/srv/irclogs.ubuntu.com/2018/01/19/#ubuntu-server.txt

kneekiI cannot get Apache2.4 to list the contents of a directory... I've tried .htaccess and modifying the <VirtualHost> <Directory> with no luck. What's another reason that Apache would prevent directory browsing?00:09
patdk-lapwith that amount of info? no00:13
patdk-lapinstalling the directoryindex module00:13
patdk-lapand activating it00:13
patdk-lapmake sure that option is turned on00:13
sarnoldI once spent five or six hours learning that apache <Directory> directives MUST NOT END with a /00:17
patdk-lap:)00:21
kneekisudo a2enmod autoindex && sudo service apache2 restart ... With my other VirtualHost options got 'er working. Thanks patdk-lap00:50
k_szeHow do I find the path of a systemd unit file?01:44
ChmEarl lib/systemd/system/<unit>.service01:47
k_szeI can't get iptables-persistent to work.01:59
k_szeI have rules saved in /etc/iptables/rules.v4.01:59
k_szeThe netfilter-persistent.service starts at boot time.02:00
k_szeBut I just don't see the rules added.02:00
k_sze(This is using Ubuntu Server 64-bit 16.04)02:07
ChmEarlk_sze, check /etc/default/iptables* for settings02:09
k_szeChmEarl: No such file(s).02:10
k_sze[work]Does ufw automatically persist rules and load them on reboot?06:13
lordievaderGood morning06:59
k_sze[work]If I look at the output of `iptables -4 -L`, I see there's already a rule for sshd to allow incoming NEW connections.07:03
k_sze[work]But how does that rule get added?07:03
k_sze[work]It seems that I never had iptables-persistent before, so it just have come from somewhere else.07:04
lordievaderk_sze[work]: You didn't set that up in ufw?07:04
k_sze[work]I never had ufw active either.07:04
lordievaderThat's a bit odd.07:05
k_sze[work]Does systemd have the power to automatically add firewall rules?07:07
k_sze[work]I see /lib/systemd/system/ssh.socket has ListenStream=22 Accept=yes07:08
tobascojamespage: is gnocchi py2 something that can be squeezed into queens release, milestone 3 now and release is closing in. tried to find if gnocchi even supports py2 still but no compat list on gnocchi.xyz page or their docs09:47
jamespagetobasco: we think so yes09:51
k_sze[work]what the...10:10
k_sze[work]my /etc/network/interfaces gets overwritten on reboot.10:10
k_sze[work]How does that even work?10:11
tobascojamespage: cool, thanks!10:13
Odd_Blokesmoser: What does CRSN in streams data actually stand for?10:20
k_sze[work]Seriously, I can't figure out, for the life of me, how iptables works in Ubuntu 16.04.11:19
k_sze[work]Where do the rules for http, smtp, pop3, imap, and ssh even come from? I never added those rules myself.11:19
rbasakDo you have ufw installed and enabled?11:20
rbasakIf so, that's what's doing it.11:20
k_sze[work]rbasak: I specifically tried disabling ufw and rebooting11:20
k_sze[work]the rules are still there.11:20
rbasakIt's not normal. I'm not aware of anything that does this by default.11:20
rbasakI'm not sure it's Ubuntu that's doing it then. Have you installed anything else on your system?11:21
k_sze[work]Well, they are all packages from the official repo11:21
k_sze[work]Sure, I have nginx and openssh installed and their services are running, but I never added the iptables rules myself.11:22
k_sze[work]The firewall landscape is a mess.11:23
k_sze[work]I wish there's a way to trace where the firewall rules came from.11:24
k_sze[work]I also have postfix service running, so maybe that's contributing to the rules for smtp, pop3, imap.11:27
rbasakI think there is infrastructure to do that, but there's no direct tooling since it's a pretty uncommon problem you have there.11:27
k_sze[work]But still, what mechanism?11:27
k_sze[work]rbasak: that's not even my main problem.11:27
k_sze[work]rbasak: my main problem is that I can't get my own custom rules to persist.11:27
k_sze[work]I have iptables-persistent and netfilter-persistent installed.11:28
k_sze[work]journalctl says netfilter-persistent started succesfully at boot time.11:28
k_sze[work]but I just don't see my custom rule.11:28
k_sze[work]And it's not like my rule has a syntax error, otherwise I would see a complaint in journalctl.11:28
