truexfan81 | anyone about to successfully get phpmyadmin to work with nginx on 14.04 server? | 02:48 |
---|---|---|
truexfan81 | for some reason the auto config program that runs during the package install doesn't have nginx as an option, and when you go with neither it doesn't seem to generate a config file for it | 02:49 |
truexfan81 | so without the config i'm unable to give it my ip address to gain access to it | 02:50 |
Razva | I have two nics, both with static IPs. if I set an IP to the first nic, the settings get auto-applied on the second one. why?! using GNOME. | 07:45 |
hateball | Razva: Do you mean that both NICs get the same IP? | 07:49 |
hateball | or what are "the settings" in this case | 07:49 |
Razva | hateball exactly, both nics get the same IP and I have no idea why. | 07:51 |
Razva | if I set the LAN IP on the second one, the WAN will be changed. same with WAN -> LAN. | 07:51 |
hateball | Razva: Weird. I don't run GNOME so I dunno why that might be | 07:52 |
hateball | Razva: if you manipulate network-manager from a terminal, does it behave the same? | 07:52 |
Razva | hateball yyyyyyyyup... | 07:52 |
hateball | Razva: using nmcli, that is? | 07:53 |
Razva | hateball I've just manually set the networking from cli and rebooted, let's see what's happening... | 07:55 |
Razva | bah, didn't worked. reinstalling with Lubuntu. I need a browser on this specific server so... | 08:16 |
hateball | Razva: network-manager is still the same, regardless what DE you use | 08:19 |
hateball | Razva: and there'd be no need to reinstall, you could just apt-get install lubuntu-desktop | 08:19 |
Razva | hateball I've done a netinstall and choose Lubuntu, it works like a charm | 09:18 |
hateball | Razva: weird. must be a bug in gnomes network manager frontend then | 11:01 |
hateball | Razva: I use KDE Plasma and I have no problems using multiple NICs at least | 11:01 |
LostSoul | Hi guy | 11:22 |
LostSoul | It might be stupid question but how change default users group? | 11:22 |
LostSoul | Or make sure all user will be in group X as I use domain login with lib-nss | 11:23 |
bekks | Add the default user group to group X. | 11:27 |
Walex2 | LostSoul: "default users group" is a bit ambiguous. | 11:33 |
Walex2 | LostSoul: on *login* a user has a primary group defined in '/etc/passwd' and a list of secondary groups, all those listing the user name in '/etc/group'. They are all "default" groups. | 11:34 |
LostSoul | I see | 11:34 |
LostSoul | I want all AD users to be in certain group | 11:34 |
Walex2 | LostSoul: as to "make sure all user will be in group X" that depends on your use account management scripts. That's an administrative decision. | 11:34 |
LostSoul | Hmm | 11:35 |
LostSoul | I want all users that are able to login via AD to be in certain group | 11:35 |
Walex2 | LostSoul: that may depends on whether 'libnss' allows you to do that. | 11:35 |
LostSoul | Second question is if there is bug in lib-nss as when I add more than X groups in ldap.conf then it starts connecting and getting users | 11:36 |
Walex2 | LostSoul: https://help.ubuntu.com/community/LDAPClientAuthentication might help you | 11:38 |
Walex2 | LostSoul: "Assign local groups to users" section | 11:38 |
LostSoul | Thanks Walex2 | 11:39 |
Walex2 | LostSoul: also https://bugs.launchpad.net/ubuntu/+source/pam/+bug/297408 | 11:40 |
ubottu | Launchpad bug 297408 in pam (Ubuntu) "pam_group does not support NSS groups" [Undecided,Fix released] | 11:40 |
LostSoul | Hmm | 11:44 |
LostSoul | But still, is it normal than after adding more than 6-8 groups in ldap.conf it stops working? | 11:44 |
bekks | Sounds like a lot of groups. | 11:45 |
LostSoul | Hmm | 11:48 |
LostSoul | I've added those lines to /etc/security/group.conf and also added other stuff to pam but seems user is still not in group I wanted him to be ;/ | 11:53 |
jamespage | coreycb, ddellav: hey - I pushed a load of changes to the neutron package - generaly tidy up and bug fixes | 11:59 |
jamespage | coreycb, also reverted the agent/server mixup | 11:59 |
jamespage | coreycb, not sure whether that bug is really relevant any longer... | 11:59 |
