=== WilliamDotAT_ is now known as WilliamDotAT
=== markthomas is now known as markthomas|away
=== sl0wz is now known as slowz
[03:00] <Vainglory> apparmor is blocking my nginx server from reading a file. i get the following: audit: type=1400 audit: apparmor="DENIED" operation="open" profile="/usr/sbin/nginx" name="/etc/nginx/sites-enabled/" comm="nginx" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[03:00] <Vainglory> i have the following : /etc/nginx/sites-enabled/* r, but i still get a DENIED when attempting to read that folder
[04:56] <linuxmint> Anyone know how to setup RAID? Do I follow Debian net-install? I cancelled my CloneZilla idea as I have to manuall backup, whereas RAID automatically runs the 4 disks, saving my server if 1 disk breaks.
[04:59] <sarnold> don't confuse raid with backups
[04:59] <sarnold> raid is there so you can go buy a new hard drive when one dies
[04:59] <sarnold> backups are there so you can get your databack if the computer burns down / stolen / or some yahoo types rm -rf / :)
[05:11] <linuxmint> sarnold: yes, but I think RAID will help ensure I don't have to reinstall the OS when the 1 disk breaks.
[05:13] <sarnold> linuxmint: yes :)
[05:13] <linuxmint> my challenge is building the RAID.
[05:15] <sarnold> wow our docs on that are really .. iffy
[05:16] <sarnold> the serverguide only covers it during the install phase https://help.ubuntu.com/lts/serverguide/advanced-installation.html
[05:16] <linuxmint> Maybe I need to stick with 1 disk, but less peace of mind.
[05:16] <sarnold> and everything else seems to make the same assumption -and- is quite old. that's annoyuing.
[05:18] <linuxmint> A lot of people said not to bother with RAID. E.g., Server grade hardware doesn't need RAID. Or use CloneZilla backups. I need an automatic assurance running with my 4 disks if 1 breaks, the OS/server should still run.
[05:18] <linuxmint> ClonzeZilla is good, but it's a manual process.
[05:21] <sarnold> some server hardware come with raid cards already, you can configure it via their own bios-like interfaces before booting
[05:22] <sarnold> those raid cards give and take, of course, if something happens to the raid card, your data is probably toast. maybe you can get it back if you buy identical raid card again, but I've heard of arrays just not coming back regardless of what is done to try to bring it back
[05:23] <linuxmint> ok, sounds like too much work/risk. Might just get used to reinstall of broken server OS and restore VM backups.
[05:23] <sarnold> another option is to investigate zfs; it's not shipped with ubuntu, but I think it's a much nicer interface for storage pools. But I wouldn't use it for the system drives, because it adds in too many odd wrinkles. (People do, and they like the end result, but I don't think it's worth the hassle.)
[05:29] <linuxmint> k, thanks, will explore :)
=== Lcawte|Away is now known as Lcawte
[12:26] <pmatulis> sarnold: yes, the server guide could use some TLC, hint hint, merge proposals welcome, etc, etc :)
[13:03] <seijirou> Hello.  I've got emulex HBAs on ubuntu 14.04 and I'm wondering if it's possible to configure them in target mode and use SCST or LIO or something else to expose a target.  I've found some info on qlogic but almost nothing on emulex.  I believe the driver shipped with 14.04 is lpfc but I can't find any information on lpfc configurables to switch from initiatior to target.
[13:11] <rbasak> jamespage: two items for you please. 1) a docker PPA in ~ubuntu-server for kickinz1 and I to coordinate, and 2) bcache-tools upload.
[13:11] <jamespage> rbasak, on that now
[13:11] <rbasak> Ta
[13:12] <jamespage> rbasak, can't do that under ubuntu-server "Open or Delegated teams can not create PPAs."
[13:12] <rbasak> Hmm, OK.
[13:13]  * rbasak didn't want to create Yet Another Team.
[13:13] <rbasak> And kickinz1 isn't in ~ubuntu-server-dev
[13:13] <jamespage> rbasak, indeed - I'd just do it under another team
[13:13] <jamespage> bcache-tools now
[13:13]  * rbasak wonders if there's some other suitable general team we can use for this type of thing
[13:14] <rbasak> Daviey: o/  ^^ do you happen of any please?
[13:14] <jamespage> rbasak, wait - there was an ubuntu-server-edgers team once
[13:15] <jamespage> nope apparently no longer
[13:16] <Daviey> rbasak: be careful with u-s-dev, that is the ACL team for serverset uploads.
[13:16] <rbasak> Daviey: right, so we can't use that (also I think I can't add anyone anyway - that's have to be the DMB)
[13:16] <rbasak> Daviey: and we can't use ~ubuntu-server for PPAs because it's open AIUI.
[13:17] <rbasak> Daviey: so I think we want a third team that is nominally restricted even though we'd add anyone capable or being trained who wants to be involved.
[13:17] <rbasak> Any name suggestions?
[13:17] <rbasak> Or does anything like that already exist?
[13:17] <jamespage> rbasak, where is bcache tools?
