=== mrt333_ is now known as mrt333 === markthomas is now known as markthomas|away [01:20] hey all... so been using ubuntu server at work for a nmber of our facilities (open vpn tunnels, squid proxy, dhcp, firewall, etc)... normally we've been using Firewall builder so that some of our windows system administrators can configure the firewall with a GUI...however it looks like firewall builder has stopped developing [01:20] any alternatives people can recommend? [01:46] maddawg2: ufw is simple enough, even though it's commandline; I think someone put together a gui around it but I can't vouch for the quality of it.. [01:47] guys, anyone have experience to run multicast routing ? [01:48] yea sarnold we're looking for a GUI and we dont want a gui on the computer [01:48] with firewall builder we could install it to Windows and make our rules there and it would generate a conig file that would then get uploaded to the ubuntu server [01:49] maddawg2: you could try X forwarding, ssh -X hostname xterm to get a quick idea of what I mean.. [01:52] yea but then they wouldnt be on windows [01:52] these are windows administrators [01:52] needin g to administer a linux firewall [02:08] ahh === Joel is now known as Guest31278 [07:05] Good morning. === Lcawte|Away is now known as Lcawte === DenBeiren is now known as zz_DenBeiren === zz_DenBeiren is now known as DenBeiren === kickinz1 is now known as kickinz1|afk === DenBeiren is now known as zz_DenBeiren === zz_DenBeiren is now known as DenBeiren === kickinz1|afk is now known as kickinz1 === kickinz1 is now known as kickinz1|afk === kickinz1|afk is now known as kickinz1 === kickinz1 is now known as kickinz1|afk [10:52] Hi all ! I'm trying to install openstack through MAAS following this documentation http://ubuntu-cloud-installer.readthedocs.org/en/latest/multi-installer.guide.html [10:52] But I've an issue with br0 during openstall-install [10:52] Someone can help me ? [10:53] I see some error on br0 in the log files. And it look like the script comment my interface in /etc/network/interface [10:54] There are error logs : http://pastebin.com/22yELB7r [11:05] rbasak: regarding this bug: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1438788 [11:05] rbasak: it's upgrade related thing; previous version of the package generated this incorrect symlink and we have to manually remove it [11:06] rbasak: it was not a good idea to remove it somewhere inside installation handlers of the new version because this file/link may be legal [11:07] rbasak: i.e. user created it manually not buggy package [11:07] rbasak: that's definitely a bug of debhelper-systemd and i need to file it [11:08] strikov: OK. So workaround available, and only affects users who had mysql-server-5.6 5.6.23-1~exp1~ubuntu4 installed? [11:10] rbasak: i'm reproducing this now on a cloud instance to provide with a workaround which 100% works [11:10] rbasak: yes, only when you upgrade from ubuntu4 [11:10] strikov: I think it's OK to leave it then - we can just explain it in the bug for users to apply the workaround. [11:11] rbasak: ok [11:11] strikov: and then explain that it's too difficult to fix without breaking other users, and then mark it Won't Fix. === gnuoy` is now known as gnuoy === CripperZ- is now known as cripperz === cripperz is now known as CripperZ [12:31] hey all, if I am working with a .conf file, is ; a commented line? [12:36] Arrick: It depend for what application is .conf file. Usually a comment is # [12:37] its the smb.conf [12:37] there are dozens of lines which start with ; that follow the # liens [12:37] lines [12:38] smb.conf use both # and ; as a comment [12:39] # is used as a comment and ; is used to comment a statement [12:40] I'm having an issue with winbindd and smb, cant seem to figure out how to get it to lookup usernames, or anything. [12:40] wbinfo -u says error looking up domain users [13:21] rbasak: just fyi, debian guys provide cloud images since jan2015: http://cdimage.debian.org/cdimage/openstack/testing/ [13:21] rbasak: it might be useful for testing while filing debian bugs [13:50] I've just discovered uvt; I understand it as being a way to create VMs from cloud images. I have a side question: is there a recommended way to build cloud images? is the toolchain used for building those at cloud-images.ubuntu.com available somewhere? [14:23] Adri2000, check this out: https://launchpad.net/~ubuntu-on-ec2 [15:00] coreycb, huh - quick poke at the ci builds - missing deps for the source packages was not helping as a result of move to systemd [15:00] strikov: that's useful. Thank you! === bilde2910 is now known as bilde2910|away [15:02] jamespage, what was missing? [15:02] Adri2000: I think our toolchain for building cloud images is available. utlemming might be able to help with that. But it is not recommended. We think that you should use "official" cloud images instead, and use cloud-init on first boot to customize them as needed. [15:02] Adri2000: or, if you must, modify the official cloud image for local use but starting from the official one, rather than going from scratch. [15:02] Adri2000: of course, you can do what you like. We just try to best support that workflow. [15:04] hello [15:04] coreycb, dh-systemd and