[00:06] <`jpg> It actually looks like Semisync in MySQL might be enough to port the Manatee state machine with reasonable safety guarantees.
[00:06] <`jpg> The AFTER_SYNC mode will probably be required to ensure safety invariants are violated but it could definitely work.
[00:06] <`jpg> *aren't
[00:20] <[Mew2]> Anyone?
[00:23] <sarnold> [Mew2]: there's loads of different monitoring tools.. nagios, icinga, bro, collectd, ..
[00:24] <sarnold> [Mew2]: there's also loads of different log monitoring tools; kabana and elasticsearch seems to get a lot of press lately but I can't tell if that's just because the pictures are pretty or if there's something useful there
[00:25] <sarnold> in fact the biggest problem is there's so many different tools that picking one and building on it might be difficult :)
[00:25] <[Mew2]> Friend of mine had mentioned nagios
[00:25] <[Mew2]> What things do server admins look for
[00:26] <[Mew2]> Connections, usage, what else?
[00:27] <sarnold> used memory, used syslog, used filedescrptors, number of processes, number of blocked processes, ping latency, application response latency..
[00:27] <[Mew2]> Nagios will do all of this?
[00:28] <sarnold> maybe not all of it..
[00:28] <sarnold> there seems to be a distinction between "measure these things and graph them over time" vs "check that things are up and responsive". I'm not sure why.
[00:30] <[Mew2]> Hmm
[00:30] <[Mew2]> Will nagios tell me what IP address have connected to that server?
[00:31] <[Mew2]> Across all ports
[00:32] <sarnold> probably not; that might take some custom iptables rules, thuogh you might be able to collect them centrally using nagios once you have those rules written..
[00:33] <[Mew2]> Hmm ok
[00:33] <[Mew2]> I think I will start with nagios
[00:33] <[Mew2]> Thank you so much sarnold :) <33
[00:34] <sarnold> have fun [Mew2] :)
[00:34]  * [Mew2] excited
[00:39] <AlecTaylor> hi
[08:41] <[Mew2]> So nagios is accessed through webbrowser correct?  Does it require a login? Can I use fail2ban on incorrect logins?
[08:46] <ikonia> [Mew2]: no
[08:46] <ikonia> [Mew2]: it is a web gui, yes it requires a login
[08:46] <ikonia> you'd have to setup fail2ban bad bots to log scrape and pattern match incorrect logins
[08:51] <[Mew2]> Thank you ikonia :) <33
[09:13] <willemgf> Hi, We have a strange situation with vm's running ubuntu server 14.04 LTS on esxi-5.5. It happens that a VM doesn't boot well, it gets stuck on plymouth-upstart-bridge and doesn't go further. after performing ctrl-alt-del we see there are errors found on the disk, but we are at this point no more able to select the fix-option.
[09:14] <willemgf> what could be the reason the system gets stuck and get no interaction regarding the disk-error?
[09:15] <hateball> willemgf: are you running open-vm-tools on it, and have you fsck'd the disks?
[09:15] <willemgf> for now we edit the grub by adding init=/bin/bash in order to perform the e2fsck to get the system back fully operational. But I would like to see the console allowing us to select the action on the error during boot.
[09:16] <willemgf> hateball: yes, open-vm-tools is installed on the vm
[09:16] <hateball> something seems off if they keep corrupting
[09:17] <willemgf> once th efscj is done as described above, a reboot of the vm goes perfect
[09:18] <willemgf> But I thought we would be able to interact by default when a disk-error appears without performing our (temporary) method to perform the fsck
[09:21] <ikonia> willemgf: remove the boot splash
[09:21] <hateball> if errors are found it should indeed prompt you
[09:21] <ikonia> willemgf: see if there is anything else going on that you miss
[09:21] <ikonia> boot into single user mode too, see if you get a clean minimal boot
[09:21] <hateball> does pressing ESC remove the splash after it's "hung"? I cannot recall
[09:21] <ikonia> I don't think so, it depends on how/why it's hung
[09:22] <ikonia> most cases not, only if it's super slow will that work (I think )
[09:22] <hateball> I think they wanted to not have to reboot to grub and pick modes/alter options
[09:22] <hateball> rather see at once that it needed interaction to fsck
[09:23]  * hateball removes quiet splash in /etc/default/grub
[09:23] <ikonia> yeah, for me it's worth altering the splash on the fly just to see the boot process
[09:23] <willemgf> ikonia: from the grub, 'quiet splash' has been removed, so this is not the problem. We also tried to apply noplymouth, since we saw at the ctrl-alt-del that plymouth-upstart-bridge was killed by TERM.
[09:23] <ikonia> if you're running a server, I'd question if you ever need that splash in place
[09:24] <ikonia> willemgf: so you actually get to see the full boot process
[09:25] <willemgf> indeed we see the complete bootprocess, were it suddenly get stuck. no notification of the eroor in order to apply on of the options.
[09:25] <ikonia> so what's the last thing you actually see
[09:26] <willemgf> even ESC does not allow us to continue. Seems like something else is blocking in order to go further.
[09:27] <willemgf> any way to provide a record of our situation?
[09:27] <ikonia> willemgf: whats the last thing you see on the screen
[09:28] <willemgf> Will paste some screenshots from my recordmydesktop ...
[09:32] <willemgf> here it gets stuck: http://i.imgur.com/ZPbeWwm.png
[09:34] <willemgf> when performing ctrl-alt-del we see the following: http://imgur.com/RWoIZhP
[09:36] <ikonia> so plymouth looks like it's in a loop
[09:36] <ikonia> which is creating a wait loop in the boot process
[09:36] <ikonia> rather than hanging
[09:37] <ikonia> can you boot into single usermode ?
