/srv/irclogs.ubuntu.com/2017/02/17/#ubuntu-server.txt

bobafetthaving issues using VPN. it says it is connected but pages dont load and i cant ping past router unless i DC from vpn01:10
bobafetti can connect to VPN from windows 10 with no problem01:10
sarnoldcheck error logs on both the vpn client and the vpn server01:10
=== JanC_ is now known as JanC
PhoenixMageHi all, I am having problems with lio/targetcli restoring config on boot, is anyone else using it?07:36
=== JanC is now known as Guest38106
=== JanC_ is now known as JanC
lordievaderGood morning.08:27
=== disposable3 is now known as disposable2
WantDevHelpI'm having difficulty installing ubuntu-server 16.04.2. When it detects the disc is gives, "Enter an IP address to scan for iSCSI targets". I don't know what this is about. I want to just partition my local disk. Any help appreciated.10:22
lordievaderIf you don't want to use iSCSI can you not cancel the window?10:24
WantDevHelpthanks for replying lordievader. It's the only option it gave me. I fiddled about with BIOS settings but it only seemed to give me the option to set up iSCSI. Don't know why. However, the power supply in the back of the PC just made a noise like an arc welder. Proble Solved!10:28
lordievaderErr, okay?10:29
WantDevHelpComputer not working so I'll have to do somthing else.10:29
WantDevHelpI'm being silly. I won't be able to progress for the moment. I'll have to either dig out a power supply from another PC or use VM.10:30
WantDevHelpIt's unusual though. Previously when I've installed ubuntu, it opens the partitioner and I can choose between manual partition or just accept defaults. Didn't give me the chance for some reason.10:31
lordievaderAre you using some kind of raid controller?10:35
WantDevHelpno10:37
WantDevHelpI seem to recall having a simila difficulty with an old Dell before. As it appears to have turned into an arc welder, I'll defer that for the momoent. I'll use another old PC for the moment.10:38
WantDevHelpI'm going to have to muck about with hardware for a while. Thanks10:38
=== ggherdov`____ is now known as ggherdov`
boichev+1 on zfs it is really REALLY nice13:00
boichevsorry wrong window13:00
lordievaderThe same thing was said here a few days ago ;)13:15
coreycbzul, i'm starting on cinder and horizon rc213:27
zulok13:30
zulcoreycb: i got nova and manila13:31
coreycbok13:31
coreycbzul, i'll get the neutrons13:42
zulok13:42
coreycbzul, i'll get trove13:49
zulcoreycb: i got mistral* after..13:50
zuli got magnum as well13:54
PhoenixMageHi all, how can I get ubuntu server to auto import zpools on boot?13:57
jamespagecoreycb, zul: we need to sortout qemu for ppc64el in proposed14:25
jamespageI'll do that now14:25
jamespageI need to disable the seccomp support on that arch14:25
zuljamespage: ack14:25
coreycbjamespage, ok thanks14:27
boichevlordievader: exactly :D the error was "Up arrow, Enter" :D14:35
jamespagecoreycb, zul: qemu re-backporting now14:36
zuljamespage: k14:36
=== kirkland` is now known as kirkland
jamespagemwhahaha, hey around?14:53
mwhahahajamespage: what's up?14:54
jamespagemwhahaha, are you around at the PTG next week?14:54
mwhahahajamespage: I will not be14:55
jamespagemwhahaha, hmm no openstack-puppet slots mon/tues14:56
jamespagemwhahaha, OK14:56
mwhahahajamespage: yea we had 0 response when asked about the ptg so nothing for Puppet14:56
mwhahahajamespage: EmilienM will be there if you had specific questions14:57
mwhahahaI had a schedule conflict14:57
jamespagemwhahaha, np - I've been working to get topics scheduled to discuss what we're planing with snaps14:57
EmilienMjamespage: yes, feel free to reach me15:00
jamespageEmilienM, awesome I will do15:01
DammitJimthis is a general server question... does a single drive in a RAID array have data that can be read?16:21
drabDammitJim: depends on what raid, depends what you mean read, in raid1, yes, in raid6 it depends and you'd have to read at low level16:25
