=== InfoTest1 is now known as InfoTest | ||
=== InfoTest1 is now known as InfoTest | ||
=== Lcawte is now known as Lcawte|Away | ||
not_roasted | hello friends | 02:58 |
---|---|---|
not_roasted | I'm repurposing an old laptop to use as a server. When I close the lid, it does nothing, which sounds great (no suspend) but the screen stays lit. How can I control the timeout so the screen goes entirely black? | 02:59 |
TJ- | not_roasted: sounds like the backlight is staying on. DPMS is usually the way to control that, but it may require working with the platform ACPI driver too | 03:15 |
jak2000 | TJ- ! thanks | 03:15 |
TJ- | I know there used to be a CLI command to directly control DPMS but can't find it now | 03:17 |
jak2000 | some problems but solved... 1) i am ejecuted crontab with sudo... :) | 03:17 |
=== markthomas|away is now known as markthomas | ||
=== markthomas is now known as markthomas|away | ||
lordievader | Good morning. | 09:28 |
=== Lcawte|Away is now known as Lcawte | ||
=== chmurifree is now known as chmuri | ||
gulzar | what is a good partiton schema for ubuntu14.04 server edition on a 1TB HDD? | 12:31 |
Seveas | gulzar: tiny boot and the rest an lvm pv. Create a small-ish volume (50GB) for the root filesystem and separate volumes for each application you put on it and its data | 12:32 |
lordievader | ^ that | 12:32 |
Seveas | most importantly, don't allocate all diskspace right away. It's easy to grow an LV, and rather difficult to shrink one. | 12:32 |
gulzar | Seveas: it will have only one app for testing , whcih willl be reinstalled every week | 12:33 |
Seveas | gulzar: all the more reason to go for this. Deleting the app is as simple as dropping and recreating the LV :) | 12:33 |
Seveas | you can even minimize downtime by doing the reinstall in a different lv and swapping it in place :) | 12:33 |
ikonia | win 4 | 12:34 |
gulzar | Seveas: the only fear I have is, the users here are pure MS people and they all use root account , and many times someone do execute 'rm /' and chmod which destroy the system | 12:34 |
Seveas | don't give them root access them | 12:34 |
Seveas | then* | 12:34 |
Seveas | just enough sudo access to do their job. | 12:34 |
ikonia | create non-privileged user accounts, or auth against AD | 12:34 |
gulzar | Seveas: can't help , the idiots made the app to work on root account. I will change this but will need few months | 12:35 |
hjjg | Hi! I use Ubuntu Server 14.04. with Kernel 3.13.0 and ubuntu-zfs on a nfs server. | 12:35 |
gulzar | Seveas: so regular snapshots/backups of system other than the current system storage is necessary | 12:36 |
lordievader | gulzar: That is simply bad design... | 12:36 |
ikonia | Seveas: interesting in your wording around 1 lv per app | 12:36 |
ikonia | do you actually mean "per app" or per app file system ? | 12:36 |
gulzar | lordievader: yes, and since those MS people think that admin on windows and root on linux is same, my power is low | 12:36 |
lordievader | gulzar: Ouch | 12:37 |
gulzar | lordievader: :( | 12:37 |
gulzar | lordievader: so backups on other server of / is a must | 12:37 |
omen | maybe you should do moral choise and make them know that they can't decide about what they don't know about | 12:37 |
Seveas | ikonia: I mean /srv/www on a different lv than /var/lib/mysql | 12:37 |
omen | dunno if that is good idea, if they are too emotional about it | 12:37 |
Seveas | and if you add redis, stick its datadir on an lv | 12:38 |
ikonia | Seveas: ok, what I'd expect then | 12:38 |
lordievader | gulzar: You could also use snapshots of the root lv | 12:38 |
ikonia | Seveas: thought you where suggesting some new "docker style" approach | 12:38 |
Seveas | gulzar: lvm also lets you make snapshots, yet another reason to go for this scheme | 12:38 |