Walex2 | LostSoul: traditionally UNIX/Linux systems had a limit of 16 groups, and now most implementations support 256. But with AD could be lower limits. | 12:13 |
koolhead17 | hello world | 12:17 |
LostSoul | Walex2: It's not user | 12:23 |
LostSoul | I want to add AD matching (so that certain users can login via ssh on server) | 12:24 |
LostSoul | so when I add more than 6-8 groups in ldap.conf it stops showing users (getent passwd) | 12:24 |
bekks | LostSoul: do you get a specific error? | 12:28 |
LostSoul | Nope | 12:36 |
LostSoul | No error at all | 12:36 |
bekks | Then how do you determine "it is not working"? | 12:36 |
LostSoul | When I add more than X group mapping getend doesn't return AD users | 12:36 |
LostSoul | Also I can't login :) | 12:36 |
bekks | So you get a login error? | 12:36 |
LostSoul | Yes | 12:37 |
bekks | So this is wrong?: "< LostSoul> No error at all" | 12:38 |
LostSoul | I mean it doesn't get users from AD when I add more than X mappping in ldap.conf | 12:39 |
LostSoul | So it's not error as user is not searched in AD | 12:39 |
LostSoul | when I add X mapping in ldap.conf and typing getend passwd - I'm getting user list (including AD users) | 12:40 |
LostSoul | When I add X +1, then getent passwd returns only local users | 12:40 |
LostSoul | So I'm wondering if there is a limit | 12:40 |
bekks | And did you configure logging for ldap already and investigate the logs? Or even used strace? | 12:43 |
Walex2 | LostSoul: there is then probably a limit, but it would be surprising it is on the Linux side. | 12:46 |
Walex2 | LostSoul: you can use 'ldapsearch' or 'shelldap' to query the MS-AS LDAP server to see what it returns. | 12:47 |
LostSoul | Walex2: assign group works - thanks! | 12:58 |
LostSoul | But still this search .. | 12:58 |
coreycb | jamespage, thanks for fixing up neutron | 12:59 |
jamespage | coreycb, np | 12:59 |
jamespage | just testing the upgrade path is ok and I'll upload | 12:59 |
^King | hey | 13:37 |
^King | How to check if a package is installed? | 13:38 |
lordievader | ^King: dpk -l | 13:39 |
lordievader | dpkg* | 13:39 |
hateball | apt-cache policy <package> | 13:39 |
bekks | apt-cache policy will do that job too | 13:39 |
Razva | why in the world does autopilot installs Landscape on a LAN IP?! aaargh | 14:15 |
Razva | is there any way to "move" it to an external IP? | 14:15 |
^King | Hey, is it possible to change a account name on a ubuntu server? | 14:21 |
^King | Similar to changing passwords with passwd | 14:21 |
LostSoul | Walex2: Still around? | 14:23 |
LostSoul | I was wondering if there is way to set up same home dir to all ldap users | 14:23 |
sdeziel | ^King: usermod --login foo bar # renames bar to foo | 14:23 |
sdeziel | ^King: man 8 usermod for details | 14:23 |
saket_ | my juju is putting landscape to private IP | 14:25 |
saket_ | how can I access it remotely | 14:25 |
^King | sdeziel: Will that also change the dir name? | 14:26 |
^King | /home/newusername/ | 14:27 |
sdeziel | ^King: no but if you pass it --move-home it will | 14:27 |
sdeziel | ^King: you might also want to rename the primary group as well (groupmod) | 14:27 |
^King | Then I'll just recreate a new username then. | 14:28 |
^King | Create a new user* | 14:28 |
saket_ | hi | 14:29 |
saket_ | can anyone help me on landscape and juju | 14:29 |
saket_ | @dweaver, do you have exprience on JUJU and MAAS | 14:45 |
LostSoul | Remind me which rc is loaded after ssh login to server? | 14:49 |
Razva | jamespage can uou please help my colleague saket? we'r struggling with this here :) | 14:50 |
jamespage | coreycb, neutron uploaded | 15:01 |
LostSoul | Is there way to force pam other module to set home for all user to certain folder? | 15:04 |
coreycb | jamespage, awesome, thanks again for the cleanup! apologies for the cruft. | 15:05 |
jamespage | coreycb, np | 15:06 |
jamespage | coreycb, apologies for sending your on a red-herring task with switching out plugins for neutron-server | 15:06 |
jamespage | as there is only ml2 in tree now... | 15:06 |
coreycb | jamespage, ok gotcha | 15:06 |
jamespage | coreycb, I have of course now broken neutron-openvswitch and neutron-gateway charms... | 15:06 |
