=== Lcawte is now known as Lcawte|Away
=== markthomas|away is now known as markthomas
[01:21] <teward> Daviey: ping
[01:21] <teward> if you're not busy :)
=== markthomas is now known as markthomas|away
=== Guest77242 is now known as TheEternalAbyss
=== zz_DenBeiren is now known as DenBeiren
=== DenBeiren is now known as zz_DenBeiren
[07:16] <ztane_> should we downgrade our openssl ... :P
=== ztane_ is now known as ztane
=== zz_DenBeiren is now known as DenBeiren
[07:44] <njmbb8> hey guys, if i want to run a server and be able to run a gui, what is my best option?
[07:46] <hellyeah> dunno about topics this could be helpful http://askubuntu.com/questions/53822/how-do-you-run-ubuntu-server-with-a-gui
=== Lcawte|Away is now known as Lcawte
[08:28] <lordievader> Good morning.
[08:43] <skylite> how can I check if an hdd is part of an lvm?
[08:43] <lordievader> skylite: Run 'pvs'.
[08:43] <skylite> thx
[08:56] <jamespage> mfisch, hey - I am working a 2.3.2 update for ovs - but blocked on some unit test failures atm
=== CiPi is now known as cipi
[11:26] <matadores> help ubuntu server 14.04 lts?
[11:29] <bekks> matadores: Ask a question :)
[11:30] <matadores> you have tutorial  install antiddos ?
[11:31] <matadores> and protectio my vps ?
[11:31] <bekks> matadores: Is that a specific software or do you have an actual question? :)
[11:32] <matadores> i am search tutorial protection and install anti-ddos
[11:32] <matadores> help mi pray
[11:49] <patdk-lap> it is impossible to protect against a ddos, unless you unplug your network cables
[11:50] <lordievader> Isn't that giving them, the attackers, an instant win?
[11:50] <patdk-lap> basically, the one with the bigger guns wins, and the point of a ddos is, they can always scale to have the largest
[11:50] <patdk-lap> well, if you get lucky, you can do something, like traffic profiling to block them
[11:50] <patdk-lap> but then, that is just lazyness on their part :)
[11:51] <patdk-lap> the only way to protect against it, is to blacklist as many incoming ip's as possible as fast as possible, and pray you aren't blocking ligit customers
[11:52] <patdk-lap> and the blocks must be at a level that has enough bandwidth to handle it
[11:52] <patdk-lap> so the ones with the most bandwidth wins
[11:52] <patdk-lap> and the latest ones for the last few years, it doesn't really matter how much bandwidth you have, it's not enough
[11:53] <patdk-lap> terrabits of bandwidth needed
[11:56] <matadores> ok
[12:01] <matadores> The attack always comes from one person or a maximum of 3 people
[12:01] <lordievader> Block those ;)
[12:02] <matadores> tutorial?
[12:02] <matadores> I am just starting out with a vps ubuntu 14.0.4 lts
[12:03] <matadores> sorry for my english but use google translator
[12:04] <lordievader> matadores: https://help.ubuntu.com/community/IptablesHowTo
[12:05] <matadores> how to use this command the vps throws me out and I have to reinstall
[12:05] <matadores> sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
[12:07] <Tzunamii> matadores: Just add a timer to a shellscript that flushes all the Iptables rules after, let's say, 5 mins
[12:07] <Tzunamii> no need to reinstall
[12:08] <lordievader> Or first allow ssh, or whatever you use to connect.
[12:09] <matadores> i I tried to use the commands through ovh but the result that the controls were not working more than in the tutorial
[12:09] <Tzunamii> In short, have a shellscript set a cron-job that will flush all the rules. After that functionality just add the Iptables rules you want to test.
[12:10] <Tzunamii> lordievader: that's how you do it the proper way
[12:10] <Tzunamii> aka, dev mode
[12:10] <teward> 'dev mode' - you know that what lordievader is saying is the proper way to do things?
[12:11] <Tzunamii> sigh
[12:11] <teward> allow connections to only the ports you need opened, IP-restrict them as well if you want them more locked down, etc.?
[12:12] <Tzunamii> Unless you know what you're doing you can still screw up any pre-allowed service/port with subsequent rules. Hence the dev mode
[12:12] <teward> Tzunamii: FWIW they should be doing it 'right' rather than flushing all their iptables rules every 5 minutes (as they won't come back)
[12:12] <Tzunamii> You're wrong, mate
[12:12] <lordievader> If anything, flush and then reload a save. Not just flush. That is rather bad for an internet facing server.
