=== InfoTest1 is now known as InfoTest
=== InfoTest1 is now known as InfoTest
=== Lcawte is now known as Lcawte|Away
[02:58] <not_roasted> hello friends
[02:59] <not_roasted> I'm repurposing an old laptop to use as a server. When I close the lid, it does nothing, which sounds great (no suspend) but the screen stays lit. How can I control the timeout so the screen goes entirely black?
[03:15] <TJ-> not_roasted: sounds like the backlight is staying on. DPMS is usually the way to control that, but it may require working with the platform ACPI driver too
[03:15] <jak2000> TJ- ! thanks
[03:17] <TJ-> I know there used to be a CLI command to directly control DPMS but can't find it now
[03:17] <jak2000> some problems but solved... 1) i am ejecuted crontab with sudo... :)
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
[09:28] <lordievader> Good morning.
=== Lcawte|Away is now known as Lcawte
=== chmurifree is now known as chmuri
[12:31] <gulzar> what is a good partiton schema for ubuntu14.04 server edition on a 1TB HDD?
[12:32] <Seveas> gulzar: tiny boot and the rest an lvm pv. Create a small-ish volume (50GB) for the root filesystem and separate volumes for each application you put on it and its data
[12:32] <lordievader> ^ that
[12:32] <Seveas> most importantly, don't allocate all diskspace right away. It's easy to grow an LV, and rather difficult to shrink one.
[12:33] <gulzar> Seveas: it will have only one app for testing , whcih willl be reinstalled every week
[12:33] <Seveas> gulzar: all the more reason to go for this. Deleting the app is as simple as dropping and recreating the LV :)
[12:33] <Seveas> you can even minimize downtime by doing the reinstall in a different lv and swapping it in place :)
[12:34] <ikonia> win 4
[12:34] <gulzar> Seveas: the only fear I have is, the users here are pure MS people and they all use root account , and many times someone do execute 'rm /' and chmod which destroy the system
[12:34] <Seveas> don't give them root access them
[12:34] <Seveas> then*
[12:34] <Seveas> just enough sudo access to do their job.
[12:34] <ikonia> create non-privileged user accounts, or auth against AD
[12:35] <gulzar> Seveas: can't help , the idiots made the app to work on root account. I will change this but will need few months
[12:35] <hjjg> Hi! I use Ubuntu Server 14.04. with Kernel 3.13.0 and ubuntu-zfs on a nfs server.
[12:36] <gulzar> Seveas: so regular snapshots/backups of system other than the current system storage is necessary
[12:36] <lordievader> gulzar: That is simply bad design...
[12:36] <ikonia> Seveas: interesting in your wording around 1 lv per app
[12:36] <ikonia> do you actually mean "per app" or per app file system ?
[12:36] <gulzar> lordievader: yes, and since those MS people think that admin on windows and root on linux is same, my power is low
[12:37] <lordievader> gulzar: Ouch
[12:37] <gulzar> lordievader: :(
[12:37] <gulzar> lordievader: so backups on other server of / is a must
[12:37] <omen> maybe you should do moral choise and make them know that they can't decide about what they don't know about
[12:37] <Seveas> ikonia: I mean /srv/www on a different lv than /var/lib/mysql
[12:37] <omen> dunno if that is good idea, if they are too emotional about it
[12:38] <Seveas> and if you add redis, stick its datadir on an lv
[12:38] <ikonia> Seveas: ok, what I'd expect then
[12:38] <lordievader> gulzar: You could also use snapshots of the root lv
[12:38] <ikonia> Seveas: thought you where suggesting some new "docker style" approach
[12:38] <Seveas> gulzar: lvm also lets you make snapshots, yet another reason to go for this scheme
[12:38] <gulzar> omen: they are like main developers and all think in same way. I handle linux and tools part
[12:38] <Seveas> ikonia: no, I don't do such madness :)
[12:38] <gulzar> Seveas: ok, any doc for this snapshot thing?