gulzar | omen: they are like main developers and all think in same way. I handle linux and tools part | 12:38 |
Seveas | ikonia: no, I don't do such madness :) | 12:38 |
gulzar | Seveas: ok, any doc for this snapshot thing? | 12:38 |
ikonia | Seveas: didn't think so, hence the interest | 12:38 |
Seveas | gulzar: man lvcreate :) | 12:39 |
lordievader | gulzar: https://wiki.gentoo.org/wiki/LVM | 12:39 |
gulzar | Seveas: :P | 12:39 |
gulzar | lordievader: ok | 12:39 |
gulzar | so finally what size for these lvm ? | 12:39 |
Seveas | gulzar: if you really want to mess with them, add an aufs overlay on top of /, then anything can be rolled back by rebooting :) | 12:39 |
hjjg | hjjg: after 370 days of solid and stress free uptime, we installed updates and rebooted the machine. Now we are experiencing serious problems. | 12:39 |
gulzar | and /boot | 12:39 |
gulzar | Seveas: that aufs went above the head | 12:39 |
Seveas | gulzar: /boot 250mb, / 50GB, /data/yourapp whatever you need | 12:40 |
Seveas | gulzar: it was more of a joke than an actual suggestion, so don't worry | 12:40 |
omen | gulzar: if the app is light, maybe you should try virtualization | 12:40 |
gulzar | Seveas: that /data needs to be /home | 12:40 |
Seveas | gulzar: /home/yourapp then, not all of /home | 12:40 |
hjjg | every 2 to 4 days the server needs to be rebooted. the ZFS datasets are inaccessible (ls on /pool/dataset hangs) and the nfsd-kernel processes are consuming 100% cpu time (sys) | 12:40 |
gulzar | omen: no, its bad , super memory hog app, I think even 128GB ram wil be less | 12:40 |
hjjg | is it possible to downgrade the kernel and zfs/spl to a specific version? | 12:41 |
gulzar | Seveas: how its possible to have tow /homes ? | 12:41 |
ikonia | hjjg: if you have access to the repos that hold the older packages sure, other things may depend on the later version | 12:41 |
ikonia | as I recall the zfs kernel repo is 3rd party maintained | 12:41 |
hjjg | is there someone else who has problems with ZoL and NFS? | 12:42 |
Seveas | gulzar: same way as you can have / and /home on a different volume, any subdir can be on a different volume | 12:42 |
gulzar | Seveas: one for /home/app and other for /home/user ? | 12:42 |
gulzar | Seveas: oh | 12:42 |
Seveas | or one for /home and one for /home/app | 12:42 |
gulzar | Seveas: ok, got it | 12:42 |
ikonia | hjjg: select the older kernel from your grub menu, see if the problem remains | 12:42 |
hjjg | ikonia: I am well aware of the fact that this is a third-party repository. I also bug-reported this issue on github. | 12:43 |
ikonia | other than that you're going to have to interact with the kernel maintainer team for the ZFS packages | 12:43 |
hjjg | ikonia: the problem is that spl-dkms and zfs-dkms are rebuilding all of the installed kernel modules. | 12:43 |
ikonia | hjjg: the older kernel should still maintain it's tree | 12:43 |
gulzar | Seveas: I just got good news, that /home/app can be anywhere not just inside /home , it just needs max free space and that space is on external drive. No need to use internal HDD | 12:47 |
=== balloons is now known as Guest4533 | ||
gulzar | Seveas: that external is mounted in /media | 12:47 |
gulzar | Seveas: so the only problem is protection of permision and 'rm /' | 12:47 |
=== Guest4533 is now known as ballons_ | ||
hjjg | ikonia: dkms does odd things. 3.13.0-36, 3.13.0-57, 3.13.0-65 and 3.13.0-66 are installed but the zfs module has only been built for -65 and -66 | 12:48 |
hjjg | yes, the corresponding linux-headers package is installed. | 12:48 |
gulzar | Seveas: there? | 12:48 |
=== ballons_ is now known as balloons_ | ||
gulzar | !ping | 12:54 |
ubottu | pong! | 12:54 |
gulzar | Seveas: Thank You | 12:54 |
=== Lcawte is now known as Lcawte|Away | ||
=== balloons_ is now known as balloons | ||
=== a0rora_ is now known as a0rora | ||
=== cz2 is now known as pulseaudio | ||
