/srv/irclogs.ubuntu.com/2016/08/02/#ubuntu-server.txt

prometheusI was installing apache2 in ubuntu-server last night and ran into the issue with mod_authn_mysql (is that correct? I'm sure you get my point) and ended up installing mod_authn_dbd. I think they were PHP modules to authenticate MySQL users. Does mod_authn_dbd fulfill the same role as mod_authn_mysql?00:15
prometheusI read somewhere that the mysql module was deprecated or it was a bug that wasn't going to be fixed?00:17
prometheusis anyone picking up what I'm putting down?00:17
prometheuslol00:17
tewardi think patience is a virtue here00:18
tewardprometheus: usually takes more than two minutes to get a good answer :p00:18
prometheusyeah I know. I just wasn't sure if I was clear enough you know. It's still a little foggy for me from last night. Wasn't sure if I remembered it correctly.00:18
jack3Hello.   question  about:  PRETTY_NAME="Ubuntu 16.04 LTS"     :  found auth.log and it and the corresponding .gz files are old.   In other words, it is not being written to.   Am digging to find out where it is being logged, if at all.   Could use some advice.03:27
sarnoldjack3: could you elaborate on the question a bit?03:40
jack3sarnold:  tnx for reply03:40
jack3I discovered that auth.log was old03:40
jack3when I wen tto look at it.    trying to find if stuff that would normally be in auth.log is being logged anywhere03:40
sarnoldjack3: check the auth.log* files -- there can sometimes be mistakes in file rotations where an old log file is held open and contined to be used03:41
jack3sorry.. I am not a linux guru.   I'm helping out.    I do have sudo.03:41
jack3 check the auth.log* files   <<<  what would you like me to check, specifically?03:41
jack3dang.. I logged off.. thought nobody was going to reply,  and was headed to bed03:42
jack3give me a min03:42
jack3ok.. I'm in again.03:42
sarnoldjack3: heh03:42
jack3what am I to check?03:42
sarnoldjack3: ls -l /var/log/auth.log*  -- check the timestamps03:43
jack3ok.  brb03:43
jack3all old03:43
jack3over a month03:43
sarnoldjack3: how about grep auth -r /etc/rsyslog*03:44
jack3ok.. brb03:44
jack3ok03:45
jack3done03:45
jack3what info would yo ulike?03:45
sarnolddo you see a line like: auth,authpriv.*/var/log/auth.log  ?03:45
jack3two03:45
jack3and two more, commented out03:45
sarnoldis rsyslog running?03:46
jack3how to find out?03:46
jack3?03:47
sarnoldI used ps auxw | grep rsyslog  to see that I could make sure mine is running :)03:48
jack3ok.  tried that, didn't see it03:49
jack3so next tried:   ps auxw | less03:49
jack3then searched for    syslog03:49
jack3did not find it that way, either03:49
sarnoldvery interesting03:49
jack3so.. I guess it is not running03:49
sarnoldwhich release is this?03:49
jack3I just did:  cat /etc/*relea*           which line would you like?03:51
sarnoldVERSION or UBUNTU_CODENAME03:51
jack3VERSION="16.04 LTS (Xenial Xerus)"03:52
sarnoldtry journalctl -u rsyslog.service03:53
sarnoldI don't get any output on my system for that so maybe it's useless03:53
jack3<sarnold> try journalctl -u rsyslog.service   <<<  so forget this?03:55
sarnoldtry it out, if uit gives you anything, it might be useful :)03:57
jack3what does it do?04:00
sarnoldit prints out messages from systemd's journal service04:01
sarnoldif you run journalctl -u ssh  you should see a bunch of log entries from the ssh server04:01
jack3says that   'journalctl'    is not installed....04:02
sarnoldthis is a strange system :)04:03
jack3fair 'nuff04:06
jack3heh04:06
tatertotshello everyone, i have a ubuntu server and it's joined to a AD domain with sssd,realm. I'd like to make AD users local administrators on the ubuntu server? is this possible07:33
tatertotsi tried to add a AD user to the sudo groups however that user was still unable to make changes to the system07:35
=== pavlushka_ is now known as Guest82875
=== Guest82875 is now known as pavlushka
cpaelzerrbasak: just realized that none of us fuond the time to look at that for a month now https://code.launchpad.net/~paelzer/ubuntu/+source/dovecot/+git/dovecot/+merge/29804008:46
