[00:53] <petersfreeman> I'm having difficulty connecting to my printer.  I set up a USB connected printer attached to my print server using CUPS.  From my desktop,  I let it find the printer connected to the server (Server and Desktop are on the same LAN).  I can print a test page from CUPS connected to the server (192.168.0.xx:631, but I cannot print a test page from CUPS connected to my desktop (localhost:631).  Ideas?
[00:59] <sarnold> check cups logs on both systems?
[02:05] <petersfreeman> Sarnold:  got it working.  Thaks
[02:05] <sarnold> petersfreeman: nice, what was it?
[03:02] <Demon_Jester> Hey guys, I am in a situation hopefully you can help me. So for some reason I decided to make my boot partition 400gb. I am wanting to move that 400gb of free space from sda1 to sda6, is there a way for me to do that? or what would I have to do.
[05:49] <DeadVillain> hello all
[06:46] <ikonia> win 6
[08:11] <lordievader> Good morning.
[12:06] <mdeslaur> dannf: I'm going to release security updates for mysql, can you confirm that the packages in -proposed are all tested?
[12:08] <mdeslaur> dannf: also, since we always ship the latest upstream mysql, I'm not sure how we're supposed to maintain those patches...have they been submitted upstream?
[12:09] <bekks> They are proposed and not yet finally tested. If they are tested fully. They are moved out of proposed.
[12:57] <kevin070982> hi there
[12:57] <kevin070982> need help for ubuntu server
[12:58] <kevin070982> our Raid1 sytem failed to start after a power loose in our place
[13:03] <kevin070982> anybody here?
[13:06] <rbasak> !patience
[13:07] <kevin070982> no boot paste.ubuntu.com
[13:08] <rbasak> You might want to state your actual problem though. Volunteers tend not to want to commit to helping someone with open ended problems because they tend to take an open ended amount of time.
[13:08] <kevin070982> no boot http://paste.ubuntu.com/11887633/
[13:08] <kevin070982> softraid
[13:27] <lordievader> kevin070982: Did you boot a live stick, is your data still there?
[13:33] <kevin070982> i will boot via live stick in few minutes
[13:33] <kevin070982> still downloading one
[13:33] <kevin070982> the question is what is the best way to make the raid work again
[13:33] <kevin070982> seems to me that the bootloader didn^t load the raid partition
[13:36] <lordievader> First see if the data is still there. See what the damage is.
[13:47] <dannf> mdeslaur: the only thing that still needs testing is the trusty update, which FTBFS due to an unrelated issue. there's a fix for that in the sru queue.
[13:48] <dannf> mdeslaur: oracle is looking at fixing it - they can't take my fix because it's a port from mariadb that wasn't contributed under the OCA (noted in the dep3)
[13:49] <dannf> mdeslaur: trusty mysql-5.5 is good, mysql-5.6 is the one in the SRU queue
[13:52] <mdeslaur> dannf: all I care about is mysql-5.5/trusty, mysql-5.5/utopic and mysql-5.6/vivid
[13:52] <mdeslaur> dannf: are those tested?
[13:52] <dannf> mdeslaur: yes they are
[13:54] <rbasak> o/
[13:54] <rbasak> dannf: http://paste.ubuntu.com/11887850/ to catch up from #ubuntu-hardened
[13:55] <rbasak> (sorry I didn't notice this concurrent conversation)
[13:55] <mdeslaur> dannf: so I wasn't part of the original discussion with regards to those patches...I added my concerns to the bug
[13:55] <mdeslaur> but rbasak has now told me it's been discussed
[13:56] <mdeslaur> dannf: so my understanding is that if I prepare a new mysql version and the patches don't apply I just ignore them?
[13:57] <dannf> mdeslaur: that would cause memory corruption for ppc64el/arm64 users
[13:57] <mdeslaur> of course, that is likely to regress users who think mysql is usable in trusty
[13:57] <dannf> so i don't think ignoring them is a good approach
[13:57] <mdeslaur> dannf: right, so are you commiting to getting me updated and tested patches for each new mysql release as soon as it comes out?
[13:58] <rbasak> My understanding was that if dannf's team can't fix it, then we wouldn't hold up a security update for the other archs.
[13:58] <mdeslaur> I can't selectively publish archs
[13:58] <mdeslaur> unless it FTBFS
[13:58] <rbasak> Right, so that would mean regressing arm64 etc.
[13:59] <mdeslaur> rbasak, dannf: if the patches do appear to apply, and it builds, do I release the new version without testing on ppc64el and arm64?
[14:00] <rbasak> I'd say yes.
