/srv/irclogs.ubuntu.com/2016/04/06/#ubuntu-server.txt

Pinkamena_Dwhen using the program 'glances', which some of you may be familiar with, the disk usage monitor is messed up because there are a bunch of devices like ram0, ram13, ram1, etc so I can not see the actual disks at the bottom of the list00:21
Pinkamena_Ddoes anyone know if you can reorder this or disable these devices?00:21
PiciPinkamena_D: I think you can specify some options in the conf file: https://glances.readthedocs.org/en/latest/aoa/fs.html00:23
=== alexisb-afk is now known as alexisb
FManTropyx"deferring update (hook will be called later)" wat03:50
=== prince is now known as keng
=== keng is now known as jombojo
=== jombojo is now known as prince
=== JanC_ is now known as JanC
=== kickinz1|eod is now known as kickinz1
fricklerjamespage: regarding TasksMax, I agree that for ceph-osd/mon, there should be no limit at all from systemd probably.06:35
fricklerjamespage: as to why the limit is not enforced after booting, this seems to be a systemd issue, not only affecting ceph06:35
fricklerjamespage: and thanks for the other fixes, I'll try to verify the new packages today06:36
aoteaI'm trying to set my server up to only accept connections with ssh id keys, but one I set PasswordAuthentication no in sshd config I can't connect to it anymore. Is this due to another rule that says not to allow empty passwords (if the user has a id key without password) or what am I lookin for?08:00
RoyKaotea: no, the server has no way of knowing if the private key is password protected or not08:09
RoyKaotea: did key authentication work before the change?08:09
aoteaRoyK: I think so, looked through ssh in verbose mode and seemed like key was ok'd to authorized_keys08:18
aoteaRoyK: looking through my auth log now to see if I might find a clue there though08:18
lordievaderaotea: Perhaps wrong permissions on ~/.ssh?08:21
aotealordievader: could be, should be 700 on the /ssh and 600 on the autorized keys right?08:22
lordievaderYes, but if it would be wrong, you'd see it in the servers auth log.08:23
RoyKaotea: if you try to change back, can you then login without getting a password prompt?08:27
aoteaNo, tried setting passauth to no in sshd and couldn't then log on at all so had to get to the server and reset the config08:30
aoteahttp://pastie.org/10787181 this is the log after the change at first, still asking me for password.08:31
aoteaseeing as there is an added thing about RSA I'm guessing it is checking my key then at least?08:32
yossarianukhi - on ubuntu 15.10 when I use virt-manager to create a QCOW2 disk image it is not thin provisioned by default  - i'm sure on previous versions it was, any ideas how I can make it thin provisioned by default >09:00
yossarianukactually - forgive me, it is thin provisioned - just ls showing the virtual size.09:07
=== twoface89 is now known as twoface88
aoteaStill having issues getting ssh to work with keys, this is the verbose output I get http://pastie.org/10787305 - sshd is set to still prompt me for password as last I removed that I had to visit the server but I want to remove this option soon I get this working.10:09
lordievaderYour public key is in the authorized keys file and the ssh daemon has read that file?10:11
aoteanot sure about that last bit, but yes I got a warning after doing ssh-copy-id that my pub was already in my authorized_keys. How do I check that the daemon read the file?10:12
lordievaderaotea: Check what is configured as the authorized keys file.10:13
aotea"%h/.ssh/authorized_keys" lordievader10:13
lordievaderAnd your key is in there?10:14
aoteait's in the .ssh/ folder of the user I'm trying to log yes - never seen the %h for home before thought10:15
lordievaderHmm, then I'd like to see the server sshd log as to see why the rsa key is not accepted.10:16
aoteahttp://pastie.org/10787326 lordievader last login seem to have accepted a pub key, but no idea what changed, only did ssh-copy-id and was told nothing happened seeing as key was already in authorized_keys :s10:26
aotealordievader: http://pastie.org/10787350 logged out and back in and no sight of the pubkey again10:32
cpaelzeranybody an idea how I'd get a vivid lxd container?10:47
cpaelzerit is already out of images.linuxcontainers.org10:48
