/srv/irclogs.ubuntu.com/2016/01/07/#ubuntu-server.txt

`jpg	It actually looks like Semisync in MySQL might be enough to port the Manatee state machine with reasonable safety guarantees.	00:06
`jpg	The AFTER_SYNC mode will probably be required to ensure safety invariants are violated but it could definitely work.	00:06
`jpg	*aren't	00:06
[Mew2]	Anyone?	00:20
sarnold	[Mew2]: there's loads of different monitoring tools.. nagios, icinga, bro, collectd, ..	00:23
sarnold	[Mew2]: there's also loads of different log monitoring tools; kabana and elasticsearch seems to get a lot of press lately but I can't tell if that's just because the pictures are pretty or if there's something useful there	00:24
sarnold	in fact the biggest problem is there's so many different tools that picking one and building on it might be difficult :)	00:25
[Mew2]	Friend of mine had mentioned nagios	00:25
[Mew2]	What things do server admins look for	00:25
[Mew2]	Connections, usage, what else?	00:26
sarnold	used memory, used syslog, used filedescrptors, number of processes, number of blocked processes, ping latency, application response latency..	00:27
[Mew2]	Nagios will do all of this?	00:27
sarnold	maybe not all of it..	00:28
sarnold	there seems to be a distinction between "measure these things and graph them over time" vs "check that things are up and responsive". I'm not sure why.	00:28
[Mew2]	Hmm	00:30
[Mew2]	Will nagios tell me what IP address have connected to that server?	00:30
[Mew2]	Across all ports	00:31
sarnold	probably not; that might take some custom iptables rules, thuogh you might be able to collect them centrally using nagios once you have those rules written..	00:32
[Mew2]	Hmm ok	00:33
[Mew2]	I think I will start with nagios	00:33
[Mew2]	Thank you so much sarnold :) <33	00:33
sarnold	have fun [Mew2] :)	00:34
* [Mew2] excited		00:34
AlecTaylor	hi	00:39
=== stevenroose\|BNC is now known as stevenroose
=== Lcawte\|Away is now known as Lcawte
=== Lcawte\|Away is now known as Lcawte
=== jfh is now known as jfh_away
[Mew2]	So nagios is accessed through webbrowser correct? Does it require a login? Can I use fail2ban on incorrect logins?	08:41
ikonia	[Mew2]: no	08:46
ikonia	[Mew2]: it is a web gui, yes it requires a login	08:46
ikonia	you'd have to setup fail2ban bad bots to log scrape and pattern match incorrect logins	08:46
[Mew2]	Thank you ikonia :) <33	08:51
willemgf	Hi, We have a strange situation with vm's running ubuntu server 14.04 LTS on esxi-5.5. It happens that a VM doesn't boot well, it gets stuck on plymouth-upstart-bridge and doesn't go further. after performing ctrl-alt-del we see there are errors found on the disk, but we are at this point no more able to select the fix-option.	09:13
willemgf	what could be the reason the system gets stuck and get no interaction regarding the disk-error?	09:14
hateball	willemgf: are you running open-vm-tools on it, and have you fsck'd the disks?	09:15
willemgf	for now we edit the grub by adding init=/bin/bash in order to perform the e2fsck to get the system back fully operational. But I would like to see the console allowing us to select the action on the error during boot.	09:15
willemgf	hateball: yes, open-vm-tools is installed on the vm	09:16
hateball	something seems off if they keep corrupting	09:16
willemgf	once th efscj is done as described above, a reboot of the vm goes perfect	09:17
willemgf	But I thought we would be able to interact by default when a disk-error appears without performing our (temporary) method to perform the fsck	09:18
ikonia	willemgf: remove the boot splash	09:21
hateball	if errors are found it should indeed prompt you	09:21
ikonia	willemgf: see if there is anything else going on that you miss	09:21
ikonia	boot into single user mode too, see if you get a clean minimal boot	09:21
hateball	does pressing ESC remove the splash after it's "hung"? I cannot recall	09:21
ikonia	I don't think so, it depends on how/why it's hung	09:21
ikonia	most cases not, only if it's super slow will that work (I think )	09:22
hateball	I think they wanted to not have to reboot to grub and pick modes/alter options	09:22
hateball	rather see at once that it needed interaction to fsck	09:22
=== ejat_ is now known as ejat
* hateball removes quiet splash in /etc/default/grub		09:23
ikonia	yeah, for me it's worth altering the splash on the fly just to see the boot process	09:23
willemgf	ikonia: from the grub, 'quiet splash' has been removed, so this is not the problem. We also tried to apply noplymouth, since we saw at the ctrl-alt-del that plymouth-upstart-bridge was killed by TERM.	09:23
ikonia	if you're running a server, I'd question if you ever need that splash in place	09:23
ikonia	willemgf: so you actually get to see the full boot process	09:24
willemgf	indeed we see the complete bootprocess, were it suddenly get stuck. no notification of the eroor in order to apply on of the options.	09:25
ikonia	so what's the last thing you actually see	09:25
willemgf	even ESC does not allow us to continue. Seems like something else is blocking in order to go further.	09:26
willemgf	any way to provide a record of our situation?	09:27
ikonia	willemgf: whats the last thing you see on the screen	09:27
willemgf	Will paste some screenshots from my recordmydesktop ...	09:28
willemgf	here it gets stuck: http://i.imgur.com/ZPbeWwm.png	09:32
