[03:04] <francis_> Hi! Can SMART Extended scan detect bad sectors on hard disk?
[07:55] <lordievader> Good morning.
[08:40] <melbaa> Hello, i have a question about my virtual ubuntu server that is running on my Windows 10 with hyper-V. Is it possible that the virtual ubuntu reads my Windows 10 storage so i can access it in the virtual machine?
[10:46] <eahmedshendy> Hi, anyone here
[10:46] <eahmedshendy> I have issue related to apparmor, anyone could help?
[10:47] <jjohansen> eahmedshendy: what's the issue
[10:47] <eahmedshendy> http://paste.ubuntu.com/13596640/
[10:47] <eahmedshendy> I tried to uninstall mysql 5.5, then install 5.6 and till now I can't install mysql
[10:48] <eahmedshendy> jjohansen
[10:48] <jjohansen> eahmedshendy: you need to add a rule to the mysql profile
[10:49] <jjohansen> eahmedshendy:  look for the file /etc/apparmor.d/usr.sbin.mysqld
[10:49] <jjohansen> well or something close to that
[10:50] <jjohansen> you need to add the rule
[10:50] <jjohansen>      /etc/mysql/my.cnf.fallback   r,
[10:51] <jjohansen> the rule will need to go into the mysqld profile
[10:51] <jjohansen> it will likely look like
[10:51] <jjohansen> /usr/sbin/mysqld {
[10:51] <jjohansen>   # some comments
[10:51] <jjohansen>   .. rules ..
[10:51] <jjohansen> }
[10:52] <jjohansen> you should be able to insert an new line in the block of rules (beginning or end are good choices)
[10:52] <T3DDY> /leave
[10:52] <jjohansen> and save the file
[10:53] <jjohansen> eahmedshendy: then do
[10:53] <jjohansen>   sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
[10:53] <jjohansen> (or what ever the file name the profile was in)
[10:55] <eahmedshendy> I do not understand this step:
[10:55] <eahmedshendy>  /usr/sbin/mysqld {
[10:55] <eahmedshendy> jjohansen
[10:56] <eahmedshendy> I jsut added this: /etc/mysql/my.cnf.fallback   r, to  /etc/apparmor.d/usr.sbin.mysqld
[10:56] <jjohansen> eahmedshendy: okay, the profile file has format
[10:56] <eahmedshendy> what do you mean by the profile file?
[10:56] <eahmedshendy> jjohansen
[10:56] <jjohansen> yes, but you need to add it within the profile rule block
[10:57] <jjohansen> the profile within the file, will start like
[10:57] <jjohansen>   /usr/sbin/mysqld {
[10:57] <eahmedshendy> Ok
[10:57] <jjohansen> or
[10:57] <jjohansen>   profile mysqld /usr/sbin/mysqld {
[10:58] <eahmedshendy> "/usr/sbin/mysqld {" .. I found it in  /etc/apparmor.d/usr.sbin.mysqld
[10:58] <jjohansen> you can insert the rule on almost any new line between the start { and end }
[10:58] <eahmedshendy> jjohansen: that is it?
[10:58] <jjohansen> that defines the profiles rules
[10:58] <eahmedshendy> yes jjohansen I did that first
[10:58] <jjohansen> okay.
[10:59] <jjohansen> once you have that saved use
[10:59] <jjohansen>   sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
[10:59] <jjohansen> to compile the changed profile and load it into the kernel
[10:59] <jjohansen> you should then be able to try installing mysql again
[11:00] <jjohansen> you could get another denial
[11:00] <eahmedshendy> do remove then uninstall or just dpkg-reconfigure -a?
