/srv/irclogs.ubuntu.com/2016/02/23/#ubuntu-server.txt

=== DynaMc_ is now known as DynaMc
=== ^King is now known as dafuq
=== dafuq is now known as ^King
LostSoulHi07:17
LostSoulI've met strange problem with apache207:17
LostSoulSuddenly it stopped delivery content and when I tried to restart it, stop it - it was hanging07:17
LostSoulNow I kill process of it and it doesn't want to start07:18
LostSoulnvm08:08
LostSoulDNS went down08:08
lordievaderGood morning.09:14
LostSoulHi10:03
LostSoulAny idea how to map in ldap.conf home folders on one specific for all accounts??10:04
LostSoulIs there way to set nss_map_attribute homeDirectory to custom value?10:13
tuorHi I was in #Ubuntu and it's a server problem, so I come here. (Problem description coming.)10:55
tuor[Ubuntu 14.04 64bit] I use libvirt for running kvm VMs. I have installed a VM like this: https://paste.ubuntu.com/15178446/10:56
tuorThe volume has a read/write problem (syslog): https://paste.ubuntu.com/15178842/10:59
tuorlvs and lvdisplay: https://paste.ubuntu.com/15178852/11:00
tuorWhat could be the problem? I don't realy get it. Is it me doing something wrong Is it libvirt? Or what else?11:01
tuorlibvirt version: 1.2.211:03
lordievadertuor: Where do you see io errors in your syslog?11:05
tuorlordievader, ah new lines have been written to the syslog. I'll paste the right lines in a sec.11:06
tuorright lines: https://paste.ubuntu.com/15178904/11:08
Zulu_TooDoes anyone have any comments on the security of .htaccess with Apache2  ?   Are there any security issues?11:09
lordievadertuor: The disks are fine?11:11
tuorHow to check? (I think yes, I had this problem with debian 7 on a different hardware and then I just created all the logical volumes by hand all the time.)11:13
lordievadertuor: Check the smart values for a start.11:14
tuorlordievader, ok.11:14
tuorlordievader, smart values: https://paste.ubuntu.com/15178990/11:21
lordievaderDisks seem healthy.11:25
lordievaderI'd turn of the vm's, then using kpartx make the vm's partitions available on the host and check them with fdisk.11:26
tuorlordievader, ok.11:27
MrDoctorHello. I am running a tomcat server, and I have some code in it to use a socket in localhost:4444.11:31
MrDoctorI have a separate java process that uses the said port. This is how I have implemented IPC between the tomcat server and the java process.11:32
MrDoctorIt works fine on my local desktop, but on deployment, things don't work anymore.11:32
lordievaderFirewall?11:32
MrDoctorI can telnet to the java process to write something to the socket.11:32
MrDoctorBut tomcat cannot do it.11:32
MrDoctorIn the server I mean.11:33
MrDoctorSo, that rules out the possibility of it being a firewall issue.11:33
MrDoctorIt could have something to do with groups or maybe apparmour.11:33
MrDoctorBut I don't know how to resolve it.11:33
lordievaderIt can still be the firewall...11:33
MrDoctorI can open the port.11:34
MrDoctorIt does not give an error.11:34
MrDoctorIt's only that tomcat cannot write anything to the port.11:34
lordievaderFor example, tomcat might connect over ipv6 while telnet might connect over ipv4.11:34
hateballiirc java processes prioritize ipv6 unless told otherwise11:35
lordievaderI'd start tcpdumping, if I were you.11:35
MrDoctorOkay.11:35
tuorlordievader, I wasn't able to installe the OS in the VM. I stoped the VM now and kpartx -l /dev/vg01_srvab00/rt00-1 don't gives any ouput.11:38
tuorWhen I tried to install the VM in the past, the VM crashed when it tried to write something on the LV.11:38
bekksWhy would kpartx -l on a LV should give any usable output?11:39
lordievadertuor: Right, so there are no partitions on the volume. I guess you could run badblocks (read the man page) over it.11:39
tuorIsn't this strange (ll /dev/mapper): https://paste.ubuntu.com/15179122/11:40
