[01:54] <pmatulis> does anyone here use atop? i'm wondering why debian/ubuntu is 5 years behind upstream
[01:54] <Patrickdk> how so?
[01:55] <Patrickdk> it's in universe
[01:55] <Patrickdk> if someone wanted to update it, they would have
[01:56] <Patrickdk> interesting, it is up to date with upstream, exactly up to date
[01:58] <tarpman> pmatulis: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729614 seems to have some activity. looks like the maintainer is just busy...
[08:43] <lordievader> Good morning.
[08:44] <lordievader> pmatulis: I do.
[08:44] <lordievader> It's on all my servers/vm's
[08:45] <OpenTokix> What is the killer feature of atop?
[08:46] <lordievader> It puts a lot of information together and it has better process tracking.
[08:47] <lordievader> Very short lived processes are still seen by atop were top or htop might not show them.
[08:47] <lordievader> OpenTokix: http://www.atoptool.nl/
[08:48] <OpenTokix> cool
[08:49] <OpenTokix> If you are workign with performance issues, - I can highly recommend any talk by brendan gregg, and also his tool collection on his github-page.
[08:50] <lordievader> I don't have performance issues, but please share the talk :)
[08:51] <OpenTokix> any talk, he has many
[08:51] <OpenTokix> check out the youtubes
[08:51] <lordievader> Allright, I'll check it out. Thanks.
[09:25] <rbasak> jdstrand: kickinz1 has finished backporting and testing docker.io on Trusty. He can't see a failure that we were expecting with the AppArmor profile. I think you said we'd expect to have to remove the Unix socket support for it to work on Trusty?
[09:26] <rbasak> jdstrand: any hints as to how to exercise the failure mode, or is it possible that it's working correctly without needing any changes?
[09:27] <huwenfeng> in pxe installation, if the dhcp failed for some reason, like tempority network congestion, it will prompt the Configure TCP/IP screen. How can I prevent this screen from showing up? just let the system keep trying to dhcp to get the address?
[09:27] <huwenfeng> like the problem describe in url : http://serverfault.com/questions/169295/kickstarting-an-ubuntu-server-10-04-installation-dhcp-fails
[09:28] <huwenfeng> edition is not 10.04, but the problem is exactly the same.
[11:22] <Guest99947> hello
[11:23] <Guest99947> can any one help me , I have one sso server which have to make public. I have reverse proxy
[11:33] <OpenTokix> Why the hell are you tryuing to kickstart a debianinstallation?
[11:34] <OpenTokix> Nevermind, I dont want to know
[11:34] <OpenTokix> huttan: you have the answer lower, - you need to add bootproto=dhcp
[12:56] <jdstrand> rbasak: we should only see the failure if the policy has the newer rules. where are the packages?
[13:06] <rbasak> jdstrand: test packages here: https://launchpad.net/~docker-maint/+archive/ubuntu/staging
[13:20] <smoser> smb, around ?
[13:20] <smoser> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462530 has some more information now.
[13:21] <smoser> leftycb posted his install log and a boot log full of errors (comment 27)
[13:21] <smoser> my install yesterday that i thought was all happy, this morning shows errors like:
[13:21] <smoser> [54550.928492] EXT4-fs error (device dm-9): htree_dirblock_to_tree:914: inode #7078166: block 28319821: comm updatedb.mlocat: bad entry in directory: directory entry across range - offset=0(0), inode=0, rec_len=98572, name_len=74
[13:21] <smoser> i can get you access to borbein if you want.
[13:27] <smb> smoser, hm ok. I will have a look
[13:37] <teward> rbasak: sarnold: ping, when's the next server team meeting i need some input from the team on some nginx things... :/
[13:37] <rbasak> 2 June, apparently.
[13:37] <rbasak> zul: update the wiki page please?
[13:37] <rbasak> teward: Tuesday at 1600 UTC
[13:37] <zul> rbasak: oops
[13:39] <teward> rbasak: OK, it's mostly a need to consult with others on Course Of Action - i'll bring it up at the meeting, and *hopefully* i can get enough time in my break at work to attend.
