/srv/irclogs.ubuntu.com/2017/01/27/#ubuntu-server.txt

mwhahahacoreycb: just fyi, I figured out the designate stuff and posted a patch to designate. It was my noop code, but for a different reason then I had seen previously00:08
Term1nalQuestion.. I see that nginx-full is compiled with the option: --with-stream=dynamic00:55
Term1nalI guess meaning that it's a dynamic module. How do I go about installing/activating said module?00:55
Term1nalor do I need to recompile as static?00:55
Term1nalI guess I do... despite the module being enabled in /etc/nginx/modules-enabled, it refuses to recognize the "stream" directive01:02
sarnoldTerm1nal: strings output on a usr/sbin/nginx from the nginx-full package sure looks like stream ought to be available; can you pastebin your config and error messages?01:33
Term1nalsarnold: I figured it out, there was no include directive for modules_enabled01:44
Term1nalthough it doesn't seem to work anyhow. :(01:44
Term1nalproxying, that is.01:44
sarnoldoh :/01:45
XpistosHey all. I am having some trouble accessing my smb share. I have it mounted but when I try and delete or add, I cannot. If i try and chmod the file it says they are read only not sure why.03:19
sarnoldcheck the logs on the samba server and dmesg on the client03:22
Xpistossarnold: checking now03:23
Xpistossarnold: nothingon the client in dmesg looking for samba, smb or cifs03:25
Xpistossarnold: I see alot of logs but nothing helpful03:28
sarnoldthat's unfortunate. :/ it's been decade since I've used samba, so I was hoping that the error would stand out clearly :)03:29
Xpistosmaybe I should just use nfs03:29
sarnoldXpistos: what does the filesystem line look like from /proc/mounts? how about ls -ld . for the directory?03:30
Xpistosproc/mount says '/dev/sda1 /wd320 ext4 rw,relatime,data=ordered 0 0'03:33
Xpistosls -ld is full open03:34
sarnoldsorry, I meant for the smb share03:34
Xpistosdrwxrwxrwx 10 x x 4096 Nov  5 14:42 /wd320/03:34
Xpistossarnold: on the server or the laptop03:34
Xpistos?03:34
sarnoldprobably laptop03:34
Xpistoschecking03:34
Xpistosproc/mounts '192.168.1.25:/wd320 /home/x/Server/wd320 nfs4 rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.80,local_lock=none,addr=192.168.1.25 0 0'03:35
sarnoldnfs4 :)03:36
Xpistossarnold: not sure why it says that.? I have the nfs mount commented out in the /etc/fstab03:36
sarnoldare you perchance root on the laptop?03:36
XpistosI can be03:36
sarnoldmost times nfs is configured with 'root_squash' that forbids root on clients from writing03:37
Xpistosso maybe if I reboot the laptop it will pull the correct fs03:38
Xpistosit will not let me umount the share03:39
sarnoldif you've got your /etc/fstab configured the way you'd like it, you could probably also do umount /home/x/Server/wd320 ; mount /home/x/Server/wd32003:39
sarnoldlsof | grep /home/x/Server/wd320  ?03:39
Xpistosunrar     18704                x    3r      REG               0,47  54701023   11010511 /home/x/Server/wd320/Comics/Processing/0-Day Week of 2016.11.02/Revival 044 (2016) (Digital) (Zone-Empire).cbr (192.168.1.25:/wd320)03:40
sarnoldif you kill the unrar process perhaps you could then umount the filesystem03:41
Xpistoslet me see03:41
Xpistosstill says the device is busy but lsof has no output for the share03:42
sarnoldodd03:43
Xpistoslet me reboot and see. brb03:43
xpistossarnold: well that is progress anyway,03:45
sarnoldxpistos: are things happier now on cifs?03:46
xpistossarnold: the share does not connect and says I need to be root to mount it. when I do, it says mount.cifs: bad UNC (192.168.1.25:/wd320)03:46
xpistossarnold: so I guess is should use the UUID instead there03:46
sarnolduncs are more like //servername/wd320 or \\\\servername\\wd32003:47
xpistossarnold: now it says permission denied03:50
sarnoldxpistos: what operation did you try?03:51
xpistos"//192.168.1.25/wd320     /home/x/Server/wd320                    cifs  guest,uid=1000,iocharset=utf8  0  0"03:51
xpistoswell my uid is 100003:52
xpistoson both servers03:53
xpistosor both systems server and laptop03:53
sarnoldcheck the samba logs on the other end point, perhaps it'll have a more detailed answer for why the mount is forbidden03:53
sarnoldnote that smb/cifs has had multiple ways to do 'guest mode' over the years and I wouldn't be surprised if the client and server disagree on how to make it work03:53
xpistosI tried  'cat log.* | grep 1.80' with not hits for the entire samba log. I think this might be on the laptop side03:56
xpistossarnold: dmesg on the laptop says 'CIFS VFS: cifs_mount failed w/return code = -13'03:58
xpistosnothing new there03:58
DK2just killed a system by shrinking a lvm partition06:56
DK2thank god for backups06:56
abhishekhi07:01
abhisheki am using conjure-up to deploy Kubernetes on aws07:02
