[07:17] <LostSoul> Hi
[07:17] <LostSoul> I've met strange problem with apache2
[07:17] <LostSoul> Suddenly it stopped delivery content and when I tried to restart it, stop it - it was hanging
[07:18] <LostSoul> Now I kill process of it and it doesn't want to start
[08:08] <LostSoul> nvm
[08:08] <LostSoul> DNS went down
[09:14] <lordievader> Good morning.
[10:03] <LostSoul> Hi
[10:04] <LostSoul> Any idea how to map in ldap.conf home folders on one specific for all accounts??
[10:13] <LostSoul> Is there way to set nss_map_attribute homeDirectory to custom value?
[10:55] <tuor> Hi I was in #Ubuntu and it's a server problem, so I come here. (Problem description coming.)
[10:56] <tuor> [Ubuntu 14.04 64bit] I use libvirt for running kvm VMs. I have installed a VM like this: https://paste.ubuntu.com/15178446/
[10:59] <tuor> The volume has a read/write problem (syslog): https://paste.ubuntu.com/15178842/
[11:00] <tuor> lvs and lvdisplay: https://paste.ubuntu.com/15178852/
[11:01] <tuor> What could be the problem? I don't realy get it. Is it me doing something wrong Is it libvirt? Or what else?
[11:03] <tuor> libvirt version: 1.2.2
[11:05] <lordievader> tuor: Where do you see io errors in your syslog?
[11:06] <tuor> lordievader, ah new lines have been written to the syslog. I'll paste the right lines in a sec.
[11:08] <tuor> right lines: https://paste.ubuntu.com/15178904/
[11:09] <Zulu_Too> Does anyone have any comments on the security of .htaccess with Apache2  ?   Are there any security issues?
[11:11] <lordievader> tuor: The disks are fine?
[11:13] <tuor> How to check? (I think yes, I had this problem with debian 7 on a different hardware and then I just created all the logical volumes by hand all the time.)
[11:14] <lordievader> tuor: Check the smart values for a start.
[11:14] <tuor> lordievader, ok.
[11:21] <tuor> lordievader, smart values: https://paste.ubuntu.com/15178990/
[11:25] <lordievader> Disks seem healthy.
[11:26] <lordievader> I'd turn of the vm's, then using kpartx make the vm's partitions available on the host and check them with fdisk.
[11:27] <tuor> lordievader, ok.
[11:31] <MrDoctor> Hello. I am running a tomcat server, and I have some code in it to use a socket in localhost:4444.
[11:32] <MrDoctor> I have a separate java process that uses the said port. This is how I have implemented IPC between the tomcat server and the java process.
[11:32] <MrDoctor> It works fine on my local desktop, but on deployment, things don't work anymore.
[11:32] <lordievader> Firewall?
[11:32] <MrDoctor> I can telnet to the java process to write something to the socket.
[11:32] <MrDoctor> But tomcat cannot do it.
[11:33] <MrDoctor> In the server I mean.
[11:33] <MrDoctor> So, that rules out the possibility of it being a firewall issue.
[11:33] <MrDoctor> It could have something to do with groups or maybe apparmour.
[11:33] <MrDoctor> But I don't know how to resolve it.
[11:33] <lordievader> It can still be the firewall...
[11:34] <MrDoctor> I can open the port.
[11:34] <MrDoctor> It does not give an error.
[11:34] <MrDoctor> It's only that tomcat cannot write anything to the port.
[11:34] <lordievader> For example, tomcat might connect over ipv6 while telnet might connect over ipv4.
[11:35] <hateball> iirc java processes prioritize ipv6 unless told otherwise
[11:35] <lordievader> I'd start tcpdumping, if I were you.
[11:35] <MrDoctor> Okay.
[11:38] <tuor> lordievader, I wasn't able to installe the OS in the VM. I stoped the VM now and kpartx -l /dev/vg01_srvab00/rt00-1 don't gives any ouput.
[11:38] <tuor> When I tried to install the VM in the past, the VM crashed when it tried to write something on the LV.
[11:39] <bekks> Why would kpartx -l on a LV should give any usable output?
[11:39] <lordievader> tuor: Right, so there are no partitions on the volume. I guess you could run badblocks (read the man page) over it.
