/srv/irclogs.ubuntu.com/2015/12/01/#ubuntu-server.txt

francis_	Hi! Can SMART Extended scan detect bad sectors on hard disk?	03:04
=== cpaelzer__ is now known as cpaelzer
lordievader	Good morning.	07:55
melbaa	Hello, i have a question about my virtual ubuntu server that is running on my Windows 10 with hyper-V. Is it possible that the virtual ubuntu reads my Windows 10 storage so i can access it in the virtual machine?	08:40
eahmedshendy	Hi, anyone here	10:46
eahmedshendy	I have issue related to apparmor, anyone could help?	10:46
jjohansen	eahmedshendy: what's the issue	10:47
eahmedshendy	http://paste.ubuntu.com/13596640/	10:47
eahmedshendy	I tried to uninstall mysql 5.5, then install 5.6 and till now I can't install mysql	10:47
eahmedshendy	jjohansen	10:48
jjohansen	eahmedshendy: you need to add a rule to the mysql profile	10:48
jjohansen	eahmedshendy: look for the file /etc/apparmor.d/usr.sbin.mysqld	10:49
jjohansen	well or something close to that	10:49
jjohansen	you need to add the rule	10:50
jjohansen	/etc/mysql/my.cnf.fallback r,	10:50
jjohansen	the rule will need to go into the mysqld profile	10:51
jjohansen	it will likely look like	10:51
jjohansen	/usr/sbin/mysqld {	10:51
jjohansen	# some comments	10:51
jjohansen	.. rules ..	10:51
jjohansen	}	10:51
jjohansen	you should be able to insert an new line in the block of rules (beginning or end are good choices)	10:52
T3DDY	/leave	10:52
jjohansen	and save the file	10:52
jjohansen	eahmedshendy: then do	10:53
jjohansen	sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld	10:53
jjohansen	(or what ever the file name the profile was in)	10:53
=== khildin is now known as robb_nl
eahmedshendy	I do not understand this step:	10:55
eahmedshendy	/usr/sbin/mysqld {	10:55
eahmedshendy	jjohansen	10:55
eahmedshendy	I jsut added this: /etc/mysql/my.cnf.fallback r, to /etc/apparmor.d/usr.sbin.mysqld	10:56
jjohansen	eahmedshendy: okay, the profile file has format	10:56
eahmedshendy	what do you mean by the profile file?	10:56
eahmedshendy	jjohansen	10:56
jjohansen	yes, but you need to add it within the profile rule block	10:56
jjohansen	the profile within the file, will start like	10:57
jjohansen	/usr/sbin/mysqld {	10:57
eahmedshendy	Ok	10:57
jjohansen	or	10:57
jjohansen	profile mysqld /usr/sbin/mysqld {	10:57
eahmedshendy	"/usr/sbin/mysqld {" .. I found it in /etc/apparmor.d/usr.sbin.mysqld	10:58
jjohansen	you can insert the rule on almost any new line between the start { and end }	10:58
eahmedshendy	jjohansen: that is it?	10:58
jjohansen	that defines the profiles rules	10:58
eahmedshendy	yes jjohansen I did that first	10:58
jjohansen	okay.	10:58
jjohansen	once you have that saved use	10:59
jjohansen	sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld	10:59
jjohansen	to compile the changed profile and load it into the kernel	10:59
jjohansen	you should then be able to try installing mysql again	10:59
jjohansen	you could get another denial	11:00
eahmedshendy	do remove then uninstall or just dpkg-reconfigure -a?	11:00
eahmedshendy	jjohansen	11:00
jjohansen	if you want you could put the profile into complain mode, where it will allow all accesses but complain about those not in the profile	11:00
jjohansen	eahmedshendy: err, I think you should be able to get away with dpkg-reconfigure	11:01
jjohansen	but it does depend on how the package has done the apparmor integration	11:02
eahmedshendy	jjohansen: I did not understand your sentence at all :), I did that apt-get purge --auto-remove mysql-server-5.6	11:02
eahmedshendy	I will install it again	11:02
jjohansen	eahmedshendy: sorry, what I was trying to say, is it is possible apparmor will deny other things	11:02
eahmedshendy	jjohansen: mmm, ok	11:03
jjohansen	one way to deal with this is put the profile in a complain or learning mode	11:03
jjohansen	that way the profile won't deny anything, but you will get messages like from your pastebin in your logs, except that they will have	11:04
jjohansen	apparmor="ALLOWED" instead of	11:04