[12:13] <teward> ^ that
[12:13] <Tzunamii> The Iptables rules you want to test is (read: should be) in a script already, hence they won't "go away"
[12:13] <lordievader> But if you know what you are doing you don't need that 'dev-mode'.
[12:13] <matadores> I want you to lock the user running the attack although it uses an IP not true
[12:13] <Tzunamii> lordievader: Even the best CSO can frack things up royally
[12:14] <matadores> the user running the attack also prides itself on using python
[12:15] <teward> rbasak: ping, btw, if you're not busy :)
[12:15] <lordievader> matadores: You know your attackers?
[12:16] <matadores> si
[12:16] <matadores> yes
[12:16] <lordievader> matadores: Heh. Still, if it is just a handfull of IPs, just drop their traffic right away.
[12:17] <matadores> you can give me as you do?
[12:18] <lordievader> matadores: Read the tutorial I gave you.
[12:18] <matadores> excuse my asking, but I do not know still use the commands and so I try to use the guide
[12:19] <Tzunamii> In addition to lordievader's recommendation (HOWTO) I can recommend this tutorial as well https://www.frozentux.net/iptables-tutorial/iptables-tutorial.html
[12:26] <matadores> I have to run all the tutorial or a specific part?
[12:27] <teward> matadores: you should *read* the tutorial then run the relevant parts
[12:28] <matadores> ok
[12:29] <teward> and while we *could* write up a ruleset for you, we don't actually know what servicse you want exposed to the internet, etc.
[12:29] <teward> so we'd be *guessing* at what you need
[12:29] <teward> and you wouldn't learn anything
[12:32] <lordievader> ^ that, we want you to learn how to configure a firewall
[12:32] <Daviey> a/win	goto #b	
[12:34] <matadores> I have to use only port 80 and 10090 in my site but I can also change the port 10090
[12:35] <matadores> how to use the control panel sentora
[12:57] <bekks> matadores: this is the starting point: http://docs.sentora.org/?node=23
[12:59] <matadores> hanks
[12:59] <matadores> thanks*
[13:17] <coreycb> jamespage, zul, hey, can you review this?  https://code.launchpad.net/~corey.bryant/ubuntu/wily/python-fixtures/1.3.1
[13:19] <jamespage> coreycb, some feedback - pbr 1.2.0 means you don't need the patch for test-requirements
[13:19] <jamespage> coreycb, does it build and unit test ok?
[13:21] <coreycb> jamespage, yes, build and unit test are ok.  I see pbr 1.2.0 is in proposed so I probably wasn't picking it up in the build.
[13:21] <jamespage> coreycb, pbuilder?
[13:21] <coreycb> jamespage, sbuild
[13:21] <jamespage> hmm - sbuild should use proposed by default I think
[13:21] <jamespage> coreycb, I only merged that this morning btw
[13:22] <coreycb> jamespage, ok lemme try again
[13:22] <coreycb> without patch
[13:23] <jamespage> coreycb, no worries - I'll drop that as I merge and upload
[13:23] <coreycb> jamespage, cool thanks
[13:23] <Teduardo> Howdy everyone. Has anyone had any funky problems with sendmail in ubuntu 14 since the logjam thing?
[13:24] <Teduardo> i'm getting crazy tls issues
[13:24] <jamespage> coreycb, I'm also going to version pbr >= 1.2.0 as that's the release that supports that python version foo
[13:25] <coreycb> jamespage, yep good idea
[13:25] <jamespage> coreycb, that should unblock heat aside from the MIR's right?
[13:25] <coreycb> jamespage, I think so
[13:27] <jamespage> coreycb, marked merged and uploaded - thanks!
[13:29] <Teduardo> does anyone use ubuntu 14 and sendmail?
[13:29] <bekks> People do - but whats your actual question?
[13:32] <Teduardo> i'm trying to figure out why i'm getting this when trying to send email. 28496:error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3339 i actually found the error in google and created a new 2048 bit dh key
[13:34] <Teduardo> is there a command that will regenerate the tls keys/certs for sendmail on ubuntu?