markctesting a xenial setup on a hp microserver by booting from the internal usb drive, just hangs at initramfs prompt with no usb drivers (I guess) so no keyboard access to do anything... kubuntu xenial desktop installer boots okay in the same slot... just spins on /scripts/local/block... what is atht?11:20
markc* /scripts/local-block what or where is that script?11:21
markcwily was booting up the same server from the same slot a month ago.11:23
cpaelzermarkc: do you mean /usr/share/initramfs-tools/scripts/local-block ?11:32
cpaelzermarkc: in the initramfs that could be your path11:32
cpaelzerit is only a dir, but then the only thing remotely matching the file name you asked for11:33
cpaelzerit is part of cryptsetup11:34
cpaelzerwild guess - maybe it is showing a popup on a screen somewhere (or think it does so)?11:34
markccpaelzer: thanks for the hint... it's a fresh install and I didn't ask for encrypted anything... unfortunately there is only usb keyboard access and that is not working11:36
cpaelzermarkc: so the install went through and now it is hanigng after reboot - or is the install itself blocked?11:37
markcI did the install on my laptop (usb stick to usb stick) then put the new install into the hp microserver11:38
cpaelzermarkc: unfortunately I'm no expert on that, but I really think it might ask you something on a framebuffer11:38
cpaelzermarkc: are you having only serial console access atm?11:38
markcboots up but just spinds on /scripts/local-block for half a minute then drops to the initramfs prompt, also says the UUID of the usb stick is not detected but I've double checked that the usb boot stick is indeed that UUID11:39
markccpaelzer: just using a "normal" vga screen, not serial11:43
markcseeing that it can't seem to see the ext4 boot partition UUID and no usb keyboard it's like the right usb drivers have not been installed into the kernel11:44
markcperhaps if I do a fresh install onto the usb drive on this server then perhaps the instll process will figure out it needs to install usb drivers, but I would have thought that was part of any "normal" ubsuntu server install these days11:45
markcnope, that same usb stick does the same thing on my laptop, just spins on "Begin: Running /scripts/local-block ... done." for 30 secs then goes to a initramfs prompt.. so it's not the hp microserver hardware at fault, something is wrong with a stock standard xenial ubuntu server install onto a usb stick11:59
cpaelzermarkc: :-/ i'm out of ideas, if nothing else can help you I'd ask you to file a bug with as much detail on the HW and the instal process as possible12:01
markcat least I have keyboard access on the laptop and the only odd thing I can see is that normally the usb stick would be /dev/sdb1 etc and there is no /dev/sdb* at all12:08
markcbizarre, from the initramfs blkid shows the internal sata drive but not the (usb) device it just booted from... I've done this 100s of times before and never struck anything like this kind of problem before12:12
lordievaderaotea: I'12:13
lordievaderI'd set the loglevel a bit higher and try again.12:13
rbasakjgrimm: bug 1505839 probably needs assigning12:34
ubottubug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/150583912:34
rbasakjgrimm: along with a report in the ubuntu-server ML just now12:34
wsirccchttps://uec-images.ubuntu.com/releases I want to run these images on qemu. One problem is to login. They say this is done by ssh keys. But I do not find explicitly how to do it? Given I have the instance running, what should I do?14:02
wsircccwho can Help me?14:05
rbasakwsirccc: cloud images have no access by default to avoid the obvious security vulnerability. You can feed an ssh key or password when booting using cloud-init using various mechanisms, or alter the image manually first.14:06
rbasakwsirccc: uvtool handles all of this for you - see the server guide. Or use cloud-localds manually.14:07
wsircccok, I good it is, about preseeding ssh-keys in the guest. Thanks as well for the pointer.14:11
wsircccAnother question: how would one best prepare a arbitrary ubuntu image with working ssh keys, given ssh-keys-login is the best choice for remote controlling the guest?14:13
wsircccgood/got/14:13
