[00:11] <zul> jamespage:  when you get in https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/214856
[00:27] <resno> how do you restart the network manager in 14.04?
[00:27] <resno> /etc/init.d/networking just sits
[00:27] <resno> service network-manager restart just sits
[00:27] <sarnold> resno: hah, don't run that. that's a recipe for killing your machine
[00:27] <sarnold> resno: why is network-manager on your server in the first place?
[00:28] <resno> i dunno, im just trying to get my static ip :(
[00:28] <resno> it didnt do anything
[00:28] <resno> so i tried just interfacing directly with ifconfig
[00:29] <resno> heh, rhetorical question and run ftw :)
[00:29] <sarnold> resno: the 'best' way to configure networking on servers is to edit /etc/network/interfaces and once it is set up correctly 'ifup eth0' or whatever
[00:29] <resno> ah ifup now?
[00:30] <sarnold> resno: yeah. and when you've got some time, figure out what dragged network-manager onto your machine and do your best to get it back off :) it's tolerable (barely) for laptops but servers deserve better :)
[00:31] <resno> so, hopefully im not in a lost state
[00:31] <resno> my ip is somehing i dont expect and "ifup eth0" says interface already configured
[00:31] <sarnold> hrm
[00:32] <sarnold> is it one of the 169.xxx whatever "local" network addresses?
[00:32] <resno> ah, there we go
[00:32] <sarnold> or did you get assigned a DHCP from your pool? :)
[00:32] <resno> ifdown then ifup :)
[00:32] <sarnold> \o/
[00:32] <resno> is the upstart not used anymore?
[00:33] <sarnold> ifdown doesn't always manage to clean things up depending upon changes you may make to /etc/network/interfaces -- nie that it did the job this time
[00:33] <sarnold> resno: check out /etc/init/network* -- there's a huge pile of interacting scripts to manage networking :/
[00:34] <sarnold> resno: thankfully ifup/ifdown has continued to work even in the upstart age :)
[00:35] <resno> ah ok.
[01:48] <Cinos> Is the fixed OpenSSL (1.0.1g) available for Ubuntu Server? Trying to upgrade tells me it's the latest version, although it's showing up as being 1.0.1c
[01:49] <mwhudson> which series?  it's not necessarily been updated to 1.0.1g everywhere, but the fix has been ported everywhere it was needed
[01:49] <mwhudson> afaik
[01:49] <Cinos> Series?
[01:49] <Cinos> How do I check that
[01:49] <shauno> http://www.ubuntu.com/usn/usn-2165-1/   if your installed version matches the versions listed at the end, you're cool
[01:50] <Cinos> So I don't need to upgrade my openssl if I'm using those versions?
[01:50] <Cinos> I have 12.10
[01:51] <cfhowlett> Cinos dude!  12.10 is end of life and no longer supported = and you're stressing ssl?  upgrade, dammit!
[01:51] <sarnold> cfhowlett: heh, 12.10 has another mumble-weeks life left
[01:51] <cfhowlett> !12.10|sarnold
[01:51] <sarnold> cfhowlett: it's 13.04 that's been dead..
[01:52] <Cinos> How would I even upgrade?
[01:52] <cfhowlett> sarnold d'oh!  okay then.  I mis-spoke.  sorry, cinos
[01:52] <sarnold> cfhowlett: sudo apt-get update && sudo apt-get -u upgrade  :)
[01:52] <Cinos> One of my servers is showing as being 12.04
[01:52] <sarnold> Cinos: 12.04 is an LTS release, it will be supported for another three years :)
[01:52] <Cinos> ah
[01:53] <cfhowlett> Cinos 12.04 has 5 years support, but current is 12.04.4 so : sudo apt-get update && sudo apt-get dist-upgrade    will bring you current
[01:53] <Cinos> okay
[01:53] <Cinos> I do that regularly
[01:53] <cfhowlett> sarnold : 5 years
[01:53] <sarnold> Cinos: but for your 12.10 machine, pay attention to its end of life when it comes; probably sudo do-release-upgrade will do the right thing, but pay attention when it happens
[01:53] <Cinos> okay
[01:54] <Cinos> Anyway, so should I just be fine with the current version of OpenSSL that I have?
