Murdoch5I setup remote logging from about 20 servers back to 1 point in my network.  Now I have the problem of having to sort and deal with the data.  What do you guys recommend for log management?00:33
=== quantic_ is now known as quantic
TJ-Anyone familiar with PXE booting a GRUB core.pxe image?00:58
=== Lcawte is now known as Lcawte|Away
Logos01TJ-: I know I myself am not. How does it differ from 'normal' pxe-booting?02:34
Logos01Murdoch5: ELK is popular for that.02:35
Logos01Murdoch5: That is, Elasticsearch + Logstash + Kibana02:35
Logos01You might get away with just using Greylog though02:35
TJ-Logos01: differ? it doesn't, but the GRUB core I am building is causing the client to reboot instantly :) Wondering if anyone has had it properly boot the system02:44
=== CiPi is now known as cipi
=== cipi is now known as CiPi
lordievaderGood morning.08:52
Palm_premiumlordievader, Morning08:53
lordievaderHey Palm_premium08:53
arcskyhello, if u have installed ubuntu server 15. and want Gnome on it. how is the best way to install it ?09:38
arcskyi have no X right now09:38
Palm_premiumarcsky, Hello, can't you install one of those desktop-* packages?09:41
lordievaderarcsky: Why not use ssh to administer the server? X is, in most cases, a waste of resources.09:42
hateballarcsky: Suggestions aside, the answer to your original question is "sudo apt-get install gnome". But using SSH is an option you should consider.09:43
=== CiPi is now known as cipi
Sonu_i am getting " CONNECT ERROR: PHP Extensions "zlib" must be loaded."10:37
Palm_premiumHi sonu, are you using apache with php5? Did you install and enable the extension?10:58
=== cipi is now known as CiPi
=== Lcawte|Away is now known as Lcawte
davidic654Hi are we to expect Linux kernel vulnerabilities and reboots nearly every day now?12:59
=== rcj` is now known as rcj
arcskyhey guys, i just bought a KVM VPS. but now when i try to install i cant get it to work with encrypted hdd. isnt that possible with KVM ?13:17
TJ-arcsky: Insuffient data. What is the configuration of the KVM Guest ? what file-system are you trying to encrypt?13:19
arcskyTJ-: i dont know the conf for the KVM. i install via VNC. and i try to install it with LVM13:20
andolarcsky: Normally that wouldn't be a problem with a KVM setup, but I guess it depends on whatever the KVM VPS maintains it's own kernel+initrd, or if that is provided by the host system.13:21
TJ-install via VNC? doesn't make sense, you'll need to provide more detail13:21
andolTJ-: I'd imagine the VNC is a VNC accessed virtual console provided by the hosting provider.13:21
TJ-arcsky: usually the VPS provider has a system for installing default base images.13:21
arcskyi have my own image of ubuntu 15 there13:22
TJ-arcsky: where's the encryption there? that just says it failed to create an ext4 in partition #113:22
andolarcsky: Anyway, there's the possibiilty for there being all kind of provider specific details, so you are much better of talking to your provider's support.13:22
TJ-arcsky: 'image' of the ubuntu-server installer ISO you mean?13:23
arcskyTJ-: yes13:23
arcskydid try with EXT4 and LVM13:24
TJ-arcsky: OK, well encryption hasn't entered into the equation at the point of the error. The report seems to show there's a problem with partitioning vda13:24
TJ-arcsky: are you trying to create an encrypted root file-system?13:25
arcskyTJ-: yes root filesystem encryption13:27
TJ-arcsky: so you'll be configured the KVM hypervisor to boot from a raw image, not use a preconfigured vmlinuz+initrd.img ?13:28
arcskyTJ-:  sorry i bought a VPS with KVM. i have other VPS with XEN-HMV and there its easy to fix under the ubuntu installation13:29
arcskymaybe KVM doesnt support this13:29
arcskyi have no access to the the kvm config13:29
TJ-arcsky: that first error suggests that the installer is expecting to use partition #1 for the encrpyted device, but it has been set to be formatted as ext4, which conflicts. Maybe you just need to alter the settings you're giving the partitioner so partition #1 has no file-system type set13:29
