[00:08] <mwhahaha> coreycb: just fyi, I figured out the designate stuff and posted a patch to designate. It was my noop code, but for a different reason then I had seen previously
[00:55] <Term1nal> Question.. I see that nginx-full is compiled with the option: --with-stream=dynamic
[00:55] <Term1nal> I guess meaning that it's a dynamic module. How do I go about installing/activating said module?
[00:55] <Term1nal> or do I need to recompile as static?
[01:02] <Term1nal> I guess I do... despite the module being enabled in /etc/nginx/modules-enabled, it refuses to recognize the "stream" directive
[01:33] <sarnold> Term1nal: strings output on a usr/sbin/nginx from the nginx-full package sure looks like stream ought to be available; can you pastebin your config and error messages?
[01:44] <Term1nal> sarnold: I figured it out, there was no include directive for modules_enabled
[01:44] <Term1nal> though it doesn't seem to work anyhow. :(
[01:44] <Term1nal> proxying, that is.
[01:45] <sarnold> oh :/
[03:19] <Xpistos> Hey all. I am having some trouble accessing my smb share. I have it mounted but when I try and delete or add, I cannot. If i try and chmod the file it says they are read only not sure why.
[03:22] <sarnold> check the logs on the samba server and dmesg on the client
[03:23] <Xpistos> sarnold: checking now
[03:25] <Xpistos> sarnold: nothingon the client in dmesg looking for samba, smb or cifs
[03:28] <Xpistos> sarnold: I see alot of logs but nothing helpful
[03:29] <sarnold> that's unfortunate. :/ it's been decade since I've used samba, so I was hoping that the error would stand out clearly :)
[03:29] <Xpistos> maybe I should just use nfs
[03:30] <sarnold> Xpistos: what does the filesystem line look like from /proc/mounts? how about ls -ld . for the directory?
[03:33] <Xpistos> proc/mount says '/dev/sda1 /wd320 ext4 rw,relatime,data=ordered 0 0'
[03:34] <Xpistos> ls -ld is full open
[03:34] <sarnold> sorry, I meant for the smb share
[03:34] <Xpistos> drwxrwxrwx 10 x x 4096 Nov  5 14:42 /wd320/
[03:34] <Xpistos> sarnold: on the server or the laptop
[03:34] <Xpistos> ?
[03:34] <sarnold> probably laptop
[03:34] <Xpistos> checking
[03:35] <Xpistos> proc/mounts '192.168.1.25:/wd320 /home/x/Server/wd320 nfs4 rw,relatime,vers=4.0,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.80,local_lock=none,addr=192.168.1.25 0 0'
[03:36] <sarnold> nfs4 :)
[03:36] <Xpistos> sarnold: not sure why it says that.? I have the nfs mount commented out in the /etc/fstab
[03:36] <sarnold> are you perchance root on the laptop?
[03:36] <Xpistos> I can be
[03:37] <sarnold> most times nfs is configured with 'root_squash' that forbids root on clients from writing
[03:38] <Xpistos> so maybe if I reboot the laptop it will pull the correct fs
[03:39] <Xpistos> it will not let me umount the share
[03:39] <sarnold> if you've got your /etc/fstab configured the way you'd like it, you could probably also do umount /home/x/Server/wd320 ; mount /home/x/Server/wd320
[03:39] <sarnold> lsof | grep /home/x/Server/wd320  ?
[03:40] <Xpistos> unrar     18704                x    3r      REG               0,47  54701023   11010511 /home/x/Server/wd320/Comics/Processing/0-Day Week of 2016.11.02/Revival 044 (2016) (Digital) (Zone-Empire).cbr (192.168.1.25:/wd320)
[03:41] <sarnold> if you kill the unrar process perhaps you could then umount the filesystem
[03:41] <Xpistos> let me see
[03:42] <Xpistos> still says the device is busy but lsof has no output for the share
[03:43] <sarnold> odd
[03:43] <Xpistos> let me reboot and see. brb
[03:45] <xpistos> sarnold: well that is progress anyway,
[03:46] <sarnold> xpistos: are things happier now on cifs?