[14:00] <dannf> mdeslaur: to the extent reasonable, yes (i commit to updating), but that does need some time
[14:00] <rbasak> Again, I apologise for not speaking to you before. I don't want to see this as a done thing - if that doesn't work for you, we should speak and reconsider.
[14:00] <dannf> mdeslaur, rbasak +1 - if it applies, go for it
[14:02]  * dannf understands this is a bad situation - wish i could do more, but nothing i can personally do since i don't hold copyright on the fix
[14:02] <dannf> but i can poke oracle again and ask about status
[14:03] <rbasak> I wonder if we should reconsider Oracle MySQL's place in main on the basis of this issue.
[14:04] <rbasak> On one hand the patch author won't sign Oracle's agreement, but on the other hand it's Oracle that won't take the patch and haven't fixed the bug.
[14:04] <rbasak> Combined with them not providing security patches.
[14:05] <mdeslaur> rbasak: while that's a good discussion for the dev release, it doesn't change anything with regards to the stable releases that I have to update in the next couple of days
[14:05] <rbasak> mdeslaur: understood. If you're still unhappy, I think we should reconsider carrying the patch.
[14:06] <mdeslaur> adding these patches to trusty means every three months for the next 4 years the patches need to get rebased and tested on the latest mysql version
[14:07] <dannf> mdeslaur: until oracle releases an update with a proper fix, yeah - which they are working on
[14:07] <mdeslaur> right
[14:08] <mdeslaur> ok, so here's the plan: 1- rbasak please find someone in the sru team to release the packages currently in -proposed ( mysql-5.5/trusty, mysql-5.5/utopic and mysql-5.6/vivid)
[14:08] <mdeslaur> either today or tomorrow
[14:09] <mdeslaur> that way, those will be available for ppc64el nd arm64
[14:09] <mdeslaur> I will prepare updates for the new versions with the patches
[14:09] <mdeslaur> If they apply, fine, if they don't, I'll ping dannf
[14:10] <mdeslaur> I may publish the updates anyway, just not for the two archs that FTBFS
[14:10] <dannf> mdeslaur: can you point me at the new release/patches/whatever, so i can look at the risk ahead of time?
[14:10] <mdeslaur> depending if dannf can quickly get me updated patches
[14:10] <mdeslaur> dannf: that would be the 5.5.44 and 5.6.25 new upstream versions from mysql's site
[14:10] <dannf> rbasak: arges approved the srus, i can ask if he'll flush -proposed for us
[14:11] <rbasak> OK. I'd like to delegate chasing the SRU team to dannf, if dannf you're OK with that.
[14:11] <rbasak> Though, this assumes that mdeslaur you're happy with this situation.
[14:11] <rbasak> If you're not and think we should reconsider carrying the patches in the first place, then we should do that before releasing the SRUs.
[14:11] <mdeslaur> well, I can't say I'm happy with the situation...this definitely makes things more complicated, and has a chance of regression users of those archs
[14:12] <mdeslaur> but if those archs are broken anyway...
[14:14] <mdeslaur> if dannf and/or his team are willing to drop everything when a security notice is published to get the patches working for a new version within a day or two, then that's fine
[14:15] <rbasak> I take the view that the patches can't be allowed to hold up security updates for the other architectures, and nor can we expect mdeslaur's team to fix it.
[14:15] <rbasak> So that means dannf's team gets the opportunity to fix it when necessary, or if not, then the affected architectures regress.
[14:15] <dannf> i can't commit anyone else from my team - but, unless i'm unreachable, i can commit myself to that
[14:16] <Luke> hey guys, I have a service i'm making that can have multiple instances running on the same box. how should i represent that in systemd?
[14:16] <rbasak> Luke: http://0pointer.de/blog/projects/instances.html
[14:17] <Luke> rbasak: wow thanks
[14:17] <Luke> that was fast
[14:17] <Luke> rbasak: I hope this wasn't the first google result ;-P
[14:17] <rbasak> Luke: https://encrypted.google.com/search?hl=en&q=systemd%20multiple%20units
[14:17] <Luke> haha
[14:17] <rbasak> But you do need to know what terms to Google for :)
[14:17] <mdeslaur> rbasak, dannf: ok, so we're on the same page?
[14:17] <Luke> i didn't think "instance" was the right word
[14:18] <dannf> it would be nice if we had a way to at least not release broken builds on those archs in the situation that we can't. i'd hate to knowingly release broken builds to someone's stable environment
[14:18] <Luke> rbasak: instance brings up the same first result /me is embarrassed
[14:18] <Luke> ty
[14:19] <rbasak> dannf: I suppose the patches could FTBFS and then users will be held back on that arch. But we'd need to check what the Arch: all packages do in terms of versioned dependencies.
