From matches at ucc.gu.uwa.edu.au Sat Nov 1 10:45:51 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Sat, 1 Nov 2014 10:45:51 +0800 (AWST) Subject: [tech] mussel had too many apache Message-ID: mussel hosted websites weren't responding. There were 153 instances of `/usr/sbin/apache2 -k start` running on mussel. I believe we've had this problem before but I can't remember why. I ran `apachectl stop` and `apachectl start` and now we only have 9 instances of `/usr/sbin/apache2 -k start` tl;dr See subject [SZM] From zanchey at ucc.gu.uwa.edu.au Sat Nov 8 23:41:58 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sat, 8 Nov 2014 23:41:58 +0800 (AWST) Subject: [tech] Molmol rebooted Message-ID: OpenVZ containers on Medico weren't working, the website kept dying because phpBB calls flock(), and many NFS things were unhappy. This is because the NFS locking daemon (rpc.lockd) on Molmol hung in an uninterruptible sleep (D state), which is apparently a rare occurrence on FreeBSD fixable only by reboot. So I did - Molmol was bounced and came up nicely. I was moderately impressed with how well pausing all the running VMs and then rebooting the NFS server worked. After unpausing them, they just kept running. [DAA] From zanchey at ucc.gu.uwa.edu.au Sun Nov 9 00:14:25 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sun, 9 Nov 2014 00:14:25 +0800 (AWST) Subject: [tech] Group/GID changes Message-ID: Wth the move to Molmol, one of the longstanding warts of our current authentication setup reared its head again: the conflict between system and LDAP user & group numeric identifiers (UIDs and GIDs). Basically, most systems (including Debian) expect that there are some GIDs which are used for one purpose, and we use them for another. For example, 'gumby' (our general user group) is GID 21, which Debian expects to actually be 'fax'. Mostly we have been hacking around this and hoping. --- I've made the following changes: committee group moved from GID 69 to 10069, all files in /home, /away and /services chgrped to the new ID. phpbb group moved from GID 22 to GID 11902 (same as the UID phpbb) and all files in /services/phpbb chgrped to the new ID. (Incidentally, the forum was broken already.) flame user moved from UID 26 to 10026 - files in mooneye:/usr/flame annd /services chowned. Removed xyzzy user (UID 66) - the files in [BBB]'s home directory were chowned back to him. Removed lists user (UID 67) - spam only in /home/mail/lists, no other files. mailman user and group moved from UID/GID 68 to 10068, and all files in /home/other/mailman and mooneye:/usr/local/mailman chowned to the new users, and `check_perms -f` run. oracle group moved from GID 88 to GID 10088, and all files in /home/other/oracle chgrped to the new ID. (Oracle was the UCC Knowledge Base. Amazing.) Removed coke (GID 28) - members were john, mtearle, andrew, gozzarda, matches and coke. All files (mostly belonging to [TPG]) chgrped to wheel. The user accounts `coke` and `netincome` (both UID 28) were set to GID 70 (other). Removed coke-old (GID 26), teambeer (GID 12345) and noaccess (GID 60002) - no group members and no files in these groups. Removed mp3pp (GID 66) - no group members and no files with that group ownership. I note /services/mp3pp still exists, does anyone know what it is? Removed irc (GID 6667) - no files in this group, only members were rod (account has been removed) and [TRS] (who can undo the damage if he needs to). I also archived a bunch of old IRC servers in /services/ (irc, irc-new and irc-ipv6). Removed usrlcsrc (GID 43) - all the files in this group actually belong to the group 'wtmp' (also GID 43). This group has been at UCC since at least 2002[1] and it doesn't seem to do anything any more. Removed adduser (GID 123457) - an old version of ucc-adduser belonged to this group, but it had no members and was not SGID. I chgrped it to wheel and removed the group. Removed angband (GID 44) - no files, and the only members were [TRS] and [MST]. --- Notably, I am yet to fix the mess with the following groups: gumby:x:21 www-data:x:101 other:x:70 Anyone who wants to give it a shot is most welcome. David Adam zanchey at ucc.gu.uwa.edu.au [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=130558 From zanchey at ucc.gu.uwa.edu.au Sun Nov 9 15:06:20 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sun, 9 Nov 2014 15:06:20 +0800 (AWST) Subject: [tech] Group/GID changes In-Reply-To: References: Message-ID: On Sun, 9 Nov 2014, David Adam wrote: > Basically, most systems (including Debian) expect that there are some GIDs > which are used for one purpose, and we use them for another. For example, > 'gumby' (our general user group) is GID 21, which Debian expects to > actually be 'fax'. Mostly we have been hacking around this and hoping. > > Notably, I am yet to fix the mess with the following groups: > > gumby:x:21 > www-data:x:101 > other:x:70 Further to this, I have made a start on the GID 21 mess. I have tried to do it in such a way that nobody loses access to any data. All gumby users have been added to both GID 21 (now called oldgumby) and GID 10021 (the new gumby group) as supplementary users. Also, everyone who had a primary group of GID 21 has had it changed to GID 10021. I changed the Samba groupmap to make RID 513 (the Domain Users group) point to the new group ID. Next time we reboot and kick the majority of user sessions off we can remove the GID 21 entry in LDAP. [DAA] From zanchey at ucc.gu.uwa.edu.au Mon Nov 10 15:57:51 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Mon, 10 Nov 2014 15:57:51 +0800 (AWST) Subject: [tech] Mylah switched off (was: Molmol the slightly more fileserver) In-Reply-To: References: <53D54303.4050005@ucc.asn.au> <53D514B5.9040207@ucc.asn.au> Message-ID: On Mon, 27 Oct 2014, Andrew Adamson wrote: > Things left to do are: > -work out what is causing the mega-slowdown with