[14:12] <teward> Daviey: rbasak: ping, again xD
[14:14] <teward> Daviey: rbasak: No rush, but just an FYI: If the Security team needs to weigh in on the nginx issue, I talked to sarnold and he said that effectively his opinion in the ubuntu-server list could be considered the Security Team's view on the nginx issue.  You can reach out to him to confirm this, if you wish.
[14:15] <Daviey> teward: thans
[14:15] <Daviey> +k
[14:33] <rbasak> teward: sorry, pretty busy ATM. The TB email is on my list.
[14:34] <teward> rbasak: no rush, just wanted to add the note above
[14:34] <rbasak> teward: ack, thanks.
[14:34] <teward> i'm still writing out my plan-of-action either way
[14:34] <teward> got sidetracked with some Apache hell yesterday
[14:56] <Teduardo> do we think there will ever be a release of apache 2.4.10 or 11 for 14.04 lts? there is an annoying PCI DSS thing flagging with the LUA bug
[14:56] <Teduardo> even though we arent using LUA the scanners are very stupid
[14:57] <patdk-wk> it will never happen
[14:57] <patdk-wk> not even sure why it would need to happen
[14:57] <patdk-wk> this is normal pci dss scanner stuff you should solve
[14:59] <patdk-wk> even if it was upgraded to 2.4.11 to solve that issue, next month you will be in here saying, my pci dss scanner says I have an issue and need to upgrade to 2.4.13, when will that be released?
[14:59] <patdk-wk> !usn
[14:59] <ubottu> Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.
[15:00] <Teduardo> I'm sorry I asked.
[15:00] <Pici> /70/70
[15:01] <mdeslaur> Teduardo: like most Linux distros, we backport security patches, we don't update to new versions. See our FAQ here: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
[15:02] <mdeslaur> Teduardo: do you know which CVE they are referring to? Is it CVE-2014-8109?
[15:03] <mdeslaur> Teduardo: apache in 14.04 doesn't even compile mod_lua
[15:03] <mdeslaur> Teduardo: see here: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8109.html
[15:15] <Daviey> jcastro: Can you moderate ubuntu-cloud pls?
[15:15] <Daviey> jcastro: A user trying to report an issue with aws mirrors.
[15:20] <jcastro> uhh, I don't know how to do that?
[15:20] <jcastro> you mean the mailing list?
[15:20] <jcastro> I thought it got subsumed by the server list?
[15:30] <Daviey> jcastro: Well there is still low volume traffic there..
[15:31] <Daviey> jcastro: mailman thinks you are the admin for the list... :/
[15:32] <Daviey> smoser, utlemming: Do you admin ubuntu-cloud list?
[15:32] <lucidguy> Ubuntu server with two nics on same network different ips... configured dns round robin for host.  Obiously all  inboud packets will be balanced, but will the packet exit out the nic it came in?  Or will it goto a default first  NIC?
[15:32] <smoser> utlemming can probably dig it up
[15:33] <jcastro> Daviey: yeah sorry that's not me, we should fix it though, heh.
[15:33] <Daviey> jcastro: no worries, thanks :)
[15:36] <bekks> lucidguy: According to the TCP RFC, it chooses an interface randomly, if both have the same routing weights.
[15:39] <jamespage> coreycb, urgh - just spotted this - https://launchpadlibrarian.net/210631929/buildlog_ubuntu-wily-amd64.ceilometer_1%3A5.0.0~b1-0ubuntu1_BUILDING.txt.gz
[15:42] <coreycb> jamespage, hmm I'll look in a bit
[15:42] <jamespage> coreycb, the sphinxcontrib stuff can be trimmed
[15:44] <rbasak> matsubara: are still OK to chair the meeting today please?
[15:45] <matsubara> rbasak, yes
[15:48] <rbasak> Thanks!
=== rbanffy is now known as rbanffy-lunch
=== markthomas|away is now known as markthomas
[16:07] <jamespage> coreycb, heat uploaded - I trimmed the sql related bd's out - not required for now
[16:07] <jamespage> but we do need to switch python-mysqldb <-> python-pymsql this cycle
[16:07] <coreycb> jamespage, ok, thanks
[16:08] <jamespage> coreycb, it won't build until the MIR for the clients completes and an archive-admin does the promotions
[16:08] <jamespage> coreycb, urgh - I still have horizon on my list
[16:11] <teward> it's official - i'm developing a hatred for VPS providers' default Ubuntu images
[16:11] <teward> we don't have Apache installed by default with a standard server install do we?
