[00:15] I was installing apache2 in ubuntu-server last night and ran into the issue with mod_authn_mysql (is that correct? I'm sure you get my point) and ended up installing mod_authn_dbd. I think they were PHP modules to authenticate MySQL users. Does mod_authn_dbd fulfill the same role as mod_authn_mysql? [00:17] I read somewhere that the mysql module was deprecated or it was a bug that wasn't going to be fixed? [00:17] is anyone picking up what I'm putting down? [00:17] lol [00:18] i think patience is a virtue here [00:18] prometheus: usually takes more than two minutes to get a good answer :p [00:18] yeah I know. I just wasn't sure if I was clear enough you know. It's still a little foggy for me from last night. Wasn't sure if I remembered it correctly. [03:27] Hello. question about: PRETTY_NAME="Ubuntu 16.04 LTS" : found auth.log and it and the corresponding .gz files are old. In other words, it is not being written to. Am digging to find out where it is being logged, if at all. Could use some advice. [03:40] jack3: could you elaborate on the question a bit? [03:40] sarnold: tnx for reply [03:40] I discovered that auth.log was old [03:40] when I wen tto look at it. trying to find if stuff that would normally be in auth.log is being logged anywhere [03:41] jack3: check the auth.log* files -- there can sometimes be mistakes in file rotations where an old log file is held open and contined to be used [03:41] sorry.. I am not a linux guru. I'm helping out. I do have sudo. [03:41] check the auth.log* files <<< what would you like me to check, specifically? [03:42] dang.. I logged off.. thought nobody was going to reply, and was headed to bed [03:42] give me a min [03:42] ok.. I'm in again. [03:42] jack3: heh [03:42] what am I to check? [03:43] jack3: ls -l /var/log/auth.log* -- check the timestamps [03:43] ok. brb [03:43] all old [03:43] over a month [03:44] jack3: how about grep auth -r /etc/rsyslog* [03:44] ok.. brb [03:45] ok [03:45] done [03:45] what info would yo ulike? [03:45] do you see a line like: auth,authpriv.*/var/log/auth.log ? [03:45] two [03:45] and two more, commented out [03:46] is rsyslog running? [03:46] how to find out? [03:47] ? [03:48] I used ps auxw | grep rsyslog to see that I could make sure mine is running :) [03:49] ok. tried that, didn't see it [03:49] so next tried: ps auxw | less [03:49] then searched for syslog [03:49] did not find it that way, either [03:49] very interesting [03:49] so.. I guess it is not running [03:49] which release is this? [03:51] I just did: cat /etc/*relea* which line would you like? [03:51] VERSION or UBUNTU_CODENAME [03:52] VERSION="16.04 LTS (Xenial Xerus)" [03:53] try journalctl -u rsyslog.service [03:53] I don't get any output on my system for that so maybe it's useless [03:55] try journalctl -u rsyslog.service <<< so forget this? [03:57] try it out, if uit gives you anything, it might be useful :) [04:00] what does it do? [04:01] it prints out messages from systemd's journal service [04:01] if you run journalctl -u ssh you should see a bunch of log entries from the ssh server [04:02] says that 'journalctl' is not installed.... [04:03] this is a strange system :) [04:06] fair 'nuff [04:06] heh [07:33] hello everyone, i have a ubuntu server and it's joined to a AD domain with sssd,realm. I'd like to make AD users local administrators on the ubuntu server? is this possible [07:35] i tried to add a AD user to the sudo groups however that user was still unable to make changes to the system === pavlushka_ is now known as Guest82875 === Guest82875 is now known as pavlushka [08:46] rbasak: just realized that none of us fuond the time to look at that for a month now https://code.launchpad.net/~paelzer/ubuntu/+source/dovecot/+git/dovecot/+merge/298040 [08:56] cpaelzer: sorry, I know I have outstanding merges in my backlog. === JanC is now known as Guest77763 === JanC_ is now known as JanC [09:41] exim4 is a "fun-one" it seems to randomly fail building sometimes - I'm trying to find the weak spot - so far I think it is related to the -j concurrent build but found no hard evidence yet [09:41] as usual when you want it to fail it just works :-) [09:47] still trying to set my dns, but it seems like the dns-nameservers entry is ignored. All other settings are applied to the nic correctly. http://paste.ubuntu.com/21747469/ [09:47] albech: still on that, that's bad - let me try to recreate - on which release is that ? [09:57] cpaelzer: i havent been on that non-stop ;) [09:57] cpaelzer: but thanks anyway [09:57] cpaelzer: its on 16.04 [09:58] albech: thanks, I just want to see if it at least behaves if I spawn up a clean xenial and configure it [09:58] to begin with [10:05] cpaelzer: will it write resolv.conf on 'if up' or does ubuntu networking get its dns