[07:21] <lordievader> Good morning.
[08:14] <rbasak> teward: I would "Won't Fix" bug 1194074, but up to you.
[08:52] <cluelessperson> hey all
[08:54] <RoyK> rbasak: a package overwriting user files doesn't seem like a sane Won't Fix to me :P
[08:55] <cluelessperson> So I'm trying to allow a user to access CIFS mounts.  This is my FSTAB  http://paste.ubuntu.com/11922616/   these are the mounts http://paste.ubuntu.com/11922620/
[08:56] <cluelessperson> the user zachary who is part of the "mediashare" group CAN read and acess the mounts, good
[08:56] <cluelessperson> however, the service/application subsonic, using "subsonic" user, ALSO part of the "mediashare" group, CANNOT access the mounts for some reason with permission denied.
[08:56] <rbasak> RoyK: packages *own* files in /usr/share. They are supposed to overwrite them on update. Users are not supposed to change package-shipped system files in /usr and expect them to not be overwritten on update.
[08:57] <rbasak> RoyK: nginx shouldn't default to using /usr/share/nginx/www/index.html IMHO, but that's a Won't Fix in Debian. So either we should decide to diverge in Ubuntu, or decide not to, but either way make a decision.
[09:12] <RoyK> rbasak: IC
[09:22] <cluelessperson> hello?
[10:42] <TheEagerPadawan> hi anyone around here that could explain metro-ethernet and MPLS to me?
[10:48] <cluelessperson> sarnold, yo
[10:51] <patdk-lap> metro-ethernet is just that, they just handoff ethernet uplink to you
[10:51] <patdk-lap> mpls is a vpn type service, normally used for faster switching to get from one location to another
[10:52] <TheEagerPadawan> could you explain a bit more patdk?
[10:52] <patdk-lap> but you don't want to pay for a private dark fiber
[10:52] <patdk-lap> you want me to explain what ethernet is? 802.3?
[10:53] <TheEagerPadawan> i do knowwhat etherent is, i just wondered if you could eloborate more on metro-ethernet and MPLS
[10:53] <patdk-lap> well, if you know what ethernet is
[10:53] <patdk-lap> you know what metro-ethernet is
[10:53] <patdk-lap> it just means they give you an ethernet cable to plug into
[10:53] <patdk-lap> not dsl, cable, t1, ...
[10:54] <TheEagerPadawan> well if whoulmed know that i wouldn't have ask, i presu
[10:55] <patdk-lap> I guess more accurately, mpls is more like a vlan on the telephone network
[10:55] <lordievader> The wikipedia page says metro-ethernet is ethernet for a MAN.
[10:56] <lordievader> Whereas ethernet is used for a WAN or LAN.
[10:58] <patdk-lap> yes?
[10:58] <patdk-lap> I don't see why people need to bring up wan/lan/man/... into it
[10:58] <patdk-lap> does it matter if your network is in your house/lan, or outside it/wan
[10:58] <patdk-lap> it's still ethernet
[10:59] <patdk-lap> metro-ethernet is just that, ethernet is provided as your upstream
[10:59] <patdk-lap> vs dsl, that is not ethernet
[10:59] <patdk-lap> and you need a device to convert and use it
[10:59] <TJ-> "Metro-Ethernet" is more a branding label; the CPE delivery is Ethernet but the underlying network technology can be almost anything, including Ethernet over MPLS over Ethernet
[10:59] <patdk-lap> and since it's not directly ethernet, you have no possibility to directly connect multible locations as a single l2 zone
[10:59] <patdk-lap> like pure ethernet would be able to do
[11:33] <rbasak> kickinz1|afk: any news yet on whether the docker 1.7 backport to trusty will need a golang toolchain backport?
[11:35] <kickinz1> rbasak, on the Dockerfile used to build docker it is till using go-1.4.2
[11:36] <rbasak> kickinz1: so does that mean that it looks like we'll be OK, or that we have a problem?
[11:37] <kickinz1> rbasak, but there is an upstream bug that can be problematic for now, so I post-poned it for now. This bug fixed I would say we should be OK.
