[02:48] <truexfan81> anyone about to successfully get phpmyadmin to work with nginx on 14.04 server?
[02:49] <truexfan81> for some reason the auto config program that runs during the package install doesn't have nginx as an option, and when you go with neither it doesn't seem to generate a config file for it
[02:50] <truexfan81> so without the config i'm unable to give it my ip address to gain access to it
[07:45] <Razva> I have two nics, both with static IPs. if I set an IP to the first nic, the settings get auto-applied on the second one. why?! using GNOME.
[07:49] <hateball> Razva: Do you mean that both NICs get the same IP?
[07:49] <hateball> or what are "the settings" in this case
[07:51] <Razva> hateball exactly, both nics get the same IP and I have no idea why.
[07:51] <Razva> if I set the LAN IP on the second one, the WAN will be changed. same with WAN -> LAN.
[07:52] <hateball> Razva: Weird. I don't run GNOME so I dunno why that might be
[07:52] <hateball> Razva: if you manipulate network-manager from a terminal, does it behave the same?
[07:52] <Razva> hateball yyyyyyyyup...
[07:53] <hateball> Razva: using nmcli, that is?
[07:55] <Razva> hateball I've just manually set the networking from cli and rebooted, let's see what's happening...
[08:16] <Razva> bah, didn't worked. reinstalling with Lubuntu. I need a browser on this specific server so...
[08:19] <hateball> Razva: network-manager is still the same, regardless what DE you use
[08:19] <hateball> Razva: and there'd be no need to reinstall, you could just apt-get install lubuntu-desktop
[09:18] <Razva> hateball I've done a netinstall and choose Lubuntu, it works like a charm
[11:01] <hateball> Razva: weird. must be a bug in gnomes network manager frontend then
[11:01] <hateball> Razva: I use KDE Plasma and I have no problems using multiple NICs at least
[11:22] <LostSoul> Hi guy
[11:22] <LostSoul> It might be stupid question but how change default users group?
[11:23] <LostSoul> Or make sure all user will be in group X as I use domain login with lib-nss
[11:27] <bekks> Add the default user group to group X.
[11:33] <Walex2> LostSoul: "default users group" is a bit ambiguous.
[11:34] <Walex2> LostSoul: on *login* a user has a primary group defined in '/etc/passwd' and a list of secondary groups, all those listing the user name in '/etc/group'. They are all "default" groups.
[11:34] <LostSoul> I see
[11:34] <LostSoul> I want all AD users to be in certain group
[11:34] <Walex2> LostSoul: as to "make sure all user will be in group X" that depends on your use account management scripts. That's an administrative decision.
[11:35] <LostSoul> Hmm
[11:35] <LostSoul> I want all users that are able to login via AD to be in certain group
[11:35] <Walex2> LostSoul: that may depends on whether 'libnss' allows you to do that.
[11:36] <LostSoul> Second question is if there is bug in lib-nss as when I add more than X groups in ldap.conf then it starts connecting and getting users
[11:38] <Walex2> LostSoul: https://help.ubuntu.com/community/LDAPClientAuthentication might help you
[11:38] <Walex2> LostSoul: "Assign local groups to users" section
[11:39] <LostSoul> Thanks Walex2
[11:40] <Walex2> LostSoul: also https://bugs.launchpad.net/ubuntu/+source/pam/+bug/297408
[11:44] <LostSoul> Hmm
[11:44] <LostSoul> But still, is it normal than after adding more than 6-8 groups in ldap.conf it stops working?
[11:45] <bekks> Sounds like a lot of groups.
[11:48] <LostSoul> Hmm
[11:53] <LostSoul> I've added those lines to /etc/security/group.conf and also added other stuff to pam but seems user is still not in group I wanted him to be ;/
[11:59] <jamespage> coreycb, ddellav: hey - I pushed a load of changes to the neutron package - generaly tidy up and bug fixes
[11:59] <jamespage> coreycb, also reverted the agent/server mixup
[11:59] <jamespage> coreycb, not sure whether that bug is really relevant any longer...
