EmilienMcoreycb: all puppet openstack CI is broken since the uca/mitaka update today02:32
patdk-lapsarnold, hmm, it's not turning up libteam that is my issue, it's turning it off03:36
jayjoif I want to capture just the standard error in a cron job, is it sh my_script.sh 2>? I know that 2>&1 is stderr and stdout, but I don't know what are the significant components of that command05:24
jayjoIf I put that into my cronjob, I get an error Syntax error: end of file unexpected05:27
LostSoulI've got this strange issue07:38
spm_dragetDoes ubuntu xenial support java 8 with some official package?08:02
jamespageddellav, coreycb: more oslo releases - if you guys need a hand I can spare some cycles after git migration next week08:38
shreddingI've done lots of server things lately and docker and stuff and want to dipe deeper into devops / sysadmin to get all the basics. Can someone recommend good resources? Preferably online courses.09:27
Poindexter_Can someone tell me a little bit about the .htaccess file and is the   .     considered a  " file extension " e.g. such as in windows? I noticed when I do an ls -all command prompt command I see   a    .      and then   ..     or   ...      I have been putting index.html in all of my directories to stop listing on a web site. Any comments? I was reading that an .htaccess file should be hidden in all directories on a server.09:59
Poindexter_This pertains to Apache2 Ubuntu server.10:02
Poindexter_I think it is very tedious to put an index.html file in every directory to stop people from listing and seeing the contents of the directory, however, it works but I have read that it is not the best solution.10:05
hateballPoindexter_: putting a dot in front of files make them hidden per default10:07
hateballPoindexter_: well you can disable listing in apache10:08
Poindexter_Would that mean that if I put a .html file in each directory mean that being hidden stop directory listingn?10:08
Poindexter_I suppose I could do a 404 redirect to the main page would help too.10:10
Poindexter_Have you seen the Hostage Encryption thing on the news? I get sick to my stomach when I read about that stuff. People have nothing better to do than to make life miserable for others. I suppose there are vulnerabilities in everything.10:13
hateballPoindexter_: https://wiki.apache.org/httpd/DirectoryListings10:16
hateballctrl+f -> prevent10:17
Poindexter_Hateball I did read that about the .htaccess editing the file. I wanted to hear from someone who had personal experience with it.10:17
hateballWell it depends if you want to disable it globally or just for certain directories10:18
hateballif you want it globally, just remove Indexes from httpd.conf10:19
Poindexter_I years ago used the .htaccess file for password protection. This is the first time I recognized the listing issue because I do listing to double-check my work.10:19
Poindexter_It is such a basic 101 issue but necessary one that people overlook.10:20
Poindexter_I use puTTy and winSCP for SSH to any of my work. Nice programs especially the tunneling.10:23
Poindexter_I wouldn't trust any .html web based client to program a server. Not a good idea.10:25
hateballI've no idea what you're rambling about here10:26
Poindexter_I was making conversation. I suppose I chose the wrong channel. Thanks for your help though. I appreciate it.10:27
hateballPoindexter_: There's #ubuntu-offtopic if one feels chatty :)10:28
hateballTho this channel is usually idle enough it harms no one10:28
Poindexter_:)   I am always chatty. I teach A+ Certification at a Network Academy. I give lectures all day long.10:29
Poindexter_I am always in search for good Technicians to put on my website.10:30
hateballOn the offtopic topic, I find it strange you have a hard time trusting web based clients, yet you use Microsoft Windows ;)10:30
Poindexter_I use Microsoft as a GUI but on a serious basis, Ubuntu is more trustworthy as a server. I don't and will not use Microsoft server. I have 2000 server and 2003 server. I dont' like them.10:31
Poindexter_They work and are good for what they are but Linux or Ubuntu has been a passion for me for years. I used to program in BASIC with Windows and C++ but, that is not what I do anymore. I love the challenge with command prompt in Ubuntu. I have notebooks full of stuff I have learned.10:34
Poindexter_One of the best tools I use is IRC. I have met many a good Technician and programmers here.10:35
Poindexter_I have been using IRC for almost 20 years now.10:35
hateballHeh, for me using Linux is not about any challenge at all. It's about letting me do what I want, and get work done.10:38
