/srv/irclogs.ubuntu.com/2015/12/03/#ubuntu-server.txt

keithzgYeah, I try to stay on top of news and otherwise check whenever I have downtime and don't think it'll disrupt anyone, and as well check on weekends.00:04
keithzgToday everyone at the office has emptied out quite early, for instance, so it's time for some updates :D00:04
bekksUnless we're talking about kernel updates, users most likely dont even notice non-downtime patches.00:05
keithzgTrue true.00:05
keithzgIt does depend on the role of the system though; on our Subversion server, for instance, if either subversion, apache2, or sshfs were updated while a commit was being made it *might* cause issues.00:07
keithzgConversely, with our bugtracker they'd pretty much have to be hitting submit on something at the *exact* wrong time.00:08
keithzgTime for kernel updates today anyways, thanks to the security fixes.00:14
keithzg(is there a bot for referencing security notices in this channel? I guess I can just paste the URL: http://www.ubuntu.com/usn/usn-2823-1/ )00:15
=== Lcawte is now known as Lcawte|Away
=== KnownSyntax_ is now known as KnownSyntax
samy1028Does anyone have a pointer on best practices when increasing allocated HD in an Ubuntu Server VM using LVM?  For server 2012r2 I can dymaically increase the space in ESXi / vCenter and then just extend the volume in the still running server 2012r2 VM.03:42
samy1028Can this be done in Linux / Ubuntu-Server?03:43
quanticsamy1028: insufficient data. How is the space presented to the VM?03:43
samy1028quantic, sorry for the delay, was off reading docs.04:30
samy1028quantic, I want to setup 2 HD's for an ubuntu server VM.04:31
samy10281st HD has 40GB (operating system)04:31
samy10282nd HD has 5TB (mounted under /var/logs/devices)04:32
samy1028In the future I will probably need to increase this to 8TB or even 10TB.04:32
samy1028Can I increase this 2nd HD allocation to 10TB and have Linux see it without a reboot like Windows can?04:33
payloadwhy are the package servers so slow05:08
=== IdleOne is now known as Guest25649
=== Lcawte|Away is now known as Lcawte
=== Guest25649 is now known as IdleOne
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== Ursinha_ is now known as Ursinha
=== Piper-Off is now known as Monthrect
sorin-mihaianyone can guild me to get a maas installed corectly?15:43
sorin-mihaier, guide15:43
=== MACscr1 is now known as MACscr
sorin-mihaiso... nobody using maas?16:42
jpdssorin-mihai: sudo apt-get install maas maas-dhcp maas-dns16:44
jpdssorin-mihai: Then go to the web UI and setup your networks16:45
jpdssorin-mihai: And that's pretty much it16:45
sorin-mihainot really...16:45
jpdssorin-mihai: And why not?16:45
sorin-mihaione sec16:45
sorin-mihaiso i have already a maas-ens3 network, auto created...16:47
jpdssorin-mihai: OK16:59
sorin-mihaijpds, so, i added network...17:06
sorin-mihaibut i still have the error "Boot image import process not started. Nodes will not be able to provision without boot images. Visit the boot images page to start the import."17:07
sorin-mihaiand pressing Import images does nothing.17:07
jpdssorin-mihai: Check tcpdump17:08
jpdssorin-mihai: Those boot images aren't small17:08
sorin-mihaii see nothing else than the ssh connection17:09
Lukehey guys. I want to set up a shared dir but use ACLs to enforce that the group and group permissions are always preserved17:35
Lukeanyone know a good guide for that?17:35
=== cpaelzer_ is now known as cpaelzer
sarnoldLuke: normally it's sufficient to set the setgid bit on the directory18:14
sarnoldLuke: do you have apps or users that violate that agreement?18:14
Lukenot sure18:15
Lukesarnold: it's mercurial is the app18:15
Lukei want multiple users to be able to push to the mercurial shared folder as their own users via ssh18:15
sarnoldLuke: I'd try the setgid directory first and see how that works out18:17
Lukeok thanks18:17
Lukei18:17
Lukei've never set this up myself before. in the past we had IT professionals do it and we always had problems even with setguid18:17
Lukenot sure why exactly18:17
Lukei want the user to be always set to a generic user as well18:17
Lukeso like hg:hg user:group would always be all files recurisvely in the folder18:18
Lukeeven if I push as luke:hg18:18
sarnoldahh, that part probably requires having a daemon on the system do all the work on behalf of users18:18
Lukethen the hg group is what gives the full permission18:18
sarnoldor all the users sharing a single userid, which is somewhat gross to think about..18:18
Lukemercurial doesn't use a daemon. it just runs as the user on demand18:18
sarnoldand no one's written a daemon wrapper?18:19
Lukewell i guess even if the files were all owned by different users but the group is enforced, that may be fine18:19
Lukesarnold: no. what would that look like?18:19
Lukessh is the daemon in this case18:19
sarnoldLuke: it might be a wrapper around the hg binary on the server..18:19