rbasakcpaelzer: sorry, I know I have outstanding merges in my backlog.08:56
=== JanC is now known as Guest77763
=== JanC_ is now known as JanC
cpaelzerexim4 is a "fun-one" it seems to randomly fail building sometimes - I'm trying to find the weak spot - so far I think it is related to the -j concurrent build but found no hard evidence yet09:41
cpaelzeras usual when you want it to fail it just works :-)09:41
albechstill trying to set my dns, but it seems like the dns-nameservers entry is ignored. All other settings are applied to the nic correctly. http://paste.ubuntu.com/21747469/09:47
cpaelzeralbech: still on that, that's bad - let me try to recreate - on which release is that ?09:47
albechcpaelzer: i havent been on that non-stop ;)09:57
albechcpaelzer: but thanks anyway09:57
albechcpaelzer: its on 16.0409:57
cpaelzeralbech: thanks, I just want to see if it at least behaves if I spawn up a clean xenial and configure it09:58
cpaelzerto begin with09:58
albechcpaelzer: will it write resolv.conf on 'if up' or does ubuntu networking get its dns info elsewhere?10:05
cpaelzeralbech: it should write resolvconf - see man resolvconf (8)10:07
albechcpaelzer: nothing is written to resolv.conf with the configuration i have linked10:07
cpaelzeralbech: the option you use is supposed to push dns info from e/n/i to resolv.conf10:07
cpaelzeralbech: I tested dns-nameserver and dns-nameservers10:09
cpaelzerboth work10:10
cpaelzerlet me try to paste soemtihng together10:10
cpaelzerafterwards we have to find why it doesn't for you10:10
cpaelzeralbech: is that a server or a desktop - just to check if there might be a NetworkManager somewhere affecting this?10:11
albechcpaelzer: server10:12
albechcpaelzer: clean install10:12
cpaelzeralbech: http://paste.ubuntu.com/21875718/10:14
cpaelzerjust to start, this is working for me just fine10:14
cpaelzerI can't spot any major difference thou10:14
albechcpaelzer: strange10:16
cpaelzerit is always strange until we find the reason :-)10:16
albechcpaelzer: the status route also comes up just fine10:17
cpaelzeralbech: "debsums ifupdown resolvconf"10:17
cpaelzerandthing reported as "not-ok" ?10:18
cpaelzeralbech: "ifdown -v eth0 && printf "\n\n\n\n" && ifup -v eth0"10:19
cpaelzeryou should see something like this:10:19
cpaelzerrun-parts: executing /etc/network/if-up.d/000resolvconf10:20
cpaelzeralbech: do you ?10:20
albechcpaelzer: ifdown: interface eth0 not configured10:20
albechcpaelzer: ifup: failed to open lockfile /run/network/ifstate.eth0: Permission denied10:21
cpaelzercan you show me a "ifconfig -a" output in a pastebinit?10:21
cpaelzerah well10:21
cpaelzeryeah plus sudo10:21
cpaelzeror as root10:21
cpaelzerand be careful10:22
cpaelzerIF that is your only connection to the server10:22
cpaelzeryou will loose it10:22
albechcpaelzer: http://paste.ubuntu.com/21876280/10:22
cpaelzerok, good for the interface name10:22
cpaelzerthen is you can live without your eth0 (e.g. you have  local console access) please do the ifdown/ifup sequence with root/sudo10:23
cpaelzerthat should show if the resolvconf part is called in your case10:23
cpaelzerhttp://paste.ubuntu.com/21876392/10:23
cpaelzerthat is how it should look like10:23
albechcpaelzer: i have access through the hypervisor, so its all good10:24
albechcpaelzer: strange it says eth0 not there cause it shows correctly in ifconfig10:25
cpaelzeralbech: in a guest you should have the new device naming10:29
cpaelzere.g. in my KVM guest it is ens3 now10:29
cpaelzerwhat hipervisor do you use?10:29
albechxen server 710:31
cpaelzersmb: would you have a xen guest around to check if anytihng on guest networking isn't behaving as it should?10:31
albechcpaelzer: i can do a normal dig to the dns servers fine10:33
cpaelzeralbech: IMHO goging down the route why ifup complains about your device not being there will find your issue10:33
cpaelzerbut that can only be done in your environment10:33
smbcpaelzer, the networking on my xen guests works. but xen server is a different host environment to what I use10:34
