/srv/irclogs.ubuntu.com/2015/06/12/#ubuntu-server.txt

=== utlemming_away is now known as utlemming
=== markthomas is now known as markthomas|away
=== Lcawte is now known as Lcawte|Away
pmatulisdoes anyone here use atop? i'm wondering why debian/ubuntu is 5 years behind upstream01:54
Patrickdkhow so?01:54
Patrickdkit's in universe01:55
Patrickdkif someone wanted to update it, they would have01:55
Patrickdkinteresting, it is up to date with upstream, exactly up to date01:56
tarpmanpmatulis: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729614 seems to have some activity. looks like the maintainer is just busy...01:58
lordievaderGood morning.08:43
lordievaderpmatulis: I do.08:44
lordievaderIt's on all my servers/vm's08:44
=== Lcawte|Away is now known as Lcawte
OpenTokixWhat is the killer feature of atop?08:45
lordievaderIt puts a lot of information together and it has better process tracking.08:46
lordievaderVery short lived processes are still seen by atop were top or htop might not show them.08:47
lordievaderOpenTokix: http://www.atoptool.nl/08:47
OpenTokixcool08:48
OpenTokixIf you are workign with performance issues, - I can highly recommend any talk by brendan gregg, and also his tool collection on his github-page.08:49
lordievaderI don't have performance issues, but please share the talk :)08:50
OpenTokixany talk, he has many08:51
OpenTokixcheck out the youtubes08:51
lordievaderAllright, I'll check it out. Thanks.08:51
=== DenBeiren is now known as zz_DenBeiren
=== cipi is now known as CiPi
rbasakjdstrand: kickinz1 has finished backporting and testing docker.io on Trusty. He can't see a failure that we were expecting with the AppArmor profile. I think you said we'd expect to have to remove the Unix socket support for it to work on Trusty?09:25
rbasakjdstrand: any hints as to how to exercise the failure mode, or is it possible that it's working correctly without needing any changes?09:26
huwenfengin pxe installation, if the dhcp failed for some reason, like tempority network congestion, it will prompt the Configure TCP/IP screen. How can I prevent this screen from showing up? just let the system keep trying to dhcp to get the address?09:27
huwenfenglike the problem describe in url : http://serverfault.com/questions/169295/kickstarting-an-ubuntu-server-10-04-installation-dhcp-fails09:27
huwenfengedition is not 10.04, but the problem is exactly the same.09:28
=== Ad1_RN is now known as Ad1
=== Ad1 is now known as Ad1_RnR
=== abhishek is now known as Guest99947
Guest99947hello11:22
Guest99947can any one help me , I have one sso server which have to make public. I have reverse proxy11:23
OpenTokixWhy the hell are you tryuing to kickstart a debianinstallation?11:33
OpenTokixNevermind, I dont want to know11:34
OpenTokixhuttan: you have the answer lower, - you need to add bootproto=dhcp11:34
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
jdstrandrbasak: we should only see the failure if the policy has the newer rules. where are the packages?12:56
rbasakjdstrand: test packages here: https://launchpad.net/~docker-maint/+archive/ubuntu/staging13:06
smosersmb, around ?13:20
smoserhttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530 has some more information now.13:20
smoserleftycb posted his install log and a boot log full of errors (comment 27)13:21
smosermy install yesterday that i thought was all happy, this morning shows errors like:13:21
smoser[54550.928492] EXT4-fs error (device dm-9): htree_dirblock_to_tree:914: inode #7078166: block 28319821: comm updatedb.mlocat: bad entry in directory: directory entry across range - offset=0(0), inode=0, rec_len=98572, name_len=7413:21
smoseri can get you access to borbein if you want.13:21
smbsmoser, hm ok. I will have a look13:27
tewardrbasak: sarnold: ping, when's the next server team meeting i need some input from the team on some nginx things... :/13:37
