[02:47] <moloney> My fresh ubuntu server (14.04.2) install is completely borked. RAID for the root filesystem won't come up and I have no keyboard support. I am pretty sure I need to install linux-image-extra to solve these problems. I tried doing that at the end of the install using the "select additional packages" option but I end getting a kernel panic.  Is rescue mode my only option?
[02:49] <moloney> When I briefly tried rescue mode I had no DNS setup, and trying to manually configure it was giving all sorts of errors about directories/files not existing.  I guess this is due to the fact that the system was never successfully booted
[07:40] <lordievader> Good morning.
[07:42] <Walex> moloney: live CD...
[14:46] <greylurk> I've got an ancient hardy server that just started throwing errors about invalid SSL certs.  Any thoughts on how to update the ssl?
[14:47] <greylurk> I think it's the root CA certs that have aged out.
[14:47] <greylurk> (for various legacy application reasons, upgrading to non-eol server is not an option)
[14:47] <OpenTokix> greylurk: Upgrade the server, run your legacy shit in docker containers - and dont run outdated servers.
[14:48] <greylurk> THere's no Hardy docker containers.
[14:48] <OpenTokix> Make one
[14:48] <greylurk> Wouldn't that have invalid SSL certs too?
[14:48] <OpenTokix> You do a reverse proxy for the ssl-termination on something more modern
[14:49] <greylurk> Ok, so I'll petition management for budget for a 2 week project to migrate the entire architecture.  Any thoughts on how to get my server up and running in the next few hours?
[14:50] <OpenTokix> greylurk: A start is probably to paste the exact error message somewhere and not a generic "ssl error" - and good luck
[14:55] <greylurk> https://gist.github.com/greylurk/f6c4c0c65f3d229ba526
[14:55] <greylurk> Actually, wait, never mind.
[14:55] <greylurk> Crap, that's an outdated akismet code.
[14:55] <greylurk> Sorry to have bugged you.
[15:01] <gQuigs> looking at doing a sync request, but I can't figure out why there are these two changes there;   why don't we have services stop at runlevels 0 and 6?
[15:01] <gQuigs> (both libsnmp30 and keepalived have this as one of a very few changes)
[15:01] <gQuigs> something about upstart maybe?
[17:00] <vivek_> hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out?
[17:00] <vivek_> hello i am testing the openstack deployment using the openstack autopilot installer, However it fails due to landscape deployment timeout exceeded more than 45 minutes, is there any workaround.if i could increase the time out?
[17:10] <rbasak> vivek_: if you don't get an answer here, try askubuntu.com.
[17:11] <rbasak> vivek_: and I'll see if someone from the autopilot team can look at it.
[17:13] <vivek_> rbasak: thanks
[17:13] <vivek_> i did ask at askubuntu.com
[17:29] <teward> vivek_: also crossposting your question across multiple channels is frowned upon
[19:52] <teward> is there any way to configure SSH to permit root login only from certain IP ranges?
[19:52] <teward> or is it Enabled, Enabled with No Password (key auth for example), or Deny
[19:52] <teward> and that's it
[19:54] <cryptodan_laptop> why do you want that
[19:54] <jrwren> why would you want that?
[19:55] <jrwren> I think the answer is "No." and the extended answer is, "because that is a bad idea."
[19:55] <cryptodan_laptop> ^^
[19:56] <shauno> you can, by abusing AllowUsers (eg, allow tom dick harry root@10.0.0.10).  there isn't really a sensible way to do it because it's not a sensible thing to do
[19:56] <teward> shauno: internal server, need to allow 'root' login from one specific system to sftp files up to it (packages that were built in house separately)
[19:56] <shauno> (but you need to specify every user that way)
[19:56] <teward> not my fault the system's set up weirdly.  guess i'll just do without-password and use key auth
[19:57] <shauno> keys are almost always the right answer :) trusting internal ranges means that if some backwater box that no-one cares about is compromised, it all falls
[19:58] <cryptodan_laptop> teward: change the policy
[20:00] <teward> shauno: problem is everything's static'd at the network xD  Irrelevant, though, I just don't want the extra work of setting up pageant (putty ssh agent) on the windows systems I'm stuck sshing with :/
[20:00]  * teward grumbles about the OS in use at the workplace
[20:03] <cryptodan_laptop> and why is sftp using root to transfer files
[20:36] <dasjoe> teward: look into ansible, maybe?