info elsewhere? [10:07] albech: it should write resolvconf - see man resolvconf (8) [10:07] cpaelzer: nothing is written to resolv.conf with the configuration i have linked [10:07] albech: the option you use is supposed to push dns info from e/n/i to resolv.conf [10:09] albech: I tested dns-nameserver and dns-nameservers [10:10] both work [10:10] let me try to paste soemtihng together [10:10] afterwards we have to find why it doesn't for you [10:11] albech: is that a server or a desktop - just to check if there might be a NetworkManager somewhere affecting this? [10:12] cpaelzer: server [10:12] cpaelzer: clean install [10:14] albech: http://paste.ubuntu.com/21875718/ [10:14] just to start, this is working for me just fine [10:14] I can't spot any major difference thou [10:16] cpaelzer: strange [10:16] it is always strange until we find the reason :-) [10:17] cpaelzer: the status route also comes up just fine [10:17] albech: "debsums ifupdown resolvconf" [10:18] andthing reported as "not-ok" ? [10:19] albech: "ifdown -v eth0 && printf "\n\n\n\n" && ifup -v eth0" [10:19] you should see something like this: [10:20] run-parts: executing /etc/network/if-up.d/000resolvconf [10:20] albech: do you ? [10:20] cpaelzer: ifdown: interface eth0 not configured [10:21] cpaelzer: ifup: failed to open lockfile /run/network/ifstate.eth0: Permission denied [10:21] can you show me a "ifconfig -a" output in a pastebinit? [10:21] ah well [10:21] yeah plus sudo [10:21] or as root [10:22] and be careful [10:22] IF that is your only connection to the server [10:22] you will loose it [10:22] cpaelzer: http://paste.ubuntu.com/21876280/ [10:22] ok, good for the interface name [10:23] then is you can live without your eth0 (e.g. you have local console access) please do the ifdown/ifup sequence with root/sudo [10:23] that should show if the resolvconf part is called in your case [10:23] http://paste.ubuntu.com/21876392/ [10:23] that is how it should look like [10:24] cpaelzer: i have access through the hypervisor, so its all good [10:25] cpaelzer: strange it says eth0 not there cause it shows correctly in ifconfig [10:29] albech: in a guest you should have the new device naming [10:29] e.g. in my KVM guest it is ens3 now [10:29] what hipervisor do you use? [10:31] xen server 7 [10:31] smb: would you have a xen guest around to check if anytihng on guest networking isn't behaving as it should? [10:33] cpaelzer: i can do a normal dig to the dns servers fine [10:33] albech: IMHO goging down the route why ifup complains about your device not being there will find your issue [10:33] but that can only be done in your environment [10:34] cpaelzer, the networking on my xen guests works. but xen server is a different host environment to what I use [10:34] smb: thanks for the confirmation - it sure is different but closer than my KVM [10:34] cpaelzer: i dont have this problem on my older xen servers [10:35] albech: I can't continue debugging it without an equal environment - I'd recommend debugging that ifdown/ifup [10:35] albech: they would push this config to resolvconf [10:35] albech: and if they fail they wont [10:35] albech: and the issue you report seems they fail [10:36] cpaelzer: correct [10:36] cpaelzer: thanks for the try.. i will do a little more digging myself [10:37] yw, good luck [10:37] and in the meantime my ~20 exim4 builds completed - yay [10:57] rbasak: ok I "found" that the exim4 build issue is a race between conccurrent build jobs (due to -j4 in my case) [10:57] rbasak: now I ask myself, didding into the case and this build system / d/rules file to fix? [10:57] rbasak: or just go on with -j1 with the merge [10:58] rbasak: or is there a third way - like restricting to make -j1 or so (makeing it safe, but lower effort) [10:58] cpaelzer: how are you specifying -j4? [10:58] rbasak: e.g. sbuild -Adyakkety-amd64 exim4_4.87-3ubuntu1.dsc -j4 [10:58] cpaelzer: ah, that is buggy. [10:58] uh, good to learn about that [10:58] cpaelzer: try DEB_BUILD_OPTIONS=parallel=4 sbuild -Adyakkety-amd64 ... [10:59] ... building [11:00] That moves control of parallel building to debian/rules itself. It may fall back to a non-parallel build. [11:00] (if it doesn't parse the variable) [11:00] If this is racy, then that's a bug that should be sent to Debian. [11:00] rbasak: ok and that way each d/rules can decide if it is capable or needs to limit [11:01] And I'd be happy for us to hack d/rules in a delta to drop to a non-parallel build in the meantime [11:01] cpaelzer: right [11:03] rbasak: it already builds non-parallel this way and by that avoids the issue - thanks for the hint, able to continue tetsing now [11:04] cpaelzer: for reference, https://irclogs.ubuntu.com/2015/08/26/%23ubuntu-devel.html#t11:21 [11:04] just didn't want to leave it