=== tyhicks` is now known as tyhicks
=== danwest is now known as danwest-holiday
=== m1dnight1 is now known as m1dnight_
vivek_hello all, is there a way to setup default quota limits for each new user that gets created in the system on ubuntu server?07:06
repozitoris there any idea why my firewall doesn't work?07:17
repozitori installed firewall-cmd and now it's status is running, rules are fine07:17
repozitorbut some denied port are open from outside of server07:17
repozitorfor example nmap show me 587 is open, but i expect firewall-cmd should deny it07:17
=== Lcawte|Away is now known as Lcawte
ankitkulkarniHey Guys, I have to create myown distributable ubuntu iso so that I can install it again on my own pc using a pendrive . I have tried distroshare, pinguy builder , remastersys(although not available now for 14.04)  . Iso are created but no luck in installing them . I created 14.04 iso , it was of 2.2 gb around but takes lot of time to install . Normal ubuntu would take only few minutes while the distroshare one takes hours to install . Any07:45
ankitkulkarnigood way to create small distributable iso from my current installation .07:45
ikoniaI'd look at what in the process is taking time to install and why07:57
ikoniaand define " a lot of time "07:57
ikoniaa default install is actually very small, and if you're installing 2.2GB media it will take longer07:58
ankitkulkarniikonia, yeah . "a lot of time "  is actually different when created with different method . From distroshare it takes almost 3+ hours to install the system .  With remastersys it stucked on choosing the install option .08:07
ankitkulkarniikonia, I will try to debug what process exactly is taking time08:08
lordievaderGood morning.09:35
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
=== dosaboy_ is now known as dosaboy
=== Lcawte is now known as Lcawte|Away
tewardanyone know a way to migrate a dovecot install completely from one server to another?15:31
tewardit's on an old 9.10 server, now, trying to migrate it to a 14.04 server, but i'm getting dovecot auth issues :/15:31
teward(and yes I know 9.10 is old, but i'm not asking for help with that part, merely migrating it to a 14.04 system)15:32
Montgalletmigrate dovecot to postfix possible too google search15:42
tewarderm, i'm trying to migrate dovecot -> dovecot15:43
coreycbjamespage, keystoneauth1 has an optional dependency on requests-kerberos as a plugin, which I'm considering moving to Suggests in d/control instead of MIRing python-requests-kerberos15:43
jamespagecoreycb, that sounds sensible15:43
coreycbjamespage, ok15:43
tewardMontgallet: what's unclear from the imapsync is whether I have to provide every single user's authentication to make it sync - if so, most of these have authentication that's not readily available - there's an in-house listserv solution that relies on this, so the passwords are stored internally, NOT readily able to be provided...15:44
coreycbjamespage, zul: can you add a team subscriber to python-senlinclient, python-openstacksdk, python-keystoneauth1?15:48
coreycbjamespage, thanks15:49
jamespagecoreycb, done15:50
coreycbjamespage, can you sponsor these uploads from the debian/mitaka branches?  http://paste.ubuntu.com/14401092/16:40
jamespagecoreycb, hey do we have a bug for the liberty point releases? I have a spare 1hr so could help with those updates if need be16:47
coreycbjamespage, ah thanks. let me check.16:48
coreycbjamespage, I don't think we have one yet16:48
rbasaknacc: o/16:57
naccrbasak: hey!16:58
rbasaknacc: so looking at bug 1318317, I first wondered what the intention was of the original author of the init script.16:58
ubottubug 1318317 in openipmi (Ubuntu) "openipmi startup script removes kernel modules" [High,Confirmed] https://launchpad.net/bugs/131831716:58
rbasaknacc: which led me to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614394 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539416 that suggest that it isn't packaged with an init script in Debian, so the bug relates to the functionality Ubuntu added and is missing from Debian.16:58
ubottuDebian bug 614394 in openipmi "Suggestion: init.d script and config file for openipmi" [Normal,Open]16:58
ubottuDebian bug 539416 in openipmi "debian/rules: debian/openipmi.init: added init-script." [Wishlist,Open]16:58
rbasaknacc: and you say that the init script comes directly from upstream?16:58
rbasakDoing some archeology, it looks like the init script was added by Ubuntu back in 2008! From https://launchpad.net/ubuntu/+source/openipmi/+changelog17:00