Poindexter_I like that answer. So too with Windows. I have been using Windows for years and I make lots of money with it. It pays to be good at both.10:39
Poindexter_I do forensic Data Recovery with Windows. $1,000.00/ per customer is nice. So Windows has its benefits though. I like GNU open source and the folks who are motivated by it.10:40
Poindexter_The funny thing is that I use Debian based software to recover Windows data. Such as Bart's Boot Disks and so on.10:42
Poindexter_If you can find it check out  Ultimate Boot Disk   It works on virtually any machine.10:43
Poindexter_Hateball it was nice to make your acquaintance. I bid you a good morning here or day wherever you are. Take care of yourself.10:52
hateballWhat a friendly fellow :)11:06
coreycbjamespage, thanks.  we're making progress on the clients and oslos.  it looks like we're going to need a new package for python-positional.12:35
jamespagecoreycb, what's using that?12:36
coreycbjamespage, keystoneclient, and it's mainline code12:37
coreycbjamespage, ^12:38
jamespagecoreycb, pretty small package12:39
coreycbjamespage, maybe I could put it together and you could help me get it in the new queue12:40
jamespagecoreycb, yes - prob quicker through debian12:40
jamespagecoreycb, maybe checkin with zigo make sure he's not already doing it12:40
coreycbjamespage, ok12:40
jamespagehe's pretty hot on picking up new pkgs12:41
jamespagecoreycb, no ITP raised so you might be clear for that12:41
coreycbjamespage, ok12:42
jamespagecoreycb, is this critical path for b3?12:42
jamespagei.e. do we need the new keystoneclient for b3 ?12:43
* coreycb checks12:43
coreycbjamespage, it doesn't look like it as of now based on global requirements.  however, sometimes you never know.12:44
coreycbddellav, oslo.log and oslo.middleware uploaded14:09
ddellavcoreycb ack14:13
EmilienMcoreycb: we had to disable voting on our ubuntu jobs in Puppet CI, the latest update in proposed broke us14:14
EmilienMwe're sorting things out this week14:15
EmilienMbut imho it would be a nice thing to release a bit more often14:15
coreycbEmilienM, I saw your message.  smoke tests are passing for us.14:15
EmilienMcool. Not sure we deploy the same way / components14:16
EmilienMit's cool it works for you - but for other people it's a bit hard to catchup releases like this. But I might be wrong.14:17
coreycbEmilienM, we definitely don't, you're probably going to want to debug your failures and let us know if there's a specific bug to look at14:17
coreycbEmilienM, well we are in beta you know :)14:17
EmilienMthat's what we do since the beginning14:17
EmilienMwe debug and report bugs, aren't we?14:17
EmilienMright, we're in beta. But we run OpenStack trunk without issue (on centos7 jobs with RDO)14:18
coreycbEmilienM, I just saw a log from you that has failures that could or could not be real issues14:18
jamespagehallyn, hey - could you peek at https://launchpadlibrarian.net/242779327/buildlog_ubuntu-trusty-amd64.libvirt_1.3.1-1ubuntu2~cloud0~ubuntu14.04.1~ppa201602251230_BUILDING.txt.gz14:21
jamespageits a libvirt backport failure for the mitaka UCA - xml tests are failing in some way14:21
jamespageEmilienM, we can certainly push updates through to proposed more regularly, but that will create more instability rather than less imho14:22
EmilienMI disagree here14:23
jamespageEmilienM, its not a release per say - we're still in development so we expect breaks14:23
EmilienMiterative changes make things failing faster, but also fixed faster14:23
jamespageEmilienM, well we can try it for a while and see how it goes if you like14:23
EmilienMI know it's Ubuntu channel, but it's worth sharing feedback: RDO has a special repo that run close to master but is gated by CI.14:24
jamespageI'm not fussed either way - but backporting from xenial to 14.04 does require some manual intervention from time to time so can lag14:24
EmilienMit's "mitaka-passed-ci" repo. We use it14:24
EmilienMI prefer fixing bugs from time to time, rather all in one shot14:25
jamespageEmilienM, what's the scope of ci that's undertaken on those packages?14:25
EmilienMjamespage: they gate with a tool called "Weirdo", that is a mirror of what is gating: Puppet OpenStack CI, Kolla CI, Packstack and TripleO.14:25
EmilienMjamespage: dmsimard is the guy who initiated all this CI for RDO14:31
EmilienMjamespage: FWIW, you could run our tests out of the box without anything to do.14:32
EmilienMwe have a script to run: https://github.com/openstack/puppet-openstack-integration14:32