[11:00] <eahmedshendy> jjohansen
[11:00] <jjohansen> if you want you could put the profile into complain mode, where it will allow all accesses but complain about those not in the profile
[11:01] <jjohansen> eahmedshendy: err, I think you should be able to get away with dpkg-reconfigure
[11:02] <jjohansen> but it does depend on how the package has done the apparmor integration
[11:02] <eahmedshendy> jjohansen: I did not understand your sentence at all :), I did that apt-get purge --auto-remove mysql-server-5.6
[11:02] <eahmedshendy> I will install it again
[11:02] <jjohansen> eahmedshendy: sorry, what I was trying to say, is it is possible apparmor will deny other things
[11:03] <eahmedshendy> jjohansen: mmm, ok
[11:03] <jjohansen> one way to deal with this is put the profile in a complain or learning mode
[11:04] <jjohansen> that way the profile won't deny anything, but you will get messages like from your pastebin in your logs, except that they will have
[11:04] <jjohansen>   apparmor="ALLOWED" instead of
[11:04] <jjohansen>   apparmor="DENIED"
[11:05] <jjohansen> you would then use those messages just as we have done for the denied message
[11:05] <eahmedshendy> jjohansen: http://paste.ubuntu.com/13596948/
[11:05] <jjohansen> complain mode is a big help when developing profiles, as you don't have to deal with denial messages one at a time
[11:07] <eahmedshendy> the line you told me to add in apparmor is gone, I will add and use dpkg-reconfigure -a rather than purging it
[11:07] <eahmedshendy> jjohansen
[11:07] <jjohansen> eahmedshendy: hrmmm, you profile hasn't been updated, can you paste bin it?
[11:08] <jjohansen> eahmedshendy: got it, dpkg-reconfigure reinstalled the profile, wiping out your change
[11:08] <eahmedshendy> jjohansen: http://paste.ubuntu.com/13596977/
[11:08] <eahmedshendy> so?
[11:09] <jjohansen> hrmmm, actually you did a purge and then a reinstall. correct?
[11:09] <jjohansen> in that case it would have deleted the installed profile file
[11:09] <eahmedshendy> yes
[11:10] <eahmedshendy> I got what you need, just paste it now
[11:10] <eahmedshendy> jjohansen: http://paste.ubuntu.com/13597005/
[11:10] <eahmedshendy> That is OK, right?
[11:10] <jjohansen> yeah that looks good
[11:13] <eahmedshendy> jjohansen: So now I should move and try to fix the other issue of mysql, right?
[11:13] <eahmedshendy> apparmor, is clear?
[11:14] <jjohansen> eahmedshendy: yep, unless you start hitting new denial messages
[11:15] <eahmedshendy> jjohansen: I forgot to told you that, mysql-server-5.6 was working fine yesterday, untill I did restart, mysql goes down again
[11:15] <jjohansen> eahmedshendy: did you switch to systemd?
[11:16] <eahmedshendy> jjohansen: This server is new for me, I just removed a database called cassandra that was running yesterday
[11:16] <jjohansen> systemd handles restart as stop/start, instead of having a dedicated restart action like upstart or sysv init scripts
[11:17] <jjohansen> this has broken more than a few usage patterns, and has become the first question I ask when someone says something stopped working on restart
[11:18] <jjohansen> of course it depends what you mean by restart
[11:18] <eahmedshendy> there is a file called:  /etc/init/systemd-logind.conf, does that means systemd is installed?
[11:18] <eahmedshendy> jjohansen: just execute the command reboot
[11:18] <jjohansen> ah, well that wouldn't be the problem then
[11:19] <jjohansen> I'm not sure why mysqld would fail on a reboot
[11:20] <eahmedshendy> jjohansen: How to know that admin that was here made a switch to ssytemd
[11:20] <jjohansen> eahmedshendy: unless you are using systemctl restart, I wouldn't chase that path
[11:21] <eahmedshendy> No I don't have this command "systemctl"
[11:21] <eahmedshendy> on my current system
[11:21] <jjohansen> eahmedshendy: but if you want to know,
[11:21] <jjohansen>   ps aux | grep systemd
[11:21] <jjohansen> should return with pid 1 as systemd
[11:22] <eahmedshendy> jjohansen: http://paste.ubuntu.com/13597160/
[11:23] <jjohansen> eahmedshendy: nah
[11:24] <jjohansen> eahmedshendy: actual
[11:24] <jjohansen>   pstree
[11:24] <jjohansen> might be easier
[11:24] <jjohansen> systemd shows up as the root of the tree
[11:24] <eahmedshendy> It is just init
[11:24] <eahmedshendy> jjohansen
[11:24] <jjohansen> right
[11:25] <jjohansen> you just have a few cherry-picked "systemd" services
[11:26] <eahmedshendy> jjohansen: That is not what you afraid off?
