=== Lcawte is now known as Lcawte|Away === rylinaux_ is now known as rylinaux === zz_DenBeiren is now known as DenBeiren === markthomas is now known as markthomas|away [02:47] My fresh ubuntu server (14.04.2) install is completely borked. RAID for the root filesystem won't come up and I have no keyboard support. I am pretty sure I need to install linux-image-extra to solve these problems. I tried doing that at the end of the install using the "select additional packages" option but I end getting a kernel panic. Is rescue mode my only option? [02:49] When I briefly tried rescue mode I had no DNS setup, and trying to manually configure it was giving all sorts of errors about directories/files not existing. I guess this is due to the fact that the system was never successfully booted [07:40] Good morning. [07:42] moloney: live CD... === DenBeiren is now known as zz_DenBeiren === Lcawte|Away is now known as Lcawte === 20WABC5NS is now known as Sebastain___ [14:46] I've got an ancient hardy server that just started throwing errors about invalid SSL certs. Any thoughts on how to update the ssl? [14:47] I think it's the root CA certs that have aged out. [14:47] (for various legacy application reasons, upgrading to non-eol server is not an option) [14:47] greylurk: Upgrade the server, run your legacy shit in docker containers - and dont run outdated servers. [14:48] THere's no Hardy docker containers. [14:48] Make one [14:48] Wouldn't that have invalid SSL certs too? [14:48] You do a reverse proxy for the ssl-termination on something more modern [14:49] Ok, so I'll petition management for budget for a 2 week project to migrate the entire architecture. Any thoughts on how to get my server up and running in the next few hours? [14:50] greylurk: A start is probably to paste the exact error message somewhere and not a generic "ssl error" - and good luck [14:55] https://gist.github.com/greylurk/f6c4c0c65f3d229ba526 [14:55] Actually, wait, never mind. [14:55] Crap, that's an outdated akismet code. [14:55] Sorry to have bugged you. [15:01] looking at doing a sync request, but I can't figure out why there are these two changes there; why don't we have services stop at runlevels 0 and 6? [15:01] (both libsnmp30 and keepalived have this as one of a very few changes) [15:01] something about upstart maybe? === markthomas|away is now known as markthomas [17:00] hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out? [17:00] hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out? [17:10] vivek_: if you don't get an answer here, try askubuntu.com. [17:11] vivek_: and I'll see if someone from the autopilot team can look at it. [17:13] rbasak: thanks [17:13] i did ask at askubuntu.com [17:29] vivek_: also crossposting your question across multiple channels is frowned upon === Lcawte is now known as Lcawte|Away === Lcawte|Away is now known as Lcawte === jrcconstela is now known as hamlet === hamlet is now known as paths === jrcconstela is now known as pathio === katherin_ is now known as katherine [19:52] is there any way to configure SSH to permit root login only from certain IP ranges? [19:52] or is it Enabled, Enabled with No Password (key auth for example), or Deny [19:52] and that's it [19:54] why do you want that [19:54] why would you want that? [19:55] I think the answer is "No." and the extended answer is, "because that is a bad idea." [19:55] ^^ [19:56] you can, by abusing AllowUsers (eg, allow tom dick harry root@10.0.0.10). there isn't really a sensible way to do it because it's not a sensible thing to do [19:56] shauno: internal server, need to allow 'root' login from one specific system to sftp files up to it (packages that were built in house separately) [19:56] (but you need to specify every user that way) [19:56] not my fault the system's set up weirdly. guess i'll just do without-password and use key auth [19:57] keys are almost always the right answer :) trusting internal ranges means that if some backwater box that no-one cares about is compromised, it all falls [19:58] teward: change the policy [20:00] shauno: problem is everything's static'd at the network xD Irrelevant, though, I just don't want the extra work of setting up pageant (putty ssh agent) on the windows systems I'm stuck sshing with :/ [20:00] * teward grumbles about the OS in use at the workplace [20:03] and why is sftp using root to transfer files [20:36] teward: look into ansible, maybe? [20:37] cryptodan_laptop: a .deb needs to be pushed to the server. nothing up to do it [20:37] dasjoe: not a frequent thing, a short-term problem. but meh [20:39] i'll just upload ssh keys [20:54] i was going to suggest using direvent/dircond to watch for non-root upload and respond to event, but its not packaged and my head exploded [20:55] jrwren: heh [20:56] jrwren: i'd rather put a small VM up and put reprepro on it just to serve the .debs but meh [20:56] same probl3em [20:56] and wow I can't type today [20:57] teward: yes. reprepro is very nice. I'd do that too. [20:57] teward: can do all that without root ;) [22:14] How do I login to an active session in ubuntu [22:15] server 15.04 [22:19] what is an "active session"? what does it mean to "login" to one? [22:23] teward: the sftp can be run as a normal user to push the .deb to the server then maybe setup a cronjob to run the dpkg -i command on *.deb as root. [22:24] sarnold Ok lets say root is on tty1 and I need to connect to it to run commands on a program [22:26] IronDev: aha! :) the easy way is to start the program in tmux or screen, so you can re-attach to it from another location later [22:27] sarnold Ya but the program uses ip binding [22:27] sarnold And I cant force it to stop or the server goes corrupt [22:27] IronDev: what's that? [22:27] sarnold PocketMine [22:28] IronDev: next time you need to restart the server, run tmux, then run the server in the shell that tmux starts [22:29] IronDev: then you can use "tmux attach" later on to re-attach that shell [22:38] IronDev: sarnold: reptyr may help [22:38] *may* [22:42] dasjoe: I've always been worried by such programs; that's so far outside the way things normally work that I suspect it'd be a failure for anything really important :) [22:44] sarnold: I learned to stop worrying and love the magic ;) [22:45] dasjoe: ha! :) [22:46] I just never bother with anything [22:46] never login to an *active session*, never use screen, never use tmux [22:46] if something is so broken I would need to do this, it's not worth using [22:47] Patrickdk: tmux is very nice, I just wish it could save window configurations [22:49] I recently ran 63 instances of badblocks via tmux, 9 per window. I don't think I would've stayed sane with screen or running them sequentially [22:50] oh, I just run them in 63 different ssh windows :) [22:53] hahaha [22:54] damn, I'm low currently :( [22:54] only 83 ssh sessions open [22:55] I'd like to build a container (docker? lxc?) for an application that runs in wine, so I need X. Any suggestions? [22:55] should be simple [22:55] don't need X [22:56] just use x forwarding, or remote display [22:56] x was designed for this :) [22:56] but if you want it local only, different issue [22:56] xvnc? [22:56] It should be local only, yeah. [23:03] x11vnc + xvfb seem to be the way to go === alai` is now known as alai === manjo` is now known as manjo