[14:19] <mdeslaur> dannf: is there a quilt trick to get it to apply the arch specific patches to see?
[14:19] <mdeslaur> rbasak: oh, argh, I didn't think about the Arch: all
[14:19] <rbasak> dannf: but that also means that affected arches will never get a security update. So which is worse?
[14:20] <dannf> mdeslaur: ln -s debian/patches/arch-specific/patches-arm64 patches-amd64
[14:20] <dannf> rbasak: tough to say in general - one is definitely going to break them though, the other (security) is status quo
[14:21] <dannf> but security could certainly be worse in some situations of course
[14:21] <dannf> and w/ mysql, we don't really know what the security issues are :(
[14:21] <rbasak> Maybe the fact that we're considering this should mean that we shouldn't carry the patch and consider MySQL broken on the affected arches until an upstream fix arrives.
[14:22] <rbasak> I'm seriously reconsidering my position here.
[14:22] <dannf> rbasak: that feels like we're saying x86 is more supported than other archs, which isn't what we communicate
[14:23] <mdeslaur> it's quite unfortunate that this is with the mysql package...pretty much any other package in the archive where we can backport security fixes this wouldn't have been an issue
[14:23] <dannf> if there was corruption in an LTS main package on x86, wouldn't we carry a patch?
[14:23] <rbasak> dannf: I feel like we're saying that in the case of Oracle MySQL, upstream policies mean that for us to keep it in main arches are supported only as well as upstream support them.
[14:24] <rbasak> dannf: for src:mysql-*, I'm not sure, because of upstream policies it's a special case.
[14:24] <rbasak> It only remains in main because upstream has a good track record on this (until now).
[14:24] <rbasak> http://www.ubuntu.com/about/about-ubuntu/conduct - "We expect participants in the project to resolve disagreements constructively. When they cannot, we escalate the matter to structures with designated leaders to arbitrate and provide clarity and direction."
[14:25] <rbasak> I'm tempted to say that we're getting to the point where we need a TB decision in order to be decisive.
[14:25]  * dannf feels like we have a working model (dannf will port) and a backup plan (will drop patches) - i don't see why dropping those patches would be better, unless there's no reasonable grace period to give me to port
[14:26] <dannf> counter argument is that right now we don't have working packages on those archs - but i don't know that that is obvious to any users. the builds are there.
[14:26] <dannf> they will just secretly eat your data
[14:26] <mdeslaur> right, that is why I'm conflicted
[14:27] <rbasak> 1) I don't like the bus factor in that. I feel that we should have a team commitment to port the patches.
[14:28] <rbasak> 2) Falling back to the backup plan means regressing users, who might elect to use an alternative if they know in advance, rather than receiving a regression. So the existence (and need for) the backup plan gives me doubt. Are the chances of needing it great enough that we shouldn't consider builds on these arches to be usable?
[14:28] <dannf> i'm sure we can get others on my team to commit to the raw porting - my only concern is w/ the actual packaging
[14:30] <mdeslaur> dannf: ideally someone on your team would maintain a tested PPA for each new upstream version of mysql with the patches applied, and tested
[14:30] <dannf> and i should be open to my potential conflict of interest - i'm paid to support arm64 customers who want to deploy this
[14:30] <mdeslaur> so when oracle's quarterly security advisory goes out, I can pluck the updated patches out of the PPA
[14:31] <dannf> mdeslaur: that seems reasonable
[14:32] <rbasak> Aren't a significant proportion of upstream releases from security advisories (ie. not available earlier)?
[14:32] <mdeslaur> seems to me they come out earlier than the security advisories
[14:32] <mdeslaur> I'm trying to find that out now
[14:33] <rbasak> Even though we had the MRE approved, I've not had the time to keep up to date with new upstream releases.
[14:33] <mdeslaur> 5.5.44 came out on 2015-05-29
[14:33] <mdeslaur> and they published the security advisory for it this week
[14:33] <dannf> is there an announce list for new releases?
[14:34] <rbasak> Ah, so they release first and then tell people what security fixes (if any) were in it six weeks later? I didn't realise that.
[14:35] <rbasak> If that's true then it seems to me that if we did keep up with the MREs then you'd just need to pocket copy to -security
[14:35] <mdeslaur> I'd have to rebuild in -security
[14:36] <rbasak> Ah, OK
[14:36] <rbasak> So...does this mean that dannf's team will do the MREs for us? :)
[14:36] <mdeslaur> heh
[14:37] <mdeslaur> IT'S A TRAP!