abhishekcould you tell me how to modify aws instance default size as well change aws region07:03
abhishekit took while deploying m3. medium and us-east-107:04
abhishekbut i want to change that07:04
abhishekis any one here07:06
abhishek?07:06
abhishekhello07:19
zioprotojamespage, what was the name of the channel to follow for the snap packaging discussions ?09:09
jamespagezioproto, #opentack-snaps09:12
jamespagezioproto, #openstack-snaps rather09:12
=== pavlushka is now known as anyone
zioprotoah ! I was missing a 's' :)09:12
=== anyone is now known as pavlushka
ObrienDavedetails, details ;P09:13
nwwhelp09:37
lordievaderGood morning.09:37
nwwhi09:37
nwwgood evening09:37
nwwis any one online ?09:38
ObrienDaveno ;p09:38
nww:>09:38
nwwi need one help09:38
nwwregarding conjure-up aws kubernets deployment09:39
lordievader!ask | nww09:39
ubottunww: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience09:39
ObrienDavewell, I can't help with server, i just hang out here to see how many people ask "is any one online" ;P09:40
nwwCould you tell me how to modify aws instance default size as well change aws region , by default it took while deploying , m3. medium and us-east-1 , But i want to change that09:40
nwwtrying to deploy kubernets on aws using juju , conjure-up09:41
=== albech1 is now known as albech
coreycbmwhahaha, cool yeah I think the designate fix has been merged now.  I'll cherry pick the patch and upload a new package version.12:52
coreycbmwhahaha, ah i see that's your patch.  not merged yet but I'll cherry pick from gerrit.  thanks!12:55
coreycbzul, i'll get designate for b313:05
zulcoreycb: ok13:06
=== tatie is now known as gregor3001
zulcoreycb: i got cinder14:11
zulcoreycb: if you can do horizon that would be great ;)14:11
coreycbzul, will do.  i'm fiddling with that and dashboards now.14:11
zulcoreycb: i got keystone as well14:23
zioprotothis was finally merged: https://review.openstack.org/#/c/403160/ it would be cool to have it into the ubuntu packages :) It is UX customer facing, super important :D14:40
zulcoreycb: got manila14:48
=== JanC_ is now known as JanC
coreycbjamespage, can you promote designate 1:4.0.0~b2-0ubuntu5~cloud0 to ocata-proposed?  it includes a patch that enables the designate-mdns service to start.15:19
caliculkHey everyone, I have a machine that is running 16.04.1 hosted by a VPS that is self-managed. I have been trying to get the system to email me reports from logwatch ( no matter how crappy of a software it is) and also try to get other reporting features to email on the system (like cron reports and such). However, no matter what I am doing with postfix it just always sends to the user instead of the actual email address on file. When I15:54
caliculkattempt to send emails from logwatch, postfix complains that the email is too large, and ssmtp just doesn't send any email at all (or I don't receive it in any case). I was wondering if someone could assist me in getting that set up so I have some basic reporting features from the machine.15:54
joelioI just tend to use exim4, when installed run a 'dpkg-reconfigure exim4-config' and then set a smart host to a 'proper' SMTP server to relay it. Can do that in postfix of course (maybe point at gmail smtp or whatever)15:59
rbasakcaliculk, joelio: I'm reminded of: http://askubuntu.com/q/228938/780816:04
caliculkrbasak, I tried that with ssmtp, and then mail never actually was received on my end. It appeared to be sending, but could never figure out where it was going.16:15
joelioyea, it makes sense (to me anyway) to send via an smtp smarthost16:16
joeliootherwise you have to deal with all the fun and shennanigans of running an outbound mail server, dmarc/spf and all that stuffs16:16
rbasakcaliculk: if you don't know about it already, look into swaks as a testing tool.16:17
caliculkAlright, I will take a look tomorrow when the weekend starts. Having to head into work right now.16:18
anoymous_mxHi all17:25
anoymous_mxHow can protect my server with ubuntu 16 in Linode?17:26
anoymous_mxIn my file /var/log/auth.log there are a lots IP from differents country (china, peru, usa, etc)17:35
anoymous_mxJan 27 11:34:26 localhost sshd[12817]: refused connect from 116.31.116.18 (116.31.116.18)                 (1557 times to try to connect)17:37
anoymous_mxJan 27 11:23:12 localhost sshd[23012]: refused connect from 222.165.133.145 (222.165.133.145)    (300 times to try to connect)17:37
anoymous_mxHow can I to avoid this connections?17:38
naccanoymous_mx: i mean, you are avoiding them, in that they are being refused by sshd17:40
anoymous_mxyes but sometimes with with my pc when run command ping to my server not responding17:41
anoymous_mxfrom my pc17:41
anoymous_mxiptables -A INPUT -s  116.31.116.18   -j DROP17:42