[01:54] <sarnold> Cinos: have you rebooted or restarted all your services after installing the update?
[01:54] <Cinos> It hasn't installed any updates
[01:55] <sarnold> Cinos: you may also wish to regenerate private keys and assume they have been compromised; perhaps expire web sessions, etc..
[01:55] <Cinos> apt-get update && apt-get upgrade just returns that there are no packages to update
[01:55] <cfhowlett> Cinos apt-get dist-upgrade
[01:55] <sarnold> Cinos: and dpkg -l libssl* returns those right versionnumbers?
[01:55] <Cinos> Same result
[01:55] <Cinos> one sec
[01:55] <Cinos> nope, it's showing 1.0.1c and 0.9.8o
[01:56] <sarnold> Cinos: ah, sorry, I forgot that dpkg cuts off version numbers :( try dpkg -l libssl* | cat
[01:56] <sarnold> that'lltrick it into showing the full width output
[01:56] <Cinos> it's showing the full length
[01:56] <Cinos> I see things like "1.0.1c-3ubuntu2.7"
[01:56] <mwhudson> right
[01:56] <mwhudson> that's what sarnold is asking for :)
[01:56] <Cinos> ah
[01:57] <sarnold> yay, 3ubuntu2.7 is the 'fixed' version at http://www.ubuntu.com/usn/usn-2165-1/
[01:57] <mwhudson> you can see here that this version includes the fix: https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7
[01:57] <mwhudson> so this isn't version 1.0.1g it's version 1.0.1c + fixes
[01:58] <Cinos> ah, so no need for me to panic
[01:58] <Cinos> I haven't upgraded since before today
[01:58] <sarnold> Cinos: you may have the unattended-upgrades package installed
[01:58] <Cinos> hm
[01:59] <sarnold> Cinos: that will install security updates periodically; but this update also requires restarting affected services and since so many things use openssl, we've just recommended rebooting.
[02:57] <BasedGeek> hey folks anybody know anything about running a gopher server?
[02:57] <BasedGeek> pygopherd to be specific?
[03:00] <sarnold> I can't believe I call myself a neckbeard without having run a gopherd myself.
[03:00]  * BasedGeek sighs deeply
[03:02] <sarnold> heh, looks like an awesome tool :)
[03:34] <hallyn> gopher!  oh  how i miss gopher
[03:36] <BasedGeek> any tips on running pygopherd?
[04:53] <valeech> hello! is this a good channel to get help with MaaS and JuJu?
[05:31] <[ghost]> im running ubunut server 12.04 i'm trying to setup openvpn to connect to my server remotely. internal connection works i just can't connect to the internet. i tried bridge but no luck any suggestions.
[06:37] <lordievader> Good morning.
[08:17] <hadifarnoud> how can I just update SSL?
[08:18] <hadifarnoud> I mean openSSL
[08:23] <cfhowlett> hadifarnoud is this for the heartbleed issue?
[08:24] <hadifarnoud> yes cfhowlett
[08:25] <cfhowlett> hadifarnoud according to the discussion in main channel, the upgrade has already rolled out on supported versions, although the version doesn't display the new number.    do sudo apt-get upgrade
[08:25] <cfhowlett> hadifarnoud ask in #ubuntu for more info
[08:25] <hadifarnoud> cfhowlett: that's the thing. I don't want to upgrade anything else
[08:26] <cfhowlett> hadifarnoud ask in #ubuntu for more info
[10:08] <rbasak> jamespage: I think I need to flag bug 1302192
[10:09] <rbasak> jamespage: seems pretty critical to me. Everyone uses ping.
[10:09] <rbasak> jamespage: something to do with the way ISOs are built maybe?
[10:09] <jamespage> rbasak, maybe - that might be installed in the image-bit of the installer
[10:10] <jamespage> rbasak, can you give cjwatson a ping about this?