k_sze[work](and of course, my rule is in the usual /etc/iptables/rules.v4)11:30
TJ-k_sze[work]: does the system have firewalld installed? That supports rules added dynamically by services via Dbus for example, which would explain what you're seeing11:31
k_sze[work]let me check11:31
k_sze[work]`systemctl status firewalld.service` says no such file or directory11:32
k_sze[work]`dpkg -l firewalld` also says it's not installed.11:32
TJ-k_sze[work]: how about "sudo grep -rn 'INPUT' /etc/ /var/lib/" - if they're defined and saved that should pick them up11:37
k_sze[work]Hmm, I see /etc/iptables.firewall.rules has the rules.11:38
k_sze[work]But it's dated April 26th, 2015.11:39
k_sze[work]That's *very* old. Seems like a file left to its default content to me.11:40
k_sze[work]Because that date is even before the release of 16.04.11:40
k_sze[work]Or did I write that file while on 14.04 and then I upgraded to 16.04?11:42
k_sze[work]I can't remember if I ever upgraded that server.11:42
k_sze[work]Is there a way I can tell?11:42
k_sze[work]I mean, if I can tell whether the server was upgraded from a previous release.11:42
TJ-k_sze[work]: how about "sudo grep -rn 'iptables\.firewall\.rules' /etc/"11:43
rbasakk_sze[work]: sudo cat /var/log/installer/version11:44
rbasakor media-info11:44
rbasakmedia-info is probably better11:44
k_sze[work]no version file, and media-info is empty.11:45
rbasakDon't know then. Perhaps the timestamp of media-info is a clue11:46
k_sze[work]April 23, 201511:46
k_sze[work]So maybe I *did* write that iptables.firewall.rules file a few days after installing the OS.11:46
k_sze[work]Right... /etc/network/if-pre-up.d/firewall restores the rules from that file.11:48
TJ-also "ls -l /var/log/dist-upgrade/"11:49
k_sze[work]So maybe I followed some "old-style" instructions before iptables-persistent became the recommended way.11:50
rbasakI'm not sure iptables-persistent is the recommended way.11:52
rbasakIt's just _a_ way.11:52
rbasakLooks like it's in universe.11:52
k_sze[work]I says recommended because newer tutorials seem to mostly mention iptables-persistent.11:53
k_sze[work]Anyway, home time. (It's almost 20:00 and I'm still in the office...)11:54
k_sze[work]Thanks for the help.11:55
smoserOdd_Bloke: cloud region short name13:34
smoserwhich clearly has evolved to not mean anything :-(13:35
smoseri think i probably had intended to keep them unique. i think we could probably re-work it. so that we had more consistent things.13:37
smoser aws-us-east-113:37
smoserthe real value of it is that it is used as compression via the 'alias' stuff.  then each item can have endpoint anad region but be represented in compressed form by just the 'crsn'13:40
Odd_BlokeRight.13:47
Odd_BlokeWell, it does do that, just per-cloud.13:47
smoserOdd_Bloke: i saw i think in gce a 'None' in part of the sting14:26
smoserstring14:26
smoserNonesomething14:26
=== albech1 is now known as albech
boxrickHello!19:09
boxrickI wish to use gpg2 and alias over the gpg command19:09
boxrickIs this is going to have implications on the core Ubuntu workings with apt and such?19:09
naccboxrick: what version of ubuntu?19:11
boxrick16.0419:12
naccboxrick: so install gnupg2 ? why do you need to change the gpg default?19:13
boxrickSo I have installed gnupg2 and it works fine.19:13
boxrickHowever I wish for anyone using the system to default to version 2 over 119:13
naccboxrick: why?19:13
naccboxrick: i dont think you actually want that, without some further thought -- folks can just invoke gpg2, no?19:14
boxrickThis is more of a simple ease of use19:15
boxrickPeople type 'gpg' rather than gpg2 for example as habit. I just want to catch that19:15
naccboxrick: they are, iirc, not compatible with each other ...19:18
naccso i think once they move, they won't be able to go back, but i'm not 100%19:18
naccit doesn't seem like something you want to do transparently19:18
naccboxrick: but if you insist, just add an alias, or an alternative19:19
boxrickId rather just remove gpg119:19
boxrickBut thats rather essential to the workings of Ubuntu19:19
boxrickThe intent here is to just set people up going with v2 and not need to worry about 1.19:20