[16:12] <teward> (i.e. if they skip tasksel and such)
[16:19] <smoser> teward, no. ubuntu server install would not have that. either in cloud-image or default from d-i media.
[16:19] <teward> then that's where all these nginx bugs're coming from
[16:19] <jrwren> this is why CPC is awesome.
[16:20] <teward> smoser: also d-i media?  (I'm not 100% fluent in all shortened names/acronyms yet)
[16:21] <smoser> debian-installer
[16:21] <teward> ah ok
[16:21] <smoser> ie, download of server iso
[16:21] <teward> smoser: was there a reason that Apache is included by default on cloud and d-i media?
[16:22] <jrwren> teward: its not.
[16:22] <teward> then i'm confused
[16:22] <teward> because people are apparently installing nginx on new things and getting Apache conflicts
[16:22] <teward> because port 80 can't be bound to, so postinst fails
[16:22] <teward> and this is brand new with something in 15.04
[16:22] <teward> 'cause no others have that problem
[16:23] <jrwren> yes, that is true, you can apt-get install apache2 nginx and both packages will install and boht default to port 80 and conflict.
[16:23] <smoser> it wouldnt surprise me if a provider of a vps made an install that had apache installed.
[16:23] <teward> I know some VPS providers roll it out and are a pita
[16:23] <jrwren> one would have to install both packages.
[16:23] <teward> smoser: i know that RamNode does that and I've already thrown a wrench at them
[16:23] <teward> jrwren: or have Apache preinstalled - which AFAICT appears to be the case
[16:23] <teward> based on these apt logs i keep looking at
[16:23] <teward> (in the bugs)
[16:24] <teward> the trouble is, there's no usable debug info in the 'fail to install' reports, because the systemd logs and other logs aren't included with the bugs
[16:24] <jrwren> teward: maybe for their tasksel. its certainly not preinstalled on cloud-image or -server install
[16:24] <teward> so it ends up with 10 or 15 Incomplete bugs because we need more info
[16:24] <smoser> well, ideally you put apport hooks into nginx
[16:24] <smoser> and then tell people to run 'apport-collect' or 'ubuntu-bug'
[16:24] <teward> smoser: i have yet to find detailed documentation for that or a useful resource
[16:24] <smoser> and it collects installed packages and such.
[16:25] <teward> smoser: it already does that stuff, i need a new hook to grab data from other commands
[16:25] <teward> where's one of thsoe bugs...
[16:25] <teward> we also need translators 'cause i can't read anything but english >.<
[16:25] <smoser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530
[16:26] <smoser> that was filed via 'ubuntu-bug linux'.
[16:26] <teward> smoser: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1447294  <-- example of a post-installation failure bug
[16:26] <smoser> it collects up all thatCRDA, CurrentDmesg...
[16:26] <jrwren> IMO we should encourage VPS providers to use cloud-image and join CPC
[16:26] <teward> what it needs to pull is the `journalctl -xe` output, and/or the `systemctl status nginx.service` data
[16:26] <teward> smoser: and I can't find how to force such apport hooks
[16:26] <smoser> oh. i see.
[16:27] <teward> smoser: several of these're nonstandard configurations or a likely Apache conflict
[16:27] <smoser> i dont really know how you'd get that.
[16:27] <teward> smoser: nor do I, hence my question about Apache
[16:27] <teward> most of these're caused by something listening on port 80
[16:27] <smoser> i'm sure pitti would know.
[16:27] <teward> otherwise it'd be a bigger fireball in the dpkg logs and such
[16:28] <teward> 'cause this kind of stuff ain't useful:
[16:28] <teward> Apr 22 14:24:32 hostname systemd[1]: Failed to start A high performance web server and a reverse proxy server.
[16:28] <teward> Apr 22 14:24:32 hostname systemd[1]: nginx.service failed.
[16:28] <teward> ^ E: Not Useful
[16:29] <smoser> yeah, that' seem like you could get better info.
[16:29] <teward> smoser: and alas: that's all systemd gives you
[16:29] <teward> it actually says "Please check [other commands]"
[16:29] <teward> so i'm about ready to take systemd and throw it into /dev/null
[16:29] <jrwren> i miss /var/log/upstart/ logs of stdout and stderr
[16:30] <teward> https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1471713 <-- THIS is a clear "Won't Fix" or "Invalid"
[16:30] <teward> and a clear evidence of the issue of apache conflicting
[16:32] <teward> smoser: short of me modifying the postinst script to (a) check if the Apache service exists, and if it does stop Apache, or (b) check if port 80 is open or not, that's not a fixable bug
[16:33] <teward> and can have unintended other hell if you just need to install nginx to run it on a different port (i.e. could take down a production web server)
[16:33] <jrwren> or nginx conflicts apache2 deb, which would be terrible.
