/srv/irclogs.ubuntu.com/2016/05/02/#ubuntu-server.txt

Househi all. does anyone have SSSD+AD working with cifs automount? i've got homefolder creation, sudo, ssh & login working but i've got 2 issues with autofs. #1: auto.smb is looking for /tmp/krb5cc_<uid>, while SSSD is writing the files as /tmp/krb5cc_<uid>_<salt>, and #2: kerberos is failing for "smbclient -k" or auto.smb01:10
GeekMan1222:|02:40
GeekMan1222I wonder if i can just write the files using nandpro02:52
GeekMan1222woops02:53
jetsaredimanyone know why mount would be assuming that my remote nfs is nfs4?06:10
JanCjetsaredim: NFS4 is the default, but it should fall back to v3 or v2 if necessary?06:14
jetsaredimJanC: you'd think06:15
JanCunless you explicitly configure it as NFS4 probably06:15
jetsaredimany reason why mount.nfs4 would just be a sym link to mount.nfs06:15
JanCbecause it's all the same code06:16
jetsaredimi'm not sure what the ls color scheme is now a days but for some reason /sbin/moun.nfs is showing up as red background with white writing06:16
JanCare you mounting manually or in fstab?06:17
jetsaredimmanually06:17
jetsaredimI just upgraded from 15.1006:17
jetsaredimre-running a mount command i've run hundreds of times06:17
jetsaredimliterally just "mount localmachine:/export /some/local/dir"06:18
Houseman nfs: "If the server does not support the requested version, the mount request fails.  If this option is not specified, the client negotiates a suitable version with the server, trying version 4 first, version 3 second, and version 2 last."06:18
Houseone of the man pages says something like "mount knows nothing about nfs vs nfs4" and the "argument is constructed by mount.nfs"  so the default behaviours are set in the mount.nfs code06:21
Housejetsaredim:  mount.nfs4 has been rolled into mount.nfs, so the symlink is there for compatibility with old scripts & utils. you also dont (maybe cant) use "nfs4" in /etc/fstab, just use "nfs" for any version, and drop a "vers=" or "nfsvers=" (they're equivalent) in the fstab options.06:24
Houseall this is in man pages mount, mount.nfs & nfs06:25
jetsaredimyea06:27
jetsaredimdoesn't really add up06:27
Housein what way?06:28
jetsaredimhm06:28
Housecos it's not falling back?06:28
jetsaredimi think i figured out the source of my issue06:28
jetsaredimnfs doesn't seem to be loaded in my kernel06:29
jetsaredimnow if only i could figure out why06:33
JanCyou have nfs-common installed?06:34
=== JanC is now known as Guest37928
=== JanC_ is now known as JanC
=== athairus is now known as afkthairus
stemidhttps://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1117292 why would this happen when booting from a sha verified ubuntu-16.04-server-amd64.iso on a virtual system in vsphere 6? it's a 3 year old bug.07:51
ubottuLaunchpad bug 1117292 in usb-creator (Ubuntu) "'Unable to install busybox-initramfs' during a server installation" [Medium,In progress]07:51
stemidhas nothing to do with usb-creator in my case.07:51
elefantennHey. I'm trying to configure OpenLDAP for Samba via this guide https://help.ubuntu.com/lts/serverguide/samba-ldap.html. When I run "sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f samba_indices.ldif" I get this http://hastebin.com/raw/ucipudirif. Does anyone know what I'm missing?08:41
elefantennI've tried asking in #samba and #openldap without any success.08:42
akikin lxd, how can i make my uid=1000 on host have write access to the nfs share i shared into my container? i.e. have my uid=1000 in the container be able to write into the nfs share08:48
akiki've tried adding the lxc.id_map settings into the profile of the container but after that the container fails to start08:50
akikit looks like the nfs mount is written with nfs nobody uid 65534 like /proc and /sys in the lxd container09:03
curmetHello I have problem accessing my ubuntu machine via SSH from windows machine, I did09:57
curmet1. install the ssh server , sudo apt-get install openssh-server, turned firewall off09:57
curmet2. from windows I use winSCP with SFTP option, I entered the IP address of the ubuntu machine, username and password login ubuntu, port 22.09:57
curmetIt showed authentication banner "ubuntu 15",but it then stuck with 'authenticating with preentered-password,access denied'. Whats missing?09:57