[10:10] <rbasak> Will do
[11:07] <jamespage> beisner, roaksoax: is maas now functional from the ISO?
[11:07] <jamespage> reference bug 1298559
[11:21] <zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/2014.1.rc2/+merge/214856
[11:35] <jamespage> zul, +1 on horizon
[11:41] <Siebjee> when is the new openssl version 1.0.1g being released as ubuntu package ?
[11:42] <bekks> Siebjee: It was released two days ago.
[11:42] <Siebjee> I don't see it in the repo on packages.ubuntu.org/
[11:42] <Siebjee> for any release
[11:42] <bekks> Siebjee: http://www.ubuntu.com/usn/usn-2165-1/
[11:42] <bekks> Siebjee: The version was not bumped, the fix was applied.
[11:54] <rbasak> kirkland: are you planning to take care of bug 1304777?
[11:56] <rbasak> kirkland: also, what implications does a server cert change have, OOI? Does this break pollinate? I don't see any fallback.
[11:56] <rbasak> Why does it not default to using the PKI?
[12:37] <caribou> Is it a total waste of my time to try to use juju's local provider to deploy openstack ?
[12:37] <zul> jamespage:  neutron rc2 is out do you want me to take it?
[12:40] <jamespage> zul, sure
[12:40] <jamespage> caribou, you can do it but you have to use the juju add-machine --to kvm:0 to create instances for nova-compute, quantum-gateway and other bits
[12:40] <jamespage> caribou, see hazmat's email to the juju ML
[12:41] <caribou> jamespage: ok, thanks I'll look for that
[12:57] <caribou> jamespage: is hazmat's email in a recent thread ?
[13:04] <cfhowlett> filippo.io/heartbleed/   asks for a hostname to test vulnerability - how do I proceed
[13:04] <patdk-wk> dunno, ubuntu doesn't run that website
[13:05] <cfhowlett> patdk-wk how/where can I test the heartbleed patch?
[13:13] <alex88> cfhowlett: put the hostname?
[13:14] <cfhowlett> alex88 what hostname might we normally use for testing such as this?
[13:14] <alex88> cfhowlett: the hostname of the server you want to check for that bug
[13:14] <alex88> well, the endpoint more than the server
[13:14] <cfhowlett> alex88 got it.  thank you.
[13:15] <alex88> np
[13:18] <jamespage> caribou, 'fast containers & dev workflow with juju 1.18'
[13:19] <caribou> jamespage: ok got that. I also found a blog post from stokachu who talks about it
[13:22] <beisner> jamespage, roaksoax: as of yday's iso, no.
[13:22] <jamespage> beisner, hmmm
[13:24] <beisner> jamespage, will be kicking off that and other amd64 iso test runs shortly
[13:24] <jamespage> beisner, ack - lemme know if that fails asap - we need to get that nailed before FF IMHO
[13:25] <beisner> jamespage, ack, I agree.  if the feature is on the menu, we should make sure it works.  alt would be to rm the menu item and force install via apt.
[13:26] <jamespage> roaksoax, do you have time to work on this?
[13:27] <roaksoax> jamespage: on what exactly? the bug from maas iso install?
[13:27] <jamespage> roaksoax, yes
[13:27] <roaksoax> jamespage: i can try to look at it tonight
[13:27] <jamespage> roaksoax, I need a definate
[13:27] <jamespage> this is a critical release bug
[13:28] <roaksoax> beisner: do you have the link for the ISO you are testing?
[13:29] <beisner> hi roaksoax.  yep it's the daily build.  http://cdimage.ubuntu.com/ubuntu-server/daily/current/     http://cdimage.ubuntu.com/ubuntu-server/daily/current/trusty-server-amd64.iso
[13:30] <roaksoax> jamespage: i'll give it a look now and let you know
[13:30] <jamespage> roaksoax, thanks
[13:31] <zul> jamespage:  https://code.launchpad.net/~zulcss/neutron/2014.1.rc2/+merge/214947
[13:32] <jamespage> zul, +1
[13:51] <zul> jamespage:  we should be fine in the icehouse CA now (libvirt regression from yesterday)
[13:52] <jamespage> zul, looks weird but works OK "pc-i440fx-trusty"
[13:52] <jamespage> lol
[13:54] <zul> jamespage:  yeah
[13:54] <zul> jamespage:  rhel does the same thing apparently
[13:55] <zul> jamespage:  ceilometer testsuites have been disabled for the longest time so im whipping that back into shape
[13:56] <jamespage> zul, ok - but I remember they depend on a running MongoDB - is that still true?