[13:18] <rbasak> jamespage: git+ssh://git.debian.org/git/collab-maint/bcache-tools.git
[13:18] <rbasak> jamespage: pristine-tar included in there. Upstream don't publish tarballs so squisher has been generating and importing them AIUI.
[13:19] <jamespage> rbasak, ok
[13:19] <Daviey> rbasak: It sounds like you are trying to grow a community, are you crazy!?
[13:20] <rbasak> Daviey: :)
[13:20] <rbasak> Daviey: I specifically am trying to avoid closing this work when it can be open.
[13:20] <rbasak> (or else I'd just use ~canonical-server or something)
[13:21] <Daviey> rbasak: There was a ~ubuntu-server-contribs IIRC, trying to mimic the contributing developer thing.. But it didn't grow, so i dropped it.
[13:22] <rbasak> Daviey: hmm. Perhaps I should recreate that?
[13:22] <rbasak> Daviey: intended membership would be anyone who is working with us as a team, but doesn't have upload rights. In practise that'd probably be Canoncial people, but I don't want to restrict it to that.
[13:23] <rbasak> It's silly because ~ubuntu-server would be fine except for the restriction on PPAs.
[13:23] <jamespage> rbasak, squisher: uploaded and tagged in git
[13:23] <rbasak> jamespage: thank you!
[13:25] <Daviey> rbasak: The trouble with an open team and PPA's is that if anyone adds them to their system, i create a new LP account, join the team and p0wnz users.. At least vetting a smaller team, they rely on their reputation.
[13:25]  * rbasak finds ~ubuntu-server-staged-uploads but that's ~ubuntu-server-dev so won't do
[13:25] <rbasak> Daviey: yeah that makes sense
[13:26] <rbasak> Daviey: in this case I want a PPA for easier build dependency management and testing, rather than for end users actually using the packages.
[13:26] <Daviey> I suspect ~ubuntu-server-staged-uploads can be dropped... That was an effort (jamespage) to try and gate all archive uploads for server stuff through Jenkins... but it didn't take off..
[13:26] <Daviey> jamespage: agree ^ ?
[13:27] <rbasak> ~docker-maint exists. Maybe we can ask to join that.
=== cipi is now known as CiPi
=== strikov is now known as strikov-lunch
[13:47] <friendlyguy> hi there! I'm trying to boot a fresh ubuntu 15.04 server installation but upon start i receive a message: "ERST: Cannot request [mem ADDR] for ERST."
[13:48] <friendlyguy> and it's not progressing any further
[13:48] <friendlyguy> any idea what this could mean?
[13:50] <friendlyguy> I'm going to try the lts version next
[13:56] <OpenTokix> friendlyguy: Where do you get this error?
[13:56] <friendlyguy> after selecting ubuntu entry in grub
[13:57] <OpenTokix> friendlyguy: ok, is your bios st for UEFI or BIOS boot?
[13:57] <friendlyguy> it's bios
[13:58] <OpenTokix> and secureboot is disabled?
[13:58] <friendlyguy> i guess, haven't seent this in bios. let me check.
[14:00] <TJ-> friendlyguy: Is it a Dell R900 ?
=== cmagina_ is now known as cmagina
[14:02] <friendlyguy> nope, it's a supermicro x7db8 with two quad-core xeons
[14:02] <friendlyguy> http://www.supermicro.nl/products/motherboard/xeon1333/5000p/x7db8.cfm
[14:02] <OpenTokix> friendlyguy: And the ram is whole, and properly configured?
[14:03] <friendlyguy> with two xeon e5420
[14:03] <friendlyguy> 8 of 8 modules installed, 32gb ram
[14:04] <OpenTokix> friendlyguy: if its supposed to be a server, - I would recommend the LTS, since the rolling releases tend to be far to quick for a server enviroment
[14:04] <friendlyguy> haven't run memtest. but: it's ecc fb ram and no problem running windows on this machine before
[14:05] <friendlyguy> okay, i've just prepared a stick with lts ... going to install and check with this release
[14:12] <TJ-> friendlyguy: looks like an ACPI/BIOS issue. That error is reported from drivers/acpi/apei/erst.c::1180 ... "pr_err("Can not request [mem %#010llx-%#010llx] for ERST.\n","
[14:13] <friendlyguy> TJ-: interesting... afaik i've the latest bios version installed. maybe i could have tried factory defaults
[14:13] <friendlyguy> right now i'm trying 14.04.2 lts
[14:14] <TJ-> friendlyguy: It's trying to read the MCE log via ACPI ERST ... maybe that's a configurable option in the BIOS?
=== strikov-lunch is now known as strikov
[14:35] <friendlyguy> okay, finished installation. lets c if it boots
[14:38] <friendlyguy> looks better actually
[14:40] <friendlyguy> but, for some reason i don't have a console via ipmi after selecting ubuntu in grub. but: the attached monitor displays everything
[14:56] <TJ-> friendlyguy: maybe grub is putting the console into graphics mode which is causing IPMI issues?