[14:37] <mdeslaur> ;)
[14:37] <rbasak> :)
[14:37] <rbasak> It does seem like the logical conclusion though!
[14:38] <mdeslaur> dannf: sorry for making this seem complicated, but this sort of thing has happened before...and while everyone has good intentions, at some point down the road when code gets refactored, nobody has time to do the work anymore
[14:39] <mdeslaur> and that's when we're stuck with the hard decision
[14:39] <mdeslaur> so I just want to make sure we're on the same page if it comes to that and we do need to regress our users
[14:39] <dannf> mdeslaur: right, part of our agreement here was to make sure we had a long term plan - i.e., oracle will care/provide a fix. we have that commitment, but no ETA
[14:39] <mdeslaur> oh, that's good news
[14:40] <dannf> we've got them hw to test with, etc - we're poking them about status today
[14:41] <mdeslaur> ok, I wasn't aware that there was a commitment there...that definitely alleviates my concern a bit to know that these could possibly be upstream in the next few versions
[14:43] <dannf> as for us doing MREs - i don't think that's necessarily a bad idea for this period. of course, if builds/tests fail for unrelated reasons, that's something we'd need help with
[14:44] <dannf> though i'm still not sure on how to get informed about a new release
[14:44] <rbasak> I'd expect my team to help with anything MRE related, though priority would be up to my manager.
[14:44] <rbasak> (and thus time)
[14:44] <mdeslaur> ok, so the patches do apply to the new 5.5 and 5.6
[14:44] <rbasak> As for being informed about a new release, I don't really know either.
[14:45] <rbasak> Perhaps we should set something up to watch uscan.
[14:45] <rbasak> That'd be useful for other packages too.
[14:45] <mdeslaur> yeah, or script something to monitor dev.mysql.com
[14:45] <mdeslaur> perhaps there's a mailing list, I'm not sure
[14:46] <dannf> i can ask oracle
[14:49] <dannf> rbasak: mdeslaur: at this point, are you both ok w/ me asking sru-team to push those updates out?
[14:49] <rbasak> dannf: I wonder if it's an idea to write out what we've agreed first to make sure that everyone is in agreement?
[14:50] <mdeslaur> yeah, adding a comment to the bug to state what we've agreed would be ideal
[14:50] <mdeslaur> once we've stated it here
[14:50] <rbasak> Maybe start in a pad to avoid confusing updates in the bug.
[14:51] <mdeslaur> right
[14:51] <dannf> sure. 1) dannf's team will figure out how to be notified of micro releases and maintain a ppa of test builds that we use to validate on arm64
[14:51] <dannf> oh, pad is fine
[14:52] <mdeslaur> rbasak: do you have a pad?
[14:53] <rbasak> mdeslaur, dannf: http://pad.ubuntu.com/mysql-arm64-corruption-patch
[14:53] <rbasak> (I just created it)
[14:56]  * rbasak wonders why everyone is a shade of pink today
[14:58] <dannf> btw, i'll run this by my manager this morning to make sure we can deal w/ the bus factor
[14:58] <dannf> mdeslaur, rbasak and are these updates always quarterly?
[14:58] <mdeslaur> dannf: the security notices are quarterly
[14:58] <mdeslaur> dannf: the mysql updates happen at any time I believe
[14:59] <mdeslaur> ie: there can be 2 updates between security notices
[14:59] <dannf> ok
[14:59] <mdeslaur> so you can plan when you're going to update your PPA, as long as it's done before the security notice is published, which is usually at a pre-determined date
[14:59] <mdeslaur> does that make sense?
[15:00] <dannf> mdeslaur: yes. is there a security notice list, or should i ask oracle about that too?
[15:00] <mdeslaur> dannf: http://www.oracle.com/technetwork/topics/security/alerts-086861.html
[15:00] <mdeslaur> the dates, and the notices are listed there
[15:00] <mdeslaur> no next date is 20 October 2015
[15:01] <rbasak> So arm64/ppc64el users are at some risk of regression as it's not an upstream patch. Should we release note this?
[15:01] <rbasak> (although of course it's going into Trusty too, for which release notes are already published)
[15:02] <mdeslaur> dannf: so _if_ a new version is published at the same time as the security notice (I don't think that happens), is a 2 day delay enough?
[15:03] <mdeslaur> rbasak: hrm, is changelog not enough?
[15:03] <mdeslaur> rbasak: not sure where else to put it
[15:04] <rbasak> mdeslaur: changelog will have to do I guess. My thought is to inform users of the risk _before_ it happens.