[12:13] <Walex2> LostSoul: traditionally UNIX/Linux systems had a limit of 16 groups, and now most implementations support 256. But with AD could be lower limits.
[12:17] <koolhead17> hello world
[12:23] <LostSoul> Walex2: It's not user
[12:24] <LostSoul> I want to add AD matching (so that certain users can login via ssh on server)
[12:24] <LostSoul> so when I add more than 6-8 groups in ldap.conf it stops showing users (getent passwd)
[12:28] <bekks> LostSoul: do you get a specific error?
[12:36] <LostSoul> Nope
[12:36] <LostSoul> No error at all
[12:36] <bekks> Then how do you determine "it is not working"?
[12:36] <LostSoul> When I add more than X group mapping getend doesn't return AD users
[12:36] <LostSoul> Also I can't login :)
[12:36] <bekks> So you get a login error?
[12:37] <LostSoul> Yes
[12:38] <bekks> So this is wrong?: "< LostSoul> No error at all"
[12:39] <LostSoul> I mean it doesn't get users from AD when I add more than X mappping in ldap.conf
[12:39] <LostSoul> So it's not error as user is not searched in AD
[12:40] <LostSoul> when I add X mapping in ldap.conf and typing getend passwd - I'm getting user list (including AD users)
[12:40] <LostSoul> When I add X +1, then getent passwd returns only local users
[12:40] <LostSoul> So I'm wondering if there is a limit
[12:43] <bekks> And did you configure logging for ldap already and investigate the logs? Or even used strace?
[12:46] <Walex2> LostSoul: there is then probably a limit, but it would be surprising it is on the Linux side.
[12:47] <Walex2> LostSoul: you can use 'ldapsearch' or 'shelldap' to query the MS-AS LDAP server to see what it returns.
[12:58] <LostSoul> Walex2: assign group works - thanks!
[12:58] <LostSoul> But still this search ..
[12:59] <coreycb> jamespage, thanks for fixing up neutron
[12:59] <jamespage> coreycb, np
[12:59] <jamespage> just testing the upgrade path is ok and I'll upload
[13:37] <^King> hey
[13:38] <^King> How to check if a package is installed?
[13:39] <lordievader> ^King: dpk -l
[13:39] <lordievader> dpkg*
[13:39] <hateball> apt-cache policy <package>
[13:39] <bekks> apt-cache policy will do that job too
[14:15] <Razva> why in the world does autopilot installs Landscape on a LAN IP?! aaargh
[14:15] <Razva> is there any way to "move" it to an external IP?
[14:21] <^King> Hey, is it possible to change a account name on a ubuntu server?
[14:21] <^King> Similar to changing passwords with passwd
[14:23] <LostSoul> Walex2: Still around?
[14:23] <LostSoul> I was wondering if there is way to set up same home dir to all ldap users
[14:23] <sdeziel> ^King: usermod --login foo bar # renames bar to foo
[14:23] <sdeziel> ^King: man 8 usermod for details
[14:25] <saket_> my juju is putting landscape to private IP
[14:25] <saket_> how can I access it remotely
[14:26] <^King> sdeziel: Will that also change the dir name?
[14:27] <^King> /home/newusername/
[14:27] <sdeziel> ^King: no but if you pass it --move-home it will
[14:27] <sdeziel> ^King: you might also want to rename the primary group as well (groupmod)
[14:28] <^King> Then I'll just recreate a new username then.
[14:28] <^King> Create a new user*
[14:29] <saket_> hi
[14:29] <saket_> can anyone help me on landscape and juju
[14:45] <saket_> @dweaver, do you have exprience on JUJU and MAAS
[14:49] <LostSoul> Remind me which rc is loaded after ssh login to server?
[14:50] <Razva> jamespage can uou please help my colleague saket? we'r struggling with this here :)
[15:01] <jamespage> coreycb, neutron uploaded
[15:04] <LostSoul> Is there way to force pam other module to set home for all user to certain folder?
[15:05] <coreycb> jamespage, awesome, thanks again for the cleanup!  apologies for the cruft.
