=== mrt333_ is now known as mrt333
=== markthomas is now known as markthomas|away
maddawg2hey all...  so been using ubuntu server at work for a nmber of our facilities (open vpn tunnels, squid proxy, dhcp, firewall, etc)...  normally we've been using Firewall builder so that some of our windows system administrators can configure the firewall with a GUI...however it looks like firewall builder has stopped developing01:20
maddawg2any alternatives people can recommend?01:20
sarnoldmaddawg2: ufw is simple enough, even though it's commandline; I think someone put together a gui around it but I can't vouch for the quality of it..01:46
lkthomasguys, anyone have experience to run multicast routing ?01:47
maddawg2yea sarnold we're looking for a GUI and we dont want a gui on the computer01:48
maddawg2with firewall builder we could install it to Windows and make our rules there and it would generate a conig file that would then get uploaded to the ubuntu server01:48
sarnoldmaddawg2: you could try X forwarding, ssh -X hostname xterm   to get a quick idea of what I mean..01:49
maddawg2yea but then they wouldnt be on windows01:52
maddawg2these are windows administrators01:52
maddawg2needin g to administer a linux firewall01:52
=== Joel is now known as Guest31278
lordievaderGood morning.07:05
=== Lcawte|Away is now known as Lcawte
=== DenBeiren is now known as zz_DenBeiren
=== zz_DenBeiren is now known as DenBeiren
=== kickinz1 is now known as kickinz1|afk
=== DenBeiren is now known as zz_DenBeiren
=== zz_DenBeiren is now known as DenBeiren
=== kickinz1|afk is now known as kickinz1
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
=== kickinz1 is now known as kickinz1|afk
GwysHi all ! I'm trying to install openstack through MAAS following this documentation http://ubuntu-cloud-installer.readthedocs.org/en/latest/multi-installer.guide.html10:52
GwysBut I've an issue with br0 during openstall-install10:52
GwysSomeone can help me ?10:52
GwysI see some error on br0 in the log files. And it look like the script comment my interface in /etc/network/interface10:53
GwysThere are error logs : http://pastebin.com/22yELB7r10:54
strikovrbasak: regarding this bug: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/143878811:05
strikovrbasak: it's upgrade related thing; previous version of the package generated this incorrect symlink and we have to manually remove it11:05
strikovrbasak: it was not a good idea to remove it somewhere inside installation handlers of the new version because this file/link may be legal11:06
strikovrbasak: i.e. user created it manually not buggy package11:07
strikovrbasak: that's definitely a bug of debhelper-systemd and i need to file it11:07
rbasakstrikov: OK. So workaround available, and only affects users who had mysql-server-5.6 5.6.23-1~exp1~ubuntu4 installed?11:08
strikovrbasak: i'm reproducing this now on a cloud instance to provide with a workaround which 100% works11:10
strikovrbasak: yes, only when you upgrade from ubuntu411:10
rbasakstrikov: I think it's OK to leave it then - we can just explain it in the bug for users to apply the workaround.11:10
strikovrbasak: ok11:11
rbasakstrikov: and then explain that it's too difficult to fix without breaking other users, and then mark it Won't Fix.11:11
=== gnuoy` is now known as gnuoy
=== CripperZ- is now known as cripperz
=== cripperz is now known as CripperZ
Arrickhey all, if I am working with a .conf file, is ; a commented line?12:31
davegarathArrick: It depend for what application is .conf file. Usually a comment is #12:36
Arrickits the smb.conf12:37
Arrickthere are dozens of lines which start with ; that follow the # liens12:37
davegarathsmb.conf use both  # and ; as a comment12:38
davegarath# is used as a comment and ; is used to comment a statement12:39
ArrickI'm having an issue with winbindd and smb, cant seem to figure out how to get it to lookup usernames, or anything.12:40
Arrickwbinfo -u says error looking up domain users12:40
strikovrbasak: just fyi, debian guys provide cloud images since jan2015: http://cdimage.debian.org/cdimage/openstack/testing/13:21
strikovrbasak: it might be useful for testing while filing debian bugs13:21
Adri2000I've just discovered uvt; I understand it as being a way to create VMs from cloud images. I have a side question: is there a recommended way to build cloud images? is the toolchain used for building those at cloud-images.ubuntu.com available somewhere?13:50
jcastroAdri2000, check this out: https://launchpad.net/~ubuntu-on-ec214:23
jamespagecoreycb, huh - quick poke at the ci builds - missing deps for the source packages was not helping as a result of move to systemd15:00
rbasakstrikov: that's useful. Thank you!15:00
=== bilde2910 is now known as bilde2910|away
coreycbjamespage, what was missing?15:02
rbasakAdri2000: I think our toolchain for building cloud images is available. utlemming might be able to help with that. But it is not recommended. We think that you should use "official" cloud images instead, and use cloud-init on first boot to customize them as needed.15:02
rbasakAdri2000: or, if you must, modify the official cloud image for local use but starting from the official one, rather than going from scratch.15:02
rbasakAdri2000: of course, you can do what you like. We just try to best support that workflow.15:02
