=== markthomas is now known as markthomas|away
=== sesev_ is now known as sesev
[04:21] <RepThis1> Hey guys, i was recommended to check here. Im trying to setup wake over internet and it works if the machine ran windows prior to shutdown, but i have a multiboot system and if windows was the last to be up before shutdown then the packet will not wake the machine up. Is it logical to assume the fault lies with a windows configuration setting or also with the uefi bios?
[04:43] <xubuntu12w> Hi, can someone recommend software for full backup of server, everything thats on drives, and that it is easy to recover from backup with. GUI would be nice. Thanks
=== mfisch is now known as Guest83454
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== denbeiren_ is now known as denbeiren
=== easty_ is now known as easty
[09:27] <placeed> Hi all ! I'm trying to install ubuntu 14.04 with boot on san. It look like multipath don't work during my installation, i see all path to my Lun. Someone can help me ?
[09:47] <Sudheer>  hey guys.. i'm trying pxe install of ubuntu and i was using IIS webserver as a media server. the installation fails while loading pkgsel and tasksel . but when i use apache webserver the installation goes just fine.. any ideas on how to approach it in IIS web server..??
=== Lcawte|Away is now known as Lcawte
=== IceyEC is now known as Icey
=== lukasa is now known as lukasa_away
=== lukasa_away is now known as lukasa
[12:11] <purefan> Hello! Is there really a point in doing fsck in an AWS EC2? I cant get it to fsck on reboot and wondering if I can just ignore the "/dev/xda1 will be checked for errors at next reboot" message? (fyi I've rebooted a few times today)
=== lukasa is now known as lukasa_away
[13:05] <alont> Hi all, I'm trying to automate ubuntu deployment using preseed templates in Foreman, and I just can't get it set up for the life of me...
[13:05] <alont> Where can I find a good preseed template for Ubuntu 14.04 and a custom LVM partition table?
[13:14] <thebwt> Is there any kind of system for obsolete kernel purging? Automatic updates will keep installing new ones, but the old ones seem to linger.
=== lukasa_away is now known as lukasa
[13:44] <antix> thebwt: http://bfy.tw/29Ao
[13:45] <thebwt> Hmm, thank you antix very helpful.
[13:46] <thebwt> For anyone googling through IRC logs in the future:
[13:47] <thebwt> 1. How's mars?
[13:47] <antix> wet
[13:47] <thebwt> 2. apt-get autoremove - should clean out teh packages not marked as installed
[13:47] <thebwt> and the system by default installs the two newest kernels
[13:48] <thebwt> note: if you use a non-standard one in your grub conf, make sure to mark it as installed.
=== lukasa is now known as lukasa_away
=== Guest83454 is now known as mfisch
=== mfisch is now known as Guest94490
=== lukasa_away is now known as lukasa
=== magicalC1icken is now known as magicalChicken
=== Lcawte is now known as Lcawte|Away
[15:24] <JAZ1976> I have an Ubuntu 14.04 server that runs an old mainframe system that our employees connect to remotely using Telnet. If a remote user loses their connection while they are working in the system they can't get back in unless we change the users ip address that they are getting. This happens when there are power outages or work being done on the providers lines. We have a failover setup that pushes user traffic from
[15:24] <JAZ1976> our MPLS network provider to our cable provider. We think the difference in network hops is causing the issue but when I clear the arp table using sudo ip -s -s neigh flush all nothing happens. How can I prevent users not being able to get back in from the ip address that they already have? This also happens to ssh connections, so it's not just telnet.
[15:26] <JAZ1976> who
[15:26]  * genii makes more coffee and washes out everyone's mugs
[15:29] <JAZ1976> Hello, is anyone here?
[15:31] <TJ-> JAZ1976: The 'server' is publicly accessible? Or are the clients are using VPN?
[15:31] <genii> JAZ1976: The channel is normally fairly quiet, but if you hang in and wait, perhaps asking your question every 10-15 minutes, I'm sure someone will take an interest in your issue
[15:35] <JAZ1976> The clients are all connected on the same network, they don't have to vpn into it first. The client that they use is setup to connect directly to the server.