rbasaknacc: so usually I'd like to minimise our work in Ubuntu by coordinating with the original upstream source of anything we want to change, to see if we can do it there instead so we don't have to maintain being different from the world.17:01
rbasaknacc: in this case it sounds like nobody else is looking after the init script anyway, so I think it's fine for you to polish it up and we can upload that.17:01
naccrbasak: well, i think it came from upstream, at least? and has been since modified ... but they are too similar to not have a common parent, it seems like17:02
rbasaknacc: perhaps we should update to the latest upstream script then, assuming it works?17:02
naccrbasak: the last upstream change to impi.init was june 201017:02
rbasaknacc: and then fix the bug if necessary, and send upstream that patch?17:02
naccrbasak: i don't think it does ... but i can test it separately17:02
naccrbasak: upstream git vs. xenial: 34 insertions(+), 80 deletions(-)17:03
naccrbasak: but i see what you are driving at ... and that's why i sent an e-mail upstream17:03
naccbut crickets since; let me subscribe to that list and see if my e-mail was just ignored/lost17:03
rbasaknacc: thanks. As long as we do our best to contact upstream and send patches I think that's the best we can do.17:06
naccrbasak: yep, so ... would you prefer i fully cleanup the init-script? it seems to be logically a bit circuitous; or is it better to just make the minimal changes locally?17:09
rbasaknacc: I'm not sure there's much point in fully cleaning it up if upstream aren't responsive and aren't likely to accept it.17:09
jamespagecoreycb, gah - our charms will need updating to support a .117:09
jamespagethat decision lacked forsight...17:10
rbasaknacc: so I think making the minimal change in Ubuntu is fine for now.17:10
naccrbasak: ok, I'll wait for testing results and then fixup my patch (should be a no-op for testing purposes still)17:10
naccrbasak: i'll also take a peek at the effect of using the upstream init-script17:10
rbasaknacc: as long as it doesn't break any use cases our users might have except in some reasonable way. So for example I don't want to fix POWER at the cost of some regression on some Intel hardware. If that happens then we might need to clean it up to support both cases or something.17:11
rbasaknacc: OK, thanks. Let me know when you're ready. If you think that on balance your change fixes things and probably doesn't break things, that'll be fine I think.17:11
rbasaknacc: ideally IMHO /etc/modules shouldn't be required to be used for this at all, since the logic should be in one place.17:12
rbasaknacc: I think that's the case with your current patch?17:12
coreycbjamespage, darn, hopefully it's not too invasive17:13
balrogg_csGood afternoon everyone , someone could direct me to a good tutorial on VPN for Ubuntu Server ?17:13
naccrbasak: right, notionally, /etc/modules is separate and unconsidered; what my patch does functionally is make it non-fatal if some HW modules (as specified in the config file), fail to load17:15
rbasaknacc: that sounds reasonable given that the package tries to load those by default (I think?) and hardware exists that works without those modules. Ideally we'd detect and load only required modules by default but I don't think there's any need to go that far.17:19
naccrbasak: yeah, it's more to do (at least with this bug, in particular) with some confusion (IMO) on the OP's part as to how to control the IPMI modules at runtime. Basically, the openipmi 'service' just loads whatever the config file says to load; which by default is only ipmi_si and ipmi_devintf -- hence why other stuff appears as unloaded, because that's the OpenIPMI configuration17:24
naccbut then secondarily, the Power folks complain because impi_si fails to load at all on their system (and the default config has it required) and so the init-script bails out17:25
naccit might be better to treat it as two separate bugs? not sure17:25
=== rmc3 is now known as shishi
=== shishi is now known as rmc3
rbasakI think I also see it as two bugs, but maybe I draw the line in a different place.17:26
rbasakI think "fails by default on Power" is the real bug here from a UX perspective.17:27
naccrbasak: yep, I'd agree17:27
rbasak"Doesn't intelligently pick what modules to attempt to load by default" is a secondary bug I think, which I guess is much lower priority since we aren't aware of a way that would actually impact a user right now.17:27