anoymous_mxiptables -A INPUT -s  116.31.116.18   -j REJECT17:42
anoymous_mxI used this commands but I do not know if this commands is correct17:43
anoymous_mxsorry for my bad english17:43
bluekingeasiest way to add new hdd to ubuntu server without gui ?17:45
zulcoreycb: neutron*/trove/glance left out of the main ones17:53
coreycbzul, ack17:54
wyrehi guys18:17
wyreI cannot setup wired connection from gnome-control-center network18:18
wyreanyone knows why cannot I use that?18:21
wyreand do a graphical setup?18:21
jayjocan I use grep to search an entire directory for one word and identify the file that it's in?18:57
tarpmanjayjo: yes. grep -rl word directory18:57
tarpmanjayjo: -r -> search recursively through subdirs, -l -> list files only,don't print the matches themselves18:57
jayjothank you - that worked great19:00
sarnoldanoymous_mx: if you can allow ssh to your server from only specific IP address ranges (say, your home ISP) or something similar that can drastically cut down on ssh connection brute force attempts19:06
sarnoldanoymous_mx: do you allow passwords when connecting to ssh?19:07
anoymous_mxsarnold: Yes I allow password when connecting to ssh19:15
sarnoldanoymous_mx: I recall reading once that the majority of linux compromises are due to ssh password bruteforcing19:16
anoymous_mxsarnold: Yeah, but I think that with iptables might help to avoid this attacks19:21
anoymous_mxsarnold: But i am not sure19:22
=== Luke_ is now known as Guest24554
tomreynanoymous_mx: the blacklisting approach you are using with iptables is not a good one. for three reasons: (1) blacklisting means you always need to get active to ensure you remain protected and there is a window of opportunity (until you add the new blacklisting record) where attacks can succeed. (2) use ipsets instead of iptables rules for single ip addresses or single networks, those perform a lot better. (3) there are way too many19:53
tomreynattackers for you to blacklist them manually, and most of them will actually stop attacking after some weeks, leaving you sit there with outdated records (and overhead which needs to be processed on each single inbound connection attempt).19:53
anoymous_mxtomreyn: Thans for the information19:57
tomreynwhat you should do instead is to only allow ssh key based authentication. maybe make ssh listen on a different port than 22. and, as previously suggested, maybe only allow connections from the networks you use to connect to the server. you could also set up ipfilter connection limiting.19:58
tomreynanoymous_mx: ^ and welcome.19:58
anoymous_mxtomreyn: Yeah, additionaly to this i modify hosts.allow only with my IP and hosts.deny with ALL:ALL19:59
anoymous_mxmodified19:59
tomreyni wouldn't use this meachanism to control access unless iptables is not an option20:00
anoymous_mxtomreyn: iptables or hosts.allow/hosts.deny or both?20:02
tomreynuse iptables with ipsets if you want to whitelist ip addresses and/or ports. do not use hosts.allow/deny (tcpd) for this purpose as long as iptables is available.20:04
tomreynthat's for performance reasons and for susceptibility to denial of service reasons mostly.20:04
tomreyni'm not even sure whether sshd is actually tcpd wrapped, so whether those configurations would apply to it.20:06
anoymous_mxtomreyn: Okay, thanks for the information20:07
sarnoldtomreyn: ldd `which sshd`, shows libwrap020:07
tomreynso this suggests hosts.allow/deny does apply to ssh20:08
sarnoldi'd still prefer iptables20:08
sarnoldyour instinct there feels right :)20:08
tomreynsarnold: and ideall you'd be using "objdump -x `which sshd` | grep wrap" instead :-P20:09
tomreynalthoug i guess (hope) your local sshd is safe.20:10
anoymous_mxI need go to my home, thanks for the information, i will to read about this20:11
anoymous_mxbuen provecho20:11
sarnoldtomreyn: so true. bad habits are hard to break :(20:12
tomreynsee you, good luck20:12
tomreynsarnold: indeed, a readily available wrapper / alias with a catchy name could help you and me and everyone else breaking those bad habits.20:13
tomreynldd is just much more quickly typed than the equivalent objdump command.20:14
sarnoldback in the day we had an ldd apparmor profile. I wonder where that went.20:15
kyle__I don't suppose anyone here has experience with dual nvme adapters?  I just got servers in with them, and I only ever see one of my two NVME cards.20:57
sarnoldkyle__: what does dmesg | grep -i nvme show? how about lspci | grep -i non-vol21:01
kyle__sarnold: It shows the one I installed two, and both partitions. (efi & root)21:01
kyle__02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd Device a802 (rev 01)21:02
kyle__And lspci, just shows the one.21:02