[11:27] <jjohansen> eahmedshendy: if it says init you don't have systemd
[11:27] <eahmedshendy> jjohansen: yes, so this is fine
[11:27] <jjohansen> yep
[11:28] <jjohansen> so the systemd change I mentioned before is not the reason mysqld is failing
[11:28] <eahmedshendy> jjohansen: sorry for bothering you, and thank you so much for help, God bless you :)
[11:28] <eahmedshendy> jjohansen: yes
[11:31] <eahmedshendy> Is t here anyone can help with mysql-server 5.6 upgrade from 5.5 issue, or even help me to get back to 5.5.
[11:39] <eahmedshendy> http://paste.ubuntu.com/13597397/
[11:57] <rbasak> eahmedshendy: why do you have a PPA enabled?
[11:57] <rbasak> You're getting mismatched versions of the packages which can't help.
[11:58] <eahmedshendy> rbasak: I came here and found it like this
[11:58] <eahmedshendy> Should I do another thing, I am just beginner in administration
[12:02] <rbasak> You can probably repair it from where you are, but I don't have the time to go through that with you, sorry.
[12:02] <rbasak> This channel is the right place to ask for help though. Maybe somebody else will come along.
[12:03] <eahmedshendy> rbasak: no problem sir, I think try and do it, thank you very much for pointing me
[12:03] <eahmedshendy> :)
[12:03] <eahmedshendy> btw, you mean that I can update the PPA for a package that is suitable for 14.04.3
[12:09] <eahmedshendy> I have the same issue like this guys http://askubuntu.com/questions/699942/updating-to-mysql-5-6-27-fails-but-why
[12:09] <eahmedshendy> exactly
[12:10] <eahmedshendy> I think I am stuck with this problem
[12:11] <rbasak> It looks like it is because the archive has been updated ahead of the PPA in a way that makes the PPA break things.
[12:11] <rbasak> I don't understand why the PPA exists in the first place.
[12:12] <OerHeks> i just went trough http://paste.ubuntu.com/13597397/ and found mysql-server_5.6.25-3+deb.sury.org~trusty+1_all.deb == https://launchpad.net/~ondrej/+archive/ubuntu/mysql-5.6/+sourcepub/5377389/+listing-archive-extra   so you did install a ppa ....
[12:12] <rbasak> I trust ~ondrej has a good reason for creating it
[12:12] <rbasak> But perhaps it's not needed now that trusty-updates has 5.6.27?
[12:13] <eahmedshendy> OerHeks: this is your procedures? so you faced a problem like me
[12:14] <OerHeks> eahmedshendy, your issue seemed curious, but it is not, why did you not mention that PPA in the 1st place?
[12:14] <OerHeks> such info is very important.
[12:14] <eahmedshendy> OerHeks: I didn't change any PPA at all
[12:15] <eahmedshendy> OerHeks: rbasak just told me about it
[12:15] <eahmedshendy> I didn't do manaul change
[12:16] <OerHeks> no, that was before rbasak named ppa. you have added that ondrej ppa before.
[12:17] <OerHeks> ppa-purge that repo and try to install again ( not from ppa but the original packages)
[12:19] <eahmedshendy> OerHeks: just today while trying to solve the problem with everyone here, I didn't add it before
[12:25] <eahmedshendy> OerHeks: what after that .. I just deleted the two files and make apt-get update
[12:27] <rbasak> cpaelzer: thank you for your feedback! I updated that paragraph and sent the email.
[12:27] <eahmedshendy> Because I got this error when trying to do it with ppa-purge http://paste.ubuntu.com/13598152/
[12:27] <cpaelzer> rbasak, thank you - I'm eager to see what the responses will be like
[12:28] <cpaelzer> rbasak: within dpdk do you know if we just dropped the kernel modules without replacement or if we deliver them with the kernel?
[12:29] <eahmedshendy> OerHeks: I will try to reset the server repositories to its default
[12:30] <OerHeks> removing those 2 files does not work well, you should use ppa-purge, with the correct name of the ppa.
[12:31] <OerHeks> !ppapurge
[12:32] <rbasak> cpaelzer: I'm not sure. smb maybe knows? ^^
[12:32] <cpaelzer> rbasak: he went offline, will ask him later/tomorrow
[12:43] <eahmedshendy> OerHeks: I created them manually
[12:54] <eahmedshendy> OerHeks: http://paste.ubuntu.com/13598538/
[12:54] <eahmedshendy> ?