[16:33] <teward> jrwren: indeed, and that's an unacceptable option
[16:33] <teward> one i refuse to touch
[16:34] <teward> s/touch/use/
[16:34] <jrwren> i use nginx on 81 and apache on 80 and much crazy proxying  :)
[16:34] <teward> so either we need apport hooks to call in the data from those other commands that it's saying to include, or I have to flesch out the postinst scripts and cause undesired behavior with Apache being installed on the system
[16:34] <teward> jrwren: i use nginx on multiple ports, and also Apache on others, so as I said, it'd cause potentially undesired behavior.
[16:35] <teward> but the postinst script *could* check if port 80 is bound to, and if it is, just not start nginx
[16:35] <teward> and make a note saying "Check what's listening on port 80, or have nginx listen on a different port, before starting the service/"
[16:35] <jrwren> do we have any other cases of services in main which don't deb conflict and use the same ports by default? I'd guess no.
[16:35] <teward> jrwren: in main?  probably not.
[16:35] <jrwren> right, I think that is a great solution.
[16:35] <teward> but lighttpd comes to mind if we expand to Universe
[16:36] <teward> jrwren: i'd be lucky to be able to get that in as an SRU though, but it could be an SRU to prevent fail-to-install-due-to-port-80 binds and such
[16:36] <jrwren> exim, postfix, sendmail, likely all conflict with each other.  various identds various ntpds
[16:36] <teward> mhm
[16:37] <teward> what tools exist in a default plain install to test if ports are bound to?
[16:37] <teward> netstat?  (yes I know it's old)
[16:37] <jrwren> lsof maybe?
[16:40] <smoser> python ? perl ?
[16:40] <smoser> twethe issue though, is that:
[16:40] <smoser>  'apt-get install service'
[16:40] <smoser> on ubuntu should result in that service running
[16:40] <smoser> and if it doesnt, then that is arguably a bug.
[16:41] <smoser> ie, fixing your behavior to "do not fail install if i can't bind to port 80" is arguably creating a bug.
[16:41] <smoser> teward, ^
[16:42] <teward> smoser: agreed, and neither of my options are desirable
[16:42] <teward> smoser: ultimately, though, the bug report would have more details
[16:42] <smoser> right. and a useful ereror message to the user.
[16:42] <teward> so we can "Invalid" half the bugs and provide "Find the conflicting port binding program"
[16:42] <teward> as a workaround
[16:42] <jrwren> teward: /proc/*/net/tcp and translate the hex port :)
[16:42] <teward> PART of that is apport hooks
[16:43] <teward> unrelated: does the cloud team or otherwise provide openvz images or no?
[16:44] <teward> smoser: i assume pitti's the go-to for apport hooks?
[16:46] <teward> jrwren: LOL
[16:47] <jrwren> teward: hey, it works well. cat /proc/*/net/tcp | grep :0050
[16:48] <smoser> teward, yeah, i'd start there.
[16:48] <teward> smoser: if apport hooks won't work, then something in the postinst script to check if port 80 is bound anywhere, and exit with an actually meaningful error to stdout and such might be more useful than just 'passing' over the error
[16:48] <smoser> jrwren, http://www.smallo.ruhr.de/award.html
[16:49] <teward> and i'd rather NOT have to have an apache2 conflicts, because then people using both simultaneously get mad
[16:49] <smoser> just because :)
[16:49] <smoser> well, you may have thought of this, but one solution might be to give someone a package that does not (by design) start the service.
[16:50] <smoser> so:
[16:50] <smoser>  apt-get install nginx
[16:50] <smoser> starts the service or fails as espected
[16:50] <smoser>  apt-get install nginx-manual
[16:50] <smoser> does not
[16:50] <smoser> i
[16:50] <teward> smoser: we'd have to replicate 4 binaries then
[16:50] <smoser> yeah, i'm sure you've thought of a lot of this stuff.