willemgf	when performing ctrl-alt-del we see the following: http://imgur.com/RWoIZhP	09:34
ikonia	so plymouth looks like it's in a loop	09:36
ikonia	which is creating a wait loop in the boot process	09:36
ikonia	rather than hanging	09:36
ikonia	can you boot into single usermode ?	09:37
willemgf	that is what we thought too, but using noplymouth in grub does not solve the issue, it still gets stuck.Even in single user mode we have the same issue.	09:38
willemgf	As I said, our only way to solve it at this moment is to apply init=/bin/bash in order to get a shell, perform the e2fsck en reboot, wereafter the vm comes up well as expected.	09:39
ikonia	after you run the fsck and reboot normally it comes up ok ?	09:40
willemgf	yes, then it comes up normally	09:42
ikonia	so I would question if your actual problem is based around disk problems	09:42
ikonia	willemgf: if you reboot that now working VM a few times, does it stay working ?	09:43
willemgf	even that we tried already, after the e2fsck, rebooting the VM a couple of times, it comes up normally.	09:43
ikonia	ok, so that does suggest to me - disk problems on the VM from the host is a problem	09:44
willemgf	It only happens in case we have a situation were disk errors appeared on that vm	09:44
ikonia	how are you installing these machines ?	09:44
willemgf	Might be, a colleague also pointed to disk timeout as described on http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009465	09:45
willemgf	is it worth to thy this out?	09:46
willemgf	these are VM's installed by a template	09:46
willemgf	And they all worked fine after installation.	09:46
ikonia	I'd look at your template first	09:47
ikonia	is your template made out of a corrupted disk	09:47
ikonia	because if you are having a disk time out, I doubt an fsck would have an impact on that	09:48
willemgf	certainly not. We have other VM's made prom the same template that reboot correctly.	09:48
willemgf	from	09:48
ikonia	so how many of your VM's are having this problem	09:48
willemgf	Yesterday I had VM's, today I had one. Maybe nice to know: these VM's were stopped as I needed to migrate the OS disk to another datastore.	09:51
ikonia	roughly how many out of how many VM's had this problem	09:52
ikonia	eg: 5 out of 100 built	09:52
willemgf	the VM's were initiale installed on slow datastores, and are now mirgated to faster datastores	09:52
ikonia	so they have broke in the migration ?	09:53
ikonia	or broke at install time	09:53
willemgf	I'm still performing this migration process. It's a new Vmware environment on which we have currently VM's running on.	09:53
ikonia	how where they migrated	09:54
ikonia	on the fly using vmware data migration tools ?	09:54
ikonia	or shutdown and the vmdk's moved	09:54
willemgf	through the migration process in the vsphere web client.The VM's were first brought down before migrating.	09:55
ikonia	roughly how many have had this problem ?	09:55
willemgf	Nevertheless, I would have expected that the boot of the VM would inform me in a correct way of any disk error on which I should be able to choose which action to perform. And this is not the case, so I guess some kind of bug in the upstart, not?	09:56
ikonia	you are getting a disk warning error on boot though are yo unot ?	09:57
ikonia	I suspect if you left it long enough for the plymouth-bridge to stop trying and time out, it would move on	09:57
ikonia	but complain of errors	09:57
willemgf	As we did not finished our migration process no idea of how many of the VM's, but for the I did yesterday, I had this issue for of them.	09:58
ikonia	for "them"	09:58
ikonia	how many did you have	09:58
ikonia	out of how many machines	09:58
willemgf	the eroor appears after applying tghe ctrl-alt-del. from that point on I saw extra lines appeared on the screen, but disappeared to fast in result of the reboot. That is why I recorded the situation and saw what came afterwards.	10:00
willemgf	Sorry num-loch was off: I had it for 5 VM's of the (about) 12 migtrations I performed yesterday.	10:01
willemgf	num-lock	10:01
ikonia	thats a higher ratio than I'd like	10:02
willemgf	Me too, that is why I came to ask on this channel for any possible help	10:03
willemgf	As of this morning I'm trying out different grub-options for a VM having this issue as well, so far no solution found yet.	10:06
willemgf	it gets stuck till I perform the ctrl-alt-del and can see the message regarding the disk-error. the VM for which I provided the screenshots.	10:07
willemgf	BTW, strange that, when noplymouth is used in grub (edit at boot) the startup still performs actions for plymouth-upstart-bridge!	10:13
ikonia	I dont think grub options will help disk problems	10:15
ikonia	it really looks like everything your showing me that certain boxes have migration disk corruption	10:15
willemgf	I totaly agree, but nevertheless I would expect to see on my console the error found on the disk(s) on which I should choose which action to apply, but We don't get this at all.	10:16
ikonia	willemgf: I suspect if you leave it long enough it will move onto the disk error	10:18
willemgf	now trying to boot in recover single user mode with grub options 'single nomodeset noplymouth'. Very slowly I see new lines appearing on the console, see: http://i.imgur.com/inDJV1l.png	10:20
lordievader	Good morning.	10:20