[03:46] <xpistos> sarnold: the share does not connect and says I need to be root to mount it. when I do, it says mount.cifs: bad UNC (192.168.1.25:/wd320)
[03:46] <xpistos> sarnold: so I guess is should use the UUID instead there
[03:47] <sarnold> uncs are more like //servername/wd320 or \\\\servername\\wd320
[03:50] <xpistos> sarnold: now it says permission denied
[03:51] <sarnold> xpistos: what operation did you try?
[03:51] <xpistos> "//192.168.1.25/wd320     /home/x/Server/wd320                    cifs  guest,uid=1000,iocharset=utf8  0  0"
[03:52] <xpistos> well my uid is 1000
[03:53] <xpistos> on both servers
[03:53] <xpistos> or both systems server and laptop
[03:53] <sarnold> check the samba logs on the other end point, perhaps it'll have a more detailed answer for why the mount is forbidden
[03:53] <sarnold> note that smb/cifs has had multiple ways to do 'guest mode' over the years and I wouldn't be surprised if the client and server disagree on how to make it work
[03:56] <xpistos> I tried  'cat log.* | grep 1.80' with not hits for the entire samba log. I think this might be on the laptop side
[03:58] <xpistos> sarnold: dmesg on the laptop says 'CIFS VFS: cifs_mount failed w/return code = -13'
[03:58] <xpistos> nothing new there
[06:56] <DK2> just killed a system by shrinking a lvm partition
[06:56] <DK2> thank god for backups
[07:01] <abhishek> hi
[07:02] <abhishek> i am using conjure-up to deploy Kubernetes on aws
[07:03] <abhishek> could you tell me how to modify aws instance default size as well change aws region
[07:04] <abhishek> it took while deploying m3. medium and us-east-1
[07:04] <abhishek> but i want to change that
[07:06] <abhishek> is any one here
[07:06] <abhishek> ?
[07:19] <abhishek> hello
[09:09] <zioproto> jamespage, what was the name of the channel to follow for the snap packaging discussions ?
[09:12] <jamespage> zioproto, #opentack-snaps
[09:12] <jamespage> zioproto, #openstack-snaps rather
[09:12] <zioproto> ah ! I was missing a 's' :)
[09:13] <ObrienDave> details, details ;P
[09:37] <nww> help
[09:37] <lordievader> Good morning.
[09:37] <nww> hi
[09:37] <nww> good evening
[09:38] <nww> is any one online ?
[09:38] <ObrienDave> no ;p
[09:38] <nww> :>
[09:38] <nww> i need one help
[09:39] <nww> regarding conjure-up aws kubernets deployment
[09:39] <lordievader> !ask | nww
[09:40] <ObrienDave> well, I can't help with server, i just hang out here to see how many people ask "is any one online" ;P
[09:40] <nww> Could you tell me how to modify aws instance default size as well change aws region , by default it took while deploying , m3. medium and us-east-1 , But i want to change that
[09:41] <nww> trying to deploy kubernets on aws using juju , conjure-up
[12:52] <coreycb> mwhahaha, cool yeah I think the designate fix has been merged now.  I'll cherry pick the patch and upload a new package version.
[12:55] <coreycb> mwhahaha, ah i see that's your patch.  not merged yet but I'll cherry pick from gerrit.  thanks!
[13:05] <coreycb> zul, i'll get designate for b3
[13:06] <zul> coreycb: ok
[14:11] <zul> coreycb: i got cinder
[14:11] <zul> coreycb: if you can do horizon that would be great ;)
[14:11] <coreycb> zul, will do.  i'm fiddling with that and dashboards now.
[14:23] <zul> coreycb: i got keystone as well
[14:40] <zioproto> this was finally merged: https://review.openstack.org/#/c/403160/ it would be cool to have it into the ubuntu packages :) It is UX customer facing, super important :D
[14:48] <zul> coreycb: got manila
[15:19] <coreycb> jamespage, can you promote designate 1:4.0.0~b2-0ubuntu5~cloud0 to ocata-proposed?  it includes a patch that enables the designate-mdns service to start.