rbasak2 June, apparently.13:37
rbasakzul: update the wiki page please?13:37
rbasakteward: Tuesday at 1600 UTC13:37
zulrbasak: oops13:37
tewardrbasak: OK, it's mostly a need to consult with others on Course Of Action - i'll bring it up at the meeting, and *hopefully* i can get enough time in my break at work to attend.13:39
tewardif not i'll drop an email to the server list13:39
rbasakteward: sure. Stick it in the agenda please?13:39
rbasakNot that you have to, but it'll help if others know what you're asking in advance so they can think about it.13:40
rbasakThe mailing list works too13:40
tewardrbasak: link, please, since Google's down for me, and my bookmarks accidentially explodified?13:40
teward:P13:40
rbasakteward: https://wiki.ubuntu.com/ServerTeam/Meeting13:40
tewardrbasak: i'll add it, and send a ML item on it.  Basically, Debian's making life hard :P13:40
rbasakThanks!13:40
tewardrbasak: should i put it under "Open Discussion" or its own item, say, after the events but before open discussion?13:42
teward(first time adding a big item to the list xD)13:42
rbasakteward: before open discussion I guess. It doesn't really matter. We're pragmatic and flexible :)13:43
=== mrmist is now known as mist
tewardindeed13:44
tewardrbasak: added, and mailed to the list, assuming it doesn't get hung up in email limbo14:00
tewardrbasak: and I'm not kidding - the decision that has to be made is a doozy14:01
teward'cause it impacts Wily now, and likely the LTS14:01
tewards/LTS/Next LTS/14:02
tewardand i need input from others before making a decision on my own :P14:02
tewardbah it's stuck in the mod queue14:02
tewardfigures, i need to add this email back into the list :/14:02
teward(not sending with @ubuntu.com means it's stuck)14:02
rbasakjdstrand: http://paste.ubuntu.com/11702193/ is the gen.go with your patch applied in Wily, and http://paste.ubuntu.com/11701102/ is the profile kickinz1 generated using the Trusty backport. Which bit of that is expected to fail?14:12
rbasakI don't see anything related to sockets. dbus maybe?14:12
=== kickinz1 is now known as kickinz1|afk
tewardcan someone unmoderate my email to the Ubuntu Server list, as it is in reference to an item I've put on the Server Team agenda?14:28
jdstrandrbasak: ah thanks-- I got pulled aside. let me look14:40
rbasakSpamapS, Daviey: ^^ ubuntu-server list admin please. You seem to be the only moderators ATM. Should that change?14:41
geniiHm14:41
geniiOh, mailing list14:42
jdstrandrbasak: both will work fine for trusty, however wily doesn't have any 'unix' rules so it will fail14:42
jdstrandrbasak: in other words, wily is missing something it needs that would have to be removed from the trusty backport, which is why trusty is currently ok14:43
jdstrandrbasak: actually, I don't see anything in vivid's package for unix rules. I guess the base abstraction is sufficient14:45
jdstrandrbasak: (the base abstraction has several unix rules)14:46
jdstrandrbasak: so if wily and trusty test out, it should all be fine14:46
=== karlthane_ is now known as karlthane
tewardrbasak: list moderators discussion - item for server team meeting perhaps?15:23
strikovsmb: smoser: https://bugzilla.redhat.com/show_bug.cgi?id=63091115:37
=== shaderslayer is now known as shadeslayer
smoserstrikov, so maybe we just have to get the bindings file created15:43
strikovsmoser: it gets created when you install multipath-tools-boot15:45
strikovsmoser: it's just doesn't go into initramfs15:45
smoseri thought i saw somehwere where it got copied.15:46
smoserlet me look15:46
strikovsmoser: we may have some issues with spaces there as well, here is what i have there inside a vm:15:46
strikovmpath0 0QEMU    QEMU HARDDISK   ABCDEFGH15:46
strikovmpath1 0QEMU    QEMU HARDDISK   HGFEDCBA15:46
SpamapSrbasak: yes that should change...15:47