[13:57] <zul> jamespage:  oh hell yes
[13:58] <zul> jamespage:  im just gonig to get the tests to use sqlite by default
[13:58] <jamespage> zul, OK
[13:58] <zul> we are also missing a dependency on oslo.vmware as well
[14:12] <kirkland> rbasak: I've opened an RT
[14:12] <rbasak> kirkland: AIUI, it's the package that needs fixing, no?
[14:13] <rbasak> With the pem embedded in it? That bug came from IS.
[14:13] <kirkland> rbasak: yes
[14:13] <kirkland> rbasak: okay, updating now...
[14:14] <rbasak> kirkland: OOI, why aren't you using PKI by default?
[14:16] <kirkland> rbasak: https://docs.google.com/presentation/d/1wj2HNoFguP6JycBB-uDHQKACyQQuEacjaK68cWQxTE0/edit#slide=id.g2b85e07b3_367
[14:16] <kirkland> rbasak: slide 48
[14:16] <kirkland> rbasak: sorry, slide 45/46
[14:17] <rbasak> kirkland: I see, OK. I suppose the trade-off is that older cloud images will now never successfully pollinate? That strikes me as a potential attack vector in itself, though I suppose no worse than a DoS.
[14:18] <kirkland> rbasak: it is a calculated tradeoff, unfortunately
[14:18] <rbasak> Understood. Fair enough.
[14:19] <kirkland> rbasak: the good news is that the bundled cert is actually working as designed :-)
[14:19] <kirkland> rbasak: ie, we changed the cert on the server (for a very good reason)
[14:19] <kirkland> rbasak: and now pollinate is appropriately "failing"
[14:21] <kirkland> rbasak: and, fwiw, you can certainly manually override pollinate's options, and disable the --cacert /etc/pollen/cert.pem --capath /dev/null options
[14:26] <beisner> jamespage, roaksoax:  confirmed 'internal server error' is result of maas install from trusty 2014-apr-09 daily ISO.  bug: https://bugs.launchpad.net/ubuntu/trusty/+source/maas/+bug/1298559
[14:30] <jamespage> zul, promoting proposed->updates for icehouse
[14:30] <jamespage> zul, ceph will follow shortly
[14:32] <jamespage> zul, in ceilometer?
 we are also missing a dependency on oslo.vmware as well
[14:34] <aliesky> Hello everyone
[14:35] <aliesky> I have a question about networking and dns-nameservers
[14:35] <zul> jamespage:  yeah python-oslo.vmware is missing as a build-deps, pydist picks it up anyways
[14:36] <aliesky> I have a PC with two NIC, each NIC with a different network, and each network have it's own DNS Servers
[14:36] <aliesky> how to configure both nameservers?
[14:37] <aliesky> do I need to declare them separately in the network.conf file?
[14:38] <bekks> there is no network.conf file. There is /etc/network/interfaces and you declare both on one line.
[14:38] <bekks> aliesky: https://help.ubuntu.com/12.04/serverguide/network-configuration.html
[14:38] <aliesky> bekks: sorry, my bad
[14:39] <aliesky> bekks: but each network interface have it's own configuration, and I can declare dns-nameservers in both
[14:39] <jrwren> aliesky: you cannot. dns does not work that way
[14:40] <jrwren> aliesky: choose one to prefer.
[14:41] <aliesky> jrwren: so i just put the dns-nameservers in one card?
[14:43] <bekks> aliesky: define them on the interface with the default route.