rbasakmount-image-callback is handy. But I wouldn't use that in production.14:14
rbasakIn production, use cloud-init.14:14
rbasakWith cloud-localds. Stop thinking about rolling your own images :)14:14
wsircccrolling?14:14
rbasakCreating14:14
rbasakOf course, you can do what you want.14:15
rbasakBut this philosophy is that you don't prepare your own images. Instead you use the same official image everywhere, and it sets itself up as you wish on boot.14:15
rbasakUsing cloud-init.14:15
rbasakAnd you give it your ssh key on boot via one of the available mechanisms.14:16
rbasakOn EC2, that is the metadata service, etc.14:16
rbasakFor local qemu, you can use a "config drive" which cloud-localds can prepare for you.14:16
rbasakuvtool does this automatically for you for local use.14:16
rbasakThen you don't have to maintain your own images, which inevitably don't get updated with security updates.14:17
wsircccI do not get it, create means what? And what to do instead?14:17
wsirccccreate: install one's on system from a iso14:18
wsircccinstead: download them from ubuntu-uec, and manipulate them?14:19
wsirccc?14:19
wsircccI need them guests for trying out (X) user configuration and such things it is to say. ..14:21
wsircccrbasak14:22
wsircccrbasak14:22
wsircccrbasak:?14:22
rbasakwsirccc: please explain what you're trying to do. Is this for testing, production or both?14:25
wsirccclets say experiments14:27
rbasakUse uvtool.14:27
wsircccok, save this conversation and go for it. Thanks for point me.14:30
wsircccpoint/pointing14:32
jgrimmrbasak, i couldn't find ML post for bug 1505839?14:47
ubottubug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/150583914:47
rbasakjgrimm: not the same bug, but a different report that made me thing the installer needs a little attention: https://lists.ubuntu.com/archives/ubuntu-server/2016-April/007248.html14:48
rbasakthink14:48
jgrimmah, yeah, i didn't get a connection from what you wrote14:49
jgrimmrbasak, also noticed you marked that triaged, but i didn't see obvious corresponding explanation of what was determined wrong?14:50
rbasakjgrimm: matsubara confirmed. Triaged doesn't need a root cause analysis. As long as it can be tackled by a developer (eg. valid bug and reproducible), it's Triaged.14:51
rbasak(and ideally no dupes)14:51
jgrimmoh, i would see that as confirmed14:51
rbasakhttps://wiki.ubuntu.com/Bugs/Bug%20statuses14:52
jgrimmrbasak, thanks14:52
jgrimmmatsubara, want to take a look at the bug 1505839?14:58
ubottubug 1505839 in debian-installer (Ubuntu) "Unable to install from text mode interface" [High,Triaged] https://launchpad.net/bugs/150583914:58
matsubarajgrimm, I can give it a try15:03
jgrimmmatsubara, thanks15:03
=== kickinz1 is now known as kickinz1|eod
dr4c4n_hi there, I am trying to define a management network on one nic, and connect my vm guests to a network unattached to the host, and has access out16:01
dr4c4n_I'm running ubuntu server 14.04 with kvm16:02
crazybluekTJ- hello u there ?16:07
crazybluekTJ-  could u message me with details about how to make a script to keep mine router on net despise problems/errors on dhcp server (ISP) ?16:08
dr4c4n_I understand I need to create a bridge interface, but I want to ensure it doesn't allow the host to access the internet, only the vm guests.16:09
sdezieldr4c4n_: what do you mean by "a network unattached to the host" ?16:10
dr4c4n_sdeziel: ok, so my requirements are that the host hypervisor (kvm running on ubuntu 14.04) shouldn't access the internet, it should only be setup with the default network (provided by libvirt) to connect to it's guests. I would like the guests to be able to access the external network and the internet as I need to create a vm to make a build environment, to compile openvswitch to move to the host os16:12
dr4c4n_is this a firewall setting? and not a network setup step?16:12
sdezieldr4c4n_: if you need openvswitch in the host why not apt-get install it?16:13
dr4c4n_sdeziel: I'm not allowed to have the host running the hypervisor kvm attach itself to the internet16:13
sdezieldr4c4n_: also if you are using the default virbr0, this requires your host to have Internet connectivity to make it available to the guests16:13