[09:38] <willemgf> that is what we thought too, but using noplymouth in grub does not solve the issue, it still gets stuck.Even in single user mode we have the same issue.
[09:39] <willemgf> As I said, our only way to solve it at this moment is to apply init=/bin/bash in order to get a shell, perform the e2fsck en reboot, wereafter the vm comes up well as expected.
[09:40] <ikonia> after you run the fsck and reboot normally it comes up ok ?
[09:42] <willemgf> yes, then it comes up normally
[09:42] <ikonia> so I would question if your actual problem is based around disk problems
[09:43] <ikonia> willemgf: if you reboot that now working VM a few times, does it stay working ?
[09:43] <willemgf> even that we tried already, after the e2fsck, rebooting the VM a couple of times, it comes up normally.
[09:44] <ikonia> ok, so that does suggest to me - disk problems on the VM from the host is a problem
[09:44] <willemgf> It only happens in case we have a situation were disk errors appeared on that vm
[09:44] <ikonia> how are you installing these machines ?
[09:45] <willemgf> Might be, a colleague also pointed to disk timeout as described on http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009465
[09:46] <willemgf> is it worth to thy this out?
[09:46] <willemgf> these are VM's installed by a template
[09:46] <willemgf> And they all worked fine after installation.
[09:47] <ikonia> I'd look at your template first
[09:47] <ikonia> is your template made out of a corrupted disk
[09:48] <ikonia> because if you are having a disk time out, I doubt an fsck would have an impact on that
[09:48] <willemgf> certainly not. We have other VM's made prom the same template that reboot correctly.
[09:48] <willemgf> *from*
[09:48] <ikonia> so how many of your VM's are having this problem
[09:51] <willemgf> Yesterday I had  VM's, today I had one. Maybe nice to know: these VM's were stopped as I needed to migrate the OS disk to another datastore.
[09:52] <ikonia> roughly how many out of how many VM's had this problem
[09:52] <ikonia> eg: 5 out of 100 built
[09:52] <willemgf> the VM's were initiale installed on slow datastores, and are now mirgated to faster datastores
[09:53] <ikonia> so they have broke in the migration ?
[09:53] <ikonia> or broke at install time
[09:53] <willemgf> I'm still performing this migration process. It's a new Vmware environment on which we have currently VM's running on.
[09:54] <ikonia> how where they migrated
[09:54] <ikonia> on the fly using vmware data migration tools ?
[09:54] <ikonia> or shutdown and the vmdk's moved
[09:55] <willemgf> through the migration process in the vsphere web client.The VM's were first brought down before migrating.
[09:55] <ikonia> roughly how many have had this problem ?
[09:56] <willemgf> Nevertheless, I would have expected that the boot of the VM would inform me in a correct way of any disk error on which I should be able to choose which action to perform. And this is not the case, so I guess some kind of bug in the upstart, not?
[09:57] <ikonia> you are getting a disk warning error on boot though are yo unot ?
[09:57] <ikonia> I suspect if you left it long enough for the plymouth-bridge to stop trying and time out, it would move on
[09:57] <ikonia> but complain of errors
[09:58] <willemgf> As we did not finished our migration process no idea of how many of the VM's, but for the   I did yesterday, I had this issue for  of them.
[09:58] <ikonia> for "them"
[09:58] <ikonia> how many did you have
[09:58] <ikonia> out of how many machines
[10:00] <willemgf> the eroor appears after applying tghe ctrl-alt-del. from that point on I saw extra lines appeared on the screen, but disappeared to fast in result of the reboot. That is why I recorded the situation and saw what came afterwards.
[10:01] <willemgf> Sorry num-loch was off: I had it for 5 VM's of the (about) 12 migtrations I performed yesterday.
[10:01] <willemgf> *num-lock*
[10:02] <ikonia> thats a higher ratio than I'd like
[10:03] <willemgf> Me too, that is why I came to ask on this channel for any possible help
[10:06] <willemgf> As of this morning I'm trying out different grub-options for a VM having this issue as well, so far no solution found yet.
[10:07] <willemgf> it gets stuck till I perform the ctrl-alt-del and can see the message regarding the disk-error. the VM for which I provided the screenshots.
[10:13] <willemgf> BTW, strange that, when noplymouth is used in grub (edit at boot) the startup still performs actions for plymouth-upstart-bridge!
[10:15] <ikonia> I dont think grub options will help disk problems
[10:15] <ikonia> it really looks like everything your showing me that certain boxes have migration disk corruption
[10:16] <willemgf> I totaly agree, but nevertheless I would expect to see on my console the error found on the disk(s) on which I should choose which action to apply, but We don't get this at all.
[10:18] <ikonia> willemgf: I suspect if you leave it long enough it will move onto the disk error
[10:20] <willemgf> now trying to boot in recover single user mode with grub options 'single nomodeset noplymouth'. Very slowly I see new lines appearing on the console, see: http://i.imgur.com/inDJV1l.png
[10:20] <lordievader> Good morning.
[10:38] <willemgf> ikonia: meanwhile, the boot in single user mode is still stuck, no message regarding the disk-error so far.
[10:39] <willemgf> Is not the way it should happen for each vm having this issue :(
[11:05] <ikonia> willemgf: how long are you waiting
[11:05] <ikonia> I'm just wondering how long it would take for the plymouth-bridge to give up re-rtying
[11:06] <ikonia> that console does just suggest disk errors to me
[12:04] <repozitor> i have configured my firewall very well, it's state is running
[12:04] <repozitor> but seems firewall don't work
[12:04] <repozitor> because still some ports are open!