[15:06] <jamespage> coreycb, np
[15:06] <jamespage> coreycb, apologies for sending your on a red-herring task with switching out plugins for neutron-server
[15:06] <jamespage> as there is only ml2 in tree now...
[15:06] <coreycb> jamespage, ok gotcha
[15:06] <jamespage> coreycb, I have of course now broken neutron-openvswitch and neutron-gateway charms...
[15:07] <jamespage> I/we
[15:07] <coreycb> jamespage, heh, well that happens
[15:07] <coreycb> got to play catch up
[15:10] <LostSoul> ? :)
[15:49] <dweaver> saket_, Yes I do
[15:50] <dweaver> saket_, do you need some help with something?
[15:53] <^King> I can't install tk8.6, only 5. Why is that so?
[15:53] <^King> Only tk8.5
[17:27] <Razva> back
[17:27] <Razva> ok soooo can please somebody tell me if/how can we access the Landscape LAN IP from...our public range?
[17:28] <Razva> because Juju/AutoPilot setup a private IP, which obviously cannot be accessed from outside
[17:35] <jamespage> ddellav, coreycb: lots of oslo.* releases today :-)
[17:35] <coreycb> jamespage, ack thanks.  we're working through the clients today.
[17:36] <jamespage> Razva, its assumed that you have some access to the network that landscape and the cloud are being deployed to
[17:43] <Razva> jamespage yup, obviously :D
[17:43] <Razva> but tunneling through a proxy via Putty is not a good long-term solution :D
[17:43] <jamespage> agreed
[17:46] <Razva> soooo any hints?
[17:55] <Razva> ?
[18:21] <hallyn> anyone have a >=80cpu system they could use to run the testcase in bug 1358835 to verify bug 1535494 ?
[18:22] <hallyn> else i'll just verify that it acts sanely in a smaller vm
[18:26] <ddellav> jamespage good thing im doing those today then heh
[18:27] <jamespage> ddellav, +100!
[18:35] <Razva> jamespage sorry for bugging you, but can you please point us into the right direction?
[18:43] <Razva> anyone...?
[18:46] <sarnold> Razva: port forwarding on your firwall perhaps?
[18:47] <Razva> from where to where...?
[18:50] <sarnold> from whatever your public range is to whatever your private range is? :)
[18:50] <Razva> note: I'm using leased servers
[18:50] <Razva> aaaand I don't currently own a switch/router/firewall
[18:55] <sarnold> Razva: ah. then your hosting provider can probably lease you IP addresses too? I dunno how that bit works out..
[18:55] <teward> Razva: you need to talk to the hosting provider then to get guidance on how to forward ports on the infrastructure
[18:55] <teward> as well as IPs, etc.
[18:56] <jamespage> Razva, sorry - you caught me just as I had to head out for a bit
[18:57] <jamespage> Razva, can you explain how your servers are networked a bit (this may be a bit async as have to duck out again in a few minutes)
[18:58] <teward> jamespage: he may not know...
[18:58] <teward> [2016-02-22 13:50:27] <Razva> note: I'm using leased servers
[18:58] <teward> [2016-02-22 13:50:40] <Razva> aaaand I don't currently own a switch/router/firewall
[18:59] <jamespage> might be tricky to figure this out then...
[18:59] <teward> ^ that's why I suggested they reach out to the ones they lease from for some guidance on forwarding ports, etc. that way
[18:59] <teward> (it may be something that has to be done by the provider)
[18:59] <teward> (though that'd be highly irregular)
[19:23] <Razva> jamespage I have my own IP class + my own VLAN
[19:24] <Razva> each server has one nic connected to the public IP class + another nic connected to the vlan
[19:24] <Razva> at this point it seems that Landscape is installed into a LXE container on one of the machines (not on the maas machine), which I suppose it's ok
[19:25] <Razva> but now the problem is that...there's no real way to access Landscape from "outside", except doing a proxy/tunnel
[19:31] <Razva> aaaand problem #2
[19:32] <Razva> seems that Autopilot doesn't "wants" to setup a 5 node OpenStack cluster. everything is "green" but Cinder fails to deploy. saket_ is digging in the logs but he cannot find anything relevant. any hints?