[15:04] <rbasak> (as it might affect DB or platform choice)
[15:04] <mdeslaur> rbasak: if we do have to drop the patches, we can add a notice to the USN text
[15:04] <rbasak> That would certainly be useful.
[15:05] <dannf> mdeslaur: i suspect a 2 *working day* delay would be enough
[15:05] <mdeslaur> rbasak: ok, added to pad
[15:05] <mdeslaur> dannf: ah, right, that's what I meant, I'll clarify
[15:09] <mdeslaur> I'm satisfied, are you rbasak, dannf?
[15:09] <dannf> +1
[15:09] <rbasak> +1
[15:09] <mdeslaur> awesome
[15:10] <mdeslaur> I'll add the info to the bug
[15:10] <jdstrand> I'm sorry I was in a meeting
[15:10] <mdeslaur> dannf: is the mention of your commitment from oracle in the pad an issue?
[15:10] <dannf> mdeslaur: let me confirm w/ my manager first, if that's ok - should be within this hour
[15:10] <jdstrand> can someone tell me why the patches aren't upstreamable? certainly, upstream would want these to work well on those archs?
[15:10] <jdstrand> (speaking of mysql)
[15:10] <mdeslaur> dannf: yes, definitely
[15:10] <rbasak> jdstrand: the patch author declines to sign Oracle's agreement.
[15:10] <jdstrand> who is the patch author?
[15:11] <dannf> jdstrand: mariadb devs
[15:11] <jdstrand> meh
[15:11] <mdeslaur> jdstrand: it's a licensing issue, but dannf's team does have a commitment from Oracle to fix the issue themselves
[15:11] <jdstrand> is there an upstream bug with mysql so they can clean room patch it?
[15:11] <jdstrand> ok
[15:11] <mdeslaur> jdstrand: yes, there's a bug
[15:11] <rbasak> http://bugs.mysql.com/bug.php?id=76135
[15:11] <jdstrand> so this situation is 'temporary'
[15:11] <dannf> jdstrand: yes, and they have engaged - but i don't know the status, we're asking today
[15:12] <jdstrand> alright, whatever you've come up with between you and mdeslaur is fine with me
[15:12] <mdeslaur> jdstrand: are you ok with what's in the pad?
[15:12] <jdstrand> I just wasn't clear on that point
[15:12] <jdstrand> can you paste the link?
[15:12] <mdeslaur> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch
[15:12] <rbasak> http://pad.ubuntu.com/mysql-arm64-corruption-patch
[15:12] <mdeslaur> http://pad.ubuntu.com/mysql-arm64-corruption-patch
[15:12]  * jdstrand reads
[15:12] <rbasak> Did you get that?
[15:13] <rbasak> It's http://pad.ubuntu.com/mysql-arm64-corruption-patch :-P
[15:13] <mdeslaur> hehe
[15:13] <jdstrand> wait, what was the link?
[15:13] <jdstrand> :P
[15:13] <rbasak> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch :-P
[15:14] <mdeslaur> jdstrand: http://pad.ubuntu.com/mysql-arm64-corruption-patch
[15:14] <jdstrand> ah, right. thanks! :)
[15:14] <mdeslaur> hehe
[15:14] <mdeslaur> nerd humour
[15:14] <jdstrand> do we have an idea of when Oracle will fix it? eg, is there a reasonable expectation that it will be fixed for next quarter's update?
[15:15] <jdstrand> I agree with the agreement :)
[15:16] <jdstrand> please put it in the sru bug so they are aware too
[15:17] <mdeslaur> jdstrand: yes, that is the intention, as soon as dannf's manager signs off on it
[15:17] <jdstrand> great
[15:27] <teward> rbasak: incoming PM, unrelated
[16:06] <dannf> mdeslaur, rbasak, jdstrand : andrewc added some CYA text to the top, but otherwise approves. can we retroactively add this to the trusty release notes?
[16:07]  * rbasak scrolls back to find the link
[16:07] <rbasak> dannf: you might need to s/we/ with something to make it clear.
[16:08] <rbasak> I don't know whether retroactively changing the release notes is a thing
[16:08] <rbasak> There are point release release notes though
[16:08] <rbasak> Maybe a question for the release team.
