=== Lcawte is now known as Lcawte|Away
=== InfoTest1 is now known as InfoTest
=== waspinator_ is now known as waspinator
hallynzul: ping, pls to comment on bug 151336704:55
ubottubug 1513367 in libvirt (Ubuntu) "qemu-system-x86_64/kvm-spice failed to boot a vm with appmor enabled" [High,New] https://launchpad.net/bugs/151336704:55
=== cpaelzer_ is now known as cpaelzer
nayKangNFS client cause high load average low cpu usage08:12
=== Lcawte|Away is now known as Lcawte
lordievaderHigh IO-wait?09:29
=== _ruben_ is now known as _ruben
zingz0rI'd like to backup my server with rsync and I like to know which folders should i backup before upgrade server?11:42
=== Downtime is now known as Uptime
rbasakzingz0r: I would back up *everything*. Makes a rollback really easy.11:50
rbasak(well, relatively)11:51
rbasakzingz0r: see /proc/mounts and the rsync -x option.11:51
rbasakYou'll want to grab every real filesystem on your system, but not the virtual ones.11:51
zingz0rthank you11:54
hateballzingz0r: fwiw, I tend to clone the entire disk (clonezilla) before making big changes. Or snapshot if virtual12:19
hateballless headache than missing that one vital file12:19
zingz0rrsync -aAXv --exclude={"dontneeded folders","1","2"} /* /backup12:21
zingz0rits okay? dsnt?12:21
lordievaderzingz0r: You could also checkout dirvish, it uses rsync underneath.12:44
coreycbjamespage, can you promote ceilometer from trusty-kilo-proposed?  testing is complete.13:01
coreycbjamespage, can you also promote python-saharaclient from trusty-liberty-staging?  testing is  complete for that too.13:01
jamespagecoreycb, ack on it now13:44
AtuMwhen will Ubuntu get teaming for network? I can't find packages for "libteam" or "teamd".. but I can create a team using ip tools..13:47
dw1aww ye13:50
rbasakcpaelzer: in https://git.launchpad.net/~ubuntu-server/dpdk/commit/?h=ubuntu-xenial&id=b5b9a5d95a9ee17fff1642f41c78e112a0aabbc4 why add /usr/bin to the PATH if the goal is to avoid dependency on /usr?13:55
rbasakAtuM: back in April, apparantely. https://launchpad.net/ubuntu/+source/libteam13:57
rbasakNo idea if it works though.13:57
AtuMI've tried to install in on 14.04.3.. probably need to wait for the next lts14:08
rbasakWell, 14.04 was released before last April.14:11
rbasakIf you don't want to update to the latest release (understandable for LTS-ness), then a consequence is that you don't generally get to enjoy the latest features.14:12
cpaelzerrabasak, sorry for prematurely pressing enter :-)14:14
cpaelzerrbasak, the intention after some disussion was to avoid the same bug showing up again in case one doesn't remember some day and adds a piece to the init script14:15
rbasakcpaelzer: is there any way we can test directly instead, say using dep8?14:16
cpaelzerrbasak, the reason why we not "just added the path" alone was that others suggested /usr could not be mounted in rare cases14:16
cpaelzerrbasak, once we have a way to safely derive all binaries called from a shell script the rest would likely be easy14:18
rbasakcpaelzer, smb: would it be possible to have a dep8 test that requires virt isolation, checks that there is exactly one mount, restarts the service and checks that there is exactly one mount again?14:19
smbrbasak, maybe...14:21
cpaelzerrbasak, but that test would only cover one specific symptom of the underlying issue14:26
rbasakcpaelzer: what's the underlying issue?14:26
cpaelzerrbasak, that referring to /usr/ binaries needs a PATH to there set, and even if it is it could sometimes break if /usr is not yet mounted at the time being executed14:27
rbasakcpaelzer: I disagree. I'd say that the underlying issue is that the service start is supposed to make sure that hugetlbfs is mounted, and it doesn't. That's the functionality expected, so we should test for that.14:27
rbasakcpaelzer: similarly we should test any other functionality we add in packaging if we can.14:28
cpaelzerrbasak, ok from a "function test" POV thats right14:28
rbasakcpaelzer: it's true that if /usr isn't mounted then that could fail14:28
rbasakAs in false negative14:28
rbasakAs the dep8 test won't be unmounting /usr14:28
rbasakAnd I admit that that is a case that probably isn't worth testing as it's too convoluted to test easily.14:29
rbasakBut we should be able to test the basic functionality.14:29
cpaelzerrbasak, from your suggestion I'd even say start with no hugepages mountpoint and execute the init sript two times14:29
cpaelzerit should be there after the first call14:29