tuorlordievader, ok i'll try.11:40
lordievaderbekks: If you use lv's as disks for vm's they put a partition table on it.11:40
tuorlordievader, is it normal to have multiple mapping for a single LV? (my last link) And what are this different mappings?11:42
lordievaderI'm not sure how you've set up your lvm. I haven't seen it before. But my lvm setups are usually quite simple.11:43
tuorIt's libvirt which did the LV. My LVM setup is done by the ubuntu installer. Then I Installed kvm,libvirtd and let libvirt create a LV.11:50
tuorbadblock is running.11:52
tuorafk for a while (have to eat something).11:55
MrDoctorI'm trying to force java to use ipv4 using -Djava.net.preferIPv4Stack=true, but it ain't working.12:02
tuorlordievader, all blocks ar bad. But I don't think that it's the disk. The system runs fine (on the same disk). If I create a logical volume with lvcreate there are no badblocks.12:14
lordievaderThere wasn't any data on it was there?12:16
lordievaderYou could just remove it and create a new one and pass that one to the vm.12:16
tuorI just deleted it. Now did a new one and running badblock on it.12:18
RoyKtuor: if you have bad sectors on a disk, then remove that disk from the system unless it's in a raid6 or something that can handle some errors12:18
tuorThe disk is fine. It's raid 1.12:18
bekksIf you have badblocks, the disk isnt fine, most likely.12:19
RoyKtuor: what does smartctl -H have to say? or smartctl -t short or -t long?12:20
tuorWhen I try to write on the LV badblocks lists all blocks as "bad blocks". Now I deleted the LV and created it by hand again (lvcreate -n rt00-1 -L20G vg01_srvab00). Now I'm running badblock again and no badblocks so far.12:20
RoyKtuor: try smartctl12:21
RoyKpositive badblock count == bad drive12:21
tuorRoyK, smartctl says all is ok.12:21
lordievaderRoyK: Scroll up, he posted output of smartctl before.12:22
RoyKlordievader: ah12:22
tuorto sumarize: When I create a logical volume by hand, all works fine. When I let libvirt create the logical volume I have read/write problems.12:23
RoyKweird12:23
tuor(I did not test if only write or read & write)12:23
RoyKthen do that12:24
RoyKlvcreate, mkfs -t somefs, mount it, fill it with lots of identical files, check those file's checksums (sha256sum for instance) and compare with the original12:25
tuorRoyK, ok I'll do it.12:25
MrDoctorlordievader, I it is not working over ipv4 either.12:28
lordievaderMrDoctor: What is not working over ipv4?12:28
MrDoctorThe tomcat and java process IPC over socket thing.12:29
lordievaderMrDoctor: So what did you find out?12:29
lordievaderYou investigated it right?12:29
MrDoctorI found out that I was previously using a tcp6 socket, changed it to tcp.12:29
MrDoctorAfter that it ain't working either.12:29
lordievaderMrDoctor: Is your daemon listening to the port?12:30
MrDoctorYes lordievader. I can communicate with it through telnet fine.12:30
lordievaderMrDoctor: Do you see tomcat connecting to it with tcpdump?12:31
MrDoctorThe server is running live lordievader. The tcpdump logs grow in the rate of a thousand lines per second.12:31
MrDoctorI cannot find anything there.12:31
lordievadertcpdump logs? The output you mean? If so, use a better filter.12:32
MrDoctorI have the daemon print out accepted client connection once something connects to it.12:32
MrDoctorSo, the daemon is printing that line.12:32
lordievaderI.e.: tcpdump -i any 'host 127.0.0.1 && tcp && port 4444'12:32
lordievaderRun that and see what is actually going on.12:33
MrDoctorOkay12:33
tuorRoyK, all checksums do match.12:33
RoyKand nothing in dmesg?12:33
Razvahi folks! in MAAS, if I go to Subnets, I see two fabrics: one for WAN and one for LAN (which I suppose it's ok). BUT when I go to Nodes and choose Subnets (from the left sidebar) I can see only the LAN IPs. isn't this wrong?12:35
