avoid the download
[09:38] <mvo> StathisA: the default it "0" for that option, do you have a different value there?
[09:39] <kickinz1> barnex: it depends, if you want unattended install, you need to either make your own preseed and provide a way to make it load at boot (i.e. mod the usb, or PXE, or a Maas). If you want it to install without any keyboard/display, you will need some tools outside of your server.
[09:39] <StathisA> in 10periodic i got "APT::Periodic::Download-Upgradeable-Packages "0"
[09:39] <StathisA> in 20auto-upgrades, i dont have it at all
[09:40] <StathisA> but somehow updates are still getting downloaded
[09:40] <mvo> StathisA: did you try if unattended-upgrades --dry-run also downloads the packages? it might do that, the reason is that for e..g. conf-file prompts it needs to inspect the data inside the package
[09:40] <kickinz1> barnex, I meant install is standard as any othe machine (I had previous x3650M3), but it won't be magic, it will still ask what you want to do (patitionning, language, etc...)
[09:40] <StathisA> well there's not packages to download atm
[09:40] <mvo> StathisA: if so, we need a new option for u-u
[09:40] <barnex> kickinz1: thanks. So basically I need more info about what kind of infrastructure do they have on-site
[09:40] <barnex> if there's some sort of screen and keyboard I could borrow or some other setup needed
[09:41] <StathisA> so I cannot really check what its gonna do next time it finds updates
[09:41] <kickinz1> barnex, except if you go MAAS/PXE/Preseed way, but you still will need some access to the server.
[09:41] <kickinz1> barnex: yes you will need a keyboard/display.
[09:42] <StathisA> heh, i'm not asking for something radical like adding a new option. I thought that maybe someone else wanted this and found a way ><
[09:42] <davegarath> Hi all, I have this problem : /dev/loop0p1: read failed after 0 of 4096 at 257884160: Input/output error.  How can I identify where loop point to ?
[09:44] <mvo> StathisA: you could use "/usr/lib/update-notifier/apt_check.py --human-readable
[09:44] <mvo> "
[09:45] <StathisA> 0 packages can be updated.
[09:45] <StathisA> 0 updates are security updates.
[09:47]  * mvo needs to leave for some minutes to get lunch, bbiab
[11:34] <eagles0513875__> hey all what do i need to do to keep from being disconnected when my ssh session is left idle
[11:35] <OpenTokix> eagles0513875__: -o TCPKeepAlive
[11:35] <ikonia> although that won't help if it's the network device killing idle
[11:35] <OpenTokix> true
[11:36] <OpenTokix> -o ServerAliveInterval=30 -o TCPKeepAlive=Yes
[11:36] <OpenTokix> best you can do
[11:36] <eagles0513875__> OpenTokix: in which configuration file though
[11:36] <ikonia> eagles0513875__: think about it
[11:36] <OpenTokix> .ssh/config
[11:36] <OpenTokix> eagles0513875__: or as a alias
[11:37] <ikonia> eagles0513875__: are you making a server or client config
[13:09] <wimpog> Howdy Y’all! I have two servers running 14.04.2: one was provisioned by my hosting provider, and another one – by me. When I apply updates to both of them, sometimes I have to reboot the one that I installed, especially for linux header updates, but it never prompts to reboot the one provisioned by the hosting provider. What’s the difference?
[13:09] <ikonia> are they physical tin or virtual
[13:10] <wimpog> ikonia: the one that I have to reboot is virtual, the other (no reboot required) is physical
[13:11] <sponzor> hi. can anyone help me how to add read only user to samba share?
[13:12] <wimpog> ikonia: could this be the reason?
[13:12] <ikonia> wimpog:is it asking you to reboot ?
[13:12] <ikonia> I suspect if it's kernel headers it's because the kernel is being provided from the hypervisor so you need to reboot to pick up differences as it's locekd at the hypervisor
[13:13] <wimpog> ikonia: I have webmin on both and apply updates through it on both. The virtual one sometimes prompts for a reboot, especially happens when new kernel headers are applied, and the physical one never does that.
[13:14] <ikonia> wimpog: there we go - webmin
[13:14] <ikonia> at that point, I'll back away from this discussion
[13:14] <ikonia> wimpog: webmin is an unsupported and not-recommended product,
[13:14] <wimpog> ikonia: Oh ok. But I believe I also saw a prompt for a reboot at the command line
[13:15] <ikonia> wimpog: not going to support your box with webmin on, sorry
[13:15] <wimpog> ikonia: No, I’m not looking for support. I’m just wondering why the same OS on two different machines – one prompts for a reboot and one doesn’t. I think your explaination that the one is VM makes a lot of sense
[13:16] <wimpog> ikonia: next time I apply updates I will take note of it...
