[00:02] engineer-pearl: the Digital Ocean guides are probably a better starting point, see e.g. https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04 or https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04 [00:02] engineer-pearl: or https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 [00:02] etc [00:03] they've got a lot of useful things :) [00:08] Ooop I thinnk that did it [00:09] Thank you, and since I've got you here, may I ask you a question (since I'm on a time crunch unfortunatly, I thought I had til the third, I have til tomorrow) [00:10] do I need to set the servername in the secure connection area or can I leave that be? [00:10] I'd do a proper test and find out but I have to wait for the ports. [00:13] I don't know details of actual software, but I do know that SNI from clients means servers typically have to know their name, so they can hand out the proper certificate when clients request it [00:34] engineer-pearl: let's encrypt just makes the day :) [00:34] ? [00:34] well, it just works [00:34] and configures apache for you during installation and all [00:35] usually quite worry-free [00:35] I didn't realize that getting an ERROR MESSAGE (the ultimate goal, actually) would be this complicated [00:38] okay so is this "let's encrypt" a command line thing or a gui thing? [00:38] engineer-pearl: https://letsencrypt.org/getting-started/ [00:39] oh, just certificates. :/ [00:39] not an accurate face. [00:40] their 'standard client' does a bunch of configuration stuff too, no? [00:40] hence the huge proliferation of other tools that do fewer things [00:42] @tarpman I think you found a "getting lost" page then... [00:44] I have the certificate ready. At this point I just need to get the port to listen, which will provide me with the information that my certificate is not signed by a trusted third party (my goal. I know that seems odd.) [00:44] any reason on a fresh install, I get a black screen on a connected display.. but I can SSH into the server just fine? [00:44] I'm struggling to see where this becomes an ubuntu problem ? [00:45] @ikonia I had a problem and had to guess where to go. [00:45] fyrril: look around for something like a kernel comman dline parameter "nomodeset", I have a vague feeling that's helped (or hurt) other people... [00:45] again - how is this anything to do with ubuntu ? [00:46] ikonia: meh there's nothing wrong with asking how to configure apache to do tls.. [00:46] if you follow any old guide out ther eyou'll wind up re-writing half your apache config for no reason [00:46] sarnold: I don't think there is any problem with asking how to conigured apache in ubuntu, but it seems to have gone beyond that now [00:46] sarnold, you're referring to google correct? [00:47] fyrril: or kernel Docuemtnation/ directory, I'm not sure where to suggest first, I've been lucky so far and not seen this :) [00:48] just making sure you meant the internet before I spent 20 minutes looking through files in the CLI :D [00:48] :) [00:48] cheers [00:50] Okay, so here's something that's not unusual for me - I have a message saying something is already using 443, yet I can't identify anything that is using it, not with netstat, not with my browser, not at all [00:51] Netstat also doesn't show anything on 80, but I can connect to 80 on my browser. [00:52] engineer-pearl: what netstat command are you using [00:52] (maybe pastebin the output) [00:55] This is just "sudo netstat" http://paste.ubuntu.com/23488122/ cause "sudo netstat | grep 80" has no output [00:55] ughh [00:55] 80 won't show up anything [00:55] netstat without arugments doesn't show listening sockets, just connected sockets [00:56] try netstat -a | grep LIST for example [00:56] try netstat -an [00:56] I'd strongly suggest you read man pages on commands before blindly typing them, and before using them to evaluate situations [00:56] (unless you know the flags to use) [00:57] and keeping in mind that netstat on linux is different from netstat on e.g. windows or bsd [00:57] well it being different from windows would explain why itdidn't work even though I tookI it right off the internet ( [00:58] "took it right off the internet" ? [00:58] ((to be fair I've tried to use it before but)) [00:58] the internet is, as a rule, untrustworthy [00:58] man netstat [00:58] ^ [00:58] shows you all the flags and what it does [00:58] rather than just typing in blind [00:59] I've tried to use that but I find the helps more helpful [00:59] "the helps" ? [00:59] ? [00:59] like help [command] or command --help [01:00] but that gives you incomplete info [01:00] as you can see with netstat [01:00] it's a useful tool if you know how to use the command [01:01] "sudo netstat -pa | grep 80" and "sudo netstat -pal | grep 80" still don't show it??? [01:02] engineer-pearl: why are you doing "pa" [01:02] you where given 2 examples [01:02] I tried those too [01:02] and 80 won't show up if you're using service name mapping [01:02] engineer-pearl: pastebin netstat -a | grep LIST [01:02] sarnold, all squared thanks. GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" to "" [01:02] fyrril: -that- fixed it?? odd. [01:02] fyrril: thanks for reporting back :) it's always nice to know what works [01:02] first thing I found said to add nomodeset to the quiet splash, but same problem.. second thing I found said to remove it all /shrug [01:02] no sweat, it's a thankless job I'm sure. [01:02] 'quiet splash' is a funny setting on a s erver anyway, hehe [01:02] * tarpman likes 'netstat -nltp' [01:03] sarnold: not sure if it's still the case, but wasn't 'splash' necessary in the past to get plymouth activated? [01:03] http://paste.ubuntu.com/23488146/ [01:03] tarpman: yeah but why bother with that either? heh [01:03] sarnold: message demultiplexing, of course :) [01:04] engineer-pearl: grep git /etc/services [01:05] sarnold: don't tell me you haven't read http://web.dodds.net/~vorlon/wiki/blog/Plymouth_is_not_a_bootsplash/ years ago ;) [01:05] tarpman: never seen that :) [01:07] Here's just with "netstat -a | grep git" http://paste.ubuntu.com/23488154/ [01:07] engineer-pearl: what is the point in that ? [01:07] I can also grab ls /etc/services if that was what you were after [01:07] I don't know you asked for something weird [01:07] I asked clearly for "grep git /etc/services" [01:07] engineer-pearl: the point of ikonia's question was to find out what _number_ "ssh" means :) [01:08] (what git actually meant if it was really the git service or if it was git omnibus installer updating /etc/services for git to have the web server running) [01:08] engineer-pearl: maybe it means 80, in which case you find out wh you can't bind a web server :) maybe it means 443 which would explain why your web server couldn't offer https.... [01:08] there is a ton of docs about using the obnibus installer ONLY on a machine, nothing else [01:09] http://paste.ubuntu.com/23488162/ [01:09] so according to that, port 9418 should be open [01:09] I bet it's not [01:09] Here's the thing though - I CAN access my server from my machine (ethernet only atm but that should get fixed tonight) [01:10] get that fixed ? [01:10] oh wait I missed the second part sorry [01:10] what's the problem with that, that sounds like a good thing [01:10] 9418? [01:11] I thought I was supposed to be binding it to 443? [01:11] engineer-pearl: have you installed git via the omnibus installer [01:12] uhhhhhhhh I installed git a long time ago if it wasn't installed by default [01:12] tarpman: thanks, that was fun reading [01:12] why would it be installed by default ? [01:12] no OS installs git by default [01:12] I don't remember! I've had the machine for a while [01:12] define a while [01:12] months, years, 10 years, [01:12] software? Somewhere between months and a couple of years [01:13] what is your machines local IP address [01:13] .30 [01:13] sarnold: great, this has been my https://xkcd.com/1053/ moment for today :) [01:13] engineer-pearl: .30 is not an IP address [01:13] what is your machines local ip address [01:14] 192.168.1.30 I think is the one you are asking for [01:14] is there more than 1 ? [01:14] one even [01:14] tarpman: haha, that's great. I've also not seen -that- one before today either. heh. [01:14] !! [01:14] tarpman: twice in one day :) not bad [01:14] There should only be one with that IP, but there are several devices on the network [01:14] I can basically just go to bed now [01:15] engineer-pearl: ??? do you understand basic networking ? [01:15] tarpman: hehehe :D I endorse this idea! [01:15] (please be honest) [01:15] "is there more than 1" leaves me to guess what you are asking for [01:15] I'm asking if that devices has more than one IP address [01:15] I'm asking if you understand network as you seem to think it's possible for more than one machine to have