tuorRoyK, no.12:38
RoyKgoodie12:39
RoyKthen possibly libvirt is messing up12:39
MrDoctorlordievader, here are the logs https://gist.github.com/anonymous/62edd9a5afde70339e1412:39
lordievadertuor: I'd make the lv yourself and pass it to kvm, rather than letting libvirt make it.12:40
MrDoctorThe daemon and tomcat connection happens, but after that tomcat cannot write anything to the socket.12:40
tuorBut now I tried with a little bit different virt-install command and it doesn't work again (I replaced path=… with pool=default). dmesg (after now trying with libvirt again): https://paste.ubuntu.com/15179575/12:40
RoyKtorak_: and perhaps file a bug on this12:40
lordievaderMrDoctor: Seems fine if you ask me.12:41
lordievaderMrDoctor: At least the tcp connection is set up.12:42
MrDoctorWhat I do is send some json from the tomcat server to the daemon for processing, but the daemon is not receiving any such json.12:42
MrDoctorIf I send arbitrary strings using telnet, the daemon receives them.12:42
tuorlordievader, trying right now.12:43
Razvalordievader: any hints regarding my "issue"?12:43
WalexMrDoctor: that's not very technical talk :-)12:43
lordievaderMrDoctor: I have no experience with tomcat (I try to stay away from Java), so I don't know what or how tomcat is trying to send things.12:43
WalexMrDoctor: "send some json from the tomcat server" is a bit vague12:43
tuorRoyK, how would you google it (to know if other people had this befor).12:43
MrDoctorAnd everything works fine in my local machine and our test ubuntu 14.04 server. The main server has ubuntu 15.04 in it.12:43
lordievaderRazva: I have no knowledge of MAAS, sorry.12:43
RoyKtuor: not sure12:44
RazvaOpenStack / Ubuntu Cloud?12:44
Razvabecause it's weird, my cluster has...only LAN everywhere.12:44
MrDoctorSorry about that Walex.12:44
MrDoctorBut I have no more better way to put it, trying my best from my side.12:44
MrDoctorlordievader, there is something else save for a firewall issue which is preventing tomcat from writing to the socket.12:45
MrDoctorSomeone suggested it could be apparmour.12:45
lordievaderCould be, check your logs.12:46
MrDoctorapparmour logs?12:46
lordievaderNot really sure where they go, I think syslog.12:46
tuorlordievader, works so far now.12:47
lordievadertuor: \o/12:47
torak_RoyK: ?12:48
tuorBut wtf is libvirt doing or what is wrongly configured?12:48
torak_RoyK: wrong tag i think. :P12:48
lordievadertuor: Good question.12:48
tuorMaybe #virt on from oftc can tell me^^12:49
tuorI could write on the disk know. My VM is installed (pfSense).12:50
MrDoctorNothing from apparmour it looks like.12:56
MrDoctorCould it have something with users/groups?12:56
lordievaderPerhaps it is some Tomcat config?12:57
MrDoctorIt works fine on other environments.12:58
LostSoulHi13:27
LostSoulIs there way to set nss_map_attribute homeDirectory to custom value in ldap.conf?13:27
LostSoulOr any other way to set custom home dir for all users?13:27
tuorI found the problem: http://comments.gmane.org/gmane.comp.emulators.libvirt.user/455513:34
tuorfinaly!! :)13:34
tuorlordievader, RoyK, libvirt does mess up with creating logical volume it assumes that you want to grow your logical volume over time. virt-install don't has an option to tell how much of the final max size should be allocated in the beginning and libvirt just allocates the minimum (4mb). If you set the option to not use this grow feature it allocates the right size directly and all works fine.13:43
miccheckCan anyone please help? I am trying to backup certain folders via rsync from an ubuntu vps to a backup folder on my mac. Neither the mac or the vps accounts are root, and I have root login access turned off on the vps. I ssh into it using an ssh config that I setup on my mac, and I'm trying to use ssh with rsync to perform the backuip, but I keep getting permission errors, not all files transferred, and so on.14:29
