/srv/irclogs.ubuntu.com/2015/10/06/#ubuntu-server.txt

=== markthomas is now known as markthomas|away
=== sesev_ is now known as sesev
RepThis1Hey guys, i was recommended to check here. Im trying to setup wake over internet and it works if the machine ran windows prior to shutdown, but i have a multiboot system and if windows was the last to be up before shutdown then the packet will not wake the machine up. Is it logical to assume the fault lies with a windows configuration setting or also with the uefi bios?04:21
xubuntu12wHi, can someone recommend software for full backup of server, everything thats on drives, and that it is easy to recover from backup with. GUI would be nice. Thanks04:43
=== mfisch is now known as Guest83454
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== denbeiren_ is now known as denbeiren
=== easty_ is now known as easty
placeedHi all ! I'm trying to install ubuntu 14.04 with boot on san. It look like multipath don't work during my installation, i see all path to my Lun. Someone can help me ?09:27
Sudheer hey guys.. i'm trying pxe install of ubuntu and i was using IIS webserver as a media server. the installation fails while loading pkgsel and tasksel . but when i use apache webserver the installation goes just fine.. any ideas on how to approach it in IIS web server..??09:47
=== Lcawte|Away is now known as Lcawte
=== IceyEC is now known as Icey
=== lukasa is now known as lukasa_away
=== lukasa_away is now known as lukasa
purefanHello! Is there really a point in doing fsck in an AWS EC2? I cant get it to fsck on reboot and wondering if I can just ignore the "/dev/xda1 will be checked for errors at next reboot" message? (fyi I've rebooted a few times today)12:11
=== lukasa is now known as lukasa_away
alontHi all, I'm trying to automate ubuntu deployment using preseed templates in Foreman, and I just can't get it set up for the life of me...13:05
alontWhere can I find a good preseed template for Ubuntu 14.04 and a custom LVM partition table?13:05
thebwtIs there any kind of system for obsolete kernel purging? Automatic updates will keep installing new ones, but the old ones seem to linger.13:14
=== lukasa_away is now known as lukasa
antixthebwt: http://bfy.tw/29Ao13:44
thebwtHmm, thank you antix very helpful.13:45
thebwtFor anyone googling through IRC logs in the future:13:46
thebwt1. How's mars?13:47
antixwet13:47
thebwt2. apt-get autoremove - should clean out teh packages not marked as installed13:47
thebwtand the system by default installs the two newest kernels13:47
thebwtnote: if you use a non-standard one in your grub conf, make sure to mark it as installed.13:48
=== lukasa is now known as lukasa_away
=== Guest83454 is now known as mfisch
=== mfisch is now known as Guest94490
=== lukasa_away is now known as lukasa
=== magicalC1icken is now known as magicalChicken
=== Lcawte is now known as Lcawte|Away
JAZ1976I have an Ubuntu 14.04 server that runs an old mainframe system that our employees connect to remotely using Telnet. If a remote user loses their connection while they are working in the system they can't get back in unless we change the users ip address that they are getting. This happens when there are power outages or work being done on the providers lines. We have a failover setup that pushes user traffic from15:24
JAZ1976our MPLS network provider to our cable provider. We think the difference in network hops is causing the issue but when I clear the arp table using sudo ip -s -s neigh flush all nothing happens. How can I prevent users not being able to get back in from the ip address that they already have? This also happens to ssh connections, so it's not just telnet.15:24
JAZ1976who15:26
* genii makes more coffee and washes out everyone's mugs15:26
JAZ1976Hello, is anyone here?15:29
TJ-JAZ1976: The 'server' is publicly accessible? Or are the clients are using VPN?15:31
geniiJAZ1976: The channel is normally fairly quiet, but if you hang in and wait, perhaps asking your question every 10-15 minutes, I'm sure someone will take an interest in your issue15:31
JAZ1976The clients are all connected on the same network, they don't have to vpn into it first. The client that they use is setup to connect directly to the server.15:35
TJ-JAZ1976: so where does the "change the users ip address" and "connect to remotely" come in? Changing IP address implies DHCP15:37
thebwtand can the systems traceroute to the mainframe?15:39
JAZ1976TJ: We set up computers with an ip address lease through DHCP. We've found that releasing the ip address and then giving there computer another ip address lets them reconnect after losing connection.15:40
TJ-JAZ1976: if they're on the same network how are they losing the connection. Your description is confusing, or incomplete15:42