smoser strikov /usr/share/initramfs-tools/hooks/multipath15:48
smosersee that.15:48
strikovsmb: smoser: and returning back to our discussion about a possibility to partition mpath devices; i just did it with cfdisk and i see /dev/mapper/mpath1-part1 automatically created w/o a reboot (so it was able to re-read pt)15:49
smoserstrikov, i think /etc/multipath/bindings is not getting created by multipath install15:53
strikovsmoser: hm, i see it in the vm15:53
strikovsmoser: just after installing the package15:53
smoserreally?15:53
smoserhm..15:53
smoseron my power8 system:15:53
smoser$ sudo ls -altr /etc/multipath/bindings15:53
smoser-rw------- 1 root root 528 Jun 12 13:42 /etc/multipath/bindings15:53
strikovsmoser: could you verify it on power?15:53
smoser$ uptime15:53
smoser 15:53:54 up  2:12,  1 user,  load average: 0.00, 0.01, 0.0515:53
smosersmb said its not in the initramfs15:54
strikovsmoser: let me check my initramfs15:54
smoseri think on power8 system there it got craeetd on first boot15:55
smoseryeah..15:55
=== Lcawte is now known as Lcawte|Away
strikovsmoser: i have bindings file inside initramfs15:58
rbasakteward: are you volunteering as the new list moderator? :)15:58
strikovsmoser: could you try to unpack power8's one?15:58
smoserstrikov, if you update-initramfs i suspect you will15:58
smoserits not there. smb says it needs to be (as does your RH link)15:58
smoseri dont know what creates it.15:59
smoserbut when we install the package15:59
smoserwe have daemons disabled from starting15:59
rbasakjdstrand: OK. Thanks!15:59
strikovhm, but we update initramfs from curtin, right?15:59
smoser(which is by design)15:59
smoserso i think something that creates it is not being run . and then not picked up.15:59
smoserthat make sense ?15:59
=== Lcawte|Away is now known as Lcawte
smoserthe multipath-tools package has 2 init.d scripts that would be urn16:00
strikovlet me replay the whole thing in vm and note when it gets created16:00
=== pgraner is now known as pgraner-afk
smoserso on that system..16:01
smoseri did:16:01
smbsmoser, initrd is unpacked on the host you showed me (which I am done with btw)16:01
smoserlsinitramfs /boot/initrd.img-$(uname -r) | sort > out.orig16:02
smbas done as I think I am with this week16:02
smoserupdate-initramfs -u -k $(uname -r)16:02
smoserlsinitramfs /boot/initrd.img-$(uname -r) | sort > out.new16:02
smoserdiff -u out.orig out.new16:02
smoser+etc/multipath16:02
smoser+etc/multipath/bindings16:02
smoserthanks smb16:03
smoserwe just need to do something to get it created so that it can be collected16:03
smoserrunning multipathd definitely creates it.16:06
tewardrbasak: heh16:07
smoserservice multipath-tools stop; rm -Rf /etc/multipath; service multipath-tools start;16:08
tewardrbasak: y'know, I WOULD, if it weren't for the fact I have work 9-10 hours a day, and college, and a few other things16:08
smoserstrikov, ^ after that, then /etc/multipath exists16:08
strikovsmoser: you run update-initramfs after the first boot in multipath mode, right?16:13
strikovsmoser: ha, you know what16:15
strikovsmoser: i figured out why i had bindings inside initramfs w/o all this mumbo-yumbo with update-initramfs16:15
strikovsmoser: to speedup things i created /etc/multipath.conf with friendly names *before* installing multipath-tools-boot16:15
=== markthomas|away is now known as markthomas
rbasakDaviey: are you OK to continue moderating the ubuntu-server list?16:21
Davieyrbasak: I am indifferent, I probably only done about 3 (on request) approvals over the last year tho.16:22
tewardDaviey: if you can approve the one i sent from my trekweb.org address that'd be amazing16:23
tewardsince it's related to the action / discussion item on the agenda for the server meeting16:23
rbasakDaviey: as nobody else has stepped up, could you add me as a co-moderator please?16:24