[11:40] <tuor> Isn't this strange (ll /dev/mapper): https://paste.ubuntu.com/15179122/
[11:40] <tuor> lordievader, ok i'll try.
[11:40] <lordievader> bekks: If you use lv's as disks for vm's they put a partition table on it.
[11:42] <tuor> lordievader, is it normal to have multiple mapping for a single LV? (my last link) And what are this different mappings?
[11:43] <lordievader> I'm not sure how you've set up your lvm. I haven't seen it before. But my lvm setups are usually quite simple.
[11:50] <tuor> It's libvirt which did the LV. My LVM setup is done by the ubuntu installer. Then I Installed kvm,libvirtd and let libvirt create a LV.
[11:52] <tuor> badblock is running.
[11:55] <tuor> afk for a while (have to eat something).
[12:02] <MrDoctor> I'm trying to force java to use ipv4 using -Djava.net.preferIPv4Stack=true, but it ain't working.
[12:14] <tuor> lordievader, all blocks ar bad. But I don't think that it's the disk. The system runs fine (on the same disk). If I create a logical volume with lvcreate there are no badblocks.
[12:16] <lordievader> There wasn't any data on it was there?
[12:16] <lordievader> You could just remove it and create a new one and pass that one to the vm.
[12:18] <tuor> I just deleted it. Now did a new one and running badblock on it.
[12:18] <RoyK> tuor: if you have bad sectors on a disk, then remove that disk from the system unless it's in a raid6 or something that can handle some errors
[12:18] <tuor> The disk is fine. It's raid 1.
[12:19] <bekks> If you have badblocks, the disk isnt fine, most likely.
[12:20] <RoyK> tuor: what does smartctl -H have to say? or smartctl -t short or -t long?
[12:20] <tuor> When I try to write on the LV badblocks lists all blocks as "bad blocks". Now I deleted the LV and created it by hand again (lvcreate -n rt00-1 -L20G vg01_srvab00). Now I'm running badblock again and no badblocks so far.
[12:21] <RoyK> tuor: try smartctl
[12:21] <RoyK> positive badblock count == bad drive
[12:21] <tuor> RoyK, smartctl says all is ok.
[12:22] <lordievader> RoyK: Scroll up, he posted output of smartctl before.
[12:22] <RoyK> lordievader: ah
[12:23] <tuor> to sumarize: When I create a logical volume by hand, all works fine. When I let libvirt create the logical volume I have read/write problems.
[12:23] <RoyK> weird
[12:23] <tuor> (I did not test if only write or read & write)
[12:24] <RoyK> then do that
[12:25] <RoyK> lvcreate, mkfs -t somefs, mount it, fill it with lots of identical files, check those file's checksums (sha256sum for instance) and compare with the original
[12:25] <tuor> RoyK, ok I'll do it.
[12:28] <MrDoctor> lordievader, I it is not working over ipv4 either.
[12:28] <lordievader> MrDoctor: What is not working over ipv4?
[12:29] <MrDoctor> The tomcat and java process IPC over socket thing.
[12:29] <lordievader> MrDoctor: So what did you find out?
[12:29] <lordievader> You investigated it right?
[12:29] <MrDoctor> I found out that I was previously using a tcp6 socket, changed it to tcp.
[12:29] <MrDoctor> After that it ain't working either.
[12:30] <lordievader> MrDoctor: Is your daemon listening to the port?
[12:30] <MrDoctor> Yes lordievader. I can communicate with it through telnet fine.
[12:31] <lordievader> MrDoctor: Do you see tomcat connecting to it with tcpdump?
[12:31] <MrDoctor> The server is running live lordievader. The tcpdump logs grow in the rate of a thousand lines per second.
[12:31] <MrDoctor> I cannot find anything there.
[12:32] <lordievader> tcpdump logs? The output you mean? If so, use a better filter.
[12:32] <MrDoctor> I have the daemon print out accepted client connection once something connects to it.
[12:32] <MrDoctor> So, the daemon is printing that line.
[12:32] <lordievader> I.e.: tcpdump -i any 'host 127.0.0.1 && tcp && port 4444'
[12:33] <lordievader> Run that and see what is actually going on.
