| === stgraber_ is now known as stgraber | ||
| === SJrX is now known as SJr | ||
| === beisner- is now known as beisner | ||
| === ivoks_ is now known as ivoks | ||
| === ptx0_ is now known as ptx0 | ||
| === catalase- is now known as catalase | ||
| === bradm_ is now known as bradm | ||
| === _ruben_ is now known as _rubne | ||
| === _rubne is now known as _ruben | ||
| === Seveas_ is now known as Seveas | ||
| lordievader | Good morning | 07:46 |
|---|---|---|
| rbasak | cpaelzer: thank you for responding to the qemu machine type question. | 08:27 |
| rbasak | cpaelzer: on prompting the user on upgrade, the problem is that if every package did that (eg. MySQL has much of the same "must inform the user or it can't work" type issues) then the upgrade UX would be terrible, or the user wouldn't see anything. | 08:27 |
| rbasak | It's a shame we have no mechanism to tell the user anything. | 08:28 |
| rbasak | Eg. there could be some kind of "upgrade report" that every maintainer script that had difficulties could report to. | 08:28 |
| rbasak | So the user would be able to effectively have a custom set of notes based on the user's own upgrade. | 08:28 |
| rbasak | And would only need to be prompted once, at the end. | 08:29 |
| rbasak | But unfortunately we have no mechanism for this. | 08:29 |
| cpaelzer | rbasak: yeah that is too sad, I remember the same on other cases | 08:32 |
| cpaelzer | rbasak: but I kind of already planned for a fallback | 08:33 |
| cpaelzer | rbasak: that would be to make the libvirt returned error message way more readable and pointing to the case | 08:33 |
| cpaelzer | rbasak: that would (hopefully) at once beat it into virsh, virt-manager, and all other consuming tools | 08:33 |
| cpaelzer | rbasak: but that is all theoretical until I tried to look deeper at that area of code | 08:34 |
| rbasak | cpaelzer: I like that idea. | 08:34 |
| cpaelzer | rbasak: if everything fails I at least can write ton's of helping stuff into the serverguide | 08:34 |
| cpaelzer | rbasak: that is very much empty in regard to any of the topic | 08:34 |
| rbasak | +1 | 08:34 |
| === pesari_ is now known as pesari | ||
| === iberezovskiy|off is now known as iberezovskiy | ||
| === degorenko|afk is now known as degorenko | ||
| nymony_ | Hi Guys, i thought it was possbile to masquerade subdomains on the mail gateway by using: "masquerade_domains = foo.example.com example.com". But i still see my originating server in the headers. Can anyone help me ? (Version 2.11) | 09:33 |
| nymony_ | Using postfix btw | 09:33 |
| jhenke | Hi, can someone from the server team maybe look into bug 1636124? Right now the apache and mod_ssl do not offer TLSv1 and TLSv1.1, so a lot of older clients cannot connect to my server (including my wife's android phone) | 09:34 |
| ubottu | bug 1636124 in openssl (Ubuntu) "openssl lacks support for TLSv1 and TLSv1.1" [Undecided,New] https://launchpad.net/bugs/1636124 | 09:34 |
| === nymony_ is now known as nymony | ||
| sb_9 | test message | 09:55 |
| cpaelzer | jhenke: Hi, I just looked at your bug - I think the test you did to check if tlsv1 is supported was incomplete | 11:36 |
| cpaelzer | jhenke: that said your overall web stack might still disable it somewhere | 11:37 |
| cpaelzer | jhenke: you can use the test I provided in the bug update to verify if you can connect with all three versions to your webserver | 11:37 |
| cpaelzer | jhenke: that at least would give you a local test and by that take all other parts out of consideration | 11:38 |
| === devil is now known as Guest25249 | ||
| === Guest25249 is now known as devil_ | ||
| === apw_ is now known as apw | ||
| === shawniverson is now known as Guest21243 | ||
| === Chrisfu- is now known as Chrisfu | ||
| === jerrcs_ is now known as jerrcs | ||
| === duxklr is now known as jemurray | ||
| === huttan_ is now known as huttan | ||