willemgf	ikonia: meanwhile, the boot in single user mode is still stuck, no message regarding the disk-error so far.	10:38
willemgf	Is not the way it should happen for each vm having this issue :(	10:39
ikonia	willemgf: how long are you waiting	11:05
ikonia	I'm just wondering how long it would take for the plymouth-bridge to give up re-rtying	11:05
ikonia	that console does just suggest disk errors to me	11:06
=== hxm is now known as Guest56481
repozitor	i have configured my firewall very well, it's state is running	12:04
repozitor	but seems firewall don't work	12:04
repozitor	because still some ports are open!	12:04
willemgf	ikonia: just back from luch, and the VM is still stuck. So for 1h30, not what we should expect	12:04
repozitor	any idea to fix it?	12:04
hateball	!ufw \| repozitor	12:06
ubottu	repozitor: Ubuntu, like any other Linux distribution, has built-in firewall capabilities. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW \| GUI frontends such as gufw and ufw-kde also exist. \| An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo	12:06
repozitor	ubottu, i'm using firewalld and firewall-cmd	12:07
ubottu	repozitor: I am only a bot, please don't think I'm intelligent :)	12:07
repozitor	hateball, ^_^	12:07
hateball	repozitor: Nothing I use, but at least you've provided more detail than "don't work" now	12:07
hateball	So someone else may know	12:08
repozitor	hateball, for example port 21 is not allowed. but nmap scanning show me it is open!	12:08
shauno	are you scanning from the same host or another?	12:09
repozitor	shauno. of course, other host	12:09
repozitor	shauno, any idea?	12:21
repozitor	i'm using firewalld for my ubuntu server	12:22
repozitor	but if ufw work better, i can use it instead	12:22
shauno	I have no idea about firewalld at all I'm afraid. just grasping for low-hanging fruit ( / false positives)	12:27
=== Guest56481 is now known as hxm
repozitor	shauno, http://dpaste.com/2MNQR54	13:13
repozitor	i used ufw, but i still see my firewall don't block programs internet activity	13:13
repozitor	anyone have any idea?	13:15
lordievader	repozitor: What is the output of 'sudo iptables-save' (and 'sudo ip6tables-save' if you use ipv6)?	13:17
repozitor	http://paste.ubuntu.com/14429768/	13:19
repozitor	OMG, before configuring ufw, i use iptable -F	13:19
repozitor	why these command exist?	13:19
lordievader	repozitor: See lines 111 and 112.	13:20
repozitor	what is wrong with 111, 112?	13:21
repozitor	they allow me to connect by ssh	13:21
repozitor	as you see, ufw allow ssh output on above link	13:21
lordievader	You complain that port 22 is open, looking at line 111 that is correct.	13:24
lordievader	Oh wait, I misread the port.	13:24
repozitor	lordievader, i know ssh is open, it's ok	13:25
repozitor	i want to block 8080 for example	13:25
repozitor	why ufw don't block 8080 by itself?	13:25
repozitor	i never allowed 8080, but ufw can't block it	13:25
repozitor	so my question is why my firewall don't work?	13:26
repozitor	because of ufw status show me only ssh is allowed, i say my firewall don't work	13:26
lordievader	repozitor: 8080/tcp filtered http-proxy looks okay from here.	13:27
repozitor	REALLY? are you familiar with nmap?	13:28
repozitor	right now it show me it is open!!!!!!!!	13:28
repozitor	http://paste.ubuntu.com/14429812/	13:28
repozitor	also you can connect by teletn to 8080	13:29
repozitor	telnet 82.102.12.142 8080	13:29
lordievader	Hmm that is odd.	13:31
lordievader	Since your firewall rules do suggest it is being dropped.	13:31
lordievader	Is that machine behind a nat?	13:31
repozitor	no	13:32
repozitor	hhmm, it is located on RED station datacenter	13:32
repozitor	really i dunno	13:32
patdk-wk	does netstat show something listening to 8080?	13:32
lordievader	repozitor: You run tomcat on that port?	13:33
repozitor	patdk-wk. yeah	13:33
repozitor	yeah	13:33
repozitor	oh my god!!!!!	13:37
repozitor	now i uninstalled it and installed it again, and before i enable ufw, i allowed ssh	13:37
repozitor	and now when i enable ufw, my server is completely unreachable.	13:37
repozitor	i dunno what i should to do!!!!!	13:37
lordievader	repozitor: Try and get a console a different way (through a web service or something).	13:38
lordievader	Not sure if your providers has that service.	13:38
repozitor	lordievader, i know!	13:38
lordievader	repozitor: Let me know when you have access again ;)	13:42
repozitor	yeah, i fixed it again :))	13:42
repozitor	last week this problem occured, and i request a direct console, they grant me	13:43
repozitor	anyone have any idea?	13:46
lordievader	repozitor: Yes, try 'sudo iptables -I INPUT 1 -p tcp --dport 8080 -j DROP'.	13:48
repozitor	lordievader, the problem is not 8080	13:49
repozitor	i want to know why firewall don't work!!!	13:49
repozitor	i should find a wise reason for this problem	13:49
lordievader	repozitor: This is a way of finding out why things don't work...	13:50
repozitor	lordievader, i DROP 8080, but it still is open!!!!!	13:53
repozitor	test it by telnet	13:53
repozitor	needing a better idea	13:54
lordievader	My browser takes a long time to connect to it...	13:54
repozitor	lordievader, go to matrix world :D	13:54
shauno	fwiw, 8080 is timing out for me	13:54
lordievader	Telnet hangs on Trying 82.102.12.142...	13:55
