[00:04] Yeah, I try to stay on top of news and otherwise check whenever I have downtime and don't think it'll disrupt anyone, and as well check on weekends. [00:04] Today everyone at the office has emptied out quite early, for instance, so it's time for some updates :D [00:05] Unless we're talking about kernel updates, users most likely dont even notice non-downtime patches. [00:05] True true. [00:07] It does depend on the role of the system though; on our Subversion server, for instance, if either subversion, apache2, or sshfs were updated while a commit was being made it *might* cause issues. [00:08] Conversely, with our bugtracker they'd pretty much have to be hitting submit on something at the *exact* wrong time. [00:14] Time for kernel updates today anyways, thanks to the security fixes. [00:15] (is there a bot for referencing security notices in this channel? I guess I can just paste the URL: http://www.ubuntu.com/usn/usn-2823-1/ ) === Lcawte is now known as Lcawte|Away === KnownSyntax_ is now known as KnownSyntax [03:42] Does anyone have a pointer on best practices when increasing allocated HD in an Ubuntu Server VM using LVM? For server 2012r2 I can dymaically increase the space in ESXi / vCenter and then just extend the volume in the still running server 2012r2 VM. [03:43] Can this be done in Linux / Ubuntu-Server? [03:43] samy1028: insufficient data. How is the space presented to the VM? [04:30] quantic, sorry for the delay, was off reading docs. [04:31] quantic, I want to setup 2 HD's for an ubuntu server VM. [04:31] 1st HD has 40GB (operating system) [04:32] 2nd HD has 5TB (mounted under /var/logs/devices) [04:32] In the future I will probably need to increase this to 8TB or even 10TB. [04:33] Can I increase this 2nd HD allocation to 10TB and have Linux see it without a reboot like Windows can? [05:08] why are the package servers so slow === IdleOne is now known as Guest25649 === Lcawte|Away is now known as Lcawte === Guest25649 is now known as IdleOne === Lcawte is now known as Lcawte|Away === Lcawte|Away is now known as Lcawte === Lcawte is now known as Lcawte|Away === Ursinha_ is now known as Ursinha === Piper-Off is now known as Monthrect [15:43] anyone can guild me to get a maas installed corectly? [15:43] er, guide === MACscr1 is now known as MACscr [16:42] so... nobody using maas? [16:44] sorin-mihai: sudo apt-get install maas maas-dhcp maas-dns [16:45] sorin-mihai: Then go to the web UI and setup your networks [16:45] sorin-mihai: And that's pretty much it [16:45] not really... [16:45] sorin-mihai: And why not? [16:45] one sec [16:47] so i have already a maas-ens3 network, auto created... [16:59] sorin-mihai: OK [17:06] jpds, so, i added network... [17:07] but i still have the error "Boot image import process not started. Nodes will not be able to provision without boot images. Visit the boot images page to start the import." [17:07] and pressing Import images does nothing. [17:08] sorin-mihai: Check tcpdump [17:08] sorin-mihai: Those boot images aren't small [17:09] i see nothing else than the ssh connection [17:35] hey guys. I want to set up a shared dir but use ACLs to enforce that the group and group permissions are always preserved [17:35] anyone know a good guide for that? === cpaelzer_ is now known as cpaelzer [18:14] Luke: normally it's sufficient to set the setgid bit on the directory [18:14] Luke: do you have apps or users that violate that agreement? [18:15] not sure [18:15] sarnold: it's mercurial is the app [18:15] i want multiple users to be able to push to the mercurial shared folder as their own users via ssh [18:17] Luke: I'd try the setgid directory first and see how that works out [18:17] ok thanks [18:17] i [18:17] i've never set this up myself before. in the past we had IT professionals do it and we always had problems even with setguid [18:17] not sure why exactly [18:17] i want the user to be always set to a generic user as well [18:18] so like hg:hg user:group would always be all files recurisvely in the folder [18:18] even if I push as luke:hg [18:18] ahh, that part probably requires having a daemon on the system do all the work on behalf of users [18:18] then the hg group is what gives the full permission [18:18] or all the users sharing a single userid, which is somewhat gross to think about.. [18:18] mercurial doesn't use a daemon. it just runs as the user on demand [18:19] and no one's written a daemon wrapper? [18:19] well i guess even if the files were all owned by different users but the group is enforced, that may be fine [18:19] sarnold: no. what would that look like? [18:19] ssh is the daemon in this case [18:19] Luke: it might be a wrapper around the hg