miccheckCan anyone please tell me the best way to do this, and whether or not I should continue to have root access disabled? I've read multiple things on both topics and I'm still not sure the right way to do this, etc.14:29
Walexmiccheck: it all depends on who owns the files on the VPS14:48
Walexmiccheck: if it is your non-root account, it should be fine. But if the VPS contains files not owned by your non-root account, and they don't have wide permissions, they won't be read.14:49
Walexmiccheck: BTW this is about elementary UNIX/Linux knowledge, perhaps you would like to read an introduction to how permissions and ownership work in Ubuntu/Linux/UNIX.14:50
miccheckyeah, i'm trying to back up directories and files not owned by root on the vps, which causes the issue14:52
miccheckis there another IRC channel that you'd recommend for these types of questions?14:52
miccheckI'm pretty new to this stuff14:52
Walexmiccheck: well, #LinuxHelp, but it is better if you read a bit of background intro...14:53
Walexhttps://help.ubuntu.com/community/FilePermissions14:53
Walexhttp://askubuntu.com/questions/150028/you-are-not-the-owner-message-when-trying-to-access-folder14:54
miccheckOk, thank you very much for your help. It's also the ssh and rsync stuff that's confusing me. I'll start with your links and go from there. Thanks again!14:55
coreycbzul, can you upload this to xenial? https://git.launchpad.net/~corey.bryant/ubuntu/+source/python-requestsexceptions15:34
coreycbzul, also can you add a team bug subscriber?15:34
roaksoaxwin 1115:34
coreycbjamespage, mind uploading that ^ .  we need it for an MIR.15:42
RoyKroaksoax: I don't think that's out yet ;)15:43
roaksoaxRoyK: :) lol15:48
=== ws2k3_ is now known as ws2k3
coreycbjamespage, zul: can you also upload this to xenial? https://git.launchpad.net/~corey.bryant/ubuntu/+source/python-yaql16:52
coreycbddellav, once that gets uploaded ^ and you get keystoneclient done, muranoclient should be unblocked16:55
coreycbddellav, I uploaded a new tempest-lib16:55
jamespagecoreycb, ok - lemme finish calls and I'll look17:06
jamespagecoreycb, still detest the fact that orig.tar.xz is not re-producable across the team...17:14
jamespage:(]#17:14
coreycbjamespage, yeah.  I guess I haven't experienced the pain yet.17:15
jamespagecoreycb, working those now btw17:15
jamespagecoreycb, I'm having problems with neutron->nova external events in mitaka-staging17:15
jamespagegoing to try with xenial and see if that helps...17:15
coreycbjamespage, ok17:16
jamespagecoreycb, python-requestsexceptions - still no unit tests?17:17
jamespageis that right?17:17
coreycbjamespage, that's right, there aren't actually any unit test in the code17:17
jamespagecoreycb, to illustrate the problem with everyone generating their own tarball - you won't be able to straight sync requestsexceptions from debian when it gets uploaded17:18
jamespageas the orig.tar.xz will be different17:18
coreycbjamespage, ok.  I've still not hit that on a sync but I'm sure I will at some point.17:20
coreycbjamespage, not sure what to do other than carry a delta on every package, or convince zigo to use pristine-tars.17:21
* jamespage chrugs17:21
jamespageshrugs rather17:21
jamespagecoreycb, ok both uploaded - when is your core-dev interview?17:21
coreycbjamespage, monday!  we have more waiting on upload but I'll just poke you guys for stuff that's blocking us for now.  assuming I can upload stuff early next week.17:23
jamespagecoreycb, fingers crossed17:23
coreycbyeah17:23