[11:37] <rbasak> kickinz1: OK. What's the bug reference please?
[11:41] <kickinz1> rbasak, https://github.com/docker/docker/issues/14160, I encountered it on snappy, and apparently other people on trusty, I didn't had it on vivid. But seems not an easy one.
[11:41] <rbasak> Thanks
[12:40] <Fyr> can Ubuntu Server for ARM be installed on Banana Pi?
[12:42] <ogra_> Fyr, why not
[12:43] <Fyr> ok, where do I find the review?
[12:43] <ogra_> review ?
[12:43] <Fyr> google doesn't show anything about it.
[12:43] <Fyr> yes, I want to read the manual and see screenshots.
[12:44] <Fyr> the Internet is full of Fedora ARM and Bananian, but there is no entry for Ubuntu Server for ARM on Banana Pi.
[12:44] <ogra_> well, you install it like any arm board ... set up bootloader and kernel yourself, use debootstrap to bootstrap a rootfs and put it in place on SD/USB/whatever
[12:45] <Fyr> ogra_, where do I read the manual?
[12:45] <jrtappers> Is there a good way to see which runlevel starts apache?
[12:45] <ogra_> i think there are pre-made ubuntu snappy images for the bananapi as well
[12:45] <Fyr> for Fedora ARM I use just fedora-arm-installer and an SD card.
[12:45] <ogra_> jrtappers, debian based systems do nt use runlevels
[12:45] <ogra_> *not
[12:46] <ogra_> (well, they do, but all of them are identical)
[12:46] <jrtappers> ogra_, Is there a best way to guarantee running a command before a service starts each boot?
[12:47] <ogra_> jrtappers, depends on your version ... with upstart based releases you can just create an upstart job with somethin like: "start on starting apache" ... that will exec whatever you put in it before apache is started
[12:48] <ogra_> for systemd you need to likely do it differently
[12:48] <jrtappers> DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"
[12:48] <ogra_> thats upstart then ... take a look at the upstart cookbook
[12:48] <jrtappers> Ah,
[12:48] <jrtappers> Thanks
[12:57] <teward> looking for some suggested approaches to this: hips://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1194074  Debian believes that this is "Won't Fix", I'm not sure how to approach it, this has always been a problem, where users just expect things to 'work' and don't take the time to protect their data
[12:57] <teward> s/users/endusers and novice sysadmins/
[12:58] <rbasak> I think we need to either diverge in Ubuntu or decide not to diverge and mark it Won't Fix in Ubuntu. I can't think of any other solution that'll be effective.
[12:58] <teward> rbasak: nor can I.  I hate to say "Hey, Sysadmins, learn proper administration of your servers, for once" but I can't see a method to approach/fix that
[12:59] <rbasak> What Apache does seems to work much better IMHO
[12:59] <teward> rbasak: i was about to say, what does Apache do lol
[12:59] <rbasak> Are you asking?
[12:59] <teward> mhm
[12:59] <rbasak> It creates /var/www/html/index.html (formerly /var/www) and sets the default path to that
[13:00] <rbasak> Users change stuff in /var/www/html. Package upgrades leave it alone.
[13:00] <rbasak> This mirrors what for example MySQL does with /var/lib/mysql
[13:00] <teward> perhaps we should take a page from Apache and diverge, then
[13:00] <rbasak> The only difference being that the sysadmin arranges to change /var/www directly, rather than going via the app like changing /var/lib/mysql
[13:01] <rbasak> I think diverging would be reasonable here, but maintaining the delta could be a pain, as it involves upgrade path considerations for the future
[13:01] <teward> mmm
[13:01] <rbasak> (as well as a conffile change, so maybe even upgrade path from the past)
[13:01] <rbasak> So it's quite a bit to take on in a delta, so I think it's also reasonable to say that we can't take it on.
[13:02] <teward> mmm
[13:02] <rbasak> Separately, you could push in Debian, but that'd mean being involved in a long debate.