[14:43] <aliesky> bekks: got it, thanks
[14:43] <jrwren> aliesky: like bekks said, put nameservers under each correct interface, so that if one interface is down your resolv.conf will get written to use the up interface
[14:45] <aliesky> jrwen: then the main config will be the one in the preferred card, unless it be down, correct?
[14:55] <jamescarr> where does /usr/share/dict/words come from?
[14:55] <jamescarr> is there a package for it?
[14:57] <rbasak> jamescarr: $ dpkg -S /usr/share/dict/words
[14:57] <rbasak> diversion by dictionaries-common from: /usr/share/dict/words
[14:57] <rbasak> diversion by dictionaries-common to: /usr/share/dict/words.pre-dictionaries-common
[14:57] <ogra_> jamescarr, dpkg -S /usr/share/dict/words
[14:57] <rbasak> wamerican, dictionaries-common: /usr/share/dict/words
[14:57] <jamescarr> thanks
[15:30] <jrwren> alex88: there is no such thing as a preferred interface.
[15:33] <alex88> jrwren: wut?
[15:33] <alex88> oh nm, it wasn't for me :)
[15:33] <jrwren> alex88: sorry, misdir
[15:33] <jrwren> aliesky: there is no such thing as a preferred interface.
[15:42] <semiosis> jdstrand: jamespage: sarnold: any update re: the glusterfs MIR?  LP bug 1274247
[15:57] <jdstrand> semiosis: sarnold is performing it now. I imagine it will be completed today or tomorrow
[15:57] <semiosis> thats great! thanks
[16:47] <jamespage> semiosis, jdstrand: that could be late for enabling the support in libvirt
[16:48] <jamespage> hallyn, zul: ^^
[16:48] <zul> jamespage:  apparently you need qemu support as well
[16:49] <jamespage> \o/
[16:49] <zul> jamespage:  too late imho
[16:49] <jamespage> jdstrand, semiosis: I'll defer to zul and hallyn for an opinion on timing
[16:50] <zul> hallyn:  too late imho
[16:50] <semiosis> only qemu needs glusterfs support enabled.  afaik libvirt doesnt need anything special
[16:51] <semiosis> well thats to be expected
[16:51] <semiosis> only been waiting 2+ years for this MIR, what's another 6 months right?
[16:53] <semiosis> disappointed that this was stalled pending security review for 6 weeks and only got looked at after it was too late
[16:53] <semiosis> 6 weeks!
[16:56] <zul> semiosis:  yes well the security team is a bit overworked we love them anyways
[16:56] <semiosis> i can relate
[17:03] <semiosis> I appreciate all your efforts
[17:18] <hallyn> yeah that is really too bad.  but we can enable it in a ppa at least
[17:19] <hallyn> tbh i got the impression from patches rolling by that glusterfs in libvirt had some issues still, but if i'm not mistaken on that then enablnig it lets us help stabilize it...
[17:30] <hallyn> zul: can you reproduce bug 1305191 ?  (I suspect it has something to do with the change in machine type name from trusty to pc-i440fx-trusty, maybe he upgraded qemu packages between install and first boot??)
[17:50] <beisner> hallyn, zul:  I'm upgrading my trusty virt machine host (it's a week old), then will also put some cycles into bug: 1305191
[17:52] <hallyn> beisner: great, thx
[17:53] <zul> beisner:  cool thanks
[17:59] <zul> hallyn:  yep right after i try to fix samba
[18:00] <hallyn> zul: may?
[18:00] <hallyn> sorry,
[18:02] <zul> hallyn:  no worries
[18:13] <zul> beisner:  should show up here when it builds https://launchpad.net/~zulcss/+archive/samba
[18:24] <beisner> hallyn, zul: unable to reproduce bug 1305191 on up-to-date trusty
[18:24] <zul> beisner:  sweet
[18:30] <hallyn> beisner: phew.
[18:30] <hallyn> maybe i should've kept 'trusty' as an alias to the new type
[19:10] <Shutterstrom> Good evening. Just a quick question: what happens with my settings in config files when using apt-get upgrade? Are they lost or will the system try to merge old and new settings?