[12:38] <ikonia> Seveas: didn't think so, hence the interest
[12:39] <Seveas> gulzar: man lvcreate :)
[12:39] <lordievader> gulzar: https://wiki.gentoo.org/wiki/LVM
[12:39] <gulzar> Seveas: :P
[12:39] <gulzar> lordievader: ok
[12:39] <gulzar> so finally what size for these lvm ?
[12:39] <Seveas> gulzar: if you really want to mess with them, add an aufs overlay on top of /, then anything can be rolled back by rebooting :)
[12:39] <hjjg> hjjg: after 370 days of solid and stress free uptime, we installed updates and rebooted the machine. Now we are experiencing serious problems.
[12:39] <gulzar> and /boot
[12:39] <gulzar> Seveas: that aufs went above the head
[12:40] <Seveas> gulzar: /boot 250mb, / 50GB, /data/yourapp whatever you need
[12:40] <Seveas> gulzar: it was more of a joke than an actual suggestion, so don't worry
[12:40] <omen> gulzar: if the app is light, maybe you should try virtualization
[12:40] <gulzar> Seveas: that /data needs to be /home
[12:40] <Seveas> gulzar: /home/yourapp then, not all of /home
[12:40] <hjjg> every 2 to 4 days the server needs to be rebooted. the ZFS datasets are inaccessible (ls on /pool/dataset hangs) and the nfsd-kernel processes are consuming 100% cpu time (sys)
[12:40] <gulzar> omen: no, its bad , super memory hog app, I think even 128GB ram wil be less
[12:41] <hjjg> is it possible to downgrade the kernel and zfs/spl to a specific version?
[12:41] <gulzar> Seveas: how its possible to have tow /homes ?
[12:41] <ikonia> hjjg: if you have access to the repos that hold the older packages sure, other things may depend on the later version
[12:41] <ikonia> as I recall the zfs kernel repo is 3rd party maintained
[12:42] <hjjg> is there someone else who has problems with ZoL and NFS?
[12:42] <Seveas> gulzar: same way as you can have / and /home on a different volume, any subdir can be on a different volume
[12:42] <gulzar> Seveas: one for /home/app and other for /home/user ?
[12:42] <gulzar> Seveas: oh
[12:42] <Seveas> or one for /home and one for /home/app
[12:42] <gulzar> Seveas: ok, got it
[12:42] <ikonia> hjjg: select the older kernel from your grub menu, see if the problem remains
[12:43] <hjjg> ikonia: I am well aware of the fact that this is a third-party repository. I also bug-reported this issue on github.
[12:43] <ikonia> other than that you're going to have to interact with the kernel maintainer team for the ZFS packages
[12:43] <hjjg> ikonia: the problem is that spl-dkms and zfs-dkms are rebuilding all of the installed kernel modules.
[12:43] <ikonia> hjjg: the older kernel should still maintain it's tree
[12:47] <gulzar> Seveas: I just got good news, that /home/app can be anywhere not just inside /home , it just needs max free space and that space is on external drive. No need to use internal HDD
=== balloons is now known as Guest4533
[12:47] <gulzar> Seveas: that external is mounted in /media
[12:47] <gulzar> Seveas: so the only problem is protection of permision and 'rm /'
=== Guest4533 is now known as ballons_
[12:48] <hjjg> ikonia: dkms does odd things. 3.13.0-36, 3.13.0-57, 3.13.0-65 and 3.13.0-66 are installed but the zfs module has only been built for -65 and -66
[12:48] <hjjg> yes, the corresponding linux-headers package is installed.
[12:48] <gulzar> Seveas: there?
=== ballons_ is now known as balloons_
[12:54] <gulzar> !ping
[12:54] <ubottu> pong!
[12:54] <gulzar> Seveas: Thank You
=== Lcawte is now known as Lcawte|Away
=== balloons_ is now known as balloons
=== a0rora_ is now known as a0rora
=== cz2 is now known as pulseaudio
=== pulseaudio is now known as cz2
[16:03] <jose> jgrimm: ping
[16:03] <jgrimm> jose, pong
[16:03] <jose> jgrimm: hey! just wondering why the python2 to python3 session was declined
=== markthomas|away is now known as markthomas
[16:04] <jgrimm> jose, decision was to wrap that into the python3 session already scheduled.