[13:16] <ikonia> wimpog: you are looking for support, you're asking for help as to why you are seeing different situations
[13:16] <wimpog> ikonia: yeah, is that bad?
[13:17] <ikonia> no, I just said I won't support your machines with webmin
[13:19] <wimpog> ikonia: ok, thanks. Not sure what’s wrong with webmin, and I only use it to check mailqueue and apply security updates… and maybe restart apache… that’s about it. Nothing more complex
[13:21] <rsully> wimpog would be worth learning how to do that from the shell, pretty simple stuff
[13:22] <wimpog> ikonia: ok, thanks!
[13:24] <pmatulis> wimpog: webmin is considered hostile on ubuntu. don't use it. at all
[13:25] <wimpog> pmatulis: ok, I will not. I didn’t know that it wasn’t desired. and yes rsully I can do all that from the shell, just quicker from webmin
[13:26] <rsully> wimpog when asking for help you should simplify the problem as much as possible, which means few dependencies. update from shell, see if you get prompted there.
[13:26] <pmatulis> wimpog: once you learn the shell and other basic things webmin will seem very slow and clunky
[13:26] <wimpog> rsully: yeah. Definitely do it from shell next time and see what happens…
[13:27] <wimpog> pmatulis: yeah, thanks!
[13:50] <eagles0513875__> hey guys how does one go about testing upstart scripts?
[16:11] <rattking> Hi! is anyone here using a Broadcom NetXtreme II BCM57800 netword card?
[16:12] <rattking> I am plauged with "bnx2x 0000:01;00.2 eth2: MDC/MDIO access timeout” errors on 12.04.05 with the 3.13 series kernels..
[16:15] <patdk-wk> nope
[16:18] <rattking> thats fortunate I am not having any luck getting this thing to work :)
[16:34] <teward> is anyone aware of any case where systemd fails security expectations and threads of processes/services' master process get started as root instead of the user it's set to run as?
[16:44] <Walex> eagles0513875__: that's an interesting question :-)
[16:44] <Walex> eagles0513875__: of course you must add them to '/etc/init/' which is an interesting situation.
[16:58] <teward> nevermind, my situation is unique, and actually my fault
[16:58] <teward> :/
[16:59]  * teward kicks himself around the room
[17:40] <sponzor> hi. i have degraded storage (raid5) if i remove mount point from /etc/fstab (raid storage) and then reboot will boot skip this array check? or do i have somewhere else also to edit boot process?
[17:44] <sponzor> im working on remote.. so i dont want to be stuck at boot control d and that.. :)
[17:50] <tychicus> hardware raid 5 or software raid5?
[17:50] <sponzor> software
[17:54] <tychicus> and you have a separate boot disk?
[17:55] <sponzor> yes
[17:55] <sponzor> this is only storage
[17:56] <sponzor> boot and lvm is separeted on raid1 2 different hard drives
[18:02] <sponzor> anything? :P
[18:03] <tychicus> my thought is that you should be ok, but I'm not 100% certian
[18:04] <tychicus> I know that there is the —freeze-reshape option
[18:04] <tychicus> but I don't think it applies in this case
[18:10] <dannf> hallyn_: is there a git tree somewhere w/ the latest qemu/ubuntu uploads in it?
[18:11] <sponzor-> ok server came back up so # at raid line in fstab worked fine :)
[18:12] <hallyn_> dannf: the latest version for development release is in the debian git tree,
[18:12] <hallyn_> git://anonscm.debian.org/pkg-qemu/qemu.git
[18:12] <dannf> hallyn_: ah - which branch?
[18:12] <hallyn_> ubuntu-dev branch
[18:12] <dannf> ok
[18:13] <dannf> hallyn_: looks like it's just back due to security updates
[18:13] <dannf> s/back/out-of-date/
[18:13] <dannf> but that's good enough for me atm
[18:13] <hallyn_> oh, yeah
[18:13] <hallyn_> i need to import those - i was going to do that the next time that i merge (which i wanted to do this week, but probably wont' get to)
[18:32] <tarvid> where should ipset be initialized
[18:36] <Forbidd3n> I can FTP using FileZilla, but when I try to do it via command line it logs in I can change directories, but I get this error if I try to put or list directory - 550 Command PORT failed
[18:51] <patdk-wk> Forbidd3n, that is expected when your using nat
[18:54] <Forbidd3n> patdk-wk: it tries to get a directory listing and therefore won't allow me to upload any files
[18:54] <patdk-wk> yes, that is expected
[18:55] <tarvid> ls
[18:56] <patdk-wk> Forbidd3n, if you want to make it work, fix your firewalls
[18:56] <patdk-wk> otherwise, don't use PORT command
[19:01] <ay_caramba> hey guys, during a fresh install of Ubuntu-Server 14.01 when you're prompted to put the machine's hostname, if I do a FQDN there when I log into the box would the hostname display the FQDN or just the hostname part?