| === project0_ is now known as project0 | ||
| === albech1 is now known as albech | ||
| === truh__ is now known as truh_ | ||
| === Ussat is now known as WeAreScrewed2016 | ||
| huwjr | heya | 13:02 |
| huwjr | have just had a 16.04 server run out of disk space with 30gb free? anything i’m missing lol? | 13:02 |
| Pici | huwjr: is df saying that the space is still used? | 13:03 |
| huwjr | sorry - wrong disk, 13 was free | 13:03 |
| huwjr | : /dev/sda1 48G 32G 13G 72% / | 13:03 |
| huwjr | 72% used and PHP sessions were unable to save | 13:04 |
| huwjr | am i missing some limitation of /var? | 13:04 |
| Pici | Probably not... but if some file was still being used by something, and then you deleted it, it may not have actually been freed on disk. I had a similar problem recently on another server I manage. | 13:05 |
| huwjr | hmm | 13:06 |
| huwjr | so you think i freed some space but didn’t release it so it was “locked” | 13:06 |
| huwjr | so the df -kh was reporting the incorrect usage? | 13:06 |
| Pici | Yep. | 13:07 |
| huwjr | entirely possible… would a restart resolve that? | 13:07 |
| Pici | I ended up restarting the process that had a hold on the file. | 13:07 |
| huwjr | as i did one and still had the issue.. | 13:07 |
| huwjr | bit worrying lol | 13:10 |
| huwjr | i’ve got ~15gb of php sessions, so i’m able to clear a bunch of those short term… but as a server restart didn’t “fix” the issue i’m not entirely sure it is the above at all | 13:10 |
| huwjr | Pici: is there anything I can do to check real disk usage vs what is present d to me? | 13:20 |
| nmollerup | huwjr: if restart doesnt release the diskspace you may have a corrupted filesystem, you should force a fsck on it | 13:45 |
| ppetraki | can someone help me out with vmware + juju? it doesn't want to find my datacenter, http://pastebin.ubuntu.com/23374442/. I'm following these docs:https://jujucharms.com/docs/2.0/help-vmware | 13:48 |
| === baggar11_ is now known as baggar11 | ||
| zul | wh00t....autopkgtest for oslo.db to run against a real mysql database | 16:03 |
| === LostSoul_ is now known as LostSoul | ||
| === Guest57444 is now known as rcj | ||
| === rcj is now known as Guest61926 | ||
| === Guest61926 is now known as rcj | ||
| === zerick_ is now known as zerick | ||
| FManTropyx | "*** System restart required ***" wat do | 16:20 |
| WeAreScrewed2016 | restart ? | 16:20 |
| FManTropyx | I guess that'd be one option... | 16:21 |
| WeAreScrewed2016 | or dont | 16:21 |
| WeAreScrewed2016 | thats two | 16:22 |
| FManTropyx | I'll decide later | 16:22 |
| jhenke | cpaelzer I tried your test and the problem is still that there are no ciphers for TLSv1 and TLSv1.1 | 16:23 |
| jhenke | I have posted the details to the bug including the list of ciphers as configured for the site | 16:23 |
| jhenke | It should include plenty of ciphers for TLSv1 but it does not seem to be possible for client to negotiate those | 16:24 |
| jhenke | the stack is completely default besides my site configuration, apache2, libssl and mod_ssl are from the default Ubuntu repo | 16:25 |
| jhenke | so for me everythings points to a configuration problem with the libssl, which prevents more ciphers from being offered on the handshake | 16:25 |
| === ahasenac` is now known as ahasenack | ||
| === ahasenack is now known as Guest91762 | ||
| === degorenko is now known as _degorenko|afk | ||
| foo | Eh, must be something I'm missing here... I created dsa key, set it up to identify in ssh_config, added the .pub version to .ssh/authorized_keys on remote host... still asks me for a password. Did I miss something? (I also see the identity is passed when I ssh from my local system to remote server), I also tried with ssh-copy-id | 18:45 |
| foo | Fresh ubuntu install | 18:45 |
| === iberezovskiy is now known as iberezovskiy|off | ||
| jhenke | foo what does ssh says if you use the -v option? (or even -vv) | 18:50 |