[12:04] <willemgf> ikonia: just back from luch, and the VM is still stuck. So for 1h30, not what we should expect
[12:04] <repozitor> any idea to fix it?
[12:06] <hateball> !ufw | repozitor
[12:07] <repozitor> ubottu, i'm using firewalld and firewall-cmd
[12:07] <repozitor> hateball, ^_^
[12:07] <hateball> repozitor: Nothing I use, but at least you've provided more detail than "don't work" now
[12:08] <hateball> So someone else may know
[12:08] <repozitor> hateball, for example port 21 is not allowed. but nmap scanning show me it is open!
[12:09] <shauno> are you scanning from the same host or another?
[12:09] <repozitor> shauno. of course, other host
[12:21] <repozitor> shauno, any idea?
[12:22] <repozitor> i'm using firewalld for my ubuntu server
[12:22] <repozitor> but if ufw work better, i can use it instead
[12:27] <shauno> I have no idea about firewalld at all I'm afraid.  just grasping for low-hanging fruit ( / false positives)
[13:13] <repozitor> shauno, http://dpaste.com/2MNQR54
[13:13] <repozitor> i used ufw, but i still see my firewall don't block programs internet activity
[13:15] <repozitor> anyone have any idea?
[13:17] <lordievader> repozitor: What is the output of 'sudo iptables-save' (and 'sudo ip6tables-save' if you use ipv6)?
[13:19] <repozitor> http://paste.ubuntu.com/14429768/
[13:19] <repozitor> OMG, before configuring ufw, i use iptable -F
[13:19] <repozitor> why these command exist?
[13:20] <lordievader> repozitor: See lines 111 and 112.
[13:21] <repozitor> what is wrong with 111, 112?
[13:21] <repozitor> they allow me to connect by ssh
[13:21] <repozitor> as you see, ufw allow ssh output on above link
[13:24] <lordievader> You complain that port 22 is open, looking at line 111 that is correct.
[13:24] <lordievader> Oh wait, I misread the port.
[13:25] <repozitor> lordievader, i know ssh is open, it's ok
[13:25] <repozitor> i want to block 8080 for example
[13:25] <repozitor> why ufw don't block 8080 by itself?
[13:25] <repozitor> i never allowed 8080, but ufw can't block it
[13:26] <repozitor> so my question is why my firewall don't work?
[13:26] <repozitor> because of ufw status show me only ssh is allowed, i say my firewall don't work
[13:27] <lordievader> repozitor: 8080/tcp filtered http-proxy looks okay from here.
[13:28] <repozitor> REALLY? are you familiar with nmap?
[13:28] <repozitor> right now it show me it is open!!!!!!!!
[13:28] <repozitor> http://paste.ubuntu.com/14429812/
[13:29] <repozitor> also you can connect by teletn to 8080
[13:29] <repozitor> telnet 82.102.12.142 8080
[13:31] <lordievader> Hmm that is odd.
[13:31] <lordievader> Since your firewall rules do suggest it is being dropped.
[13:31] <lordievader> Is that machine behind a nat?
[13:32] <repozitor> no
[13:32] <repozitor> hhmm, it is located on RED station datacenter
[13:32] <repozitor> really i dunno
[13:32] <patdk-wk> does netstat show something listening to 8080?
[13:33] <lordievader> repozitor: You run tomcat on that port?
[13:33] <repozitor> patdk-wk. yeah
[13:33] <repozitor> yeah
[13:37] <repozitor> oh my god!!!!!
[13:37] <repozitor> now i uninstalled it and installed it again, and before i enable ufw, i allowed ssh
[13:37] <repozitor> and now when i enable ufw, my server is completely unreachable.
[13:37] <repozitor> i dunno what i should to do!!!!!
[13:38] <lordievader> repozitor: Try and get a console a different way (through a web service or something).
[13:38] <lordievader> Not sure if your providers has that service.
[13:38] <repozitor> lordievader, i know!
[13:42] <lordievader> repozitor: Let me know when you have access again ;)
[13:42] <repozitor> yeah, i fixed it again :))
[13:43] <repozitor> last week this problem occured, and i request  a direct console, they grant me
[13:46] <repozitor> anyone have any idea?
[13:48] <lordievader> repozitor: Yes, try 'sudo iptables -I INPUT 1 -p tcp --dport 8080 -j DROP'.
[13:49] <repozitor> lordievader, the problem is not 8080
[13:49] <repozitor> i want to know why firewall don't work!!!
[13:49] <repozitor> i should find a wise reason for this problem
[13:50] <lordievader> repozitor: This is a way of finding out why things don't work...
[13:53] <repozitor> lordievader, i DROP 8080, but it still is open!!!!!
[13:53] <repozitor> test  it by telnet
[13:54] <repozitor> needing a better idea
[13:54] <lordievader> My browser takes a long time to connect to it...
[13:54] <repozitor> lordievader, go to matrix world :D
[13:54] <shauno> fwiw, 8080 is timing out for me
[13:55] <lordievader> Telnet hangs on Trying 82.102.12.142...
[13:55] <lordievader> repozitor: Iptables works fine if you ask me. I guess the flaw is somewhere in the ufw rules.
[13:55] <shauno> is there a possibility it's being held open for your specific case by a conntrack rule?  so iptables thinks it's related to a previously-existing connection and passes your specific connection?
[13:56] <repozitor> shauno, http://paste.ubuntu.com/14429957/
[13:56] <repozitor> are you kidding me?
[13:56] <repozitor> i swear to GOD 8080 is open!!!!
