=== InfoTest1 is now known as InfoTest
=== InfoTest1 is now known as InfoTest
=== Lcawte is now known as Lcawte|Away
not_roastedhello friends02:58
not_roastedI'm repurposing an old laptop to use as a server. When I close the lid, it does nothing, which sounds great (no suspend) but the screen stays lit. How can I control the timeout so the screen goes entirely black?02:59
TJ-not_roasted: sounds like the backlight is staying on. DPMS is usually the way to control that, but it may require working with the platform ACPI driver too03:15
jak2000TJ- ! thanks03:15
TJ-I know there used to be a CLI command to directly control DPMS but can't find it now03:17
jak2000some problems but solved... 1) i am ejecuted crontab with sudo... :)03:17
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
lordievaderGood morning.09:28
=== Lcawte|Away is now known as Lcawte
=== chmurifree is now known as chmuri
gulzarwhat is a good partiton schema for ubuntu14.04 server edition on a 1TB HDD?12:31
Seveasgulzar: tiny boot and the rest an lvm pv. Create a small-ish volume (50GB) for the root filesystem and separate volumes for each application you put on it and its data12:32
lordievader^ that12:32
Seveasmost importantly, don't allocate all diskspace right away. It's easy to grow an LV, and rather difficult to shrink one.12:32
gulzarSeveas: it will have only one app for testing , whcih willl be reinstalled every week12:33
Seveasgulzar: all the more reason to go for this. Deleting the app is as simple as dropping and recreating the LV :)12:33
Seveasyou can even minimize downtime by doing the reinstall in a different lv and swapping it in place :)12:33
ikoniawin 412:34
gulzarSeveas: the only fear I have is, the users here are pure MS people and they all use root account , and many times someone do execute 'rm /' and chmod which destroy the system12:34
Seveasdon't give them root access them12:34
Seveasjust enough sudo access to do their job.12:34
ikoniacreate non-privileged user accounts, or auth against AD12:34
gulzarSeveas: can't help , the idiots made the app to work on root account. I will change this but will need few months12:35
hjjgHi! I use Ubuntu Server 14.04. with Kernel 3.13.0 and ubuntu-zfs on a nfs server.12:35
gulzarSeveas: so regular snapshots/backups of system other than the current system storage is necessary12:36
lordievadergulzar: That is simply bad design...12:36
ikoniaSeveas: interesting in your wording around 1 lv per app12:36
ikoniado you actually mean "per app" or per app file system ?12:36
gulzarlordievader: yes, and since those MS people think that admin on windows and root on linux is same, my power is low12:36
lordievadergulzar: Ouch12:37
gulzarlordievader: :(12:37
gulzarlordievader: so backups on other server of / is a must12:37
omenmaybe you should do moral choise and make them know that they can't decide about what they don't know about12:37
Seveasikonia: I mean /srv/www on a different lv than /var/lib/mysql12:37
omendunno if that is good idea, if they are too emotional about it12:37
Seveasand if you add redis, stick its datadir on an lv12:38
ikoniaSeveas: ok, what I'd expect then12:38
lordievadergulzar: You could also use snapshots of the root lv12:38
ikoniaSeveas: thought you where suggesting some new "docker style" approach12:38
Seveasgulzar: lvm also lets you make snapshots, yet another reason to go for this scheme12:38
gulzaromen: they are like main developers and all think in same way. I handle linux and tools part12:38
Seveasikonia: no, I don't do such madness :)12:38
gulzarSeveas: ok, any doc for this snapshot thing?12:38
ikoniaSeveas: didn't think so, hence the interest12:38
Seveasgulzar: man lvcreate :)12:39
lordievadergulzar: https://wiki.gentoo.org/wiki/LVM12:39
gulzarSeveas: :P12:39
gulzarlordievader: ok12:39
gulzarso finally what size for these lvm ?12:39
Seveasgulzar: if you really want to mess with them, add an aufs overlay on top of /, then anything can be rolled back by rebooting :)12:39
hjjghjjg: after 370 days of solid and stress free uptime, we installed updates and rebooted the machine. Now we are experiencing serious problems.12:39
gulzarand /boot12:39
gulzarSeveas: that aufs went above the head12:39
Seveasgulzar: /boot 250mb, / 50GB, /data/yourapp whatever you need12:40
Seveasgulzar: it was more of a joke than an actual suggestion, so don't worry12:40
omengulzar: if the app is light, maybe you should try virtualization12:40
gulzarSeveas: that /data needs to be /home12:40
Seveasgulzar: /home/yourapp then, not all of /home12:40