pulsar12curmet, did you fill the password on the options before connecting? try clear that and have it asking for password interactively.10:10
curmetpulsar12 : I did, but still it prompt "access denied" although I fill it with the Ubuntu logon password10:12
pulsar12are you using pam? the username is on local passwd? can you login on normal ssh session?10:13
pulsar12curmet, the problem only happens with sftp? what about normal ssh?10:15
curmetpulsar12, what port that ssh uses?10:17
curmet22?10:17
JanCis sftp installed / configured?10:18
pulsar12its the same as sftp10:18
pulsar12sftp is just a subsystem of ssh10:18
curmetJanC, I just installed openssh-server , with default configuration10:18
JanCactually, it's a separate program providing it, and it can be enabled/disabled10:19
JanCcurmet: are you trying to log in with root?10:20
curmetpulsar12 , I tried sftp:// , ftps:// , ftp://ubuntuIP , but still no luck10:20
curmetJanC , yes , with root10:20
pulsar12thats should be the problem :)10:21
JanCyou can't login as root with default config if I remember correctly10:21
pulsar12you have to change the setting on sshd_config10:21
JanCor better yet, don't log in as root10:22
curmetso I must create other user login?10:22
JanCthere already should be another user?10:22
JanCbut you could create a special one for that too10:23
curmetokay I'll try , it is not mentioned in the manual to not use root login XD10:23
JanCyou should never use root except when you really need to10:24
curmetJanC, pulsar12 : thanks for the help , it can login now :D10:27
curmetis there a way so that I can use root login ?10:27
JanCalso, if this is a server on the public internet, I suggest you use keys to log in instead of passwords10:27
JanCcurmet: all the configuration options are in the sshd_config man file  :)10:28
pulsar12curmet, check PermitRootLogin option on sshd_config10:28
JanCbut again: seriously discouraged on the public internet10:28
=== ogra_` is now known as ogra_
akiki ended up configuring the lxd container to be privileged. now the nfs disk uid's are visibile without other configuration10:48
holmsanyone worked with duplicity?11:50
holmsno idea where to go, i have an emergency =/11:50
andolholms: I have some experience with it12:21
holmsandol: i hope privately is ok12:41
=== Pici` is now known as Pici
holmsanyone familiar with dupliclity/duply ?12:53
CharlieTjeHello13:53
CharlieTjeWho knows a command line backup utility like timeshift?13:53
hallynzul: smb: arges: fwiw a piece-by-piece breakdown of some of my upcoming libvirt changes can be seen at https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/log/?h=2016-04-28/yakkety14:17
hallyn(from there i'm moving to one-big-commit change on top of debian)14:17
argeshallyn: ok14:17
hallyni still want to switch to using upstream apparmor files (which i'll need ot quilt patch)14:17
zulhallyn: ewww14:17
hallynand don't try running this yet14:18
hallynbut as i'm dropping some compat scripts and enabling dtrace, thought i'd run it past y'all14:18
smbhallyn, ack, you mean you will use upstream files but quilt patch them into our versions?14:18
argeshow many of our changes can we push into debian's packaging14:19
argesfor apparmor that is14:19
hallynsmb: right14:19
hallynarges: you mean the policy files themselves?  hopefully all.  but all th debian/rules magic?  i assume none14:20
hallynthat's for our rather crazy cloud archive stuff which they wouldn't want to support14:20
argesyea cause we use a special directory14:20
argesyea14:20
hallynoh.14:20
hallynwhich special directory?14:21
hallynarges: you just mean debian/apparmor?14:22
argeshallyn: yea14:22
hallynyeah, really when i think about it i'm not sure it's worth syncing apparmor14:22
hallynthe delta will actually become more confusing,14:22
argestrue14:22
hallynsince we'll end up with more patches needing to be refreshed on every merge14:22
argesanyway I'll reveiw teh rest... still a ton of stuff to merge14:22
hallynso i'll leave that for now.  maybe later.14:22
argesagreed14:23
hallynall right - i'm hoping this afternoon i'll get to some testing.14:23
smbarges, hallyn, the only problem with apparmor is that we cannot upstream our config as it is into Debian (or maybe we can now). But usually our apparmor was supporting more config options than it should (based on the version it claimed to be)14:27
hallynsmb: what do you mean?  i was figuring i'd send changes upstream to libvir@ m-l.14:28