[15:37] <TJ-> JAZ1976: so where does the "change the users ip address" and "connect to remotely" come in? Changing IP address implies DHCP
[15:39] <thebwt> and can the systems traceroute to the mainframe?
[15:40] <JAZ1976> TJ: We set up computers with an ip address lease through DHCP. We've found that releasing the ip address and then giving there computer another ip address lets them reconnect after losing connection.
[15:42] <TJ-> JAZ1976: if they're on the same network how are they losing the connection. Your description is confusing, or incomplete
[15:42] <JAZ1976> thebwt: I don't know if they can or not. No one is having this problem today. This last happened over the weekend with the heavy rains and winds from a hurrican off the coast.
[15:43] <TJ-> JAZ1976: Also, do you mean the 14.04 server acts as a router/proxy/access controller for the mainframe?
[15:43] <thebwt> Gotcha, i'm curious if the traffic is even hitting the server. tcpdump port 21 and see if things are still coming in from those IPs. This sounds really really weird, more like a dhcp config issue
[15:45] <JAZ1976> TJ: I'm not a network admin, I just I'm the guy who has the most Linux experience. I'll have to make sure that the MPLS network isn't a vpn setup.
[15:46] <JAZ1976> thebwt: I may have to wait for it to happen again, because the ip addresses will accept be able to connect after about a day.
[15:46] <TJ-> JAZ1976: If MPLS/cable is involved that indicates the clients are not on the same network, but are being routed from some remote physical location over intermediate networks
[15:47] <RoyK> JAZ1976: try mosh instead of ssh
[15:47] <RoyK> JAZ1976: mosh is very nice on lossy links
[15:47] <RoyK> JAZ1976: it uses ssh for initial setup and then uses UDP for data transport, reconnecting in the background if connection is lost, or if you move to a different network
[15:48] <JAZ1976> RoyK: We have to use telnet due to the mainframe software that we are running, but it may be an option.
[15:49] <RoyK> JAZ1976: then connect to the host with mosh and telnet to localhost from there
[15:49] <TJ-> JAZ1976: If there are two gateways into the server's network via MPLS and via cable modem (IP routed/NATed presumably) and the server's network is doing DHCP, that implies some form of VPN/PPP going on
[15:50] <RoyK> JAZ1976: just run "mosh user@yourubuntuthing telnet localhost"
[15:52] <JAZ1976> TJ: Each location has a windows domain controller that handles the ip addressing for the location. Outgoing traffic to the mainframe goes out through an AdTran switch to the MPLS provider, internet traffic goes out our cable modem. If there is a problem with the MPLS network we fail over all traffic to the cable modem.
[15:53] <RoyK> mainframe running ubuntu???
[15:54] <Pici> I have a MUMPS system running on top of RHEL here. :/
[15:54] <RoyK> mumps?
[15:55] <Pici> its terrible.
[15:56] <JAZ1976> RoyK: No, ubuntu is running our homegrown enterprise system, that the company calls a mainframe because it was run on a mainframe originally. The software was written 30+ years ago using BBX which is a derivitive of Business Basic.
[15:58] <Pici> RoyK: http://thedailywtf.com/articles/A_Case_of_the_MUMPS explains it pretty well.
[16:00] <TJ-> JAZ1976: what is still confusing me is the concept of the clients IP addresses being changed. If the clients are in a remote location, behind a Windows AD server which provides the gateway, then the only way I can see client IPs entering into a loss of connectivity issue would be if the clients are creating a VPN tunnel to the Ubuntu server, and the server is responsible for dynamically allocating the
[16:00] <TJ-> tunnel IP addresses.
[16:02] <RoyK> Pici: https://en.wikipedia.org/wiki/MUMPS has a few code examples - looks like a nightmare...
[16:03] <TJ-> JAZ1976: In that scenario, if the tunnel is created over the MPLS link and that link fails, and the back-up cable modem link takes over, then the tunnel may need re-creating. We assume the IP endpoints of the MPLS and cable-modem links are different IP addresses.
[16:04] <JAZ1976> TJ: Yes they have different ip addresses.