hjjgevery 2 to 4 days the server needs to be rebooted. the ZFS datasets are inaccessible (ls on /pool/dataset hangs) and the nfsd-kernel processes are consuming 100% cpu time (sys)12:40
gulzaromen: no, its bad , super memory hog app, I think even 128GB ram wil be less12:40
hjjgis it possible to downgrade the kernel and zfs/spl to a specific version?12:41
gulzarSeveas: how its possible to have tow /homes ?12:41
ikoniahjjg: if you have access to the repos that hold the older packages sure, other things may depend on the later version12:41
ikoniaas I recall the zfs kernel repo is 3rd party maintained12:41
hjjgis there someone else who has problems with ZoL and NFS?12:42
Seveasgulzar: same way as you can have / and /home on a different volume, any subdir can be on a different volume12:42
gulzarSeveas: one for /home/app and other for /home/user ?12:42
gulzarSeveas: oh12:42
Seveasor one for /home and one for /home/app12:42
gulzarSeveas: ok, got it12:42
ikoniahjjg: select the older kernel from your grub menu, see if the problem remains12:42
hjjgikonia: I am well aware of the fact that this is a third-party repository. I also bug-reported this issue on github.12:43
ikoniaother than that you're going to have to interact with the kernel maintainer team for the ZFS packages12:43
hjjgikonia: the problem is that spl-dkms and zfs-dkms are rebuilding all of the installed kernel modules.12:43
ikoniahjjg: the older kernel should still maintain it's tree12:43
gulzarSeveas: I just got good news, that /home/app can be anywhere not just inside /home , it just needs max free space and that space is on external drive. No need to use internal HDD12:47
=== balloons is now known as Guest4533
gulzarSeveas: that external is mounted in /media12:47
gulzarSeveas: so the only problem is protection of permision and 'rm /'12:47
=== Guest4533 is now known as ballons_
hjjgikonia: dkms does odd things. 3.13.0-36, 3.13.0-57, 3.13.0-65 and 3.13.0-66 are installed but the zfs module has only been built for -65 and -6612:48
hjjgyes, the corresponding linux-headers package is installed.12:48
gulzarSeveas: there?12:48
=== ballons_ is now known as balloons_
gulzarSeveas: Thank You12:54
=== Lcawte is now known as Lcawte|Away
=== balloons_ is now known as balloons
=== a0rora_ is now known as a0rora
=== cz2 is now known as pulseaudio
=== pulseaudio is now known as cz2
josejgrimm: ping16:03
jgrimmjose, pong16:03
josejgrimm: hey! just wondering why the python2 to python3 session was declined16:03
=== markthomas|away is now known as markthomas
jgrimmjose, decision was to wrap that into the python3 session already scheduled.16:04
josejgrimm: gotcha. thanks! :)16:04
jgrimmjose, http://summit.ubuntu.com/uos-1511/meeting/22568/python3-only-on-the-images/16:05
jgrimmjose, no problem!16:05
tewardrbasak: ping, if you're around, just need an opinion on something16:06
tewardno rush if you're busy16:06
=== CiPi is now known as cipi
=== cipi is now known as CiPi
fuzzywuzzyHi I want to change all the file permissions in /var/www to 644.  Does this work? find /var/www/ -type f -exec chmod 644 {} \;17:21
Seveasfuzzywuzzy: chmod -R /var/www og+r,u+rw17:23
Seveasyes, that changes permissions on dirs to, but only to things you need anyway :)17:23
sarnoldfuzzywuzzy: should work fine17:24
Seveassarnold: it'll be slow as hell though, and it's missing quotes17:25
fuzzywuzzyI'm trying to chmod the FILES to 64417:25
sarnoldSeveas: yeah, xargs or the + thingy would go faster. what quotes is it missing?17:25
fuzzywuzzyAccidently set to 75517:25
fuzzywuzzyAm I doing this wrong?17:28
fuzzywuzzySo says - http://wiki.apache.org/httpd/FileSystemPermissions17:28
Seveasno, you're doing it right17:29
fuzzywuzzytrying to match permissions on default Wordpress install on Ubuntu server17:30
fuzzywuzzygracias amigos!17:34
fuzzywuzzyCan anyone recommend an up to date book on Ubuntu server security?17:37
sarnoldfuzzywuzzy: this guide seemed sane https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts17:44
JanCsarnold: interesting the UK government is publishing guides like that (even if some of what they write is nitpickable :) )17:59
hotmedalIf I make a pptp vpn server, can multiple clients connect to it at the same time? I tried with Windows (the built in thing it has) and it only allowed one client at a time.17:59
sarnoldJanC: yeah, I was impressed. It's not perfect but so many of those guides are ridiculous.18:00
JanCthere is indeed a lot of good stuff in it, it seems18:01