cpaelzerand it should still be there but only once after the second14:29
rbasakYeah that would be fine. It depends on how you orchestrate the test.14:29
rbasakIf you add the package as a test dependency, then the test running framework will already have run the postinst and thus the init script once I think.14:30
rbasakOTOH you could choose not to list it as a test dependency and install it manually.14:30
cpaelzerrbasak, to sum things up for the review of smb's upload request - do you want us to add such a test before accepting it?14:36
rbasakcpaelzer: yes please.14:37
rbasakDoes that hold anything up?14:37
jamespagecoreycb, is the ceilometer update in vivid as well?14:38
smbrbasak, It holds up my getting rid of it for Xenial14:38
cpaelzerit holds up smb getting rid of it :-)14:38
cpaelzerand dpeending on how long it takes the MIR processing14:38
cpaelzerbut I guess they trust us when we say dependency gets remove14:38
smbcpaelzer, Also it becomes a little more complicated to properly do now that git is pushed with tags14:38
rbasaksmb: don't worry about the tag. It's nowhere official yet. You can delete the tag with git push --delete14:39
smbcpaelzer, More or less open a new version and create the upload in a way containing both version changelogs14:39
smbrbasak, also in lp git?14:39
cpaelzersmb, I really think this can just be another spin of ..ubuntu214:39
rbasaksmb: even in lp git. It's just a random repo currently, not official anything. Nothing git is officially tied to packages yet anyway.14:40
coreycbjamespage, no.  arges, can you promote ceilometer from vivid-proposed today?14:40
smbrbasak, for some reason I assumed lp git makes it hard to delete tags14:40
jamespagecoreycb, I normally gate on the main SRU process completing first...14:41
smbrbasak, if that is possible then it might be just a respin14:41
coreycbjamespage, yep, I'll ping you when it's in vivid-updates14:41
rbasaksmb, cpaelzer: everything else looks fine to upload in the current tree, assuming it all works. I haven't tried a test build to see the result of https://git.launchpad.net/~ubuntu-server/dpdk/commit/?h=ubuntu-xenial&id=0c85a8e0d245f7d0d32999489b088b559c40153e so I'm assuming it's OK too.14:41
smbrbasak, I did build the tree version14:41
smbrbasak, in both xenial and wily14:42
rbasaksmb: it's really easy to delete git tags. So yes you should be able to update the proposed ubuntu2.14:42
smbthough I won't backport the font change to wily14:42
smbrbasak, normal git yes, I just was not sure about lp's implementation there14:42
rbasaklp doesn't seem to object to any kind of force push.14:43
rbasakIt seems to work as if I had a remote ssh server with no surprises.14:43
rbasakThough it would be nice if I could restrict force push to team admins or something to prevent accidents.14:44
smbrbasak, ok, have not tried. maybe we use a stricter set of rules for the kernel. just remember hearing it being said to be hard. Not tried that either14:45
* smb wonders whether cpaelzer would volunteer for the dep8 thing since he did all the discussion on it already (and I am currently tied up in something else)14:46
* cpaelzer is willin to start a battle who is more tied up with smb14:49
cpaelzersmb is there an online app for drawing straws?14:49
* smb checks the appstore14:49
cpaelzersmb it seems it isn't today or tomorrow for either of us - lets discuss monday morning14:51
smbcpaelzer, maybe we can quickly sync on the busy state tomorrow and see14:51
smbor that14:51
cpaelzerwe can even make remote hangout straw drawing if we want14:51
jamespagecoreycb, saharaclient -> proposed for liberty14:51
coreycbjamespage, thanks14:52
rbasakroaksoax: it looks like freeipmi quite badly needs a merge this cycle. I know MAAS has been involved with it. Will this impact you?14:54
rbasakOr do you want to take on the merge?14:54
roaksoaxrbasak: no shouldn't impact me at all15:00
rbasakroaksoax: OK thanks15:00
=== Piper-Off is now known as Monthrect
rbasakmatsubara: around? I'm looking for the test case reviews I was asked to do but I can't seem to find them. The URLs from the meeting 404.15:16
matsubararbasak, they might have been deleted.15:22
matsubararbasak, would have to ask psivaa and om26er15:22
matsubararbasak, I asked psivaa in #ubuntu-devel.15:24
jgeHey guys, good morning. I'm trying to install a specific version of nginx with 'nginx=version' but I get a bunch of umet package dependencies, it will always try to install the most recent candidate version for dependencies. Any way of telling apt to grab the necessary versions to meet these dependencies without doing it manually?15:46