cpaelzersmb: thanks for the confirmation - it sure is different but closer than my KVM10:34
albechcpaelzer: i dont have this problem on my older xen servers10:34
cpaelzeralbech: I can't continue debugging it without an equal environment - I'd recommend debugging that ifdown/ifup10:35
cpaelzeralbech: they would push this config to resolvconf10:35
cpaelzeralbech: and if they fail they wont10:35
cpaelzeralbech: and the issue you report seems they fail10:35
albechcpaelzer: correct10:36
albechcpaelzer: thanks for the try.. i will do a little more digging myself10:36
cpaelzeryw, good luck10:37
cpaelzerand in the meantime my ~20 exim4 builds completed - yay10:37
cpaelzerrbasak: ok I "found" that the exim4 build issue is a race between conccurrent build jobs (due to -j4 in my case)10:57
cpaelzerrbasak: now I ask myself, didding into the case and this build system / d/rules file to fix?10:57
cpaelzerrbasak: or just go on with -j1 with the merge10:57
cpaelzerrbasak: or is there a third way - like restricting to make -j1 or so (makeing it safe, but lower effort)10:58
rbasakcpaelzer: how are you specifying -j4?10:58
cpaelzerrbasak: e.g. sbuild -Adyakkety-amd64 exim4_4.87-3ubuntu1.dsc -j410:58
rbasakcpaelzer: ah, that is buggy.10:58
cpaelzeruh, good to learn about that10:58
rbasakcpaelzer: try DEB_BUILD_OPTIONS=parallel=4 sbuild -Adyakkety-amd64 ...10:58
cpaelzer... building10:59
rbasakThat moves control of parallel building to debian/rules itself. It may fall back to a non-parallel build.11:00
rbasak(if it doesn't parse the variable)11:00
rbasakIf this is racy, then that's a bug that should be sent to Debian.11:00
cpaelzerrbasak: ok and that way each d/rules can decide if it is capable or needs to limit11:00
rbasakAnd I'd be happy for us to hack d/rules in a delta to drop to a non-parallel build in the meantime11:01
rbasakcpaelzer: right11:01
cpaelzerrbasak: it already builds non-parallel this way and by that avoids the issue - thanks for the hint, able to continue tetsing now11:03
rbasakcpaelzer: for reference, https://irclogs.ubuntu.com/2015/08/26/%23ubuntu-devel.html#t11:2111:04
cpaelzerjust didn't want to leave it un-checked by just avoiding it - now all makes sense11:04
cpaelzerhappy to see you wondered about that as well a while ago :-)11:06
rbasakMost of my knowledge comes from IRC. I just pass it on :-)11:06
cpaelzerI wonder if one of the big daat guys could make a nice graph of that able to predict who kows the next answer :-)11:08
rbasakThat would be interesting!11:08
ktosiekhow do I access the cpuacct cgroup stats?14:27
ktosiekI can't find them in /sys/fs/cgroup14:27
powersjrbasak, sent you mail, but I actually can't find the trusty ISOs to test. The download links are 404'ing on me14:57
powersjthe gpg and md5 files seem to exist14:58
rbasakcpaelzer: if you're looking for bugs, fancy taking bug 1604010?15:20
rbasakpowersj: looking15:20
ubottubug 1604010 in ntp (Ubuntu) "sntp missing" [Undecided,New] https://launchpad.net/bugs/160401015:20
cpaelzerrbasak: I just got other tasks, but I'll take it on my list and have a look at some point15:27
cpaelzerrbasak: ok ?15:27
cpaelzerin fact I found it missing just a few hours ago myself15:28
rbasakcpaelzer: sure, thanks!15:32
coreycbrbasak, nacc: do you have any plans to merge the new python-django in yakkety?15:49
coreycbrbasak, nacc: I ask because Debian is at 1.10 now but it's caused a lot of breakage15:50
rbasakcoreycb: I have https://code.launchpad.net/~nacc/ubuntu/+source/python-django/+git/python-django/+merge/300017 in my review queue.15:52
rbasakcoreycb: also there's bug 1605278. I suggest you note any issues in that bug so they're not forgotten.15:53
ubottubug 1605278 in python-django (Ubuntu) "Merge python-django 1:1.9.8-1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/160527815:53
coreycbrbasak, nacc: ok.  I think we need to consider the effects before uploading.  it looks like a number of upstream projects are not updated wrt django 1.10 feature changes.15:54
coreycbrbasak, one example is horizon, see zigos patches here: https://anonscm.debian.org/cgit/openstack/horizon.git/log/?h=debian/newton15:54