[16:50] <teward> nginx-core-manual nginx-light-manual nginx-extras-manual nginx-full-manual
[16:50] <teward> and that makes a HUGE delta from Debian
[16:50] <teward> which we're actually trying to reduce xD
[16:51] <smoser> why are these not debian bugs ?
[16:51] <teward> smoser: because people use sane Debian images?
[16:51] <jrwren> smoser: yes, I know :)  thanks for calling me out on it
[16:51] <teward> smoser: i can't answer why they aren't but still
[16:51] <smoser> well, its still a bug that you get crap failure out of out of 'apt-get install'
[16:51] <teward> smoser: right, in either case
[16:52] <teward> and i could create a replica situation by installing APache in Debian and see if I can reproduce the problem
[16:52] <teward> (there, though, there's no apport hooks, so a bug report would contain 0 useful infromaiton compared to mildly useful info)
[16:52] <teward> i know the problem - `ubuntu-bug` is too user friendly.  loljk
[16:52] <ash_m> if my default ssh config doesn't have a AllowTcpForwarding line, should I still write one to set it to no?
[16:57] <teward> smoser: the other issue with a -manual package would be that it too needs a main promotion - which of course is a separate review
[16:57] <smoser> binary main promotions are not really a problem
[16:58] <smoser> ie, from same source.
[16:58] <teward> mmm
[17:24] <Kully3xf> how can I pass in text into a script
[17:25] <Kully3xf> like if the script asks "how many servers" when ran, how can I include that information in the command
[17:28] <brett__> Anyone using Trusty as a Samba PDC to set temporary password for new users which they must change at their first login?
[17:29] <lamont> no password stuff here, it's just a fileshare
[17:30] <tarpman> brett__: i'm running a samba classic PDC (not AD) with openldap as backend, not sure whether that's relevant for you
[17:32] <coreycb> jamespage, I must need an sbuild config change b/c currently it doesn't fail the build if a dep is in universe.
[17:32] <brett__> tarpman: I really appreciate the response! We're presently using tdbsam as a backend, but I'd love to know what mechanism you are using to force users to change their passwords. I'm an LDAP idiot and don't know if there are tools baked in for this or if you use PAM or something else...?
[17:33] <tarpman> brett__: I force a password change by setting "sambaPwdLastSet: 0" in the LDAP database. you could probably do a similar thing against tdbsam using pdbedit...
[17:35] <brett__> tarpman: Huh.We used to use "net sam set pwdmustchangenow <USER> yes" and I've seen references to  "sambaPwdLastSet" but wasn't sure it would work with Samba4. I'll give it a try! Thank you mucho!
[17:35] <lucidguy> bekks: thanks
[17:36] <tarpman> brett__: sambaPwdLastSet is specific to the samba3-openldap schema, I have no idea what the equivalent is in a samba4 world, sorry
[17:38] <brett__> tarpman: No problem, like I said I'm grateful for the hint anyway. In #samba I was directed to samba-tools but that appears to be very AS focused. Anyway, thanks again for the suggestion!
[17:51] <sarnold> Kully3xf: most scripts that accept input do so on standard input, so you cna do something like "echo 10 | ./script" and it'll supply the 10 to standard input
[17:51] <Kully3xf> cool thanks
[18:19] <coreycb> jamespage, testing is done and complete on precise icehouse proposed for 2014.1.5
[18:36] <ash_m> if my default ssh config doesn't have a AllowTcpForwarding line, should I still write one to set it to no?
[19:09] <Tzunamii> yes, the default is 'yes'
[19:36] <Seveas> ash_m: the default is on.
[19:36] <Seveas> so no need to set it
[19:37] <Seveas> ah, I misread 'no?' as 'on?'. Yes, you need to write an AllowTcpForwarding line to disable it :)
[19:37] <Tzunamii> >.<
[19:37] <Tzunamii> Already answered that
[19:38] <jamespage> coreycb, awesome-o
[19:41] <ash_m> Seveas: thanks :)
=== DenBeiren is now known as zz_DenBeiren
[20:02] <coreycb> jamespage, new proposal for ceilometer - https://code.launchpad.net/~corey.bryant/ubuntu/+source/ceilometer/+git/ceilometer/+ref/master
=== markthomas is now known as markthomas|away
[20:10] <ash_m> I'm not sure how this works. eth0, eth1... are interfaces right?
[20:11] <ash_m> is there a command to show which adpater each interface uses?
