[05:50] <Goop> How do I install phpmyadmin without Apache? I have a server that MUST run on nginx only.
[05:58] <andol> Goop: Likely the same you would install any other phpmyadmin application under Nginx, using php-fpm. Also, a quick google search suggest that there are plenty of tutorials availible.
[06:47] <Maximxxx100> Ok interesting problem, one of my servers that I own has been comprised. It's making thousands of connections to one ip and port per second from random ports on my server. Now nothing about it is showing up on netstat, and nothing I can do shows what process or why this is happening. I've shut down every system process that is not necessary, and used ufw to block every in/out connection except SSH. And I tried blocking the ip
[06:47] <Maximxxx100> with iptables/ufw with no luck. It's still making connections no matter what I do. did a port scan on the ip and the ONLY open port is the one my server is making thousands of connections per second to located in Vietnam. Thanks.
[07:02] <bhuddah> Maximxxx100: backup all data.
[07:05] <Maximxxx100> I have bhuddah, I've had this particular server for 6 years without any problems. I would like to save it without going Nuclear and wiping with a new install, but I cannot stop my server from contacting this ip at all.
[07:05] <bhuddah> Maximxxx100: you can never ever save a compromised machine. you absolutely need to wipe it. repair is not an option. never.
[07:09] <Maximxxx100> I dont know if it's compromised for sure, it would be nice If I could find more information about it before. I wonder how it would get compromised in the first place. I've had unattended upgrades working perfectly, using only ssh keys and good passwords. And only used it to host a few files and private services for me.
[07:10] <Maximxxx100> and I always used user accounts for all services, yet the connections are coming from root. darn...
[07:10] <Maximxxx100> How did the sneaky Vietnam guy hack his way in is what I want to know.
[08:19] <awalende> Is it possible, that the "out of memory killer" kicks in not when there is not enough ram, but too many pagetables are created?
[08:19] <awalende> My qemu vm keeps kicking the bucket, even tho I have still a bunch of memory left on the host
[08:30] <cpaelzer> awalende: maybe memory of one special kind is depleted like lowmem in the 32 bit past
[08:30] <cpaelzer> awalende: the oom should have put some output in your dmesg that might help
[08:30] <cpaelzer> you could pastebinit to think about it together
[08:31] <cpaelzer> soemtimes knowing /proc/meminfo, /proc/pagetypeinfo can also help
[08:31] <cpaelzer> depends on your actual case
[08:33] <cpaelzer> awalende: in general https://linux-mm.org/OOM has some more details and also a script to collect more data (I haven't tested/used that script, so it might need some polishing)
[08:54] <awalende> kern log: https://paste.ubuntu.com/p/BpSQ6ysxj4/
[08:55] <awalende> meminfo: https://paste.ubuntu.com/p/shg9q62ZbW/
[08:56] <awalende> pagetype info: https://paste.ubuntu.com/p/KxTfPKjqDg/
[08:57] <cpaelzer> ther kern log should have ~15 more lines above that starting with Mem-Info
[09:00] <awalende> like this? https://paste.ubuntu.com/p/xXsv88fMHd/
[09:15] <cpaelzer> awalende: without spending too much time I unfortunately also see no clear reason
[09:15] <cpaelzer> awalende: the allog being only order=0 from GFP_HIGHUSER_MOVABLE should succeed if your pagetypeinfo matches
[09:16] <cpaelzer> unless the pagetype info is e.g. form long before/after the actual issue
[09:16] <cpaelzer> which means whatever was depleated before isn't anymore when taking the data
[09:16] <cpaelzer> awalende: oh here we go
[09:17] <cpaelzer> awalende: in the moment you fail the high memory has only free:33316kB
[09:17] <cpaelzer> but there is min:33320kB
[09:17] <cpaelzer> and the  GFP_HIGHUSER_MOVABLE can not tap on that reserve
[09:18] <cpaelzer> it might be that your overall free mem is on other nodes and/or other zones
[09:20] <awalende> meh, then I probably have to bash my monitoring since it was reporting 110gb free mem on crash :x
[09:28] <awalende> but thank you for lookin into it cpaelzer! I'll try to get a bigger grip on different memory sections on my server
[11:02] <awalende> cpaelzer , I believe to have found the cause now. Our QEMU VM has NUMA support enabled. I believe the seperation of memory banks can cause memory chokes depending on the load. I guess thats what you meant with "the free mem is on other nodes"?
[11:03] <cpaelzer> awalende: yes
[11:05] <cpaelzer> awalende: https://libvirt.org/formatdomain.html#elementsNUMATuning
[11:34] <awalende> We probably want the "preferred" mode here.
[13:00] <Ussat> Anyone here run an ansible master on Ubuntu ? I assume you use the official ansible PPA's as listed here:  sudo apt-add-repository --yes --update ppa:ansible/ansible
[13:15] <sdeziel> archive.ubuntu.com is terribly slow (~15kB/s) from multiple locations
[13:15] <lotuspsychje> sdeziel: known issue @ the ubuntu-mirrors guys
[13:15] <sdeziel> lotuspsychje: thanks :)
 tobikoch: we're aware, we had a large spike in traffic ~90 mins ago.  No sign that is anything but legitimate traffic so far, but we're pushing our transit to capacity at this time.
[13:16] <sdeziel> I'll enjoy the dial-up experience in the meantime ;)
[13:16] <lotuspsychje> sdeziel: :p try sudo apt update perhaps
[13:56] <Ussat> ok...so a new build of ubuntu.....: Err:4 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease
[13:56] <Ussat>   403  Forbidden [IP: 91.189.91.23 80]
[13:57] <Ussat> getting a ton of those......
[14:04] <dlloyd> yeah getting timeouts and sporadic failures for the aws us-east mirrors as well
[14:04] <Ussat> Well.......have a few builds to do today...this puts a crimp in plans
[14:05] <JanC> maybe ask in #canonical-sysadmin
[14:07] <Ussat> sigh
[14:07] <Ussat> this is not a good start to my day
[14:10] <rbasak> Ussat: 403 seems odd. Are you sure you don't have something transparently MITMing?
[14:11] <Ussat> definately
[14:26] <Ussat> OK, I was wrong, transparent proxy on this network, talking to my network team now rbasak
[14:37] <rbasak> Ussat: #canonical-sysadmin confirmed a known issue. Perhaps your MITM is transforming the known issue into a 403?
[14:37] <Ussat> rbasak, yup...working with my networking team now
[14:38] <Ussat> its a monday here :(
[16:15] <Ussat> is there a someplace I can see all the IP's used for updates at canonical and ubuntu ? or a range, I need them for my prox
[21:01] <teward> sarnold: i maaaaay have found a bug in using umt on a later release :/
[21:37] <JanC> Ussat: doesn't seem like a good idea to hardcode that
[21:38] <Ussat> Ya its fixed
[21:39] <JanC> imagine if they would decide to dynamically add cloud instances or something like that, there is no way you could keep a list of "known download servers" up-to-date...
[21:52] <Ussat> JanC, ya its been fixed here