DammitJimright, but I mean, you can't just grab this drive and plug it into some cable to your computer and just read data16:26
vonsyd0wfrom a raid1 sure, but probably not from other raid levels16:30
cncr04scan I add a md/raid device as a member in annother md/raid ?16:30
DammitJimthanks16:32
DammitJimdo you guys know if there is a way to control what range of ID number to use for when one creates a new user?16:38
DammitJimfor some reason on a server I have that is joined to a domain, it sets the ID to the 10,000 range16:38
DammitJiminstead of just 1,00016:38
smosernacc, thoughts? https://bugs.launchpad.net/usd-importer/+bug/166570316:44
ubottuLaunchpad bug 1665703 in usd-importer "add subcommand for 'import-dsc'" [Undecided,New]16:44
naccsmoser: certainly reasonable to do. Would it just be `git-dsc-commit`? I'm not sure we can support parenting it correctly for the first version imported (it'd be an orphan), but as lng as 1.4, 1.5 mention 1.3 in the changelog, i think we'd find it16:47
tewardrbasak: um, i'm not sure why it's saying 'unsatisfiable dependencies' on nginx on update_excuses, can you peek?16:47
naccsmoser: that is, wrapping git-dsc-commit as we do now with usd16:47
tewardthe package versions it's after are *listed* in Zesty right now, per rmadison...16:47
tewardalso Perl still hanging the migration out of proposed16:47
naccteward: new build hasn't been copied to the archive(s) yet?16:48
naccteward: there's latency there between when the build finishes and when excuses sees it, iirc16:48
tewardnacc: new build of the dependencies you mean16:48
teward*brain is not fully online*16:49
naccteward: oh sorry, i was looking at the nginx lines, my fault16:49
tewardnacc: two issues: (1) "Dependency not satisfiable" when those packages exist in those archs.  (2) Perl version is holding up migration, but I don't know why.16:49
naccteward: let's focus on 1), trying to reproduce in my chdist, one sec16:50
tewardnacc: mmkay.  My brain is offline today so blah.  :)16:51
tewardah, but you're probably right -1ubuntu2 probably isn't uploaded when it was created16:51
tewardthough it should've been since it was uploaded yesterday heh16:51
rbasakteward: component mismatch.16:53
rbasaklibnginx-mod-http-lua is in main. libluajit-5.1-2 is in universe.16:53
naccteward: yeah, main/universe16:53
naccteward: as is liblua5.1-016:53
tewardrbasak: http-lua should go to universe then16:54
naccteward: is there any reason those two can't live in universe?16:54
tewardnacc: i'm five steps ahead of you16:54
rbasakYeah you can do that. An archive admin can move it.16:54
tewardrbasak: the bug for the merge has what should be in main16:54
rbasakIf you can't find one on IRC, file a bug against nginx and subscribe ~ubuntu-archive please.16:54
nacchttp://people.canonical.com/~ubuntu-archive/component-mismatches-proposed16:54
tewardin terms of libnginx-mod16:54
naccteward: --^ :)16:54
rbasakOr just subscribe ~ubuntu-archive to that bug I guess, if it's still open.16:55
naccit's a binary only movement, so it's easy, just needs the AA as rbasak said16:55
naccrbasak: we do have a few of those for server, it seems16:55
tewardrbasak: it's the merge bug until it moves out of proposed...16:55
tewardrbasak: nacc: do we know why nginx-core-dbg, a debug symbols package, is being caught?17:07
tewardis it because it's new?17:07
tewardWOW i'm an idito nevermind17:08
tewardactually, wait i still don't knwo why that's listed17:08
naccteward: as i read it, ubuntu1 produced that binary, but ubuntu2 did not17:09
nacc(it produced -dbgsym instead)17:09
nacchttps://launchpad.net/ubuntu/+source/nginx/1.10.3-0ubuntu1/ vs https://launchpad.net/ubuntu/+source/nginx/1.10.3-1ubuntu2/17:09
nacc(or only -dbgsym rather)17:10
naccteward: and excuses/proposed-migration doesn't like binaries going away17:11
tewardah, right17:13
tewardnacc: that's a result of the evil packaging changes17:13