binary on the server.. [18:20] and do what? [18:20] eww [18:20] I just thought of something a bit gross but might accomplish this [18:20] hg is a program just like cat or mv so it doesnt make sense to daemonize it [18:20] are there usrs on the server that shouldn't have access? [18:20] yeah probably [18:20] though not currently [18:21] all the necessary users have access via a group [18:22] alright, then the complex method.. set the hg executable to hg:hg, set the setuid and setgid bits on the executable so it runs with that user and group. But the trick is to store the hg executable in a directory that is only accessible to members of the allowed group. [18:22] hmm isee [18:22] so stuff it in /usr/local/sarnoldsuglyhack/bin/hg [18:22] right [18:23] set /usr/local/sarnoldsuglyhack to root:lukesproject 750 [18:23] it seems like i should be able to leave hg bin alone and just have the files themselves always be owned by the same user and group recursively [18:23] then users not in lukesproject group can't traverse the directory to the setuid / setgid hg executable [18:23] Luke: owner is the tricky bit. unix isn't really set up to make that easy. [18:23] what about just group? [18:24] all the files can be owned by whatever user randomly created the file but the group would be the shared group with 7 permissions [18:24] for group, there's the setgid bit on directories, but processes are free to set the gid on any file they have permission to modify, so they could change it. and probably some do. [18:26] as long as mercurial doesn't setgid on it we're fine [18:27] i'll have to mess aroudn with these ideas. thank you [18:28] have fun :) [18:39] hi, do I need to re-compile the apache2 deb to get fips support in 12.04? [19:35] dannf: (i assume answer is no, but) have you by chance looked at all into enabling seccomp in qemu on other arches? [19:35] just asking since you did the version loosening patch :) === Monthrect is now known as Piper-Off === Lcawte|Away is now known as Lcawte [21:11] coreycb, o/ [21:11] hi can some help me with this error [21:11] adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating. [21:11] update-alternatives: using /etc/zookeeper/conf_example to provide /etc/zookeeper/conf (zookeeper-conf) in auto mode [21:11] Setting up zookeeperd (3.4.5+dfsg-1) [21:12] what do i need to change ? [21:12] Rar9: where is the error? [21:12] beisner, o/ [21:13] when i enter sudo apt-get install zookeeperd [21:14] Rar9: And where is the error? [21:14] so is the process running now or do i have to do something to the directory owner? [21:14] coreycb, sanity check on http://paste.ubuntu.com/13651987/ for Juno proposed --> updates plz [21:15] Rar9: Did the command finish? [21:15] adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating. [21:15] last line is "zookeeper start/running, process 1744" [21:15] Rar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no? [21:15] Rar9: "Warning" is not an error. [21:16] sorry I´m a windows user :-( [21:16] I just want to setup Basic Auth for Solr 5.3.1 [21:16] and are struggling with zookeeper already [21:17] beisner, looks like glanceclient was already promoted but looks good other than that [21:17] < bekks> Rar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no? [21:18] bekks the command finished... just with the warning. [21:19] coreycb, looks to me like python-glanceclient | 1:0.14.0-0ubuntu1~cloud1 from proposed will supersede 1:0.14.0-0ubuntu1~cloud0 in updates. unless my report needs +1hr that is. [21:19] Rar9: So without errors. And zookeeper was installed. [21:20] how do i check if its now running? [21:20] ps -ef | grep zookeeper [21:21] If it isnt running, start it. [21:22] ok. looks like it started [21:23] beisner, sorry, you're right. the cloud archive report is showing it green for some reason, threw me off. [21:23] pesky colors anyhow [21:24] so i don´t have to worry about the user permission for zookeeper? [21:27] coreycb, ok juno proposed pushed to updates. thanks for your work on all that! [21:27] beisner, thanks! [21:28] Now for Solr Basic Authentification how do i create Usernames and passwords (as a sha256(password+salt) hash) ?? [22:09] huh. qemu security update restarted my VMs. [22:09] that must be new :P [22:11] my vm's restart themselves when they get kernel updates :) [22:11] unattended-upgrades ftw [22:15] of course VMs without the start-at-boot flag set didnt start :P [22:24] ah, libvirt-bin updated around the same time, for a minor apparmor profile change looks like. [22:24] I wonder if it rebooted vms before or after qemu got its fixes. [22:24] *checks* [22:30] after, lookslike [22:30] lucky. === Lcawte is now known as Lcawte|Away