JAZ1976thebwt: I don't know if they can or not. No one is having this problem today. This last happened over the weekend with the heavy rains and winds from a hurrican off the coast.15:42
TJ-JAZ1976: Also, do you mean the 14.04 server acts as a router/proxy/access controller for the mainframe?15:43
thebwtGotcha, i'm curious if the traffic is even hitting the server. tcpdump port 21 and see if things are still coming in from those IPs. This sounds really really weird, more like a dhcp config issue15:43
JAZ1976TJ: I'm not a network admin, I just I'm the guy who has the most Linux experience. I'll have to make sure that the MPLS network isn't a vpn setup.15:45
JAZ1976thebwt: I may have to wait for it to happen again, because the ip addresses will accept be able to connect after about a day.15:46
TJ-JAZ1976: If MPLS/cable is involved that indicates the clients are not on the same network, but are being routed from some remote physical location over intermediate networks15:46
RoyKJAZ1976: try mosh instead of ssh15:47
RoyKJAZ1976: mosh is very nice on lossy links15:47
RoyKJAZ1976: it uses ssh for initial setup and then uses UDP for data transport, reconnecting in the background if connection is lost, or if you move to a different network15:47
JAZ1976RoyK: We have to use telnet due to the mainframe software that we are running, but it may be an option.15:48
RoyKJAZ1976: then connect to the host with mosh and telnet to localhost from there15:49
TJ-JAZ1976: If there are two gateways into the server's network via MPLS and via cable modem (IP routed/NATed presumably) and the server's network is doing DHCP, that implies some form of VPN/PPP going on15:49
RoyKJAZ1976: just run "mosh user@yourubuntuthing telnet localhost"15:50
JAZ1976TJ: Each location has a windows domain controller that handles the ip addressing for the location. Outgoing traffic to the mainframe goes out through an AdTran switch to the MPLS provider, internet traffic goes out our cable modem. If there is a problem with the MPLS network we fail over all traffic to the cable modem.15:52
RoyKmainframe running ubuntu???15:53
PiciI have a MUMPS system running on top of RHEL here. :/15:54
RoyKmumps?15:54
Piciits terrible.15:55
JAZ1976RoyK: No, ubuntu is running our homegrown enterprise system, that the company calls a mainframe because it was run on a mainframe originally. The software was written 30+ years ago using BBX which is a derivitive of Business Basic.15:56
PiciRoyK: http://thedailywtf.com/articles/A_Case_of_the_MUMPS explains it pretty well.15:58
TJ-JAZ1976: what is still confusing me is the concept of the clients IP addresses being changed. If the clients are in a remote location, behind a Windows AD server which provides the gateway, then the only way I can see client IPs entering into a loss of connectivity issue would be if the clients are creating a VPN tunnel to the Ubuntu server, and the server is responsible for dynamically allocating the16:00
TJ-tunnel IP addresses.16:00
RoyKPici: https://en.wikipedia.org/wiki/MUMPS has a few code examples - looks like a nightmare...16:02
TJ-JAZ1976: In that scenario, if the tunnel is created over the MPLS link and that link fails, and the back-up cable modem link takes over, then the tunnel may need re-creating. We assume the IP endpoints of the MPLS and cable-modem links are different IP addresses.16:03
JAZ1976TJ: Yes they have different ip addresses.16:04
TJ-JAZ1976: To me that would infer that the tunnel would need re-establishing. Without clear detail about the underlying network its impossible to provide accurate advice16:07
JAZ1976TJ: As far as I know, we have the person do an ipconfig release and then a renew after changing the ip address in the primary dns server.16:07
JAZ1976TJ: Let me see if I can get a better picture of our network for you.16:09
=== Guest94490 is now known as mfisch
=== mfisch is now known as Guest62625
thebwtRE: my earlier question about purging old kernels (once again for anyone googl'n through IRC logs) - the package bikeshed has a purge-old-kernels command that also does this. bikeshed is a metapackage for random server utils. This is cleaner because it only gets rid of kernel stuff, instead of generic autoremove.16:22
=== markthomas|away is now known as markthomas
JAZ1976TJ: This is what my boss gave me after I showed him this thread.16:31
JAZ1976TJ: MPLS is not a VPN16:31
JAZ1976Client IP address does not change.16:31
JAZ1976All the routing is handling by the router, the client and server have no changes made when failing over to the backup16:31
JAZ1976all other Windows applications work normally on either MPLS or backup.16:31
JAZ1976When failing to back up the Telnet session to Ubuntu re-establishes, but when failing back to the MPLS, you can ping the Ubuntu server but cannot establish the telnet session. Changing IPs on the Client at this point to another IP in the scope allows the telnet session to reconnect.16:31