[16:07] <TJ-> JAZ1976: To me that would infer that the tunnel would need re-establishing. Without clear detail about the underlying network its impossible to provide accurate advice
[16:07] <JAZ1976> TJ: As far as I know, we have the person do an ipconfig release and then a renew after changing the ip address in the primary dns server.
[16:09] <JAZ1976> TJ: Let me see if I can get a better picture of our network for you.
=== Guest94490 is now known as mfisch
=== mfisch is now known as Guest62625
[16:22] <thebwt> RE: my earlier question about purging old kernels (once again for anyone googl'n through IRC logs) - the package bikeshed has a purge-old-kernels command that also does this. bikeshed is a metapackage for random server utils. This is cleaner because it only gets rid of kernel stuff, instead of generic autoremove.
=== markthomas|away is now known as markthomas
[16:31] <JAZ1976> TJ: This is what my boss gave me after I showed him this thread.
[16:31] <JAZ1976> TJ: MPLS is not a VPN
[16:31] <JAZ1976> Client IP address does not change.
[16:31] <JAZ1976> All the routing is handling by the router, the client and server have no changes made when failing over to the backup
[16:31] <JAZ1976> all other Windows applications work normally on either MPLS or backup.
[16:31] <JAZ1976> When failing to back up the Telnet session to Ubuntu re-establishes, but when failing back to the MPLS, you can ping the Ubuntu server but cannot establish the telnet session. Changing IPs on the Client at this point to another IP in the scope allows the telnet session to reconnect.
[16:33] <JAZ1976> RoyK: I don't think we can use mosh. All our clients use windows 7 computers.
[16:38] <RoyK> JAZ1976: bummer - then I don't know unless you want to use cygwin - it's tiny and it works, but still
[16:38] <RoyK> !cygwin
[16:38] <RoyK> cygwin is a unix-on-windows thing - it's just a dll and optionally thosands of packages, mosh included
[17:18] <fuzzywuzzzy> Hi
[17:18] <fuzzywuzzzy> I have setup Ubuntu server with Apache 2 and set a non root user and added them to www-data group and set the permissions to 775 on /var/www  Is this a secure setup? Or should it be 755?
[17:37] <RoyK> fuzzywuzzzy: apache 2.what?
[17:38] <RoyK> fuzzywuzzzy: apache normally does a user change after starting, so running it as non-root normally shouldn't be needed (and then you'll need to set some capabilities if you want it to listen to low ports like 80)
[17:38] <fuzzywuzzzy> RoyK, yes indeed
[17:39] <fuzzywuzzzy> No I am not asking about running Apache under another user
[17:39] <fuzzywuzzzy> It is a file permissions question on /var/www
[17:39] <RoyK> fuzzywuzzzy: there's a rather big diff between how certain things are handled in 2.2 or 2.4
[17:39] <fuzzywuzzzy> I hear ya
[17:39] <fuzzywuzzzy> RoyK, That is not my question though
[17:40] <thebwt> fuzzywuzzzy: it only depends on what's in there
[17:40] <fuzzywuzzzy> Wordpress
[17:40] <RoyK> fuzzywuzzzy: that really depends on how you set things up - www-data normally shouldn't be allowed to write to its own files
[17:40] <RoyK> fuzzywuzzzy: you may need that in wordpress if you really need automatic updates
[17:40] <thebwt> fuzzywuzzzy: wordpress NEEDS to be able to write itself. So that will get real scary real quick
[17:41] <fuzzywuzzzy> It works with 755 as well
[17:41] <RoyK> thebwt: it doesn't, except for a few dirs
[17:41] <thebwt> I suggest you just turn off php for everything in wp-content/uploads
[17:41] <RoyK> thebwt: it only needs write access to the php parts if you want automatic updates
[17:41] <thebwt> or the ability to install plugins/themes automatically
[17:42] <thebwt> and then it depends on the plugins
[17:42] <RoyK> thebwt: if you install plugins or themes manually, you're far safer
[17:42] <thebwt> agreed, but most people don't do that :(
[17:42] <thebwt> or have the expertise to do it well
=== Lcawte|Away is now known as Lcawte
[17:43] <RoyK> thebwt: if you allow wordpress to write to everything there, you'll also allow all sort of fancy plugins/themes to do the same, which is rather scary
[17:43] <thebwt> I think we're in agreeance
[17:43] <RoyK> mhm
[17:44] <fuzzywuzzzy> Ok I disabled root login and created another user which I use to sftp into the server.  I added this user to www-data group and did a 775
[17:44] <thebwt> His initial question was " Is this a secure setup?", I'd say 775 755, doesn't matter, as long as apache has write access, it's potentially a security hole.