[12:33] <MrDoctor> Okay
[12:33] <tuor> RoyK, all checksums do match.
[12:33] <RoyK> and nothing in dmesg?
[12:35] <Razva> hi folks! in MAAS, if I go to Subnets, I see two fabrics: one for WAN and one for LAN (which I suppose it's ok). BUT when I go to Nodes and choose Subnets (from the left sidebar) I can see only the LAN IPs. isn't this wrong?
[12:38] <tuor> RoyK, no.
[12:39] <RoyK> goodie
[12:39] <RoyK> then possibly libvirt is messing up
[12:39] <MrDoctor> lordievader, here are the logs https://gist.github.com/anonymous/62edd9a5afde70339e14
[12:40] <lordievader> tuor: I'd make the lv yourself and pass it to kvm, rather than letting libvirt make it.
[12:40] <MrDoctor> The daemon and tomcat connection happens, but after that tomcat cannot write anything to the socket.
[12:40] <tuor> But now I tried with a little bit different virt-install command and it doesn't work again (I replaced path=… with pool=default). dmesg (after now trying with libvirt again): https://paste.ubuntu.com/15179575/
[12:40] <RoyK> torak_: and perhaps file a bug on this
[12:41] <lordievader> MrDoctor: Seems fine if you ask me.
[12:42] <lordievader> MrDoctor: At least the tcp connection is set up.
[12:42] <MrDoctor> What I do is send some json from the tomcat server to the daemon for processing, but the daemon is not receiving any such json.
[12:42] <MrDoctor> If I send arbitrary strings using telnet, the daemon receives them.
[12:43] <tuor> lordievader, trying right now.
[12:43] <Razva> lordievader: any hints regarding my "issue"?
[12:43] <Walex> MrDoctor: that's not very technical talk :-)
[12:43] <lordievader> MrDoctor: I have no experience with tomcat (I try to stay away from Java), so I don't know what or how tomcat is trying to send things.
[12:43] <Walex> MrDoctor: "send some json from the tomcat server" is a bit vague
[12:43] <tuor> RoyK, how would you google it (to know if other people had this befor).
[12:43] <MrDoctor> And everything works fine in my local machine and our test ubuntu 14.04 server. The main server has ubuntu 15.04 in it.
[12:43] <lordievader> Razva: I have no knowledge of MAAS, sorry.
[12:44] <RoyK> tuor: not sure
[12:44] <Razva> OpenStack / Ubuntu Cloud?
[12:44] <Razva> because it's weird, my cluster has...only LAN everywhere.
[12:44] <MrDoctor> Sorry about that Walex.
[12:44] <MrDoctor> But I have no more better way to put it, trying my best from my side.
[12:45] <MrDoctor> lordievader, there is something else save for a firewall issue which is preventing tomcat from writing to the socket.
[12:45] <MrDoctor> Someone suggested it could be apparmour.
[12:46] <lordievader> Could be, check your logs.
[12:46] <MrDoctor> apparmour logs?
[12:46] <lordievader> Not really sure where they go, I think syslog.
[12:47] <tuor> lordievader, works so far now.
[12:47] <lordievader> tuor: \o/
[12:48] <torak_> RoyK: ?
[12:48] <tuor> But wtf is libvirt doing or what is wrongly configured?
[12:48] <torak_> RoyK: wrong tag i think. :P
[12:48] <lordievader> tuor: Good question.
[12:49] <tuor> Maybe #virt on from oftc can tell me^^
[12:50] <tuor> I could write on the disk know. My VM is installed (pfSense).
[12:56] <MrDoctor> Nothing from apparmour it looks like.
[12:56] <MrDoctor> Could it have something with users/groups?
[12:57] <lordievader> Perhaps it is some Tomcat config?
[12:58] <MrDoctor> It works fine on other environments.
[13:27] <LostSoul> Hi
[13:27] <LostSoul> Is there way to set nss_map_attribute homeDirectory to custom value in ldap.conf?
[13:27] <LostSoul> Or any other way to set custom home dir for all users?
