/srv/irclogs.ubuntu.com/2017/11/30/#ubuntu-server.txt

keithzgYeesh, I guess I'm done buying ASUS motherboards ever. Got a response from their customer service and the only way to patch the Intel ME vulnerability is indeed to run the updater which only works on Windows.00:20
sarnoldwhat is it with firmware / hardware people..00:22
sdezielnot even providing a bootable ISO with something like freedos is really bad00:24
keithzgYeah, I mean frankly anything involving updating firmware on a motherboard you'd think you'd want to be able to do without relying on an installed OS!00:43
metastableI enjoy my MSI boards for that reason. Insert stick, push button. BIOS flash, even from soft-brick.00:45
keithzgmetastable: To be fair though, the Intel Management Engine is an additional, somewhat self-contained entity with its own firmware, so the ease of flashing "BIOS" isn't necessarily an indicator that they'd get *this* right. I tried checking MSI's support pages to check how they've been handling Intel ME updates but I keep getting 504 errors from nginx on their servers . . .00:58
keithzgHmm from what little information MSI provides on https://www.msi.com/news/detail/tbzkKfKPAi1ALASqaWkS99rxLH-FNw7O9AC8b2jsPHSoz1kSuAag52YLmCGiuuD9LhFJ7_wgczjFmbrnR5UGCA~~ it seems like they might also require you to run Windows to update the Intel Management Engine.01:03
cncr04sanyway to have mdadm scrub a raid array to look for inconsitencies ?01:23
Slingcncr04s: thats what you'd have raid 1 or raid 5 for01:31
Slingwhat kind of inconsistencies ar eyou expecting?01:31
metastableEw. RAID 5...02:26
metastablecncr04s: echo check > /sys/block/mdX/md/sync_action02:26
metastablecncr04s: Where 'mdX' is the md device number of the mdadm array. Check /proc/mdstat for this.02:27
cncr04si have a raid5 and a raid 6 array05:05
cpaelzergood morning06:35
lordievaderGood morning06:44
cpaelzerhiho lordievader06:46
lordievaderHey cpaelzer06:48
lordievaderHow are you doing?06:48
cpaelzerlordievader: good, you as well I'd hope07:04
lordievaderYes, doing allright.07:04
cpaelzergreat07:04
lordievaderMy zabbix experiments seem to pay off somewhat.07:05
lordievaderWe want to create some triggers wich compare the data of today with yesterday.07:05
lordievaderSo I build a graph which does that.07:05
gun1xguys, quick question10:54
gun1xjust got an ubuntu server up on an infra that i do now own10:54
gun1xand i have something strange in terminal ... i get some strange characters10:55
gun1xdoes anybody know an apt command to install missing packages so i have all characters ?10:55
Frickelpitwhat do you mean by "strange characters"? did you check your locales settings?10:59
=== downtime is now known as uptime
=== albech1 is now known as albech
add1ctusI was enabling firewall on my server. Just added all the ports I need (22, 80, 443) to allowed list and did ufw enable. Everything else had default settings. Since then connections slowed down towards the server, and I disabled it immediately. But connections are still slow, and even apachectl status doesn't give any output. Checking with htop, it says server isn't under any load. Anything I could do?17:01
rbasakSlow how?17:04
rbasakCould it be reverse DNS timing out?17:04
add1ctusWhen I try rapidly checking tracert, every third request gets stuck. The website hosted on the server is also slow (Chrome gets stuck on Connecting..)17:06
sdezieladd1ctus: I'd make sure ICMP is authorized to have PMTU working17:09
sdezielI think ufw allows what's needed by default but I don't know for sure17:10
add1ctus@sdeziel: I didn't kinda understand what you're trying to say. How should I check that?17:14
sdezieladd1ctus: A quick way to check this would be to add those 2 rules: sudo iptables -I INPUT -p icmp -j ACCEPT; sudo iptables -I OUTPUT -p icmp -j ACCEPT17:16
rbasakadd1ctus: every third request getting stuck is a Cisco signature IIRC. I'd ignore that.17:24
HackeMatehello18:40
HackeMatei have some servers that i need to maintain, so i wanted to use something like teamviewer but for server (it means bypass firewalls)18:41
HackeMateexists a tool like that in ubuntu, or any way to do that?18:41
HackeMateboth computers connect to a common servers via http port and share data18:42
sdezielHackeMate: it's not like teamviewer but you can remote administer servers and transfer files using SSH19:27
HackeMateyes i know, but i cant pass trought firewalls or vlans19:31
HackeMatei dont know how teamviewer gets that19:31
sdezielI think that teamviewer has the agent phone home to essentially build a HTTPS tunnel. You can then connect to teamviewer servers and access your servers through that.19:37
sdezielHackeMate: this feels like a MITM to me so I prefer SSH :)19:37
HackeMateyes, thats the reason i want use an own method19:38
sdezielHackeMate: you have several options. 1) you could tweak the firewall to expose your server's SSH via port forwarding 2) you could setup a VPN that connects to a server you trust 3) you could run tor on the servers to use it as a backchannel to SSH in19:42
sdezielHackeMate: and probably a lot more19:42
RoyKhm - seems I'm getting this when attempting to install ubuntu 16.04 in a kvm/libvirt vm on jessie: Checking installer location failed: Could not find media '/data/iso/Linux/x64/Ubuntu/ubuntu-16.04.3-server-amd64.iso'.21:39