[17:44] <fuzzywuzzzy> What if I just use certificate based auth and just use root and go back to 755?
[17:45] <thebwt> fuzzywuzzzy: that part isn't the problem
[17:45] <RoyK> thebwt: well, as long as it's 755 and the files/dirs aren't owned by www-data, apache doesn't have write access
[17:45] <thebwt> fail2ban and leave passwords on, and you're pretty dang secure
[17:45] <thebwt> true enough
[17:45] <thebwt> so what are the ownership settings in the wordpress install?
[17:46] <fuzzywuzzzy> Shouldn't I disallow root access via SSH?
[17:46] <RoyK> usually the user unpacking it
[17:46] <fuzzywuzzzy> www-data:www-data
[17:46] <RoyK> fuzzywuzzzy: at least disallow root with password
[17:46] <thebwt> fuzzywuzzzy: do you know how to write your own wp-config.php?
[17:47] <fuzzywuzzzy> thebwt, ? You mean edit it?
[17:48] <thebwt> yea, so here's the deal. Wordpress needs to do it's inital setup to make a wp-config file. Run through that, get the basic site running, then remove www-data's ownership of the files.
[17:48] <fuzzywuzzzy> What I was really trying to solve is to disable root ssh logins and create another user who can upload via sftp.  It didn't work with 755
[17:49] <fuzzywuzzzy> on /var/www
[17:49] <thebwt> ohh
[17:49] <thebwt> well
[17:49] <thebwt> that will solve that, the permissions for that other user aren't any bigger a deal than wordpress having write access to itself
[17:49] <thebwt> so if you're okay with that, continue!
[17:53] <fuzzywuzzzy> OK thanks
[17:58] <tash> when Ubuntu releases a USN, is there a command you can run on your server to find out what time the package became available?
[17:58] <tash> trying to do some programmatic updates stuff and really would like to know this information.
[18:01] <sarnold> tash: not easily; the USNs are sent after we've verified that the packages are mirrored to the archive
[18:02] <sarnold> tash: your local mirrors of course may not sync up from the main archives all that often; some mirrors sync three or four times a day, others only daily
[18:02] <sarnold> tash: but if you add security.ubuntu.com sources to apt, you'll get those from canonical directly without waiting on local mirror syncs
[18:03] <tash> ok
[18:03] <tash> thanks
[19:01] <lar> question about openstack packing. im trying to recreate the packages on the Cloud Archive. I have the bzr repo checked out to the tag that matches the version number, however when I build the package the version string is 2015.1.1-0ubuntu1 but I expected it to the 2015.1.1-0ubuntu1~cloud2
[19:01] <lar> *packaging
[19:02] <lar> I think I have the right version of the code, but any idea how to get the cloud2 to appear at the end of the version string?
[19:03] <sarnold> lar: edit the debian/changelog file and set the version number as needed?
=== lukasa is now known as lukasa_away
[19:04] <thebwt> lar: are you looking at the source tarball in the downstream package? Make sure there isn't another debian folder somwhere that has the cloud archive changelog
[19:07] <lar> sarnold: thebwt: im looking at the debian folder from the ServerTeam bzr repo (   bzr branch lp:~ubuntu-server-dev/nova/kilo nova-kilo
[19:08] <lar> it just seems odd that the packaging branch wouldn't contain the cloud2 string in the changelog but the packages that have been pushed to the public apt servers do have that
=== lukasa_away is now known as lukasa
=== rmc3_ is now known as rmc3
[19:38] <thebwt> Anyone have a good article for packaging python apps for debian? I seem to remember some 'ubuntu developer days' IRC sessions from a while ago that someone ran.