tewardi'll make a note of that too17:13
naccteward: I *think* you need AA intervention for that too17:14
tewardwell the AAs are going to be busy either way17:14
nacc:)17:14
tewardrbasak: i'mma subscribe ubuntu-archive and add this massive list of things heh17:18
tewardrbasak: added to the bug, and ubuntu-archive subbed.  I hope I dont get shot for any of these things heh.17:21
tewardbut that should be able to fix the mismatches.17:21
tewardPerl is just hanging the migration currently from proposed to nonproposed :/17:22
rbasakteward: thanks!17:23
rbasakI wouldn't worry too much about Perl. I'm sure the Foundations team will take care of it :-)17:24
Emmanuel_ChanelHello!18:44
Emmanuel_ChanelI upgraded linux-image of Ubuntu 16.04 LTS. But the post installation process doesn't succeed.18:44
Emmanuel_ChanelSomeone can help me?18:44
Emmanuel_ChanelIt generates too much initramfs to occupy whole /boot18:45
DammitJimis there a way to disable these ssl warnings on mysql server 5.7?18:56
kur1jI'm trying to create an image for Openstack manually and I am using the minimal ubuntu installer and without selecting anything during installation its 1.9GB for me. I'm using QCOW2 and I have no idea how to make the installation smaller. Any suggestions?18:58
kur1jhttp://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img this image from Ubuntu is ~300MB18:59
sarnoldEmmanuel_Chanel: btw irc works best if you stick around for a while :)19:00
sarnoldEmmanuel_Chanel: how large is your /boot? do you even need a /boot?19:00
Emmanuel_Chanelsarnold: /boot = 113MB and yes, I need /boot .19:03
Emmanuel_ChanelMy HP server is not with UEFI but with BIOS.19:03
Emmanuel_ChanelBut the HDD RAID1 pair is about 6TB.19:04
Emmanuel_Chanelsarnold: Can you help me?19:04
sarnoldEmmanuel_Chanel: ouch. that's -really- tiny. I think 500 MB or so would be far safer19:06
sarnold/boot on my laptop is 256M, /boot on a serverish-machine is 280. definitely you need bigger..19:07
Emmanuel_Chanelok.19:08
naccEmmanuel_Chanel: my guess is you have old kernels around19:08
Emmanuel_ChanelDo you know why it generates unneeded initrd images?19:08
naccEmmanuel_Chanel: that size /boot is only really going to be able to store 1 or 2 kernels it feels like19:08
nunchuckgreetings had to "unset DISPLAY" on ubuntu server, how do i get display back?19:09
naccEmmanuel_Chanel: define 'unneeded'19:09
Emmanuel_Chanelnacc: How can I do?19:09
naccEmmanuel_Chanel: `apt autoremove` typically19:09
naccEmmanuel_Chanel: but it depends on what all is installed19:09
naccEmmanuel_Chanel: what version of ubuntu and please pastebin `ls -ahl /boot`19:10
Emmanuel_Chanelnacc and sarnold http://pastebin.com/AZNc4yD419:18
DammitJimdo you guys know what I can add to my mysql config so that I don't get SSL warnings?19:19
sarnoldDammitJim: what warning are you getting?19:19
naccEmmanuel_Chanel: ls -ahl /var/lib/initramfs-tools19:20
sarnoldEmmanuel_Chanel: excellent; what kernel does uname -r report that you're running now?19:20
DammitJimWARN: Establishing SSL connection without server's identity verification is not recommended.19:20
DammitJimI understand I can provide a useSSL=false on the client connecting to the server19:20
DammitJimbut can I set something up on the server so it doesn't check for this?19:20
sarnoldDammitJim: ehhhh... using ssl without verification is better than using no ssl at all.19:21
Emmanuel_Chanelsarnold: uname -r = 4.4.0-62-generic19:21
sarnoldDammitJim: and enabling verification is going to be some work. I'd leave it alone.19:21
DammitJimsarnold, maybe you can help me understand what that means19:21
Emmanuel_Chanelnacc: I'm trying it now.19:21
DammitJimthat's probably what I'm missing19:21
DammitJimyou mean leave the warnings alone?19:22
DammitJimthis is for local connections19:22
sarnoldDammitJim: this means that the certificate from the other side can't be verified -- it isn't signed by a trusted certificate authority19:22
