/srv/irclogs.ubuntu.com/2016/02/22/#ubuntu-server.txt

truexfan81anyone about to successfully get phpmyadmin to work with nginx on 14.04 server?02:48
truexfan81for some reason the auto config program that runs during the package install doesn't have nginx as an option, and when you go with neither it doesn't seem to generate a config file for it02:49
truexfan81so without the config i'm unable to give it my ip address to gain access to it02:50
RazvaI have two nics, both with static IPs. if I set an IP to the first nic, the settings get auto-applied on the second one. why?! using GNOME.07:45
hateballRazva: Do you mean that both NICs get the same IP?07:49
hateballor what are "the settings" in this case07:49
Razvahateball exactly, both nics get the same IP and I have no idea why.07:51
Razvaif I set the LAN IP on the second one, the WAN will be changed. same with WAN -> LAN.07:51
hateballRazva: Weird. I don't run GNOME so I dunno why that might be07:52
hateballRazva: if you manipulate network-manager from a terminal, does it behave the same?07:52
Razvahateball yyyyyyyyup...07:52
hateballRazva: using nmcli, that is?07:53
Razvahateball I've just manually set the networking from cli and rebooted, let's see what's happening...07:55
Razvabah, didn't worked. reinstalling with Lubuntu. I need a browser on this specific server so...08:16
hateballRazva: network-manager is still the same, regardless what DE you use08:19
hateballRazva: and there'd be no need to reinstall, you could just apt-get install lubuntu-desktop08:19
Razvahateball I've done a netinstall and choose Lubuntu, it works like a charm09:18
hateballRazva: weird. must be a bug in gnomes network manager frontend then11:01
hateballRazva: I use KDE Plasma and I have no problems using multiple NICs at least11:01
LostSoulHi guy11:22
LostSoulIt might be stupid question but how change default users group?11:22
LostSoulOr make sure all user will be in group X as I use domain login with lib-nss11:23
bekksAdd the default user group to group X.11:27
Walex2LostSoul: "default users group" is a bit ambiguous.11:33
Walex2LostSoul: on *login* a user has a primary group defined in '/etc/passwd' and a list of secondary groups, all those listing the user name in '/etc/group'. They are all "default" groups.11:34
LostSoulI see11:34
LostSoulI want all AD users to be in certain group11:34
Walex2LostSoul: as to "make sure all user will be in group X" that depends on your use account management scripts. That's an administrative decision.11:34
LostSoulHmm11:35
LostSoulI want all users that are able to login via AD to be in certain group11:35
Walex2LostSoul: that may depends on whether 'libnss' allows you to do that.11:35
LostSoulSecond question is if there is bug in lib-nss as when I add more than X groups in ldap.conf then it starts connecting and getting users11:36
Walex2LostSoul: https://help.ubuntu.com/community/LDAPClientAuthentication might help you11:38
Walex2LostSoul: "Assign local groups to users" section11:38
LostSoulThanks Walex211:39
Walex2LostSoul: also https://bugs.launchpad.net/ubuntu/+source/pam/+bug/29740811:40
ubottuLaunchpad bug 297408 in pam (Ubuntu) "pam_group does not support NSS groups" [Undecided,Fix released]11:40
LostSoulHmm11:44
LostSoulBut still, is it normal than after adding more than 6-8 groups in ldap.conf it stops working?11:44
bekksSounds like a lot of groups.11:45
LostSoulHmm11:48
LostSoulI've added those lines to /etc/security/group.conf and also added other stuff to pam but seems user is still not in group I wanted him to be ;/11:53
jamespagecoreycb, ddellav: hey - I pushed a load of changes to the neutron package - generaly tidy up and bug fixes11:59
jamespagecoreycb, also reverted the agent/server mixup11:59
jamespagecoreycb, not sure whether that bug is really relevant any longer...11:59
Walex2LostSoul: traditionally UNIX/Linux systems had a limit of 16 groups, and now most implementations support 256. But with AD could be lower limits.12:13
koolhead17hello world12:17
LostSoulWalex2: It's not user12:23
LostSoulI want to add AD matching (so that certain users can login via ssh on server)12:24
LostSoulso when I add more than 6-8 groups in ldap.conf it stops showing users (getent passwd)12:24
bekksLostSoul: do you get a specific error?12:28
LostSoulNope12:36
LostSoulNo error at all12:36
bekksThen how do you determine "it is not working"?12:36
LostSoulWhen I add more than X group mapping getend doesn't return AD users12:36
LostSoulAlso I can't login :)12:36
bekksSo you get a login error?12:36
LostSoulYes12:37
bekksSo this is wrong?: "< LostSoul> No error at all"12:38
LostSoulI mean it doesn't get users from AD when I add more than X mappping in ldap.conf12:39
LostSoulSo it's not error as user is not searched in AD12:39
LostSoulwhen I add X mapping in ldap.conf and typing getend passwd - I'm getting user list (including AD users)12:40
LostSoulWhen I add X +1, then getent passwd returns only local users12:40
LostSoulSo I'm wondering if there is a limit12:40