| jhenke | it should display every step of the connection setup | 18:51 |
| jhenke | at some point it should offer the key to the server | 18:51 |
| foo | jhenke: thank you, https://bpaste.net/show/861623efd3d3 - jazz-key is the one I set up | 18:51 |
| jhenke | what are the permissions on the ~/.ssh folder and it's content on the server? | 18:52 |
| tarpman | foo: what is the server side running? distro version / openssh version | 18:53 |
| jhenke | the folder should be owned by the user and have 700 permission set | 18:53 |
| foo | jhenke: drwxrwxr-x 2 dev dev 4096 Oct 24 18:43 .ssh and -rw-rw-r-- 1 dev dev 599 Oct 24 18:43 .ssh/authorized_keys | 18:53 |
| tarpman | foo: openssh 7.0 and later disables DSA by default; see https://www.openssh.com/legacy.html and please migrate to RSA | 18:54 |
| tarpman | ... but it seems jhenke has the right answer this time :) | 18:54 |
| jhenke | foo ~/.ssh must have 700 permission set, otherwise openssh will ignore it | 18:54 |
| foo | jhenke: I will set that, but I did use dsa | 18:54 |
| jhenke | also better set 600 permission on all files inside | 18:54 |
| foo | I thought dsa was more secure than rsa | 18:55 |
| jhenke | foo better use ed25519 | 18:55 |
| foo | jhenke: is ed25519 an encryption alg like rsa / dsa? geez I'm so rusty. | 18:55 |
| foo | I haven't done this in over 5 years, heh. | 18:55 |
| jhenke | it is an elliptic curve algorithm proposed by Bernstein | 18:56 |
| jhenke | contrary to other curves it's paramters seem less lickly to be choosen by the NSA or similar | 18:56 |
| === tomreyn_ is now known as tomreyn | ||
| jhenke | so you get the speed of ECC with a resinable level of trust | 18:56 |
| foo | thank you jhenke | 18:58 |
| foo | Switching from dsa to rsa worked, now to use ed25519 | 18:58 |
| foo | There must have been some security vulnerability, or something, with dsa I missed | 18:58 |
| tomreyn | jhenke: just to be sure: you're not possibly fighting with the changed meaning of the mod_ssl SSLProtocol options? https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol | 19:08 |
| === mybalzit1h is now known as mybalzitch | ||
| WeAreScrewed2016 | https://gist.githubusercontent.com/arisada/2a0e9948fff455e757a533ff67e9f871/raw/cbd5027c696cb421100ab72847106267b00600d1/lnx-blaster2.sh | 19:08 |
| WeAreScrewed2016 | ouch | 19:08 |
| jhenke | tomreyn in what sense changed? anyway I tried both "all" and listing all 3 TLS versions explicitelly | 19:12 |
| jhenke | none actually changed anything | 19:12 |
| tomreyn | how it changed is documented at th elink i posted. but if you did this, that's not your issue. | 19:13 |
| === Guest91762 is now known as ahasenack | ||
| === ahasenack is now known as Guest95404 | ||
| tomreyn | "[all] a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL 1.0.1 and later - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2'', respectively (except for OpenSSL versions compiled with the ``no-ssl3'' configuration option, where all does not include +SSLv3)." | 19:14 |
| WeAreScrewed2016 | can someone verify this on a test system: https://gist.githubusercontent.com/arisada/2a0e9948fff455e757a533ff67e9f871/raw/cbd5027c696cb421100ab72847106267b00600d1/lnx-blaster2.sh | 19:18 |
| jhenke | tomreyn okay, I just did not see a change there, as I expected it to be like that, but yes, it made no difference, even more the funny thing is, that TLSv1.2 works, just not TLSv1 and TLSv1.1 | 19:21 |
| tomreyn | WeAreScrewed2016: why dont you? | 19:25 |
| WeAreScrewed2016 | sigh, I tested on my vm......seems to drop to a root shell, but broken one | 19:26 |
| WeAreScrewed2016 | of course I am not asking anyone to test it on a prod system...shesh | 19:26 |
| tomreyn | i very much doubt it'd behave differntly on bare metal | 19:27 |
| === alexisb is now known as alexisb-afk | ||
| === Guest21243 is now known as spammy | ||
| LostSoul | Hi | 22:23 |