DammitJimoh gosh19:22
DammitJimbut I don't want to use certificates19:22
Emmanuel_Chanelhttp://pastebin.com/RURU7bLU19:22
Emmanuel_Chanelnacc: Done.19:22
naccEmmanuel_Chanel: ok, that is why extra initrds are being generated19:23
sarnoldDammitJim: you don't want to go to the hassle of using _real_ certificates... but self-signed is fine enough for many uses, and this is probably one of them.19:23
nacc*normally*, i beleive that directory only contains kernels that are actually installed19:23
DammitJimoh man19:23
naccEmmanuel_Chanel: did you manually delete some kernels (rather than using apt)?19:23
Emmanuel_Chanelnacc: So all I need to is delete them except 4.4.0-62-generic19:23
DammitJimso, a solution would be to use self signed certificates, huh?19:23
naccEmmanuel_Chanel: yes, i believe so19:24
DammitJimdo I have to then import them for the server and then import them for the client? (even though the server and client are on the same server)19:24
Emmanuel_Chanelnacc: No... I deleted /var/tmp/mkinitramfs* , though.19:24
Emmanuel_Chanelnacc: ok. I do.19:24
sarnoldEmmanuel_Chanel: be sure to keep a fall-back as well; in general, keep the kernel you're running, keep the newest, and if those are the same, keep the next newest :)19:24
naccsarnold: no fallback in /boot (taht i can see)19:24
sarnoldDammitJim: yeah; I suspect you're already using self-signed certs19:24
naccwhich is why i think something manually was done19:24
DammitJimI am, but not for mysql19:25
DammitJimso, would I need to change my client connections to use a client certificate?19:25
DammitJimor where do I tell mysql client that the server cert is good?19:25
Emmanuel_Chanelsarnold and nacc: Thanks for your help! Looks my problem is solved.19:26
DammitJimoh man, I loose either way because I have to get the developers to change their connection code19:26
DammitJimis that right?19:26
sarnoldDammitJim: I don't know how to fix that -- I really don't know mysql -- but if you put the self-signed cert in your /etc/ssl/certs/ directory and run update-ca-certficates I think that will do the trick -- read the update-ca-certificates manpage first and make sure it sounds right19:28
DammitJimsarnold, so if I add the certs, then I won't need to update connection code?19:29
=== JanC is now known as Guest50386
=== JanC_ is now known as JanC
sarnoldDammitJim: I don't know about that; all the clients may need to have their cert stores updated if they're on different hosts..19:33
DammitJimsomething tells me one can disable ssl on the server as an option19:34
sarnoldyeah you probably can but I really don't like that idea :)19:34
sarnoldwhy use telnet when you can use ssh?19:34
DammitJimbecause this will involve a couple dozen apps to be updated19:35
sarnoldwhy? for one warning??19:35
DammitJimyeah, this happens in multiple servers19:36
sarnoldbut it's a warning; what's wrong with ignoring it? :)19:36
DammitJimit clutters the log files19:36
sarnoldtrue enough19:36
sarnoldbut if you don't care about the tls certificate validation then you might as well work on something that you do care about ;)19:37
=== madsa_ is now known as madsa
geigerCounterHello!19:39
DoowHi, I recently did a fresh install of an ubuntu server (16.10). When taking a look at the open ports I noticed that it was listening on three ports. 22, 80 and 5355. 22 and 80 I knew about and it's intentional, but what is 5355? /etc/services lists it as 'hostmon', but hostmon doesn't have a manpage and I haven't found anything really relevant when googling either. Only airport-hostmon which seems to be some old apple standard.19:41
Doowtldr: what is hostmon running on port 5355?19:42
sarnoldDoow: what program is listening on it?19:42
sarnoldrun netstat -lntp or something similar to find out19:42
geigerCounterI'm running Ubuntu 14.04 LTS server edition and trying to configure exim4 to use tls. Here's my config: http://paste.ubuntu.com/24015110/19:42