TJ-boxrick: so you want te system to have access to gpg (v1) but users gpg (v2) - could you do it via /etc/profile so logins see an "alias gpg=/usr/bin/gpg2" ?19:28
naccthat's what i meant by add an alias above :)19:29
TJ-nacc: sorry, I didn't see it... my vision has literally blurred from tracing/reporting so many bugs today19:30
naccTJ-: np :)19:31
naccyours was more detailed anyways19:31
sarnoldboxrick: you may consider doing a symlink from ~/bin/gpg to /usr/bin/gpg2 so it only affects your user account and not system tools19:59
Neo4what is root@localhost?20:22
Neo4I want to get all my errors form VPS to my mail on google, how to do it?20:26
naccsarnold: good point20:28
naccsarnold: my impression was a multi-user system20:28
naccNeo4: it is a user @ a hostname20:29
Neo4nacc: all apps on linux send errors to this root @ localhost on default?20:29
naccNeo4: no, some just log them20:30
Neo4nacc: and others what to do?20:30
Neo4say default linux apps log on that mail errors, I need to get it20:30
Neo4what I shall to do?20:30
naccNeo4: I don't understand your question20:31
Neo4I've already installed postfix20:31
Neo4nacc: see root@localhost I want change it on neovichnn@gmail on my real mail20:31
naccI believe that's just an envelope setting20:31
Neo4nacc: how do you get errors on mail?20:32
naccNeo4: you have two completely different questions20:32
sarnoldNeo4: if I've understood you correctly, look at the msmtp-mta package20:32
Neo4I something read it possilbe redirect them on your real mail and if something will wrong with VPS you'll get message and react fast20:32
nacc1 is just what the user is that's receiving error/admin mails20:33
nacc2 is how to forward local error/admin mails to a remote server20:33
Neo4sarnold: I have postfix20:33
Neo4and I don't know how there something change for get what I want20:33
Neo4nacc: no, first you can omit20:34
Neo4nacc: apps that exists in linux send message to root@loalhost but it's not exaclty and I want get this messages20:34
Neo4root@localhost it's not real mail20:34
naccsure it is20:34
naccon localhost it is20:34
nacci think you are misunderstanding something20:35
naccas root on localhost, you run `mail` and read that just fine20:35
Neo4nacc: if will apahe send message it will www-data @ name of my computer if it will use postfix it will www-data @ kselax.ru . I changed myorigin = kselax.ru20:37
Neo4nacc: in linux mail send message?20:38
Neo4mail --help20:39
naccNeo4: it's really hard to understand what you are asking, possibly due to a language barrier.20:39
Neo4it's utility20:39
naccNeo4: are you asking if the command mail can send a message?20:39
Neo4nacc: yes, this too20:40
naccNeo4: yes, `mail` can send and receive mail20:40
Neo4nacc: default how it occur? assume mysql has error and it prepared data for send message, what will happen next?20:40
Neo4nacc: where it send mail?20:41
Neo4nacc: what is mail MUA?20:41
Neo4mail might be use my postfix?20:41
naccNeo4: i believe by default, admin mail is delivered to /var/mail/root20:42
Neo4mail -> postfix -> google MDA -> my thunderbird20:42
Neo4I'll look what is there20:43
naccNeo4: I don't understand what you mean by 'what is mail MUA'? Do you mean the command `mail` ?20:43
Neo4there empty root file20:44
naccNeo4: that implies no admin mails have been received (iiuc)20:44
Neo4nacc: I mean what is mail MUA for linux when we use mail, mail function is MUA20:45
Neo4nacc: admin mail with errors?20:45
naccNeo4: ... did you just answer your own question?20:45
Neo4that means all worked without error for a while20:46
Neo4nacc: what the own question? What do you mean?20:46
Neo4nacc: where do you see errors?20:47
Neo4nacc: see, https://serverfault.com/questions/485505/get-postfix-to-forward-roots-mail20:49
Neo4what is it postmaster:    root in /etc/aliases?20:55
Neo4according to that sources we see there mail function and we can send message to any mail. I want to send to root@localhost20:56
Neo4echo test | mail -s test root20:56
Neo4 *      /var/mail/root is empty20:57
gQuigssome bionic images not building since the 3rd?  - http://cdimage.ubuntu.com/ubuntu-server/21:30
gQuigsanyway to check why?21:30
naccpowersj: --^21:35