EmilienMand you just need to export the scenario that you want to run14:32
jamespageEmilienM, sure - we used to maintain trunk package builds for this purpose (regular CI, earlier break/fix)14:33
jamespageEmilienM, that said we still used to only upload on milestones; trunk package PPA's where consumable outside of that14:33
jamespageupload to ubuntu that is14:33
EmilienMbut having our tests running in your CI would also help you to get feedback, for free.14:34
EmilienMlike for free. you don't have to make them vote in your release process.14:34
EmilienMjust have it and look at it. and tell me if something will break14:34
EmilienM(if your CI is public)14:34
dmsimardI actually did a talk around 2 weeks ago around how we do CI in RDO in case you're interested in how we do things, here's the most relevant part for you: https://www.youtube.com/watch?v=XAWLm3jP7Mg&feature=youtu.be&t=120714:34
jamespagedmsimard, just out of interest, what sort of effort is required to keep your packages up-to-date with trunk? I appreciate that this gives you more iterative visibility on breaking changes, but from our past experience its been fairly resource intensive14:37
jamespagewhich is why we switch to milestone focus a while back14:38
jamespagerather than daily focus14:38
dmsimardjamespage: earlier in that talk I linked, I talk about a tool we called delorean (that's actually in the process of being renamed due to trademark issues T_T)14:38
dmsimarddelorean basically watches upstream git repos for new commits and when there is one, it builds it immediately with the rpm spec files that we have for that project14:39
jamespagedmsimard, we have something very similar14:39
dmsimardthis allows us to 1) have the latest packages available all the time and 2) detect build failures immediately14:39
EmilienMwe use to fail very fast14:39
EmilienMalmost every week14:39
jamespagesure - understand the process - just wanted to assess how much effort 2) is these days14:39
EmilienMbut we also fix fast because we involve different communities, tripleo, kolla, puppet, etc14:40
dmsimardjamespage: so we have this that is updated on every build: http://trunk.rdoproject.org/centos7/report.html14:40
EmilienMiiuc, it's a lot of effort to put the process in place14:40
dmsimardand monitored (i.e, nagios) and build failures and then reported and acted on14:40
dmsimardsome build failures are harder than others to fix, thankfully most of them are new dependencies that we already have packages for14:41
jamespageEmilienM, I'm less worried about the process; more about the cost of acting on build failures...14:41
jamespage(as in we already have an equivalent process I could ressurect)14:41
coreycbjamespage, chasing false positives in particular I would think14:42
dmsimardsome build failures are for libraries that we don't have a package for yet, so we need to package these first and then add them to the spec file14:42
jamespage(right back to essex believe it or not - https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/essex-stable-testing)14:42
EmilienMjamespage: having the process in place reduces the cost - because you have the right people involved in that14:42
coreycbdmsimard, do you find yourself wasting much time chasing false positives?14:42
EmilienMjamespage: imagine if your CI was public and if I could look at my Puppet jobs failing on future ubuntu packages14:43
dmsimardI don't think we get false positives14:43
EmilienMjamespage: I'll jump and commit to fix it14:43
jamespageEmilienM, sure14:43
EmilienMjamespage: because it will break my CI14:43
dmsimardI guess sometimes we get CI failures (read: not build failures, but CI failures) that are because of things introduced upstream14:43
EmilienMjamespage: but right now, I'm passive. I wait, it breaks, I fix.14:43
EmilienMjamespage: so the cost is expensive for both of us.14:43
dmsimardFor example a while back nova started requiring an API database and no installers consuming RDO packages supported creating that database14:44
jamespageEmilienM, I understand - seriously - you're the first early consumer of UCA packages outside of canonical14:44
* jamespage ponders this a bit14:44
dmsimardWe reported it to the different projects and helped them resolve the issue -- but before we were ahead of them, their CI in the OpenStack gate didn't break.14:44
EmilienMthe famous "it works on devstack"14:45
jamespagedmsimard, ack - we've detected similar issues in stable releases when we used todo this which where not picked up in stable gates in openstack14:45
jamespageEmilienM, TM14:45