[13:39] <teward> if not i'll drop an email to the server list
[13:39] <rbasak> teward: sure. Stick it in the agenda please?
[13:40] <rbasak> Not that you have to, but it'll help if others know what you're asking in advance so they can think about it.
[13:40] <rbasak> The mailing list works too
[13:40] <teward> rbasak: link, please, since Google's down for me, and my bookmarks accidentially explodified?
[13:40] <teward> :P
[13:40] <rbasak> teward: https://wiki.ubuntu.com/ServerTeam/Meeting
[13:40] <teward> rbasak: i'll add it, and send a ML item on it.  Basically, Debian's making life hard :P
[13:40] <rbasak> Thanks!
[13:42] <teward> rbasak: should i put it under "Open Discussion" or its own item, say, after the events but before open discussion?
[13:42] <teward> (first time adding a big item to the list xD)
[13:43] <rbasak> teward: before open discussion I guess. It doesn't really matter. We're pragmatic and flexible :)
[13:44] <teward> indeed
[14:00] <teward> rbasak: added, and mailed to the list, assuming it doesn't get hung up in email limbo
[14:01] <teward> rbasak: and I'm not kidding - the decision that has to be made is a doozy
[14:01] <teward> 'cause it impacts Wily now, and likely the LTS
[14:02] <teward> s/LTS/Next LTS/
[14:02] <teward> and i need input from others before making a decision on my own :P
[14:02] <teward> bah it's stuck in the mod queue
[14:02] <teward> figures, i need to add this email back into the list :/
[14:02] <teward> (not sending with @ubuntu.com means it's stuck)
[14:12] <rbasak> jdstrand: http://paste.ubuntu.com/11702193/ is the gen.go with your patch applied in Wily, and http://paste.ubuntu.com/11701102/ is the profile kickinz1 generated using the Trusty backport. Which bit of that is expected to fail?
[14:12] <rbasak> I don't see anything related to sockets. dbus maybe?
[14:28] <teward> can someone unmoderate my email to the Ubuntu Server list, as it is in reference to an item I've put on the Server Team agenda?
[14:40] <jdstrand> rbasak: ah thanks-- I got pulled aside. let me look
[14:41] <rbasak> SpamapS, Daviey: ^^ ubuntu-server list admin please. You seem to be the only moderators ATM. Should that change?
[14:41] <genii> Hm
[14:42] <genii> Oh, mailing list
[14:42] <jdstrand> rbasak: both will work fine for trusty, however wily doesn't have any 'unix' rules so it will fail
[14:43] <jdstrand> rbasak: in other words, wily is missing something it needs that would have to be removed from the trusty backport, which is why trusty is currently ok
[14:45] <jdstrand> rbasak: actually, I don't see anything in vivid's package for unix rules. I guess the base abstraction is sufficient
[14:46] <jdstrand> rbasak: (the base abstraction has several unix rules)
[14:46] <jdstrand> rbasak: so if wily and trusty test out, it should all be fine
[15:23] <teward> rbasak: list moderators discussion - item for server team meeting perhaps?
[15:37] <strikov> smb: smoser: https://bugzilla.redhat.com/show_bug.cgi?id=630911
[15:43] <smoser> strikov, so maybe we just have to get the bindings file created
[15:45] <strikov> smoser: it gets created when you install multipath-tools-boot
[15:45] <strikov> smoser: it's just doesn't go into initramfs
[15:46] <smoser> i thought i saw somehwere where it got copied.
[15:46] <smoser> let me look
[15:46] <strikov> smoser: we may have some issues with spaces there as well, here is what i have there inside a vm:
[15:46] <strikov> mpath0 0QEMU    QEMU HARDDISK   ABCDEFGH
[15:46] <strikov> mpath1 0QEMU    QEMU HARDDISK   HGFEDCBA
[15:47] <SpamapS> rbasak: yes that should change...
[15:48] <smoser>  strikov /usr/share/initramfs-tools/hooks/multipath
[15:48] <smoser> see that.