[16:04] <jose> jgrimm: gotcha. thanks! :)
[16:05] <jgrimm> jose, http://summit.ubuntu.com/uos-1511/meeting/22568/python3-only-on-the-images/
[16:05] <jgrimm> jose, no problem!
[16:06] <teward> rbasak: ping, if you're around, just need an opinion on something
[16:06] <teward> no rush if you're busy
=== CiPi is now known as cipi
=== cipi is now known as CiPi
[17:21] <fuzzywuzzy> Hi I want to change all the file permissions in /var/www to 644.  Does this work? find /var/www/ -type f -exec chmod 644 {} \;
[17:23] <Seveas> fuzzywuzzy: chmod -R /var/www og+r,u+rw
[17:23] <Seveas> yes, that changes permissions on dirs to, but only to things you need anyway :)
[17:24] <sarnold> fuzzywuzzy: should work fine
[17:25] <Seveas> sarnold: it'll be slow as hell though, and it's missing quotes
[17:25] <fuzzywuzzy> I'm trying to chmod the FILES to 644
[17:25] <sarnold> Seveas: yeah, xargs or the + thingy would go faster. what quotes is it missing?
[17:25] <fuzzywuzzy> Accidently set to 755
[17:28] <fuzzywuzzy> Am I doing this wrong?
[17:28] <fuzzywuzzy> So says - http://wiki.apache.org/httpd/FileSystemPermissions
[17:29] <Seveas> no, you're doing it right
[17:30] <fuzzywuzzy> trying to match permissions on default Wordpress install on Ubuntu server
[17:34] <fuzzywuzzy> gracias amigos!
[17:34] <fuzzywuzzy> =)
[17:37] <fuzzywuzzy> Can anyone recommend an up to date book on Ubuntu server security?
[17:44] <sarnold> fuzzywuzzy: this guide seemed sane https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts
[17:59] <JanC> sarnold: interesting the UK government is publishing guides like that (even if some of what they write is nitpickable :) )
[17:59] <hotmedal> If I make a pptp vpn server, can multiple clients connect to it at the same time? I tried with Windows (the built in thing it has) and it only allowed one client at a time.
[18:00] <sarnold> JanC: yeah, I was impressed. It's not perfect but so many of those guides are ridiculous.
[18:01] <JanC> there is indeed a lot of good stuff in it, it seems
[18:02] <quantic> JanC: The US DoD does the same. We call them STIGs.
[18:06] <RoyK> hotmedal: yes, but pptp is an insecure protocol, don't use it
[18:07] <quantic> hotmedal: PLEASE don't use PPTP. When we say insecure, we mean "@#$%ing broken."
[18:09] <teward> ^ that
[18:09] <lordievader> hotmedal: Better go with ipsec. Works really well :)
[18:10] <quantic> Or openvpn if you're going through NAT.
[18:10] <lordievader> Ipsec can go through NAT (ESP at least)
[18:10] <quantic> lordievader: but even then it's a pain.
[18:10] <quantic> openvpn is a lot LESS of a pain. :P
[18:11] <lordievader> That is NAT's fault :P
[18:11] <quantic> True, but until we can get rid of IPv4, NAT's kind of a thing.
[18:11] <teward> lordievader: IPSec can go through nat, but OpenVPN behaves better on it, I think
[18:11] <teward> granted, my firewall appliance handles my network's VPN, but meh
[18:11] <teward> :P
[18:15] <jpds> strongswan handles IPsec just fine on Ubuntu and has Windows support
[18:16] <jpds> It's only painful when one doesn't know how it works
[18:16] <lordievader> Indeed and the documentation for Strongswan is nice.
[18:16] <sarnold> <3 strongswan docs :)
[18:28] <hotmedal> i basically  need to create a vpn on a windows machine and with its built-in pptp I succeeded but for only one client at a time
[18:29] <hotmedal> can I do something about that?