EmilienMwhat I propose is that you run Puppet OpenStack CI jobs beside Juju charms CI, gating new packages that you build. (milestone or trunk, whatever).14:46
EmilienMand give us access to the CI so we can see jobs result14:46
EmilienMthat would be a first step forward14:46
jamespageEmilienM, our challenge is that Juju charms CI Is still to charm centric; we want something that is packaging centric...14:47
EmilienMI am interested by testing your packages and I provide you https://github.com/openstack/puppet-openstack-integration that would work out of the box for you14:48
dmsimardWeIRDO could be made fairly generic (and be called something else for the purpose of an effort in this direction). I did some design decisions to make it non-generic to keep it as simple and straightforward as possible since we have limited resources.14:48
EmilienMyou just need to configure a staging repo before and run one script.14:48
jamespageEmilienM, right - so we are currently gating the UCA from staging -> proposed based on the testing we do today with charms and tempest....14:49
jamespagestaging is delivered much more iteratively (not trunk)14:50
EmilienMjamespage: look our scenarios: https://github.com/openstack/puppet-openstack-integration#description14:50
EmilienMI'm not sure you have such coverage.14:50
jamespageEmilienM, aside from sahara, trove and ironic, we have the same coverage with charms....14:52
dmsimardanyway, feel free to poke me if you have any questions regarding how we do things14:52
jamespagedmsimard, EmilienM: sure - will do - don't have capacity to look at this in the short term but we will review...14:53
EmilienMjamespage: you have aodh, gnocchi?14:53
jamespagenot yet...14:54
EmilienMok :-)14:54
jamespagemissed those...14:54
EmilienMwe're adding zaqar also (WIP)14:54
EmilienManyway, like dmsimard said, we're here to help14:54
coreycbddellav, oslo.cache needs oslo.log dialed down to the right min version in d/control14:54
EmilienMwe work for redhat, we don't have our "red hat" - we just try to help making OpenStack better, so do you.14:55
EmilienMjamespage: I'll let you know when we have ubuntu jobs green again. Should not be hard to figure, if it works for you14:56
ddellavcoreycb ok, i'll take care of it14:57
ddellavcoreycb i wonder how that happened, i didn't update it.14:59
ddellavwell i can clearly see who did it, i just wonder why they did that15:00
coreycbddellav, yeah I didn't see it changed in your logs, maybe someone else messed it up15:00
coreycbddellav, typo I think15:00
ddellavcoreycb yea i guess, a typo 4 times in the file lol15:00
ddellavcoreycb oslo.cache updated and good to go15:05
coreycbEmilienM, thanks for the discussion15:05
Delianti keep getting log errors that drupal8 cannot remove some old files that are not in use anymore (i changed the directory they are stored in), and i deleted the folder manually. is there any way to remove these unused fields manually so i dont get the error messages?15:05
Deliantups wc15:06
EmilienMcoreycb: anytime15:06
coreycbddellav, oslo.cache uploaded, thanks15:14
jamespagecpaelzer, hey - doing the dpdk stuff now15:33
jamespagedon't make any changes - I got smb's feedback already covered...15:33
cpaelzerjamespage: I already pushed the two whitespacies15:41
cpaelzerjamespage: and arges was about to review and upload (at least that was the plan)15:41
jamespagecpaelzer, I can upload it for you15:41
cpaelzerjamespage: if you want/will do the upload we just have to get the ack from arges so you two do not collide15:41
jamespagearges, hey - I've got the dpdk review/upload!15:42
spm_dragetWhat is the name for the php package… apache2-mod-php5 or php5.0…?15:48
nacc_spm_draget: in < xenial, it's php5 (and it should pull in the right deps) and in xenial it's php (which will pull in PHP7.0)15:50
ddellavspm_draget this might not work anymore but if using apache, you can install libapache2-mod-php5 and it will grab the right version of apache mpm and install all the right php mods as well15:52
nacc_ddellav: spm_draget: I believe php5 (and correspondingly php/php7.0 in xenial) depend on libapache2-mod-php5 (and php7.0 in xenial)15:54
argesjamespage: ack15:55
ddellavnacc_ that would be annoying if installing php for use with nginx or some other httpd. I used to use libapache2-mod-php5 as a shortcut with apt, instead of typing apt-get install php5, apache2, etc etc, just install libapache2-mod-php5 would grab all that automatically15:55
nacc_ddellav: spm_draget: the other way around is true as well, in that the libapache2 module depends on php5-cli/php-cli15:56