[16:08] <dannf> ok
[16:09] <rbasak> I think it does make sense to alert users to the issue through the release notes in principle
[16:10] <dannf> so maybe just queue it up for the next point release if it hasn't been fixed properly by then
[16:10] <rbasak> I'll ask in #ubuntu-release
[16:37] <rbasak> jcastro: FYI https://lists.ubuntu.com/archives/technical-board/2015-July/002125.html thanks to teward
[16:39] <jcastro> git comm\o/
[16:39] <jcastro> whoops, I mean, yay! \o/
[16:39] <teward> lol
[16:39] <teward> jcastro: copy-paste fail? :P
[16:39] <jcastro> indeed
[16:40] <jcastro> more like window focus fail
[16:40] <jcastro> we really need a focus-follows-eyes window manager
[16:40] <teward> :P
[16:41] <teward> or direct neural communication with systems
[16:43] <teward> in any case this is up at the TB now, so we can only hope at this point :P
[16:45] <rbasak> Don't worry, the TB are on our side. They want Ubuntu to continue to be awesome too :-)
[16:46] <mdeslaur> dannf: cool, can I paste that into the SRU bug?
[16:47] <dannf> mdeslaur: yeah
[16:48] <mdeslaur> thanks dannf, rbasak!
[16:49] <dannf> rbasak: btw, is there an existing PPA/group that makes sense for these pre-release builds, or should i just shove one under ~ce-hyperscale?
[17:04] <rbasak> dannf: there's https://launchpad.net/~mysql-ubuntu
[17:04] <rbasak> dannf: however that isn't Canonical only, so I don't think we can get a devirt PPA there.
[17:05] <rbasak> I'm not sure of the current status of virt/scalingstack builders for arm64 and ppc64el. Might be worth enquiring.
[17:34] <Stuxnet> Hi all, newbie here, simple question. I access my server via ssh. When I first started I did the manual username/password and I would always get the default MOTD. Now I login by key authentication and no more MOTD. I even went into sshd_config and changed PrintMOTD to 'yes'. It prints last login but not MOTD. What gives?
[17:36] <Stuxnet> As a side note I've been doing key based login for a while now and I just happened to notice that I miss the motd.
[18:09] <pmatulis> Stuxnet: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/543767
[18:12] <Stuxnet> Oh okay well at least I know it's a bug. Why is it expired? Can it be reported again?
[18:13] <Stuxnet> I'm reading...
[18:14] <pmatulis> Stuxnet: just add a comment of your own. it doesn't seem right to me. i presume you are running 14.04?
[18:15] <pmatulis> Stuxnet: as a workaround you can always call motd from your init shell files. the bug mentions how
[18:17] <Stuxnet> Yes 14.04. I think I found the problem, about to test...
[18:18] <Stuxnet> Okay so
[18:18] <Stuxnet> I had to set UsePAM to yes in sshd_config and now it prints the motd
[18:19] <Stuxnet> Apparently the motd is generated with PAM
[18:20] <Stuxnet> These guys say that as long as challenge response authentication and password authentication are set to no and public key authentication is set to yes then it's fine
[18:21] <Stuxnet> Thanks guys!
[18:30] <pmatulis> Stuxnet: ok, i read it too quickly then
[18:36] <slowe> I'm using an internal mirror of Ubuntu 14.04 (amd64 architecture only), and I'm finding that I have to run "dpkg --remove-architecture i386" in order for things to work on 64-bit installs of Trusty. Is this expected? If so, is there a setting/way to automate this?
[18:36] <patdk-wk> yes
[18:36] <patdk-wk> there are 32bit packages required for some things
[18:37] <patdk-wk> so to mirror only the 64bit packages would cause an issue
[18:37] <slowe> patdk-wk: Can you elaborate on the required 32-bit packages?
[18:37] <patdk-wk> well, I have lots of 32bit that is required for my usage
[18:37] <patdk-wk> due to using 32bit compiled software on my 64bit system
[18:38] <slowe> patdk-wk: Let's assume that I'll only be using 64-bit software (these are stripped down server builds). Does that change the picture?
[18:39] <slowe> patdk-wk: Or is that assumption flawed? In other words, is it not possible to use only 64-bit software/packages on a typical Ubuntu Server build?
[18:40] <patdk-wk> you must have done something
[18:41] <patdk-wk> my desktop machine and some of my servers have a mixture of 64 and 32bit installed
[18:41] <patdk-wk> but my servers that I don't run outside binaries on, my pure basic ones true open source ones
[18:41] <patdk-wk> are purely 64bit
[18:41] <patdk-wk> dpkg --print-foreign-architectures
[18:41] <patdk-wk> that command says i386 on my desktop
[18:41] <patdk-wk> but normally nothing on my servers
[18:42] <patdk-wk> meaning only 64bit packages are installed
[18:42] <slowe> patdk-wk: When I run "dpkg --print-foreign-architectures" on the server(s), the result is empty (meaning only 64-bit packages are installed).