smbhallyn, I mean that our parser support some things which Debian's parser would not. Even if the version number of both apparmor packages were similar14:29
smbhallyn, I was working on and off on a method to allow us to merge things. Unfortunately its a bit complicated and almost always something else came up and then I forgot where I was14:30
hallynsmb: oh, yeah.  so yeah i was figuring i'd end up writing a shell tool to do all of the policy manipulation at build time14:32
hallyni mean that's like 2 pages worth of debian/rules script right now14:32
smbhallyn, Sounds like what I was at. Though I was doing a version number guess which we would be able to override. Then I talked to jj and was somewhat de-routed into trying to use the parser directly to figure things out, but then realized the parser is not part of the appmor-dev which the build depends on...14:36
hallynsmb: yeah.  so i think punting on this is best.  bc as i said that piece of debdiff is actually veyr nicely compartmentalized14:36
hallynjust its own set of files and dirs and one hunk of debian/rules - long, but just one hunk14:36
smbYeah, agreed14:37
=== deadnull_ is now known as _deadnull
=== thedac is now known as dames
Nickname2Hi14:56
=== _deadnull is now known as deadnull_
=== unreal is now known as unreal_
=== unreal_ is now known as unreal
smbhallyn, to answer the "ask about ...migrate-xend..." question: should be safe to drop. The last release that had xend was Trusty. So we are good to let that go away15:12
hallynsmb: excellent, thx15:13
=== unreal_ is now known as unreal
hallyni mean it's a very nice script and all :)15:14
smbhallyn, Heh, no worries. I am glad to see that go as well :)15:14
=== DalekSec_ is now known as DalekSec
=== cydizen_ is now known as cydizen
=== project0_ is now known as project0
=== ShaRose_ is now known as ShaRose
=== manu is now known as Guest10460
=== marlinc_ is now known as marlinc
=== cargonza_ is now known as cargonza
=== holms1 is now known as holms
=== arosales_ is now known as arosales
=== Expanse_ is now known as Expanse
=== profall_ is now known as profall
=== ggherdov`_ is now known as ggherdov`
=== justizin_ is now known as justizin
EmilienMcoreycb, jamespage: why can I find openvswitch-datapath-dkms on xenial?15:47
EmilienMoh, just reading https://javacruft.wordpress.com/2014/03/03/which-open-vswitch/15:49
holmsanyone been working with duplicity?16:14
holmswill even pay for support16:14
hallynmeh, xen tests failed16:54
smbhallyn, not surprised me is :)16:55
smbhallyn, I suspect its some additional config files which you have to beat into using the "right" bootloader and emulator paths16:56
smbThe only thing I wonder is how Debian would pass the tests... if they do not somehow skip them16:57
hallyneh seems more likely to be my fault16:58
smbhallyn, not sure, I thought you work on the next version of libvirt, which was failing for me with the xen tests when I did that quick check when we wondered whether we go for 1.3.2 for Xenial16:59
hallynoh.  right17:03
cagmzi have frostvpn (http://www.frostvpn.com/ ).  is it possible to implement openvpn on my ubuntu server, and replace route my internet traffic through my own server instead?17:03
hallynsmb: i'll dig deeper in a bit17:04
hallynsmb: should we perhaps be building --without-xen --with-libxl?17:22
hallynbc the libxl test succeeds, the xen test fails17:23
smbhallyn, If I remember that right, in theory it sounds right but the tests will fail anyway17:24
smbIt was a bit of a mess but I think the xen tests are libxl too.17:24
hallyni don't know why VIR_TEST_DEBUG=2 isn't working17:26
smbhallyn, there should be a patch of me fiddling with some configs... I would try to check which directory that is and whether there are probably new ones which do not use /usr/bin/qemu-system-i386 for emulator and /usr/lib/xen-4.6/boot/hvmloader17:27
hallynsmb: oh, i think i dropped a patch,17:27
smbthe latter is os loader17:27
hallynhm, no,17:27
hallynsmb: will do th17:27
hallynx17:27
hallynthere is no /usr/lib/xen*17:28
hallynsounds like debian/patches/ubuntu/ubuntu-xend-probe.patch17:29
smbno it was ubuntu/libxl-fix-test-data.patch17:29
smband changing ./tests/xlconfigdata/*17:30
smbhallyn, ^17:30
hallynwhere should hvmloader be?17:31
smb/usr/lib/xen-4.6/boot/hvmloader17:31
hallynwhich package17:31