[13:16] <smb> cpaelzer, rbasak, if the question was about the kernel modules. There are two which are usable and shipped with the standard kernel. uio-pci-generic and vfio-pci
[13:17] <cpaelzer> smb: the question was about the two .ko's that would be build in the dpdk source igb_uio.ko and rte_kni.ko IIRC
[13:18] <cpaelzer> smb: those are disabled for obvious build and packaging issues, but I wondered if those would be required in some way
[13:18] <smb> cpaelzer, Ok, yeah. Those should no longer be required (starting with dpdk 2.0) and the kernel ones being used
[13:18] <cpaelzer> smb: ok because they are still default on thx
[13:19] <cpaelzer> smb: FYI dpdk 2.2 no more builds with your trick to go to the lowest cpu/sse level
[13:19] <smb> cpaelzer, That is indeed a bit odd but the recommendation for that also came from upstream sort of
[13:19] <cpaelzer> smb: that is good to hear that this recommendation to disable them came from there
[13:20] <cpaelzer> smb: I'll have to search for "the new lowest" denominator that would build
[13:20] <smb> cpaelzer, hm, the "trick" was to use the machine level option. If that no longer builds ...
[13:20] <cpaelzer> smb: yeah I saw you configured thr T=..native, but then set RTE_MACHIEN=default
[13:20] <cpaelzer> smb: the rte.vars for default refer to core2 as the march
[13:20] <smb> Either they think they fixed online detection
[13:21] <cpaelzer> smb: and that is now too low as some code needs newer than that cpu features now
[13:21] <smb> Right the T is just to pick one of the template configs they ship
[13:21] <cpaelzer> right, but "native" depends on the build environment and is no option
[13:22] <cpaelzer> so seems core2 as of dpdk 2.2
[13:22] <cpaelzer> I'll have to search for the new "low"
[13:22] <cpaelzer> level that is acceptable
[13:22] <smb> Yes, so if default which is (or was supposed to be) a supported option no longer works it might be time to report them a bug
[13:22] <cpaelzer> smb: I fully agree, but for that I need to find out what would :-)
[13:23] <cpaelzer> smb: on the good side with that it fails upstream just as much as in the dpkg build environment
[13:23] <cpaelzer> smb: so it will be easy to report the bug
[13:23] <smb> cpaelzer, :) yeah. or play innocent and ask them what goes wrong there :)
[13:24] <cpaelzer> smb: not now after we wrote on a public channel and then innocent is a decade or more ago :-P
[13:25] <smb> cpaelzer, Note that I say "play" ;)
[16:12] <Melbatje> Hello, I need some help with my Ubuntu server, I have a VM running on my Windows 10 PC and would like to share some storage so I access that on my VM. Does anyone have any clue how to do that with Samba and what settings?
[16:16] <Melbatje> does anyone read this message? xd
[16:17] <lordievader> Melbatje: What hypervisor are you using?
[16:17] <Melbatje> Hyper-V
[16:18] <lordievader> Hmm, wouldn't be surprised if it hase some kind of a folder share function. However I am not familiar with hyper-v.
[16:18] <Melbatje> lordievader: I'm using Hyper-V
[16:18] <Melbatje> lordievader: I'm going to check that, thanks :P
[18:48] <crveni> hi
[18:49] <crveni> is server 15.10 have graphical environment?
[18:49] <sarnold> you can apt-get install whatever you want
[18:50] <crveni> I know, but I don't know how install unity
[18:51] <crveni> and how to make them startup
[18:51] <sarnold> apt-get install unity ought to get most of the way there
[18:51] <ianorlin> I would not recommend it
[18:52] <ianorlin> as acessing the ui over the network is not the best
[18:52] <ianorlin> if locally I usually like to run an ubuntu-server virtual machine in just a normal desktop
[18:53] <crveni> me nead web server local
[18:53] <sarnold> you don't need a gui for that :)
[18:54] <crveni> yes i nead gui, bicose i use this laptop for development
[18:54] <ianorlin> actually gvfs is a quite nice way to transfer things like pictures to a web server
[18:55] <crveni> i dont know, i love ubuntu :)
[18:55] <crveni> and trying to meet them very well
[18:56] <sarnold> crveni: ah. feel free to install the desktop then and just apt-get install the server packages as you need them :)
[18:56] <sarnold> laptops are funny creatures, it's way easier to get them to work if you just go with the whole desktop thing up front
[18:56] <crveni> @sarnold I do it last week :)
[18:57] <crveni> i loveee ubuntu
[18:57] <crveni> :)
[18:59] <crveni> Do you everbody know where is Serbia?
