[00:16] <axisys> failing to upgrade lucid .. this is what I tried so far
[00:17] <axisys> http://dpaste.com/0KW2Y2R.txt
[00:17] <axisys> any suggestion?
[00:37] <TJ-> axisys: failure to authenticate suggests you've not installed the updated keyrings - I *think* the archive keys rotated at some point after 10.04
[00:45] <axisys> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1513232 comment #3 seems to be resolving .. now seems to be upgrading
[00:49] <TJ-> yes, comment #11 confirms it's a key issue and gives a command to fetch the missing key
[03:17] <axisys> upgrade completed and now I am getting a key error on precise apt-get update
[03:17] <axisys> W: GPG error: http://us.archive.ubuntu.com precise-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>
[03:17] <axisys> so I guess that key from #11 is not correct anymore
[03:19] <axisys> http://dpaste.com/18KFVNX.txt
[03:20] <sarnold> axisys: check 'dmesg' output to see if you've had any IO errors
[03:21] <sarnold> axisys: try manually checking the files in /var/lib/apt/lists/
[03:21] <axisys> this fixed it
[03:21] <axisys> https://askubuntu.com/questions/198371/apt-encounters-errors-with-bad-gpg-keys
[03:21] <axisys> sarnold: right
[03:21] <axisys> needed a new lists dir
[03:22] <sarnold> heh, that's a bit .. blunt, but sounds like it worked :)
[03:23] <axisys> do-release-upgrade on precise saying no new release found
[03:25] <axisys> /etc/update-manager/release-upgrades says Prompt=lts .. so why not?
[03:28] <axisys> interesting.. probably some cache.. after a reboot, it is accepting the command
[03:29] <sarnold> axisys: do be sure to check dmesg to make sure you're not getting IO errors
[03:29] <sarnold> we get a lot of bug reports with dying drives in the logs :(
[03:43] <axisys> ok.. also I am running a vagrant image for testing out the process in my laptop.. preparing for upgrading few next week :-)
[03:44] <axisys> but good suggestion
[03:44] <axisys> i do run smartmon as a cronjob on this laptop, also..
[03:44] <sarnold> I love to hear that you're testing it first, always a decent idea :)
[03:44] <sarnold> then it's more likely the file was corrupted in transit. that happens.
[03:45] <axisys> or loose my job while playing with prod server.. hehe
[07:01] <lordievader> Good morning
[07:03] <cpaelzer> hi lordievader
[07:03] <cpaelzer> good morning to all as well
[07:03] <lordievader> Hey cpaelzer_, how are you doing?
[07:04] <cpaelzer> great, I hope you are fine as well today
[07:05] <lordievader> Jup doing okay here. Today I'm going to update my firewall rules :D
[07:05] <lordievader> In other words, break everything :P
[07:07] <hateball> \o/
[07:07] <cpaelzer> ready to see your disconnect timeout then :-)
[07:10] <lordievader> As I am using Matrix that should not happen ;) If it does I might have managed to break a server somewhere else on the campus :P
[11:26] <iot17> Hey guys, i'm doing a quick survey (10 questions) about "Internet of things". I would be very thankful if you could take some time and fill it in. Cheers! https://www.umfrageonline.ch/s/iot17
[13:18] <scottjl> done!
[13:31] <axisys> iot17: done
[13:31] <axisys> guess iot17 left
[14:06] <M3mphiZ> Is it normal that as root i can run 'mysql -u root -p' and even without entering the correct password i get in?
[14:37] <lordcirth_work> M3mphiZ, You are root anyway, what's the point?
[14:38] <lordcirth_work> M3mphiZ, I think if you try to connect to '127.0.0.1' rather than the default localhost it asks
[14:38] <lordcirth_work> Because 127.0.0.1 != localhost in mysql o_O
[14:39] <M3mphiZ> lordcirth_work: well its interesting, because after settings this: UPDATE mysql.user SET authentication_string=PASSWORD('<your-password>'), plugin='mysql_native_password' WHERE user='root'; I need the correct password.
[14:59] <necrophcodr> Is it possible to configure Apache to set a header explicitly?
[15:00] <necrophcodr> This is very wrong, but due to infrastructure and horrible code, I need to set the HTTPS header without enabling HTTPS or SSL
[15:00] <necrophcodr> Is that even possible?