jjohansen	apparmor="DENIED"	11:04
jjohansen	you would then use those messages just as we have done for the denied message	11:05
eahmedshendy	jjohansen: http://paste.ubuntu.com/13596948/	11:05
jjohansen	complain mode is a big help when developing profiles, as you don't have to deal with denial messages one at a time	11:05
eahmedshendy	the line you told me to add in apparmor is gone, I will add and use dpkg-reconfigure -a rather than purging it	11:07
eahmedshendy	jjohansen	11:07
jjohansen	eahmedshendy: hrmmm, you profile hasn't been updated, can you paste bin it?	11:07
jjohansen	eahmedshendy: got it, dpkg-reconfigure reinstalled the profile, wiping out your change	11:08
eahmedshendy	jjohansen: http://paste.ubuntu.com/13596977/	11:08
eahmedshendy	so?	11:08
jjohansen	hrmmm, actually you did a purge and then a reinstall. correct?	11:09
jjohansen	in that case it would have deleted the installed profile file	11:09
eahmedshendy	yes	11:09
eahmedshendy	I got what you need, just paste it now	11:10
eahmedshendy	jjohansen: http://paste.ubuntu.com/13597005/	11:10
eahmedshendy	That is OK, right?	11:10
jjohansen	yeah that looks good	11:10
eahmedshendy	jjohansen: So now I should move and try to fix the other issue of mysql, right?	11:13
eahmedshendy	apparmor, is clear?	11:13
jjohansen	eahmedshendy: yep, unless you start hitting new denial messages	11:14
eahmedshendy	jjohansen: I forgot to told you that, mysql-server-5.6 was working fine yesterday, untill I did restart, mysql goes down again	11:15
jjohansen	eahmedshendy: did you switch to systemd?	11:15
eahmedshendy	jjohansen: This server is new for me, I just removed a database called cassandra that was running yesterday	11:16
jjohansen	systemd handles restart as stop/start, instead of having a dedicated restart action like upstart or sysv init scripts	11:16
jjohansen	this has broken more than a few usage patterns, and has become the first question I ask when someone says something stopped working on restart	11:17
jjohansen	of course it depends what you mean by restart	11:18
eahmedshendy	there is a file called: /etc/init/systemd-logind.conf, does that means systemd is installed?	11:18
eahmedshendy	jjohansen: just execute the command reboot	11:18
jjohansen	ah, well that wouldn't be the problem then	11:18
jjohansen	I'm not sure why mysqld would fail on a reboot	11:19
eahmedshendy	jjohansen: How to know that admin that was here made a switch to ssytemd	11:20
jjohansen	eahmedshendy: unless you are using systemctl restart, I wouldn't chase that path	11:20
eahmedshendy	No I don't have this command "systemctl"	11:21
eahmedshendy	on my current system	11:21
jjohansen	eahmedshendy: but if you want to know,	11:21
jjohansen	ps aux \| grep systemd	11:21
jjohansen	should return with pid 1 as systemd	11:21
eahmedshendy	jjohansen: http://paste.ubuntu.com/13597160/	11:22
jjohansen	eahmedshendy: nah	11:23
jjohansen	eahmedshendy: actual	11:24
jjohansen	pstree	11:24
jjohansen	might be easier	11:24
jjohansen	systemd shows up as the root of the tree	11:24
eahmedshendy	It is just init	11:24
eahmedshendy	jjohansen	11:24
jjohansen	right	11:24
jjohansen	you just have a few cherry-picked "systemd" services	11:25
eahmedshendy	jjohansen: That is not what you afraid off?	11:26
jjohansen	eahmedshendy: if it says init you don't have systemd	11:27
eahmedshendy	jjohansen: yes, so this is fine	11:27
jjohansen	yep	11:27
jjohansen	so the systemd change I mentioned before is not the reason mysqld is failing	11:28
eahmedshendy	jjohansen: sorry for bothering you, and thank you so much for help, God bless you :)	11:28
eahmedshendy	jjohansen: yes	11:28
=== Lcawte\|Away is now known as Lcawte
eahmedshendy	Is t here anyone can help with mysql-server 5.6 upgrade from 5.5 issue, or even help me to get back to 5.5.	11:31
eahmedshendy	http://paste.ubuntu.com/13597397/	11:39
rbasak	eahmedshendy: why do you have a PPA enabled?	11:57
rbasak	You're getting mismatched versions of the packages which can't help.	11:57