[18:59] <crveni> I from Serbia :)
[18:59] <simosx> o/
[18:59] <crveni> Novak Djokovic :) :)
[19:00] <crveni> We in serbia wery love ubuntu :)
[19:02] <crveni> ok, nobody will not talk for me :(
[19:03] <simosx> crveni, I said "hi".
[19:04] <crveni> hi simosx
[19:04] <crveni> :)
[19:04] <crveni> which system simosx you have?
[19:05] <simosx> I use 'DigitalOcean' for server.
[19:05] <m1dnight_> Hello guys. I'm in a bit of pickle with duplicity. I have a server `daytona` which serves as the storage for backups from my other machine `testarossa`. Testarossa uses duplicity and backsup via sftp. On testarossa, as root, I can ssh to daytona with the user `backupper`. I can run the duplicity command in the terminal as well. But hwen I put the duplicity command in a bash script (which runs fine as
[19:05] <m1dnight_> well from the commandline) and run it as a cronjob, I keep getting connection refused errors on the sshbackend of duplicity.
[19:05] <m1dnight_> Any tips?
[19:06] <crveni> simosx what is thet :)?
[19:06] <crveni> that?
[19:06] <sarnold> m1dnight_: probably your cronjob doesn't use the same ssh agent that your shells use
[19:06] <simosx> crveni, it's a Virtual Private Server (VPS). You get a server on the cloud (you connect with SSH). It is great to learn about servers.
[19:07] <m1dnight_> sarnold: how can I fix that, then?
[19:07] <sarnold> m1dnight_: run ssh-add -l to see if you have keys in your agent..
[19:07] <m1dnight_> It used to work fine, but when I reinstalled the server it stopped working.
[19:08] <crveni> simosx that is expensive for me :)
[19:09] <m1dnight_> Hm, sarnold that gave me that no agent was running, did eval `ssh-agent -s` now and added the private key. ill see what will happen now.
[19:09] <m1dnight_> Testing the cronjob again.
[19:09] <simosx> crveni, you are paying as long as the server is active. if you look into it, it's somewhat affordable.
[19:09] <sarnold> m1dnight_: the cronjob runs in an environment started by cron, seperate from your shells.. if the ssh agent is running, you can give the cron jobs access by adding the right environment variables..
[19:10] <m1dnight_> `BackendException: ssh connection to backupper@192.168.1.120:22 failed: [Errno 111] Connection refused` still
[19:10] <m1dnight_> oh can you point me in the right direction then, please?
[19:10] <sarnold> m1dnight_: oh, you know, connection refused suggests something else is going on.
[19:11] <crveni> ok simosx
[19:11] <m1dnight_> sarnold: yes, but the weird thing is that I can ssh to the machine just fine..
[19:11] <sarnold> m1dnight_: try a cronjob with something like echo "" | nc 192.168.1.120 22
[19:11] <m1dnight_> And Im using the exact same user..
[19:13] <crveni> can I install the DNS server and they will charge domain
[19:13] <crveni> simosx?
[19:13] <crveni> :)
[19:14] <simosx> crveni, when you get a domain, they often give you DNS management for free. If you do not get free DNS management, you can use https://www.namecheap.com/domains/freedns.aspx
[19:15] <simosx> crveni, if you do not have a domain, and you want a free one, you can try out http://www.freenom.com/ (includes free DNS management).
[19:16] <crveni> no simosx, you dont understand , how can I sell thousend .com domains?
[19:17] <simosx> crveni, selling .com domains is a job called "Domain Registrar". It's kinda out of the scope in learning about servers.
[19:19] <m1dnight_> sarnold: where would I find the output of that? dmesg is empty.
[19:20] <sarnold> crveni: do you just want to host a few thousand domains as a host? or do you actually want to become a registrar?