smbxen-utils-4.6 I think...17:32
hallynso how did that ever work?  that's in universe and until just now we couldn't build-dep on it17:33
smbhallyn, But I think the main thing is that libxl gets the paths built-in somehow (and also fixes up some parts)17:33
hallynlemme retry my build from scratch17:34
=== afkthairus is now known as athairus
hallynmaybe i had some remnants from a bad build17:35
smbSo we got this via the libxen-dev. If I did not mess up there should be a .pc file coming with the libxen-dev which has the paths, too17:35
hallynsmb: i'll try a few more things and get back to you.  thx for the tips17:36
smbhallyn, ok... I might be offline by then. so email might work better for asynchronously syncing...17:37
hallyngood night17:37
smbnot exactly to sleep but not working. :) but thanks17:39
devster31guys, is there any way to persist changes made with iproute2?18:25
devster31across reboots?18:25
maswancustomnet init script with the appropriate iproute2 commands?18:26
maswan(there's probably better ways to do this, but a plain "save state of the ip stack" doesn't exist)18:27
Piciconvert whatever you changed to a format for /etc/network/interfaces ?18:27
sdezielwhat's more annoying is those iproute commands are lost after suspend/resume18:27
devster31Pici: that works if ifupdown isn't installed?18:29
devster31maswan: what's customnet? if I used a script it would be something in the rc.local file, seems cleaner18:29
maswandevster31: yeah, or that18:30
devster31but the most important part is that there's no native way18:31
devster31would sysfsutils work? using /sys/class/net/{interface name}/{thingie} to change individual parameters18:33
maswanthe best way is if you can map it into /etc/network/interfaces rules18:34
maswanimho18:34
maswaneven if it is strange stuff, post-up hooks etc can do lots of stuff18:35
maxbYou can always just use an up command if the configuration makes sense to be bound to a single interface18:35
devster31the problem is that right now ifquery --list doesn't show any interfaces, so I was hesitant to use network/interfaces , but I guess that's the most tested way18:36
fullstopHi all.  During install, how does ubuntu-server determine geolocation?18:42
=== prince is now known as prince66
=== prince66 is now known as prince
fullstopWe acquired a netblock which was in arizona previously, and I had gone through other geolocation services to correct our location.. but ubuntu still picks arizona.18:43
fullstopIt this something contained locally in the iso, or is there somewhere else where I must update?18:43
patdk-wkheh? ubuntu doesn't do geolocation18:53
sarnoldpatdk-wk: http://geoip.ubuntu.com/lookup  :D18:55
patdk-wkoh?18:55
patdk-wkis that his issue? sarnold will fix it for you :)18:55
sarnoldyeah there's some kind of geoclue thing.. dunno if it's used in the installer or not, but there's that thing anyway :)18:56
sarnold!info geoclue-ubuntu-geoip18:56
ubottugeoclue-ubuntu-geoip (source: ubuntu-geoip): Provide positioning for GeoClue via Ubuntu GeoIP services. In component main, is optional. Version 1.0.2+14.04.20131125-0ubuntu2 (xenial), package size 10 kB, installed size 78 kB18:56
patdk-wk!maxmind18:56
patdk-wkheh18:57
sdezielI _think_ the installer use it for the country mirror selection (and maybe TZ)18:57
dasjoeThat's suprisingly close, only 2.9 km off18:57
patdk-wkmine is like 40miles off18:57
patdk-wkit's even worse if I use my PI space18:58
patdk-wkthat is like registered on the other side of the country for some reason18:58
patdk-wkoh, it just gives the generic, I dunno somewhere in the USA location18:59
patdk-wkwould think maxmind might atleast harvest whois data18:59
patdk-wkbut they appear to not do that18:59
arooniapparently my version of ubuntu doesnt have a log rotate script for nginx on /etc/logrotate.d/  ... should i manually set one up?19:09
sdezielarooni: the logrotate snippet is normally shipped by the nginx-common package (checked on Trusty and Xenial)19:11
hallynsmb: meh, that patch (ubuntu/libxl-fix-test-data.patch) really is a pain - it breaks tons of tests which hardcode checks for /usr/lib/xen/boot/hvmloader in xml.  if we could get xen-utils-4.6 to put in a symlink that would be so much nicer19:46