eahmedshendy	rbasak: I came here and found it like this	11:58
eahmedshendy	Should I do another thing, I am just beginner in administration	11:58
rbasak	You can probably repair it from where you are, but I don't have the time to go through that with you, sorry.	12:02
rbasak	This channel is the right place to ask for help though. Maybe somebody else will come along.	12:02
eahmedshendy	rbasak: no problem sir, I think try and do it, thank you very much for pointing me	12:03
eahmedshendy	:)	12:03
eahmedshendy	btw, you mean that I can update the PPA for a package that is suitable for 14.04.3	12:03
eahmedshendy	I have the same issue like this guys http://askubuntu.com/questions/699942/updating-to-mysql-5-6-27-fails-but-why	12:09
eahmedshendy	exactly	12:09
eahmedshendy	I think I am stuck with this problem	12:10
rbasak	It looks like it is because the archive has been updated ahead of the PPA in a way that makes the PPA break things.	12:11
rbasak	I don't understand why the PPA exists in the first place.	12:11
OerHeks	i just went trough http://paste.ubuntu.com/13597397/ and found mysql-server_5.6.25-3+deb.sury.org~trusty+1_all.deb == https://launchpad.net/~ondrej/+archive/ubuntu/mysql-5.6/+sourcepub/5377389/+listing-archive-extra so you did install a ppa ....	12:12
rbasak	I trust ~ondrej has a good reason for creating it	12:12
rbasak	But perhaps it's not needed now that trusty-updates has 5.6.27?	12:12
eahmedshendy	OerHeks: this is your procedures? so you faced a problem like me	12:13
OerHeks	eahmedshendy, your issue seemed curious, but it is not, why did you not mention that PPA in the 1st place?	12:14
OerHeks	such info is very important.	12:14
eahmedshendy	OerHeks: I didn't change any PPA at all	12:14
eahmedshendy	OerHeks: rbasak just told me about it	12:15
eahmedshendy	I didn't do manaul change	12:15
OerHeks	no, that was before rbasak named ppa. you have added that ondrej ppa before.	12:16
OerHeks	ppa-purge that repo and try to install again ( not from ppa but the original packages)	12:17
eahmedshendy	OerHeks: just today while trying to solve the problem with everyone here, I didn't add it before	12:19
eahmedshendy	OerHeks: what after that .. I just deleted the two files and make apt-get update	12:25
rbasak	cpaelzer: thank you for your feedback! I updated that paragraph and sent the email.	12:27
eahmedshendy	Because I got this error when trying to do it with ppa-purge http://paste.ubuntu.com/13598152/	12:27
cpaelzer	rbasak, thank you - I'm eager to see what the responses will be like	12:27
cpaelzer	rbasak: within dpdk do you know if we just dropped the kernel modules without replacement or if we deliver them with the kernel?	12:28
eahmedshendy	OerHeks: I will try to reset the server repositories to its default	12:29
OerHeks	removing those 2 files does not work well, you should use ppa-purge, with the correct name of the ppa.	12:30
OerHeks	!ppapurge	12:31
ubottu	To disable a PPA from your sources and revert your packages back to default Ubuntu packages, install ppa-purge and use the command: « sudo ppa-purge ppa:<repository-name>/<subdirectory> » – For more information, see http://www.webupd8.org/2009/12/remove-ppa-repositories-via-command.html	12:31
rbasak	cpaelzer: I'm not sure. smb maybe knows? ^^	12:32
cpaelzer	rbasak: he went offline, will ask him later/tomorrow	12:32
eahmedshendy	OerHeks: I created them manually	12:43
eahmedshendy	OerHeks: http://paste.ubuntu.com/13598538/	12:54
eahmedshendy	?	12:54
smb	cpaelzer, rbasak, if the question was about the kernel modules. There are two which are usable and shipped with the standard kernel. uio-pci-generic and vfio-pci	13:16
cpaelzer	smb: the question was about the two .ko's that would be build in the dpdk source igb_uio.ko and rte_kni.ko IIRC	13:17
cpaelzer	smb: those are disabled for obvious build and packaging issues, but I wondered if those would be required in some way	13:18
smb	cpaelzer, Ok, yeah. Those should no longer be required (starting with dpdk 2.0) and the kernel ones being used	13:18