[13:04] <teward> rbasak: i think we're at the point where we may need to take it up to Debian, but we're going to get pushback again.  I can try and go over the last maintainer's head to comment on this, take it to nginx upstream and have them chastise Debian
[13:05] <teward> 'cause I know they won't like it if nginx upstream ends up saying "Listen, you're doing it wrong, fix it"
[13:15] <rbasak> teward: if it were me then I'd try and openly re-open the debate in Debian, but with more clarity and evidence.
[13:16] <rbasak> teward: but it's not me, so up to you :)
[13:16] <rbasak> teward: I still think just leaving it "Won't Fix", even if for the moment, is fine.
[13:16] <rbasak> teward: leaving the bug open does set an expectation of "patches accepted, may be fixed soon", which is false here I think.
[13:26] <teward> rbasak: i just tried this - i'll PM you the response I got
[13:33] <teward> rbasak: i'm making a decision on this - we're going to diverge this for Wily, or at least X
[13:36] <teward> rbasak: whos an Apache maintainer I can reach out to to ask them why they did it that way?  To get a Debian answer on this
[13:48] <teward> or not, we'll discuss this further
[15:48] <Guest80797> hello I have a multipath device , I am unable to issue  pvcreate command to mpath5 device
[15:50] <Guest80797> what is mpath5p1 in my /dev/mapper  ?
[15:51] <Guest80797> mpath5 is multipath device I know
[16:13] <jrwren> security.ubuntu.com at 2001:67c:1562::16 is unresponsive for me. Anyone else?
[16:19] <Sling> jrwren: Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B]
[16:19] <Sling> oh wait, lemme check if its going over ipv6
[16:20] <jrwren> Sling: http://security.ubuntu.com started working here.  I think it had to timeout and try again on a different address. 2001:67c:1562::16 is still iin the DNS and unresponsive, but I'm not blocked.
[16:20] <Sling> seems to work on port 80 at least for me
[16:21] <Sling> dunno if this is anycast dns, probably not
[16:36] <brotoes> Hello All!
[16:36] <brotoes> I was setting up vlan virtual NICs on an ESXi virtual host running ubuntu 14.04. when I try to get it an IP through DHCP, it never gets past DCHPDISCOVER. Note that the interface I’m cloning is physically connected directly to a modem, not a router. If I do the same procedure with an interface connected to a router, it works fine. Anyone know what the problem is, or how to fix it?
[17:12] <patdk-wk> brotoes, use a modem that works :)
[17:13] <brotoes> patdk-wk, is it a modem problem, then?
[17:13] <patdk-wk> modems lock to the first mac address they see
[17:13] <patdk-wk> and will NOT talk to any other mac address
[17:13] <patdk-wk> the first mac address it will see, is esxi
[17:13] <patdk-wk> then your vm
[17:14] <brotoes> Ah yes, that. I’ve gone through all these shenanigans some time ago. I’ve gotten a good number of virtual hosts working on the modem. this is one of five virtual hosts on the same modem, all of which work
[17:14] <patdk-wk> configure esxi/switch/... to not send lldp, stp, monintor packets, status reports, ....
[17:14] <patdk-wk> and it will work
[17:15] <patdk-wk> and how many mac addresses are you allowed?
[17:15] <patdk-wk> if you asked for 5, and esxi takes one
[17:15] <patdk-wk> that leaves 4 working vm's
[17:16] <brotoes> sorry, one of four on the modem, the virtual NIC being the fifth mac address. I’ve configured the mac addresses on the modem directly.
[17:16] <patdk-wk> I have never seen a modem that lets you assign mac addresses on it
[17:16] <brotoes> It’s a business modem
[17:17] <patdk-wk> so it's not a modem, but a router?
[17:18] <brotoes> it’s very much a modem. 3v.A2010tel Telus DSL Modem
[17:19] <brotoes> Sorry, I don’t set the mac addresses directly on the modem. the mac addresses are set through a settings portal Telus gives you. My guess is that the modem interfaces with a Telus backend to get the MACs is supposed to talk to.
[17:22] <patdk-wk> no idea, they are doing something strange
[17:23] <JaguarDown> If I just added a new sudo user on my server is a new set of keys required for SSH login?
[17:24] <brotoes> JaguarDown: no, but depending on the situation they may be prudent.