naccgQuigs: i think we know why, but not 100%21:35
sarnoldlooks like xenial too http://cdimage.ubuntu.com/ubuntu-server/xenial/daily/current/21:36
naccyeah i've been getting e-mails on them21:36
naccbut powersj usually handles that side21:37
powersjhmm I get the emails, but don't build them :)21:38
powersjslangasek would be who I'd ping, but probably won't see him till later21:38
gQuigsjust curious.. what''s the current theory?21:42
powersjgQuigs: looks like both xenial and bionic are having issues running requestBuild against Launchpad during the live filesystem21:50
powersjthe error is "An identical build of this live filesystem image is already pending."21:51
powersjso some timing must be off21:51
naccpowersj: i wonder if an olld build is wedged21:53
gQuigspowersj: well that makes the 3rd more interesting - https://twitter.com/launchpadstatus/status/94868823302988185621:53
naccbecause i think they all have been like that since then21:53
powersjnacc: agreed or due to taking the farm down for patching we need to kick something21:54
* TJ- kicks the nearest cow21:54
tomreynin other farming news: echo 'cowsay --help is broken on Xenial' | cowsay22:10
tomreynit just sits there. but then, it's a cow.22:10
sarnoldpoor cow :(22:11
TJ-That's just like our cows :)22:11
TJ-it's chewing it's cudd and thinking about it22:12
masontomreyn: Sure enough.22:16
gQuigsty!22:22
blackflowHm, turns out postgresql server dev package is in universe, while the main server is in main repo. How come? This is rather... suprising.22:52
blackflowbeen meaning to minimize the number of packages installed from universe, or at least watch them carefully, as some are in very bad shape.22:52
naccblackflow: specific package name?22:53
blackflownacc: for what?22:53
masonblackflow: I could be confused, but that might be worth a ticket asking for it to be pulled in.22:53
masonblackflow: The dev package.22:53
naccblackflow: any example for what you just said?22:53
blackflownacc: you mean package in universe thats' in bad shape? roundcube for example, on xenial. it's "beta" and never patched for at least five vulns, some REMOTE, that occurred in 2017 (I know because I helped patch the package in FreeBSD)22:54
masonblackflow: Open bugs on launchpad.22:56
masonIn in your case, submit patches in them. :P22:57
blackflowsomoene already file bug reports about that, but that got nowhere. meanwhile, my problem is not roundcube itself, I'm using upstream code directly. it's just that knowing how bad packages can get in universe, I was surprised to see postgres dev in there22:59
blackflowit's basically all coming from the same source pacakge, no? the server, the client, the headers for -dev ....23:00
naccblackflow: what package!?23:00
naccblackflow: you keep saying 'postgres dev' package23:00
naccblackflow: please just actually say the name of the package so i don't have to grep for it23:01
blackflowpostgresql-server-dev-9.623:01
blackflowit's headers for postgresql server, so libs can be built for it23:01
naccblackflow: the source is in main23:02
naccblackflow: we don't keep all binaries in main from a given package23:02
nacconly those that have deps in main or are seeded23:02
blackflowhow is it ensured that they're kept in sync?23:04
naccblackflow: how what is kept in sync?23:05
blackflownvm, I obviously misunderstood the purpose of "universe" and it being community maintained, as opposed to "main" which is Canonical maintained.23:07
blackflowor at least, what happens to postgresql-server-dev-*, despite it being in universe.23:07
naccblackflow: the relevant part here is the source package is in main23:07
nacc(afaict)23:08
blackflowmakes sense, yeah.23:08
rbasakTheoretically, if there's a vulnerability that impacts only the users of the binary postgresql-server-dev-9.6 and none of the other packages, Canonical staff may ignore it.23:12
naccalso, it's probably only a build-dep of pacakges in main, so it can be in universe23:13
naccjust a guess23:13
rbasakIn pratice it's unlikely though. And we generally push through point releases for Postgres.23:14
naccyeah23:15
blackflowI see. yeah.23:18

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!