quanticJanC: The US DoD does the same. We call them STIGs.18:02
RoyKhotmedal: yes, but pptp is an insecure protocol, don't use it18:06
quantichotmedal: PLEASE don't use PPTP. When we say insecure, we mean "@#$%ing broken."18:07
teward^ that18:09
lordievaderhotmedal: Better go with ipsec. Works really well :)18:09
quanticOr openvpn if you're going through NAT.18:10
lordievaderIpsec can go through NAT (ESP at least)18:10
quanticlordievader: but even then it's a pain.18:10
quanticopenvpn is a lot LESS of a pain. :P18:10
lordievaderThat is NAT's fault :P18:11
quanticTrue, but until we can get rid of IPv4, NAT's kind of a thing.18:11
tewardlordievader: IPSec can go through nat, but OpenVPN behaves better on it, I think18:11
tewardgranted, my firewall appliance handles my network's VPN, but meh18:11
jpdsstrongswan handles IPsec just fine on Ubuntu and has Windows support18:15
jpdsIt's only painful when one doesn't know how it works18:16
lordievaderIndeed and the documentation for Strongswan is nice.18:16
sarnold<3 strongswan docs :)18:16
hotmedali basically  need to create a vpn on a windows machine and with its built-in pptp I succeeded but for only one client at a time18:28
hotmedalcan I do something about that?18:29
lordievaderWindows supports ipsec out of the box too.18:29
hotmedal(I know openVPN is good but my clients would rather use the built in vpn connection)18:29
hotmedallordievader: how18:29
tewardlordievader: Win8+ yes18:29
teward(win7 it likes to complain, from what I've done in testing)18:30
hotmedalyes I have 8.118:30
lordievaderhotmedal: https://wiki.strongswan.org/projects/strongswan/wiki/Windows718:30
lordievaderteward: I use it on my Win7. Bit tricky to get the cert just right but after that, click and go.18:30
tewardlordievader: link please :)18:31
lordievaderteward: See above.18:31
tewardor a guide.  'cause it doesn't work on my Win718:31
teward(works GREAT in Win10 though xD)18:31
lordievaderteward: Windows 7 is very picky about it's certs it needs a couple of flags set else it will give Nat related errors or some wierd stuff like that.18:31
hotmedalI don't want to generate certificates and get the clints to use them18:32
hotmedaljust username and password18:32
lordievaderI have no experience with psk.18:33
tewardlordievader: psk is difficult in windows i think in win7 - psk not supported perhaps.18:34
tewardbut that's offtopic :)18:34
lordievaderFrom the page I linked to "or Username/Password using EAP-MSCHAP v2 (case C)." seems psk is supported.18:36
* teward shrugs18:36
lordievaderBut I have no idea if that is actually using the ipsec psk.18:36
=== markthomas is now known as markthomas|away
=== ddstreet_away is now known as ddstreet
herrkinhello, I have an issue setting up a service, it does work when I do sudo service xxx start|restart|stop but it wont start up with the system.20:28
herrkinmay anybody help me set it up?20:28
herrkinit is pm2 I hope some of you is working with it.20:28
sarnoldupstart conf? sysv-init script? systemd service?20:29
=== markthomas|away is now known as markthomas
EmilienMzul_, coreycb, jamespage: which repo should I use to setup liberty ? trusty/proposed/liberty or trusty/updates/liberty ?21:28
coreycbEmilienM, you'll want to run with updates unless you need to test something that's in proposed21:31
EmilienMcoreycb: what is supposed to be stable?21:32
coreycbEmilienM, -updates is stable21:32
coreycbEmilienM, so this is stable: add-apt-repository cloud-archive:liberty21:32
ponyofdeathanyone know why ip route add dev bond0.250 src table vlan_250 would give  "RTNETLINK answers: Operation not permitted" what do i need compiled in the kernel for that?23:16
ponyofdeathwhat is funny is that the command ip route add default via dev bond0.250 table vlan_250 wroks fine23:16
TJ-ponyofdeath: is assigned to bond0.250 ?23:20
ponyofdeathTJ-: yup23:42
ponyofdeaththis was working until i compiled kernel 4.323:42
ponyofdeathso i think i might be missing a kernel option23:42
TJ-ponyofdeath: Ahhhh!23:42
TJ-anything in dmesg/kern.log gives a better clue?23:43
ponyofdeaththat i fixed23:43
ponyofdeaththat i can tell23:43
ponyofdeathi have everything under policy routing comiled in23:44
TJ-might be worth enabling some dynamic_debug tracing23:46
ponyofdeathgonna roll back kernel to see if that was it as i also upgrade with the latest packages for 14.0423:48
ponyofdeathis ipv6 needed for iproute23:49
sarnoldno, I used iproute2 utilities well before ipv6 was around..23:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!