[13:57] <patdk-wk> it is open
[13:57] <patdk-wk> but doesn't mean that it is HITTING your server
[13:57] <patdk-wk> do a tcpdump on your server for port 8080
[13:57] <shauno> I get http://paste.ubuntu.com/14429966/
[13:57] <patdk-wk> and see if you actually DO see the connection
[13:57] <ogra_> did you make sure to flush all rules you did set with firewalld before (by rebooting after removing all bits and configs of it) before you tired other fw tools ?
[13:57] <YamakasY> guy do you store your antispam loggings ?
[13:57] <YamakasY> archive
[13:58] <repozitor> YamakasY, me?
[13:58] <repozitor> no
[13:58] <YamakasY> ok
[13:58] <YamakasY> why not if I may ask ?
[13:58] <YamakasY> afraid for your wife ? :P
[13:59] <repozitor> no, usually antispam tool need money :D
[14:00] <shauno> if you have an antispam you can train, keeping hold of a pile of ham & spam to feed it can be beneficial.  if you don't/can't, there's not much worth holding on to
[14:00] <YamakasY> true
[14:00] <YamakasY> I mean as it's also a mail gateway, it might be handy
[14:01] <repozitor> shauno, something were wrong with apache, now i fix it
[14:03] <repozitor> any idea?
[14:03] <repozitor> what is wrong with ubuntu?
[14:03] <repozitor> firewall is running, and blocking all port except 22
[14:03] <repozitor> but nmap show me there are about 8port is opne
[14:03] <repozitor> open*
[14:06] <repozitor> any idea?
[14:08] <repozitor> how can i remove all iptables & ufw rules?
[14:09] <repozitor> i want to remove everything about firewall
[14:09] <lordievader> repozitor: First set your policies so that you still have access then: sudo iptables -F && sudo iptables -X
[14:10] <lordievader> That should leave you with just the empty built-in chains.
[14:10] <repozitor> lordievader, where i should set my policy?
[14:10] <lordievader> repozitor: ACCEPT
[14:11] <repozitor> hey buddy, i know how to work with iptables, ufw, firewall-cmd
[14:11] <repozitor> which of them do you mean?
[14:12] <pmatulis> tych0: hi, re yesterday's container migration question and the necessity of a 4.4 kernel. will that kernel, or the magic it brings, be backported to trusty or will people be expected to run the new LTS?
[14:13] <patdk-wk> repozitor, hmm, using a new tool won't fix it
[14:13] <patdk-wk> ufw and firewall-cmd are just tools that work ontop of iptables
[14:13] <tych0> pmatulis: 4.4 is going into X, so it should be available when linux-generic-lts-xenial comes available i think
[14:13] <patdk-wk> shorewall also
[14:13] <lordievader> repozitor: Looking at the command I gave you, iptables policies ofcourse.
[14:13] <patdk-wk> you should do like I said, and make sure that port is actually routed to your machine first
[14:13] <pmatulis> tych0: ta
[14:13] <lordievader> By the by, if you don't want my help, say so, it ain't my problem...
[14:40] <an3k> Hi everybody. I already googled and found plenty of commands to use but neither of them gave any information. I just installed Ubuntu Server 14.04.3 LTS on my Server using its Intel RSTe RAID. In the installation process Ubuntu found RAID Container and AHCI RAID Container. I selected "use them" for both. Now after the system is running neither dmraid nor dmadm knows about the raid (status,
[14:40] <an3k> etc.). I'm new to Linux Software Raids so I have no clue if the RAID is working well or not, especially because none of the commands shows useful information.
[14:49] <an3k> http://paste.ubuntu.com/14430372/
[14:51] <jrwren> pmatulis: I'm pretty sure trusty will get a 4.4 HWE kernel
[14:51] <pmatulis> jrwren: yeah, like tych0 said, the backport kernel
[14:51] <jrwren> pmatulis: ah, I didn't understand. Thanks.
[15:27] <jdstrand> repozitor: you might check the output of 'sudo /usr/share/ufw/check-requirements'. it is possible your kernel doesn't have everything ufw expects and isn't fully configuring itself (this can happen in hosting environments)
[15:45] <repozitor> now i'm tired, i dunno how to fix it!
[15:45] <repozitor> maybe i need to fresh install ubuntu
[15:46] <ogra_> repozitor, did you make sure to remove all traces of firewalld (never heard of it) and reboot before yu started playing with the other FW tools ?
[15:52] <repozitor> ogra_, i can't find all traces of firewalld, but i use apt-get to remove
[15:52] <repozitor> apt-get remove, apt-get clean, apt-get purge.
[15:53] <ogra_> remove or purge ?
[15:53] <repozitor> both of them
[15:53] <ogra_> and did you reboot to make sure to get back to a virgin state
[15:53] <repozitor> yeah
[15:54] <ogra_> (thoough if firewalld saves some iptables rules they might still persist, no idea how it works)
[15:55] <repozitor> i dunno whether ubuntu has this feature or not
[15:55] <repozitor> in macosx i can save all setting of application, and after installing we can restore them by time machine
[15:55] <repozitor> is there exist such this settings?
[15:55] <repozitor> features*
[15:55] <jrwren> repozitor: how do you do that? i've never seen that time machine feature.
[15:56] <repozitor> jrwren, did you ever use time machine?
[15:56] <jrwren> repozitor: yes, only to restore full system or single files, not app settings.
[15:56] <repozitor> install a fresh macosx, and put time machine backup disk into your os, and them use it
[15:56] <jrwren> repozitor: ah, so you mean full restore.
[15:56] <repozitor> no
[15:57] <repozitor> full restore change your main os to backup version
[15:57] <jrwren> repozitor: how is that not full restore?
[15:57] <repozitor> what?