arcskyi have tested with ext4 and lvm13:29
TJ-arcsky: the KVM configuration is usually controlled by the guest profile you create in the provider's web management interface13:30
arcskyTJ-: http://ring0.se/g/39076c9e410201ee.png this looks better?13:40
TJ-arcsky: Yes, although I don't see a need to make an extended partition with a logical for crypto. That should just be a primary partition, so there's no extended at all. I'd also use GPT rather than MBR if I wanted to reserve the option of additional partitions later.13:43
=== mist is now known as groupcat
=== groupcat is now known as group
=== group is now known as Guest23234
=== Lcawte is now known as Lcawte|Away
theptr_hi i have i problem with an ubuntu server 12.04 the disk is full so i added in hyper-v 40gb of disk . How do i easly add this diskspace to dev/sda1 ?15:23
theptr_i tryd sudo resize2fs /dev/sda115:23
theptr_but that doesnt work15:24
lordievadertheptr_: An ext filesystem can't be spanned over multiple block devices.15:24
phre4kcan I upgrade 14.04 to 15.10 over SSH?15:25
TJ-theptr_: easiest way is to be already using LVM so you can just add another PV to the VG15:25
lordievader^ that :D LVM \o/15:25
theptr_TJ-, problem is that my boss made the machine and not used to LVM15:25
theptr_TJ-, so its not LVM enabled15:26
TJ-theptr_: alternative way is to convert the system to be a MD RAID-0 stripe so its made up of sda and sdb15:26
lordievadertheptr_: Then you need to get creative with mounts. Put something big on the 40gb disk.15:26
khildinbosses should stay away from hardware... :P15:26
theptr_khildin, for sure15:26
TJ-theptr_: that does require being careful in creating the MD device to *NOT* write any metadata at the start of the device (which involves choosing the appropriate metadata version)15:26
theptr_TJ-, So its not possible to grow the disk ?15:27
theptr_TJ-, or not in an easy way15:27
lordievadertheptr_: Doesn't hyper v support that? Enlarging a disk?15:28
TJ-theptr_: the other option is to keep it as a separate disk (maybe 1 partition on it with LVM), and the move something like /var/ to a file-system on the /dev/sdb and add a mountpoint entry to fstab of the form "/dev/VG/LV /var ext4 defaults 0 2"15:28
khildinisn't it possible to create a PT and mount that?15:28
theptr_lordievader, Yes i did that but it was like 75gb zo after i expanded it it stays 75gb15:28
TJ-theptr_: the disk remains 75GB, or the partition ?15:28
lordievadertheptr_: The filesystem or the disk? What does parted say abouit the disk?15:28
theptr_TJ-, partition15:29
lordievadertheptr_: Ah, enlarge the partition ;)15:29
TJ-theptr_: if the disk is now larger, you will need to enlarge the (last) partition too15:29
lordievaderAnd the filesystem.15:29
TJ-theptr_: *then* "resize2fs /dev/sda1" will work15:29
theptr_TJ-, that command doesnt work i already tryed it15:29
theptr_and im not used to hyper-v im more vmware guy but boss hates it because it costs money ...15:30
lordievadertheptr_: It doesn't work if the partition ain't enlarged.15:30
lordievadertheptr_: resize2fs resizes a filesystem to the partition size. If the partition size hasn't changed resize2fs won't do anything.15:30
theptr_TJ-, lordievader i used this guide but nothing works http://askubuntu.com/questions/390769/how-do-i-resize-partitions-using-command-line-without-using-a-gui-on-a-server15:31
TJ-theptr_: how large is the disk? Is it using MBR or GPT?15:31
theptr_TJ-, lordievader so now the disk is larger but the partition is the same .15:31
lordievadertheptr_: Could you pastebin the output of 'sudo parted /dev/sda print'?15:32
TJ-theptr_: "pastebinit <( sudo parted /dev/sda unit s print )"15:32
theptr_hyper -v i cant copy anything so im going to ssh into it second15:33
TJ-theptr_: the command I gave you will pastebin the details for you15:33
theptr_a okay15:33
TJ-theptr_: you may need to "sudo apt-get install pastebinit" first15:33