[18:42] <patdk-wk> dpkg -l will also show you what packages are i386
[18:43] <slowe> patdk-wk: However, when I try to use the amd64-only internal mirror, it will fail until I run "dpkg --remove-architecture i386". This is even though "dpkg --print-architecture" returns *only* "amd64".
[18:43] <patdk-wk> are you sure that is right?
[18:43] <patdk-wk> for me I get
[18:43] <patdk-wk> dpkg --remove-architecture i386
[18:43] <patdk-wk> dpkg: error: unknown option --remove-architecture
[18:44] <teward> patdk-wk: it's in the manpage
[18:44] <slowe> patdk-wk: This is 14.04.2
[18:44] <patdk-wk> I was on 12.04 by accident :)
[18:44] <slowe> patdk-wk: No worries :-)
[18:44] <teward> patdk-wk: https://pbin.dark-net.net/view/raw/3d72be32 <--- just for the future :)
[18:45] <patdk-wk> dpkg --remove-architecture i386
[18:45] <patdk-wk> dpkg: warning: cannot remove non-foreign architecture 'i386'
[18:45] <patdk-wk> that one is still running 14.04.0
[18:45] <slowe> patdk-wk: That's what I just got, but I'd already run it once, so I'm guessing the command isn't idempotent and tries to do something again.
[18:45] <patdk-wk> I should update it, it's just my source code repo, behind lots of firewalls :)
[18:46] <patdk-wk> well,I have never run that command before
[18:46] <patdk-wk> so by default atleast, i386 is not installed
[18:46] <slowe> patdk-wk: In any case, do you know of any file/setting that is modified by that command that I could track? This would allow me to use Ansible to run that command and then track if the command has been run before.
[18:46] <patdk-wk> you must have pulled something in, like say, java
[18:47] <patdk-wk> I don't know
[18:49] <slowe> patdk-wk: I'm using a plain jane Vagrant box I built myself using a standard Ubuntu Server 14.04 installation. I'll dig in a bit more---thanks for your help.
[18:50] <patdk-wk> updated to 14.04.2, still no i386
[18:51] <patdk-wk> 1190 packages installed
[18:51] <patdk-wk> mine are build using the normal, minimal-install virtual machine option, from the iso's
[18:59] <jrwren> slowe: you can answer this yourself by running strace and seeing which files dpkg --remove-architecture i386 removes.
[18:59] <jrwren> slowe: I used to rm -f /etc/dpkg/dpkg.cfg.d/multiarch to do the same thing.
[19:00] <slowe> jrwen: Thanks, I'll give strace a go. /etc/dpkg/dpkg.cfg.d/multiarch doesn't exist on these systems, though.
[19:02] <jrwren> slowe: did you already run dpkg --remove-arch... on those systems?
[19:03] <slowe> jrwen: Nope. This is on a fresh instance of a Ubuntu 14.04 Vagrant box, and "dpkg --print-foreign-architectures" does report "i386".
[19:04] <jrwren> slowe: Ok, thanks.
[19:04] <slowe> jrwen: However, I see a package called "multiarch-support"...going to try removing that to see if that does anything. (This is a Vagrant box, so no big deal if it blows up.)
[19:05] <slowe> jrwren: That won't work. Wants to remove most of the packages on the system. :-)
[19:08] <patdk-wk> how did you install?
[19:08] <patdk-wk> minimal install? or just normal?
[19:08] <patdk-wk> I can't think of anytime I have done a normal, non-minimal install
[19:09] <slowe> Found it...dpkg architectures are stored in /var/lib/dpkg/arch, each architecture on a separate line.
[19:11] <slowe> Removing "i386" from that line fixes the original issue AFAICT (internal amd64-only mirror works as expected with no errors). Now to automate this with Ansible...
[19:18] <jrwren> slowe[away]: works for me. I do it very often.
[19:22] <jrwren> slowe[away]: why the desire to remove foreign arch?
[19:38] <tgeek> Anyone here ever seen /dev/sda as "hp ilo internal sd-card".  I can't get kickstart to install lvm correctly because it always wants to install it there even when I tell it to install it to /dev/sdb which is my hdd.
[19:38] <bekks> Yes, almost every of our servers behaves like that.
[19:38] <tgeek> what's your workaround?
[19:39] <bekks> Either pull the sd card, or install to the /dev/cciss/ raid controller logical volumes you created before.
[19:40] <tgeek> that's nto exactly what I wanted to hear, but I appreciate the help.  Looks like a trip to the datacenter tomorrow.
[19:41] <bekks> I assume you have no raid controller then?
[19:42] <tgeek> I'm not really sure how to point it to /dev/cciss/.  Should I define that in the kickstart file?