rbasakDaviey: and remove SpamapS I guess, unless he objects.16:25
rbasak(I think he wants to step down unless I misunderstood)16:25
strikovsmoser: yep, i just confirmed ^^^16:25
strikovsmoser: so we can include the file into initramfs by shuffling curtin's code to create file before installing the tools.16:25
Davieyrbasak: I seem not to have the password on this machine, looking.16:28
SpamapSrbasak: you were correct, I think it's time for me to step down from that role that I haven't been doing anyway.16:42
Davieyrbasak: I just sent an RT asking for a new password.  Once that is sent to me, i'll add you as a moderator and drop SpamapS.16:43
Davieystrikov: TBH, you are probably better off subscribing and then sending it again.. Will be quicker16:43
tewardDaviey: i think you meant me? :)16:44
Davieyerr, yes - sorry16:44
tewardi'll resend then since i subscribed xD16:44
tewardthanks16:44
=== mgriffin__ is now known as mgriffin
=== d__ is now known as Guest49303
=== ming is now known as Guest91806
=== NomadJim_ is now known as NomadJim
OliPicardhi everyone was wondering how do you create a simple upstart script for Ubuntu? I want to turn this  su kippo -c /home/kippo/kippo/start.sh into a script form.20:47
sarnoldOliPicard: if you haven't found it yet, this guide is fantastic http://upstart.ubuntu.com/cookbook/21:21
sarnoldOliPicard: this can replace the 'su kippo' bit: http://upstart.ubuntu.com/cookbook/#setuid21:21
OliPicardsarnold: Thanks, In the end as the script is only called during boot I went with rc.local to run the script21:24
sarnoldOliPicard: works well :)21:25
OliPicardYup :)21:25
sarnoldanother option, since you're running it as as user, is the @reboot directive to vixie cron21:25
sarnoldI prefer your method if you're also the aadmin of the server21:25
sarnoldbut if all you have is a user account, @reboot can be handy :)21:25
OliPicardah it's all good :)21:25
OliPicardit's a honeypot i'm running at the moment21:26
sarnoldoo fun!21:26
OliPicardYup we have hits from China, Poland and Germany21:27
OliPicardI'm going to modify the virtual file system and put some fake passwords in a txt file on the home directory to see if anyone notices.21:28
jrwreni used to admin one of the largest honeypots in the world. atlas.arbor.net :)21:59
jrwrenit was a lot of fun.21:59
jrwrenalso, darknet is fun21:59
=== zz_DenBeiren is now known as DenBeiren
tewardso, i had to migrate a domain nameserver to a new server IP, and apparently something's blocking it although I have ACCEPT in the rules for the firewall.  Should I talk to the VPS host?23:09
sarnoldteward: before doing so, check netstat -lnp output against nmap -p53 add.rre.ss output23:12
sarnoldmaybe it's something simple like a bind address in a config file..23:12
tewardoooo good point23:13
tewardi forgot about that xD23:13
tewardsarnold: wow I feel stupid as sin now :/23:13
tewardit's the python!  it's been eating at my brains for three days while i rewrite poor code in the first place23:14
sarnoldpython'll do that ;)23:14
tewardsarnold: especially when it was written POOR23:14
tewardand when it's on a Hardy box that management won't let me upgrade23:14
sarnoldhardy23:15
sarnoldwow23:15
tewardsarnold: and I had to do uname -a just to do that >.<23:15
sarnoldmy second security update was for perl, and the hardy perl package gave me more trouble than all the other supported releases put together. I was not sad to see hardy EOL. :)23:15
tewards/do that/figure that out/23:16
tewardsarnold: i'm sad that there's so many home grown python solutions23:16
tewardand i spent 4 days REWRITING THE LOGIC for a program just so it can check its pid better23:16
sarnoldsounds miserable :/23:16
tewardwell it's DONE23:16
tewardand it WORKS23:16
tewardand work owes me money23:16
sarnold:D23:17
tewardsarnold: the bind9 not binding to the correct IP resolved the issue23:18