theptr_TJ-, when i do that command it says unable to correct problems bla bla15:34
TJ-theptr_: sounds like the system has packaging faults you should fix, too!15:35
TJ-theptr_: see what this has to say: "sudo apt-get -f install"15:35
theptr_TJ-, not getting payt to fix haha15:35
TJ-Nor are we!15:35
lordievaderWell, if the disk is full...15:35
TJ-lordievader: indeed; chicken and egg!15:35
lordievaderMy apt was broken too this morning because of a full disk.15:36
TJ-theptr_: you may gain a little space with "sudo apt-get clean && sudo apt-get autoremove"15:36
lordievadertheptr_: Is copying through ssh still an option?15:36
TJ-lordievader: really? root-fs, boot, or something else?15:36
lordievaderTJ-: Root-fs, nfsen was a bit happy writing data. What I found more disturbing was the fact that Zabbix didn't bug me about it.15:37
theptr_TJ-, http://paste.ubuntu.com/13125016/15:37
TJ-lordievader: do you keep a separate /var/ ?15:37
theptr_lordievader, yes copy true ssh is possible15:37
theptr_lordievader, problem is that sql wont start15:37
lordievaderTJ-: On that vm /var/www is seperate. (Nfsen writes to /data, that is now seperate too)15:38
TJ-theptr_: OK, you won't be able to easily extend /dev/sda1 since there are additional partitions after i15:38
theptr_lordievader, TJ- im like working over for 4 hours now so if its not an easy fix i leave it so until tommorow15:38
TJ-lordievader: right. I always have a separate LV for /var/  and another for /var/cache/15:38
lordievaderIf swap ain't used you could teoretically remove it temporarily.15:39
TJ-theptr_: ^^^ as lordievader says15:39
theptr_TJ-, lordievader always problems with machines that i not install myself15:39
lordievaderTJ-: Haven't found the need for that on that vm yet. Usually it well behaves.15:39
lordievadertheptr_: We all have problems with machines we don't install ourselves :P15:39
TJ-theptr_: "pastebinit /proc/swaps"15:39
theptr_lordievader, lol15:40
TJ-And some of us have problems with machines we install ourselves, too :P15:40
TJ-And some of us have problems even GETTING to the installed stage :D15:40
theptr_TJ-, lol15:40
theptr_TJ-, http://paste.ubuntu.com/13125048/15:40
lordievaderThat too...15:41
lordievaderWhat a drag it is.15:41
theptr_TJ-, lordievader so im not the only one :)15:41
theptr_TJ-, lordievader thanks for the help but would it not be easyer to just do as you say before make an extra mount and extra partition15:42
TJ-I've got a mobo here won't boot from USB; doesn't like the images no matter what I do. It can't do PXE (only does Novell Netware remote boot) so I plugged an Intel dual PCI NIC in which has PXE, but the PXE boot is now having problems. The IDE DOM module which was supposed to receive the installation has burnt out a trace on its PCB and killed its voltate regulator! Doing really well on this one :)15:42
TJ-theptr_: that last pastebin was the same as the first :)15:43
TJ-theptr_: "pastebinit /proc/swaps"15:43
jcastrohey rbasak15:45
jcastrowhat was the tldr on ntp by default?15:45
rbasakjcastro: not needed because systemd timesyncd15:57
rbasakjcastro: it's on by default if ntp isn't installed, and syncs time.15:58
marcoceppi_rbasak: and that's in vivid onwards?15:58
ack__Hello ... is MYSQLI_ASYNC a constant I should expect to be available in 14.04? Getting Use of undefined constant MYSQLI_ASYNC - assumed 'MYSQLI_ASYNC' in a PHP script16:04
ack__phpinfo shows mysqlnd is loaded16:04
=== Lcawte|Away is now known as Lcawte
repozitoris there exist another professional tool for server adminstration, except webadmin?16:57
sarnoldif you use one of those web control panel things please make sure you've firewalled the machine and only allow access from only allowed IPs16:58
sarnoldthose control panels are universally terrible16:58
patdk-wkI always use ssh, been working great for years16:58
repozitorpatdk-wk, no, sometimes web app is better16:58
patdk-wkthere is never a case where webapp is better, more useful maybe, but never better :)16:59