jamespage | I/we | 15:07 |
coreycb | jamespage, heh, well that happens | 15:07 |
coreycb | got to play catch up | 15:07 |
LostSoul | ? :) | 15:10 |
dweaver | saket_, Yes I do | 15:49 |
dweaver | saket_, do you need some help with something? | 15:50 |
^King | I can't install tk8.6, only 5. Why is that so? | 15:53 |
^King | Only tk8.5 | 15:53 |
=== Guest59764 is now known as karstensrage | ||
Razva | back | 17:27 |
Razva | ok soooo can please somebody tell me if/how can we access the Landscape LAN IP from...our public range? | 17:27 |
Razva | because Juju/AutoPilot setup a private IP, which obviously cannot be accessed from outside | 17:28 |
jamespage | ddellav, coreycb: lots of oslo.* releases today :-) | 17:35 |
coreycb | jamespage, ack thanks. we're working through the clients today. | 17:35 |
jamespage | Razva, its assumed that you have some access to the network that landscape and the cloud are being deployed to | 17:36 |
Razva | jamespage yup, obviously :D | 17:43 |
Razva | but tunneling through a proxy via Putty is not a good long-term solution :D | 17:43 |
jamespage | agreed | 17:43 |
Razva | soooo any hints? | 17:46 |
Razva | ? | 17:55 |
hallyn | anyone have a >=80cpu system they could use to run the testcase in bug 1358835 to verify bug 1535494 ? | 18:21 |
ubottu | bug 1358835 in numactl (Ubuntu Vivid) "numa_node_of_cpu() returns warning when cpu_index > 79" [High,Fix released] https://launchpad.net/bugs/1358835 | 18:21 |
ubottu | bug 1535494 in numactl (Ubuntu Wily) "Fix numa_node_to_cpus patch" [Undecided,Fix committed] https://launchpad.net/bugs/1535494 | 18:21 |
hallyn | else i'll just verify that it acts sanely in a smaller vm | 18:22 |
ddellav | jamespage good thing im doing those today then heh | 18:26 |
jamespage | ddellav, +100! | 18:27 |
Razva | jamespage sorry for bugging you, but can you please point us into the right direction? | 18:35 |
Razva | anyone...? | 18:43 |
sarnold | Razva: port forwarding on your firwall perhaps? | 18:46 |
Razva | from where to where...? | 18:47 |
sarnold | from whatever your public range is to whatever your private range is? :) | 18:50 |
Razva | note: I'm using leased servers | 18:50 |
Razva | aaaand I don't currently own a switch/router/firewall | 18:50 |
sarnold | Razva: ah. then your hosting provider can probably lease you IP addresses too? I dunno how that bit works out.. | 18:55 |
teward | Razva: you need to talk to the hosting provider then to get guidance on how to forward ports on the infrastructure | 18:55 |
teward | as well as IPs, etc. | 18:55 |
jamespage | Razva, sorry - you caught me just as I had to head out for a bit | 18:56 |
jamespage | Razva, can you explain how your servers are networked a bit (this may be a bit async as have to duck out again in a few minutes) | 18:57 |
teward | jamespage: he may not know... | 18:58 |
teward | [2016-02-22 13:50:27] <Razva> note: I'm using leased servers | 18:58 |
teward | [2016-02-22 13:50:40] <Razva> aaaand I don't currently own a switch/router/firewall | 18:58 |
jamespage | might be tricky to figure this out then... | 18:59 |
teward | ^ that's why I suggested they reach out to the ones they lease from for some guidance on forwarding ports, etc. that way | 18:59 |
teward | (it may be something that has to be done by the provider) | 18:59 |
teward | (though that'd be highly irregular) | 18:59 |
Razva | jamespage I have my own IP class + my own VLAN | 19:23 |
Razva | each server has one nic connected to the public IP class + another nic connected to the vlan | 19:24 |
Razva | at this point it seems that Landscape is installed into a LXE container on one of the machines (not on the maas machine), which I suppose it's ok | 19:24 |
Razva | but now the problem is that...there's no real way to access Landscape from "outside", except doing a proxy/tunnel | 19:25 |
Razva | aaaand problem #2 | 19:31 |
Razva | seems that Autopilot doesn't "wants" to setup a 5 node OpenStack cluster. everything is "green" but Cinder fails to deploy. saket_ is digging in the logs but he cannot find anything relevant. any hints? | 19:32 |
=== alexisb is now known as alexisb-afk | ||