cpaelzer	smb: ok because they are still default on thx	13:18
cpaelzer	smb: FYI dpdk 2.2 no more builds with your trick to go to the lowest cpu/sse level	13:19
smb	cpaelzer, That is indeed a bit odd but the recommendation for that also came from upstream sort of	13:19
cpaelzer	smb: that is good to hear that this recommendation to disable them came from there	13:19
cpaelzer	smb: I'll have to search for "the new lowest" denominator that would build	13:20
smb	cpaelzer, hm, the "trick" was to use the machine level option. If that no longer builds ...	13:20
cpaelzer	smb: yeah I saw you configured thr T=..native, but then set RTE_MACHIEN=default	13:20
cpaelzer	smb: the rte.vars for default refer to core2 as the march	13:20
smb	Either they think they fixed online detection	13:20
cpaelzer	smb: and that is now too low as some code needs newer than that cpu features now	13:21
smb	Right the T is just to pick one of the template configs they ship	13:21
cpaelzer	right, but "native" depends on the build environment and is no option	13:21
cpaelzer	so seems core2 as of dpdk 2.2	13:22
cpaelzer	I'll have to search for the new "low"	13:22
cpaelzer	level that is acceptable	13:22
smb	Yes, so if default which is (or was supposed to be) a supported option no longer works it might be time to report them a bug	13:22
cpaelzer	smb: I fully agree, but for that I need to find out what would :-)	13:22
cpaelzer	smb: on the good side with that it fails upstream just as much as in the dpkg build environment	13:23
cpaelzer	smb: so it will be easy to report the bug	13:23
smb	cpaelzer, :) yeah. or play innocent and ask them what goes wrong there :)	13:23
cpaelzer	smb: not now after we wrote on a public channel and then innocent is a decade or more ago :-P	13:24
smb	cpaelzer, Note that I say "play" ;)	13:25
=== Piper-Off is now known as Monthrect
=== kickinz1_ is now known as kickinz1
=== Monthrect is now known as Piper-Off
Melbatje	Hello, I need some help with my Ubuntu server, I have a VM running on my Windows 10 PC and would like to share some storage so I access that on my VM. Does anyone have any clue how to do that with Samba and what settings?	16:12
=== Piper-Off is now known as Monthrect
Melbatje	does anyone read this message? xd	16:16
lordievader	Melbatje: What hypervisor are you using?	16:17
Melbatje	Hyper-V	16:17
lordievader	Hmm, wouldn't be surprised if it hase some kind of a folder share function. However I am not familiar with hyper-v.	16:18
Melbatje	lordievader: I'm using Hyper-V	16:18
Melbatje	lordievader: I'm going to check that, thanks :P	16:18
=== jgrimm is now known as jgrimm-away
=== jgrimm-away is now known as jgrimm
crveni	hi	18:48
crveni	is server 15.10 have graphical environment?	18:49
sarnold	you can apt-get install whatever you want	18:49
crveni	I know, but I don't know how install unity	18:50
crveni	and how to make them startup	18:51
sarnold	apt-get install unity ought to get most of the way there	18:51
ianorlin	I would not recommend it	18:51
ianorlin	as acessing the ui over the network is not the best	18:52
ianorlin	if locally I usually like to run an ubuntu-server virtual machine in just a normal desktop	18:52
crveni	me nead web server local	18:53
sarnold	you don't need a gui for that :)	18:53
crveni	yes i nead gui, bicose i use this laptop for development	18:54
ianorlin	actually gvfs is a quite nice way to transfer things like pictures to a web server	18:54
crveni	i dont know, i love ubuntu :)	18:55
crveni	and trying to meet them very well	18:55
sarnold	crveni: ah. feel free to install the desktop then and just apt-get install the server packages as you need them :)	18:56
sarnold	laptops are funny creatures, it's way easier to get them to work if you just go with the whole desktop thing up front	18:56
crveni	@sarnold I do it last week :)	18:56
crveni	i loveee ubuntu	18:57
crveni	:)	18:57
crveni	Do you everbody know where is Serbia?	18:59
crveni	I from Serbia :)	18:59
simosx	o/	18:59
crveni	Novak Djokovic :) :)	18:59