un-checked by just avoiding it - now all makes sense [11:06] happy to see you wondered about that as well a while ago :-) [11:06] Most of my knowledge comes from IRC. I just pass it on :-) [11:08] I wonder if one of the big daat guys could make a nice graph of that able to predict who kows the next answer :-) [11:08] That would be interesting! [14:27] how do I access the cpuacct cgroup stats? [14:27] I can't find them in /sys/fs/cgroup [14:57] rbasak, sent you mail, but I actually can't find the trusty ISOs to test. The download links are 404'ing on me [14:58] the gpg and md5 files seem to exist [15:20] cpaelzer: if you're looking for bugs, fancy taking bug 1604010? [15:20] powersj: looking [15:20] bug 1604010 in ntp (Ubuntu) "sntp missing" [Undecided,New] https://launchpad.net/bugs/1604010 [15:27] rbasak: I just got other tasks, but I'll take it on my list and have a look at some point [15:27] rbasak: ok ? [15:28] in fact I found it missing just a few hours ago myself [15:32] cpaelzer: sure, thanks! [15:49] rbasak, nacc: do you have any plans to merge the new python-django in yakkety? [15:50] rbasak, nacc: I ask because Debian is at 1.10 now but it's caused a lot of breakage [15:52] coreycb: I have https://code.launchpad.net/~nacc/ubuntu/+source/python-django/+git/python-django/+merge/300017 in my review queue. [15:53] coreycb: also there's bug 1605278. I suggest you note any issues in that bug so they're not forgotten. [15:53] bug 1605278 in python-django (Ubuntu) "Merge python-django 1:1.9.8-1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/1605278 [15:54] rbasak, nacc: ok. I think we need to consider the effects before uploading. it looks like a number of upstream projects are not updated wrt django 1.10 feature changes. [15:54] rbasak, one example is horizon, see zigos patches here: https://anonscm.debian.org/cgit/openstack/horizon.git/log/?h=debian/newton [15:55] I'll note in the bug [15:56] coreycb: thanks, I'll definitely look into this before sponsoring anything. But yes, note in the bug, since someone else might sponsor instead. [15:56] rbasak, ok, thanks [15:56] coreycb: it might even be worth an ML discussion - we don't usually hold back on version updates. [15:56] rbasak, ok, I'll send an email too [16:16] stgraber: any opinion on bug 1448500 please? [16:16] bug 1448500 in tftp-hpa (Ubuntu) "tftp-hpa doesn't accept IPv4 connections by default" [High,Confirmed] https://launchpad.net/bugs/1448500 [16:18] rbasak: if just :69 instead of [::]:69 causes it to do the right thing, I don't have a problem with that change [16:18] stgraber: OK, thanks! [16:50] Alrighty, who do I harass about bugs in uvt-kvm/uvtool? :) [16:51] file a bug against the package [16:53] https://bugs.launchpad.net/ubuntu/+source/uvtool/+bug/1428674 [16:53] Launchpad bug 1428674 in uvtool (Ubuntu) "uvt-kvm: error: no IP address found for libvirt machine" [High,Fix released] [16:54] well over a year ago, and they're still in the code [16:54] There's quite a few more... setting [name] to the loopback address is ALWYAS, always, always wrong. [16:54] So naturally, ssh'ing into the host will fail. [16:54] I'm floored nobody has run into this, in over a year... or nobody is using cloud-init images [16:55] It's a showstopper [16:57] powersj, around ? [16:57] https://code.launchpad.net/~powersj/simplestreams/enable-tox/+merge/301307 [16:57] smoser, yeah [16:57] setuid, that bug is marked fixed you believe otherwise ? [16:58] powersj, so.... those packages you listed [16:58] those you believe are needed to run tox ? [16:58] smoser, demonstrably [16:58] yes, that is what I had to successfully run tox. Otherwise I got issues with building the pip packages or no package found. [16:59] smoser, http://paste.debian.net/786622/ [16:59] An example from my test machines [16:59] setuid, what version do you have ? [17:00] smoser, latest available in 16.04: http://paste.debian.net/786623/ [17:01] Looks like it might be using the wrong bridge to scan, claims to use vibr0, but that's not the correct bridge network [17:04] setuid, i woudl file another bug... it does seem that its going to use virbr0 , and ven mentions it 'Also use libvirt virbr0.status' [17:04] s/ven/even/ [17:05] http://paste.debian.net/786624/ [17:05] last iine seems to be the culpret [17:05] I'm going to destry my networks, move defualt to use vibr0, and see what happens [17:06] setuid, yeah, i suspect its not actually reading the bridges from the libvirt xml [17:06] but jsut using virbr0 [17:06] so specifically your bug is different than that one. [17:06] please file a new bug i guess. [17:07] Well, if they assert vibr0 as 'default', but that's not the first network, it will fail [17:07] they should look up what bridge 'default' uses, and then scan that [17:07] not make