jamespagecoreycb, dh-systemd and openstack-pkg-tools15:04
jamespagewithout those you can't cut the source packages15:04
MDTech-us_MANwhat is a good program that will backup specific programs and file every once in a while? maybe even somethign with a good (web?) interface?15:04
coreycbjamespage, so the ci builds don't use the deps from debian/control?  because those should be in the debian/control files.15:06
jamespagecoreycb, not for cutting the source packages15:08
coreycbjamespage, ok15:09
Adri2000rbasak: typical use case is I want ubuntu cloud images that include specific configuration to my local network (think, apt mirrors and such). what would be the proper way to create those, if not using the toolchain used to build the "official" images"?15:31
Odd_BlokeAdri2000: You have two options, really: (a) take the cloud images and modify them, or (b) use cloud-init to do what you need to do on first boot.15:33
Odd_BlokeAdri2000: The toolchain used to build the official images starts from scratch, but you don't have to start from scratch because we build the official cloud images. :)15:34
Adri2000Odd_Bloke: then what tool do you recommend to do (a) ?15:34
Odd_BlokeAdri2000: Have a look at http://ubuntu-smoser.blogspot.co.uk/2014/08/mount-image-callback-easily-modify.html15:35
rbasakAdri2000: to set apt mirrors and things, I suggest you use cloud-init. Then you don't have to keep re-rolling your customised cloud images.15:46
rbasakAdri2000: you can inject configuration information into the cloud images, which cloud-init then uses. http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt documents the configuration you can do.15:46
rbasakModifying a cloud image is easy. Maintaining that setup is not.15:47
Adri2000rbasak: I know, but I'd like to offer users (internal IaaS/OpenStack users) images that work out of the box, and therefore do not require them to add userdata if they don't need anything specific15:54
Adri2000rbasak: of course I'll have to maintain my custom images, that's why I need to automate the process15:54
Adri2000mount-image-callback may be part of the solution15:55
rbasakAdri2000: look into vendordata. It lets you provide defaults that userdata can override, but if no userdata is used your users will get your apt mirror by default.15:57
Odd_BlokeAdri2000: If you're on OpenStack, you could use vendor... that.15:57
rbasak(unless users actually touch that setting in userdata)15:58
=== markthomas|away is now known as markthomas
=== kickinz1|afk is now known as kickinz1
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
strikovrbasak: could you change status of this bug to won't fix please: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/143878817:07
strikovrbasak: i don't have permissions to do this17:07
strikovrbasak: i investigated this and (a) upgrade from ubuntu4 to ubuntu5 runs smoothly (issue reported was observe with the previous version of the package I assume) (b) i can observe the issue when removing the package but it's a result of previously created symlink which requires manual actions17:09
rbasakstrikov: yes, but please could you first explain the bug why the bug should be Won't Fix?17:09
rbasakexplain in the bug17:09
tewardrbasak: i was about to ask that too xD17:09
* teward was about to hit "Won't Fix" too xD17:09
=== kickinz1 is now known as kickinz1|afk
tewardrbasak: stupid question for you with regard to freezes, but a bug of mine got poked saying "Shouldn't the fix for this be SRU'd?" on nginx, and it's not in Vivid yet - it'd set the thing to build as position independent - would that even qualify for SRU or even a bug that'd get past featurefreeze?17:14
rbasakteward: what's the bug?17:14
rbasakteward: if it's a security bug, then the normal SRU process doesn't apply. An update would go via security sponsorship itself, and the security team would judge security impact vs. regression risk themselves.17:15
tewardrbasak: i'll poke mdeslaur in either case, but the other problem is the fix isn't even in Debian yet - just committed17:16
* teward digs for the bug17:16
tewardwow i still had it open from 2 hours ago xD17:17
tewardrbasak: it reads as a feature request, but i'm not sure if it needs to be a security bug that mdeslaur / security team would review17:17
mdeslaurteward: what do you need me for?17:17
tewardmdeslaur: oop forgot you're here xD17:17
mdeslaurnah, that's an SRU, not a security vulnerability17:17
tewardthat's what i thought17:17
rbasakIf it's not a security vulnerability, then what's the user impact that necessitates an SRU?17:18
tewardrbasak: AFAICT there isn't one17:18
tewardnot unless package policy starts pushing for PIE as a requirement for inclusion anywhere17:18
rbasakThen an SRU isn't appropriate IMHO.17:18
rbasakUnless mdeslaur says it's worthwhile as an SRU for security reasons even if it shouldn't go through a security upload.17:19
tewardmdeslaur: the question goes back to you, whether it'd be worthwhile as an SRU for security reasons or not.  (Note the changes are committed in Debian but not implemented anywhere, not even in Vivid)17:20
tewardso it'd need a nitpick pull from Debian git, added to Vivid, then SRU'd.17:20
mdeslaurI don't think it's worthwhile as an SRU, no17:21