RoyKany ideas?21:39
TJ-RoyK: looks like a libvirt issue on the host based on the path21:42
RoyKTJ-: everything looks right, permissions and so on21:44
TJ-RoyK: have you refreshed the pool with "virsh pool-refresh default" (assuming it's using the default pool)21:51
RoyKTJ-: afaik it's not a pool, just "local" file22:06
TJ-RoyK: right, but the 'pool' should list it for the guest if I recall correctly22:07
ahasenackRoyK: was that error inside the vm, or in virt-manager?22:17
TJ-it's a virsh/libvirt error22:17
RoyKvirt-manager - interesting, regardless of file rights, I tried to ln (not -s) the file to where the debian iso was, and that works, meaning it's quite possibly a pool thing - I've never seen that issue before22:18
TJ-I've seen it in the past, when I manually added an ISO rather than adding it to the pool, and had to refresh the pool for the guest to see it22:21
RoyKI didn't try to refresh the guest pool, though - I don't know too much about these pools22:22
RoyKTJ-: anyway - thanks22:24
rbasakcpaelzer, ahasenack: BTW, mail-stack-delivery is something I've wanted to deprecate for years, but never got round to driving.22:28
ahasenackrbasak: it seems handy, but I can see how it would be a maintenance burden22:28
rbasakBut it doesn't really cause us any pain except in merges, because I think barely anyone actually uses it22:29
ahasenackit's in the lts guide22:29
rbasakYeah so it's quite a bit of work to deprecate and remove :)22:29
ahasenackyeah22:29
ahasenackwe just have to remember to update it with what is considered best practices that year :)22:29
ahasenacksmtpd_tls_mandatory_protocols = SSLv3, TLSv1 <-- that isn't, for example22:30
ahasenackSSLv322:30
ahasenacksomething I'm raising in my review22:30
ahasenackdefaults from postfix:22:32
ahasenack# postconf -d smtpd_tls_mandatory_protocols22:32
ahasenacksmtpd_tls_mandatory_protocols = !SSLv2, !SSLv322:32
ahasenackmaybe we should leave it at the postfix's default instead of hunting down what's bad and what is not22:33
rbasakI think that's a good idea. Make sure it's matches the postfix's packages default too. Eg. if postfix ships a conffile with an important setting that gets overriden by mail-stack-delivery, that could be a problem.22:34
rbasakSort of like you found it as it is now :)22:34
morphinehi guys, anyone here ever came across a situation where Apache 2.4 just wouldn't log rewrite activity no matter what you set the LogLevel rewrite:trace directive to?22:57
sarnoldmorphine: if you deliberately break the configuration in some blatant obvious way do you see that take affect as you expect? (I'm curious if perhaps the file you're editing is being ignored entirely)22:59
morphineyeah, this configuration is working perfectly and as expected. The context here is that I'm debugging a single rewrite rule22:59
morphineI went ahead and enabled rewrite logging, and two hours later I'm still trying to figure out why that never shows up on any of the logs23:00
morphinedoesn't seem to be a unique problem, found a couple forum threads about it but no actualy solution23:00
morphinealready tried a million things up to and including defining a vhost that has next to no configuration but the rewrite/log settings23:00
morphine(and no, I didn't forget to reload/restart Apache :)23:01
sarnold:)23:01
sarnoldmorphine: nothing in the docs stands out :/ it might be worth a bug report23:05
morphinecould be, but it's probably some obtuse and apparently-unrelated setting23:06
morphinewhich has been my experience with Apache 2.4 in particular23:06
sarnoldreminds me of the day I lost due to a '/' on the end of a directory name.23:08
ahasenackmorphine: can you see the rule checks progressing until your rule is hit? Or not even that?23:11
ahasenack(in the debug logs)23:11
ahasenackI was in that situation a few times, it was always *something*23:11
morphinethat's the whole problem, I don't see the rule logs *anywhere*23:11
ahasenackdid you set LogLevel?23:12
sarnoldare they maybe going to syslog rather than a file? or file rather than syslog?23:12
ahasenackthat's new in 2.4, according to what I'm reading23:13
ahasenack"Those familiar with earlier versions of mod_rewrite will no doubt be looking for the RewriteLog and RewriteLogLevel directives. This functionality has been completely replaced by the new per-module logging configuration mentioned above."23:13
morphineyeeeep23:14
morphinebecause it made sense before, so it had to change!23:14
morphine(sorry)23:14
ahasenackmod_rewrite made sense?23:14
ahasenack:)23:14
morphinehar23:14
morphinedon't even get me started on the Log/ErrorLogFormat mess23:15
ahasenackhttp://httpd.apache.org/docs/current/mod/core.html#loglevel23:15
ahasenackhope that helps23:15
morphineI already tried like 10 variations of the LogLevel line (including some obtained from forums/how-tos)23:16
morphinebut I might as well try a couple more23:16
ahasenacktry setting it for other things, see if you get that to work23:16
ahasenackif not even that changes the logs you are seeing, then something else is going on23:17
ahasenackgotta go, g'night23:17
morphinethanks for the input23:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!