crveni	We in serbia wery love ubuntu :)	19:00
crveni	ok, nobody will not talk for me :(	19:02
simosx	crveni, I said "hi".	19:03
crveni	hi simosx	19:04
crveni	:)	19:04
crveni	which system simosx you have?	19:04
simosx	I use 'DigitalOcean' for server.	19:05
m1dnight_	Hello guys. I'm in a bit of pickle with duplicity. I have a server `daytona` which serves as the storage for backups from my other machine `testarossa`. Testarossa uses duplicity and backsup via sftp. On testarossa, as root, I can ssh to daytona with the user `backupper`. I can run the duplicity command in the terminal as well. But hwen I put the duplicity command in a bash script (which runs fine as	19:05
m1dnight_	well from the commandline) and run it as a cronjob, I keep getting connection refused errors on the sshbackend of duplicity.	19:05
m1dnight_	Any tips?	19:05
crveni	simosx what is thet :)?	19:06
crveni	that?	19:06
sarnold	m1dnight_: probably your cronjob doesn't use the same ssh agent that your shells use	19:06
simosx	crveni, it's a Virtual Private Server (VPS). You get a server on the cloud (you connect with SSH). It is great to learn about servers.	19:06
m1dnight_	sarnold: how can I fix that, then?	19:07
sarnold	m1dnight_: run ssh-add -l to see if you have keys in your agent..	19:07
m1dnight_	It used to work fine, but when I reinstalled the server it stopped working.	19:07
crveni	simosx that is expensive for me :)	19:08
m1dnight_	Hm, sarnold that gave me that no agent was running, did eval `ssh-agent -s` now and added the private key. ill see what will happen now.	19:09
m1dnight_	Testing the cronjob again.	19:09
simosx	crveni, you are paying as long as the server is active. if you look into it, it's somewhat affordable.	19:09
sarnold	m1dnight_: the cronjob runs in an environment started by cron, seperate from your shells.. if the ssh agent is running, you can give the cron jobs access by adding the right environment variables..	19:09
m1dnight_	`BackendException: ssh connection to backupper@192.168.1.120:22 failed: [Errno 111] Connection refused` still	19:10
m1dnight_	oh can you point me in the right direction then, please?	19:10
sarnold	m1dnight_: oh, you know, connection refused suggests something else is going on.	19:10
crveni	ok simosx	19:11
m1dnight_	sarnold: yes, but the weird thing is that I can ssh to the machine just fine..	19:11
sarnold	m1dnight_: try a cronjob with something like echo "" \| nc 192.168.1.120 22	19:11
m1dnight_	And Im using the exact same user..	19:11
crveni	can I install the DNS server and they will charge domain	19:13
crveni	simosx?	19:13
crveni	:)	19:13
simosx	crveni, when you get a domain, they often give you DNS management for free. If you do not get free DNS management, you can use https://www.namecheap.com/domains/freedns.aspx	19:14
simosx	crveni, if you do not have a domain, and you want a free one, you can try out http://www.freenom.com/ (includes free DNS management).	19:15
crveni	no simosx, you dont understand , how can I sell thousend .com domains?	19:16
simosx	crveni, selling .com domains is a job called "Domain Registrar". It's kinda out of the scope in learning about servers.	19:17
m1dnight_	sarnold: where would I find the output of that? dmesg is empty.	19:19
sarnold	crveni: do you just want to host a few thousand domains as a host? or do you actually want to become a registrar?	19:20
crveni	ok simosx. that job interesting for me :) easy mony	19:20
sarnold	m1dnight_: check your mail, cron mails the output to you	19:20
m1dnight_	aha	19:20
m1dnight_	SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3	19:20
m1dnight_	Protocol mismatch.	19:20
m1dnight_	Shouldn't it negotiate for a proper protocol?	19:20
sarnold	m1dnight_: interesting. the echo "" \| nc just sends a blank string to the remot ehost and returns what the remote host's banner was	19:22
crveni	yes simosx, I do to become registrar	19:22
sarnold	m1dnight_: so at least your cronjob can make outgoing connections to that host just fine.	19:22