=== pulseaudio is now known as cz2 | ||
jose | jgrimm: ping | 16:03 |
jgrimm | jose, pong | 16:03 |
jose | jgrimm: hey! just wondering why the python2 to python3 session was declined | 16:03 |
=== markthomas|away is now known as markthomas | ||
jgrimm | jose, decision was to wrap that into the python3 session already scheduled. | 16:04 |
jose | jgrimm: gotcha. thanks! :) | 16:04 |
jgrimm | jose, http://summit.ubuntu.com/uos-1511/meeting/22568/python3-only-on-the-images/ | 16:05 |
jgrimm | jose, no problem! | 16:05 |
teward | rbasak: ping, if you're around, just need an opinion on something | 16:06 |
teward | no rush if you're busy | 16:06 |
=== CiPi is now known as cipi | ||
=== cipi is now known as CiPi | ||
fuzzywuzzy | Hi I want to change all the file permissions in /var/www to 644. Does this work? find /var/www/ -type f -exec chmod 644 {} \; | 17:21 |
Seveas | fuzzywuzzy: chmod -R /var/www og+r,u+rw | 17:23 |
Seveas | yes, that changes permissions on dirs to, but only to things you need anyway :) | 17:23 |
sarnold | fuzzywuzzy: should work fine | 17:24 |
Seveas | sarnold: it'll be slow as hell though, and it's missing quotes | 17:25 |
fuzzywuzzy | I'm trying to chmod the FILES to 644 | 17:25 |
sarnold | Seveas: yeah, xargs or the + thingy would go faster. what quotes is it missing? | 17:25 |
fuzzywuzzy | Accidently set to 755 | 17:25 |
fuzzywuzzy | Am I doing this wrong? | 17:28 |
fuzzywuzzy | So says - http://wiki.apache.org/httpd/FileSystemPermissions | 17:28 |
Seveas | no, you're doing it right | 17:29 |
fuzzywuzzy | trying to match permissions on default Wordpress install on Ubuntu server | 17:30 |
fuzzywuzzy | gracias amigos! | 17:34 |
fuzzywuzzy | =) | 17:34 |
fuzzywuzzy | Can anyone recommend an up to date book on Ubuntu server security? | 17:37 |
sarnold | fuzzywuzzy: this guide seemed sane https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts | 17:44 |
JanC | sarnold: interesting the UK government is publishing guides like that (even if some of what they write is nitpickable :) ) | 17:59 |
hotmedal | If I make a pptp vpn server, can multiple clients connect to it at the same time? I tried with Windows (the built in thing it has) and it only allowed one client at a time. | 17:59 |
sarnold | JanC: yeah, I was impressed. It's not perfect but so many of those guides are ridiculous. | 18:00 |
JanC | there is indeed a lot of good stuff in it, it seems | 18:01 |
quantic | JanC: The US DoD does the same. We call them STIGs. | 18:02 |
RoyK | hotmedal: yes, but pptp is an insecure protocol, don't use it | 18:06 |
quantic | hotmedal: PLEASE don't use PPTP. When we say insecure, we mean "@#$%ing broken." | 18:07 |
teward | ^ that | 18:09 |
lordievader | hotmedal: Better go with ipsec. Works really well :) | 18:09 |
quantic | Or openvpn if you're going through NAT. | 18:10 |
lordievader | Ipsec can go through NAT (ESP at least) | 18:10 |
quantic | lordievader: but even then it's a pain. | 18:10 |
quantic | openvpn is a lot LESS of a pain. :P | 18:10 |
lordievader | That is NAT's fault :P | 18:11 |
quantic | True, but until we can get rid of IPv4, NAT's kind of a thing. | 18:11 |
teward | lordievader: IPSec can go through nat, but OpenVPN behaves better on it, I think | 18:11 |
teward | granted, my firewall appliance handles my network's VPN, but meh | 18:11 |
teward | :P | 18:11 |
jpds | strongswan handles IPsec just fine on Ubuntu and has Windows support | 18:15 |
jpds | It's only painful when one doesn't know how it works | 18:16 |
lordievader | Indeed and the documentation for Strongswan is nice. | 18:16 |
sarnold | <3 strongswan docs :) | 18:16 |
hotmedal | i basically need to create a vpn on a windows machine and with its built-in pptp I succeeded but for only one client at a time | 18:28 |
hotmedal | can I do something about that? | 18:29 |