openstack-pkg-tools [15:04] without those you can't cut the source packages [15:04] what is a good program that will backup specific programs and file every once in a while? maybe even somethign with a good (web?) interface? [15:06] jamespage, so the ci builds don't use the deps from debian/control? because those should be in the debian/control files. [15:08] coreycb, not for cutting the source packages [15:09] jamespage, ok [15:31] rbasak: typical use case is I want ubuntu cloud images that include specific configuration to my local network (think, apt mirrors and such). what would be the proper way to create those, if not using the toolchain used to build the "official" images"? [15:33] Adri2000: You have two options, really: (a) take the cloud images and modify them, or (b) use cloud-init to do what you need to do on first boot. [15:34] Adri2000: The toolchain used to build the official images starts from scratch, but you don't have to start from scratch because we build the official cloud images. :) [15:34] Odd_Bloke: then what tool do you recommend to do (a) ? [15:35] Adri2000: Have a look at http://ubuntu-smoser.blogspot.co.uk/2014/08/mount-image-callback-easily-modify.html [15:37] thanks [15:46] Adri2000: to set apt mirrors and things, I suggest you use cloud-init. Then you don't have to keep re-rolling your customised cloud images. [15:46] Adri2000: you can inject configuration information into the cloud images, which cloud-init then uses. http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt documents the configuration you can do. [15:47] Modifying a cloud image is easy. Maintaining that setup is not. [15:54] rbasak: I know, but I'd like to offer users (internal IaaS/OpenStack users) images that work out of the box, and therefore do not require them to add userdata if they don't need anything specific [15:54] rbasak: of course I'll have to maintain my custom images, that's why I need to automate the process [15:55] mount-image-callback may be part of the solution [15:57] Adri2000: look into vendordata. It lets you provide defaults that userdata can override, but if no userdata is used your users will get your apt mirror by default. [15:57] Adri2000: If you're on OpenStack, you could use vendor... that. [15:58] (unless users actually touch that setting in userdata) === markthomas|away is now known as markthomas === kickinz1|afk is now known as kickinz1 === kickinz1 is now known as kickinz1|afk === kickinz1|afk is now known as kickinz1 [17:07] rbasak: could you change status of this bug to won't fix please: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1438788 [17:07] rbasak: i don't have permissions to do this [17:09] rbasak: i investigated this and (a) upgrade from ubuntu4 to ubuntu5 runs smoothly (issue reported was observe with the previous version of the package I assume) (b) i can observe the issue when removing the package but it's a result of previously created symlink which requires manual actions [17:09] strikov: yes, but please could you first explain the bug why the bug should be Won't Fix? [17:09] explain in the bug [17:09] rbasak: i was about to ask that too xD [17:09] * teward was about to hit "Won't Fix" too xD === kickinz1 is now known as kickinz1|afk [17:14] rbasak: stupid question for you with regard to freezes, but a bug of mine got poked saying "Shouldn't the fix for this be SRU'd?" on nginx, and it's not in Vivid yet - it'd set the thing to build as position independent - would that even qualify for SRU or even a bug that'd get past featurefreeze? [17:14] teward: what's the bug? [17:15] teward: if it's a security bug, then the normal SRU process doesn't apply. An update would go via security sponsorship itself, and the security team would judge security impact vs. regression risk themselves. [17:16] rbasak: i'll poke mdeslaur in either case, but the other problem is the fix isn't even in Debian yet - just committed [17:16] * teward digs for the bug [17:17] wow i still had it open from 2 hours ago xD [17:17] https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426 [17:17] rbasak: it reads as a feature request, but i'm not sure if it needs to be a security bug that mdeslaur / security team would review [17:17] teward: what do you need me for? [17:17] mdeslaur: oop forgot you're here xD [17:17] nah, that's an SRU, not a security vulnerability [17:17] that's what i thought [17:18] If it's not a security vulnerability, then what's the user impact that necessitates an SRU? [17:18] rbasak: AFAICT there isn't one [17:18] not unless package policy starts pushing for PIE as a requirement for inclusion anywhere [17:18] Then an SRU isn't appropriate IMHO. [17:18] mhm [17:19] Unless mdeslaur says it's worthwhile as an SRU for security reasons even if it shouldn't go through a security upload. [17:20] mdeslaur: the question goes back to you, whether it'd be worthwhile as an SRU for security reasons or not. (Note the changes are committed in Debian but not implemented anywhere, not even in Vivid) [17:20] so it'd need a nitpick pull from Debian git, added to Vivid, then SRU'd. [17:21] I don't think it's worthwhile as an SRU, no [17:21] rbasak: and since it'd be needed in Vivid, the question then becomes whether FeatureFreeze prevents