m1dnight_	Glad you find it interesting :>	19:23
m1dnight_	Using it in the shell shows me the same output.	19:23
m1dnight_	Hmmm	19:24
crveni	I want to become registrar, and don't know how :)	19:25
m1dnight_	aha, dist-upgrade installs some updates to libssl so it seems.	19:25
m1dnight_	Let's see where that brings us	19:25
shauno	I'm not sure I'd call it 'easy money'. domains strike me as a 'race to the bottom' unless you can parcel it in a wider package	19:26
nat0	Can anyone tell my why preseeding a fresh install of 14.04 fails after searching for dists/trusty-updates/Release, which doesn't even exist on the 14.04 installer DVD?	19:27
simosx	shauno, also DV certificates are likely to follow the same path.	19:27
crveni	shauno I thought to do the all via computer	19:28
crveni	i have to become a hacker :)	19:29
crveni	i love this job :)	19:29
crveni	does anyone know the web development project for free?	19:31
crveni	I have a project and need a worker	19:32
sarnold	there are more ideas than there are developers; in general, developers need to be paid	19:33
crveni	i work for free	19:33
crveni	money arriving later	19:34
crveni	It is an advertising site, I hope it will be members	19:34
shauno	I think you would have enjoyed the dotbomb era, but you're almost 20 years too late. I can't think of a nicer way to put that.	19:36
crveni	:) shauno	19:37
sarnold	hehe	19:38
crveni	I thought to do the site where it will be distributed, advertised IT projects	19:38
crveni	shere IT job	19:38
crveni	share	19:38
crveni	freelancing site	19:39
sarnold	fivr vworker monster ...	19:39
crveni	i am big deady	19:40
crveni	dady	19:40
crveni	:)	19:40
crveni	nice too meet you everybody	19:41
nat0	Does anyone know why anna, the package installer in debian-installer, requires Release signatures for an update branch even while attempting a fresh install?	19:41
sarnold	have fun crveni :)	19:42
sarnold	nat0: probably to make sure that you're not installing maliciously supplied updates	19:42
crveni	my site is http://www.elvescode.com but is serbish language	19:42
nat0	sarnold: then shouldn't those release signatures be included on the install DVD?	19:42
nat0	Because they'	19:42
nat0	re not, preventing me from installing anything.	19:42
sarnold	nat0: the Release files are periodically updated, see e.g. http://mirrors.kernel.org/ubuntu/dists/trusty-updates/Release "Date: Tue, 01 Dec 2015 12:00:33 UTC	19:43
nat0	I'm pxebooting 14.04.3's DVD1. It loads the kernel and squashfs image fine. The preseed file correctly repartitions the drive. Then it verifies the release signatures, and 404's on dists/trusty-updates/Release.	19:44
sarnold	nat0: because the Release files are updated periodically, their signatures can't be burned onto an install media	19:44
sarnold	nat0: which mirror?	19:44
nat0	It's a local mirror I've manually created by essentially rsycing the contents of 14.04.3's DVD1 image onto a local filesystem served over HTTP.	19:45
teward	well there's one of the issues there - the release files are updated periodically and don't exist on the DVD images then	19:45
sarnold	nat0: ah; then either also grab the trusty-updates tree off a mirror too, or figure out how to tell the installer that it shouldn't update packages during the install	19:45
sarnold	nat0: .. of course you'll want to apply the updates immediately after you're done if you don't update the packages during the install	19:46
nat0	sarnold: Thanks. I thought I'd done the latter by setting the pkgsel/update-policy to none.	19:47
nat0	In the preseed file that is.	19:47
crveni	have fun geeks :) i get out	19:48
sarnold	hmmm that might be worth a bug report then :)	19:48
nat0	ugh	19:49
nat0	I might just remove ubuntu as an option from this provisioning server.	19:49
sarnold	are the updates really too difficult to mirror?	19:50
teward	nat0: better question, why not run a local repo mirror for that release and put 1TB of space for each, or twice that much if you want to support two different releases	19:50