bekksAnd did you configure logging for ldap already and investigate the logs? Or even used strace?12:43
Walex2LostSoul: there is then probably a limit, but it would be surprising it is on the Linux side.12:46
Walex2LostSoul: you can use 'ldapsearch' or 'shelldap' to query the MS-AS LDAP server to see what it returns.12:47
LostSoulWalex2: assign group works - thanks!12:58
LostSoulBut still this search ..12:58
coreycbjamespage, thanks for fixing up neutron12:59
jamespagecoreycb, np12:59
jamespagejust testing the upgrade path is ok and I'll upload12:59
^Kinghey13:37
^KingHow to check if a package is installed?13:38
lordievader^King: dpk -l13:39
lordievaderdpkg*13:39
hateballapt-cache policy <package>13:39
bekksapt-cache policy will do that job too13:39
Razvawhy in the world does autopilot installs Landscape on a LAN IP?! aaargh14:15
Razvais there any way to "move" it to an external IP?14:15
^KingHey, is it possible to change a account name on a ubuntu server?14:21
^KingSimilar to changing passwords with passwd14:21
LostSoulWalex2: Still around?14:23
LostSoulI was wondering if there is way to set up same home dir to all ldap users14:23
sdeziel^King: usermod --login foo bar # renames bar to foo14:23
sdeziel^King: man 8 usermod for details14:23
saket_my juju is putting landscape to private IP14:25
saket_how can I access it remotely14:25
^Kingsdeziel: Will that also change the dir name?14:26
^King/home/newusername/14:27
sdeziel^King: no but if you pass it --move-home it will14:27
sdeziel^King: you might also want to rename the primary group as well (groupmod)14:27
^KingThen I'll just recreate a new username then.14:28
^KingCreate a new user*14:28
saket_hi14:29
saket_can anyone help me on landscape and juju14:29
saket_@dweaver, do you have exprience on JUJU and MAAS14:45
LostSoulRemind me which rc is loaded after ssh login to server?14:49
Razvajamespage can uou please help my colleague saket? we'r struggling with this here :)14:50
jamespagecoreycb, neutron uploaded15:01
LostSoulIs there way to force pam other module to set home for all user to certain folder?15:04
coreycbjamespage, awesome, thanks again for the cleanup!  apologies for the cruft.15:05
jamespagecoreycb, np15:06
jamespagecoreycb, apologies for sending your on a red-herring task with switching out plugins for neutron-server15:06
jamespageas there is only ml2 in tree now...15:06
coreycbjamespage, ok gotcha15:06
jamespagecoreycb, I have of course now broken neutron-openvswitch and neutron-gateway charms...15:06
jamespageI/we15:07
coreycbjamespage, heh, well that happens15:07
coreycbgot to play catch up15:07
LostSoul? :)15:10
dweaversaket_, Yes I do15:49
dweaversaket_, do you need some help with something?15:50
^KingI can't install tk8.6, only 5. Why is that so?15:53
^KingOnly tk8.515:53
=== Guest59764 is now known as karstensrage
Razvaback17:27
Razvaok soooo can please somebody tell me if/how can we access the Landscape LAN IP from...our public range?17:27
Razvabecause Juju/AutoPilot setup a private IP, which obviously cannot be accessed from outside17:28
jamespageddellav, coreycb: lots of oslo.* releases today :-)17:35
coreycbjamespage, ack thanks.  we're working through the clients today.17:35
jamespageRazva, its assumed that you have some access to the network that landscape and the cloud are being deployed to17:36
Razvajamespage yup, obviously :D17:43
Razvabut tunneling through a proxy via Putty is not a good long-term solution :D17:43
jamespageagreed17:43
Razvasoooo any hints?17:46
Razva?17:55
hallynanyone have a >=80cpu system they could use to run the testcase in bug 1358835 to verify bug 1535494 ?18:21
ubottubug 1358835 in numactl (Ubuntu Vivid) "numa_node_of_cpu() returns warning when cpu_index > 79" [High,Fix released] https://launchpad.net/bugs/135883518:21
ubottubug 1535494 in numactl (Ubuntu Wily) "Fix numa_node_to_cpus patch" [Undecided,Fix committed] https://launchpad.net/bugs/153549418:21
hallynelse i'll just verify that it acts sanely in a smaller vm18:22
ddellavjamespage good thing im doing those today then heh18:26
jamespageddellav, +100!18:27
Razvajamespage sorry for bugging you, but can you please point us into the right direction?18:35
Razvaanyone...?18:43
sarnoldRazva: port forwarding on your firwall perhaps?18:46
Razvafrom where to where...?18:47
sarnoldfrom whatever your public range is to whatever your private range is? :)18:50
Razvanote: I'm using leased servers18:50
Razvaaaaand I don't currently own a switch/router/firewall18:50
sarnoldRazva: ah. then your hosting provider can probably lease you IP addresses too? I dunno how that bit works out..18:55
tewardRazva: you need to talk to the hosting provider then to get guidance on how to forward ports on the infrastructure18:55
tewardas well as IPs, etc.18:55
jamespageRazva, sorry - you caught me just as I had to head out for a bit18:56
jamespageRazva, can you explain how your servers are networked a bit (this may be a bit async as have to duck out again in a few minutes)18:57