the same IP [01:16] as you said "I think 192.168.1.30 is the one you want" [01:16] suggesting there is more than one on that machine [01:16] more than one IP address maybe? whenever I type in IP addr I seem to get a lot more info than the tutorials suggest I should. [01:16] do you understand basic networking ? [01:16] again please be honest [01:17] I don't understand your question so probably not too well? [01:18] what IP address is this host running git on the network with [01:18] nothing should be running git. It should be there but not anything else? [01:19] what ??? [01:19] you've just shown me a box running git [01:19] you said you installed it a long time ago [01:19] for what it's worth this "what port is :git" and "what IP address is the service bound to" are the reasons why I use netstat's -n flag -- names get in the way, but you know where you stand with IP addresses and port numbers. [01:19] I ask which box is running git and you say "nothing should be running git" [01:19] sarnold: agreed [01:19] well here's the thing, I have only ever used git to connect out, never connect in [01:19] github hosts some good minetest mods [01:20] engineer-pearl: ok - so you have not actually installed agit service [01:20] you've just installed the git client [01:20] so what is the IP of the host you are having the problem with [01:21] I may have installed all of git trying to get the parts that I want but I don't really rember, hold on I think I have something holding the record [01:21] it doesn't matter [01:21] okay [01:21] just run "telnet $host_ip 80" from your work station [01:21] what do you get back [01:22] does doing it from ssh provide expected behavior? I got an error [01:22] what do you mean, doing it from ssh [01:22] Trying 0.0.0.80... [01:22] telnet: Unable to connect to remote host: Invalid argument [01:22] well that looks like an IP address [01:23] what is that IP ? [01:23] it's not even valid [01:23] and if you think that's a valid IP address, stop what you are doing now [01:23] That's the output of the command you sent me! [01:23] no it's not [01:23] I know it wasn't alid [01:23] you can't really think your hosts IP is 0.0.0 [01:23] *valid [01:23] Just that it followed the form [01:23] followed the form ? [01:23] what are you talking about [01:23] what was the EXACT command you typed [01:23] and I do mean exact [01:23] number.numbur.number.number [01:24] yeah, I copied and pasted it. [01:24] what was the EXACT command you typed [01:24] engineer-pearl: you can't just make up random numbers and expect the result to be useful... [01:24] did you replace $host_ip with the host's IP? or .. include the variable as-is? :) [01:25] sarnold: great point -- 'telnet 80' does exactly that [01:25] you know like 192.168.1.1, 192.168.1.30, 127.0.0.1, all of them follow the same format. So did 0.0.0.80, even if it was nothing. [01:25] what was the EXACT command you typed [01:25] $ telnet 80 [01:25] Trying 0.0.0.80... [01:25] W.T.F. [01:25] "telnet $host_ip 80" [01:25] ok [01:25] it's a standard - if obscure- shorthand [01:26] so I'm sad to say I think you are running before walking [01:26] it's a -stupid- shorthand :) [01:26] what you are trying to do is outside of your skill level at this time [01:26] sarnold: telnet 127.1 [01:26] :) [01:26] and I don't believe you are at a level where you can actually provide debugging [01:26] well the alternative is to try to find a safe site with an invalid certificate [01:26] tarpman: #3 [01:26] which uh... I doubht I'm going to find [01:27] tarpman: seriously. I've been doing tcp/ip networking for >20 years and never seen this. [01:27] engineer-pearl: what are you actually trying to achieve [01:29] You know the message you get when you go to a bad site and your browser alerts you that something is wrong? [01:29] and it even gives more information if you tell it to? [01:29] Well I have a presentation tomorrow on internet safety, and I figured that would be an EXELENT thing to use [01:29] Thing is, you have to actually get one. [01:29] Well I got a tip that if the certificate is self-signed, then you get that message. This means I could get it and explain it without attempting to navigate to a site that isn't okay [01:29] I've got the certificate ready [01:29] engineer-pearl: do you understand the irony [01:29] you don't really understand how this works but you're giving a presentation [01:30] well I don't