nat0	sarnold: clients will not be using this server to update their own packages, so it's unnecessary to include them.	19:52
sarnold	nat0: ahh	19:53
nat0	tweard: again, I don't need to update machines from this server, and using 2TB of space to mirror one release is a bit absurd.	19:53
sarnold	I think the archives are something like 900gigs total for all currently supported releases	19:53
nat0	This server will only be provisioning new clients, on an airgapped network, from a series of local mirrors made directly from distribution release images.	19:53
teward	sarnold: eesh, so i'll have to build a 5TB RAID array in my next private-mirror server	19:55
teward	maybe my workplace will let me use their bandwidth to download the files on that server	19:55
sarnold	teward: I'm looking at building one myself, and went looking through our NFS mounted archive the other day.. I came to the conclusion that it'd probably be a bit more than one TB once we have a third supported LTS release again, and a bit more than that once the 'newest releases' aren't also LTS releases..	19:56
sarnold	teward: so 2tb sounds like a nice plan, if I've checked the right things :)	19:57
m1dnight_	sarnold: looks like it is fixed with the upgrade..	19:59
m1dnight_	Knock on wood	19:59
sarnold	m1dnight_: woot!	19:59
* m1dnight_ knocks on his head		19:59
m1dnight_	ha ha	19:59
sarnold	m1dnight_: granted, it doesn't make -sense- to me, but hooray for a fix.	19:59
m1dnight_	Yep worked fine. Cronjob finished..	19:59
sarnold	m1dnight_: crazy.	20:00
teward	sarnold: true, but i also need a Debian mirror	20:05
teward	because i have four debian vms	20:05
teward	so that's what, another 1TB maybe?	20:05
sarnold	teward: hmm, dunno, I don't know a quick way to measure that	20:05
teward	sarnold: indeed.	20:06
teward	5TB array of disks should be fine though	20:06
hackeron	anyone has any ideas what could be causign this boot problem with Kernel 4.2? < https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1521749	20:27
ubottu	Launchpad bug 1521749 in linux (Ubuntu) "NUC NUC5CPYH Does not boot on 4.2.0-19 (Ubuntu 15.10)" [Undecided,New]	20:27
sarnold	hackeron: how about /var/log/syslog.0 or similar rotated files?	20:29
sarnold	hackeron: how about systemd's journals?	20:30
teward	hackeron: also consider there's a request for more information in the bug	20:32
teward	either run apport-collect 1521749 or if you actually can't boot as such comment accordingly on the bug and change the status to Confirmed	20:32
hackeron	sarnold: /var/log/syslog.0 shows yesterday's log - /var/log/syslog shows a successful boot (3.19), then shows a gap where all the failed boots are (4.2.0), then shows the next successful boot	20:35
sarnold	hackeron: ouch :(	20:36
hackeron	sarnold: just checked journalctl - also nothing	20:36
TJ-	hackeron: try editing the kernel command-line, add "systemd.unit=emergency.target" see if you can get that far	20:37
hackeron	teward: that wasn't there a second ago, heh - trying	20:37
hackeron	TJ-: If I select "Ubuntu, with Linux 4.2.0-19-generic (recovery mode)" from the list - it boots into the recovery console, so I am guessing yes	20:41
TJ-	hackeron: I'd look at the various targets systemd goes through on its way to multiuser.target, and boot to each in turn until you hit the issue	20:43
TJ-	hackeron: or, do a bisect on the list of targets	20:44
TJ-	hackeron: it looks like the local-fs-pre us good, so do "grep -rn 'local-fs-pre' /lib/systemd/*" and then try to get to "local-fs.target"	20:47
hackeron	TJ-: ah, that's a good idea - I will try that	20:48
TJ-	hackeron: unfortunately systemd doesn't make it too easy (like sysv-init) to figure out the order so you have to dig	20:50
hackeron	TJ-: is there anyway to get a list of what runs after the emergecy.target in order? - looks a bit of a maze otherwise	20:50
hackeron	TJ-: ah, ok, that answers that question, heh	20:50