lordievader	repozitor: Iptables works fine if you ask me. I guess the flaw is somewhere in the ufw rules.	13:55
shauno	is there a possibility it's being held open for your specific case by a conntrack rule? so iptables thinks it's related to a previously-existing connection and passes your specific connection?	13:55
repozitor	shauno, http://paste.ubuntu.com/14429957/	13:56
repozitor	are you kidding me?	13:56
repozitor	i swear to GOD 8080 is open!!!!	13:56
patdk-wk	it is open	13:57
patdk-wk	but doesn't mean that it is HITTING your server	13:57
patdk-wk	do a tcpdump on your server for port 8080	13:57
shauno	I get http://paste.ubuntu.com/14429966/	13:57
patdk-wk	and see if you actually DO see the connection	13:57
ogra_	did you make sure to flush all rules you did set with firewalld before (by rebooting after removing all bits and configs of it) before you tired other fw tools ?	13:57
YamakasY	guy do you store your antispam loggings ?	13:57
YamakasY	archive	13:57
repozitor	YamakasY, me?	13:58
repozitor	no	13:58
YamakasY	ok	13:58
YamakasY	why not if I may ask ?	13:58
YamakasY	afraid for your wife ? :P	13:58
repozitor	no, usually antispam tool need money :D	13:59
shauno	if you have an antispam you can train, keeping hold of a pile of ham & spam to feed it can be beneficial. if you don't/can't, there's not much worth holding on to	14:00
YamakasY	true	14:00
YamakasY	I mean as it's also a mail gateway, it might be handy	14:00
repozitor	shauno, something were wrong with apache, now i fix it	14:01
repozitor	any idea?	14:03
repozitor	what is wrong with ubuntu?	14:03
repozitor	firewall is running, and blocking all port except 22	14:03
repozitor	but nmap show me there are about 8port is opne	14:03
repozitor	open*	14:03
repozitor	any idea?	14:06
repozitor	how can i remove all iptables & ufw rules?	14:08
repozitor	i want to remove everything about firewall	14:09
lordievader	repozitor: First set your policies so that you still have access then: sudo iptables -F && sudo iptables -X	14:09
lordievader	That should leave you with just the empty built-in chains.	14:10
repozitor	lordievader, where i should set my policy?	14:10
lordievader	repozitor: ACCEPT	14:10
repozitor	hey buddy, i know how to work with iptables, ufw, firewall-cmd	14:11
repozitor	which of them do you mean?	14:11
pmatulis	tych0: hi, re yesterday's container migration question and the necessity of a 4.4 kernel. will that kernel, or the magic it brings, be backported to trusty or will people be expected to run the new LTS?	14:12
patdk-wk	repozitor, hmm, using a new tool won't fix it	14:13
patdk-wk	ufw and firewall-cmd are just tools that work ontop of iptables	14:13
tych0	pmatulis: 4.4 is going into X, so it should be available when linux-generic-lts-xenial comes available i think	14:13
patdk-wk	shorewall also	14:13
lordievader	repozitor: Looking at the command I gave you, iptables policies ofcourse.	14:13
patdk-wk	you should do like I said, and make sure that port is actually routed to your machine first	14:13
pmatulis	tych0: ta	14:13
lordievader	By the by, if you don't want my help, say so, it ain't my problem...	14:13
an3k	Hi everybody. I already googled and found plenty of commands to use but neither of them gave any information. I just installed Ubuntu Server 14.04.3 LTS on my Server using its Intel RSTe RAID. In the installation process Ubuntu found RAID Container and AHCI RAID Container. I selected "use them" for both. Now after the system is running neither dmraid nor dmadm knows about the raid (status,	14:40
an3k	etc.). I'm new to Linux Software Raids so I have no clue if the RAID is working well or not, especially because none of the commands shows useful information.	14:40
=== lool- is now known as lool
an3k	http://paste.ubuntu.com/14430372/	14:49
jrwren	pmatulis: I'm pretty sure trusty will get a 4.4 HWE kernel	14:51
pmatulis	jrwren: yeah, like tych0 said, the backport kernel	14:51
jrwren	pmatulis: ah, I didn't understand. Thanks.	14:51
jdstrand	repozitor: you might check the output of 'sudo /usr/share/ufw/check-requirements'. it is possible your kernel doesn't have everything ufw expects and isn't fully configuring itself (this can happen in hosting environments)	15:27
=== jfh is now known as jfh_away
repozitor	now i'm tired, i dunno how to fix it!	15:45
repozitor	maybe i need to fresh install ubuntu	15:45
ogra_	repozitor, did you make sure to remove all traces of firewalld (never heard of it) and reboot before yu started playing with the other FW tools ?	15:46
repozitor	ogra_, i can't find all traces of firewalld, but i use apt-get to remove	15:52
repozitor	apt-get remove, apt-get clean, apt-get purge.	15:52
ogra_	remove or purge ?	15:53
repozitor	both of them	15:53
ogra_	and did you reboot to make sure to get back to a virgin state	15:53
repozitor	yeah	15:53
ogra_	(thoough if firewalld saves some iptables rules they might still persist, no idea how it works)	15:54
repozitor	i dunno whether ubuntu has this feature or not	15:55
repozitor	in macosx i can save all setting of application, and after installing we can restore them by time machine	15:55
repozitor	is there exist such this settings?	15:55
repozitor	features*	15:55
jrwren	repozitor: how do you do that? i've never seen that time machine feature.	15:55
repozitor	jrwren, did you ever use time machine?	15:56
jrwren	repozitor: yes, only to restore full system or single files, not app settings.	15:56