[19:20] <crveni> ok simosx. that job interesting for me :) easy mony
[19:20] <sarnold> m1dnight_: check your mail, cron mails the output to you
[19:20] <m1dnight_> aha
[19:20] <m1dnight_> SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
[19:20] <m1dnight_> Protocol mismatch.
[19:20] <m1dnight_> Shouldn't it negotiate for a proper protocol?
[19:22] <sarnold> m1dnight_: interesting. the echo "" | nc   just sends a blank string to the remot ehost and returns what the remote host's banner was
[19:22] <crveni> yes simosx, I do to become registrar
[19:22] <sarnold> m1dnight_: so at least your cronjob can make outgoing connections to that host just fine.
[19:23] <m1dnight_> Glad you find it interesting :>
[19:23] <m1dnight_> Using it in the shell shows me the same output.
[19:24] <m1dnight_> Hmmm
[19:25] <crveni> I want to become registrar, and don't know how :)
[19:25] <m1dnight_> aha, dist-upgrade installs some updates to libssl so it seems.
[19:25] <m1dnight_> Let's see where that brings us
[19:26] <shauno> I'm not sure I'd call it 'easy money'.  domains strike me as a 'race to the bottom' unless you can parcel it in a wider package
[19:27] <nat0> Can anyone tell my why preseeding a fresh install of 14.04 fails after searching for dists/trusty-updates/Release, which doesn't even exist on the 14.04 installer DVD?
[19:27] <simosx> shauno, also DV certificates are likely to follow the same path.
[19:28] <crveni> shauno I thought to do the all via computer
[19:29] <crveni> i have to become a hacker :)
[19:29] <crveni> i love this job :)
[19:31] <crveni> does anyone know the web development project for free?
[19:32] <crveni> I have a project and need a worker
[19:33] <sarnold> there are more ideas than there are developers; in general, developers need to be paid
[19:33] <crveni> i work for free
[19:34] <crveni> money arriving later
[19:34] <crveni> It is an advertising site, I hope it will be members
[19:36] <shauno> I think you would have enjoyed the dotbomb era, but you're almost 20 years too late.  I can't think of a nicer way to put that.
[19:37] <crveni> :) shauno
[19:38] <sarnold> hehe
[19:38] <crveni> I thought to do the site where it will be distributed, advertised IT projects
[19:38] <crveni> shere IT job
[19:38] <crveni> share
[19:39] <crveni> freelancing site
[19:39] <sarnold> fivr vworker monster ...
[19:40] <crveni> i am big deady
[19:40] <crveni> dady
[19:40] <crveni> :)
[19:41] <crveni> nice too meet you everybody
[19:41] <nat0> Does anyone know why anna, the package installer in debian-installer, requires Release signatures for an update branch even while attempting a fresh install?
[19:42] <sarnold> have fun crveni :)
[19:42] <sarnold> nat0: probably to make sure that you're not installing maliciously supplied updates
[19:42] <crveni> my site is http://www.elvescode.com but is serbish language
[19:42] <nat0> sarnold: then shouldn't those release signatures be included on the install DVD?
[19:42] <nat0> Because they'
[19:42] <nat0> re not, preventing me from installing anything.
[19:43] <sarnold> nat0: the Release files are periodically updated, see e.g. http://mirrors.kernel.org/ubuntu/dists/trusty-updates/Release   "Date: Tue, 01 Dec 2015 12:00:33 UTC
[19:44] <nat0> I'm pxebooting 14.04.3's DVD1.  It loads the kernel and squashfs image fine.  The preseed file correctly repartitions the drive.  Then it verifies the release signatures, and 404's on dists/trusty-updates/Release.
[19:44] <sarnold> nat0: because the Release files are updated periodically, their signatures can't be burned onto an install media
[19:44] <sarnold> nat0: which mirror?
[19:45] <nat0> It's a local mirror I've manually created by essentially rsycing the contents of 14.04.3's DVD1 image onto a local filesystem served over HTTP.
[19:45] <teward> well there's one of the issues there - the release files are updated periodically and don't exist on the DVD images then
[19:45] <sarnold> nat0: ah; then either also grab the trusty-updates tree off a mirror too, or figure out how to tell the installer that it shouldn't update packages during the install
[19:46] <sarnold> nat0: .. of course you'll want to apply the updates immediately after you're done if you don't update the packages during the install
[19:47] <nat0> sarnold: Thanks.  I thought I'd done the latter by setting the pkgsel/update-policy to none.