[15:49] <strikov> smb: smoser: and returning back to our discussion about a possibility to partition mpath devices; i just did it with cfdisk and i see /dev/mapper/mpath1-part1 automatically created w/o a reboot (so it was able to re-read pt)
[15:53] <smoser> strikov, i think /etc/multipath/bindings is not getting created by multipath install
[15:53] <strikov> smoser: hm, i see it in the vm
[15:53] <strikov> smoser: just after installing the package
[15:53] <smoser> really?
[15:53] <smoser> hm..
[15:53] <smoser> on my power8 system:
[15:53] <smoser> $ sudo ls -altr /etc/multipath/bindings
[15:53] <smoser> -rw------- 1 root root 528 Jun 12 13:42 /etc/multipath/bindings
[15:53] <strikov> smoser: could you verify it on power?
[15:53] <smoser> $ uptime
[15:53] <smoser>  15:53:54 up  2:12,  1 user,  load average: 0.00, 0.01, 0.05
[15:54] <smoser> smb said its not in the initramfs
[15:54] <strikov> smoser: let me check my initramfs
[15:55] <smoser> i think on power8 system there it got craeetd on first boot
[15:55] <smoser> yeah..
[15:58] <strikov> smoser: i have bindings file inside initramfs
[15:58] <rbasak> teward: are you volunteering as the new list moderator? :)
[15:58] <strikov> smoser: could you try to unpack power8's one?
[15:58] <smoser> strikov, if you update-initramfs i suspect you will
[15:58] <smoser> its not there. smb says it needs to be (as does your RH link)
[15:59] <smoser> i dont know what creates it.
[15:59] <smoser> but when we install the package
[15:59] <smoser> we have daemons disabled from starting
[15:59] <rbasak> jdstrand: OK. Thanks!
[15:59] <strikov> hm, but we update initramfs from curtin, right?
[15:59] <smoser> (which is by design)
[15:59] <smoser> so i think something that creates it is not being run . and then not picked up.
[15:59] <smoser> that make sense ?
[16:00] <smoser> the multipath-tools package has 2 init.d scripts that would be urn
[16:00] <strikov> let me replay the whole thing in vm and note when it gets created
[16:01] <smoser> so on that system..
[16:01] <smoser> i did:
[16:01] <smb> smoser, initrd is unpacked on the host you showed me (which I am done with btw)
[16:02] <smoser> lsinitramfs /boot/initrd.img-$(uname -r) | sort > out.orig
[16:02] <smb> as done as I think I am with this week
[16:02] <smoser> update-initramfs -u -k $(uname -r)
[16:02] <smoser> lsinitramfs /boot/initrd.img-$(uname -r) | sort > out.new
[16:02] <smoser> diff -u out.orig out.new
[16:02] <smoser> +etc/multipath
[16:02] <smoser> +etc/multipath/bindings
[16:03] <smoser> thanks smb
[16:03] <smoser> we just need to do something to get it created so that it can be collected
[16:06] <smoser> running multipathd definitely creates it.
[16:07] <teward> rbasak: heh
[16:08] <smoser> service multipath-tools stop; rm -Rf /etc/multipath; service multipath-tools start;
[16:08] <teward> rbasak: y'know, I WOULD, if it weren't for the fact I have work 9-10 hours a day, and college, and a few other things
[16:08] <smoser> strikov, ^ after that, then /etc/multipath exists
[16:13] <strikov> smoser: you run update-initramfs after the first boot in multipath mode, right?
[16:15] <strikov> smoser: ha, you know what
[16:15] <strikov> smoser: i figured out why i had bindings inside initramfs w/o all this mumbo-yumbo with update-initramfs
[16:15] <strikov> smoser: to speedup things i created /etc/multipath.conf with friendly names *before* installing multipath-tools-boot
[16:21] <rbasak> Daviey: are you OK to continue moderating the ubuntu-server list?
[16:22] <Daviey> rbasak: I am indifferent, I probably only done about 3 (on request) approvals over the last year tho.
[16:23] <teward> Daviey: if you can approve the one i sent from my trekweb.org address that'd be amazing
[16:23] <teward> since it's related to the action / discussion item on the agenda for the server meeting
[16:24] <rbasak> Daviey: as nobody else has stepped up, could you add me as a co-moderator please?
[16:25] <rbasak> Daviey: and remove SpamapS I guess, unless he objects.