repozitor	install a fresh macosx, and put time machine backup disk into your os, and them use it	15:56
jrwren	repozitor: ah, so you mean full restore.	15:56
repozitor	no	15:56
repozitor	full restore change your main os to backup version	15:57
jrwren	repozitor: how is that not full restore?	15:57
repozitor	what?	15:57
jrwren	repozitor: ah, i've never used time machine that way. are you saying that i can have TM backup with older OSX and use newer OSX to restore it and it will not overwrite my newer OSX?	15:58
repozitor	jrwren, yeah, i use it for 2 time.	15:59
repozitor	probably you know all app setting is store in this path	16:00
repozitor	/Users/username/Library and this path is resotre when you restore app setting	16:00
an3k	Do I really need a swap with 128 GB RAM?	16:17
repozitor	if you reach at 100GB memory usage, yes	16:18
an3k	ok, then I don't. Thanks :)	16:18
shauno	I'm always tempted to keep swap, yeah. stuff that's barely used can stay paged out and leave you with more free for whatever you bought 128 for	16:18
repozitor	shauno, i think os don't start page in/out if he don't reach at 100GB or 80GB	16:19
shauno	I have about 700Mb paged out, and over 50% of my ram is just caches	16:20
an3k	I'll barely maybe never reach the 60 GB ram usage mark and I don't want swap to be on the SATA-DOM or on the raid	16:20
patdk-wk	shauno, what is wrong with that?	16:21
shauno	absolutely nothing. that's why I'm advocating at least a little swap so that stuff that's not being used, doesn't need to be wired	16:22
repozitor	shauno, in newer linux, app wont swap untill RAM usage reach at 75%, instead they chache files for faster IO, so you 700mb is full of file contents, i guess	16:22
patdk-wk	how can 700mb of swap contain files?	16:22
patdk-wk	why would you put into disk, what is already on disk?	16:23
an3k	Microsoft knows :)	16:23
repozitor	patdk-wk, because they are dirty	16:23
shauno	that's what I mean though. caching files is more efficient use of ram than holding onto a process that hasn't done anything in days	16:23
patdk-wk	heh?	16:23
patdk-wk	cache is not dirty	16:23
patdk-wk	that is not possible	16:24
patdk-wk	700mb paged out can only be application memory	16:24
repozitor	patdk-wk, they can write into the original file's disk, because in feature os move them again into RAM	16:24
patdk-wk	not file cache, not file buffers	16:24
patdk-wk	then it WOULD NOT BE paged out	16:24
patdk-wk	but written to disk	16:25
patdk-wk	and would not show up in the 700mb of paged to swap	16:25
patdk-wk	so the 700mb would not apply to those	16:25
repozitor	patdk-wk:700mb paged out can only be application memory	16:25
repozitor	prove it	16:25
patdk-wk	I don't need to	16:25
patdk-wk	read the linux kernel documentation on memory management	16:25
jrwren	an3k: skip the swap partition, apt-get install swapspace, and it will be zero swap until you need it.	16:25
nacc	an3k: the short answer is, it depends ...	16:25
patdk-wk	you are the one saying the documentation is wrong	16:25
nacc	an3k: and you can always use swapfiles, or swapspace	16:26
repozitor	patdk-wk, show me a reference indicating this topic	16:26
repozitor	patdk-wk, i never said "documentation is wrong"	16:27
repozitor	if you think so, prove it	16:27
patdk-wk	https://www.kernel.org/doc/gorman/html/understand/understand014.html	16:27
patdk-wk	you think so too, prove yours :)	16:27
patdk-wk	you did read that first sentence right?	16:28
shauno	you don't page out disk caches, you just commit them. if they're gonna hit the disk anyway, may as well do it properly	16:29
patdk-wk	you don't commit disk caches	16:29
patdk-wk	you DROP them	16:30
patdk-wk	your commit disk buffers	16:30
patdk-wk	cache == read, buffers = dirty writes	16:30
repozitor	patdk-wk, answer me	16:33
repozitor	imagine you have 8GB memory, and you working with gimp, you load a 6GB image into the disk, and now os want to load another applications, so os need 5GB of memory	16:33
repozitor	you think os drop gimp file?	16:33
repozitor	or swap it into swap area, so user can still work with it?	16:33
patdk-wk	http://linux-mm.org/Low_On_Memory	16:33
patdk-wk	the authorative source on it	16:33
repozitor	read doc CAREFULLT	16:33
repozitor	CAREFULLY*	16:34
patdk-wk	repozitor, you oviously are confused and don't know what memory is	16:34
patdk-wk	loading a file into gimp != cache	16:34
patdk-wk	it is GIMP memory, assigned to gimp, unless gimp mmapped it, and it doesn't	16:34
patdk-wk	so that file is no longer a file it is application memory assigned to gimp	16:34
an3k	I think https://help.ubuntu.com/community/SwapFaq helps :)	16:34
patdk-wk	to claim it is a file or cache is completely wrong	16:35
patdk-wk	and that file is no longer a file in gimp, cause that image is not 6gigs anymore, cause gimp will have to decode/decompress and create structures to use that image	16:35
patdk-wk	so it's likely much much larger	16:35
patdk-wk	there is no way to claim that is a file anymore once it is loaded into an application	16:35
patdk-wk	now if you want to state it correctly	16:36
patdk-wk	you loaded your 6meg image into gimp	16:36
repozitor	patdk-wk, hhhm, sorry, i remeber another thing	16:36
repozitor	my question was totaly wrong!	16:36
patdk-wk	the 6meg image is in the disk cache, and the decompressed gimp copy of that image is in gimp application memory as 50megs	16:36