[19:47] <nat0> In the preseed file that is.
[19:48] <crveni> have fun geeks :) i get out
[19:48] <sarnold> hmmm that might be worth a bug report then :)
[19:49] <nat0> ugh
[19:49] <nat0> I might just remove ubuntu as an option from this provisioning server.
[19:50] <sarnold> are the updates really too difficult to mirror?
[19:50] <teward> nat0: better question, why not run a local repo mirror for that release and put 1TB of space for each, or twice that much if you want to support two different releases
[19:52] <nat0> sarnold: clients will not be using this server to update their own packages, so it's unnecessary to include them.
[19:53] <sarnold> nat0: ahh
[19:53] <nat0> tweard: again, I don't need to update machines from this server, and using 2TB of space to mirror one release is a bit absurd.
[19:53] <sarnold> I think the archives are something like 900gigs total for all currently supported releases
[19:53] <nat0> This server will only be provisioning new clients, on an airgapped network, from a series of local mirrors made directly from distribution release images.
[19:55] <teward> sarnold: eesh, so i'll have to build a 5TB RAID array in my next private-mirror server
[19:55] <teward> maybe my workplace will let me use their bandwidth to download the files on that server
[19:56] <sarnold> teward: I'm looking at building one myself, and went looking through our NFS mounted archive the other day.. I came to the conclusion that it'd probably be a bit more than one TB once we have a third supported LTS release again, and a bit more than that once the 'newest releases' aren't also LTS releases..
[19:57] <sarnold> teward: so 2tb sounds like a nice plan, if I've checked the right things :)
[19:59] <m1dnight_> sarnold: looks like it is fixed with the upgrade..
[19:59] <m1dnight_> Knock on wood
[19:59] <sarnold> m1dnight_: woot!
[19:59]  * m1dnight_ knocks on his head
[19:59] <m1dnight_> *ha ha*
[19:59] <sarnold> m1dnight_: granted, it doesn't make -sense- to me, but hooray for a fix.
[19:59] <m1dnight_> Yep worked fine. Cronjob finished..
[20:00] <sarnold> m1dnight_: crazy.
[20:05] <teward> sarnold: true, but i also need a Debian mirror
[20:05] <teward> because i have four debian vms
[20:05] <teward> so that's what, another 1TB maybe?
[20:05] <sarnold> teward: hmm, dunno, I don't know a quick way to measure that
[20:06] <teward> sarnold: indeed.
[20:06] <teward> 5TB array of disks should be fine though
[20:27] <hackeron> anyone has any ideas what could be causign this boot problem with Kernel 4.2? < https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1521749
[20:29] <sarnold> hackeron: how about /var/log/syslog.0 or similar rotated files?
[20:30] <sarnold> hackeron: how about systemd's journals?
[20:32] <teward> hackeron: also consider there's a request for *more information* in the bug
[20:32] <teward> either run apport-collect 1521749 or if you actually can't boot as such comment accordingly on the bug and change the status to Confirmed
[20:35] <hackeron> sarnold: /var/log/syslog.0 shows yesterday's log - /var/log/syslog shows a successful boot (3.19), then shows a gap where all the failed boots are (4.2.0), then shows the next successful boot
[20:36] <sarnold> hackeron: ouch :(
[20:36] <hackeron> sarnold: just checked journalctl - also nothing
[20:37] <TJ-> hackeron: try editing the kernel command-line, add "systemd.unit=emergency.target" see if you can get that far
[20:37] <hackeron> teward: that wasn't there a second ago, heh - trying
[20:41] <hackeron> TJ-: If I select "Ubuntu, with Linux 4.2.0-19-generic (recovery mode)" from the list - it boots into the recovery console, so I am guessing yes
[20:43] <TJ-> hackeron: I'd look at the various targets systemd goes through on its way to multiuser.target, and boot to each in turn until you hit the issue
[20:44] <TJ-> hackeron: or, do a bisect on the list of targets
[20:47] <TJ-> hackeron: it looks like the local-fs-pre us good, so do "grep -rn 'local-fs-pre' /lib/systemd/*" and then try to get to "local-fs.target"
[20:48] <hackeron> TJ-: ah, that's a good idea - I will try that
[20:50] <TJ-> hackeron: unfortunately systemd doesn't make it too easy (like sysv-init) to figure out the order so you have to dig
[20:50] <hackeron> TJ-: is there anyway to get a list of what runs after the emergecy.target in order? - looks a bit of a maze otherwise
[20:50] <hackeron> TJ-: ah, ok, that answers that question, heh
[20:51] <TJ-> You've got 'targets' which I think of as groups of 'services', and you've got 'wants' which targets/services declare as their dependencies
[20:55] <hackeron> TJ-: thank you, will play around in a little bit, just going for a quick job. Hopefully will be able to narrow it down. It seems the next target after the one it reaches is Bluetooth, hmmm
[20:55] <hackeron> jog*
[20:56] <TJ-> hackeron: I found "systemd-analyze critical-chain" will provide the list you need
[20:57] <teward> hackeron: thoug that apport-collect should be run under the affected kernel
[20:57] <teward> and if you can't boot to that then...