[16:25] <rbasak> (I think he wants to step down unless I misunderstood)
[16:25] <strikov> smoser: yep, i just confirmed ^^^
[16:25] <strikov> smoser: so we can include the file into initramfs by shuffling curtin's code to create file before installing the tools.
[16:28] <Daviey> rbasak: I seem not to have the password on this machine, looking.
[16:42] <SpamapS> rbasak: you were correct, I think it's time for me to step down from that role that I haven't been doing anyway.
[16:43] <Daviey> rbasak: I just sent an RT asking for a new password.  Once that is sent to me, i'll add you as a moderator and drop SpamapS.
[16:43] <Daviey> strikov: TBH, you are probably better off subscribing and then sending it again.. Will be quicker
[16:44] <teward> Daviey: i think you meant me? :)
[16:44] <Daviey> err, yes - sorry
[16:44] <teward> i'll resend then since i subscribed xD
[16:44] <teward> thanks
[20:47] <OliPicard> hi everyone was wondering how do you create a simple upstart script for Ubuntu? I want to turn this  su kippo -c /home/kippo/kippo/start.sh into a script form.
[21:21] <sarnold> OliPicard: if you haven't found it yet, this guide is fantastic http://upstart.ubuntu.com/cookbook/
[21:21] <sarnold> OliPicard: this can replace the 'su kippo' bit: http://upstart.ubuntu.com/cookbook/#setuid
[21:24] <OliPicard> sarnold: Thanks, In the end as the script is only called during boot I went with rc.local to run the script
[21:25] <sarnold> OliPicard: works well :)
[21:25] <OliPicard> Yup :)
[21:25] <sarnold> another option, since you're running it as as user, is the @reboot directive to vixie cron
[21:25] <sarnold> I prefer your method if you're also the aadmin of the server
[21:25] <sarnold> but if all you have is a user account, @reboot can be handy :)
[21:25] <OliPicard> ah it's all good :)
[21:26] <OliPicard> it's a honeypot i'm running at the moment
[21:26] <sarnold> oo fun!
[21:27] <OliPicard> Yup we have hits from China, Poland and Germany
[21:28] <OliPicard> I'm going to modify the virtual file system and put some fake passwords in a txt file on the home directory to see if anyone notices.
[21:59] <jrwren> i used to admin one of the largest honeypots in the world. atlas.arbor.net :)
[21:59] <jrwren> it was a lot of fun.
[21:59] <jrwren> also, darknet is fun
[23:09] <teward> so, i had to migrate a domain nameserver to a new server IP, and apparently something's blocking it although I have ACCEPT in the rules for the firewall.  Should I talk to the VPS host?
[23:12] <sarnold> teward: before doing so, check netstat -lnp output against nmap -p53 add.rre.ss output
[23:12] <sarnold> maybe it's something simple like a bind address in a config file..
[23:13] <teward> oooo good point
[23:13] <teward> i forgot about that xD
[23:13] <teward> sarnold: wow I feel stupid as sin now :/
[23:14] <teward> it's the python!  it's been eating at my brains for three days while i rewrite poor code in the first place
[23:14] <sarnold> python'll do that ;)
[23:14] <teward> sarnold: especially when it was written POOR
[23:14] <teward> and when it's on a Hardy box that management won't let me upgrade
[23:15] <sarnold> hardy
[23:15] <sarnold> wow
[23:15] <teward> sarnold: and I had to do uname -a just to do that >.<
[23:15] <sarnold> my second security update was for perl, and the hardy perl package gave me more trouble than all the other supported releases put together. I was not sad to see hardy EOL. :)
[23:16] <teward> s/do that/figure that out/
[23:16] <teward> sarnold: i'm sad that there's so many home grown python solutions
[23:16] <teward> and i spent 4 days REWRITING THE LOGIC for a program just so it can check its pid better
[23:16] <sarnold> sounds miserable :/
[23:16] <teward> well it's DONE
[23:16] <teward> and it WORKS
[23:16] <teward> and work owes me money
[23:17] <sarnold> :D
[23:18] <teward> sarnold: the bind9 not binding to the correct IP resolved the issue
[23:18] <sarnold> teward: woot :)
[23:18] <teward> i feel silly not checking that XD
[23:18] <teward> (and DNSSEC migrated over too which makes me hapy)
[23:18] <teward> happy*
[23:18] <sarnold> hehe, it's easy to overlook amongst everything else..