tewardrbasak: and since it'd be needed in Vivid, the question then becomes whether FeatureFreeze prevents this, or whether i have to go poking the release team for an FFe17:21
mdeslaurit's just hardening, it has no direct benefit17:21
strikovrbasak: teward: is it okay to close the bug with 'won't fix' if the root cause of the bug is in different project? in our case this issue arises from the fact that debhelper can't handle aliases in systemd's unit config.17:21
rbasakstrikov: no, I don't think so. If the bug cannot be fixed in this package, then the bug should be reassigned to the correct package, or a new task added and the mysql-5.6 task marked Invalid.17:22
strikovrbasak: okay, so let me look into debhelper bug tomorrow; will see then what to do17:23
mdeslaurturning on PIE in stable releases will have a detrimental performance impact on 32-bit platforms, which may piss off people who are specifically using nginx for it's performance17:23
rbasakstrikov: if the bug *can* be fixed in this package but it isn't worth doing it because it affects development release users only in a way that they can workaround, and it isn't worth going to the trouble to fix it for that set of users, then I think it's OK to explain this and then mark Won't Fix against mysql-5.6.17:23
tewardmdeslaur: rbasak: OK that's what i thought (not SRU worthy, no significant benefit).  I'm considering leaving Vivid's status alone though, in the interim, once Vivid is released marking it as "Won't Fix" and setting a "Triaged" state for the next release later (because there may be a merge in that cycle from Debian, which would likely include the PIE changes)17:24
rbasakteward: I think "PIE isn't turned on though expected for security-sensitive packages" is a reasonable bug to fix under feature freeze without needing an exception. I would be OK to sponsor that. But see mdeslaur's comment on whether we should do that or not.17:24
tewardrbasak: right, given that, i'm considering leaving Vivid's status alone17:25
tewardbut i was going to "Won't Fix" for the earlier releases17:25
rbasakMaybe it's fine to do, and those who are performance sensitive can switch to amd64 when upgrading to Vivid for production use.17:25
mdeslaurand we'll likely be turning on PIE by default on amd64 for V+117:25
tewardi'm thinking at this point V+1 might be the target.  at some point after Vivid's release it's likely Debian will get an update in its package that turns on PIE by default17:26
tewardsince it's in the git, but not yet released due to Debian freeze17:26
teward(at least from what the nginx maintainers in Debain told me)17:27
tewardmdeslaur: rbasak: i'm going to use those statements as "blocking points" for a vivid fix for now, and will wait to see what Debian does on this - just because it's Fix Committed there means nothing - it's not even 'tested' there afaict17:31
tewardrbasak: mdeslaur: i'm comfortable leaving the change out of Vivid and waiting to V+1 to get the fix in with the likely merge i'll do during that cycle.  Around that same time I'll make a blog post on my blog (which'll end up in Planet.u.c's list) indicating that for V+1 we recommend that performance-sensitive use cases should be switching to amd64 architectures instead of staying on 32-bit architectures, for the performance hit reason we just17:38
tewardwow i hate irc truncation17:38
teward(that PIE bug's been there for a while now)17:38
teward(I posted as such on the bug just now)17:39
tewardthank you both for the discussion on it, sometimes it helps to have a second viewpoint / opinion :)17:40
strikovrbasak: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1438788/comments/517:45
strikovrbasak: how about that?17:45
rbasakstrikov: looks good. Done.18:03
strikovrbasak: thanks!18:16
=== kickinz1|afk is now known as kickinz1
tewardrbasak: mdeslaur: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/comments/518:21
tewardrbasak: mdeslaur: looks like htere's pushback for no Vivid inclusion - opinions on putting it in Vivid other than us having to say "Those who have performance-sensitive setups should move to amd64 for the upgrade to Vivid", assuming the release team approves an upload to enable PIE?18:22
mdeslaurteward: if you want comments from disgruntled people, I can fill your inbox if you'd like18:22
tewardmdeslaur: sure, feel free, i have 500 today18:22
tewardmdeslaur: on top of 6000 aprils fools jokes18:22
tewardand 10000 spam messages in my PMs here18:23
mdeslaurteward: just upload it to vivid18:23
tewardi'll go nitpicking then18:23
tewardmdeslaur: uploaded, it's going to need approval18:29
tewardand there's the accept.18:42
tewardooo apparently the debian changes FTBFS18:48
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
=== kickinz1 is now known as kickinz1|afk
=== markthomas is now known as markthomas|away
adam_gzul, ping20:17
zuladam_g: yo20:18
adam_gzul, can you go through and remove all your -2's from https://review.openstack.org/#/q/reviewer:chuck.short%2540canonical.com+status:open,n,z ?20:19
zuladam_g:  sure gimme a sec20:20
zuladam_g:  done20:22
adam_gzul, thanks20:30
=== JanC_ is now known as JanC
=== markthomas|away is now known as markthomas
=== DenBeiren is now known as zz_DenBeiren
keithzgHuh, one of my servers is offset from correct time by a tad over -161 seconds, I wonder what would cause that?22:25
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!