[13:34] <tuor> I found the problem: http://comments.gmane.org/gmane.comp.emulators.libvirt.user/4555
[13:34] <tuor> finaly!! :)
[13:43] <tuor> lordievader, RoyK, libvirt does mess up with creating logical volume it assumes that you want to grow your logical volume over time. virt-install don't has an option to tell how much of the final max size should be allocated in the beginning and libvirt just allocates the minimum (4mb). If you set the option to not use this grow feature it allocates the right size directly and all works fine.
[14:29] <miccheck> Can anyone please help? I am trying to backup certain folders via rsync from an ubuntu vps to a backup folder on my mac. Neither the mac or the vps accounts are root, and I have root login access turned off on the vps. I ssh into it using an ssh config that I setup on my mac, and I'm trying to use ssh with rsync to perform the backuip, but I keep getting permission errors, not all files transferred, and so on.
[14:29] <miccheck> Can anyone please tell me the best way to do this, and whether or not I should continue to have root access disabled? I've read multiple things on both topics and I'm still not sure the right way to do this, etc.
[14:48] <Walex> miccheck: it all depends on who owns the files on the VPS
[14:49] <Walex> miccheck: if it is your non-root account, it should be fine. But if the VPS contains files not owned by your non-root account, and they don't have wide permissions, they won't be read.
[14:50] <Walex> miccheck: BTW this is about elementary UNIX/Linux knowledge, perhaps you would like to read an introduction to how permissions and ownership work in Ubuntu/Linux/UNIX.
[14:52] <miccheck> yeah, i'm trying to back up directories and files not owned by root on the vps, which causes the issue
[14:52] <miccheck> is there another IRC channel that you'd recommend for these types of questions?
[14:52] <miccheck> I'm pretty new to this stuff
[14:53] <Walex> miccheck: well, #LinuxHelp, but it is better if you read a bit of background intro...
[14:53] <Walex> https://help.ubuntu.com/community/FilePermissions
[14:54] <Walex> http://askubuntu.com/questions/150028/you-are-not-the-owner-message-when-trying-to-access-folder
[14:55] <miccheck> Ok, thank you very much for your help. It's also the ssh and rsync stuff that's confusing me. I'll start with your links and go from there. Thanks again!
[15:34] <coreycb> zul, can you upload this to xenial? https://git.launchpad.net/~corey.bryant/ubuntu/+source/python-requestsexceptions
[15:34] <coreycb> zul, also can you add a team bug subscriber?
[15:34] <roaksoax> win 11
[15:42] <coreycb> jamespage, mind uploading that ^ .  we need it for an MIR.
[15:43] <RoyK> roaksoax: I don't think that's out yet ;)
[15:48] <roaksoax> RoyK: :) lol
[16:52] <coreycb> jamespage, zul: can you also upload this to xenial? https://git.launchpad.net/~corey.bryant/ubuntu/+source/python-yaql
[16:55] <coreycb> ddellav, once that gets uploaded ^ and you get keystoneclient done, muranoclient should be unblocked
[16:55] <coreycb> ddellav, I uploaded a new tempest-lib
[17:06] <jamespage> coreycb, ok - lemme finish calls and I'll look
[17:14] <jamespage> coreycb, still detest the fact that orig.tar.xz is not re-producable across the team...
[17:14] <jamespage> :(]#
[17:15] <coreycb> jamespage, yeah.  I guess I haven't experienced the pain yet.
[17:15] <jamespage> coreycb, working those now btw
[17:15] <jamespage> coreycb, I'm having problems with neutron->nova external events in mitaka-staging
[17:15] <jamespage> going to try with xenial and see if that helps...
[17:16] <coreycb> jamespage, ok
[17:17] <jamespage> coreycb, python-requestsexceptions - still no unit tests?
[17:17] <jamespage> is that right?
[17:17] <coreycb> jamespage, that's right, there aren't actually any unit test in the code
[17:18] <jamespage> coreycb, to illustrate the problem with everyone generating their own tarball - you won't be able to straight sync requestsexceptions from debian when it gets uploaded
[17:18] <jamespage> as the orig.tar.xz will be different
[17:20] <coreycb> jamespage, ok.  I've still not hit that on a sync but I'm sure I will at some point.
[17:21] <coreycb> jamespage, not sure what to do other than carry a delta on every package, or convince zigo to use pristine-tars.