TJ-	You've got 'targets' which I think of as groups of 'services', and you've got 'wants' which targets/services declare as their dependencies	20:51
hackeron	TJ-: thank you, will play around in a little bit, just going for a quick job. Hopefully will be able to narrow it down. It seems the next target after the one it reaches is Bluetooth, hmmm	20:55
hackeron	jog*	20:55
TJ-	hackeron: I found "systemd-analyze critical-chain" will provide the list you need	20:56
teward	hackeron: thoug that apport-collect should be run under the affected kernel	20:57
teward	and if you can't boot to that then...	20:57
=== SpamapS is now known as TheKettle
=== TheKettle is now known as SpamapS
smackusrevival	how do i know whether a server has experienced a dos attack?	22:32
bekks	smackusrevival: you will notice it by not being able to reach the service.	22:38
bekks	DoS == Denial of Service.	22:38
smackusrevival	what if access is super-slow but does eventually respond?	23:00
hackeron	teward: TJ: Ah, correction, it does not boot into the recovery console either - or rather it seems intermittent -- sometimes it boots, most of the time it does not :( (with kernel 4.2 -- boots fine with 3.19)	23:00
smackusrevival	also, notices a large spike in traffic at one point yesterday which took entire allocated memory of server to maximum during this time.	23:01
bekks	smackusrevival: those are symptoms of a DoS.	23:05
smackusrevival	bekks: thanks, i think so. problem is, server is still slow, yet everything still intact. i am not too sure what to do next. i have taken server offline until i can resolve.	23:09
=== Jikai is now known as Jikan
=== Monthrect is now known as Piper-Off
teward	hackeron: make sure that's noted in the bug	23:21
hackeron	teward: yeh, I updated the description - I managed to get into the emergency console by adding systemd.unit=emergency.target -- but as soon as I try to do anything, like start apport for example - it freezes :/ - added a screenshot to the bug report too	23:23
smackusrevival	bekks: just performed security scan on entire server data. found nothing suspicious.	23:27
bekks	smackusrevival: Thats because a DoS attack happens from outside your computer.	23:27
smackusrevival	bekks: so why would it still be really slow?	23:28
bekks	Thats what you have to investigate. There are a gazillion of possible reasons, like excessive swap usage, excessive memory usage, etc.	23:29
smackusrevival	memory usage at normal and swap is 0%.	23:30
smackusrevival	all resources seem normal.	23:31
smackusrevival	this is either an external network provider issue beyond our control, or an sql issue. i believe the former.	23:36
bekks	Since you took it offline, it isnt.	23:37
smackusrevival	should a wordpress page load when loading with localhost	23:41
smackusrevival	?	23:41
bekks	Depends on your webserver configuration.	23:44
smackusrevival	if sql was corrupted, would this be a sign of an attack on the actual sql db?	23:45
bekks	Not necessarily.	23:45
smackusrevival	bekks: what would i be looking for?	23:47
bekks	Logs, reasons for the sql db being corrupted, things that appear in your webserver logs, things that appear in the system logs, etc.	23:48
smackusrevival	ok, i know what i will be doing today. reading logs. :-(	23:48
quantic	smackusrevival: infosec 101. welcome to my world.	23:49
smackusrevival	lol, why do we do this job.	23:49
teward	smackusrevival: because if we don't do it nobody will and everything dies	23:49
bekks	Because we didnt listen to our parents and didnt get another job :P	23:49
teward	smackusrevival: that said, if this is a place where you can add hardware to the infrastructure, a IDS/IPS would be nice	23:50
teward	(adding one can help protect sometimes against some DoS vectors)	23:50
smackusrevival	yeah increased security hardware is something our company will be looking at. hopefully sooner rather than later...	23:51
=== Lcawte is now known as Lcawte\|Away
smackusrevival	odd, apache logs show nothing at the time of the alleged attacks.	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!