[17:24] <JaguarDown> Well when I try to do "ssh 192.168.0.110 -l <username>" it says permission denied public key
[17:25] <JaguarDown> the username is allowed in sshd_config
[17:26] <JaguarDown> I am sure there is a simple solution but I am just a newbie.
[17:26] <cloudman> ah you finally fixed the grub time out -1 30 is a bit much tho, 5 or 10 would have been fine
[17:26] <brotoes> whenever something like that happens, I find it’s always permissions
[17:26] <brotoes> JaguarDown: check to make sure the new user owns .ssh and its contents.
[17:27] <JaguarDown> thanks
[17:27] <JaguarDown> well...root owns it and the user is has sudo privileges
[17:28] <cloudman> 30 secs is a lot of time when booting 50 server individual, so I still need to edit grub
[17:28] <JaguarDown> just like my main user.
[17:28] <brotoes> chmod 750 .ssh and chmod 600 .ssh/*
[17:28] <brotoes> the world should not be able to write to your keys or read the private ones
[17:29] <cloudman> why still the grub time out when set to less than zero tho?
[17:29] <cloudman> warning
[17:30] <cloudman> because it aint, its now 30 and not -1
[17:30] <JaguarDown> it's set that way already
[17:31] <JaguarDown> is it because the new user doesn't have an .ssh directory?
[17:31] <brotoes> change the owner to the new user. if that’s a problem, see what /var/log/auth.log says
[17:31] <brotoes> if there’s no .ssh directory, where’s the authorized_keys file going?
[17:31] <brotoes> yep, you need one ;)
[17:32] <cloudman> any chance of less reboots Ubuntu?
[17:33] <JaguarDown> good point
[17:33] <cloudman> ;)
[17:33] <JaguarDown> so I assume I will just copy the .ssh directory from the other sudoer to this new one
[17:35] <brotoes> if you only want to be able to log IN from the same users as you can to the other one, just copy authorized_keys
[17:36] <brotoes> if you want the new user to be able to log in to all of the same stuff as your old sudoer can, then copy id_rsa. however, keep in mind that everyone who can use the new user will have complete access to everything the old user does because they’ve got your old private key.
[17:41] <JaguarDown> Well this more of a for fun experiment for expanding my knowledge and I have no concern for access because I will be using both accounts.
[17:42] <JaguarDown> so to reiterate, the new sudo user is a user on the server and I want to login to the server as this new sudo user
[17:42] <JaguarDown> so all it needs is the private key?
[17:42] <JaguarDown> er
[17:42] <JaguarDown> the public key I mean
[17:43] <brotoes> yes. the private key you log in with needs its corresponding public key to be in the authorized_keys file in the users home directory you’re logging in to
[17:44] <brotoes> and for future reference, I find 90% of ssh problems are due to bad permissions/file ownerships somewhere
[17:44] <brotoes> when diagnosing this yourself, /var/log/auth.log is your friend.
[17:46] <JaguarDown> ah
[17:46] <JaguarDown> thanks.
[17:56] <cloudman> guys lower the grub timepout to 5 or 10
[17:56] <cloudman> timeout
[17:56] <cloudman> 30 is over the op
[17:57] <cloudman> top
[18:02] <JaguarDown> my /var/log/auth.log just says failed public key and gives the fingerprint
[18:02] <JaguarDown> along with username, LAN ip, ports, etc
[18:17] <JaguarDown> brotoes: Thanks for the help sir I finally got it working and you were right it was file permission problems. I just had to use the -a option to preserve read/write/user permissions then I just chown to the new sudoer and it works perfectly.
[18:18] <JaguarDown> While copying the .ssh directory, that is.
[18:18] <brotoes> wonderful! glad I could help
[18:37] <gdi2k> I have a server that refuses to boot. After the boot agent, nothing appears, it just halts. No grub menu, nothing. I have tried reinstalling grub from a live CD (by chrooting in, then doing grub-install /dev/sda) but it doesn't change anything. what can I try next?
[19:05] <cloudman> no answers here as usual
[19:50] <Pupp3tm4st3r> hi there, is anyone here who can help me with building and configuring apache2 and php5?