sarnoldteward: woot :)23:18
tewardi feel silly not checking that XD23:18
teward(and DNSSEC migrated over too which makes me hapy)23:18
tewardhappy*23:18
sarnoldhehe, it's easy to overlook amongst everything else..23:18
teward:P23:19
tewardsarnold: well, DNSSEC is relatively easier than I thought23:19
tewardat first I was all "WHY IS IT THIS HARD"23:19
tewardthen I was like "Oh......... that's not that hard xD"23:19
sarnoldteward: it feels like the actual mechanics of what you need to do are simpler than the descriptions of what is done and why..23:19
tewardmhm23:20
sarnoldi've been happy to avoid running my own nameservers, so it's all acedemic to me anyhow23:20
tewardwell i'm tired of zoneedit, and gandi doesn't update nameserver data fast enough, so i said "I'LL RUN IT MYSELF!"23:20
tewardnot sad I did though because I had to set this up for work anyways for something xD23:20
sarnoldwoo23:20
tewardand i have a set of 3 dedicated VPSes just for DNS23:21
tewardone master, two slaves23:21
tewardthe glue records were the hard part23:21
tewardoh look i'm rambling again :/23:21
tewardsarnold: are you going to be present at the server team meeting on tuesday?23:22
sarnoldteward: I'm not planning on it..23:22
tewardok.  i'd like sec team input eventually, the big issue: debian has nginx 1.9.1, which is Mainline, and a feature development branch.  stable is 1.8.x.23:23
tewardso...23:23
tewardcan't do merging or anything until a decision on it is reached... by consensus23:23
tewardsince it'll affect Wily and likely the LTS23:23
tewardi dropped an email to the server team list though :)23:24
tewardsarnold: although I do have info WRT nginx backporting critical fixes and security patches and helping with that, though23:26
tewardnot a huge issue, but more one I would like input on from MORE than just me :P23:26
sarnoldteward: hmm, it looks sort of like debian doesn't have any 1.8 branches packaged up; is that correct?23:27
tewardsarnold: they skipped it, yes.23:27
tewardsarnold: although i can apply their packaging to 1.8.x, which I do in the PPAs anyways23:27
teward(so it's not an issue to apply that then apply the existing Ubuntu delta)23:27
tewardpending a req from NGINX to remove the Ubuntu specific page and use the one they ship23:28
tewardwhich is another issue, but the version to go with for Wily+ is the bigger issue23:28
tewardsarnold: https://lists.ubuntu.com/archives/ubuntu-server/2015-June/007072.html is the email I dropped on the list23:28
sarnoldthanks23:28
sarnoldteward: awesome, thanks for the good context there :) -- going with 1.9.x for wily is probably the thing to do. I'd love to see nginx release 1.10 early enough in april for the packaging to adapt it before 16.04 LTS, but even if it's a "late" 1.9.x it'll probably be close enough to 1.10 for security updates to mostly apply.23:34
sarnoldteward: since they've only comitted to one year for the stable releases, four years of 16.04 LTS support will be backporting anyway. it's not like they have some lts releases and short-term releases..23:35
tewardsarnold: well, i have it on the authority of a senior dev advocate from nginx itself that they'll help backporting23:35
tewardsince Ubuntu is one of the major OSes nginx is on23:35
tewardthat includes security fixes too :P23:35
tewardsarnold: I think we should stick to what we already have present in Ubuntu - use stable, for Wily and LTS, wait for LTS+1 to get 1.10, then backport, but... *shrugs*23:36
tewardsarnold: as I said, I want MORE than just my thoughts to be known23:37
tewardsarnold: since I have no idea how long Debian will follow Mainline23:37
teward(which is, of course, a in-development features-are-updating-and-being-created release)23:37
tewardsarnold: i also believe the April release date is going to be missed23:37
tewardApril 21 is damn close to the release dates we usually release on23:37