patdk-wk	the 6megs will be dropped at any time linux feels like it	16:36
patdk-wk	but the 50meg one would have to be swapped	16:36
=== med_` is now known as med_
=== med_ is now known as med
=== med is now known as med_
pbxman	is there a way to know what console commands were sent by a user and the time they were sent in Ubuntu?	16:46
patdk-wk	if the user is forced to use sudo, yes	16:47
patdk-wk	if not, and you didn't force the user to use a shell that logged that info, then no ( the default )	16:48
pbxman	auth.log?	16:48
patdk-wk	yes, that will show logins and sudo commands	16:48
pbxman	Does a kill -9 show up?	16:49
patdk-wk	was it run as, sudo kill -9	16:49
patdk-wk	then yes	16:49
patdk-wk	if not, then no	16:49
pbxman	ok thank you for that patdk-wk	16:49
an3k	Is root login with password NOT permitted because one could steal the password entered when logging in?	16:51
patdk-wk	it's just such a bad idea generally	16:54
patdk-wk	and people don't generally use good password	16:54
patdk-wk	so if they go through the work to enable that, heh, the should have learned the issues with enabling it too :)	16:54
an3k	Indeed but the current approach isn't any more secure. If I MITM the password of root I am root, sure. But if I MITM the password of the user used to login then sudo I am root too	16:57
patdk-wk	how are you doing MITM	16:59
patdk-wk	and who said it was to protect against MITM at all? atleast I didn't	16:59
an3k	dunno but that was one reason I got told of why direct root login isn't disabled by default	16:59
patdk-wk	ssh fingerprints limit mitm	17:00
an3k	yes but these doesn't help	17:00
an3k	Let me try to explain.	17:00
patdk-wk	these?	17:00
patdk-wk	it matters not what authenication method you use	17:00
patdk-wk	if you are MITM, it's already an issue when you make the connection	17:01
an3k	There's server A. It allows SSH login as root with a password.	17:01
patdk-wk	so I dunno how a root password has anything to do with mitm	17:01
an3k	And there's server B. It does NOT allow SSH login as root with a password. Instead you have to login to your normal user account (which uses a password) and then sudo.	17:01
patdk-wk	still dunno how mitm has anything to do with this	17:02
an3k	In both cases somebody else gets root access as soon as he knows the password (of either root or the normal user).	17:02
an3k	ok, stop focusing on MITM now ;)	17:02
patdk-wk	yes, that is true	17:02
patdk-wk	but the server A, they also need to know a valid username	17:02
patdk-wk	in the second, they already know root is a valid username, and only need the password, and randomly guessing is fine	17:03
an3k	vice-versa but you're absolutely right. Never really thought about this.	17:03
patdk-wk	I do set a root password, but also don't allow root logins on ssh	17:05
an3k	I do too but also allow root-ssh-login since it's a seperated network and just a LAN server	17:06
thebwt	we turn off password auth for root in the sshd conf.	17:10
* thebwt resumes lurk mode		17:11
an3k	yeah, already found the required setting yesterday when working on the server. PermitRootLogin with-password is nicely misleading :)	17:14
an3k	hmm, interestingly all the guides on how to setup ubuntu server on a software raid are wrong. RAID10 is supported by the installer and nothing has to be done in console or Live environment before the actual installation.	17:23
patdk-wk	heh?	17:26
patdk-wk	I thought it was always supported	17:26
patdk-wk	atleast since 10.04 or maybe it was 12.04	17:27
patdk-wk	there is only one guide that matters, and that is the ubuntu documentation though	17:27
an3k	hmm, that isn't found using google	17:30
an3k	and https://help.ubuntu.com/lts/serverguide/advanced-installation.html is actually not "correct". I haven't tested it so it may work but theres no need to manually create partitions on	17:32
genii	AFAIK all RAID types are supported during install for server and alternate	17:32
an3k	is that guide (mostly) in german for you too?	17:34
an3k	for example I didn't created any partitions (swap and /) on the RAID drives. I simply created a partition table on each and then "Create Software RAID > Create MD"	17:36
an3k	is there a difference between both approaches?	17:52
binwiederhier	Hello there, I was wondering if there was still a chance to get PHP 7 into Ubuntu 16.04. I hear that it might be a bit late for that, but a little bird told me (https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1522422) that rbasak might know more?! Apologies for the hightlight, I hope that's okay :-)	18:27
ubottu	Launchpad bug 1522422 in php5 (Ubuntu) "PHP5 branch and PHP7 branch" [Undecided,Confirmed]	18:27
ikonia	it's not released yet 7 is it ?	18:29
binwiederhier	it has been released. a month ago or so.	18:30
nacc	binwiederhier: I'm going to be taking a look at exactly that	18:30
ikonia	was it really a month or so	18:30
binwiederhier	but see it this way: "I don't know anyone running Ubuntu servers who's using the stock PHP because it's usually too old. People either use Ondrejs PPAs, compile themselves or use some other vendor (i.e. Plesk provided packages). PHP 5.6 support ends August 2017. That's 9 months of backporting security fixes. PHP 7.0 is supported until December 2018. If you ask me, this is a no-brainer. "	18:30