[20:03] <Hammerhead> Anyone really good with multipath?
[20:04] <Hammerhead> Installed multipath-tools-boot and now booting fails to initramfs
[20:05] <Hammerhead> rescue disk show all paths are there
[20:05] <Hammerhead> fstab and grub UUID are the same
[20:05] <Hammerhead> just kinda confused why it won't boot.
[20:06] <sarnold> Hammerhead: i've never done it myself, but "fails to initramfs" sounds sort of like the initramfs needs to be updated; try update-initramfs -u -k all
[20:06] <sarnold> Hammerhead: are the modules you need in the initramfs? those are specified somewhere other than /etc/modules...
[20:06] <Hammerhead> In 14.04 that is done for you on install of multipath-tools
[20:07] <sarnold> Hammerhead: .. the initramfs location for modules is /etc/initramfs-tools/modules
[20:07] <Hammerhead> I have read http://serverguide.papamike.ca:8081/multipath.html
[20:07] <Hammerhead> not sure
[20:08] <Hammerhead> I can boot using the rescue disk and see all 4 paths for the boot and / drives
[20:08] <Hammerhead> and the thing is it was working prior to installing that set of tools
[20:10] <sarnold> Hammerhead: was it just booting one specific path before?
[20:11] <Hammerhead> must have been. All previous grub points are the same though. And those are prior to changing the init.
[20:16] <sarnold> Hammerhead: where does it fail? do youget to the point of getting errors?
[20:17] <Hammerhead> yes, it looks like it is able to find /boot /dev/sdd6 but can't find / and whats weird is after the initramfs show a prompt I get to errors about rport being removed
[20:17] <Hammerhead> ill post a picture
[20:22] <Hammerhead> http://pasteboard.co/1bi0wFbo.jpg
[20:22] <Hammerhead> shouldn't those UUID's be the same?
[20:22] <Hammerhead> <sarnold>
[20:25] <sarnold> Hammerhead: sorry, no idea :(
=== stephank_ is now known as stephank
=== lar is now known as tsally
=== arlen_ is now known as arlen
=== Lcawte is now known as Lcawte|Away
[23:41] <m1dnight_> Hello guys, I want to install openjdk-8 on ubuntu server 14.04.3 but its not in my apt-get.
[23:41] <m1dnight_> Is this normal? According to the interwebs it hsould be?
[23:42] <m1dnight_> There are also mentions of a few ppa's and im not sure which one I should pick/trust
[23:42] <sarnold> ubuntu only has openjdk-8 packaged for 15.04 and the upcoming 15.10: https://launchpad.net/ubuntu/+source/openjdk-8
[23:43] <sarnold> there may be a package in the ubuntu backports project, but I don't know how to see what they have available
[23:43] <m1dnight_> I guess it would be okay to install it from backports then?
[23:43] <m1dnight_> oh, will check :)
[23:43] <sarnold> if it is there, it would be easy, yes
[23:44] <sarnold> it'd be something like add the backports lines to your apt sources, apt-get update, apt-get install openjdk-8/trusty-backports
[23:44] <sarnold> https://help.ubuntu.com/community/UbuntuBackports
[23:46] <sarnold> hmm, I think I would have expected to find it at http://archive.ubuntu.com/ubuntu/dists/trusty-backports/main/binary-amd64/Packages.gz but I just don't see it..
[23:49] <m1dnight_> I will try one of the ppa's that are mentioned around the interwebs then :)
[23:49] <m1dnight_> Maybe I should upgrade to 15 one of these days..
[23:50] <sarnold> m1dnight_: before you go..
[23:50] <tarpman> m1dnight_: https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa looks at least halfway reputable
[23:50] <sarnold> m1dnight_: take a look here, https://bugs.launchpad.net/trusty-backports/+bug/1368094
[23:50] <ubottu> Launchpad bug 1368094 in trusty-backports "Please backport openjdk-8 8u40~b04-2 (universe) from utopic" [Undecided,In progress]
[23:50] <sarnold> tarpman: heh indeed it does :)