jamespagecoreycb, ddellav: one of the bugs referred to in the barbican mir was already fixed - I just referenced the wrong bug in my changelog17:24
coreycbjamespage, thanks, one less thing to worry about17:25
ddellavjamespage thanks for the heads up17:26
=== jgrimm is now known as jgrimm-afk
axisysI replaced a bad disk on sun fire x2250, but the kernel is not seeing the new disk.. where should I look for issue?18:00
axisysI am on 12.04 lts18:01
patdk-wkdid you reboot?18:14
axisyspatdk-wk: no.. but I found force scanning worked18:23
axisyspatdk-wk: peerce from #solaris suggested that18:23
axisyspatdk-wk: wish the kernel would scan itself18:23
patdk-wkya, many different ways to do that18:23
patdk-wkit depends on the driver/interface18:23
axisysI went through host0, host1, host2, host3 .. host3 found it..18:24
axisysis there a way to know which host without going through all?18:25
patdk-wkyes18:25
patdk-wkif you have something else on that host you can see what host it's using18:25
patdk-wkif you don't, then you just have to know18:25
patdk-wkor atleast know what hba it is so you can lookup what host that hba is18:25
naccquit18:26
axisysso how do I know sdb is host3 ?18:27
axisysecho "0 0 0" > /sys/class/scsi_host/host3/scan found sdb18:27
=== jgrimm-afk is now known as jgrimm
^KingHello, not sure about this chmod so I'm asking before I fuck things up18:30
^KingWhat's the best way to restrict users from accessing other users file?18:30
^KingGiven shell access only to a specific directory.18:31
patdk-wkaxisys, /sys/block/sdb/device/18:38
axisyspatdk-wk: I do not see sdb in here http://dpaste.com/0EFZF7N18:40
patdk-wkwhy would you see sdb in there?18:40
axisyswait!18:40
axisys:-)18:40
patdk-wkit's useful if you have a disk already on that controller, and want to add another18:41
patdk-wkotherwise well, normally faster to send rescan to all host cards18:41
axisysok18:41
=== matsubara_ is now known as matsubara
max3is there a way to use one require directive for all apache2(.4) directories?18:59
coreycbddellav, I see you're working on oslos.  I just pushed  a new oslo.config to debian but it has sphinx failures.19:02
sdeziel^King: "other users files" as in other's home directories?19:02
coreycbddellav, same story for openstadksdk19:02
^KingYes sdeziel19:03
coreycbddellav, and a new python-os-client-config is stuck in proposed pending MIR approval19:03
^KingThey should be able to access only their own folder.19:03
^King/home/username/19:03
^KingSo everything from username/19:04
coreycbddellav, those are all deps blocking python-openstackclient19:04
sdeziel^King: then remove the group and other perms on /home/username with:19:05
sdezielchmod go= /home/username19:05
coreycbddellav, so all of the blocking deps for the clients that I know of at this point are at least progressing19:05
^Kingwith:19:06
^Kingchmod go= /home19:06
^KingOr I'll have to do19:07
^Kingchmod go= /home/username19:07
^Kingfor each user?19:07
^Kingchmod go= /home/test19:07
sdeziel^King: for each users19:08
^KingThat didn't work19:09
sdeziel^King: what didn't work, the chmod?19:16
ddellavcoreycb ok, sounds good. Do you want me to look at the sphinx failures? Is it just missing git like the others?19:42
coreycbddellav, no but thanks. I'm waiting to hear back from zigo to see if he's seen it before.19:43
ddellavcoreycb ack19:44
^Kingsdeziel: I ran that command using sudo and replace the username with a user name19:55
^King0.30, 1.02, 0.1720:01
^Kinglike wtf is this shit20:01
^Kingload average of what20:02
lordievaderIs that an actual question or are you being sarcastic?20:05
^Kingsarcasm20:06
bindicringe20:06
^KingI'm confused, that's all20:06
^Kingin the last 15 minutes it's 0.17, wtf?20:07
ribothi, suppose someone unauthorized has done a poison nullbyte attack from my ubuntu server, how can i prevent such abuse of the ubuntu server?20:30