patdk-wkor meets a very specific usecase need16:59
repozitorpatdk-wk, when you on mobile, so what do you think?17:00
repozitorwhich on is better?17:00
patdk-wkI believe webmin is the *only* one that is even alittle supported for debian/ubuntu17:00
patdk-wkI am ALWAYS mobile, ssh was made for mobile use17:00
patdk-wkyes, I have ssh client on my phone17:01
sarnoldrepozitor: try mosh for poor connections, it's great17:01
patdk-wkbut personally, I normally use my laptop that I ALWAYS take with me17:01
patdk-wksometimes I must admin a windows machine, and that is always fun17:01
repozitorpatdk-wk, even on plane or train or road?17:02
patdk-wkhmm, yes? what else is *mobile*?17:03
patdk-wkI often sit in the back seat of the car, and work on my laptop17:03
patdk-wksometimes in the plane, but not often17:04
patdk-wknever on a train, cause I never take trains17:04
repozitorthere is no webmin on my system17:08
repozitorwhat is wrong with apt-get?17:08
sarnoldhave you run apt-get update recently?17:09
sarnoldthen for each of those try apt-get install libnet-ssleay-perl  ; apt-get install libauthen-pam-perl ; apt-get install libio-pty-perl ; apt-get install apt-show-versions17:10
repozitorwith -f option?17:12
repozitorneeding to force?17:12
sarnoldavoid it if you can17:12
repozitorsarnold, so that error printed to me17:12
repozitorcan't avoid it, any idea?17:12
sarnoldwhat happened with the other four apt-get install lines?17:13
repozitorsomething like previous17:13
repozitortake a look17:14
sarnoldyeah, try apt-get install -f17:14
repozitorso you will reponsible for that :P17:15
sarnoldheh, your system is pretty unhappy, I haven't seen apt that upset in a dozen years..17:16
patdk-wklooks like a simple thing though17:17
repozitorthat's awfull17:17
patdk-wksomeone did a inproper upgrade17:17
patdk-wkor added some php ppa that isn't maintained anymore17:17
sarnoldrepozitor: just a plain "apt-get -f install", no parameters..17:17
repozitor-f meaning —fix-missing?17:18
sarnoldjust copy and paste what the error says :) heh17:18
patdk-wkgenerally it will finish installing half-installed packages17:18
patdk-wkwhere a package died, apt was killed, or something happened17:18
repozitorso it is fix missing17:19
=== fwwf is now known as adv_
patdk-wksorry, having a hard time concentrating, https://twitter.com/reubenbond/status/66206179149774438417:20
rbasakmarcoceppi_: yes18:28
rbasakjcastro, marcoceppi_: I'm not sure I like it but that's how it is for now anyway. I don't know of any changes to change it in Xenial.18:28
=== Lcawte is now known as Lcawte|Away
hehnopewhat do you guys do for ddos mitigation?18:34
patdk-wkthere is nothing you can do, except as much as possible18:40
patdk-wkeasy solutions are dns and ip blackholes18:41
patdk-wkharder solutions is actually making things still work18:41
patdk-wkthe *best* you can hope for, is a ddos that you can mitigate18:42
patdk-wkas in, it uses a single dns entry, ip, or depends on tcp connections18:42
patdk-wkand you can just stop responding to what looks like the attack, and continue processing the others18:43
patdk-wkif they flood your incoming pipe, then your just screwed, ip blackhole can help you there some18:43
JanCbest is if you can avoid it  :)18:46
jcastrorbasak: yeah we just ran into an ntp issue on a host and were just thinking outloud "did we fix time yet?"18:46
jcastrotldr some jenkins slaves clocks were off, aws and joyent cared, other clouds didn't, took a while to figure out why18:47
=== csdc is now known as adv_
caribousmoser: I'm looking at the haproxy LP: #1477198 bug19:31
ubottuLaunchpad bug 1477198 in Ubuntu Cloud Archive liberty "Stop doesn't works on Trusty" [High,Confirmed] https://launchpad.net/bugs/147719819:31
caribousmoser: I have an in flight SRU for this in trusty19:31
smoserwait, what ?19:31
smoserits been sru'd to trusty19:31
smoservia niedbalski19:31
smoserright ?19:31
caribousmoser: LP: #148173719:32