JAZ1976RoyK: I don't think we can use mosh. All our clients use windows 7 computers.16:33
RoyKJAZ1976: bummer - then I don't know unless you want to use cygwin - it's tiny and it works, but still16:38
RoyK!cygwin16:38
RoyKcygwin is a unix-on-windows thing - it's just a dll and optionally thosands of packages, mosh included16:38
fuzzywuzzzyHi17:18
fuzzywuzzzyI have setup Ubuntu server with Apache 2 and set a non root user and added them to www-data group and set the permissions to 775 on /var/www  Is this a secure setup? Or should it be 755?17:18
RoyKfuzzywuzzzy: apache 2.what?17:37
RoyKfuzzywuzzzy: apache normally does a user change after starting, so running it as non-root normally shouldn't be needed (and then you'll need to set some capabilities if you want it to listen to low ports like 80)17:38
fuzzywuzzzyRoyK, yes indeed17:38
fuzzywuzzzyNo I am not asking about running Apache under another user17:39
fuzzywuzzzyIt is a file permissions question on /var/www17:39
RoyKfuzzywuzzzy: there's a rather big diff between how certain things are handled in 2.2 or 2.417:39
fuzzywuzzzyI hear ya17:39
fuzzywuzzzyRoyK, That is not my question though17:39
thebwtfuzzywuzzzy: it only depends on what's in there17:40
fuzzywuzzzyWordpress17:40
RoyKfuzzywuzzzy: that really depends on how you set things up - www-data normally shouldn't be allowed to write to its own files17:40
RoyKfuzzywuzzzy: you may need that in wordpress if you really need automatic updates17:40
thebwtfuzzywuzzzy: wordpress NEEDS to be able to write itself. So that will get real scary real quick17:40
fuzzywuzzzyIt works with 755 as well17:41
RoyKthebwt: it doesn't, except for a few dirs17:41
thebwtI suggest you just turn off php for everything in wp-content/uploads17:41
RoyKthebwt: it only needs write access to the php parts if you want automatic updates17:41
thebwtor the ability to install plugins/themes automatically17:41
thebwtand then it depends on the plugins17:42
RoyKthebwt: if you install plugins or themes manually, you're far safer17:42
thebwtagreed, but most people don't do that :(17:42
thebwtor have the expertise to do it well17:42
=== Lcawte|Away is now known as Lcawte
RoyKthebwt: if you allow wordpress to write to everything there, you'll also allow all sort of fancy plugins/themes to do the same, which is rather scary17:43
thebwtI think we're in agreeance17:43
RoyKmhm17:43
fuzzywuzzzyOk I disabled root login and created another user which I use to sftp into the server.  I added this user to www-data group and did a 77517:44
thebwtHis initial question was " Is this a secure setup?", I'd say 775 755, doesn't matter, as long as apache has write access, it's potentially a security hole.17:44
fuzzywuzzzyWhat if I just use certificate based auth and just use root and go back to 755?17:44
thebwtfuzzywuzzzy: that part isn't the problem17:45
RoyKthebwt: well, as long as it's 755 and the files/dirs aren't owned by www-data, apache doesn't have write access17:45
thebwtfail2ban and leave passwords on, and you're pretty dang secure17:45
thebwttrue enough17:45
thebwtso what are the ownership settings in the wordpress install?17:45
fuzzywuzzzyShouldn't I disallow root access via SSH?17:46
RoyKusually the user unpacking it17:46
fuzzywuzzzywww-data:www-data17:46
RoyKfuzzywuzzzy: at least disallow root with password17:46
thebwtfuzzywuzzzy: do you know how to write your own wp-config.php?17:46
fuzzywuzzzythebwt, ? You mean edit it?17:47
thebwtyea, so here's the deal. Wordpress needs to do it's inital setup to make a wp-config file. Run through that, get the basic site running, then remove www-data's ownership of the files.17:48
fuzzywuzzzyWhat I was really trying to solve is to disable root ssh logins and create another user who can upload via sftp.  It didn't work with 75517:48
fuzzywuzzzyon /var/www17:49
thebwtohh17:49
thebwtwell17:49
thebwtthat will solve that, the permissions for that other user aren't any bigger a deal than wordpress having write access to itself17:49
thebwtso if you're okay with that, continue!17:49
fuzzywuzzzyOK thanks17:53
tashwhen Ubuntu releases a USN, is there a command you can run on your server to find out what time the package became available?17:58
tashtrying to do some programmatic updates stuff and really would like to know this information.17:58
sarnoldtash: not easily; the USNs are sent after we've verified that the packages are mirrored to the archive18:01
sarnoldtash: your local mirrors of course may not sync up from the main archives all that often; some mirrors sync three or four times a day, others only daily18:02
sarnoldtash: but if you add security.ubuntu.com sources to apt, you'll get those from canonical directly without waiting on local mirror syncs18:02
tashok18:03
tashthanks18:03
