=== Lcawte is now known as Lcawte|Away | ||
=== rylinaux_ is now known as rylinaux | ||
=== zz_DenBeiren is now known as DenBeiren | ||
=== markthomas is now known as markthomas|away | ||
moloney | My fresh ubuntu server (14.04.2) install is completely borked. RAID for the root filesystem won't come up and I have no keyboard support. I am pretty sure I need to install linux-image-extra to solve these problems. I tried doing that at the end of the install using the "select additional packages" option but I end getting a kernel panic. Is rescue mode my only option? | 02:47 |
---|---|---|
moloney | When I briefly tried rescue mode I had no DNS setup, and trying to manually configure it was giving all sorts of errors about directories/files not existing. I guess this is due to the fact that the system was never successfully booted | 02:49 |
lordievader | Good morning. | 07:40 |
Walex | moloney: live CD... | 07:42 |
=== DenBeiren is now known as zz_DenBeiren | ||
=== Lcawte|Away is now known as Lcawte | ||
=== 20WABC5NS is now known as Sebastain___ | ||
greylurk | I've got an ancient hardy server that just started throwing errors about invalid SSL certs. Any thoughts on how to update the ssl? | 14:46 |
greylurk | I think it's the root CA certs that have aged out. | 14:47 |
greylurk | (for various legacy application reasons, upgrading to non-eol server is not an option) | 14:47 |
OpenTokix | greylurk: Upgrade the server, run your legacy shit in docker containers - and dont run outdated servers. | 14:47 |
greylurk | THere's no Hardy docker containers. | 14:48 |
OpenTokix | Make one | 14:48 |
greylurk | Wouldn't that have invalid SSL certs too? | 14:48 |
OpenTokix | You do a reverse proxy for the ssl-termination on something more modern | 14:48 |
greylurk | Ok, so I'll petition management for budget for a 2 week project to migrate the entire architecture. Any thoughts on how to get my server up and running in the next few hours? | 14:49 |
OpenTokix | greylurk: A start is probably to paste the exact error message somewhere and not a generic "ssl error" - and good luck | 14:50 |
greylurk | https://gist.github.com/greylurk/f6c4c0c65f3d229ba526 | 14:55 |
greylurk | Actually, wait, never mind. | 14:55 |
greylurk | Crap, that's an outdated akismet code. | 14:55 |
greylurk | Sorry to have bugged you. | 14:55 |
gQuigs | looking at doing a sync request, but I can't figure out why there are these two changes there; why don't we have services stop at runlevels 0 and 6? | 15:01 |
gQuigs | (both libsnmp30 and keepalived have this as one of a very few changes) | 15:01 |
gQuigs | something about upstart maybe? | 15:01 |
=== markthomas|away is now known as markthomas | ||
vivek_ | hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out? | 17:00 |
vivek_ | hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out? | 17:00 |
rbasak | vivek_: if you don't get an answer here, try askubuntu.com. | 17:10 |
rbasak | vivek_: and I'll see if someone from the autopilot team can look at it. | 17:11 |
vivek_ | rbasak: thanks | 17:13 |
vivek_ | i did ask at askubuntu.com | 17:13 |
teward | vivek_: also crossposting your question across multiple channels is frowned upon | 17:29 |
=== Lcawte is now known as Lcawte|Away | ||
=== Lcawte|Away is now known as Lcawte | ||
=== jrcconstela is now known as hamlet | ||
=== hamlet is now known as paths | ||
=== jrcconstela is now known as pathio | ||
=== katherin_ is now known as katherine | ||
teward | is there any way to configure SSH to permit root login only from certain IP ranges? | 19:52 |
teward | or is it Enabled, Enabled with No Password (key auth for example), or Deny | 19:52 |
teward | and that's it | 19:52 |
cryptodan_laptop | why do you want that | 19:54 |
jrwren | why would you want that? | 19:54 |
jrwren | I think the answer is "No." and the extended answer is, "because that is a bad idea." | 19:55 |
cryptodan_laptop | ^^ | 19:55 |
shauno | you can, by abusing AllowUsers (eg, allow tom dick harry root@10.0.0.10). there isn't really a sensible way to do it because it's not a sensible thing to do | 19:56 |
teward | shauno: internal server, need to allow 'root' login from one specific system to sftp files up to it (packages that were built in house separately) | 19:56 |
shauno | (but you need to specify every user that way) | 19:56 |