[15:58] <jrwren> repozitor: ah, i've never used time machine that way. are you saying that i can have TM backup with older OSX and use newer OSX to restore it and it will not overwrite my newer OSX?
[15:59] <repozitor> jrwren, yeah, i use it for 2 time.
[16:00] <repozitor> probably you know all app setting is store in this path
[16:00] <repozitor> /Users/username/Library and this path is resotre when you restore app setting
[16:17] <an3k> Do I really need a swap with 128 GB RAM?
[16:18] <repozitor> if you reach at 100GB memory usage, yes
[16:18] <an3k> ok, then I don't. Thanks :)
[16:18] <shauno> I'm always tempted to keep swap, yeah.  stuff that's barely used can stay paged out and leave you with more free for whatever you bought 128 for
[16:19] <repozitor> shauno, i think os don't start page in/out if he don't reach at 100GB or 80GB
[16:20] <shauno> I have about 700Mb paged out, and over 50% of my ram is just caches
[16:20] <an3k> I'll barely maybe never reach the 60 GB ram usage mark and I don't want swap to be on the SATA-DOM or on the raid
[16:21] <patdk-wk> shauno, what is wrong with that?
[16:22] <shauno> absolutely nothing.  that's why I'm advocating at least a little swap so that stuff that's not being used, doesn't need to be wired
[16:22] <repozitor> shauno, in newer linux, app wont swap untill RAM usage reach at 75%, instead they chache files for faster IO, so you 700mb is full of file contents,  i guess
[16:22] <patdk-wk> how can 700mb of swap contain files?
[16:23] <patdk-wk> why would you put into disk, what is already on disk?
[16:23] <an3k> Microsoft knows :)
[16:23] <repozitor> patdk-wk, because they are dirty
[16:23] <shauno> that's what I mean though.  caching files is more efficient use of ram than holding onto a process that hasn't done anything in days
[16:23] <patdk-wk> heh?
[16:23] <patdk-wk> cache is not dirty
[16:24] <patdk-wk> that is not possible
[16:24] <patdk-wk> 700mb paged out can only be application memory
[16:24] <repozitor> patdk-wk, they can write into the original file's disk, because in feature os move them again into RAM
[16:24] <patdk-wk> not file cache, not file buffers
[16:24] <patdk-wk> then it WOULD NOT BE paged out
[16:25] <patdk-wk> but written to disk
[16:25] <patdk-wk> and would not show up in the 700mb of paged to swap
[16:25] <patdk-wk> so the 700mb would not apply to those
[16:25] <repozitor> patdk-wk:700mb paged out can only be application memory
[16:25] <repozitor> prove it
[16:25] <patdk-wk> I don't need to
[16:25] <patdk-wk> read the linux kernel documentation on memory management
[16:25] <jrwren> an3k: skip the swap partition, apt-get install swapspace, and it will be zero swap until you need it.
[16:25] <nacc> an3k: the short answer is, it depends ...
[16:25] <patdk-wk> you are the one saying the documentation is wrong
[16:26] <nacc> an3k: and you can always use swapfiles, or swapspace
[16:26] <repozitor> patdk-wk, show me a reference indicating this topic
[16:27] <repozitor> patdk-wk, i never said "documentation is wrong"
[16:27] <repozitor> if you think so, prove it
[16:27] <patdk-wk> https://www.kernel.org/doc/gorman/html/understand/understand014.html
[16:27] <patdk-wk> you think so too, prove yours :)
[16:28] <patdk-wk> you did read that first sentence right?
[16:29] <shauno> you don't page out disk caches, you just commit them.  if they're gonna hit the disk anyway, may as well do it properly
[16:29] <patdk-wk> you don't commit disk caches
[16:30] <patdk-wk> you DROP them
[16:30] <patdk-wk> your commit disk buffers
[16:30] <patdk-wk> cache == read, buffers = dirty writes
[16:33] <repozitor> patdk-wk, answer me
[16:33] <repozitor> imagine you have 8GB memory, and you working with gimp, you load a 6GB image into the disk, and now os want to load another applications, so os need 5GB of memory
[16:33] <repozitor> you think os drop gimp file?
[16:33] <repozitor> or swap it into swap area, so user can still work with it?
[16:33] <patdk-wk> http://linux-mm.org/Low_On_Memory
[16:33] <patdk-wk> the authorative source on it
[16:33] <repozitor> read doc CAREFULLT
[16:34] <repozitor> CAREFULLY*
[16:34] <patdk-wk> repozitor, you oviously are confused and don't know what memory is
[16:34] <patdk-wk> loading a file into gimp != cache
[16:34] <patdk-wk> it is GIMP memory, assigned to gimp, unless gimp mmapped it, and it doesn't
[16:34] <patdk-wk> so that file is no longer a file it is application memory assigned to gimp
[16:34] <an3k> I think https://help.ubuntu.com/community/SwapFaq helps :)
[16:35] <patdk-wk> to claim it is a file or cache is completely wrong
[16:35] <patdk-wk> and that *file* is no longer a file in gimp, cause that image is not 6gigs anymore, cause gimp will have to decode/decompress and create structures to use that image
[16:35] <patdk-wk> so it's likely much much larger
[16:35] <patdk-wk> there is no way to claim that is a *file* anymore once it is loaded into an application
[16:36] <patdk-wk> now if you want to state it correctly
[16:36] <patdk-wk> you loaded your 6meg image into gimp
[16:36] <repozitor> patdk-wk, hhhm, sorry, i remeber another thing
[16:36] <repozitor> my question was totaly wrong!