need to explain the server side [01:30] I was just trying to simulate the user side [01:30] https://badssl.com [01:30] first hit on google [01:30] shows all the examples of bad SSL configs [01:30] heck if all you wanted was a self-signed certificate you could grab any old consumer router, they all fire up a server on 192.168.0.1 or 192.168.1.1 with a self-signed certificate .... [01:31] ikonia: how come I can never remember this site when I want it?? I spent five minutes googling for it. [01:31] sarnold: I always forget it too [01:32] the closest I could find is https://revoked.grc.com/ which is .. half-way there. but not. [01:34] nooo that's not the one noooooo ah poop. [01:34] so that wasn't going to get me theone I'm after [01:35] it's got a self-signed cert right here: https://self-signed.badssl.com/ [01:35] so you don't really even know what you're after [01:35] I think this is now well outside the scope of this channel [01:35] yes but that wasn't the message I was after, I got a bad tip [01:35] I think you are looking for an untrusted site [01:35] that has been flagged in the common database as "untrusted" [01:35] not an untrusted SSL [01:36] Oh. That would have been good info this morning, but that sounds exactly what I am looking for! [01:37] aha; try searching for "adobe photoshop" or "microsoft office" and click the first thing that looks like a malware installation page that pretends to be a download page. That'll either exploit your browser or show you the dialog you want. :D [02:18] exit === iberezovskiy|off is now known as iberezovskiy === amoralej|off is now known as amoralej [11:31] nice ubuntu 12.04 mini install is still broken [11:40] in what way broken ? [11:51] hi is anyone any good with samba? I can't connect anymore to my samba share with a desktop client. It previously worked but now the client just gives timeout on server... any help appreciated. I've tried with firewall off and the IP is in my hosts allow list in the smb.cnf but still not working... [12:07] can you telnet to the port [12:07] test the port is actually open and responding for you [12:17] ive a failed software raid1 with two disk where the first hdd is broken [12:18] but the system cant boot via the second disk [12:18] does a simple grub install on sdb solve the problem? [12:33] define cannot boot [12:33] has no grub - or has grub but won't boot === amoralej is now known as amoralej|lunch === JanC_ is now known as JanC === slick is now known as ande [14:01] zul coreycb working on heat b1 === amoralej|lunch is now known as amoralej [14:02] pk [14:18] zul coreycb neutron-fwaas and heat done: lp:~ddellav/ubuntu/+source/neutron-fwaas lp:~ddellav/ubuntu/+source/heat [14:18] zul coreycb taking keystone b1 === Slick is now known as shoup [14:21] ack [14:22] ddellav: ill take nova when im done with this [14:22] zul ack === cpaelzer_ is now known as cpaelzer [14:33] caribou, is 1614052 still on your radar? [14:34] LP: #1614052 [14:34] Launchpad bug 1614052 in sosreport (Ubuntu Xenial) "SOSREPORT need to collect OPAL msglog" [High,Confirmed] https://launchpad.net/bugs/1614052 [14:34] jgrimm: this is fixed in the latest sosreport as far as I remember [14:34] caribou, that's my read, justs needs SRUing [14:34] zul coreycb neutron-lbaas and keystone done lp:~ddellav/ubuntu/+source/keystone lp:~ddellav/ubuntu/+source/neutron-lbaas [14:35] jgrimm: I'm working on pushing the latest sosreport as we speak but just found a last-minute bug while runningn autopkgtest [14:35] jgrimm: so I just pushed a fix upstream & hopefully will be able to SRU soon [14:35] jgrimm: I'll update the bug [14:35] zul coreycb i'll take neutron-dynamic-routing [14:35] caribou, thanks! would be nice to get that one off the books [14:41] zul whats the best practice for updating debian packages now that the repo's aren't on alioth? [14:41] coreycb: ^^^ [14:41] ddellav: but https://github.com/coreycb/pkg-scripts [14:42] ddellav, most of the openstack deps are now on ubuntu-server-dev. if there's one missing let me know and I can create it. [14:43] coreycb zul ok thanks [14:43] ddellav, we still want to submit patches back to debian to minimize our delta though. you can use submittodebian or you can submit patches using openstack gerritt. [14:43] coreycb ok [14:43] hey all good morning, anyone know why when I run something like 'find / -name file.name' i get a bunch of permission denied messages