[20:37] <teward> cryptodan_laptop: a .deb needs to be pushed to the server.  nothing up to do it
[20:37] <teward> dasjoe: not a frequent thing, a short-term problem. but meh
[20:39] <teward> i'll just upload ssh keys
[20:54] <jrwren> i was going to suggest using direvent/dircond to watch for non-root upload and respond to event, but its not packaged and my head exploded
[20:55] <teward> jrwren: heh
[20:56] <teward> jrwren: i'd rather put a small VM up and put reprepro on it just to serve the .debs but meh
[20:56] <teward> same probl3em
[20:56] <teward> and wow I can't type today
[20:57] <jrwren> teward: yes. reprepro is very nice. I'd do that too.
[20:57] <jrwren> teward: can do all that without root ;)
[22:14] <IronDev> How do I login to an active session in ubuntu
[22:15] <IronDev> server 15.04
[22:19] <sarnold> what is an "active session"? what does it mean to "login" to one?
[22:23] <cryptodan_laptop> teward: the sftp can be run as a normal user to push the .deb to the server then maybe setup a cronjob to run the dpkg -i command on *.deb as root.
[22:24] <IronDev> sarnold Ok lets say root is on tty1 and I need to connect to it to run commands on a program
[22:26] <sarnold> IronDev: aha! :) the easy way is to start the program in tmux or screen, so you can re-attach to it from another location later
[22:27] <IronDev> sarnold Ya but the program uses ip binding
[22:27] <IronDev> sarnold And I cant force it to stop or the server goes corrupt
[22:27] <sarnold> IronDev: what's that?
[22:27] <IronDev> sarnold PocketMine
[22:28] <sarnold> IronDev: next time you need to restart the server, run tmux, then run the server in the shell that tmux starts
[22:29] <sarnold> IronDev: then you can use "tmux attach" later on to re-attach that shell
[22:38] <dasjoe> IronDev: sarnold: reptyr may help
[22:38] <dasjoe> *may*
[22:42] <sarnold> dasjoe: I've always been worried by such programs; that's so far outside the way things normally work that I suspect it'd be a failure for anything really important :)
[22:44] <dasjoe> sarnold: I learned to stop worrying and love the magic ;)
[22:45] <sarnold> dasjoe: ha! :)
[22:46] <Patrickdk> I just never bother with anything
[22:46] <Patrickdk> never login to an *active session*, never use screen, never use tmux
[22:46] <Patrickdk> if something is so broken I would need to do this, it's not worth using
[22:47] <dasjoe> Patrickdk: tmux is very nice, I just wish it could save window configurations
[22:49] <dasjoe> I recently ran 63 instances of badblocks via tmux, 9 per window. I don't think I would've stayed sane with screen or running them sequentially
[22:50] <Patrickdk> oh, I just run them in 63 different ssh windows :)
[22:53] <sarnold> hahaha
[22:54] <Patrickdk> damn, I'm low currently :(
[22:54] <Patrickdk> only 83 ssh sessions open
[22:55] <dasjoe> I'd like to build a container (docker? lxc?) for an application that runs in wine, so I need X. Any suggestions?
[22:55] <Patrickdk> should be simple
[22:55] <Patrickdk> don't need X
[22:56] <Patrickdk> just use x forwarding, or remote display
[22:56] <Patrickdk> x was designed for this :)
[22:56] <Patrickdk> but if you want it local only, different issue
[22:56] <Patrickdk> xvnc?
[22:56] <dasjoe> It should be local only, yeah.
[23:03] <dasjoe> x11vnc + xvfb seem to be the way to go