[17:21]  * jamespage chrugs
[17:21] <jamespage> shrugs rather
[17:21] <jamespage> coreycb, ok both uploaded - when is your core-dev interview?
[17:23] <coreycb> jamespage, monday!  we have more waiting on upload but I'll just poke you guys for stuff that's blocking us for now.  assuming I can upload stuff early next week.
[17:23] <jamespage> coreycb, fingers crossed
[17:23] <coreycb> yeah
[17:24] <jamespage> coreycb, ddellav: one of the bugs referred to in the barbican mir was already fixed - I just referenced the wrong bug in my changelog
[17:25] <coreycb> jamespage, thanks, one less thing to worry about
[17:26] <ddellav> jamespage thanks for the heads up
[18:00] <axisys> I replaced a bad disk on sun fire x2250, but the kernel is not seeing the new disk.. where should I look for issue?
[18:01] <axisys> I am on 12.04 lts
[18:14] <patdk-wk> did you reboot?
[18:23] <axisys> patdk-wk: no.. but I found force scanning worked
[18:23] <axisys> patdk-wk: peerce from #solaris suggested that
[18:23] <axisys> patdk-wk: wish the kernel would scan itself
[18:23] <patdk-wk> ya, many different ways to do that
[18:23] <patdk-wk> it depends on the driver/interface
[18:24] <axisys> I went through host0, host1, host2, host3 .. host3 found it..
[18:25] <axisys> is there a way to know which host without going through all?
[18:25] <patdk-wk> yes
[18:25] <patdk-wk> if you have something else on that host you can see what host it's using
[18:25] <patdk-wk> if you don't, then you just have to know
[18:25] <patdk-wk> or atleast know what hba it is so you can lookup what host that hba is
[18:26] <nacc> quit
[18:27] <axisys> so how do I know sdb is host3 ?
[18:27] <axisys> echo "0 0 0" > /sys/class/scsi_host/host3/scan found sdb
[18:30] <^King> Hello, not sure about this chmod so I'm asking before I fuck things up
[18:30] <^King> What's the best way to restrict users from accessing other users file?
[18:31] <^King> Given shell access only to a specific directory.
[18:38] <patdk-wk> axisys, /sys/block/sdb/device/
[18:40] <axisys> patdk-wk: I do not see sdb in here http://dpaste.com/0EFZF7N
[18:40] <patdk-wk> why would you see sdb in there?
[18:40] <axisys> wait!
[18:40] <axisys> :-)
[18:41] <patdk-wk> it's useful if you have a disk already on that controller, and want to add another
[18:41] <patdk-wk> otherwise well, normally faster to send rescan to all host cards
[18:41] <axisys> ok
[18:59] <max3> is there a way to use one require directive for all apache2(.4) directories?
[19:02] <coreycb> ddellav, I see you're working on oslos.  I just pushed  a new oslo.config to debian but it has sphinx failures.
[19:02] <sdeziel> ^King: "other users files" as in other's home directories?
[19:02] <coreycb> ddellav, same story for openstadksdk
[19:03] <^King> Yes sdeziel
[19:03] <coreycb> ddellav, and a new python-os-client-config is stuck in proposed pending MIR approval
[19:03] <^King> They should be able to access only their own folder.
[19:03] <^King> /home/username/
[19:04] <^King> So everything from username/
[19:04] <coreycb> ddellav, those are all deps blocking python-openstackclient
[19:05] <sdeziel> ^King: then remove the group and other perms on /home/username with:
[19:05] <sdeziel> chmod go= /home/username
[19:05] <coreycb> ddellav, so all of the blocking deps for the clients that I know of at this point are at least progressing
[19:06] <^King> with:
[19:06] <^King> chmod go= /home
[19:07] <^King> Or I'll have to do
[19:07] <^King> chmod go= /home/username
[19:07] <^King> for each user?
[19:07] <^King> chmod go= /home/test
[19:08] <sdeziel> ^King: for each users
[19:09] <^King> That didn't work
[19:16] <sdeziel> ^King: what didn't work, the chmod?
[19:42] <ddellav> coreycb ok, sounds good. Do you want me to look at the sphinx failures? Is it just missing git like the others?
[19:43] <coreycb> ddellav, no but thanks. I'm waiting to hear back from zigo to see if he's seen it before.