[20:16] <cryptodan_laptop> ash_m: yes "sudo ifconfig"
[20:17] <ash_m> cryptodan_laptop: I see... I can't ssh to my vbox for some reason :(
[20:17] <ash_m> cryptodan_laptop: (thanks)
[20:24] <cryptodan_laptop> ash_m: is your vbox using bridged or nat?
[20:24] <ash_m> NAT
[20:25] <teward> ash_m: you need to set up the NAT rules to allow 22 in over the NAT to the specific VM
[20:25] <cryptodan_laptop> ash_m: use bridge so it can get an IP from the router or dhcp pool
[20:25] <teward> cryptodan_laptop: alternatively they can change the NAT
[20:25] <teward> nat rules*
[20:26] <ash_m> teward: I set up a host only adapter and configured the network config file on the server
[20:26] <ash_m> teward: I can ping that adapter at least.
[20:27] <teward> ash_m: i meant at VBox
[20:27] <teward> not on the 'server'
[20:27] <cryptodan_laptop> Id recommend switching to bridged its much easier
[20:27] <ash_m> teward: yeah, I have a host-only adapter on vbox
[20:27] <teward> ash_m: is the host-only adapter on the host added to the server?
[20:27] <teward> and did you update the IPs there?
[20:27] <teward> and did you install openssh-server?
[20:28] <ash_m> teward: I've installed openssh-server and I've configured /etc/network/interfaces
[20:28] <jamespage> coreycb, problem with ceilometer
[20:28] <jamespage> "ceilometer.tests.publisher.test_kafka_broker_publisher" errors with an import error; but testr just ignores those
[20:29] <jamespage> the kafka patch might need some updating
[20:31] <coreycb> jamespage, hmm ok I'll look.  not sure why it worked for me.
[20:31] <jamespage> coreycb, it builds fine - just skips the unit tests
[20:32] <jamespage> Ran 0 tests in 2.546s
[20:32] <jamespage> \o/
[20:32] <coreycb> jamespage, oh shoot
[20:33] <coreycb> jamespage, technically that's 100% success
[20:36] <jamespage> ha
[20:46] <ash_m> teward: any ideas on what to troubleshoot :(
[20:46] <ash_m> ?*
=== markthomas|away is now known as markthomas
[22:29] <erkburgles> enough messing around, straightforward question possibly no answer-how in the hell do i free my photos from the maximum security osx prison and import them to ubuntu
[22:30] <erkburgles> particularly speaking of IPHOTO
=== erkburgles is now known as bbroadstone
[23:36] <axisys> to upgrade from 10.04.04 LTS do I just run do-release-upgrade ?
[23:37] <bekks> !eolupgrade | axisys
[23:37] <ubottu> axisys: End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
[23:38] <sarnold> axisys: yes, note this bug might bite you once you're up and running https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1472378
[23:39] <axisys> sarnold: I dont have any web server running
[23:41] <axisys> sarnold: thanks for the link tho
[23:43] <axisys> I guess I will need two upgrade to get the latest LTS?
[23:43] <axisys> this is ubuntu server
[23:44] <axisys> I guess reboot (before start, just in case); apt-get update; apt-get dist-upgrade; reboot; do-release-upgrade?
[23:47] <sarnold> axisys: yeah, you're two releases behind; your plan for updating to trusty makes sense to me
[23:47] <sarnold> axisys: the ca-certificates issue will actually affect ssl/tls connections that your server initiates; I don't think it'll matter to a web server...
[23:49] <axisys> sarnold: I am mostly using ssh ..
[23:50] <axisys> this is a jumpstation I am upgrading
[23:50] <sarnold> nice, then it's unlikely to matter much :)
[23:50] <sarnold> besides, the precise->trusty upgrade may fix it all up anyhow
[23:50] <axisys> will kick it in 10 mins
[23:51] <sarnold> do you have console access to the system? updates ought to work but it's always nice to make sure you've got a backup mechanism to log in
[23:51] <axisys> so reboot -> apt-get update ; apt-get dist-upgrade; reboot -> apt-get install update-manager-core; do-release-upgrade  ?
[23:52] <axisys> sarnold: ^
[23:52] <axisys> and update-manager I guess
[23:52] <sarnold> axisys: sounds good to me
[23:54] <axisys> do I need to upgrade the sources.list file too? that seems odd
[23:56] <sarnold> do-release-upgrade ought to handle that
[23:57] <axisys> cool.. kicking it in 3 mins