[19:01] <quantic> ay_caramba: just the hostname part
[19:02] <ay_caramba> cool, thanks quantic
[19:02] <quantic> ay_caramba: i used an fqdn when i installed this - hostname shows shortname, hostname -f shows fqdn
[19:02] <ay_caramba> got it
[19:17] <Forbidd3n> patdk-wk: what exactly do I need to do to the firewalls on the remote server for this to work?
[19:28] <patdk-wk> I dunno
[19:28] <patdk-wk> and I never said it was the remote server that was the problem
[19:28] <patdk-wk> the remote server must be able to make a connection from it, back to you
[19:28] <patdk-wk> so it must be allowed to make outgoing connections
[19:28] <patdk-wk> your firewall must accept those connections, and send them to your computer
[19:28] <patdk-wk> normally when one uses nat, this is broken, cause the firewall has no idea where to send these connections to, so it rejects them
[19:28] <patdk-wk> this is why nat is bad
[19:28] <patdk-wk> this is also why people don't use ftp
[19:28] <patdk-wk> besides it's insecure, full of problems, ...
[19:32] <teward> anyone fluent in udev rules?
[19:32] <teward> need some assistance
[19:33] <pmatulis> Forbidd3n: describe your requirements. maybe you don't need FTP
[19:33] <RoyK> Forbidd3n: don't use FTP
[19:33] <Forbidd3n> nvm I have it working thanks
[19:34] <RoyK> don't use antique protocols - I'm learning that the hard way since my boss chose to stick to Amanda backup until we've found something to replace it with - so we've used some weeks swearing about this :P
[19:35] <RoyK> instead of just ditching the PoS and installing bacula or something - it'd taken far less amount of work and given a better result in the end
[19:35]  * RoyK is a *wee* bit frustrated
[20:12] <szronik> WWHat's the best way for me to remotely edit file on my Apache server?
[20:15] <szronik> Anyone there?
[20:17] <genii> szronik: Likely most are currently occupied. Best to just wait a while, maybe ask again in 12-15 minutes after more people have left and arrived in the channel
[20:22] <szronik> genii: Okay, thanks.
[20:58] <szronik> What's the best way to remotely edit a file on my Apache server? I would like to edit the files directly in Sublime on my Windows machine.
[20:59] <YamakasY> does anyone know where I can get a newer sssd version for 14.04 ?
[20:59] <PryMar56> szronik, find an editor with sftp support
[21:00] <szronik> Well I thought of a couple of solutions
[21:00] <szronik> 1. Sync the files via ftp
[21:00] <szronik> 2. Use samba to share the dir
[21:00] <rsully> szronik is the server on your lan?
[21:01] <szronik> 3. Edit in Sublime and upload/repeat as needed
[21:01] <szronik> Yes, on the LAN
[21:01] <rsully> Generally it is best to use version control like git, and some type of deployment
[21:01] <rsully> Otherwise I would personally use SFTP and an editor
[21:01] <szronik> What do you mean by some type of deployment?
[21:02] <rattking> ssh and vim is always a option if you dont use any managment system like salt,puppet,chef
[21:03] <szronik> I just said I want to use Sublime though, not vim.
[21:04] <szronik> I can already ssh and use vim if I wanted to, but that's not what I need.
[21:07] <rattking> so then you are asking us how to transfer a file to you r server?
[21:07] <szronik> No, I'm asking about the best way to edit the file remotely.
[21:08] <szronik> But I want to edit it on another machine, in Sublime.
[21:08] <szronik> I could just create a share using samba, any other way?
[21:12] <qman__> szronik: sshfs
[21:13] <qman__> Oh, windows client
[21:13] <qman__> Not sure if there's anything else
[21:13] <szronik> I guess I'll just edit and upload.
[21:14] <RoyK> szronik: vim
[21:14] <rattking> heh
[21:15] <RoyK> or "nano" if you're a realy newbie https://xkcd.com/378/
[21:17] <szronik> there goes vim again ;-)
[21:18] <qman__> Vim is what I use, too
[21:21] <RoyK> szronik: try vimtutor
[21:21] <RoyK> szronik: a command to start a tutor to vim - it's rather good
[21:34] <tiblock> Hi. I have newbie question. For example i made project "myproject", where i need to store it on server? /root/myproject/ or /srv/myproject/ or /var/myproject/ or ...?
[21:37] <concordia71> ciao
[21:37] <concordia71> qualcuno parla italiano
[21:38] <szronik> tiblock: store it in your home directory: echo ~/
[21:39] <tiblock> szronik, thank you
[22:37] <stephenh> hello, is there a way to specify protocol number with ufw?  not seeing example so far ..