rbasakjge: installing old versions means that you're effectively opting out of security updates and installing a vulnerable deployment. Is that really what you want?15:51
rbasakjge: I'm not sure how exactly to get apt to do that, but adjusting pinning and scores might be able to achieve it, I'm not sure.15:52
jgerbasak: well, what I do is install the version I want then bring this version up to the most latest security version out there.15:56
jgeI only do security updates15:56
rbasakYou won't get security updates if you have to force apt around.15:56
teward^ that15:57
Yossarianukhi - in order to get mkhomedir with freeipa-client working in Ubuntu I have to edit the fie -> /etc/pam.d/common-session and add the line - session required      pam_mkhomedir.so  skel=/etc/skel umask=002216:00
Yossarianukthis is ok however is there a danger my change will be overwritten ?16:00
Yossarianuk (on a update, etc)16:00
Yossarianukts odd though - that file was brought in via the freeipa-client package (or dependency) but dpkg -S /etc/pam.d/common-session shows no package ...16:00
Yossarianukdpkg-query: no path found matching pattern /etc/pam.d/common-session16:00
Yossarianukwhy is that ?16:01
jgerbasak: so just to be clear, if I use apt-get install package=version and then try to use unatendded-upgrades with only security updates allowed it wont work?16:01
Yossarianuksame for ->  dpkg -S /etc/sssd/sssd.conf16:01
Yossarianukdpkg-query: no path found matching pattern /etc/sssd/sssd.conf16:01
jgeand by working I mean, will no longer get security updates16:01
Yossarianuk(these packages are in the default Ubuntu 14.04 repo)16:01
rbasakjge: I can only say that it may not work. I can't say for certain that it won't. But it isn't a supported path to use anything but the latest version of a package visible to apt.16:02
rbasakjge: if you have some reason to use an older version, then we should address that, rather than trying to plaster over it.16:02
rbasakYossarianuk: policy says that upgrades should never stomp on changes you make manually in /etc. However there could be a bug in implementation of course.16:03
rbasakYossarianuk: you may need to manually merge changes during an update though, since scripts can't generally automatically work out what you mean and apply that to a newer version of the file.16:04
=== rattking_ is now known as rattking
rbasakYossarianuk: not all files in /etc will be known by dpkg. There is default handling, but packages can also generate and manage files themselves in maintainer scripts and in that case dpkg doesn't see them.16:04
rbasakjge: put another way, security updates bump the version number to one higher than all previously published in a given series. So if there is some reason to have an old version, that is already lower than a future security update.16:05
rbasakjge: so it makes no logical sense to have an older version and also expect security updates.16:06
rbasakSecurity updates are applied on the latest version for a given series.16:06
jgerbasak: hmm ok, so how come I'm seeing this security update on the last version? https://zerobin.net/?a5b3111921fb5a1e#ovjqbTtQT0x62l64nqvirXQEVFVCGcNVGUrkEuIqTY4=16:10
tewardjge: trusty-security is the security updates16:11
tewardtrusty-updates is the 'updates' that happen to fix bugs16:11
teward(non-security in nature)16:11
tewardif you want only security updates then you should not have -updates enabled16:11
tewardbut you will miss bug fixes and other issues16:11
* teward would know the nature of that package since he is the 'maintainer' of it in Ubuntu now16:11
jgeYeah I'm aware of this16:11
jgei do not have updates enable, I use unattended-updates with security origins only allowed16:12
jgemaybe I'm not explaining myself all that good :D16:13
jgelet me try it again..16:13
rbasakjge: start with explaining why you are installing an older version.16:13
Yossarianukrbasak: thanks for the explanation16:13
Yossarianukstill unsure why the line isn't added by default -  it is in the Fedora/rhel packages.16:14
YossarianukI guess backing up the files regularly will be a good plan.16:14
rbasakYossarianuk: it's reasonable to expect that install a PAM module will enable it automatically. I'm not sure that's necessarily a good idea though; it's fraught with danger.16:15
rbasakAlso you might be installing a PAM module for a particular case but not want it in the general case, in which case adjusting common-session would be the wrong thing to do.16:15