[14:58] <jamespage> Daviey, agreed
[14:58] <jamespage> Daviey, tbh we get that via proposed now anyway
[15:00] <Daviey> jamespage: right!  Good to see the server team innovating before the rest :)
[15:00] <friendlyguy> TJ-:  i really don't know yet :) i've never used those ipmi cards on linux
[15:07] <jamespage> Daviey, indeed ;-)
[15:10] <kyle__> At what point in the boot does init handle luks?
[15:11] <kyle__> I tried to make a luks encrypted /var/lib, set it all up with /etc/crypttab and /etc/luks/keyfile, rebuilt my initramfs using update-initramfs -k all -c, so I'm guessing I need to tell it to setup luks/cryptdisks earlier?
[15:19] <TJ-> kyle__: cryptodisks should be unlocked before the /etc/fstab mounts get scanned by mountall
[15:20] <kyle__> TJ-: I think I just found it.  I forgot installing haveged and cryptsetup-bin doesn't install cryptsetup.  Doh!
=== markthomas|away is now known as markthomas
=== ejat is now known as ejat-
=== hxm is now known as Guest63544
=== Lcawte is now known as Lcawte|Away
[18:21] <friendlyguy> i have a weird problem with luks / dmcrypt. i've got a os hdd which has unencrypted /boot and encrypted / (lvm) partitions on it. also there are 11 more drives in the server which i also encrypted. (lated used for zfs) i derived the key from my os, and added it to all 11 drives. i also created a entry for every drive in crypttab.
[18:22] <friendlyguy> however, upon restart i get error msges like:  "conflicting device node '/dev/mapper/hdd500_4' found, link to '/dev/dm-8' will not be created" and symlinks to dm-X are missing
[18:24] <friendlyguy> entries in crypttab look like: hdd500_4 UUID=e5f010ec... sda5_crypt luks,keyscript=/lib/cryptsetup/scripts/decrypt_derived
[18:27] <TJ-> friendlyguy: bug #1358491
[18:30] <friendlyguy> oh no
[18:31] <friendlyguy> but thanks ;)
[18:33] <TJ-> And I've not worked on it since I was able to work around it I assumed it was a udevd race
[18:34] <friendlyguy> could you explain your workaround? i think i didn't get it
[18:44] <TJ-> friendlyguy: use another controller and disks!!!
[18:45] <TJ-> friendlyguy: what controller are those disks on?
[19:00] <patdk-wk> hmm, I never worked around the issue :)
[19:00] <patdk-wk> but I do use a custom initramfs script to setup mine on boot
[19:01] <friendlyguy> i'm using a 3ware 9550-12
[19:23] <onorua> How to configure multiple bonding interfaces on Ubuntu 15.04 ?
[19:23] <onorua> when I configure it, it can't startup
[19:24] <onorua> and my system doesn't boot, and hang on the networking service
=== markthomas is now known as markthomas|away
[20:10] <friendlyguy> patdk-wk: could you explain / show this custom initramfs script?
[20:10] <friendlyguy> but first... need to get pizza :)
[20:22] <xcyclist> I have have instructions to install libxml-dev package on my ubuntu server.  It is not found.  Please advise what is equivalent?  There is an libxml2-dev...?
[20:25] <xcyclist> Okay, I found an ubuntu thing that says libxml2-dev:  http://askubuntu.com/questions/62849/installing-libxml-dev-package
=== markthomas|away is now known as markthomas
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
[21:36] <friendlyguy> patdk-wk: could you please explain what u did to your initramfs script?
[21:36] <Patrickdk> a lot actually
[21:36] <Patrickdk> does a few udev settles
[21:36] <Patrickdk> but it's goal is to read the key stored externally
[21:37] <Patrickdk> and to decrypt that key using a password
[21:37] <Patrickdk> and then feed that key into the crypttab entries
[21:37] <Patrickdk> it's probably just the udev settles you need
[21:37] <friendlyguy> i think so too
[21:40] <friendlyguy> could you give me some advice what i need to do
=== ashleyd is now known as ashd
[22:01] <friendlyguy> Patrickdk: i found that there is actually a "function" wait_for_udev which does a udevadm settle
[22:01] <friendlyguy> but where do i need to call it
[22:18] <keithzg> Hmmm running a long-awaited upgrade on an Ubuntu 14.04 server, and it's been "Setting up mysql-server-5.5 (5.5.43-0ubuntu0.14.04.1)" for over a minute now, which makes me uneasy...
=== mgriffin_ is now known as mgriffin__
[22:35] <TJ-> keithzg: any databases that might need their tables upgrading?
[22:40] <keithzg> TJ: I wouldn't have thought so, it's just a minor point upgrade. Anyways, it turns out the issue is a quasi-known one that seems to crop up from time to time. Merely stopping the mysql service *before* the upgrade solved it.
[22:41] <keithzg> (In total it hung for 10 minutes and seemed to be using no CPU or disk, so it really didn't seem to be upgrading anything; didn't see any such processes in ps -ef either)
=== zz_DenBeiren is now known as DenBeiren
=== Lcawte is now known as Lcawte|Away
=== spinza_ is now known as spinza