tewardjamespage: he may not know...18:58
teward[2016-02-22 13:50:27] <Razva> note: I'm using leased servers18:58
teward[2016-02-22 13:50:40] <Razva> aaaand I don't currently own a switch/router/firewall18:58
jamespagemight be tricky to figure this out then...18:59
teward^ that's why I suggested they reach out to the ones they lease from for some guidance on forwarding ports, etc. that way18:59
teward(it may be something that has to be done by the provider)18:59
teward(though that'd be highly irregular)18:59
Razvajamespage I have my own IP class + my own VLAN19:23
Razvaeach server has one nic connected to the public IP class + another nic connected to the vlan19:24
Razvaat this point it seems that Landscape is installed into a LXE container on one of the machines (not on the maas machine), which I suppose it's ok19:24
Razvabut now the problem is that...there's no real way to access Landscape from "outside", except doing a proxy/tunnel19:25
Razvaaaaand problem #219:31
Razvaseems that Autopilot doesn't "wants" to setup a 5 node OpenStack cluster. everything is "green" but Cinder fails to deploy. saket_ is digging in the logs but he cannot find anything relevant. any hints?19:32
=== alexisb is now known as alexisb-afk
=== AndyTechGuy is now known as _atg
Razva[ERROR] Failed to upload leases: 'str' object has no attribute 'mac'20:20
Razvaoh I really love this.20:20
Razvano documentation in this kind of issues, and minimal logs.20:20
=== uaa is now known as Guest61494
=== Guest61494 is now known as damascene
=== _atg is now known as AndyTechGuy
coreycbddellav, I dropped python-doc8 from ironicclient as it's not needed for package builds21:00
ddellavcoreycb ack21:01
=== damascene is now known as ahmed_sabir
=== ahmed_sabir is now known as damascene
coreycbzul, jamespage, can you subscribe a team to python-requestsexceptions?21:12
=== alexisb-afk is now known as alexisb
cluemannHello. I'm currently in the process of installing ubuntu server (15.10) on a machine that was a gentoo machine up until now. The machine has a raid6(dm_crypt(lvm)) disk layout. I'm not familiar with configuring raid/dm_crypt/lvm in the ubuntu installer and I'm afraid to play around because I can't afford to lose data on the disk.21:22
cluemannI'm in manual disk setup, and it recognizes the raid6 array but marks it as 'auto-read-only'. I'm unsure if using the 'Configure software raid' option will allow me to access the raid array read/write and if I can do so without losing data21:23
cluemannCould anyone provide some input on that please?21:24
sdezielcluemann: IIRC, there should be no problem adopting your raid array and your dm-crypt setup21:27
cluemannI was indeed able to activate my md_crypt container and the logical volumes are now available.21:32
cluemanndm_crypt*21:32
RoyKcluemann: it's usually auto-read-only until something tries to write to it21:38
cluemannOh okay thank you RoyK21:39
coreycbddellav, for heatclient I think you just need to swap 3.4 with PYTHON3S in d/rules override_dh_auto_test22:01
ddellavcoreycb ok i'll try that22:01
jrajavI have vsftpd set up for logging in as a user and r/w files22:15
jrajavIs there a way to point the anonymous login to that user for read only access?22:16
cluemannMy installation is done and all my data is intact, thanks for the input! :)22:16
hggdhogra_: there still? I have a question for you if you do not mind22:22
wimpogPCI compliance is failing on a server running Ubuntu Linux 14.04.2, specifically for CVE-2015-3185 and CVE-2015-3183. How can I verify these vulnerabilities are present and resolve them?22:27
sdezielwimpog: according to http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3185.html, all you need to do is pull apache2 version 2.4.7-1ubuntu4.5 or higher22:28
wimpogsdeziel: same thing for CVE-2015-3183?22:29
sdezielyes22:30
wimpogThank you!22:30
sdezielyou are welcome22:30
wimpogsdeziel: i just ran dpkg -l  | grep apache22:30
wimpogand I have 2.4.7-1ubuntu4.922:30
wimpogor am I not checking it correctly?22:31
sdezielwimpog: maybe the PCI checking engine is not aware that Ubuntu backported the fix from 2.4.16 upstream to Trusty's 2.4.722:32
wimpogsdeziel: is dpkg -l the right way to verify the version?22:33
sdezielwimpog: yes22:34
wimpogThank you again! There is nothing else I could do here, isn't it?22:35
wimpogsdeziel:22:36
sdezielwimpog: the apache2 service is restarted on package upgrades so it shouldn't use a binary older than the one provided by 2.4.7-1ubuntu4.9. If you want to be absolutely sure you are running the patched version you can use this: for p in $(pgrep apache2); do ls -l /proc/$p/exe; done | grep deleted22:41
sdezielwimpog: if nothing is output you are all good (running the patched binary)22:41
wimpogsdeziel: thank you for this script. I get no output22:42
sdezielwimpog: good. I have to go, have a good day|night22:43
wimpogHave a good day22:43
{soma_coma}Woke back up, how is everyone?23:00
=== LewisCawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!