[23:19] <teward> :P
[23:19] <teward> sarnold: well, DNSSEC is relatively easier than I thought
[23:19] <teward> at first I was all "WHY IS IT THIS HARD"
[23:19] <teward> then I was like "Oh......... that's not that hard xD"
[23:19] <sarnold> teward: it feels like the actual mechanics of what you need to do are simpler than the descriptions of what is done and why..
[23:20] <teward> mhm
[23:20] <sarnold> i've been happy to avoid running my own nameservers, so it's all acedemic to me anyhow
[23:20] <teward> well i'm tired of zoneedit, and gandi doesn't update nameserver data fast enough, so i said "I'LL RUN IT MYSELF!"
[23:20] <teward> not sad I did though because I had to set this up for work anyways for something xD
[23:20] <sarnold> woo
[23:21] <teward> and i have a set of 3 dedicated VPSes just for DNS
[23:21] <teward> one master, two slaves
[23:21] <teward> the glue records were the hard part
[23:21] <teward> oh look i'm rambling again :/
[23:22] <teward> sarnold: are you going to be present at the server team meeting on tuesday?
[23:22] <sarnold> teward: I'm not planning on it..
[23:23] <teward> ok.  i'd like sec team input eventually, the big issue: debian has nginx 1.9.1, which is Mainline, and a feature development branch.  stable is 1.8.x.
[23:23] <teward> so...
[23:23] <teward> can't do merging or anything until a decision on it is reached... by consensus
[23:23] <teward> since it'll affect Wily and likely the LTS
[23:24] <teward> i dropped an email to the server team list though :)
[23:26] <teward> sarnold: although I do have info WRT nginx backporting critical fixes and security patches and helping with that, though
[23:26] <teward> not a huge issue, but more one I would like input on from MORE than just me :P
[23:27] <sarnold> teward: hmm, it looks sort of like debian doesn't have any 1.8 branches packaged up; is that correct?
[23:27] <teward> sarnold: they skipped it, yes.
[23:27] <teward> sarnold: although i can apply their packaging to 1.8.x, which I do in the PPAs anyways
[23:27] <teward> (so it's not an issue to apply that then apply the existing Ubuntu delta)
[23:28] <teward> pending a req from NGINX to remove the Ubuntu specific page and use the one they ship
[23:28] <teward> which is another issue, but the version to go with for Wily+ is the bigger issue
[23:28] <teward> sarnold: https://lists.ubuntu.com/archives/ubuntu-server/2015-June/007072.html is the email I dropped on the list
[23:28] <sarnold> thanks
[23:34] <sarnold> teward: awesome, thanks for the good context there :) -- going with 1.9.x for wily is probably the thing to do. I'd love to see nginx release 1.10 early enough in april for the packaging to adapt it before 16.04 LTS, but even if it's a "late" 1.9.x it'll probably be close enough to 1.10 for security updates to mostly apply.
[23:35] <sarnold> teward: since they've only comitted to one year for the stable releases, four years of 16.04 LTS support will be backporting anyway. it's not like they have some lts releases and short-term releases..
[23:35] <teward> sarnold: well, i have it on the authority of a senior dev advocate from nginx itself that they'll help backporting
[23:35] <teward> since Ubuntu is one of the major OSes nginx is on
[23:35] <teward> that includes security fixes too :P
[23:36] <teward> sarnold: I think we should stick to what we already have present in Ubuntu - use stable, for Wily and LTS, wait for LTS+1 to get 1.10, then backport, but... *shrugs*
[23:37] <teward> sarnold: as I said, I want MORE than just my thoughts to be known
[23:37] <teward> sarnold: since I have no idea how long Debian will follow Mainline
[23:37] <teward> (which is, of course, a in-development features-are-updating-and-being-created release)
[23:37] <teward> sarnold: i also believe the April release date is going to be missed
[23:37] <teward> April 21 is damn close to the release dates we usually release on
[23:38] <sarnold> heh, they're sending signs of that already? :)
[23:38] <sarnold> ahh I see
[23:38] <teward> sarnold: estimating the same release timeperiod...