this, or whether i have to go poking the release team for an FFe [17:21] it's just hardening, it has no direct benefit [17:21] rbasak: teward: is it okay to close the bug with 'won't fix' if the root cause of the bug is in different project? in our case this issue arises from the fact that debhelper can't handle aliases in systemd's unit config. [17:22] strikov: no, I don't think so. If the bug cannot be fixed in this package, then the bug should be reassigned to the correct package, or a new task added and the mysql-5.6 task marked Invalid. [17:23] rbasak: okay, so let me look into debhelper bug tomorrow; will see then what to do [17:23] turning on PIE in stable releases will have a detrimental performance impact on 32-bit platforms, which may piss off people who are specifically using nginx for it's performance [17:23] strikov: if the bug *can* be fixed in this package but it isn't worth doing it because it affects development release users only in a way that they can workaround, and it isn't worth going to the trouble to fix it for that set of users, then I think it's OK to explain this and then mark Won't Fix against mysql-5.6. [17:23] s/it's/its/ [17:24] mdeslaur: rbasak: OK that's what i thought (not SRU worthy, no significant benefit). I'm considering leaving Vivid's status alone though, in the interim, once Vivid is released marking it as "Won't Fix" and setting a "Triaged" state for the next release later (because there may be a merge in that cycle from Debian, which would likely include the PIE changes) [17:24] teward: I think "PIE isn't turned on though expected for security-sensitive packages" is a reasonable bug to fix under feature freeze without needing an exception. I would be OK to sponsor that. But see mdeslaur's comment on whether we should do that or not. [17:25] rbasak: right, given that, i'm considering leaving Vivid's status alone [17:25] but i was going to "Won't Fix" for the earlier releases [17:25] Maybe it's fine to do, and those who are performance sensitive can switch to amd64 when upgrading to Vivid for production use. [17:25] and we'll likely be turning on PIE by default on amd64 for V+1 [17:26] i'm thinking at this point V+1 might be the target. at some point after Vivid's release it's likely Debian will get an update in its package that turns on PIE by default [17:26] since it's in the git, but not yet released due to Debian freeze [17:27] (at least from what the nginx maintainers in Debain told me) [17:31] mdeslaur: rbasak: i'm going to use those statements as "blocking points" for a vivid fix for now, and will wait to see what Debian does on this - just because it's Fix Committed there means nothing - it's not even 'tested' there afaict [17:31] (net) [17:31] s/net/yet/ [17:38] rbasak: mdeslaur: i'm comfortable leaving the change out of Vivid and waiting to V+1 to get the fix in with the likely merge i'll do during that cycle. Around that same time I'll make a blog post on my blog (which'll end up in Planet.u.c's list) indicating that for V+1 we recommend that performance-sensitive use cases should be switching to amd64 architectures instead of staying on 32-bit architectures, for the performance hit reason we just [17:38] discussed [17:38] wow i hate irc truncation [17:38] (that PIE bug's been there for a while now) [17:39] (I posted as such on the bug just now) [17:40] thank you both for the discussion on it, sometimes it helps to have a second viewpoint / opinion :) [17:45] rbasak: https://bugs.launchpad.net/ubuntu/+source/mysql-5.6/+bug/1438788/comments/5 [17:45] rbasak: how about that? [18:03] strikov: looks good. Done. [18:16] rbasak: thanks! === kickinz1|afk is now known as kickinz1 [18:21] rbasak: mdeslaur: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1315426/comments/5 [18:22] rbasak: mdeslaur: looks like htere's pushback for no Vivid inclusion - opinions on putting it in Vivid other than us having to say "Those who have performance-sensitive setups should move to amd64 for the upgrade to Vivid", assuming the release team approves an upload to enable PIE? [18:22] teward: if you want comments from disgruntled people, I can fill your inbox if you'd like [18:22] mdeslaur: sure, feel free, i have 500 today [18:22] mdeslaur: on top of 6000 aprils fools jokes [18:23] and 10000 spam messages in my PMs here [18:23] teward: just upload it to vivid [18:23] i'll go nitpicking then [18:29] mdeslaur: uploaded, it's going to need approval [18:42] and there's the accept. [18:48] ooo apparently the debian changes FTBFS === kickinz1 is now known as kickinz1|afk === kickinz1|afk is now known as kickinz1 === kickinz1 is now known as kickinz1|afk === markthomas is now known as markthomas|away [20:17] zul, ping [20:18] adam_g: yo [20:19] zul, can you go through and remove all your -2's from https://review.openstack.org/#/q/reviewer:chuck.short%2540canonical.com+status:open,n,z ? [20:20] adam_g: sure gimme a sec [20:22] adam_g: done [20:30] zul, thanks === JanC_ is now known as JanC === markthomas|away is now known as markthomas === DenBeiren is now known as zz_DenBeiren [22:25] Huh, one of my servers is offset from correct time by a tad over -161 seconds, I wonder what would cause that? === Lcawte is now known as Lcawte|Away