[15:54] <caliculk> Hey everyone, I have a machine that is running 16.04.1 hosted by a VPS that is self-managed. I have been trying to get the system to email me reports from logwatch ( no matter how crappy of a software it is) and also try to get other reporting features to email on the system (like cron reports and such). However, no matter what I am doing with postfix it just always sends to the user instead of the actual email address on file. When I
[15:54] <caliculk> attempt to send emails from logwatch, postfix complains that the email is too large, and ssmtp just doesn't send any email at all (or I don't receive it in any case). I was wondering if someone could assist me in getting that set up so I have some basic reporting features from the machine.
[15:59] <joelio> I just tend to use exim4, when installed run a 'dpkg-reconfigure exim4-config' and then set a smart host to a 'proper' SMTP server to relay it. Can do that in postfix of course (maybe point at gmail smtp or whatever)
[16:04] <rbasak> caliculk, joelio: I'm reminded of: http://askubuntu.com/q/228938/7808
[16:15] <caliculk> rbasak, I tried that with ssmtp, and then mail never actually was received on my end. It appeared to be sending, but could never figure out where it was going.
[16:16] <joelio> yea, it makes sense (to me anyway) to send via an smtp smarthost
[16:16] <joelio> otherwise you have to deal with all the fun and shennanigans of running an outbound mail server, dmarc/spf and all that stuffs
[16:17] <rbasak> caliculk: if you don't know about it already, look into swaks as a testing tool.
[16:18] <caliculk> Alright, I will take a look tomorrow when the weekend starts. Having to head into work right now.
[17:25] <anoymous_mx> Hi all
[17:26] <anoymous_mx> How can protect my server with ubuntu 16 in Linode?
[17:35] <anoymous_mx> In my file /var/log/auth.log there are a lots IP from differents country (china, peru, usa, etc)
[17:37] <anoymous_mx> Jan 27 11:34:26 localhost sshd[12817]: refused connect from 116.31.116.18 (116.31.116.18)                 (1557 times to try to connect)
[17:37] <anoymous_mx> Jan 27 11:23:12 localhost sshd[23012]: refused connect from 222.165.133.145 (222.165.133.145)    (300 times to try to connect)
[17:38] <anoymous_mx> How can I to avoid this connections?
[17:40] <nacc> anoymous_mx: i mean, you are avoiding them, in that they are being refused by sshd
[17:41] <anoymous_mx> yes but sometimes with with my pc when run command ping to my server not responding
[17:41] <anoymous_mx> from my pc
[17:42] <anoymous_mx> iptables -A INPUT -s  116.31.116.18   -j DROP
[17:42] <anoymous_mx> iptables -A INPUT -s  116.31.116.18   -j REJECT
[17:43] <anoymous_mx> I used this commands but I do not know if this commands is correct
[17:43] <anoymous_mx> sorry for my bad english
[17:45] <blueking> easiest way to add new hdd to ubuntu server without gui ?
[17:53] <zul> coreycb: neutron*/trove/glance left out of the main ones
[17:54] <coreycb> zul, ack
[18:17] <wyre> hi guys
[18:18] <wyre> I cannot setup wired connection from gnome-control-center network
[18:21] <wyre> anyone knows why cannot I use that?
[18:21] <wyre> and do a graphical setup?
[18:57] <jayjo> can I use grep to search an entire directory for one word and identify the file that it's in?
[18:57] <tarpman> jayjo: yes. grep -rl word directory
[18:57] <tarpman> jayjo: -r -> search recursively through subdirs, -l -> list files only,don't print the matches themselves
[19:00] <jayjo> thank you - that worked great
[19:06] <sarnold> anoymous_mx: if you can allow ssh to your server from only specific IP address ranges (say, your home ISP) or something similar that can drastically cut down on ssh connection brute force attempts
[19:07] <sarnold> anoymous_mx: do you allow passwords when connecting to ssh?
[19:15] <anoymous_mx> sarnold: Yes I allow password when connecting to ssh
[19:16] <sarnold> anoymous_mx: I recall reading once that the majority of linux compromises are due to ssh password bruteforcing
[19:21] <anoymous_mx> sarnold: Yeah, but I think that with iptables might help to avoid this attacks
[19:22] <anoymous_mx> sarnold: But i am not sure
[19:53] <tomreyn> anoymous_mx: the blacklisting approach you are using with iptables is not a good one. for three reasons: (1) blacklisting means you always need to get active to ensure you remain protected and there is a window of opportunity (until you add the new blacklisting record) where attacks can succeed. (2) use ipsets instead of iptables rules for single ip addresses or single networks, those perform a lot better. (3) there are way too many
[19:53] <tomreyn> attackers for you to blacklist them manually, and most of them will actually stop attacking after some weeks, leaving you sit there with outdated records (and overhead which needs to be processed on each single inbound connection attempt).