[19:13] <bekks> Shutterstrom: Personal configs are unchanges, global configs are asked to be modified on a per file basis.
[19:13] <Shutterstrom> say that I have done some edits in the config file for sshd and if the program gets upgraded, will theses changes be overwritten or till this be taken care of when using apt-get.
[19:15] <bekks> Shutterstrom: global configs are asked to be modified, personal configs are left unchanged.
[19:16] <Shutterstrom> bekks: Thanks! Well, I haven't encountered this yet, but the thought have struck me. But now I know. Thanks!
[19:17] <hallyn> oh, can't ahve multiple aliases, so that woudn't work
[19:26] <t_dot_zilla> did ubuntu push the updated version of openssl to 12.04 yet?
[19:26] <mdeslaur> t_dot_zilla: we did on monday. see http://www.ubuntu.com/usn/usn-2165-1/
[19:45] <funcoland1> i'm having an issue with the trusty PXE install. it gets to a point where it's looking for the "trusty-updates" repository to get some packages I guess? and it hangs with a 404. i don't understand why it's triyng to reach out to it
[19:45] <funcoland1> it's looking for http://<mypxeserver>/Ubuntu-Trustyx64/dists/trusty-updates/Release then blam.. 404 and hangs for 10+ minutes. the installation does continue after that long period however.
[19:45] <bekks> 404 is pretty obvious, isnt it?
[19:46] <funcoland1> yeah it can't be found.. it's looking for trusty-updates though which isn't on the disc
[19:46] <funcoland1> i don't know maybe there's a preseed command that says "don't look for trusty-updates" ?
[19:47] <bekks> ship a customizes sources.list then.
[19:47] <jpds> Maybe you should just make your server sync trusty-updates ?
[19:47] <jpds> There's nothing there but it's going to need it... eventually.
[19:48] <funcoland1> i guess that is an option to just sync that entire directory or even repository to the server,  but i mean all of the before generations of ubuntu i've been able to do PXE installs off of with files that were included on just the disc
[19:50] <jpds> Right, sounds like you're missing trusty-updates.
[20:13] <xpistos> Hey all. how do I remove medibuntu stuff from my server list?
[20:14] <bekks> xpistos: you can use ppa-purge
[20:15] <xpistos> bekks: ppa-purge medibuntu or do I need to find a specific ppa
[20:16] <bekks> xpistos: you need to specify the ppa name
[20:16] <xpistos> bekks: 10-4 Thanks.
[20:16] <bekks> xpistos: ?
[20:16] <xpistos> bekks: It means "acknowledged"
[20:16] <bekks> ah :)
[20:21] <xpistos> bekks: I don't have a medibuntu listed in my sources.list file? but I know it is there cause when I try to update they fail out
[20:21] <xpistos> oh wait. I see it now
[20:32] <justizin> xpistos: check /etc/sources.list.d/
[20:32] <justizin> oh, you found it ;d
[20:33] <xpistos> justizin: I didn't have anything in sources.list.d
[20:34] <xpistos> I found a item in sources.list and then commented it out
[20:38] <bekks> xpistos: No you have to remove all packages that where installed from that ppa
[20:40] <xpistos> bekks: I will make sure to do that as well.
[21:50] <kyloor> Hey all. I have two servers each with three spare 1Gb NICs. I'd like to transfer data between them, but my switch doesn't support bonding. Any suggestions on how I can use all three without having to manually divide up the copy operation?
[21:51] <kyloor> I can actually directly connect NICs from server to server.
[21:56] <ikonia> kyloor: there is no benifit to what you want to do
[21:57] <ikonia> if your switch doesn't support bonding, it probably won't deal with 6 x 1gb interfaces maxed out anyway
[23:11] <Cinos> I have lost my root password. I'm assuming the only things I can do from here are reinstall or manually edit the passwords file somehow, right?
[23:11] <bekks> !password
[23:12] <makara_> Cinos, mount the disk onto another PC, or LiveCD in and chroot to create a new user
[23:13] <sarnold> bekks: heh, cool, that's usefull :)
[23:13] <Cinos> Thank you