[23:38] <teward> then we are cutting it microscopically close to FinalFreeze dates
[23:39] <teward> granted I don't have the schedule for LTS here
[23:39] <teward> sarnold: have I mentioned that this is Debian's fault?  :P
[23:39] <teward> sarnold: the other option is "Do nothing, wait to LTS"
[23:40] <teward> and i nitpick the fixes for a few bugs to fix those, and nothing more
[23:40] <teward> (the NGINX PPAs still provide both Stable and Mainline for people that want newer)
[23:40] <teward> i'm more concerned about the verison in LTS than Wily
[23:40] <teward> especially with the Lua question
[23:40] <sarnold> well, packaging "unstable" versions of upstream software for their unstable release makes some sense, might as well have the debian unstable userbase kick fixes up to nginx
[23:40] <teward> mmm
[23:41] <sarnold> not having any 1.8 is an odd unfortunate consequence but I can see how they got there, too, heh
[23:41] <teward> mmm
[23:41] <teward> it's debian's fault for that
[23:41] <teward> sarnold: debian operates weird on this, Debian Release happens, they use Mainline in unstable, until April and the next Stable release
[23:41] <teward> at least AIUI
[23:42] <teward> sarnold: one option is to later upgrade 1.9.x in LTS to 1.10.x *after* release, but we get into Release hell that way
[23:42] <teward> but as we get closer to LTS we can discuss that, depending on what we end up with the server team meeting, as I kinda want a consensus because Main is involved
[23:42] <teward> (if it were just Universe I wouldn't hesitate as much xD)
[23:43] <teward> oh shoot i have to add the email link to the Agenda page, crap!
[23:44] <teward> there we go
[23:45] <teward> sarnold: I'm not wrong in looping in the Server Team for input on this, am I?
[23:46] <teward> (you're also free to voice in on the email, as well, as that'll all end up discussed at the meeting more)
[23:46] <sarnold> teward: seems like a good idea to me, they know their user desires better than I do :)
[23:46] <teward> sarnold: indeed, but they also have more say on it than I
[23:46] <teward> sarnold: still, especially with nginx-core in Main, I don't want to make unilateral decisions xD
[23:49] <teward> sarnold: can you consider emailing what your opinion is on 1.8.x vs. 1.9.x to the list?
[23:49] <teward> so that others can also know there's some discussion on this
[23:49] <teward> (especially so that by the time the meeting happens we're all uptodate)
[23:49] <sarnold> teward: could you please bounce me a copy of the mail? seth.arnold@canonical.com
[23:52] <teward> sarnold: yeah, is a forward sufficient enough?
[23:52] <sarnold> teward: a bounce would thread instead.. if not, I'll look around for an mbox to download
[23:53] <teward> explain "boucne" to me btw
[23:53]  * teward is tired :)
[23:53] <teward> after staring and beating Hardy python to dust i'm exhausted
[23:53] <teward> the coffee is keeping me awake :)
[23:54] <sarnold> teward: a bounce is a lot like an after-the-fact BCC: -- all the headers are left as they are in your mbox, including message-id, references, to, from, subject, etc; but the mail is delivered to whatever address was 'bounced' to
[23:54] <teward> sarnold: mmm, i'm not sure I have the capability to issue that from here... at least, not in Thunderbird
[23:54] <teward> (I'm also not a list admin so...)
[23:55] <teward> is https://lists.ubuntu.com/archives/ubuntu-server/2015-June.txt not sufficient enough to use for mbox and such on it?
[23:55]  * teward yawns
[23:55] <teward> okay, i'm off to sleep before I fall asleep on my keyboard.  (messages logged)
[23:55] <sarnold> teward: heh yeah looks like thunderbird reqauires a plugin fo rit
[23:55] <sarnold> teward: good night! those headeers look good enough :)
[23:58] <teward> sarnold: if you know of a thunderbird plugin that'd be great
[23:58] <teward> and thanks, i'm headed off.