[19:53] <tgeek> I'm doing a network install now without any automation.  In the beginning I did a rmmod usb_storage and when it came to the partition section, it didn't see it.  I'm going to try to incorporate that into the automated kickstart file.
[20:02] <slowe> jrwren: Sorry, had to step out for a bit. Need to remove foreign arch because internal amd64-only mirror won't work otherwise (apt-get reports can't find binary-i386 packages).
[20:03] <sarnold> slowe: did you try prefixing your apt entries with e.g. deb [arch=amd64] http://....  ?
[20:03] <slowe> sarnold: In sources.list?
[20:03] <sarnold> slowe: yeah
[20:04] <sarnold> https://wiki.debian.org/Multiarch/HOWTO
[20:05] <slowe> sarnold: No, hadn't tried that. Will give that a try! Is there a strong advantage one way or the other?
[20:06] <bekks> tgeek: First, make sure you have the required hardware :)
[20:06] <tgeek> I do
[20:07] <bekks> Then remember to create a logical volume on your raid controller before installing an OS.
[20:07] <bekks> Or automate it, using kickstart and an external script.
[20:07] <sarnold> slowe: heh, no, this was the easier way I found for dealing with a similar problem
[20:08] <slowe> sarnold: Fair enough :-)
[20:08] <sarnold> slowe: though perhaps it's nice i fyou've got multiple deb sources, and one of them is e.g. amd64 only, but your system still needs the 32 bit stuff from other mirrors
[20:08] <slowe> sarnold: Sure, that makes sense
[22:35] <Luke> anyone know how to start a systemd user service as a non-root user?
[22:44] <teward> anyone ever hear of a server randomly stop logging to syslog?
[22:44] <teward> or dmesg
[22:46] <ianorlin> teward: I have not
[23:01] <teward> ianorlin: nor have I, it's new to me to see that
[23:01] <teward> meh, not super important since all that's there is bind9
[23:08] <patdk-lap> you can't stop logging to dmesg, that is just not possible
[23:08] <patdk-lap> unlessthe kernel crashed
[23:08] <patdk-lap> now not logging to syslog is simple
[23:08] <patdk-lap> don't have syslog running, or have a read-only filesystem
[23:08] <patdk-lap> or bad permissions, or
[23:16] <sarnold> or a race condition between the log rotation and the logging system closing and opening the new file -- see if the logs are going to the .0 or .1 file instead
[23:20] <patdk-lap> yes, but still the *dmesg* command should always work
[23:20] <patdk-lap> dmesg log, totally different story
[23:22] <sarnold> yeah, dmesg should always work, but the benefit there is only the kernel gets to write to it :)
[23:22] <patdk-lap> yes
[23:46] <teward> patdk-lap: no dmesg either, which is REALLY odd
[23:46] <teward> and i rebooted the server just in case
[23:47] <teward> so maybe it's a perms problem
[23:47] <patdk-lap> the dmesg command?
[23:47] <teward> no output
[23:47] <teward> nor did /var/log/dmesg have anything
[23:47] <teward> which was really od
[23:47] <teward> odd*
[23:47] <patdk-lap> well /var/log/dmesg would be expected
[23:47] <patdk-lap> if syslog isn't working
[23:47] <teward> would the `dmesg` command still output?
[23:48] <patdk-lap> it should
[23:48] <teward> and if it doesn't
[23:48] <patdk-lap> unless something like /dev was messed up
[23:48] <teward> should i drop a nuke on the server?
[23:48] <patdk-lap> or apparmor gone nuts
[23:48] <teward> wouldn't put it past this VPS image
[23:48] <teward> but it was doing those before
[23:48] <patdk-lap> it's a vps?
[23:48] <teward> openvz but yes
[23:48] <patdk-lap> oh probably shouldn't work then
[23:48] <teward> heh
[23:48] <teward> i know syslog was working though
[23:49] <teward> because bind9 would report there
[23:49] <patdk-lap> ya, that is different and *probably* easy to fix
[23:49] <patdk-lap> openvz I haven't used for a long time
[23:49] <patdk-lap> but it likely doesn't allow dmesg usage, cause you don't own the kernel
[23:49] <patdk-lap> the provider does
[23:49] <teward> mhm
[23:49] <teward> i'm not horribly worried about it, i could tell bind9 to log to a file instead of syslog but i'm lazy
[23:50] <patdk-lap> I could be wrong, never used openvz much, but it does block lots of kernel things
[23:50] <sarnold> openvz may force kernel.dmesg_restrict=1 in their containers..
[23:53] <teward> sarnold: quite possible.  i'm looking to put bind9 to a file rather than syslog where i can, now, since that's really the only log I care about