[19:57] <anoymous_mx> tomreyn: Thans for the information
[19:58] <tomreyn> what you should do instead is to only allow ssh key based authentication. maybe make ssh listen on a different port than 22. and, as previously suggested, maybe only allow connections from the networks you use to connect to the server. you could also set up ipfilter connection limiting.
[19:58] <tomreyn> anoymous_mx: ^ and welcome.
[19:59] <anoymous_mx> tomreyn: Yeah, additionaly to this i modify hosts.allow only with my IP and hosts.deny with ALL:ALL
[19:59] <anoymous_mx> modified
[20:00] <tomreyn> i wouldn't use this meachanism to control access unless iptables is not an option
[20:02] <anoymous_mx> tomreyn: iptables or hosts.allow/hosts.deny or both?
[20:04] <tomreyn> use iptables with ipsets if you want to whitelist ip addresses and/or ports. do not use hosts.allow/deny (tcpd) for this purpose as long as iptables is available.
[20:04] <tomreyn> that's for performance reasons and for susceptibility to denial of service reasons mostly.
[20:06] <tomreyn> i'm not even sure whether sshd is actually tcpd wrapped, so whether those configurations would apply to it.
[20:07] <anoymous_mx> tomreyn: Okay, thanks for the information
[20:07] <sarnold> tomreyn: ldd `which sshd`, shows libwrap0
[20:08] <tomreyn> so this suggests hosts.allow/deny does apply to ssh
[20:08] <sarnold> i'd still prefer iptables
[20:08] <sarnold> your instinct there feels right :)
[20:09] <tomreyn> sarnold: and ideall you'd be using "objdump -x `which sshd` | grep wrap" instead :-P
[20:10] <tomreyn> althoug i guess (hope) your local sshd is safe.
[20:11] <anoymous_mx> I need go to my home, thanks for the information, i will to read about this
[20:11] <anoymous_mx> buen provecho
[20:12] <sarnold> tomreyn: so true. bad habits are hard to break :(
[20:12] <tomreyn> see you, good luck
[20:13] <tomreyn> sarnold: indeed, a readily available wrapper / alias with a catchy name could help you and me and everyone else breaking those bad habits.
[20:14] <tomreyn> ldd is just much more quickly typed than the equivalent objdump command.
[20:15] <sarnold> back in the day we had an ldd apparmor profile. I wonder where that went.
[20:57] <kyle__> I don't suppose anyone here has experience with dual nvme adapters?  I just got servers in with them, and I only ever see one of my two NVME cards.
[21:01] <sarnold> kyle__: what does dmesg | grep -i nvme show? how about lspci | grep -i non-vol
[21:01] <kyle__> sarnold: It shows the one I installed two, and both partitions. (efi & root)
[21:02] <kyle__> 02:00.0 Non-Volatile memory controller: Samsung Electronics Co Ltd Device a802 (rev 01)
[21:02] <kyle__> And lspci, just shows the one.
[21:02] <kyle__> I was wondering if there were some gotchas I just didn't know about.
[21:06] <kyle__> errr.  s/two/to/  I have no idea what's wrong with my typing today :P
[21:08] <sarnold> kyle__: is this an adapter that maybe converts a 8x lane to two 4x lanes or something similar? are you sure it's plugged into a slot that has enough lanes to split?
[21:09] <kyle__> sarnold: Yeah. Supermicro sells it in this configuration.
[21:10] <kyle__> :/  Silly me for thinking they'd verify it first.
[21:13] <sarnold> kyle__: okay, wild guess time, maybe the lstopo tools from the hwloc package can help you out
[21:13] <kyle__> lstopo?  I"m not familiar with those.