rbasakFor example I use libpam-google-authenticator but only with ssh and not common-session.16:16
jgerbasak: I would like to keep a consistent version across all servers, I wouldn't like someone to build a server and just install the latest out there. This will cause different versioning of software cross our fleets, so my idea was to install a base version shipped with 14.04 LTS and then bring this version to the latest security version16:17
jgehope that makes better sense :(16:17
rbasakjge: that's a reasonable thing to want to do.16:17
Yossarianukrbasak: cheers again !16:17
rbasakYossarianuk: no problem! I hope that was helpful.16:17
rbasakjge: an easier way might be to install without -updates or -security enabled at all.16:18
rbasakjge: and *then* enable -security only if you wish.16:18
jgeyep that's what I currently do16:18
Yossarianukaside from having to modify that and /etc/sssd/sssd.conf (to add sudo to services) the ipa-client package works fine in the default ubuntu package (in 14.04 at least)16:18
rbasakSo then you shouldn't need apt to force versions?16:18
jgerbasak: thing is that when I build a new box, and use apt-get install nginx, it will always install the latest (candidate) version16:19
rbasakjge: not if it doesn't have -updates or -security enabled.16:19
rbasakjge: then it'll install the release pocket version only.16:19
rbasakjge: when I say "enabled", I mean "visible to apt via sources.list".16:20
jgerbasak: that's what I thought too, I did a fresh install last night and checked the candidate version and it has 3.3 as candidate16:22
jgewhich is the latest16:22
jgemaybe because I did a apt-get udpate?16:22
rbasakI don't think you have tuned your sources.list16:22
rbasakLook at the output of "apt-cache policy" and it'll tell you where it is picking up 3.3 from.16:22
rbasak3.3 is in trusty-updates only, therefore you must have it enabled.16:23
teward^ that16:23
teward(which is what I was saying xD)16:23
jgehmm ok, I see what you're saying16:24
jgelet me check16:24
tewardthough I strongly recommend using the version *in* updates... if only because there's a fairly huge initscript pidfile extraction fix16:25
tewardit didn't qualify as a security bug, but it was a fairly huge issue16:25
teward(lots of bugs on it)16:26
jgedamnit, I thought during the installation there was a prompt to turn updates off16:26
jgei have them enabled :*16:26
tewardjge: there's the problem then :)16:27
tewardthough keep in mind what I did just say - there's a pidfile extraction fix in the initscript, so if you have complex regex or such in the nginx configurations it can completely fail16:28
jgeYESSSS now i see candidate only coming from trusty-security which is the same version I have in production16:28
jgei'm wondering now why you would use unattended-upgrades with only security updates enabled, when you can just disable regular udpates on your sources.list?16:31
rbasakYou might want an attended update from -updates :)16:31
jgethat's true.16:33
jgeso now that only security updates are allowed, if I run "apt-get upgrade" on this box it will only do security updates correct?16:34
jgeor in this case candidate version from trusty-security16:34
tewardbut you won't be able to install from -updates, now16:36
tewardeven manually16:36
teward(because the system now doesn't realize there's items in that repository)16:36
jgerbasak, teward: you guys are great, thanks for your help.16:37
rbasakNo problem.16:39
tewardthat's what we're here for :)16:40
tewardrbasak: FYI: nginx merge stalled, i'm running into package conflicts that are headaches (the fact I have to do it from source packages directly rather than a nice VCS / UDD approach for it is causing headaches)16:40
tewardmanual pushes later won't be an issue, it's just the initial merge to the 1.9.x branches that're giving headaches :/16:41
rbasakteward: I use git: http://www.justgohome.co.uk/blog/2014/08/ubuntu-git-merge-workflow.html16:41
rbasak(for merges)16:41
tewardrbasak: thank you kindly!  (bzr != option because the Xenial code branches aren't available... which hampers those of us who use the UDD process)16:42
rbasakjcastro: ^17:09
rbasakteward: let me know if you need any help with that17:19
rbasakteward: the future will be dgit I think. See https://lists.ubuntu.com/archives/ubuntu-devel/2015-November/039010.html17:19
=== Monthrect is now known as Piper-Off