[16:36] <patdk-wk> the 6meg image is in the disk cache, and the decompressed gimp copy of that image is in gimp application memory as 50megs
[16:36] <patdk-wk> the 6megs will be dropped at any time linux feels like it
[16:36] <patdk-wk> but the 50meg one would have to be swapped
[16:46] <pbxman> is there a way to know what console commands were sent by a user and the time they were sent in Ubuntu?
[16:47] <patdk-wk> if the user is forced to use sudo, yes
[16:48] <patdk-wk> if not, and you didn't force the user to use a shell that logged that info, then no ( the default )
[16:48] <pbxman> auth.log?
[16:48] <patdk-wk> yes, that will show logins and sudo commands
[16:49] <pbxman> Does a kill -9 show up?
[16:49] <patdk-wk> was it run as, sudo kill -9
[16:49] <patdk-wk> then yes
[16:49] <patdk-wk> if not, then no
[16:49] <pbxman> ok thank you for that patdk-wk
[16:51] <an3k> Is root login with password NOT permitted because one could steal the password entered when logging in?
[16:54] <patdk-wk> it's just such a bad idea generally
[16:54] <patdk-wk> and people don't generally use good password
[16:54] <patdk-wk> so if they go through the work to enable that, heh, the should have learned the issues with enabling it too :)
[16:57] <an3k> Indeed but the current approach isn't any more secure. If I MITM the password of root I am root, sure. But if I MITM the password of the user used to login then sudo I am root too
[16:59] <patdk-wk> how are you doing MITM
[16:59] <patdk-wk> and who said it was to protect against MITM at all? atleast I didn't
[16:59] <an3k> dunno but that was one reason I got told of why direct root login isn't disabled by default
[17:00] <patdk-wk> ssh fingerprints limit mitm
[17:00] <an3k> yes but these doesn't help
[17:00] <an3k> Let me try to explain.
[17:00] <patdk-wk> these?
[17:00] <patdk-wk> it matters not what authenication method you use
[17:01] <patdk-wk> if you are MITM, it's already an issue when you make the connection
[17:01] <an3k> There's server A. It allows SSH login as root with a password.
[17:01] <patdk-wk> so I dunno how a root password has anything to do with mitm
[17:01] <an3k> And there's server B. It does NOT allow SSH login as root with a password. Instead you have to login to your normal user account (which uses a password) and then sudo.
[17:02] <patdk-wk> still dunno how mitm has anything to do with this
[17:02] <an3k> In both cases somebody else gets root access as soon as he knows the password (of either root or the normal user).
[17:02] <an3k> ok, stop focusing on MITM now ;)
[17:02] <patdk-wk> yes, that is true
[17:02] <patdk-wk> but the server A, they also need to know a valid username
[17:03] <patdk-wk> in the second, they already know root is a valid username, and only need the password, and randomly guessing is *fine*
[17:03] <an3k> vice-versa but you're absolutely right. Never really thought about this.
[17:05] <patdk-wk> I do set a root password, but also don't allow root logins on ssh
[17:06] <an3k> I do too but also allow root-ssh-login since it's a seperated network and just a LAN server
[17:10] <thebwt> we turn off password auth for root in the sshd conf.
[17:11]  * thebwt resumes lurk mode
[17:14] <an3k> yeah, already found the required setting yesterday when working on the server. PermitRootLogin with-password is nicely misleading :)
[17:23] <an3k> hmm, interestingly all the guides on how to setup ubuntu server on a software raid are wrong. RAID10 is supported by the installer and nothing has to be done in console or Live environment before the actual installation.
[17:26] <patdk-wk> heh?
[17:26] <patdk-wk> I thought it was always supported
[17:27] <patdk-wk> atleast since 10.04 or maybe it was 12.04
[17:27] <patdk-wk> there is only one guide that matters, and that is the ubuntu documentation though
[17:30] <an3k> hmm, that isn't found using google
[17:32] <an3k> and https://help.ubuntu.com/lts/serverguide/advanced-installation.html is actually not "correct". I haven't tested it so it may work but theres no need to manually create partitions on
[17:32] <genii> AFAIK all RAID types are supported during install for server and alternate
[17:34] <an3k> is that guide (mostly) in german for you too?
[17:36] <an3k> for example I didn't created any partitions (swap and /) on the RAID drives. I simply created a partition table on each and then "Create Software RAID > Create MD"
[17:52] <an3k> is there a difference between both approaches?
[18:27] <binwiederhier> Hello there, I was wondering if there was still a chance to get PHP 7 into Ubuntu 16.04. I hear that it might be a bit late for that, but a little bird told me (https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1522422) that rbasak might know more?! Apologies for the hightlight, I hope that's okay :-)
[18:29] <ikonia> it's not released yet 7 is it ?
[18:30] <binwiederhier> it has been released. a month ago or so.
[18:30] <nacc> binwiederhier: I'm going to be taking a look at exactly that
[18:30] <ikonia> was it really a month or so
[18:30] <binwiederhier> but see it this way: "I don't know anyone running Ubuntu servers who's using the stock PHP because it's usually too old. People either use Ondrejs PPAs, compile themselves or use some other vendor (i.e. Plesk provided packages). PHP 5.6 support ends August 2017. That's 9 months of backporting security fixes. PHP 7.0 is supported until December 2018. If you ask me, this is a no-brainer. "
[18:30] <nacc> binwiederhier: just starting on it now ... can try and keep you posted
[18:30] <ikonia> maybe a bit too soon for a long term support release
[18:30] <ikonia> pretty much every ubuntu server I see with php is the stock LTS version
[18:30] <ikonia> it's no way too old
[18:32] <nacc> binwiederhier: fwiw, it's in universe already just fyi
[18:32] <binwiederhier> last i checked it was "proposed"
[18:33] <nacc> https://launchpad.net/ubuntu/+source/php7.0
[18:33] <nacc> 7.0.1-5 is in release
[18:33] <nacc> 7.0.1-6 is in proposed
[18:33] <binwiederhier> 4 hours ago!