sdezieldr4c4n_: understood but in that case the host probably have access to an HTTP proxy, isn't it?16:14
TJ-crazybluek: did you collect the dhclient debug log?16:15
=== rattking is now known as syncsyncsync
=== twoface89 is now known as twoface88
dr4c4n_sdeziel: the host doesn't have access at all16:22
sdezieldr4c4n_: then how will you install security updates?16:22
dr4c4n_what I mean is I can plug in the host to an internet accessible network, but that is not what I need to do16:23
sdezieldr4c4n_: yeah I understood you don't want direct Internet access for the host. That's best practice and what I do too16:23
sdezieldr4c4n_: but you need some form of Internet access16:24
dr4c4n_sdeziel: which I am not allowed to have. what I am requesting, is some sort of reference that can show me how to setup networking to enable a management interface for the kvm host (which might eventually be connected to the internet) but for now let's assume it doesn't have access.16:27
dr4c4n_on one nic, and setup another bridge to interface with the vmnics and a different physical nic on the box16:27
dr4c4n_which can connect to the internet16:27
sdezieldr4c4n_: so you have 2 NICs on the host, one is the management NIC and has an IP and a default route. The other NIC is only used by a bridge that you hook your VMs to. That bridge and the underlying NIC must not have any IP in the host.16:30
sdezieldr4c4n_: the NIC used for bridging should be hooked to a network that has a router/DHCP/etc to provide your guests full connectivity with the outside world16:30
dr4c4n_that I understand, I can create an entry for em1 in /etc/networking to setup a static ip16:31
sdezieldr4c4n_: if em1 is your management NIC, yes16:32
dr4c4n_and I understand how to physically connect the nic for bridging, but I do'nt know how to tell ubuntu how to a) create bridge and b) hook a vm to it16:32
dr4c4n_<- I'm new at this, and understood using ubuntu on a desktop16:32
sdezielah OK, sec16:33
dr4c4n_I did try reading the kvm networking information on ubuntu page, and the libvirt page, but I'm confused by the different options they are putting up there16:33
dr4c4n_and technically I have 4 nics on the host, but once I can configure these two, figuring out the other two should be a) easier, and b) I will have to do the management of the virtual network from openvswitches, which will change this initial setup16:34
dr4c4n_as I will be creating a bunch of vlans to individual vms. eventually16:34
dr4c4n_btw, thanks a lot for your help16:35
sdezieldr4c4n_: what I typically do is define my bridge in /etc/network/interfaces and make sure to NOT assign any IP. Something like this http://paste.ubuntu.com/15655200/16:37
dr4c4n_ok, then when defining / creating your vms, you pass the bridge name to them correct?16:38
sdezieldr4c4n_: then I define a p2p network using virsh and this: http://paste.ubuntu.com/15655225/16:38
sdezieldr4c4n_: then I add a NIC to a VM like this: http://paste.ubuntu.com/15655249/16:39
dr4c4n_and any vms with the nic defined in that way are connected to that network16:40
dr4c4n_thanks16:40
sdezieldr4c4n_: yeah, any VM with an interface using the same source network will end up in the bridge16:41
dr4c4n_ok. I get it now :) I really appreciate your help.16:42
sdezieldr4c4n_: you are welcome16:42
sdezieldr4c4n_: when you move to using VLANs, the concept will be the same except that you will bridge over VLAN devices instead of raw NICs16:43
patdk-wkdepending :)16:44
sdezielwell, yeah, many variations are possibles especially with OVS involved16:44
patdk-wkif you your doing vm's that are limited to 1 or just a few vlans, sure16:45
patdk-wkif your vm's need most all or all, and you don't need to worry about vlan security for the vm's16:45
patdk-wkmight be simpler to to bridge the nic, vlans and all16:45
patdk-wkbut ya, not normally a *secure method16:45
sdezieltrue16:46
patdk-wkunless security is controlled else where, like anything on that box, is allowed all those vlans anyways16:46
FManTropyxI am trying rsync as daemon and it cannot access files that do not have o+r even though I started it as root16:50
DirtyCajundoes anyone know what the commands are after autopart in kickstart to automatically accept changes?17:22
naccDirtyCajun: how do you mean?17:25