l2arc I disabled the L2ARC (read cache) which was stored on the system disks, because it was making the system pretty much unresponsive for anything that wasn't already in memory. I don't actually know if there's a good way around this. Perhaps we should drop a pair of USB sticks in as a boot device. Or use the SSDs out of Mylah, because... > -make molmol the primary domain controller for samba and turn off Mylah We've done this. Molmol is now running Samba 4.1 as the primary domain controller (using the old NT4-style domain, not the new AD stuff). Mussel is still the backup domain controller. Mylah has been switched off by [BOB]. > -check the rsize and wsize nfs mount options that we've had for the last > 10 years are really still appropriate > -fully decommission and de-rack the SAN > -decide what to do with the netapp [DAA] From harrymc at ucc.asn.au Mon Nov 10 19:47:39 2014 From: harrymc at ucc.asn.au (Harry) Date: Mon, 10 Nov 2014 19:47:39 +0800 Subject: [tech] VirtualBox single license Message-ID: <5460A5DB.5090201@ucc.asn.au> Hello To be squeaky commercially compliant I would like to buy a single VirtualBox license for a site but Oracle sells 100 seats. Does anyone know how / if some generous company has an arrangement with Oracle to resell single licenses ? All the best Harry From vanbujm at gmail.com Sat Nov 1 16:11:27 2014 From: vanbujm at gmail.com (Jonathan Van buren) Date: Sat, 1 Nov 2014 16:11:27 +0800 Subject: [tech] CISCO AS5200 Access Gateways Message-ID: Hey all, A old UCCian came in today and offered to donate multiple CISCO AS5200 Access Gateways apparently they are great for learning CCNA If we are interested at grabbing a couple of these. He can be contacted at peter at nanoscale.com.au <3 JVB - UCC Secretary -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20141101/99d25153/attachment.htm From trs80 at ucc.gu.uwa.edu.au Mon Nov 10 20:37:29 2014 From: trs80 at ucc.gu.uwa.edu.au (James Andrewartha) Date: Mon, 10 Nov 2014 20:37:29 +0800 (AWST) Subject: [tech] VirtualBox single license In-Reply-To: <5460A5DB.5090201@ucc.asn.au> References: <5460A5DB.5090201@ucc.asn.au> Message-ID: On Mon, 10 Nov 2014, Harry wrote: > To be squeaky commercially compliant I would like to buy a single VirtualBox > license for a site but Oracle sells 100 seats. Their FAQ says you should be alright: "What exactly do you mean by personal use and academic use in the Personal Use and Evaluation License? Personal use is when you install the product on one or more PCs yourself and you make use of it (or even your friend, sister and grandmother). It doesn't matter whether you just use it for fun or run your multi-million euro business with it. Also, if you install it on your work PC at some large company, this is still personal use. However, if you are an administrator and want to deploy it to the 500 desktops in your company, this would no longer qualify as personal use. Well, you could ask each of your 500 employees to install VirtualBox but don't you think we deserve some money in this case? We'd even assist you with any issue you might have." https://www.virtualbox.org/wiki/Licensing_FAQ Which looks like a good reading of the actual license to me: ?Personal Use? requires that you use the Product on the same Host Computer where you installed it yourself and that no more than one client connect to that Host Computer at a time for the purpose of displaying Guest Computers remotely. https://www.virtualbox.org/wiki/VirtualBox_PUEL -- # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \ # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best | [ "There's nobody getting rich writing ]| -- Collect and hide your | [ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 / From atyndall at ucc.asn.au Fri Nov 14 17:51:42 2014 From: atyndall at ucc.asn.au (Ash Tyndall) Date: Fri, 14 Nov 2014 17:51:42 +0800 Subject: [tech] Minecraft Server Migration Message-ID: The Minecraft Server VM has been migrated from the old MineOS CRUX to the new MineOS Turnkey. You can access the new administrative interface at https://minecraft.ucc.asn.au:8080 Wheel members can access the old HDD image to migrate any servers they may have wanted to keep at ~atyndall/minecraft-main.raw (there wasn't enough space on heathred to keep it on there). The root password is the same as before, and the password for the "mc" account to login to the admin interface is available on request (or at ~atyndall/minecraft-vm-password for wheel members). -- Ash Tyndall [ASH] UCC Wheel Member -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20141114/fc195eba/attachment-0001.htm From bob at ucc.gu.uwa.edu.au Wed Nov 26 22:57:08 2014 From: bob at ucc.gu.uwa.edu.au (Andrew Adamson) Date: Wed, 26 Nov 2014 22:57:08 +0800 (AWST) Subject: [tech] Kalashnikov upgraded to Precise Message-ID: Hi All, I upgraded Kalashnikov to Ubuntu 12.04 LTS with Mate, as the version that was on it (natty) was too old to be upgraded and horribly insecure. The upgrade is a trimslice specific image, so don't go doing release upgrades on it - leave it on 12.04. The SOE has mostly been installed, aside from a couple of things like printers that I kinda need to be there in person to set up. A couple of issues I hit along the way that might help a future person re-imaging it: 1. for some reason the ubuntu image doesn't come with 'dialog' installed, which makes debconf ask for everything verbosely using readline. Install it with apt-get install and it just works 2. Locales are broken in the image - fix with `locale-gen en_AU.UTF-8' then `dpkg-reconfigure locales' 3. Another fun fact is that when wget -O fails with a certificate error, it still creates the destination file, but with zero size. It turns out this *will* make ldap with ssl difficult to set up. Andrew Adamson bob at ucc.asn.au |"If you can't beat them, join them, and then beat them." | | ---Peter's Laws |