Lukeand do what?18:20
sarnoldeww18:20
sarnoldI just thought of something a bit gross but might accomplish this18:20
Lukehg is a program just like cat or mv so it doesnt make sense to daemonize it18:20
sarnoldare there usrs on the server that shouldn't have access?18:20
Lukeyeah probably18:20
Lukethough not currently18:20
Lukeall the necessary users have access via a group18:21
sarnoldalright, then the complex method.. set the hg executable to hg:hg, set the setuid and setgid bits on the executable so it runs with that user and group. But the trick is to store the hg executable in a directory that is only accessible to members of the allowed group.18:22
Lukehmm isee18:22
sarnoldso stuff it in /usr/local/sarnoldsuglyhack/bin/hg18:22
Lukeright18:22
sarnoldset /usr/local/sarnoldsuglyhack to root:lukesproject  75018:23
Lukeit seems like i should be able to leave hg bin alone and just have the files themselves always be owned by the same user and group recursively18:23
sarnoldthen users not in lukesproject group can't traverse the directory to the setuid / setgid hg executable18:23
sarnoldLuke: owner is the tricky bit. unix isn't really set up to make that easy.18:23
Lukewhat about just group?18:23
Lukeall the files can be owned by whatever user randomly created the file but the group would be the shared group with 7 permissions18:24
sarnoldfor group, there's the setgid bit on directories, but processes are free to set the gid on any file they have permission to modify, so they could change it. and probably some do.18:24
Lukeas long as mercurial doesn't setgid on it we're fine18:26
Lukei'll have to mess aroudn with these ideas. thank you18:27
sarnoldhave fun :)18:28
ponyofdeathhi, do I need to re-compile the apache2 deb to get fips support in 12.04?18:39
hallyndannf: (i assume answer is no, but) have you by chance looked at all into enabling seccomp in qemu on other arches?19:35
hallynjust asking since you did the version loosening patch :)19:35
=== Monthrect is now known as Piper-Off
=== Lcawte|Away is now known as Lcawte
beisnercoreycb, o/21:11
Rar9hi can some help me with this error21:11
Rar9adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating.21:11
Rar9update-alternatives: using /etc/zookeeper/conf_example to provide /etc/zookeeper/conf (zookeeper-conf) in auto mode21:11
Rar9Setting up zookeeperd (3.4.5+dfsg-1)21:11
Rar9what do i need to change ?21:12
tarpmanRar9: where is the error?21:12
coreycbbeisner, o/21:12
Rar9when i enter sudo apt-get install zookeeperd21:13
bekksRar9: And where is the error?21:14
Rar9so is the process running now or do i have to do something to the directory owner?21:14
beisnercoreycb, sanity check on http://paste.ubuntu.com/13651987/  for Juno proposed --> updates plz21:14
bekksRar9: Did the command finish?21:15
Rar9adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating.21:15
Rar9last line is "zookeeper start/running, process 1744"21:15
bekksRar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no?21:15
tarpmanRar9: "Warning" is not an error.21:15
Rar9sorry I´m a windows user :-(21:16
Rar9I just want to setup Basic Auth for Solr 5.3.121:16
Rar9and are struggling with zookeeper already21:16
coreycbbeisner, looks like glanceclient was already promoted but looks good other than that21:17
bekks< bekks> Rar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no?21:17
Rar9bekks the command finished... just with the warning.21:18
beisnercoreycb, looks to me like python-glanceclient | 1:0.14.0-0ubuntu1~cloud1 from proposed will supersede 1:0.14.0-0ubuntu1~cloud0 in updates.  unless my report needs +1hr that is.21:19
bekksRar9: So without errors. And zookeeper was installed.21:19
Rar9how do i check if its now running?21:20
bekksps -ef | grep zookeeper21:20
bekksIf it isnt running, start it.21:21
Rar9ok. looks like it started21:22
coreycbbeisner, sorry, you're right.  the cloud archive report is showing it green for some reason, threw me off.21:23
beisnerpesky colors anyhow21:23
Rar9so i don´t have to worry about the user permission for zookeeper?21:24
beisnercoreycb, ok juno proposed pushed to updates.  thanks for your work on all that!21:27
coreycbbeisner, thanks!21:27
Rar9Now for Solr Basic Authentification how do i create Usernames and passwords (as a sha256(password+salt) hash)  ??21:28
trippehhuh. qemu security update restarted my VMs.22:09
trippehthat must be new :P22:09
Slingmy vm's restart themselves when they get kernel updates :)22:11
Slingunattended-upgrades ftw22:11
trippehof course VMs without the start-at-boot flag set didnt start :P22:15
trippehah, libvirt-bin updated around the same time, for a minor apparmor profile change looks like.22:24
trippehI wonder if it rebooted vms before or after qemu got its fixes.22:24
trippeh*checks*22:24
trippehafter, lookslike22:30
trippehlucky.22:30
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!