coreycbI'll note in the bug15:55
rbasakcoreycb: thanks, I'll definitely look into this before sponsoring anything. But yes, note in the bug, since someone else might sponsor instead.15:56
coreycbrbasak, ok, thanks15:56
rbasakcoreycb: it might even be worth an ML discussion - we don't usually hold back on version updates.15:56
coreycbrbasak, ok, I'll send an email too15:56
rbasakstgraber: any opinion on bug 1448500 please?16:16
ubottubug 1448500 in tftp-hpa (Ubuntu) "tftp-hpa doesn't accept IPv4 connections by default" [High,Confirmed] https://launchpad.net/bugs/144850016:16
stgraberrbasak: if just :69 instead of [::]:69 causes it to do the right thing, I don't have a problem with that change16:18
rbasakstgraber: OK, thanks!16:18
setuidAlrighty, who do I harass about bugs in uvt-kvm/uvtool? :)16:50
tewardfile a bug against the package16:51
setuidhttps://bugs.launchpad.net/ubuntu/+source/uvtool/+bug/142867416:53
ubottuLaunchpad bug 1428674 in uvtool (Ubuntu) "uvt-kvm: error: no IP address found for libvirt machine" [High,Fix released]16:53
setuidwell over a year ago, and they're still in the code16:54
setuidThere's quite a few more... setting [name] to the loopback address is ALWYAS, always, always wrong.16:54
setuidSo naturally, ssh'ing into the host will fail.16:54
setuidI'm floored nobody has run into this, in over a year... or nobody is using cloud-init images16:54
setuidIt's a showstopper16:55
smoserpowersj, around ?16:57
smoserhttps://code.launchpad.net/~powersj/simplestreams/enable-tox/+merge/30130716:57
powersjsmoser, yeah16:57
smosersetuid, that bug is marked fixed you believe otherwise ?16:57
smoserpowersj, so.... those packages you listed16:58
smoserthose you believe are needed to run tox ?16:58
setuidsmoser, demonstrably16:58
powersjyes, that is what I had to successfully run tox. Otherwise I got issues with building the pip packages or no package found.16:58
setuidsmoser, http://paste.debian.net/786622/16:59
setuidAn example from my test machines16:59
smosersetuid, what version do you have ?16:59
setuidsmoser, latest available in 16.04: http://paste.debian.net/786623/17:00
setuidLooks like it might be using the wrong bridge to scan, claims to use vibr0, but that's not the correct bridge network17:01
smosersetuid, i woudl file another bug... it does seem that its going to use virbr0 , and ven mentions it 'Also use libvirt virbr0.status'17:04
smosers/ven/even/17:04
setuidhttp://paste.debian.net/786624/17:05
setuidlast iine seems to be the culpret17:05
setuidI'm going to destry my networks, move defualt to use vibr0, and see what happens17:05
smosersetuid, yeah, i suspect its not actually reading the bridges from the libvirt xml17:06
smoserbut jsut using virbr017:06
smoserso specifically your bug is different than that one.17:06
smoserplease file a new bug i guess.17:06
setuidWell, if they assert vibr0 as 'default', but that's not the first network, it will fail17:07
setuidthey should look up what bridge 'default' uses, and then scan that17:07
setuidnot make broad assumptions17:07
setuidsmoser, nailed it17:12
setuidjust edited the xml, moved everything around, made 'default' use vibr0, and now 'uvt-kvm ssh --insecure myvm' works, without editing /etc/hosts in the guest.17:12
NetworkingProhey everyone19:12
NetworkingProDoes anyone know, Ubuntu server 16.04, does it do SE Enforcing?19:13
AmgineQuestion: my new server hardware has a hardware RAID with three drives configured in the BIOS. Ubuntu is displaying each of these devices in /dev, none are mounted. (The boot drive is a separate SSD.) What is the simplest, most fool-proof method of using this array?19:13
sarnoldAmgine: if it were me, I'd go with zfs; it seems simpler, easier, and more robust than using raid functionality on cards..19:17
Amgine<reads up on zfs>19:18
sarnoldAmgine: here's my favorite introduction https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/19:19
AmgineThnx!19:20
=== jge is now known as bitfury
=== bitfury is now known as jge
=== jge is now known as mr_tux