patdk-wkdon't let them run stuff on your server20:31
patdk-wkgenerally, this mean don't give out ssh/telnet access, don't run websites that use cgi/fcgi/wsgi/.... don't use php, patch at all times, do content and ids inspection and mitigation, firewall everything that is not needed, incoming and outgoing, ...20:32
patdk-wkyou can take the hole as deep as you want20:32
patdk-wkapparmor helps a lot also20:33
riboti've got a bunch of wsgi and php website running there20:34
ribotthere is nobody else having ssh or telnet access20:35
patdk-wkyes, but php and wsgi are access points20:35
patdk-wkand lets people run whatever they want as the users php/wsgi is running as20:35
patdk-wkfrom there, they can open network connections to attack anything they want20:35
patdk-wkor gain root access, and do more damage to your server20:36
ribotthey can do that on any server running php and wsgi?20:36
patdk-wkor even just modify your stuff to capture admin logins20:36
patdk-wkby definition yes20:36
patdk-wkunless the php code running is 100% foolproof20:36
patdk-wkjust look at wordpress history20:36
patdk-wkjoomla history20:36
patdk-wk....20:36
sarnoldit wouldn't be a bad idea to read all the php code you're hosting to look for bugs20:37
patdk-wk:)20:37
ribotseriously?20:37
patdk-wkthough, normally vaunerabilities are a combination of issues, that by themselfs are fine20:37
patdk-wkif you don't, you just have to deal with it20:38
patdk-wkor setup a content scanning system20:38
patdk-wkso you validate EVERYTHING, before it is allowed into the server20:38
patdk-wkthe problem your attempting to solve, isn't that your server is doing nullbyte attacks20:40
patdk-wkbut the fact someone was let in, to do that or anything else, in the first place20:41
ribotyes i understand that much20:46
ribotwell, thanks for the info20:46
sarnoldribot: I think I see a bug every time I look at php code..20:48
ribotif it were possible to debug php code like that, then wouldn't wordpress and joomla already have done that?20:50
cluemannUsing ubuntu server 15.10 I tried creating a network bridge by doing https://help.ubuntu.com/community/KVM/Networking#Creating_a_network_bridge_on_the_host. This locked me out of my network and I solved it by removing the physical device entirely from my interfaces configuration. Is the wiki wrong, or is something else causing this?20:52
sarnoldapparently the wordpress core is pretty decent but the plugins appear to be crap20:52
sarnoldjoomla... well.20:52
ribotisn't there some tool to test where my vulnerability is? or should i already start planning new server?21:13
bekksribot: Since you dont know which attacking vector the attacker used: setup a new server.21:14
ribotok21:16
=== Monthrect is now known as Piper-Off
=== lutostag_ is now known as lutostag
kettlechipI'm setting up a website for the first time, I'm using nginx. I don't understand the point of location blocks. I set a root and everything can be accessed already. What exactly can I put in a location block?22:27
sarnoldkettlechip: with a simple website that may be sufficient22:31
sarnoldkettlechip: if you were hosting multiple applications on the site, or different websites on the same host, you'd use those to describe each individual 'thing' on the server22:32
kettlechipsarnold: Thank you. I'll look more into it when the time comes, then.22:33
=== Lcawte|Away is now known as Lcawte
=== SierraAR is now known as Sierra
=== philipballew is now known as Guest44851
=== tomaw is now known as 14WAAAWCY
=== 14WAAAWCY is now known as tomaw
=== tomaw is now known as 14WAAAWCY
=== 14WAAAWCY is now known as tomaw
=== Lcawte is now known as Lcawte|Away
=== LewisCawte is now known as Lcawte

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!