DirtyCajunwell when the automation process partitions the entire disk using autopart. there are 2 questions it asks you after it partitions "confirming" what you are doing.17:26
DirtyCajuni dont want to have to click ok 2x. defeats the purpose lol17:26
DirtyCajunim doing it in a vm to get you the exact pages17:35
DirtyCajunactually there are 3. there is the possible "there are already mounted partitions would you like to umount? there is Finish and write partitions to disk, and there is write? (yes)17:39
FManTropyxwhich FTP daemon should I employ?17:43
DirtyCajunfound it nacc i need to preseed the answers.17:43
naccDirtyCajun: yeah you need to preseed17:45
naccDirtyCajun: i think that's the limit of kickstart, presumig you're actually using a kickstart file17:45
DirtyCajuni am. i just did preseed partman/confirm boolean true17:46
DirtyCajunin my kickstart17:46
naccyeah17:46
naccDirtyCajun: at that point, you might be better off using a proper preseed, but it's a matter of preference :)17:46
DirtyCajuntrue. less work to just stick the 2 lines in the already made kickstart file tho XD17:47
naccDirtyCajun: yep, it all depends on if you're deploying more than just ubuntu/debian, imo17:47
DirtyCajunsuch blasphemy in #ubuntu-server17:47
DirtyCajun;)17:48
naccDirtyCajun: :)17:51
DirtyCajunok. i got preseed to do 2 of those 3. i cant find the partman/(some command) for already mounted partitions18:57
sb_9ext3 needs journal recovery.    can any one help on this..19:08
wsircccQuestion: connecting to the qemu-installed-out-of-box-guest from host, first choice is ssh, first, and secondly how  is this possible in so called default network mode? For a decent communication with the guest, one needs to switch to be root for first time, is that right?19:21
sarnoldhunh?19:26
=== syncsyncsync is now known as rattking
DirtyCajunfor anyone interested the preseed issue with a drive already existing it is a current bug! https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/134772619:42
ubottuLaunchpad bug 1347726 in debian-installer (Ubuntu) "ubuntu14.04 installation hang on "The installer has detected that the following disks have mounted partitions"" [Undecided,Confirmed]19:42
supNowHello all, without sounding like a complete noob I could use some help with a small issue. I setup ubuntu server a few years back for this company and since left, so nothing has been touched or updated in years. I came in today to run some updates on the websites I had running on it and to update the server itself but I'm having no luck. Weather I19:59
supNowtry sudo upgrade or the software manager (using gui) both return failed download attempts but network connection is fine.19:59
patdk-wksupNow, sounds like you have an unsupported version of ubuntu on it20:16
supNow@patdk-wk thank you... do you know if ubuntu-server is a rolling release? Is there an easy way to upgrade to the latest?20:52
patdk-wkit's not rolling20:54
patdk-wkand no, I have no idea, since we have no idea what release you are using20:54
patdk-wkcat /etc/issue could be a clue20:55
patdk-wkor whatever is in your /etc/apt/sources.list file20:55
RoyKsupNow: you can do a do-release-upgrade -d21:00
RoyKsupNow: upgrade to the latest non-lts-release21:00
RoyKsupNow: or even 16.04 beta21:01
RoyKsupNow: I don't do that for servers21:01
RoyKsupNow: but then - you're the one running it21:01
qman__!eol21:01
ubottuEnd-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades21:01
qman__the latter, there, will tell you how to upgrade an EOL release21:01
qman__but you need to know which release you're running first21:02
qman__lsb_release -a or cat /etc/issue21:02
qman__from what you're saying you didn't set it up all that long ago, so you're probably not running an LTS release21:03
qman__which I don't recommend21:03
RoyK8.04 was an LTS ;)21:06
qman__yeah, but it's also 8 years old21:07
RoyKyeah - old things are always better21:08
qman__I actually just got rid of my last 8.04 a few weeks ago, it was a mail server and my postfix+dovecot configuration wouldn't survive the upgrade21:08
qman__I had to rebuild from scratch and import the mailboxes21:08
patdk-wkvery strange21:13
patdk-wkmine has servived upgrades from 8.04 to 14.04 so far just fine21:13