nacc	binwiederhier: just starting on it now ... can try and keep you posted	18:30
ikonia	maybe a bit too soon for a long term support release	18:30
ikonia	pretty much every ubuntu server I see with php is the stock LTS version	18:30
ikonia	it's no way too old	18:30
=== cpaelzer is now known as cpaelzer_afk
nacc	binwiederhier: fwiw, it's in universe already just fyi	18:32
binwiederhier	last i checked it was "proposed"	18:32
nacc	https://launchpad.net/ubuntu/+source/php7.0	18:33
nacc	7.0.1-5 is in release	18:33
nacc	7.0.1-6 is in proposed	18:33
binwiederhier	4 hours ago!	18:33
binwiederhier	?!	18:33
nacc	:)	18:33
binwiederhier	wow	18:33
Pici	ha	18:33
nacc	enjoy!	18:33
ikonia	universe is a good solution	18:34
ikonia	use at your own risk, but a good proving ground	18:34
an3k	oh great ... resolvconf is now not capable of simply adding the DNS server upon boot once VLAN is added ....	18:34
patdk-wk	heh?	18:42
patdk-wk	it does for me	18:42
an3k	it did for me yesterday with the previous installation too but now it doesnt	18:43
an3k	I use VLAN on bonding on two NICs. That worked perfectly with the previous install	18:45
an3k	what's the logfile for all the stuff shown at booting with the [OK] at the right sideß	18:49
an3k	http://paste.ubuntu.com/14431912/ ... I hadn't these issues yesterday	18:52
an3k	if the log entries are correctly ordered then why is IPv6 and 8021q processed before bond?	18:55
an3k	is it possible that it doesn't work because Ubuntu thinks both NICs have the very same MAC address?	18:58
patdk-wk	how did you configure your interfaces file?	18:59
patdk-wk	but that isn't the real issue	18:59
patdk-wk	bond0 was created, the vlans added	18:59
patdk-wk	but the interface is down, cause the eth0/eth1 haven't been enslaved yet	18:59
an3k	http://paste.ubuntu.com/14431994/	19:01
patdk-wk	remove the bond-slaves line	19:02
patdk-wk	actually	19:02
patdk-wk	bond-slaves none	19:02
patdk-wk	you doubled it up	19:02
patdk-wk	with the bond-master	19:02
patdk-wk	should only use one of them	19:02
patdk-wk	is vlan_raw_device optional? I always set it	19:03
an3k	I can't remember now but afaik I got a warning or error without bond-slaves set	19:04
an3k	I never set vlan_raw_device and never had problems (until now ;)	19:04
patdk-wk	http://paste.ubuntu.com/14432017/	19:05
patdk-wk	is what I use	19:05
=== DonRichie2 is now known as DonRichie
=== edwardly_ is now known as edwardly
=== neunon_ is now known as neunon
an3k	I just do a new install and (try to) do the same I did yesterday and see if that works	19:41
=== tgm4883_ is now known as tgm4883
=== thesheff17_ is now known as thesheff17
=== ggherdov`_ is now known as ggherdov`
=== cpaelzer is now known as cpaelzer_afk
jge	Hey all, I wrote a init script for a JAR file I would like to run under a limited system user. My command looks like this: sudo su btds -s /bin/sh -c "nohup java -jar $PATH_TO_JAR --propertiesFile /etc/btds/btds.properties 2>> /dev/null >> /dev/null &"	20:36
jge	However, when I run it. Nothing happens.	20:36
jge	I've seen it start for a second or two and then shutds down	20:36
jge	anyone's got a clue what I'm missing here :\	20:36
shauno	no ideas, but perhaps remove the /dev/null redirects so you can see if/what it's complaining about during its short life?	20:38
jge	shauno: ahh good idea, let me try that	20:38
jge	bingo nohup: failed to open ‘nohup.out’: Permission denied	20:40
jge	im running the command as sudo though..	20:40
sarnold	nohup sudo or sudo nohup? :)	20:41
tarpman	jge: you can replace that entire sudo, su, sh, nohup machinery with a single start-stop-daemon	20:41
shauno	you're not running it with sudo, you're running it with su btds. you're running su with sudo. so most likely it's trying to write to nohup.out in the current cwd as btds	20:43
jge	tarpman: Yeah I came across a site which recommended this as well, no idea how it works though so I picked the easiest solution	20:43
jge	sarnold: I did sudo nohup	20:44
repozitor	patdk-wk, shauno, http://paste.ubuntu.com/14432573/	20:44
repozitor	can you evaluate it?	20:44
jge	and I get : sudo: no tty present and no askpass program specified	20:44
jge	shauno: you're right	20:45
jge	what if I create a nohup.out file in the current cwd and chown to btds, would that work?	20:46
patdk-wk	repozitor, not really	20:46
patdk-wk	you need to use -nn I think	20:46
patdk-wk	or maybe you just didn't use -n	20:46
patdk-wk	and you probably want to dump all 3	20:46
patdk-wk	iptables -L -nv	20:47
patdk-wk	iptables -L -nv -t mangle	20:47
patdk-wk	iptables -L -nv -t raw	20:47
patdk-wk	based on what your posted, assuming the /etc/services is ubuntu default, 8080 should not be accepted	20:48
patdk-wk	but if it is being forwarded, or intercepted, those paths are open	20:49
patdk-wk	cause your forward table allows all	20:49
patdk-wk	but that normally isn't used unless nat is enabled or something	20:49
repozitor	patdk-wk, i think about memory swap, i think you were right, my apologize :D	20:49
repozitor	patdk-wk, you need the output of -L -nv?	20:50
patdk-wk	it would help, your ports are mapped to services file	20:50
patdk-wk	so I don't know if webmin is 8080 or 10000	20:50
patdk-wk	could be anything :)	20:51
patdk-wk	or even that http means 80	20:51
repozitor	http://paste.ubuntu.com/14432662/	20:51
repozitor	webmin are listen on 10000	20:51