larquestion about openstack packing. im trying to recreate the packages on the Cloud Archive. I have the bzr repo checked out to the tag that matches the version number, however when I build the package the version string is 2015.1.1-0ubuntu1 but I expected it to the 2015.1.1-0ubuntu1~cloud219:01
lar*packaging19:01
larI think I have the right version of the code, but any idea how to get the cloud2 to appear at the end of the version string?19:02
sarnoldlar: edit the debian/changelog file and set the version number as needed?19:03
=== lukasa is now known as lukasa_away
thebwtlar: are you looking at the source tarball in the downstream package? Make sure there isn't another debian folder somwhere that has the cloud archive changelog19:04
larsarnold: thebwt: im looking at the debian folder from the ServerTeam bzr repo (   bzr branch lp:~ubuntu-server-dev/nova/kilo nova-kilo19:07
larit just seems odd that the packaging branch wouldn't contain the cloud2 string in the changelog but the packages that have been pushed to the public apt servers do have that19:08
=== lukasa_away is now known as lukasa
=== rmc3_ is now known as rmc3
thebwtAnyone have a good article for packaging python apps for debian? I seem to remember some 'ubuntu developer days' IRC sessions from a while ago that someone ran.19:38
HammerheadAnyone really good with multipath?20:03
HammerheadInstalled multipath-tools-boot and now booting fails to initramfs20:04
Hammerheadrescue disk show all paths are there20:05
Hammerheadfstab and grub UUID are the same20:05
Hammerheadjust kinda confused why it won't boot.20:05
sarnoldHammerhead: i've never done it myself, but "fails to initramfs" sounds sort of like the initramfs needs to be updated; try update-initramfs -u -k all20:06
sarnoldHammerhead: are the modules you need in the initramfs? those are specified somewhere other than /etc/modules...20:06
HammerheadIn 14.04 that is done for you on install of multipath-tools20:06
sarnoldHammerhead: .. the initramfs location for modules is /etc/initramfs-tools/modules20:07
HammerheadI have read http://serverguide.papamike.ca:8081/multipath.html20:07
Hammerheadnot sure20:07
HammerheadI can boot using the rescue disk and see all 4 paths for the boot and / drives20:08
Hammerheadand the thing is it was working prior to installing that set of tools20:08
sarnoldHammerhead: was it just booting one specific path before?20:10
Hammerheadmust have been. All previous grub points are the same though. And those are prior to changing the init.20:11
sarnoldHammerhead: where does it fail? do youget to the point of getting errors?20:16
Hammerheadyes, it looks like it is able to find /boot /dev/sdd6 but can't find / and whats weird is after the initramfs show a prompt I get to errors about rport being removed20:17
Hammerheadill post a picture20:17
Hammerheadhttp://pasteboard.co/1bi0wFbo.jpg20:22
Hammerheadshouldn't those UUID's be the same?20:22
Hammerhead<sarnold>20:22
sarnoldHammerhead: sorry, no idea :(20:25
=== stephank_ is now known as stephank
=== lar is now known as tsally
=== arlen_ is now known as arlen
=== Lcawte is now known as Lcawte|Away
m1dnight_Hello guys, I want to install openjdk-8 on ubuntu server 14.04.3 but its not in my apt-get.23:41
m1dnight_Is this normal? According to the interwebs it hsould be?23:41
m1dnight_There are also mentions of a few ppa's and im not sure which one I should pick/trust23:42
sarnoldubuntu only has openjdk-8 packaged for 15.04 and the upcoming 15.10: https://launchpad.net/ubuntu/+source/openjdk-823:42
sarnoldthere may be a package in the ubuntu backports project, but I don't know how to see what they have available23:43
m1dnight_I guess it would be okay to install it from backports then?23:43
m1dnight_oh, will check :)23:43
sarnoldif it is there, it would be easy, yes23:43
sarnoldit'd be something like add the backports lines to your apt sources, apt-get update, apt-get install openjdk-8/trusty-backports23:44
sarnoldhttps://help.ubuntu.com/community/UbuntuBackports23:44
sarnoldhmm, I think I would have expected to find it at http://archive.ubuntu.com/ubuntu/dists/trusty-backports/main/binary-amd64/Packages.gz but I just don't see it..23:46
m1dnight_I will try one of the ppa's that are mentioned around the interwebs then :)23:49
m1dnight_Maybe I should upgrade to 15 one of these days..23:49
sarnoldm1dnight_: before you go..23:50
tarpmanm1dnight_: https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa looks at least halfway reputable23:50
sarnoldm1dnight_: take a look here, https://bugs.launchpad.net/trusty-backports/+bug/136809423:50
ubottuLaunchpad bug 1368094 in trusty-backports "Please backport openjdk-8 8u40~b04-2 (universe) from utopic" [Undecided,In progress]23:50
sarnoldtarpman: heh indeed it does :)23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!