/srv/irclogs.ubuntu.com/2015/05/29/#ubuntu-server.txt

=== Lcawte is now known as Lcawte|Away
=== rylinaux_ is now known as rylinaux
=== zz_DenBeiren is now known as DenBeiren
=== markthomas is now known as markthomas|away
moloneyMy fresh ubuntu server (14.04.2) install is completely borked. RAID for the root filesystem won't come up and I have no keyboard support. I am pretty sure I need to install linux-image-extra to solve these problems. I tried doing that at the end of the install using the "select additional packages" option but I end getting a kernel panic.  Is rescue mode my only option?02:47
moloneyWhen I briefly tried rescue mode I had no DNS setup, and trying to manually configure it was giving all sorts of errors about directories/files not existing.  I guess this is due to the fact that the system was never successfully booted02:49
lordievaderGood morning.07:40
Walexmoloney: live CD...07:42
=== DenBeiren is now known as zz_DenBeiren
=== Lcawte|Away is now known as Lcawte
=== 20WABC5NS is now known as Sebastain___
greylurkI've got an ancient hardy server that just started throwing errors about invalid SSL certs.  Any thoughts on how to update the ssl?14:46
greylurkI think it's the root CA certs that have aged out.14:47
greylurk(for various legacy application reasons, upgrading to non-eol server is not an option)14:47
OpenTokixgreylurk: Upgrade the server, run your legacy shit in docker containers - and dont run outdated servers.14:47
greylurkTHere's no Hardy docker containers.14:48
OpenTokixMake one14:48
greylurkWouldn't that have invalid SSL certs too?14:48
OpenTokixYou do a reverse proxy for the ssl-termination on something more modern14:48
greylurkOk, so I'll petition management for budget for a 2 week project to migrate the entire architecture.  Any thoughts on how to get my server up and running in the next few hours?14:49
OpenTokixgreylurk: A start is probably to paste the exact error message somewhere and not a generic "ssl error" - and good luck14:50
greylurkhttps://gist.github.com/greylurk/f6c4c0c65f3d229ba52614:55
greylurkActually, wait, never mind.14:55
greylurkCrap, that's an outdated akismet code.14:55
greylurkSorry to have bugged you.14:55
gQuigslooking at doing a sync request, but I can't figure out why there are these two changes there;   why don't we have services stop at runlevels 0 and 6?15:01
gQuigs(both libsnmp30 and keepalived have this as one of a very few changes)15:01
gQuigssomething about upstart maybe?15:01
=== markthomas|away is now known as markthomas
vivek_hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out?17:00
vivek_hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out?17:00
rbasakvivek_: if you don't get an answer here, try askubuntu.com.17:10
rbasakvivek_: and I'll see if someone from the autopilot team can look at it.17:11
vivek_rbasak: thanks17:13
vivek_i did ask at askubuntu.com17:13
tewardvivek_: also crossposting your question across multiple channels is frowned upon17:29
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== jrcconstela is now known as hamlet
=== hamlet is now known as paths
=== jrcconstela is now known as pathio
=== katherin_ is now known as katherine
tewardis there any way to configure SSH to permit root login only from certain IP ranges?19:52
tewardor is it Enabled, Enabled with No Password (key auth for example), or Deny19:52
tewardand that's it19:52
cryptodan_laptopwhy do you want that19:54
jrwrenwhy would you want that?19:54
jrwrenI think the answer is "No." and the extended answer is, "because that is a bad idea."19:55
cryptodan_laptop^^19:55
shaunoyou can, by abusing AllowUsers (eg, allow tom dick harry root@10.0.0.10).  there isn't really a sensible way to do it because it's not a sensible thing to do19:56
tewardshauno: internal server, need to allow 'root' login from one specific system to sftp files up to it (packages that were built in house separately)19:56
shauno(but you need to specify every user that way)19:56
tewardnot my fault the system's set up weirdly.  guess i'll just do without-password and use key auth19:56
shaunokeys are almost always the right answer :) trusting internal ranges means that if some backwater box that no-one cares about is compromised, it all falls19:57
cryptodan_laptopteward: change the policy19:58
tewardshauno: problem is everything's static'd at the network xD  Irrelevant, though, I just don't want the extra work of setting up pageant (putty ssh agent) on the windows systems I'm stuck sshing with :/20:00
* teward grumbles about the OS in use at the workplace20:00
cryptodan_laptopand why is sftp using root to transfer files20:03
dasjoeteward: look into ansible, maybe?20:36
tewardcryptodan_laptop: a .deb needs to be pushed to the server.  nothing up to do it20:37
tewarddasjoe: not a frequent thing, a short-term problem. but meh20:37
tewardi'll just upload ssh keys20:39
jrwreni was going to suggest using direvent/dircond to watch for non-root upload and respond to event, but its not packaged and my head exploded20:54
tewardjrwren: heh20:55
tewardjrwren: i'd rather put a small VM up and put reprepro on it just to serve the .debs but meh20:56
tewardsame probl3em20:56
tewardand wow I can't type today20:56
jrwrenteward: yes. reprepro is very nice. I'd do that too.20:57
jrwrenteward: can do all that without root ;)20:57
IronDevHow do I login to an active session in ubuntu22:14
IronDevserver 15.0422:15
sarnoldwhat is an "active session"? what does it mean to "login" to one?22:19
cryptodan_laptopteward: the sftp can be run as a normal user to push the .deb to the server then maybe setup a cronjob to run the dpkg -i command on *.deb as root.22:23
IronDevsarnold Ok lets say root is on tty1 and I need to connect to it to run commands on a program22:24
sarnoldIronDev: aha! :) the easy way is to start the program in tmux or screen, so you can re-attach to it from another location later22:26
IronDevsarnold Ya but the program uses ip binding22:27
IronDevsarnold And I cant force it to stop or the server goes corrupt22:27
sarnoldIronDev: what's that?22:27
IronDevsarnold PocketMine22:27
sarnoldIronDev: next time you need to restart the server, run tmux, then run the server in the shell that tmux starts22:28
sarnoldIronDev: then you can use "tmux attach" later on to re-attach that shell22:29
dasjoeIronDev: sarnold: reptyr may help22:38
dasjoe*may*22:38
sarnolddasjoe: I've always been worried by such programs; that's so far outside the way things normally work that I suspect it'd be a failure for anything really important :)22:42
dasjoesarnold: I learned to stop worrying and love the magic ;)22:44
sarnolddasjoe: ha! :)22:45
PatrickdkI just never bother with anything22:46
Patrickdknever login to an *active session*, never use screen, never use tmux22:46
Patrickdkif something is so broken I would need to do this, it's not worth using22:46
dasjoePatrickdk: tmux is very nice, I just wish it could save window configurations22:47
dasjoeI recently ran 63 instances of badblocks via tmux, 9 per window. I don't think I would've stayed sane with screen or running them sequentially22:49
Patrickdkoh, I just run them in 63 different ssh windows :)22:50
sarnoldhahaha22:53
Patrickdkdamn, I'm low currently :(22:54
Patrickdkonly 83 ssh sessions open22:54
dasjoeI'd like to build a container (docker? lxc?) for an application that runs in wine, so I need X. Any suggestions?22:55
Patrickdkshould be simple22:55
Patrickdkdon't need X22:55
Patrickdkjust use x forwarding, or remote display22:56
Patrickdkx was designed for this :)22:56
Patrickdkbut if you want it local only, different issue22:56
Patrickdkxvnc?22:56
dasjoeIt should be local only, yeah.22:56
dasjoex11vnc + xvfb seem to be the way to go23:03
=== alai` is now known as alai
=== manjo` is now known as manjo

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!