=== AndyTechGuy is now known as _atg | ||
Razva | [ERROR] Failed to upload leases: 'str' object has no attribute 'mac' | 20:20 |
Razva | oh I really love this. | 20:20 |
Razva | no documentation in this kind of issues, and minimal logs. | 20:20 |
=== uaa is now known as Guest61494 | ||
=== Guest61494 is now known as damascene | ||
=== _atg is now known as AndyTechGuy | ||
coreycb | ddellav, I dropped python-doc8 from ironicclient as it's not needed for package builds | 21:00 |
ddellav | coreycb ack | 21:01 |
=== damascene is now known as ahmed_sabir | ||
=== ahmed_sabir is now known as damascene | ||
coreycb | zul, jamespage, can you subscribe a team to python-requestsexceptions? | 21:12 |
=== alexisb-afk is now known as alexisb | ||
cluemann | Hello. I'm currently in the process of installing ubuntu server (15.10) on a machine that was a gentoo machine up until now. The machine has a raid6(dm_crypt(lvm)) disk layout. I'm not familiar with configuring raid/dm_crypt/lvm in the ubuntu installer and I'm afraid to play around because I can't afford to lose data on the disk. | 21:22 |
cluemann | I'm in manual disk setup, and it recognizes the raid6 array but marks it as 'auto-read-only'. I'm unsure if using the 'Configure software raid' option will allow me to access the raid array read/write and if I can do so without losing data | 21:23 |
cluemann | Could anyone provide some input on that please? | 21:24 |
sdeziel | cluemann: IIRC, there should be no problem adopting your raid array and your dm-crypt setup | 21:27 |
cluemann | I was indeed able to activate my md_crypt container and the logical volumes are now available. | 21:32 |
cluemann | dm_crypt* | 21:32 |
RoyK | cluemann: it's usually auto-read-only until something tries to write to it | 21:38 |
cluemann | Oh okay thank you RoyK | 21:39 |
coreycb | ddellav, for heatclient I think you just need to swap 3.4 with PYTHON3S in d/rules override_dh_auto_test | 22:01 |
ddellav | coreycb ok i'll try that | 22:01 |
jrajav | I have vsftpd set up for logging in as a user and r/w files | 22:15 |
jrajav | Is there a way to point the anonymous login to that user for read only access? | 22:16 |
cluemann | My installation is done and all my data is intact, thanks for the input! :) | 22:16 |
hggdh | ogra_: there still? I have a question for you if you do not mind | 22:22 |
wimpog | PCI compliance is failing on a server running Ubuntu Linux 14.04.2, specifically for CVE-2015-3185 and CVE-2015-3183. How can I verify these vulnerabilities are present and resolve them? | 22:27 |
sdeziel | wimpog: according to http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3185.html, all you need to do is pull apache2 version 2.4.7-1ubuntu4.5 or higher | 22:28 |
wimpog | sdeziel: same thing for CVE-2015-3183? | 22:29 |
sdeziel | yes | 22:30 |
wimpog | Thank you! | 22:30 |
sdeziel | you are welcome | 22:30 |
wimpog | sdeziel: i just ran dpkg -l | grep apache | 22:30 |
wimpog | and I have 2.4.7-1ubuntu4.9 | 22:30 |
wimpog | or am I not checking it correctly? | 22:31 |
sdeziel | wimpog: maybe the PCI checking engine is not aware that Ubuntu backported the fix from 2.4.16 upstream to Trusty's 2.4.7 | 22:32 |
wimpog | sdeziel: is dpkg -l the right way to verify the version? | 22:33 |
sdeziel | wimpog: yes | 22:34 |
wimpog | Thank you again! There is nothing else I could do here, isn't it? | 22:35 |
wimpog | sdeziel: | 22:36 |
sdeziel | wimpog: the apache2 service is restarted on package upgrades so it shouldn't use a binary older than the one provided by 2.4.7-1ubuntu4.9. If you want to be absolutely sure you are running the patched version you can use this: for p in $(pgrep apache2); do ls -l /proc/$p/exe; done | grep deleted | 22:41 |
sdeziel | wimpog: if nothing is output you are all good (running the patched binary) | 22:41 |
wimpog | sdeziel: thank you for this script. I get no output | 22:42 |
sdeziel | wimpog: good. I have to go, have a good day|night | 22:43 |
wimpog | Have a good day | 22:43 |
{soma_coma} | Woke back up, how is everyone? | 23:00 |
=== LewisCawte is now known as Lcawte|Away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!