[19:50] <teward> why do you say 'building'
[19:51] <teward> what do you need to 'build' those for
[19:51] <Pupp3tm4st3r> i have to make a server with several php versions
[19:51] <Pupp3tm4st3r> its for testing purposes
[19:51] <teward> they'll all conflict with each other
[19:51] <teward> so you can't sanely have 'multiple versions' available, AFAIK
[19:51] <teward> not without multiple testing platforms
[19:52] <Pupp3tm4st3r> mhm, how does phpbrew handle that?
[19:52] <Pupp3tm4st3r> I mean, it seems to do the same..
[19:52] <teward> it uses userspace
[19:52] <Pupp3tm4st3r> so it runs as normal user, right?
[19:53] <teward> that's also third party software.
[19:53] <Pupp3tm4st3r> yeah I know, just read about that..
[19:53] <teward> doing the same with a pure Ubuntu server builidng everything from source...
[19:53] <teward> that's a lot trickier
[19:53] <Pupp3tm4st3r> okay, let me go a bit deeper
[19:54] <Pupp3tm4st3r> building apache2 and php5 (one version) is just for me, learning a bit about compiling from sources and setting the right parameters
[19:54] <Pupp3tm4st3r> the server with the multiple versions will be a jenkins server
[19:54] <Pupp3tm4st3r> jenkins needs the php version for tests
[19:54] <teward> Pupp3tm4st3r: well, IDK how jenkins does that.
[19:55] <teward> but building form source is just "read the documentation as it explains it"
[19:55] <teward> for the most part
[19:55]  * teward disappears to a meeting
[19:55] <teward> (MAYBE someone knows better than I do on this...)
[19:55] <Pupp3tm4st3r> thanks teward
[19:56] <Pupp3tm4st3r> whats the real difference between fcgid and php-fpm?
[19:56] <Pupp3tm4st3r> so many questions :( all I read was not that much helpfull
[19:58] <tonyyarusso> This is probably a good use case for LXC and/or Docker, I think.
[19:58] <tonyyarusso> One or the other of those would let you have separate environments with different PHP versions.
[19:59] <teward> tonyyarusso: that doesnt fix Jenkins though?
[19:59] <sarnold> Pupp3tm4st3r: uncanny timing! I just found out about this http://3v4l.org/
[19:59] <tonyyarusso> teward: No idea how that works.
[20:00] <Pupp3tm4st3r> Our developers already use a Jenkins machine with 3 php versions in /opt/php/...
[20:00] <Pupp3tm4st3r> these were self compiled, but the one who built this machine has gone now
[20:00] <Pupp3tm4st3r> and I want to understand more...
[20:01] <Pupp3tm4st3r> so it generally works
[20:01] <Pupp3tm4st3r> think that jenkins only uses the path to binarys for testing purposes
[20:01] <Pupp3tm4st3r> *binaries
[22:08] <mailserver> can someone help me set up a mail server that sends emails from users on a local network
[22:10] <sarnold> mailserver: https://help.ubuntu.com/14.04/serverguide/email-services.html
[22:10] <teward> sarnold: Utopic Is Dead, now i can free up a few hundred gigs of disk space xD
[22:12] <sarnold> a few hundred gigs?? ouch :)
[22:13] <teward> yeah i have a few VMs sitting around
[22:13] <teward> not my fault
[22:14] <teward> AND I can close 3 Ubuntu Bug Tasks against NGINX now that the announce went out and it's been marked Obsolete!
[22:14] <teward> can't do that for utopic-backports but bleh
[22:14] <sarnold> heh
[22:20] <genii> Isn't Utopic EOL now anyways?
[22:21] <teward> genii: just died today, officially as of about what 20 minutes ago?
[22:21] <teward> https://lists.ubuntu.com/archives/ubuntu-announce/2015-July/000198.html
[22:21] <teward> that went out...
[22:21] <teward> wow about 30 minutes ago
[22:21] <teward> 20-30 minutes ago
[22:21] <genii> Ah, I need to check my email more often
[22:22] <teward> yup
[22:28] <OerHeks> :-)