ubottuLaunchpad bug 1481737 in haproxy (Ubuntu Trusty) "HAProxy init script does not work correctly with nbproc configuration option" [Medium,In progress] https://launchpad.net/bugs/148173719:32
smoseryeah, that was the thing i was just realizing19:32
caribousmoser: I'll try to get someone to do the SRU19:32
smoserit seems like we should fix this in xenial / wily too19:33
caribousmoser: then the remaining is to either fix 1.5 in trusty-backport LP: #149414119:33
ubottuLaunchpad bug 1494141 in trusty-backports "HAProxy 1.5 init script does not terminate processes" [Medium,In progress] https://launchpad.net/bugs/149414119:33
smoserto just dtrt if there is no --pid option to start-stop-daemon19:33
caribousmoser: they're fine since dpkg has the --pid option that causes the bug19:34
smoser"they" ?19:34
smoserbackports ?19:34
caribousorry they = wily & xenial19:35
smoserright. but then it causes cloud archive bugs19:35
smoserbecause you dont fix it to work with older start-stop-daemon19:35
caribousmoser: cloud archive uses 1.5 ?19:35
smoserclodu-archive kilo == what-is-in-vivid19:36
caribousmoser: the fix in 1.4 awaiting SRU does, then I was planning to fix 1.519:36
smosercloud-archive liberty == what-is-in-wily19:36
caribousmoser: I was told to fix -updates first and then care about 1.5 (in trusty-backport)19:36
caribouthat's a bug that rbasak handed to me a while ago19:37
caribouanyway, I can fix it anywhere you want once it is SRUed19:37
caribousmoser: it is friday so the SRU will only go to -proposed but I can get the trusty-backport patch ready19:39
caribousmoser: and vivid as well19:39
smoserthe other thing to do would be to get the start-stop-daemon fix back to trusty19:41
caribousmoser: working on it19:41
smoserfrom dpkg ?19:41
caribousmoser: no, haproxy on vivid19:41
caribousmoser: I'll look at it19:42
caribousmoser: dpkg19:42
smoserright. one other way to fix this is to make trusty's start-stop-daemon able to accept --pidfile19:42
smosercaribou, http://paste.ubuntu.com/13128831/19:56
smoserthat seems like it should work19:57
caribousmoser: why go to the extent to check for --pid existence if just looping on each pid in the pidfile sufficient ,20:00
smoserno good reason. other than keeping it more in line with what is in debian.20:01
caribouah, ok20:01
smoserbut that is a good point. its really the same and easier to just use --pid20:01
kyle____Is anyone here running apt-cacher-ng on a network that gets hit by security scanners constantly (nessus, qualys, etc)?20:03
Picikyle____: Whats the actual question?20:03
smosercaribou, definitely shorter: http://paste.ubuntu.com/13128940/20:04
kyle____Pici: If your cacher is getting kocked over constantly by the security scans.20:04
kyle____And if there was a way of fixing it.20:04
smoserand all in all the same. even one *less* fork. not sure why i'd want to use --pid20:04
smoserwhat was the change you proposed into trusty ?20:05
sarnoldkyle____: do your acls allow the whole world to use your proxy? is that what you want?20:05
Pici(or don't want?)20:05
smosercaribou, ^20:06
caribousmoser: pretty much what you just proposed but with a trap() to cleanup proposed by rbasak20:06
kyle____sarnold: No, the proxy is only available on our internal network, but our security folks consntatly run scanners, and when they see it responds to http, it slams them with known vulns for various different web servers, and application servers.20:07
smoserah.  yeah, ok. sure. just didnt bother with the trap.20:07
caribousmoser: http://paste.ubuntu.com/13128969/20:07
sarnoldkyle____: ahhhhhhh20:07
decipherhi guys - i have a ubuntu 14.04 server running on AWS. I keep getting the "[access_compat:error] [pid 9802] [client] AH01797: client denied by server configuration" error message on my logs. i have php 2.4 and i made sure that the require all granted directive is on my vhost. however, this doesn't fix the problem.20:07
sarnolddecipher: check for the trailing '/' on directory or path names in your configs. try fiddling with those.20:08