geigerCounterThe connection times out when connecting remotely with telnet or thunderbird. Connecting locally with telnet, I'm able to access smtp and after running ehlo, I'm able to try "starttls", but it gives me an error message that tls is unavailable. What should I do?19:43
Doowsarnold: 810/systemd-resolve19:44
sarnoldDoow: hopefully useful https://lists.ubuntu.com/archives/ubuntu-devel/2016-May/039350.html19:45
sarnoldgeigerCounter: connection timing out sounds like firewall settings19:45
Doowsarnold: I wasn't running netstat as root at first =)19:46
Doowsarnold: thanks, I'll take a look19:46
geigerCountersarnold: On the server or the client?19:46
geigerCountersarnold: That also doesn't explain why starttls fails.19:47
sarnoldgeigerCounter: indeed, but one problem at a time is the way to preserve sanity :)19:48
sarnoldDoow: aha :D19:48
Doowsarnold: That explained everything, thanks for the quick help19:51
sarnoldgreat :)19:51
geigerCounterI don't think it's a firewall issue though, as before I started trying to config exim4 to use tls, I was able to access SMTP fine remotely as well. But just to be sure, I've made sure to add an exception for port 25 in Windows firewall. I know that server-side there's no firewall whatsoever and there's activity to my SMTP server just fine. GoDaddy's MX Toolbox reports when SMTP goes down and when it19:53
geigerCountercomes back up and right now... it says it's down...19:53
geigerCounterI just restarted exim419:54
geigerCounterI just connected locally via telnet and was able to log in.19:56
geigerCounterWell I was able to connect and ehlo, haven't actually tried to auth.19:56
geigerCounterHang on...19:57
=== madsa_ is now known as madsa
=== jelly-home is now known as jelly
=== madsa_ is now known as madsa
axisyshow do I install a particular version of a package?21:33
tarpmanaxisys: apt install package=version21:34
axisyssudo apt-get install zabbix-agent=1.8.22 says not found21:34
axisyshow do I get a older version?21:34
axisystrusty latest is 2.2.221:34
tarpmanaxisys: 'apt-cache policy zabbix-agent' will show you the available versions21:34
axisyson 2.2.221:35
axisysonly*21:35
tarpmanaxisys: according to http://packages.ubuntu.com/zabbix-agent you probably have to go back to 12.04 if you want zabbix 1.821:35
axisysso is it possible to install 1.8.x on 14.04 ?21:35
tarpmanI don't know, sorry21:36
naccaxisys: no, you'd need to use 12.04 for that, presumably23:16
geigerCounterOkay, I think I finally found something out in regards to my exim situation. It appears that the self-signed certs I rolled for testing exim with are not valid and/or cannot be accessed by exim.23:26
sarnoldgeigerCounter: ugh :/ while I wouldn't necessarily expect all clients to work with that, I sort ofhope the server itself wouldn't care23:27
geigerCounterNo, I mean, it literally couldn't read the cert. And upon checking I know see why.23:27
geigerCounterI had MAIN_TLS_PRIVKEY as the macro instead of MAIN_TLS_PRIVATEKEY23:27
* geigerCounter facepalms23:27
sarnoldoh man23:28
geigerCounterSo pedantic.23:29
sarnold'unknown macro' would have been kind..23:29
naccmight be nice for it to complain about unknown keys in the cof?23:29
nacc*conf23:29
geigerCounterYeahh...23:29
geigerCounterYeah.23:29
geigerCounterBut it didn't do that until I tried to send stuff to/from Gmail.23:30
geigerCounterThat still doesn't seem to have fixed it though...23:31
geigerCounterstarttls still isn't working.23:31
geigerCounterWait.23:31
geigerCounter-rw-r--r-- means globably readable by all users right?23:32
naccyes23:32
sarnoldyes23:32
geigerCounterThat's what I thought. exim's now pointing to the correct cert and key, but it can't read them.23:33
sarnolddirectory permissions above it may prevent the world from getting to the file, thuogh23:33
geigerCounterIt won't say how and why.23:33
geigerCounterAh23:33
geigerCounterWell can I symlink it to another directory then?23:33