jamespagecoreycb, hey - I've uploaded what I can to https://launchpad.net/~james-page/+archive/ubuntu/wily/+packages for testing17:27
rbasakEven though fixing that one would be nice.17:27
naccrbasak: so the alternative fix, which might be more palatable, is to just change the default value for IPMI_SI to "no" on Power17:27
coreycbjamespage, thanks17:28
jamespagehowever I need to think about the ch fix for version detection - may need to match on major/minor version only17:28
rbasaknacc: sure, but then you need to detect when to do that, and it's tricky to do in packaging because of conffile rules.17:28
naccrbasak: right, and that's what I have sort of asked the upstream community about ... and whether the init-script should be mucking with modules that aren't set to "yes" in the first place (sinc ethey might be being controlled by something else, e.g.)17:28
rbasak(/etc is the sysadmin's domain, and changing it from scripts needs to respect any local changes the sysadmin made, and that's tricky)17:28
naccrbasak: yeah, I wasn't sure that would be "easier" by any means :)17:29
rbasakPerhaps the default value should be "autodetect" and the script enhanced to be able to use that.17:29
rbasakBut anyway, that's to fix the secondary bug, which I'm happy to leave.17:30
naccrbasak: yep17:30
rbasakFile it if you wish. It is useful to keep track of these things, since this bug will get resolved and forgotten.17:30
rbasakThen if anyone in Debian, Ubuntu or upstream wants to make things better at least there's a list.17:30
naccrbasak: so the remaining/open question is if anyone relies on some /etc/default/openipmi configured modules not loading as fatal17:30
rbasakThat's a very good question.17:31
naccit's still detectable, for what it's worth17:31
naccthe $? will have bit 1 set17:31
naccbut it's not going to just quit17:31
rbasakPresumably if someone is depending on that being fatal, then something will be fatal later?17:32
rbasakThat is: something will be fatal later anyway, if we make the current failure non-fatal?17:32
rbasakIf you've considered it and can't think of any other way, I think it's OK to fix it as you proposed unless/until someone points something out.17:33
naccyeah, that's true; and as far as the end-user is concerned, the "fatal"ness of it is detected the same (technically), by that $? value. They just wont' see "[fail]" from the init-script ... but I'll take a closer look today, given what you've said17:33
naccrbasak: thanks for the talkthrough, I appreciate it -- I probably will have some follow-up questions later about your archeology & investigation17:46
=== argh_ is now known as grantsmith
rbasaknacc: no problem!17:48
coreycbzul, can you sponsor this upload to xenial? https://code.launchpad.net/~corey.bryant/ubuntu/+source/python-keystoneauth1/+git/python-keystoneauth118:49
zulcoreycb: uscan --verbose --download failed18:54
coreycbzul, I've fixed that up and I'll push that to the debian repo separately19:08
naccrbasak: ah ha! since we are setting RETVAL still, evne though we proceed (rather than aborting early), we still see the service 'fail' to start/restart19:14
rbasaknacc: good catch!19:43
geniiDoes anyone know of a way to use a secondary screen as the primary with just CLI, no X/xrandr ?19:53
=== Lcawte|Away is now known as Lcawte
TJ-genii: per-output framebuffer controls are via 'fbset', to swap primary<>secondary I suspect you'd need to do something to change the default from /dev/fb020:09
TJ-genii:  'con2fbmap' should do what you want20:11
geniiTJ-: My main prob is I have server installed headless on an old laptop which has had it's screen removed. Ssh-ing in works fine but I want to set it up that I can plug a monitor in locally and have it work if something happens20:11
* genii investigates con2fbmap20:13
TJ-genii: you'll need to ensure there are framebuffers configured for the active outputs and a DRI/KMS driver active20:14
wxlhey folks is there anyone within the server community that tends to deal with ppc stuff?20:23
rbasakwxl: ask your question and find out!20:41
wxlrbasak: it's not so much a support issue as an architectural one. i have been contacted by a guy with some ppc64 hardware who's trying to get *ubuntu* (so not just server) working on it and he had some question about the potential of releasing multiple kernels, which apparently debian does upstream. i'm just trying to find him a good contact to chat with.21:45