broad assumptions [17:12] smoser, nailed it [17:12] just edited the xml, moved everything around, made 'default' use vibr0, and now 'uvt-kvm ssh --insecure myvm' works, without editing /etc/hosts in the guest. [19:12] hey everyone [19:13] Does anyone know, Ubuntu server 16.04, does it do SE Enforcing? [19:13] Question: my new server hardware has a hardware RAID with three drives configured in the BIOS. Ubuntu is displaying each of these devices in /dev, none are mounted. (The boot drive is a separate SSD.) What is the simplest, most fool-proof method of using this array? [19:17] Amgine: if it were me, I'd go with zfs; it seems simpler, easier, and more robust than using raid functionality on cards.. [19:18] [19:19] Amgine: here's my favorite introduction https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/ [19:20] Thnx! === jge is now known as bitfury === bitfury is now known as jge === jge is now known as mr_tux === mr_tux is now known as mr-tux === mr-tux is now known as bitfury === bitfury is now known as mr-tux === mr-tux is now known as jge [21:14] :-D [21:31] NetworkingPro, SE is a Red Hat thing, you want apparmor, and yes. [21:31] https://wiki.ubuntu.com/AppArmor [21:32] sudo aa-enforce /path/to/your/binary [21:32] https://help.ubuntu.com/community/AppArmor === jge is now known as bitfury === bitfury is now known as jge [22:43] i've got two VPS servers running ubuntu 14.04 LTS; is it generally recommended to upgrade them to 16.06 ? [22:44] arooni: 14.04 is supported until 2019 [22:44] arooni: the decision to upgrade is up to you [22:44] if you're running php5 applications on them, it's probably best to stay put :) [22:44] i'm trying to figure out what the benefit might be [22:44] anything else, well, up to you. heh [22:44] sarnold: :) [22:44] nacc :) [22:45] why do you mention the issue with php5 [22:45] arooni: no php5 in 16.04 [22:45] i dont see anything about that on the release notes [22:45] 16.04 LTS doesn't have php5 [22:45] can it not be installed ? [22:45] not officially [22:46] so would stuff like wordpress be running on php5 [22:46] I think someone has a PPA you could use, if you trust them [22:46] yeah, ondrej is maintaining a PPA, like he does for 14.04 [22:46] arooni: wordpress has been updated iirc [22:46] can php5 run alongside the php7 version that is included with 16.04? [22:46] via say this ppa? [22:47] dunno, probably? you'd need to contact the ppa owner [22:47] hehe, I was thinking "probably not" myself :) [22:47] ok cool; thats an important consideration considering i have some php apps running [22:48] no other obvious 'gotchas' ? [22:48] i heard there was something about ssl/https support [22:48] sarnold: i think ondrej's ppa has php5 and php7 in it, actually (or at least, it did) [22:48] as in, if you dont upgrade, you'll get punished from google somehow [22:48] coinstallable versions, that is [22:48] dont know where i saw that [22:48] nacc: ahhh, that's encouraging [22:49] arooni: I understand that google (intends to?) score https-served sites higher than non-ssl sites [22:49] arooni: but afaik both 14.04 lts and 16.04 lts have well-supposed tls stacks that should both suffice [22:49] sarnold: even if you dont have any checkout on your page? [22:51] arooni: yes; I suspect it's a useful enough differentiator between crap-sites and meaningful-sites. [22:52] so i have to pay for a ssl cert now for each of my sites? [22:52] or is there some free issuing authority that wouldn't charge me [22:52] investigate letsencrypt [22:53] thats a useful tip; bookmarking it for laterr [22:53] does using ssl consume a lot more resources than regular http traffic? i'm using nginx if it matters [22:54] there are multiple clients available, some more magical than others; I'd recommend sticking with the official unless you're prepared to read the alternatives to make sure they look safe [22:54] what sort of traffic do you have on your site? [22:55] i not a lot ; just about 13K page views/month [22:57] you probably won't notice anything then :) [22:57] i suppose i should be happy; but somehow hearing that answer i'm not lol [22:58] well, I'm accustomed to e.g. "please enable https downloads for ubuntu", but at our bandwidth levels, that'd require a fair amount of dedicated horsepower just to do the cryptography [22:59] if you're serving less than a gigabit per second it's probably not a big deal [23:03] that's a good rule of thumb; so you run the servers that people use to download ubuntu? [23:04] thankfully no, someone else does that :) [23:06] that's what i love about irc; you get to rub elbows with people who have already figured out what you're trying to do [23:07] yes! it's fantastic [23:07] hundreds of years of collective experience available to all who ask interesting questions :)