[18:33] <binwiederhier> ?!
[18:33] <nacc> :)
[18:33] <binwiederhier> wow
[18:33] <Pici> ha
[18:33] <nacc> enjoy!
[18:34] <ikonia> universe is a good solution
[18:34] <ikonia> use at your own risk, but a good proving ground
[18:34] <an3k> oh great ... resolvconf is now not capable of simply adding the DNS server upon boot once VLAN is added ....
[18:42] <patdk-wk> heh?
[18:42] <patdk-wk> it does for me
[18:43] <an3k> it did for me yesterday with the previous installation too but now it doesnt
[18:45] <an3k> I use VLAN on bonding on two NICs. That worked perfectly with the previous install
[18:49] <an3k> what's the logfile for all the stuff shown at booting with the [OK] at the right sideß
[18:52] <an3k> http://paste.ubuntu.com/14431912/ ... I hadn't these issues yesterday
[18:55] <an3k> if the log entries are correctly ordered then why is IPv6 and 8021q processed before bond?
[18:58] <an3k> is it possible that it doesn't work because Ubuntu thinks both NICs have the very same MAC address?
[18:59] <patdk-wk> how did you configure your interfaces file?
[18:59] <patdk-wk> but that isn't the real issue
[18:59] <patdk-wk> bond0 was created, the vlans added
[18:59] <patdk-wk> but the interface is down, cause the eth0/eth1 haven't been enslaved yet
[19:01] <an3k> http://paste.ubuntu.com/14431994/
[19:02] <patdk-wk> remove the bond-slaves line
[19:02] <patdk-wk> actually
[19:02] <patdk-wk> bond-slaves none
[19:02] <patdk-wk> you doubled it up
[19:02] <patdk-wk> with the bond-master
[19:02] <patdk-wk> should only use one of them
[19:03] <patdk-wk> is vlan_raw_device optional? I always set it
[19:04] <an3k> I can't remember now but afaik I got a warning or error without bond-slaves set
[19:04] <an3k> I never set vlan_raw_device and never had problems (until now ;)
[19:05] <patdk-wk> http://paste.ubuntu.com/14432017/
[19:05] <patdk-wk> is what I use
[19:41] <an3k> I just do a new install and (try to) do the same I did yesterday and see if that works
[20:36] <jge> Hey all, I wrote a init script for a JAR file I would like to run under a limited system user. My command looks like this: sudo su btds -s /bin/sh -c "nohup  java -jar $PATH_TO_JAR --propertiesFile /etc/btds/btds.properties 2>> /dev/null >> /dev/null &"
[20:36] <jge> However, when I run it. Nothing happens.
[20:36] <jge> I've seen it start for a second or two and then shutds down
[20:36] <jge> anyone's got a clue what I'm missing here :\
[20:38] <shauno> no ideas, but perhaps remove the /dev/null redirects so you can see if/what it's complaining about during its short life?
[20:38] <jge> shauno: ahh good idea, let me try that
[20:40] <jge> bingo nohup: failed to open ‘nohup.out’: Permission denied
[20:40] <jge> im running the command as sudo though..
[20:41] <sarnold> nohup sudo   or sudo nohup? :)
[20:41] <tarpman> jge: you can replace that entire sudo, su, sh, nohup machinery with a single start-stop-daemon
[20:43] <shauno> you're not running it with sudo, you're running it with su btds.  you're running su with sudo.  so most likely it's trying to write to nohup.out in the current cwd as btds
[20:43] <jge> tarpman: Yeah I came across a site which recommended this as well, no idea how it works though so I picked the easiest solution
[20:44] <jge> sarnold: I did sudo nohup
[20:44] <repozitor> patdk-wk, shauno, http://paste.ubuntu.com/14432573/
[20:44] <repozitor> can you evaluate it?
[20:44] <jge> and I get :  sudo: no tty present and no askpass program specified
[20:45] <jge> shauno: you're right
[20:46] <jge> what if I create a nohup.out file in the current cwd and chown to btds, would that work?
[20:46] <patdk-wk> repozitor, not really
[20:46] <patdk-wk> you need to use -nn I think
[20:46] <patdk-wk> or maybe you just didn't use -n
[20:46] <patdk-wk> and you probably want to dump all 3
[20:47] <patdk-wk> iptables -L -nv
[20:47] <patdk-wk> iptables -L -nv -t mangle
[20:47] <patdk-wk> iptables -L -nv -t raw
[20:48] <patdk-wk> based on what your posted, assuming the /etc/services is ubuntu default, 8080 should not be accepted
[20:49] <patdk-wk> but if it is being forwarded, or intercepted, those paths are open
[20:49] <patdk-wk> cause your forward table allows all
[20:49] <patdk-wk> but that normally isn't used unless nat is enabled or something
[20:49] <repozitor> patdk-wk, i think about memory swap, i think you were right, my apologize :D
[20:50] <repozitor> patdk-wk, you need the output of -L -nv?
[20:50] <patdk-wk> it would help, your ports are mapped to services file
[20:50] <patdk-wk> so I don't know if webmin is 8080 or 10000
[20:51] <patdk-wk> could be anything :)
[20:51] <patdk-wk> or even that http means 80
[20:51] <repozitor> http://paste.ubuntu.com/14432662/
[20:51] <repozitor> webmin are listen on 10000
[20:51] <patdk-wk> that says you have no firewall configured
[20:52] <repozitor> are port are set by default, for example http is 80
[20:52] <patdk-wk> via /etc/services
[20:53] <repozitor> sorry buddy, before -L -nv i stopped iptables
[20:54] <repozitor> http://paste.ubuntu.com/14432692/
[20:54] <repozitor> this is the output of your command after starting firewalld
[20:55] <repozitor> any idea?