[20:20] <Razva> [ERROR] Failed to upload leases: 'str' object has no attribute 'mac'
[20:20] <Razva> oh I really love this.
[20:20] <Razva> no documentation in this kind of issues, and minimal logs.
[21:00] <coreycb> ddellav, I dropped python-doc8 from ironicclient as it's not needed for package builds
[21:01] <ddellav> coreycb ack
[21:12] <coreycb> zul, jamespage, can you subscribe a team to python-requestsexceptions?
[21:22] <cluemann> Hello. I'm currently in the process of installing ubuntu server (15.10) on a machine that was a gentoo machine up until now. The machine has a raid6(dm_crypt(lvm)) disk layout. I'm not familiar with configuring raid/dm_crypt/lvm in the ubuntu installer and I'm afraid to play around because I can't afford to lose data on the disk.
[21:23] <cluemann> I'm in manual disk setup, and it recognizes the raid6 array but marks it as 'auto-read-only'. I'm unsure if using the 'Configure software raid' option will allow me to access the raid array read/write and if I can do so without losing data
[21:24] <cluemann> Could anyone provide some input on that please?
[21:27] <sdeziel> cluemann: IIRC, there should be no problem adopting your raid array and your dm-crypt setup
[21:32] <cluemann> I was indeed able to activate my md_crypt container and the logical volumes are now available.
[21:32] <cluemann> dm_crypt*
[21:38] <RoyK> cluemann: it's usually auto-read-only until something tries to write to it
[21:39] <cluemann> Oh okay thank you RoyK
[22:01] <coreycb> ddellav, for heatclient I think you just need to swap 3.4 with PYTHON3S in d/rules override_dh_auto_test
[22:01] <ddellav> coreycb ok i'll try that
[22:15] <jrajav> I have vsftpd set up for logging in as a user and r/w files
[22:16] <jrajav> Is there a way to point the anonymous login to that user for read only access?
[22:16] <cluemann> My installation is done and all my data is intact, thanks for the input! :)
[22:22] <hggdh> ogra_: there still? I have a question for you if you do not mind
[22:27] <wimpog> PCI compliance is failing on a server running Ubuntu Linux 14.04.2, specifically for CVE-2015-3185 and CVE-2015-3183. How can I verify these vulnerabilities are present and resolve them?
[22:28] <sdeziel> wimpog: according to http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3185.html, all you need to do is pull apache2 version 2.4.7-1ubuntu4.5 or higher
[22:29] <wimpog> sdeziel: same thing for CVE-2015-3183?
[22:30] <sdeziel> yes
[22:30] <wimpog> Thank you!
[22:30] <sdeziel> you are welcome
[22:30] <wimpog> sdeziel: i just ran dpkg -l  | grep apache
[22:30] <wimpog> and I have 2.4.7-1ubuntu4.9
[22:31] <wimpog> or am I not checking it correctly?
[22:32] <sdeziel> wimpog: maybe the PCI checking engine is not aware that Ubuntu backported the fix from 2.4.16 upstream to Trusty's 2.4.7
[22:33] <wimpog> sdeziel: is dpkg -l the right way to verify the version?
[22:34] <sdeziel> wimpog: yes
[22:35] <wimpog> Thank you again! There is nothing else I could do here, isn't it?
[22:36] <wimpog> sdeziel:
[22:41] <sdeziel> wimpog: the apache2 service is restarted on package upgrades so it shouldn't use a binary older than the one provided by 2.4.7-1ubuntu4.9. If you want to be absolutely sure you are running the patched version you can use this: for p in $(pgrep apache2); do ls -l /proc/$p/exe; done | grep deleted
[22:41] <sdeziel> wimpog: if nothing is output you are all good (running the patched binary)
[22:42] <wimpog> sdeziel: thank you for this script. I get no output
[22:43] <sdeziel> wimpog: good. I have to go, have a good day|night
[22:43] <wimpog> Have a good day
[23:00] <{soma_coma}> Woke back up, how is everyone?