[22:32] <smackusrevival> how do i know whether a server has experienced a dos attack?
[22:38] <bekks> smackusrevival: you will notice it by not being able to reach the service.
[22:38] <bekks> DoS == Denial of Service.
[23:00] <smackusrevival> what if access is super-slow but does eventually respond?
[23:00] <hackeron> teward: TJ: Ah, correction, it does not boot into the recovery console either - or rather it seems intermittent -- sometimes it boots, most of the time it does not :( (with kernel 4.2 -- boots fine with 3.19)
[23:01] <smackusrevival> also, notices a large spike in traffic at one point yesterday which took entire allocated memory of server to maximum during this time.
[23:05] <bekks> smackusrevival: those are symptoms of a DoS.
[23:09] <smackusrevival> bekks: thanks, i think so. problem is, server is still slow, yet everything still intact. i am not too sure what to do next. i have taken server offline until i can resolve.
[23:21] <teward> hackeron: make sure that's noted in the bug
[23:23] <hackeron> teward: yeh, I updated the description - I managed to get into the emergency console by adding systemd.unit=emergency.target -- but as soon as I try to do anything, like start apport for example - it freezes :/ - added a screenshot to the bug report too
[23:27] <smackusrevival> bekks: just performed security scan on entire server data. found nothing suspicious.
[23:27] <bekks> smackusrevival: Thats because a DoS attack happens from outside your computer.
[23:28] <smackusrevival> bekks: so why would it still be really slow?
[23:29] <bekks> Thats what you have to investigate. There are a gazillion of possible reasons, like excessive swap usage, excessive memory usage, etc.
[23:30] <smackusrevival> memory usage at normal and swap is 0%.
[23:31] <smackusrevival> all resources seem normal.
[23:36] <smackusrevival> this is either an external network provider issue beyond our control, or an sql issue. i believe the former.
[23:37] <bekks> Since you took it offline, it isnt.
[23:41] <smackusrevival> should a wordpress page load when loading with localhost
[23:41] <smackusrevival> ?
[23:44] <bekks> Depends on your webserver configuration.
[23:45] <smackusrevival> if sql was corrupted, would this be a sign of an attack on the actual sql db?
[23:45] <bekks> Not necessarily.
[23:47] <smackusrevival> bekks: what would i be looking for?
[23:48] <bekks> Logs, reasons for the sql db being corrupted, things that appear in your webserver logs, things that appear in the system logs, etc.
[23:48] <smackusrevival> ok, i know what i will be doing today. reading logs. :-(
[23:49] <quantic> smackusrevival: infosec 101. welcome to my world.
[23:49] <smackusrevival> lol, why do we do this job.
[23:49] <teward> smackusrevival: because if we don't do it nobody will and everything dies
[23:49] <bekks> Because we didnt listen to our parents and didnt get another job :P
[23:50] <teward> smackusrevival: that said, if this is a place where you can add hardware to the infrastructure, a IDS/IPS would be nice
[23:50] <teward> (adding one can help protect sometimes against some DoS vectors)
[23:51] <smackusrevival> yeah increased security hardware is something our company will be looking at. hopefully sooner rather than later...
[23:59] <smackusrevival> odd, apache logs show nothing at the time of the alleged attacks.