| LostSoul | I have problem | 22:23 |
| LostSoul | My mysql patition is full (100%) | 22:23 |
| LostSoul | How can I get free space? | 22:23 |
| LostSoul | Delete and optimize do not work | 22:23 |
| bekks | you have an issue with your keyboard too, issueing enter every few words. | 22:25 |
| bekks | You need to either expand you "mysql partition" or move your mysql data files to some places with more free space. | 22:25 |
| RoyK | bekks: probably not. people tend to do that if they're a bit stressed ;) | 22:25 |
| bekks | i | 22:26 |
| bekks | do understand | 22:26 |
| bekks | that | 22:26 |
| bekks | but | 22:26 |
| bekks | its not | 22:26 |
| bekks | helpful. | 22:26 |
| bekks | :P | 22:26 |
| RoyK | doesn't help if you replicate it ;) | 22:26 |
| bekks | ;) | 22:26 |
| RoyK | LostSoul: pastebin stuff like output of 'df -h' and 'lsblk' and 'vgs', 'lvs' and 'pvs' and we may be able to help you | 22:28 |
| LostSoul | RoyK: Thank you and sorry for spam bekks | 22:28 |
| cncr04s | I need some sort of software that will take a bunch of source directories (in this case mounted drives) and provide an interface that will make all the files/folders inside seem in one location. I have a 10 dries, and I have to split all my files around all the drives. I can't find anything, I keep ending up checking all the drives untill I find the folder to put my files in or get the | 23:24 |
| cncr04s | files I need. Anyone know of anything. I'd end up having to code something if this isnt readily available, prolly using fuse lib. I think unRAID has something similar to what I speak of, but I'm using ubuntu of course. | 23:24 |
| tomreyn | cncr04s: why dont you just copy all of those files ontp one disk in the same directory? lack of space? | 23:27 |
| cncr04s | lack of space | 23:28 |
| tomreyn | cncr04s: so you want use RAID | 23:28 |
| cncr04s | diffrerent drive sizes | 23:28 |
| tomreyn | does not matter | 23:28 |
| tomreyn | i'm talking software raid | 23:29 |
| cncr04s | drives are not ment to be in a raid | 23:29 |
| tomreyn | why not? | 23:29 |
| cncr04s | they park and spin down when not in use | 23:29 |
| tomreyn | so will drives in a raid unless data on them is accessed (which is more likely with parity datam, but you don't need to have that). | 23:30 |
| tomreyn | so you're concerned about power consumption there? | 23:30 |
| tomreyn | or heat? | 23:30 |
| tomreyn | or disk lifetime? | 23:31 |
| cncr04s | concerned with one dieing, losing all data instead of just the drive that died | 23:31 |
| tomreyn | you have the same issue now, don't you | 23:31 |
| tomreyn | with a mirror raid, you can even loose drives and keep the data | 23:31 |
| cncr04s | I don't have enough drives for mirror, plus dfferent sizes | 23:32 |
| tomreyn | so without mirroring them, you still don't increase the probability of data loss compared to your current setup. | 23:32 |
| tomreyn | (and, as i also pointe dout before, different disk sizes are not an issue) | 23:34 |
| tomreyn | cncr04s: another option is for you to create a new directory on any of these file systems on these disks where you create (and later destroy, if the target goes away) symbolic links to all the files on all the directories of the other drives. i am not aware of a software which does this. and it's a rather expenbsive solution since you will need to write and regularly run an indexer so that your 'index' (those symbolic links) remain current. | 23:42 |
| === Jare is now known as 21WAAC2XD | ||
| LostSoul | RoyK: Thank you man, you saved my a** again :) | 23:44 |
| cncr04s | Folders are unque on the second level, generally, so I could possibly do that | 23:46 |
| RoyK | LostSoul: want to wire me some money? ;) | 23:46 |
| LostSoul | Hahaha RoyK :P | 23:47 |
| LostSoul | If I only earn nice $$$ ;) | 23:47 |
| LostSoul | I don't earn in $ nor in pounds :P | 23:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!