=== mr_tux is now known as mr-tux
=== mr-tux is now known as bitfury
=== bitfury is now known as mr-tux
=== mr-tux is now known as jge
theseus1:-D21:14
setuidNetworkingPro, SE is a Red Hat thing, you want apparmor, and yes.21:31
setuidhttps://wiki.ubuntu.com/AppArmor21:31
setuidsudo aa-enforce /path/to/your/binary21:32
setuidhttps://help.ubuntu.com/community/AppArmor21:32
=== jge is now known as bitfury
=== bitfury is now known as jge
aroonii've got two VPS servers running ubuntu 14.04 LTS; is it generally recommended to upgrade them to 16.06 ?22:43
naccarooni: 14.04 is supported until 201922:44
naccarooni: the decision to upgrade is up to you22:44
sarnoldif you're running php5 applications on them, it's probably best to stay put :)22:44
aroonii'm trying to figure out what the benefit might be22:44
sarnoldanything else, well, up to you. heh22:44
naccsarnold: :)22:44
sarnoldnacc :)22:44
arooniwhy do you mention the issue with php522:45
naccarooni: no php5 in 16.0422:45
aroonii dont see anything about that on the release notes22:45
sarnold16.04 LTS doesn't have php522:45
aroonican it not be installed ?22:45
naccnot officially22:45
arooniso would stuff like wordpress be running on php522:46
sarnoldI think someone has a PPA you could use, if you trust them22:46
naccyeah, ondrej is maintaining a PPA, like he does for 14.0422:46
naccarooni: wordpress has been updated iirc22:46
aroonican php5 run alongside the php7 version that is included with 16.04?22:46
aroonivia say this ppa?22:46
naccdunno, probably? you'd need to contact the ppa owner22:47
sarnoldhehe, I was thinking "probably not" myself :)22:47
arooniok cool;  thats an important consideration considering i have some php apps running22:47
aroonino other obvious 'gotchas' ?22:48
arooni i heard there was something about ssl/https support22:48
naccsarnold: i think ondrej's ppa has php5 and php7 in it, actually (or at least, it did)22:48
aroonias in, if you dont upgrade, you'll get punished from google somehow22:48
nacccoinstallable versions, that is22:48
aroonidont know where i saw that22:48
sarnoldnacc: ahhh, that's encouraging22:48
sarnoldarooni: I understand that google (intends to?) score https-served sites higher than non-ssl sites22:49
sarnoldarooni: but afaik both 14.04 lts and 16.04 lts have well-supposed tls stacks that should both suffice22:49
aroonisarnold: even if you dont have any checkout on your page?22:49
sarnoldarooni: yes; I suspect it's a useful enough differentiator between crap-sites and meaningful-sites.22:51
arooniso i have to pay for a ssl cert now for each of my sites?22:52
aroonior is there some free issuing authority that wouldn't charge me22:52
sarnoldinvestigate letsencrypt22:52
aroonithats a useful tip; bookmarking it for laterr22:53
aroonidoes  using ssl consume a lot more resources than regular http traffic?  i'm using nginx if it matters22:53
sarnoldthere are multiple clients available, some more magical than others; I'd recommend sticking with the official unless you're prepared to read the alternatives to make sure they look safe22:54
sarnoldwhat sort of traffic do you have on your site?22:54
aroonii not a lot ;  just about 13K page views/month22:55
sarnoldyou probably won't notice anything then :)22:57
arooni i suppose i should be happy; but somehow hearing that answer i'm not lol22:57
sarnoldwell, I'm accustomed to e.g. "please enable https downloads for ubuntu", but at our bandwidth levels, that'd require a fair amount of dedicated horsepower just to do the cryptography22:58
sarnoldif you're serving less than a gigabit per second it's probably not a big deal22:59
aroonithat's a good rule of thumb;  so you run the servers that people use to download ubuntu?23:03
sarnoldthankfully no, someone else does that :)23:04
aroonithat's what i love about irc; you get to rub elbows with people who have already figured out what you're trying to do23:06
sarnoldyes! it's fantastic23:07
sarnoldhundreds of years of collective experience available to all who ask interesting questions :)23:07

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!