kyle____sarnold: Yeah.  And either the security guy doesn't know how to tell the scanner not to bother with wordpress (for example) exploits against the cacher, or the scanner isn't configurable enough to not do that sort of thing.20:08
smosertrap in functions is hard since its basically a global.20:08
smoserif you've not uploaded, i'd sugest quoting the 'tmp' everywhere.20:09
smoserand you actually really *should* set 'tmp' before 'rm -f' it.20:09
sarnoldkyle____: the smartass in me wonders about tarpitting the scanner to give him encouragement to figure out how to whitelist your server :)20:09
smoseras you'll kill someones file that they had somehow into their environment $tmp20:09
deciphersarnold - do you mean i should include a trailing slash on my directory?20:09
caribouhmm, I thought I did20:09
sarnolddecipher: I think remove it. I just remember that apache's error message is nearly useless.20:09
kyle____sarnold: I *cough* __may__ have done something like that with iptables magic, and was told not to, because it defeated the purpouse of the security policy.20:09
sarnoldkyle____: heheh20:10
smoserin that patch there, this would cause problems: sudo tmpf=/etc/passwd service haproxy start20:10
kyle____I like having the security guy, and having im scan consantly, and making sure we have no gaping holes.....but killing thigns constantly is really bugging me.20:11
deciphersarnold - this is on my apache2.conf file20:11
decipher<Directory />20:11
decipherOptions FollowSymLinks20:11
decipherAllowOverride None20:11
decipherRequire all denied20:11
deciphershould i comment this out?20:11
RoyK!pastebin | decipher20:12
ubottudecipher: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.20:12
sarnolddecipher: oh. I thoght it'd be more involved than that20:12
decipherooops. my bad!20:12
sarnolddecipher: just keep in mind when you start doing <directory /foo/bar> vs <directory /foo/bar/> and get confusing error messages, the last / might be it :)20:13
sarnolddecipher: note that 2.4 changed drastically from 2.2 http://httpd.apache.org/docs/2.4/howto/auth.html20:14
deciphersarnold: i hear you. i'm using ispconfig to manage my site. it automatically generates the vhost for me20:14
deciphersarnold: the vhost for my site does not have any trailing / on it20:15
=== tgm4883_ is now known as tgm4883
wehdedoes anyone here know how to get ansible to only run against failed hosts?21:21
RoyKwehde: huh?21:35
RoyKwehde: failed hosts aren't usually available over the network...21:36
lordievaderIt does sound like you need magic to pull that off.21:37
wehdeRoyK, hosts can fail in ansible for even ssh prompting to accept the host key21:39
wehdeRoyK, or if the workstation was powered down and will be back online monday i'd like to be able to run the same playbook agianst just the failed hosts21:40
PermaNulledCan someone help me out with some udev issues? http://pastie.org/pastes/10534977/text?key=kj8jl10lekbo24r2ekzfa23:13
PermaNulledWhenever I run apt-get upgrade it's removing execute from systemd-udevd and fails to restart23:14
sarnoldPermaNulled: is there anything else in any logs? journals?23:19
PermaNulledThere's ouput from journalctl -xe23:20
PermaNulledAny ideas?23:28
wiuempeanyone know why postfix logs into /var/log/mail.log and /var/log/syslog on ubuntu 14.04?23:45
TJ-wiuempe: the config in /mnt/target/usr/share/rsyslog/50-default.conf23:50
wiuempeTJ-: i add to this file line: "& ~" and works good23:51
wiuempeTJ-: maybe do you know if i can in 14.04 configure service to respawn after kill?23:53
TJ-wiuempe: That's be an Upstart job configuration in /etc/init/<service>.conf23:53
wiuempeTJ-: oughhh... spamassassin has only init.d script23:54
TJ-wiuempe: in which case I think those are started via Upstart's /etc/init/rc-sysinit.conf23:56
wiuempeTJ-: yes, you are right, but how to respaw spamassassin?23:58
TJ-wiuempe: I do not know; if it is dieing I'd rather want to fix that :)23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!