jgeso now I'm stuck with an ansible playbook which does not support "apt-get upgrade", only supports aptitude. Someone suggested using the "hold" parameter to achieve the same behavior, but I'm not familiar with aptitude. Anyone know how this can be done?17:29
=== thumper is now known as thumper-afk
=== thumper-afk is now known as thumper
grendal_primeok im trying to set up an email server..."zimbra" to be exact...i aparently have totally lost all understanding of how dns works?23:18
grendal_primethe zimbra server is behind a linux software router using iptables. I have opened ports 110 25 and995 and forwarded those ports to the zimbra server.23:19
grendal_primeI have pointed my mx record at netsol to my ip address23:20
trippeh_mx has to point to a name23:20
trippeh_then name points to ip address23:20
grendal_primewhen i run the config for zimbra it complains about DNS ERROR - none of the MX records for mail.mydomain.com resolve23:21
grendal_primeok..so if my domain is mydomain.com...and it points to the correct ip..23:21
quanticMX records cannot point to an IP. They must point to an A or AAAA record.23:21
tewardgrendal_prime: DNS entry: mail.mydomain.com A yourip23:21
tewardMX points to mail.mydomain.com23:21
tewardbut note if the IP is dynamic and on a residential provider you may get blacklisted23:21
tewardso then mail isn't sent/received23:22
teward(and your ISP may block as well)23:22
quantic(almost definitely.)23:22
grendal_primeoooo ok im pointing it to mail.mydomain.com and i just have an a record of mydomain.com23:22
tewardgrendal_prime: yeah, wheverver the MX points must resolve23:22
tewardfor example..23:22
grendal_primeno its b2b comcast23:22
quanticAlso, an MX record cannot point to a CNAME. It MUST be an A record.23:22
teward'b2b' = ?23:22
tewardquantic: or AAAA23:22
grendal_primecomcast built 4 business..23:22
quanticteward: I figured that was sort of implicit. :P23:23
grendal_primesorry b4b23:23
tewardquantic: :P23:23
grendal_primeif i run a test from http://www.websitepulse.com/help/testtools.mx-lookup-test.html it does resolve...werid23:23
quanticgrendal_prime: what's the domain name in question?23:23
grendal_primequantic sent to you prvt23:24
grendal_primecause its a secret...just kidding...23:25
quanticgrendal_prime: current records look OK.23:25
grendal_primeya i just changed them23:26
trippeh_local dns cache may be outdated then23:26
grendal_primenow here is the thing, it use to be a gmail hosted domain23:26
grendal_primeif i send something to that account now though and i log into it, it never comes through so im assuming thats not working anymore23:27
grendal_primeso the zimbra install is trying to resolve booksnmore.com but it is aparently unable to do so because it just comes back to say it cant do this.23:31
grendal_primeif i log into the box second ssh session and ping from there it resolves correctly ..23:32
grendal_primehost name of the email server would need to be "booksnmore.com" correct?23:32
grendal_primeso hosts file would be.... firstline 1127.0.0.1 localhost.localdomain localhost  second line booksnmore.com23:35
=== IdleOne- is now known as IdleOne
RoyKgrendal_prime: 1127.0.0.1 seems like a rather wierd address ;)23:46
grendal_primesorry two many 1s...thats its really just 12723:46
grendal_primezimbra gives examples of zimbra.booksnmore.com23:47
RoyKgrendal_prime: do you have a DNS entry for that server?23:47
grendal_primei have one for booksnmore.com23:47
RoyKgrendal_prime: then you should not need a hosts entry23:48
quanticRoyK: iirc, zimbra demands that they exist.23:48
grendal_primedo i need to create another a record of like...zimbra.booksnmore.com  and then point the mx record to that?23:48
RoyKquantic: yeah23:48
sarnolddoes zimbra demand that forward and reverse lookups need to match?23:49
RoyKsarnold: no23:49
* RoyK uses zimbra without a reverse23:49
grendal_primeok RoyK23:49
RoyKgrendal_prime: there may be more help in #zimbra - last I checked, zimbra isn't packaged with ubuntu23:50
grendal_primeso if i have booksnmore.com and it resolves for all other services..i should be able to make an mx record for just booksnmore.com correct?23:50
RoyKbooksnmore.com.7200INMX10 booksnmore.com.23:51
RoyKooks ok23:51
RoyKlooks ok to me23:51
grendal_primewhat do you use to check that by the way..23:51
RoyKdig mx yourdomain.com23:52
grendal_primeim using a service but i would like to just ping it somehow23:52
grendal_primeoh it is dig ok thanks23:52
grendal_primeok so at my router then i need to forward ports...25, 110  to the zimbra sever23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!