sarnoldheh, they're sending signs of that already? :)23:38
sarnoldahh I see23:38
tewardsarnold: estimating the same release timeperiod...23:38
tewardthen we are cutting it microscopically close to FinalFreeze dates23:38
tewardgranted I don't have the schedule for LTS here23:39
tewardsarnold: have I mentioned that this is Debian's fault?  :P23:39
tewardsarnold: the other option is "Do nothing, wait to LTS"23:39
tewardand i nitpick the fixes for a few bugs to fix those, and nothing more23:40
teward(the NGINX PPAs still provide both Stable and Mainline for people that want newer)23:40
tewardi'm more concerned about the verison in LTS than Wily23:40
tewardespecially with the Lua question23:40
sarnoldwell, packaging "unstable" versions of upstream software for their unstable release makes some sense, might as well have the debian unstable userbase kick fixes up to nginx23:40
tewardmmm23:40
sarnoldnot having any 1.8 is an odd unfortunate consequence but I can see how they got there, too, heh23:41
tewardmmm23:41
tewardit's debian's fault for that23:41
tewardsarnold: debian operates weird on this, Debian Release happens, they use Mainline in unstable, until April and the next Stable release23:41
tewardat least AIUI23:41
tewardsarnold: one option is to later upgrade 1.9.x in LTS to 1.10.x *after* release, but we get into Release hell that way23:42
tewardbut as we get closer to LTS we can discuss that, depending on what we end up with the server team meeting, as I kinda want a consensus because Main is involved23:42
teward(if it were just Universe I wouldn't hesitate as much xD)23:42
tewardoh shoot i have to add the email link to the Agenda page, crap!23:43
tewardthere we go23:44
tewardsarnold: I'm not wrong in looping in the Server Team for input on this, am I?23:45
teward(you're also free to voice in on the email, as well, as that'll all end up discussed at the meeting more)23:46
sarnoldteward: seems like a good idea to me, they know their user desires better than I do :)23:46
tewardsarnold: indeed, but they also have more say on it than I23:46
tewardsarnold: still, especially with nginx-core in Main, I don't want to make unilateral decisions xD23:46
tewardsarnold: can you consider emailing what your opinion is on 1.8.x vs. 1.9.x to the list?23:49
tewardso that others can also know there's some discussion on this23:49
teward(especially so that by the time the meeting happens we're all uptodate)23:49
sarnoldteward: could you please bounce me a copy of the mail? seth.arnold@canonical.com23:49
tewardsarnold: yeah, is a forward sufficient enough?23:52
sarnoldteward: a bounce would thread instead.. if not, I'll look around for an mbox to download23:52
tewardexplain "boucne" to me btw23:53
* teward is tired :)23:53
tewardafter staring and beating Hardy python to dust i'm exhausted23:53
tewardthe coffee is keeping me awake :)23:53
sarnoldteward: a bounce is a lot like an after-the-fact BCC: -- all the headers are left as they are in your mbox, including message-id, references, to, from, subject, etc; but the mail is delivered to whatever address was 'bounced' to23:54
tewardsarnold: mmm, i'm not sure I have the capability to issue that from here... at least, not in Thunderbird23:54
teward(I'm also not a list admin so...)23:54
tewardis https://lists.ubuntu.com/archives/ubuntu-server/2015-June.txt not sufficient enough to use for mbox and such on it?23:55
* teward yawns23:55
tewardokay, i'm off to sleep before I fall asleep on my keyboard.  (messages logged)23:55
sarnoldteward: heh yeah looks like thunderbird reqauires a plugin fo rit23:55
sarnoldteward: good night! those headeers look good enough :)23:55
tewardsarnold: if you know of a thunderbird plugin that'd be great23:58
tewardand thanks, i'm headed off.23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!