patdk-wkwell, if he was running non-lts, upgrades are much harder :)21:14
patdk-wkI do have 5 production 16.04 I have been running for 2 months now21:15
DirtyCajun16.04 BETA *21:26
qman__all my other servers survived upgrades just fine, it was just that postfix+dovecot vmail configuration that refused to work21:41
aoteaCould someone help me understand why when I ssh to my server, I get to skip typing password (so ssh key obviously works) but once I set "PasswordAuthentication no" my key is suddenly not working?22:37
sarnoldaotea: sshd authentication is a bit annoying .. there's a dozen different controls that interact. the easiest way for someone else to help debug is if you pastebin your sshd_config22:43
pmatulisand the auth.log of the server22:44
coderangerIs there a way to tell the Server installer to not use a UEFI boot setup?22:50
coderangerand/or to not use a GPT?22:51
sarnoldeasiest may be to set the bios to 'legacy' mode before booting22:51
coderangerOkay, the installer is smart enough to not use EFI if it was loaded in legacy?22:52
patdk-lapheh, kindof hard22:53
patdk-lapif your disk is >2tb you need gpt22:53
sarnoldyeah, I think so; I ran the installer with my bios set to "dual" the other day and wound up with a system that wouldn't boot. so I changed it to uefi, re-ran the installer, and it noticed the difference and behaved differently22:53
patdk-lapif the bios is set to uefi, it will setup uefi22:53
sarnoldI suspect going the other way is probably something it'd notice too22:53
patdk-lapI have been unable to do uefi boot correctly22:53
patdk-lapwhen also interacting with grub luks boot disk22:53
coderangerHeh, big disks are not a risk factor for this. I think there is a way to go MBR-mode grub on a GPT but I just don't care. This is just to get Xen running on a babby machine.22:54
coderangerWill try it out and report back, thanky :)22:54
patdk-lapwell, gpt will install a mbr compatable header22:54
patdk-lap Iwonder if it's boot compatable though, not sure I have tried that22:55
patdk-lapor bothered to look into it even22:55
aoteasarnold: http://termbin.com/asw6 for the auth.log22:55
sarnoldheh my usual goal is to get the stupid thing booting with as little of my mental energy as possible :)22:56
patdk-lapwell, I want fully encryped disk22:56
patdk-lapbut I wanted uefi also22:56
sarnoldthen you have a different problem than I do ;)22:56
patdk-lapya, interactions with hippa stuff22:56
sarnoldaotea: wow, the internet is a brutal place to put an sshd..22:57
patdk-lapand I totally do not trust fully, SED disks22:57
aoteasarnold: What do you mean? http://termbin.com/9yqj22:57
patdk-lapdid someone not install fail2ban or the likes?22:57
patdk-lapwhat is the *problem*? :)22:58
sarnoldaotea: the number of brute-force password guessing attempts is astonishing22:58
aoteasarnold: got fail2ban set up proper to hopefully help me on that front :P22:58
patdk-lapI forgot to isntall fail2ban once22:59
aoteabut yeah, tons more than last I tried tinkering with a server22:59
patdk-lapthe T1 line would get routinely *overloaded*22:59
aoteaor well I 'hope' I got fail2ban set correct at least, it says each IP only should get 3 tries but I see way more than that :S Figured setting ssh key for log in would be 'safer'23:00
patdk-lapya, but it won't cut down on bandwidth/log usage23:01
patdk-lapaotea, maybe also UsePAM no23:03
sarnoldo_O23:04
sarnoldI think all kinds of things break if you set that to 'no'23:04
patdk-lapmaybe23:04
sarnolddo you have it set to 'no' on any of you rlinux boxes?23:04
patdk-lapyes23:04
sarnoldinteresting23:04
patdk-lapbut I don't have passwordauth disabled23:04
patdk-lapand I do customize my pam stack23:04
patdk-lapbut thinks like, encfs, for homedir's and stuff like that, will break, yes23:05
sarnolddo you have this on any wily-or-newer systems? I've got a vague feeling that withuot pam_systemd_logind_lennartd or whtaver you'll wind up in funny situations23:05
patdk-lapno, I don't have it on any systemd though23:06
sarnolde.g. 156445123:06
coderangerYep, that worked. Booting the installer with EFI disabled in the BIOS it did everything old-school :)23:10
coderangerThanks all.23:10
sarnold\o/23:10

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!