patdk-wk	that says you have no firewall configured	20:51
repozitor	are port are set by default, for example http is 80	20:52
patdk-wk	via /etc/services	20:52
repozitor	sorry buddy, before -L -nv i stopped iptables	20:53
repozitor	http://paste.ubuntu.com/14432692/	20:54
repozitor	this is the output of your command after starting firewalld	20:54
repozitor	any idea?	20:55
patdk-wk	ya, very interesting	20:56
patdk-wk	you see lines 6,7,8	20:56
patdk-wk	line 6, matches to line 107, does nothing, ignored	20:56
patdk-wk	line 7 matches line 104, does nothing	20:57
patdk-wk	line 8 matches 97, here EVERYTHING is accepted	20:57
patdk-wk	no nothing is ever denied	20:57
patdk-wk	somehow your network interfaces (eth0/tun0) are not mapped to zones	20:57
patdk-wk	zones you have are dmz, external, home, internal public, trusted, work, ...	20:58
mkander_	I have 4 web servers that all host the same web page. When I change something in the php files I want to push it out to all servers. What is the best way to do this? Ill be doing this on Google Compute Engine, so it must be possible to just start a new node and it automatically pulls in the latest files.	20:58
repozitor	i can just understand what you says, but can't to fix it	20:58
patdk-wk	I can't either	20:58
patdk-wk	I don't use or really care how to use firewalld :)	20:59
repozitor	yea, i have these zones	20:59
repozitor	REALLY?	20:59
patdk-wk	heh?	20:59
patdk-wk	your not paying for me to help ,ubuntu isn't, and I have to leave :)	21:00
repozitor	you just said i don't use …	21:00
repozitor	and i put a comment: REALLY?	21:00
patdk-wk	atleast you know what is wrong	21:00
repozitor	i can't sleep without firewall!!!	21:00
patdk-wk	I said I don't	21:00
patdk-wk	you can use anything you want :)	21:00
patdk-wk	so I cannot answer you off the top of my head, and I don't have time to research the solution for you	21:00
repozitor	of course	21:01
patdk-wk	atleast you kow where the problem is though	21:01
repozitor	patdk-wk, change your mind about firewall later :D	21:01
repozitor	i'm serious.	21:01
patdk-wk	why?	21:01
patdk-wk	I don't like firewalld or ufw	21:02
repozitor	no, i mean firewall, not exactly firewalld or ufw	21:02
patdk-wk	I normally use iptables., shorewall, cisco acl, asa, ...	21:02
repozitor	patdk-wk, so maybe you know how can i delete this rules?	21:04
EmilienM	coreycb, jamespage: last week you told me we would have mitaka this week, what is the status please?	21:08
EmilienM	(in trusty)	21:08
coreycb	EmilienM, have I pointed you to this before? http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/mitaka_versions.html	21:10
coreycb	EmilienM, it's a good way to check status of packages in the mitaka cloud archive	21:11
EmilienM	coreycb: maybe I missed that, thanks a lot	21:11
EmilienM	I'll stop asking now :-)	21:11
EmilienM	coreycb: is it for trusty?	21:11
coreycb	EmilienM, I think we have most everything in proposed for trusty-mitaka	21:11
EmilienM	awesome!	21:12
EmilienM	I'm testing it right now	21:12
EmilienM	we were mainly waiting for that for our bump	21:12
coreycb	EmilienM, to ready that, left column is xenial, and the right 3 columns are trusty-mitaka	21:12
coreycb	ready=read	21:12
EmilienM	ok makes sense	21:12
EmilienM	coreycb: thx again	21:12
coreycb	EmilienM, you're welcome	21:12
=== RoyK^ is now known as RoyK
repozitor	which web-based tool is proper for ubuntu?	21:31
repozitor	except webmin	21:31
jc_	Hi All. I have the HP 40L. I've place Ubuntu server on the 250GB hard drive and allocated it with 35GB through LVM. I've further 80GB I've assigned also from the 250GB hard drive. In addition there are two 1tb drives that I would like to put media on. How can I link these two together so that they are in a Raid that offers redundancy?	21:32
uxfi	Hey how do I test my HTML CSS code on Ubuntu server on a VM?	21:43
=== IdleOne- is now known as IdleOne
=== alexisb is now known as alexisb-afk
=== Lcawte is now known as Lcawte\|Away
an3k	patdk-wk: I'm done with the reinstall and guess what. The exact same configuration now works	23:33
an3k	the only issue I have left is that bond0 still has its own IPv6 address. AFAIK it shoudn't have any?!	23:35
rbasak	hallyn: a question on the ubuntu-devel-discuss ML might be relevant to your work (cgroups), I'm not sure.	23:37
hallyn	rbasak: i'll look in a bit, thx	23:38
hallyn	oh -discuss. i'm not on that	23:39
an3k	https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2016-January/016090.html	23:41
hallyn	answer: systemd	23:43
hallyn	we've talked about creating a new boot-time service to create cgroups that admins want, but	23:43
hallyn	if we do that we'll constantly be stubbing toes against systemd which wants to own those anyway	23:43
hallyn	oh i see, someone replied to that effect already :)	23:44
rbasak	binwiederhier: I replied in the bug.	23:51
rbasak	binwiederhier: no problem with you pinging us for status updates on this channel at all. It's the appropriate venue to ask.	23:51
rbasak	binwiederhier: though I should probably reply in the bug when appropriate for others to see too.	23:52
an3k	RAID Q: Why should I create the partitions on each RAID member hdd before I create the RAID instead of simply creating the RAID and then creating the partitions on the RAID device?	23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!