sarnoldand apparmor permissions could prevent it too (check dmesg | grep DENIED if you think this might be the case)23:33
geigerCounterI don't think I have apparmor installed yet.23:33
geigerCounterMmm... yeah, the certs directory ( /etc/ssl/certs ) is readable, the key directory ( /etc/ssl/private ) is not.23:34
geigerCounterI assume this is by design.23:35
geigerCounterWould that prevent exim from being able to read /etc/ssl/private/exim.key ?23:35
sarnoldit could; maybe you need to add the supplementary group ssl-cert to exim's startup scripts?23:36
geigerCounterI may yes, but for whatever reason my /etc/ssl/private directory is user read only. It's group executable tho...23:37
geigerCounterNot sure if that makes a difference in this case.23:37
sarnoldinteresting, mine is: drwx--x--- 2 root ssl-cert23:38
geigerCounterSo is mine.23:38
sarnoldoh ok, good23:38
geigerCounterAnd idk.23:38
geigerCounterI've got another key in here that dovecot uses and is able to read just fine.23:38
geigerCounterSo mm.23:38
geigerCounterI'm not sure if that means dovecot spawns with different permissions or what?23:39
sarnolddovecot probably reads it as root at startup or also has the ssl-cert supplemtnary group23:39
geigerCounterMm. Makes sense.23:39
geigerCounterTo add a user to a group, you run "adduser <user> <group>" right?23:40
sarnoldworth a try23:40
sarnoldfunny, I jumped right to 'edit the startup' but it might be easier than I was making it :)23:41
geigerCounterHm?23:41
geniiI generally use sudo usermod -Ga newgroup username23:41
geigerCounterWoo! No error when accepting mail from gmail! :D23:42
geigerCountertls starts!23:43
sarnoldgeigerCounter: great :D23:43
geigerCounterYeah, that's one issue down, one to go.23:44
geigerCounterOr maybe not...?23:45
Hensterhello, know when you cp a file and use -R -v ,i whish it showed a bar of the current file size that im copyig  like when you use wget23:46
geigerCounterTLS error on connection from <myhostname.com> [my.ip] (gnutls_handshake): An unexpected TLS packet was received.23:46
Henstermaybe i should use mc ,, lol23:47
geigerCounterHenster: Midnight Commander? I have it, I like it, I don't use it much tho. ;p23:48
Hensteri found this chem today tmux .. man making my life allot easer ,, screen did not work well with mc23:49
geigerCountersarnold: Okay, now after getting the 220 TLS go ahead, any additional input crashes the connection and gives me the above error. :Y What am I doing wrong now?23:49
Hensterso i hosted my 1st wordpress website on Ubuntu server ,, man im nervious but so far so good23:50
geigerCounterHenster: Hey man, congrats! It's probably way smarter than what I'm doing trying to build a custom content system. x-x23:50
geigerCounterMy everything is broken...23:51
sarnoldgeigerCounter: yikes. that doesn't make sense :/23:52
geigerCountersarnold: Nope. But then again, configuring email seems to be an eldritch task, so...23:54
geigerCounterLol.23:54
Henster@geigerCounter im learing early to make backups ,,not so sure how im going to secure remorte archive files23:54
sarnoldgeigerCounter: yeah. it's miserable these days.23:54
* geigerCounter sighs23:54
geigerCounterI'm making progress at least!23:54
geigerCounterHenster: Can you try that sentence again, I don't quite get what you mean...23:55
Henstersever 1 ,, webserver and server 2 has files server 1 uses ,, eg. some files of Apache document root .. want to encrypt the data inetween the 2 servers23:56
Hensterinbetween* sorry my spelling23:57
geigerCounterLet me see if I've got this right: You have two servers, a file server and a webserver, and you want to secure the data transfer between them with encryption?23:57
geigerCounterHenster: Is there a special reason why you can't just have both on the same server?23:59
Henster@geigerCounter correct23:59
geigerCounterOkay.23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!