[19:44] <ddellav> coreycb ack
[19:55] <^King> sdeziel: I ran that command using sudo and replace the username with a user name
[20:01] <^King> 0.30, 1.02, 0.17
[20:01] <^King> like wtf is this shit
[20:02] <^King> load average of what
[20:05] <lordievader> Is that an actual question or are you being sarcastic?
[20:06] <^King> sarcasm
[20:06] <bindi> cringe
[20:06] <^King> I'm confused, that's all
[20:07] <^King> in the last 15 minutes it's 0.17, wtf?
[20:30] <ribot> hi, suppose someone unauthorized has done a poison nullbyte attack from my ubuntu server, how can i prevent such abuse of the ubuntu server?
[20:31] <patdk-wk> don't let them run stuff on your server
[20:32] <patdk-wk> generally, this mean don't give out ssh/telnet access, don't run websites that use cgi/fcgi/wsgi/.... don't use php, patch at all times, do content and ids inspection and mitigation, firewall everything that is not needed, incoming and outgoing, ...
[20:32] <patdk-wk> you can take the hole as deep as you want
[20:33] <patdk-wk> apparmor helps a lot also
[20:34] <ribot> i've got a bunch of wsgi and php website running there
[20:35] <ribot> there is nobody else having ssh or telnet access
[20:35] <patdk-wk> yes, but php and wsgi are access points
[20:35] <patdk-wk> and lets people run whatever they want as the users php/wsgi is running as
[20:35] <patdk-wk> from there, they can open network connections to attack anything they want
[20:36] <patdk-wk> or gain root access, and do more damage to your server
[20:36] <ribot> they can do that on any server running php and wsgi?
[20:36] <patdk-wk> or even just modify your stuff to capture admin logins
[20:36] <patdk-wk> by definition yes
[20:36] <patdk-wk> unless the php code running is 100% foolproof
[20:36] <patdk-wk> just look at wordpress history
[20:36] <patdk-wk> joomla history
[20:36] <patdk-wk> ....
[20:37] <sarnold> it wouldn't be a bad idea to read all the php code you're hosting to look for bugs
[20:37] <patdk-wk> :)
[20:37] <ribot> seriously?
[20:37] <patdk-wk> though, normally vaunerabilities are a combination of issues, that by themselfs are fine
[20:38] <patdk-wk> if you don't, you just have to deal with it
[20:38] <patdk-wk> or setup a content scanning system
[20:38] <patdk-wk> so you validate EVERYTHING, before it is allowed into the server
[20:40] <patdk-wk> the problem your attempting to solve, isn't that your server is doing nullbyte attacks
[20:41] <patdk-wk> but the fact someone was let in, to do that or anything else, in the first place
[20:46] <ribot> yes i understand that much
[20:46] <ribot> well, thanks for the info
[20:48] <sarnold> ribot: I think I see a bug every time I look at php code..
[20:50] <ribot> if it were possible to debug php code like that, then wouldn't wordpress and joomla already have done that?
[20:52] <cluemann> Using ubuntu server 15.10 I tried creating a network bridge by doing https://help.ubuntu.com/community/KVM/Networking#Creating_a_network_bridge_on_the_host. This locked me out of my network and I solved it by removing the physical device entirely from my interfaces configuration. Is the wiki wrong, or is something else causing this?
[20:52] <sarnold> apparently the wordpress core is pretty decent but the plugins appear to be crap
[20:52] <sarnold> joomla... well.
[21:13] <ribot> isn't there some tool to test where my vulnerability is? or should i already start planning new server?
[21:14] <bekks> ribot: Since you dont know which attacking vector the attacker used: setup a new server.
[21:16] <ribot> ok
[22:27] <kettlechip> I'm setting up a website for the first time, I'm using nginx. I don't understand the point of location blocks. I set a root and everything can be accessed already. What exactly can I put in a location block?
[22:31] <sarnold> kettlechip: with a simple website that may be sufficient
[22:32] <sarnold> kettlechip: if you were hosting multiple applications on the site, or different websites on the same host, you'd use those to describe each individual 'thing' on the server
[22:33] <kettlechip> sarnold: Thank you. I'll look more into it when the time comes, then.