[15:03] <lordcirth_work> necrophcodr, you have a reverse proxy adding TLS but not the header?
[15:04] <necrophcodr> lordcirth_work, oh no, it's much worse. I have Apache2 proxying from TLS to varnish, which then forwards to non-TLS port 80
[15:05] <necrophcodr> varnish removes the HTTPS header because it's not running with certificates, and our setup wouldn't really support that either way.
[15:05] <sdeziel> necrophcodr: RequestHeader set X-Forwarded-Proto "https"
[15:06] <necrophcodr> sdeziel, i have not actually tried this, i'll give it a shot
[15:06] <necrophcodr> sdeziel, but that won't actually set the HTTPS header, will it? like at any point in the stack?
[15:06] <lordcirth_work> necrophcodr, can't you configure varnish to set the header again?
[15:06] <lordcirth_work> Or, you know, fix the whole setup
[15:07] <sdeziel> necrophcodr: this will create the defacto standard header named X-Forwarded-Proto
[15:07] <necrophcodr> lordcirth_work, i'm not sure, but varnish forwards back to apache on port 80 (this is crazy), and apache might remove the https header too when not received on port 80.
[15:07] <necrophcodr> lordcirth_work, i can't fix the whole setup. there's too many servers running this kind of setup, and it's a LOT of moving integrated parts.
[15:07] <necrophcodr> if it was feasible to change, i would
[15:08] <lordcirth_work> Sucks.  It doesn't sound very feasible to maintain either
[15:08] <necrophcodr> i'm not asking because i find it fun, i'm asking because it's the only feasible solution i've come up with
[15:08] <necrophcodr> it is feasible to maintain, since there's not much maintenance.
[15:08] <lordcirth_work> How did it get set up that way?
[15:08] <necrophcodr> doesn't matter
[15:08] <necrophcodr> the problem is that we're running the infrastructure with apache2, and now need to also integrate varnish
[15:09] <necrophcodr> and we're not setting apache2 vhosts up ourselves, that's managed by other systems
[15:09] <necrophcodr> but we can modify the apache2 vhost templates, and the actual vhosts
[15:09] <necrophcodr> since this is also for shared hosting, there's a lot of stuff that needs to fit together
[15:10] <sdeziel> necrophcodr: if you control the backends' vhost templates, why not set the header in there?
[15:10] <necrophcodr> sdeziel, the backend is apache
[15:10] <necrophcodr> i'm talking about apache vhost templates
[15:11] <sdeziel> I understood as much
[15:11] <necrophcodr> that's where i'd like to set the header
[15:11] <necrophcodr> but it needs to be the HTTPS header
[15:14] <sdeziel> necrophcodr: I still think that RequestHeader is what you want
[15:14] <sdeziel> https://httpd.apache.org/docs/2.4/mod/mod_headers.html
[15:16] <necrophcodr> sdeziel, i'll give it another go
[15:23] <necrophcodr> sdeziel, if i do RequestHeader set HTTPS "on" then it isn't set
[15:33] <necrophcodr> or rather, Apache will set the HTTP_HTTPS header to "on"
[15:33] <necrophcodr> RequestHeader modifieds HTTP_* headers
[15:33] <necrophcodr> not all headers
[15:43] <sdeziel> necrophcodr: are you saying that Apache will add the prefix "HTTP_" to the header name you added?
[15:43] <necrophcodr> sdeziel, yes
[15:45] <sdeziel> necrophcodr: I've never seen that behaviour and doubt it's Apache's doing
[15:47] <necrophcodr> I'm forwarding it to a PHP fcgid script that simply var_dumps $_SERVER
[15:47] <necrophcodr> it does nothing else at all
[15:48] <sdeziel> https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidpassheader ?
[15:49] <sdeziel> at this point, it's no longer a HTTP header but a env variable with the prefix HTTP_$headername
[15:50] <necrophcodr> so now it still has the prefix HTTP
[15:50] <necrophcodr> but i still need to set the HTTPS header
[15:51] <necrophcodr> oh wait
[15:51] <necrophcodr> no it may actually work
[15:52] <necrophcodr> sdeziel, thanks, that appears to work!
[15:52] <sdeziel> necrophcodr: great, np