RoyKwxl: it may be a good idea to use debian instead, then, since ubuntu is rather focused on x86/x6421:46
wxlRoyK: except for lubuntu, ubuntu mate, and server.21:47
smoseri dont know that "ubuntu is rather focused on x86/x64"21:47
RoyKwxl: if you look at the updates on ubuntu, it holds a rather strong record of not updating anything that's not mainstream21:48
sarnoldwxl: are we talking ancient stuff like a g5 mac or new shiny stuff from ibm or others? :)21:48
wxlsarnold: new, shiny.21:48
RoyKwxl: may I ask what sort of hardware?21:48
wxlRoyK: while i don't argue with you, this is orthogonal21:49
sarnoldwxl: http://cdimage.ubuntu.com/releases/14.04/release/21:49
sarnoldwxl: ppc64el iso is probably a fair starting point :)21:49
wxlhere's what he's told me so far: dual-core, 64-bit, non-Altivec-enabled e5500 core21:50
wxlhe also sent a pic http://tinypic.com/view.php?pic=1zbtlk9&s=521:50
wxlhe really just needs someone to chat at that might have the slightest of inkling as to what he might be talking about XD21:51
sarnold"remove at risk of death"21:51
sarnoldthere's a warning you don't see every day21:52
wxlapparently he's pushed support for it into the 4.4 kernel on his own21:52
wxlbut i guess this is a Book-E CPU and the kernel needs to be compiled with Book-E support rather than Book-S support thus the question about alternative kernels21:53
wxlhere's an older article that discusses Book-E if it's helpful https://www.kernel.org/doc/ols/2003/ols2003-pages-340-350.pdf21:56
sarnoldaha :) now we're on to something. perhaps #ubuntu-kernel then?21:57
wxlah maybe that would be best. great idea sarnold. thanks!21:59
sarnoldwxl: if book-e vs book-s is a mutually exclusive choice, I wouldn't be too surp0rised if someone wants a support contract to make it worth while :) hehe22:00
wxlsarnold: money always helps XD22:01
=== Lcawte is now known as Lcawte|Away
=== IdleOne is now known as Guest62646
lost1nfoundhey guys, ive had a pretty serious production problem since upgrading from 15.04 to 15.10 on my EC2 m4.xlarge/c4.xlarge high-traffic web instances. the instances just become unreachable and fail status checks 2-4 times per day. seen ifquery segfaults in logs as well, but nothing logs once they go into this state, so this is a bit tricky to debug. been working with aws support for 3 weeks and no23:01
lost1nfoundluck. has anyone else had similar issues? or could maybe point me in the right direction?23:02
lost1nfoundmy other 15.10 instances are fine (20+) but these 10 machines crash 2-4x a day. i have an askubuntu post about it but it hasn't gotten any response, and im not sure where to go from here: https://askubuntu.com/questions/710747/after-upgrading-to-15-10-from-15-04-ec2-webservers-have-become-very-unstable23:02
TJ-lost1nfound: have you kept an open ssh session tailing the /var/log/kern.log to try to capture useful clues?23:02
lost1nfoundi have, but the connection times out and i never see anything around the time of the crash23:04
TJ-OK, and have AWS shared any diagnostic clues with you?23:05
TJ-things they've ruled out maybe?23:05
TJ-those segfaults in ifup all look to be ocurring early in the life of the boot, and we could deduce there is a problem with the virtualised interface not being completely ready in some strange way23:16
lost1nfoundTJ-: sorry, someone pulled me into a meeting. they have not, other than telling me theyve throughly examined the host/hardware diagnostics and determined theres no problem23:51
lost1nfoundfairly early in the boot, one im looking happened right after remounting the root filesystem23:53
TJ-is there any pseudo-console (IPMI/KVM) options other than SSH to connect to the guest?23:53
lost1nfoundat 2.817xxx. so not very early; the network adapter had already been initialized, etc23:53
lost1nfoundi dont think aws offers that :( let me look again23:53
TJ-2.8 seconds is early in terms of uptime though23:54
TJ-many things happen in parallel at boot-time; those could be due to some unusual race condition23:54
lost1nfoundah here we go, i found the console log and indeed, one of my frequently crashing machines logged [171009.844097] general protection fault: 0000 [#1] [ 0.000000] Initializing cgroup subsys cpuset23:55
lost1nfoundimmediately before reboot23:55
TJ-typical there's no stracktrace with it23:57
lost1nfoundright, yeah. i wonder if theres any way to enable any debugging information on one of the systems23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!