[21:15] <sarnold> it's a handy little tool to visualize the architecture of a system
[21:15] <sarnold> I'm hoping it'll be enough to help yo ufigure out what's wrong
[21:16] <kyle__> Wow.... So from this, I can see all of the SAS & SATA controllers are on one numa node.
[21:20] <kyle__> Is there an obvious way to map the PCI address shown in lspci to the ones in lstopo?
[21:22] <sarnold> all the details are stuffed in /sys/devices/pci* but it's not the easiest thing to traverse or read :/
[21:22] <sarnold> I just can't find any documentation one way or another if pcie switches need special drivers or not. sorry. :/
[21:24] <kyle__> Hu.  Yeah, I don't see two in there.   I see one device that I __think__ is it, but only one.
[21:27] <sarnold> I'd seriously hope supermicro would set the bios correctly for one of these things but you may have luck fiddling around in the bios options too. I seem to recall seeing way too many configuration choices last time I went through my supermicro's bios..
[21:36] <kyle__> sarnold: I have my doubts they set things right, from past experience.  For one thing, these only show up if the box is in UEFI or Dual (legacy+UEFI) mode.  Which makes no sense.
[21:36] <kyle__> If I coudlnt' boot from it in legacy, sure, I"d understand that, but to not even show up?
[21:37] <sarnold> kyle__: ugh. I wonder if that's just being silly or if windows falls over if its visible..
[21:38] <kyle__> Argh.  Yeah.  For this beautiful box to be cripped for windows's sake would be galling.
[23:07] <keithzg> Hmm, I'm running a server that (initiated via Phabricator, but I've now tried it manually as well) worked fine using imagemagick's "convert" function on images on 14.04, but now on 16.04 tends to fail out with
[23:07] <keithzg> convert: memory allocation failed `butwhy_000000043' @ error/quantize.c/QuantizeImage/2743. convert: memory allocation failed `butwhy_000000043' @ error/gif.c/WriteGIFImage/1648.
[23:07] <keithzg> (and such; "butwhy" in this case is the test filename)
[23:08] <keithzg> The server VM in question has 4GB of RAM and the actual RAM usage doesn't *appear* to spike enough for it to have truly run out of memory.
[23:12] <nacc> keithzg: i'm guessing that's an imagemagick internal thing
[23:12] <nacc> keithzg: what kind of file is it?
[23:13] <sarnold> http://sources.debian.net/src/imagemagick/8:6.8.9.9-5%2Bdeb8u6/coders/gif.c/#L1647
[23:17] <nacc> which hasn't changed upstream since they moved to github :)
[23:19] <keithzg> nacc: 'tis a GIF image; Phabricator resizes and applied text on the fly (well, for the first time of any such combination on a Phabricator instance, and then it's cached) and it's one of those images, which is failing, that I'm manually testing there.
[23:21] <keithzg> The same command on the same image but run on my 64-bit desktop (the server is 32-bit) does complete without complaint.
[23:21] <keithzg> But of course, it *also* completed without complaint back in 14.04 . . .
[23:22] <sarnold> based on the source it doesn't even look like it tries to allocate memory
[23:23] <sarnold> it just notices that there's either more than 256 colors in the thing or the image storage class is direct (wtf that means..)
[23:25] <keithzg> That . . . seems like a bizarre error for it to spit out, then! (Although in keeping with imagemagick's reputation :P)
[23:28] <nacc> yeah, i don't really understand what the issue is
[23:28] <nacc> keithzg: tbh, i'd contact them via their forums and see what they say
[23:31] <sarnold> yeah given just how strange the codebase is that's your best bet
[23:35] <nacc> and how often a bug is found and they respond immediately with 'we reproduced it and a fix will be in git shortly'
[23:41] <keithzg> Sounds like a plan
[23:41]  * keithzg trudges off to create an account on the Imagemagick forums
[23:46] <sarnold> nacc: aye so true. and if you're really lucky it doesn't get accidentally reverted in a few git checkins :)
[23:48] <nacc> sarnold: yep :)
[23:49] <sarnold> keithzg: it might also be worth trying your input with valgrind, or if you build imagemagick from git to test, to try the compilation with ASAN. they're not so good at writing safe code, maybe you've found an exploitable problem.
[23:49] <sarnold> keithzg: the error message you tripped makes it seem unlikely but you never know