lordievader | Windows supports ipsec out of the box too. | 18:29 |
hotmedal | (I know openVPN is good but my clients would rather use the built in vpn connection) | 18:29 |
hotmedal | lordievader: how | 18:29 |
teward | lordievader: Win8+ yes | 18:29 |
teward | (win7 it likes to complain, from what I've done in testing) | 18:30 |
hotmedal | yes I have 8.1 | 18:30 |
lordievader | hotmedal: https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 | 18:30 |
lordievader | teward: I use it on my Win7. Bit tricky to get the cert just right but after that, click and go. | 18:30 |
teward | lordievader: link please :) | 18:31 |
lordievader | teward: See above. | 18:31 |
teward | or a guide. 'cause it doesn't work on my Win7 | 18:31 |
teward | thanks | 18:31 |
teward | (works GREAT in Win10 though xD) | 18:31 |
lordievader | teward: Windows 7 is very picky about it's certs it needs a couple of flags set else it will give Nat related errors or some wierd stuff like that. | 18:31 |
teward | mmm | 18:32 |
hotmedal | I don't want to generate certificates and get the clints to use them | 18:32 |
hotmedal | just username and password | 18:32 |
lordievader | I have no experience with psk. | 18:33 |
teward | lordievader: psk is difficult in windows i think in win7 - psk not supported perhaps. | 18:34 |
teward | but that's offtopic :) | 18:34 |
lordievader | From the page I linked to "or Username/Password using EAP-MSCHAP v2 (case C)." seems psk is supported. | 18:36 |
* teward shrugs | 18:36 | |
lordievader | But I have no idea if that is actually using the ipsec psk. | 18:36 |
=== markthomas is now known as markthomas|away | ||
=== ddstreet_away is now known as ddstreet | ||
herrkin | hello, I have an issue setting up a service, it does work when I do sudo service xxx start|restart|stop but it wont start up with the system. | 20:28 |
herrkin | may anybody help me set it up? | 20:28 |
herrkin | it is pm2 I hope some of you is working with it. | 20:28 |
sarnold | upstart conf? sysv-init script? systemd service? | 20:29 |
=== markthomas|away is now known as markthomas | ||
EmilienM | zul_, coreycb, jamespage: which repo should I use to setup liberty ? trusty/proposed/liberty or trusty/updates/liberty ? | 21:28 |
coreycb | EmilienM, you'll want to run with updates unless you need to test something that's in proposed | 21:31 |
EmilienM | coreycb: what is supposed to be stable? | 21:32 |
coreycb | EmilienM, -updates is stable | 21:32 |
coreycb | EmilienM, so this is stable: add-apt-repository cloud-archive:liberty | 21:32 |
EmilienM | cool | 21:32 |
ponyofdeath | anyone know why ip route add 10.248.5.0/24 dev bond0.250 src 10.248.5.154 table vlan_250 would give "RTNETLINK answers: Operation not permitted" what do i need compiled in the kernel for that? | 23:16 |
ponyofdeath | what is funny is that the command ip route add default via 10.248.5.1 dev bond0.250 table vlan_250 wroks fine | 23:16 |
TJ- | ponyofdeath: is 10.248.5.154 assigned to bond0.250 ? | 23:20 |
ponyofdeath | TJ-: yup | 23:42 |
ponyofdeath | this was working until i compiled kernel 4.3 | 23:42 |
ponyofdeath | so i think i might be missing a kernel option | 23:42 |
TJ- | ponyofdeath: Ahhhh! | 23:42 |
TJ- | anything in dmesg/kern.log gives a better clue? | 23:43 |
ponyofdeath | nothing | 23:43 |
ponyofdeath | that i fixed | 23:43 |
ponyofdeath | sorry | 23:43 |
ponyofdeath | that i can tell | 23:43 |
ponyofdeath | i have everything under policy routing comiled in | 23:44 |
TJ- | might be worth enabling some dynamic_debug tracing | 23:46 |
ponyofdeath | gonna roll back kernel to see if that was it as i also upgrade with the latest packages for 14.04 | 23:48 |
ponyofdeath | is ipv6 needed for iproute | 23:49 |
sarnold | no, I used iproute2 utilities well before ipv6 was around.. | 23:50 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!