[20:56] <patdk-wk> ya, very interesting
[20:56] <patdk-wk> you see lines 6,7,8
[20:56] <patdk-wk> line 6, matches to line 107, does nothing, ignored
[20:57] <patdk-wk> line 7 matches line 104, does nothing
[20:57] <patdk-wk> line 8 matches 97, here EVERYTHING is accepted
[20:57] <patdk-wk> no nothing is ever denied
[20:57] <patdk-wk> somehow your network interfaces (eth0/tun0) are not mapped to zones
[20:58] <patdk-wk> zones you have are dmz, external, home, internal public, trusted, work, ...
[20:58] <mkander_> I have 4 web servers that all host the same web page. When I change something in the php files I want to push it out to all servers. What is the best way to do this? Ill be doing this on Google Compute Engine, so it must be possible to just start a new node and it automatically pulls in the latest files.
[20:58] <repozitor> i can just understand what you says, but can't to fix it
[20:58] <patdk-wk> I can't either
[20:59] <patdk-wk> I don't use or really care how to use firewalld :)
[20:59] <repozitor> yea, i have these zones
[20:59] <repozitor> REALLY?
[20:59] <patdk-wk> heh?
[21:00] <patdk-wk> your not paying for me to help ,ubuntu isn't, and I have to leave :)
[21:00] <repozitor> you just said i don't use …
[21:00] <repozitor> and i put a comment: REALLY?
[21:00] <patdk-wk> atleast you know what is wrong
[21:00] <repozitor> i can't sleep without firewall!!!
[21:00] <patdk-wk> I said I don't
[21:00] <patdk-wk> you can use anything you want :)
[21:00] <patdk-wk> so I cannot answer you off the top of my head, and I don't have time to research the solution for you
[21:01] <repozitor> of course
[21:01] <patdk-wk> atleast you kow where the problem is though
[21:01] <repozitor> patdk-wk, change your mind about firewall later :D
[21:01] <repozitor> i'm serious.
[21:01] <patdk-wk> why?
[21:02] <patdk-wk> I don't like firewalld or ufw
[21:02] <repozitor> no, i mean firewall, not exactly firewalld or ufw
[21:02] <patdk-wk> I normally use iptables., shorewall, cisco acl, asa, ...
[21:04] <repozitor> patdk-wk, so maybe you know how can i delete this rules?
[21:08] <EmilienM> coreycb, jamespage: last week you told me we would have mitaka this week, what is the status please?
[21:08] <EmilienM> (in trusty)
[21:10] <coreycb> EmilienM, have I pointed you to this before? http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/mitaka_versions.html
[21:11] <coreycb> EmilienM, it's a good way to check status of packages in the mitaka cloud archive
[21:11] <EmilienM> coreycb: maybe I missed that, thanks a lot
[21:11] <EmilienM> I'll stop asking now :-)
[21:11] <EmilienM> coreycb: is it for trusty?
[21:11] <coreycb> EmilienM, I think we have most everything in proposed for trusty-mitaka
[21:12] <EmilienM> awesome!
[21:12] <EmilienM> I'm testing it right now
[21:12] <EmilienM> we were mainly waiting for that for our bump
[21:12] <coreycb> EmilienM, to ready that, left column is xenial, and the right 3 columns are trusty-mitaka
[21:12] <coreycb> ready=read
[21:12] <EmilienM> ok makes sense
[21:12] <EmilienM> coreycb: thx again
[21:12] <coreycb> EmilienM, you're welcome
[21:31] <repozitor> which web-based tool is proper for ubuntu?
[21:31] <repozitor> except webmin
[21:32] <jc_> Hi All. I have the HP 40L. I've place Ubuntu server on the 250GB hard drive and allocated it with 35GB through LVM. I've further 80GB I've assigned also from the 250GB hard drive. In addition there are two 1tb drives that I would like to put media on. How can I link these two together so that they are in a Raid that offers redundancy?
[21:43] <uxfi> Hey how do I test my HTML CSS code on Ubuntu server on a VM?
[23:33] <an3k> patdk-wk: I'm done with the reinstall and guess what. The exact same configuration now works
[23:35] <an3k> the only issue I have left is that bond0 still has its own IPv6 address. AFAIK it shoudn't have any?!
[23:37] <rbasak> hallyn: a question on the ubuntu-devel-discuss ML might be relevant to your work (cgroups), I'm not sure.
[23:38] <hallyn> rbasak: i'll look in a bit, thx
[23:39] <hallyn> oh -discuss.  i'm not on that
[23:41] <an3k> https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2016-January/016090.html
[23:43] <hallyn> answer: systemd
[23:43] <hallyn> we've talked about creating a new boot-time service to create cgroups that admins want, but
[23:43] <hallyn> if we do that we'll constantly be stubbing toes against systemd which wants to own those anyway
[23:44] <hallyn> oh i see, someone replied to that effect already :)
[23:51] <rbasak> binwiederhier: I replied in the bug.
[23:51] <rbasak> binwiederhier: no problem with you pinging us for status updates on this channel at all. It's the appropriate venue to ask.
[23:52] <rbasak> binwiederhier: though I should probably reply in the bug when appropriate for others to see too.
[23:55] <an3k> RAID Q: Why should I create the partitions on each RAID member hdd before I create the RAID instead of simply creating the RAID and then creating the partitions on the RAID device?