arooniquestion; i've never run logrotate before for a given rails web app... the log *was* 6GB;  in my settings i told logrotate to keep 30 days of log files; so logrotate ran succesfully; and then i had a 6GB production.log.1 file;  i ran it again on a lark and now it seems like its compressing production.log.1 => production.log.1.gz .. when will if ever logrotate remove stuff > 30 days old?19:53
fullstopyep, sarnold, lists me as phoenix20:05
fullstopI had corrected my data with maxmind20:05
stshello folks. Can anyone point me to the apparmor patches ubuntu includes in its kernel (eg. for mount mediation?)20:18
tyhicks(I already answered sts in #ubuntu-kernel)20:22
=== kantlive- is now known as kantlivelong
=== magicalChicken_ is now known as magicalChicken
=== semiosis_ is now known as semiosis
=== Lightsword_ is now known as Lightsword
=== j^2_ is now known as j^2
=== tgm4883_ is now known as tgm4883
=== rsalveti_ is now known as rsalveti
=== jeremy_carroll_ is now known as jeremy_carroll
=== Tribaal_ is now known as Tribaal
jamespageEmilienM, -dkms disappears at 14.0420:38
jamespageEmilienM, the 3.13 kernel was the first kernel that had sufficient in-tree support for ovs + openstack20:39
EmilienMexcellent thx20:39
=== wisur_ is now known as wisur
=== Metacity|uh-oh is now known as Metacity
=== sts is now known as Guest19932
Aisonare there any major changes in /etc/network/interfaces for 16.04?21:59
Aisonmy 16.04 randomly fails to start interfaces22:00
Aisonand also boottime is around 10minutes22:00
patdk-lapnope22:02
sarnoldAison: new 16.04 installs use systemd's default interface naming, iirc, which may be .. different .. from what you're accumsted to.22:04
Aisonmy interfaces file: http://pastebin.com/k5Mdpafi22:04
Aisonin addition, there are 65 more bond0.X interfaces22:04
AisonI guess the bootscript simply collapse when starting so many interfaces22:04
dasjoeAison: to get back to previous device names: ln -s /dev/null /mnt/etc/udev/rules.d/80-net-setup-link.rules22:04
Aisondasjoe, the interfaces are still named eth0, eth1, eth2, eth3 here, so I don't think that there is any change?22:05
Aisonstrange22:05
Aisonif have no file "80-net-setup-link.rules" in my rules.d22:06
Aisonah, the devices are named by 70-persistent-net.rules here22:07
transhumanhi can anyone tell me where the log for dmraid is (is it stored on the drives or in memory? I ask because I have an error which someone created a patch for (which I cant use ) that indicates the error occurs when the log is non empty (rebuild cant occur ) NOTE This bit of code is in redhat http://paste.debian.net/679050/22:08
dasjoeEr, I have a wild /mnt there, it's /etc. Also, I link 80-net-setup-link.rules to /dev/null so the rules from /lib/udev/rules.d/80-net-setup-link.rules are not applied22:09
Aisonah, ok22:09
Aisonfor example, systemctl --failed says:22:12
Aison● nfs-idmapd.service loaded    failed failed NFSv4 ID-name mapping service22:12
Aisonand22:12
Aison● networking.service loaded    failed failed Raise network interfaces22:12
Aisonthese two fails22:12
Aisonis it somehow possible to define the order in network/interfaces?22:23
Aisonso I would like to define some order22:24
Aisonin which the interfaces are setup at boot22:24
transhumananyone know how to clear the dmraid log the one that shows up with the command dmraid -n?22:41
=== Monthrect is now known as Piper-Off
jamescarrI have a rather obtuse question... is there someway to modify sudoers in a way that `sudo su -c "some command"` will include the env of the user who runs it?23:23
sarnoldjamescarr: look for env_reset, env_keep in suoders(5) http://manpages.ubuntu.com/manpages/xenial/man5/sudoers.5.html23:24
sarnoldI can never find my way through that manpage but it sure feels like it should be possible23:24
mdeslaurwhy "sudo su" instead of just sudo?23:25
sarnoldI'm pretty sure I saw a good reason for that once. I can't recall what it was now.23:27
mdeslauroh, perhaps to run the command as a different user23:29
mdeslaurbut I guess -u should be used instead23:30
* mdeslaur shrugs23:30
jamescarrwell in my case, it's a sudo -c command running in vagrant. The only way for me to change it is to push out a custom build to all of our engineers. would rather modify sudoers in the virtualbox instance instead :-)23:34
jamescarrthanks23:34
jamescarrenv_keep looks on point23:35
=== devil is now known as Guest7079

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!