[18:29] <lordievader> Windows supports ipsec out of the box too.
[18:29] <hotmedal> (I know openVPN is good but my clients would rather use the built in vpn connection)
[18:29] <hotmedal> lordievader: how
[18:29] <teward> lordievader: Win8+ yes
[18:30] <teward> (win7 it likes to complain, from what I've done in testing)
[18:30] <hotmedal> yes I have 8.1
[18:30] <lordievader> hotmedal: https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
[18:30] <lordievader> teward: I use it on my Win7. Bit tricky to get the cert just right but after that, click and go.
[18:31] <teward> lordievader: link please :)
[18:31] <lordievader> teward: See above.
[18:31] <teward> or a guide.  'cause it doesn't work on my Win7
[18:31] <teward> thanks
[18:31] <teward> (works GREAT in Win10 though xD)
[18:31] <lordievader> teward: Windows 7 is very picky about it's certs it needs a couple of flags set else it will give Nat related errors or some wierd stuff like that.
[18:32] <teward> mmm
[18:32] <hotmedal> I don't want to generate certificates and get the clints to use them
[18:32] <hotmedal> just username and password
[18:33] <lordievader> I have no experience with psk.
[18:34] <teward> lordievader: psk is difficult in windows i think in win7 - psk not supported perhaps.
[18:34] <teward> but that's offtopic :)
[18:36] <lordievader> From the page I linked to "or Username/Password using EAP-MSCHAP v2 (case C)." seems psk is supported.
[18:36]  * teward shrugs
[18:36] <lordievader> But I have no idea if that is actually using the ipsec psk.
=== markthomas is now known as markthomas|away
=== ddstreet_away is now known as ddstreet
[20:28] <herrkin> hello, I have an issue setting up a service, it does work when I do sudo service xxx start|restart|stop but it wont start up with the system.
[20:28] <herrkin> may anybody help me set it up?
[20:28] <herrkin> it is pm2 I hope some of you is working with it.
[20:29] <sarnold> upstart conf? sysv-init script? systemd service?
=== markthomas|away is now known as markthomas
[21:28] <EmilienM> zul_, coreycb, jamespage: which repo should I use to setup liberty ? trusty/proposed/liberty or trusty/updates/liberty ?
[21:31] <coreycb> EmilienM, you'll want to run with updates unless you need to test something that's in proposed
[21:32] <EmilienM> coreycb: what is supposed to be stable?
[21:32] <coreycb> EmilienM, -updates is stable
[21:32] <coreycb> EmilienM, so this is stable: add-apt-repository cloud-archive:liberty
[21:32] <EmilienM> cool
[23:16] <ponyofdeath> anyone know why ip route add 10.248.5.0/24 dev bond0.250 src 10.248.5.154 table vlan_250 would give  "RTNETLINK answers: Operation not permitted" what do i need compiled in the kernel for that?
[23:16] <ponyofdeath> what is funny is that the command ip route add default via 10.248.5.1 dev bond0.250 table vlan_250 wroks fine
[23:20] <TJ-> ponyofdeath: is 10.248.5.154 assigned to bond0.250 ?
[23:42] <ponyofdeath> TJ-: yup
[23:42] <ponyofdeath> this was working until i compiled kernel 4.3
[23:42] <ponyofdeath> so i think i might be missing a kernel option
[23:42] <TJ-> ponyofdeath: Ahhhh!
[23:43] <TJ-> anything in dmesg/kern.log gives a better clue?
[23:43] <ponyofdeath> nothing
[23:43] <ponyofdeath> that i fixed
[23:43] <ponyofdeath> sorry
[23:43] <ponyofdeath> that i can tell
[23:44] <ponyofdeath> i have everything under policy routing comiled in
[23:46] <TJ-> might be worth enabling some dynamic_debug tracing
[23:48] <ponyofdeath> gonna roll back kernel to see if that was it as i also upgrade with the latest packages for 14.04
[23:49] <ponyofdeath> is ipv6 needed for iproute
[23:50] <sarnold> no, I used iproute2 utilities well before ipv6 was around..