for a multitude of files when running as root in 16.04? [14:43] fresh install [14:43] coreycb: it doesnt help that there is no ocata branches yet [14:46] zul, ddellav, right, i agree. so maybe just use submittodebian until zigo has branches set up for ocata. [15:03] ddellav, neutron-lbaas and neutron-fwaas pushed/uploaded [15:05] coreycb ack [15:27] ddellav, zul, i wonder if we can just drop keystone.conf.dist and setup-keystone-config.sh and just install the default generated keystone.conf [15:28] coreycb the keystone.conf in the debian directory is the apache config fyi. The sample that gets installed is in etc/keystone.sample.conf [15:28] ddellav, right, so debian/keystone.conf is different [15:28] right [15:29] ddellav, but the defaults that are generated by the above 2 files, are they neeed? [15:29] needed [15:29] coreycb: we should probbably rename it so we dont get confused [15:30] coreycb i don't know if they are needed. I just took the directives from the sample config and put them in the dist. I imagine it makes it easier to handle config file format changes from upstream to insert the directive values on build [15:36] ddellav, i think if the service starts with the default config then we don't need to modify it. [15:37] ddellav, we can probably also drop debian/logging.conf and install etc/logging.conf.sample instead [15:37] zul, yeah might make sense to rename that [16:02] hey all, anyone know where the tomcat8.service file is on ubuntu 16.04 ? nothing inside of /etc/systemd/system/ [16:07] jge: there seems to be no such file (though I checked on 16.10 instead of 16.04) [16:07] it has an oldfashioned initscript :) [16:08] A more general answer: systemctl cat tomcat8.service === JanC is now known as Guest90855 === JanC_ is now known as JanC [16:10] Oh ok, I see the init script [16:12] thanks guys [16:16] Seveas and andol: how could I make it so a variable say, JAVA_OPT inside an init script points to a file instead of putting it there === EnchanterTim is now known as stoned [16:41] jge: most initscripts source a file from /etc/default, where you can put such things [16:41] disclaimer: I didn't check the tomcat initscript if it supports this :) [16:51] coreycb: ping [16:51] coreycb: so we dont have senlin/watcher in ci, maybe we should? [16:51] coreycb: just to make sure this is buildable === iberezovskiy is now known as iberezovskiy|off [17:23] zul, they are just synced from debian [17:23] coreycb: ok im just concerned that debian is behind again [17:26] zul, in that regard yes, let's just focus on the core packages for b1 and sync anything from debian once it's available [17:26] ok [17:26] coreycb: my ocd was kickiing in but meh [18:18] coreycb: i havent gotten to package installs yet ;) === amoralej is now known as amoralej|off === alexisb is now known as alexisb-afk === alexisb-afk is now known as alexisb [22:03] ddellav, forgot about keystone for a bit there.. it's pushed/uploaded. i dropped those couple of files I mentioned earlier and installed logging.conf.sample. [22:41] I have a program I wrote, here is a sample: http://pastebin.com/rQYyCxVX which bootstraps 16.04.1 into a server and then runs an install script to get applications + kernel and then installs grub. If I run the scripts myself, then chroot into the direct /mnt/destination and execute ./install.sh again, myself, and reboot, it works. If I just run this program, when I reboot I get a kernel panaic [22:41] that it can't find init=, why would this program fail, yet when I run it manually it works :S [22:43] docmur: yikes, does C# -really- let you pass multiple arguments to a program in one string like that? [22:43] yep [22:44] I'm assuming the problem has to be with chroot /mnt/destination bash install.sh [22:48] docmur: I do things in a very similar way.. but I call it like "chroot /mnt/target /path/to/script.sh" [22:48] script.sh is +x and has bash in the #! [22:49] so does mine, I'm going to remove bash and try it again [22:49] is there a bash in your chroot? [22:49] does it have all the libraries it needs to function in the chroot? devices? [22:50] or maybe you need more quoting like "/mnt/destination 'bash install.sh'" [22:51] I can see install.sh execute, it does what I need it to do, so it's running it [22:52] maybe you can make that #! bash -x and send the output to a log [22:53] good idea :) [22:57] I have to take off. good luck [22:58] kk thanks!