teward | not my fault the system's set up weirdly. guess i'll just do without-password and use key auth | 19:56 |
shauno | keys are almost always the right answer :) trusting internal ranges means that if some backwater box that no-one cares about is compromised, it all falls | 19:57 |
cryptodan_laptop | teward: change the policy | 19:58 |
teward | shauno: problem is everything's static'd at the network xD Irrelevant, though, I just don't want the extra work of setting up pageant (putty ssh agent) on the windows systems I'm stuck sshing with :/ | 20:00 |
* teward grumbles about the OS in use at the workplace | 20:00 | |
cryptodan_laptop | and why is sftp using root to transfer files | 20:03 |
dasjoe | teward: look into ansible, maybe? | 20:36 |
teward | cryptodan_laptop: a .deb needs to be pushed to the server. nothing up to do it | 20:37 |
teward | dasjoe: not a frequent thing, a short-term problem. but meh | 20:37 |
teward | i'll just upload ssh keys | 20:39 |
jrwren | i was going to suggest using direvent/dircond to watch for non-root upload and respond to event, but its not packaged and my head exploded | 20:54 |
teward | jrwren: heh | 20:55 |
teward | jrwren: i'd rather put a small VM up and put reprepro on it just to serve the .debs but meh | 20:56 |
teward | same probl3em | 20:56 |
teward | and wow I can't type today | 20:56 |
jrwren | teward: yes. reprepro is very nice. I'd do that too. | 20:57 |
jrwren | teward: can do all that without root ;) | 20:57 |
IronDev | How do I login to an active session in ubuntu | 22:14 |
IronDev | server 15.04 | 22:15 |
sarnold | what is an "active session"? what does it mean to "login" to one? | 22:19 |
cryptodan_laptop | teward: the sftp can be run as a normal user to push the .deb to the server then maybe setup a cronjob to run the dpkg -i command on *.deb as root. | 22:23 |
IronDev | sarnold Ok lets say root is on tty1 and I need to connect to it to run commands on a program | 22:24 |
sarnold | IronDev: aha! :) the easy way is to start the program in tmux or screen, so you can re-attach to it from another location later | 22:26 |
IronDev | sarnold Ya but the program uses ip binding | 22:27 |
IronDev | sarnold And I cant force it to stop or the server goes corrupt | 22:27 |
sarnold | IronDev: what's that? | 22:27 |
IronDev | sarnold PocketMine | 22:27 |
sarnold | IronDev: next time you need to restart the server, run tmux, then run the server in the shell that tmux starts | 22:28 |
sarnold | IronDev: then you can use "tmux attach" later on to re-attach that shell | 22:29 |
dasjoe | IronDev: sarnold: reptyr may help | 22:38 |
dasjoe | *may* | 22:38 |
sarnold | dasjoe: I've always been worried by such programs; that's so far outside the way things normally work that I suspect it'd be a failure for anything really important :) | 22:42 |
dasjoe | sarnold: I learned to stop worrying and love the magic ;) | 22:44 |
sarnold | dasjoe: ha! :) | 22:45 |
Patrickdk | I just never bother with anything | 22:46 |
Patrickdk | never login to an *active session*, never use screen, never use tmux | 22:46 |
Patrickdk | if something is so broken I would need to do this, it's not worth using | 22:46 |
dasjoe | Patrickdk: tmux is very nice, I just wish it could save window configurations | 22:47 |
dasjoe | I recently ran 63 instances of badblocks via tmux, 9 per window. I don't think I would've stayed sane with screen or running them sequentially | 22:49 |
Patrickdk | oh, I just run them in 63 different ssh windows :) | 22:50 |
sarnold | hahaha | 22:53 |
Patrickdk | damn, I'm low currently :( | 22:54 |
Patrickdk | only 83 ssh sessions open | 22:54 |
dasjoe | I'd like to build a container (docker? lxc?) for an application that runs in wine, so I need X. Any suggestions? | 22:55 |
Patrickdk | should be simple | 22:55 |
Patrickdk | don't need X | 22:55 |
Patrickdk | just use x forwarding, or remote display | 22:56 |
Patrickdk | x was designed for this :) | 22:56 |
Patrickdk | but if you want it local only, different issue | 22:56 |
Patrickdk | xvnc? | 22:56 |
dasjoe | It should be local only, yeah. | 22:56 |
dasjoe | x11vnc + xvfb seem to be the way to go | 23:03 |
=== alai` is now known as alai | ||
=== manjo` is now known as manjo |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!