kyle__I was wondering if there were some gotchas I just didn't know about.21:02
kyle__errr.  s/two/to/  I have no idea what's wrong with my typing today :P21:06
sarnoldkyle__: is this an adapter that maybe converts a 8x lane to two 4x lanes or something similar? are you sure it's plugged into a slot that has enough lanes to split?21:08
kyle__sarnold: Yeah. Supermicro sells it in this configuration.21:09
kyle__:/  Silly me for thinking they'd verify it first.21:10
sarnoldkyle__: okay, wild guess time, maybe the lstopo tools from the hwloc package can help you out21:13
kyle__lstopo?  I"m not familiar with those.21:13
sarnoldit's a handy little tool to visualize the architecture of a system21:15
sarnoldI'm hoping it'll be enough to help yo ufigure out what's wrong21:15
kyle__Wow.... So from this, I can see all of the SAS & SATA controllers are on one numa node.21:16
kyle__Is there an obvious way to map the PCI address shown in lspci to the ones in lstopo?21:20
sarnoldall the details are stuffed in /sys/devices/pci* but it's not the easiest thing to traverse or read :/21:22
sarnoldI just can't find any documentation one way or another if pcie switches need special drivers or not. sorry. :/21:22
kyle__Hu.  Yeah, I don't see two in there.   I see one device that I __think__ is it, but only one.21:24
sarnoldI'd seriously hope supermicro would set the bios correctly for one of these things but you may have luck fiddling around in the bios options too. I seem to recall seeing way too many configuration choices last time I went through my supermicro's bios..21:27
kyle__sarnold: I have my doubts they set things right, from past experience.  For one thing, these only show up if the box is in UEFI or Dual (legacy+UEFI) mode.  Which makes no sense.21:36
kyle__If I coudlnt' boot from it in legacy, sure, I"d understand that, but to not even show up?21:36
sarnoldkyle__: ugh. I wonder if that's just being silly or if windows falls over if its visible..21:37
kyle__Argh.  Yeah.  For this beautiful box to be cripped for windows's sake would be galling.21:38
keithzgHmm, I'm running a server that (initiated via Phabricator, but I've now tried it manually as well) worked fine using imagemagick's "convert" function on images on 14.04, but now on 16.04 tends to fail out with23:07
keithzgconvert: memory allocation failed `butwhy_000000043' @ error/quantize.c/QuantizeImage/2743. convert: memory allocation failed `butwhy_000000043' @ error/gif.c/WriteGIFImage/1648.23:07
keithzg(and such; "butwhy" in this case is the test filename)23:07
keithzgThe server VM in question has 4GB of RAM and the actual RAM usage doesn't *appear* to spike enough for it to have truly run out of memory.23:08
nacckeithzg: i'm guessing that's an imagemagick internal thing23:12
nacckeithzg: what kind of file is it?23:12
sarnoldhttp://sources.debian.net/src/imagemagick/8:6.8.9.9-5%2Bdeb8u6/coders/gif.c/#L164723:13
naccwhich hasn't changed upstream since they moved to github :)23:17
keithzgnacc: 'tis a GIF image; Phabricator resizes and applied text on the fly (well, for the first time of any such combination on a Phabricator instance, and then it's cached) and it's one of those images, which is failing, that I'm manually testing there.23:19
keithzgThe same command on the same image but run on my 64-bit desktop (the server is 32-bit) does complete without complaint.23:21
keithzgBut of course, it *also* completed without complaint back in 14.04 . . .23:21
sarnoldbased on the source it doesn't even look like it tries to allocate memory23:22
sarnoldit just notices that there's either more than 256 colors in the thing or the image storage class is direct (wtf that means..)23:23
keithzgThat . . . seems like a bizarre error for it to spit out, then! (Although in keeping with imagemagick's reputation :P)23:25
naccyeah, i don't really understand what the issue is23:28
nacckeithzg: tbh, i'd contact them via their forums and see what they say23:28
sarnoldyeah given just how strange the codebase is that's your best bet23:31
naccand how often a bug is found and they respond immediately with 'we reproduced it and a fix will be in git shortly'23:35
keithzgSounds like a plan23:41
* keithzg trudges off to create an account on the Imagemagick forums23:41
sarnoldnacc: aye so true. and if you're really lucky it doesn't get accidentally reverted in a few git checkins :)23:46
naccsarnold: yep :)23:48
sarnoldkeithzg: it might also be worth trying your input with valgrind, or if you build imagemagick from git to test, to try the compilation with ASAN. they're not so good at writing safe code, maybe you've found an exploitable problem.23:49
sarnoldkeithzg: the error message you tripped makes it seem unlikely but you never know23:49

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!