nacc_ddellav: it's been that way for a while, afaik, someone did file a bug on it15:56
ddellavnacc_ i think thats right actually now that i think on it. I've had to delete apache after installing php5 because i primarily use nginx now15:56
spm_dragetddellav: Well, I do explicitly want apache and php. Not only one and the other as a dependency.15:56
spm_dragetBut that works for me. Right now I am wondering why on xenial phpmyadmin still tries to pull php5 while php7 is installed (and apt does not seem to mind)15:57
patdk-wkinstalling php5 won't install apache15:57
rbasakphp5 depends on libapache2-mod-php5 OR php5-cgi OR php5-fpm etc.15:58
nacc_spm_draget: it's a wip15:58
ddellavspm_draget xenial is still a WIP so the phpmyadmin package might not be ready to support php7 yet *shrugs*15:58
nacc_spm_draget: that will be fixed in the final15:58
rbasakIf you tell apt what you want, no need to pull in Apache.15:58
ddellavrbasak ah so you need to install php5-fpm and it will forgo installing apache15:58
nacc_e.g., apt-get install php5 php5-fpm, iiuc15:59
patdk-wkor php5-cgi15:59
ddellavfwiw the last time i did this was in trusty15:59
rbasakRight. "apt-get install php5 php5-fpm" will not pull in Apache.15:59
patdk-wkwhatever one you plan to use with nginx15:59
spm_dragetnacc_: Ah okay. Well, testing xenial right now. I guess I will not install phpmyadmin yet.15:59
spm_dragetThought it was in feature-freeze since 10 days or something.15:59
ddellavspm_draget take this as an opportunity to learn the mysql cli :P15:59
spm_dragetYeah, I will manage :)16:00
* patdk-wk has no idea how to use phpmyadmin16:00
ddellavone look at my access logs and see how many bots out there scan for phpmyadmin installations is enough to get me to never install it ever again. At least not publicly accessible16:01
patdk-wkI run publically accessable phpmyadmin16:01
patdk-wkhaven't had any issues16:01
nacc_spm_draget: we are in FF, but the php7 transition is a large one16:01
spm_dragetnacc_: I can imagine. Huge change. But thanks for all the work you people do! I am currently evaluating xenial for our productive server… trying to migrate some services over and might siwtch to productive in april16:02
spm_dragets/migrate/copy and test16:02
ddellavyea, all my trusty boxes will get upgraded when it's released.16:04
ddellavno longer needing to install ppa's to get newer packages16:04
* patdk-wk has already started upgrading a few16:04
nacc_spm_draget: good to hear, and i appreciate the feedback, i can try and remember to ping you when phpymadmin has been updated (not to say i recommend it or anything)16:05
patdk-wkddellav, you will always have to do that16:05
ddellavpatdk-wk eventually yea but right off the bat i wont need a custom ppa to get php 5.6, newer nginx, etc16:05
patdk-wkone should never expose a management interface to the public :)16:05
patdk-wkI do it, but that is cause it's customer management, not my management16:05
patdk-wkI'm the other way16:06
patdk-wktoo many customers that want to keep running php 5.416:06
ddellavpatdk-wk when i ran a hosting company i had multiple PMA's running, can't really avoid it but now im not doing that so i try to reduce my attack surface as much as possible heh16:06
patdk-wkdue to everything required to make php 5.5+ work16:06
patdk-wkthis php upgrade, even is so highly annoying16:07
ddellavmy largest trusty box runs a single php-based website so php version is important16:07
ddellav5.6 gives us array constants which is nice16:07
ddellav(among other things)16:07
nacc_patdk-wk: isn't 5.4 EOL? :)16:10
patdk-wkby who?16:10
patdk-wkfor php sure16:10
patdk-wkfor ubuntu, no16:10
nacc_patdk-wk: fair enough16:10
nacc_just seems like those customers *may* want to think about moving soon-ish?16:11
patdk-wkya, but that is rather hard16:11
patdk-wkexpecially when a lot of them are using *compiled* php code16:11
patdk-wkthat no longer exists16:11
nacc_yeah, that's no good16:11
patdk-wkand you cannot use compiled code < php5.5 on php 5.5+16:11
patdk-wkhas to be recompiled16:11
patdk-wkya, I am running a mix right now16:12
nacc_patdk-wk: what version of currently supported ubuntu has php5.4? precise?16:12
patdk-wkeverything that doesn't run customer code, is already upgraded16:12
patdk-wkwell, that is 5.3 though16:12
nacc_yeah, i see 5.3.10-1ubuntu3.2116:12
patdk-wkbut the compiled code works upto 5.416:13
nacc_oh ok16:13
urthmoveris this the right channel for 16.04 talk?16:17
patdk-wkand not talking about the underwear16:18
urthmoverwell I installed the 16.04 daily and I find it strange that zfs doesn't appear to be installed by default.  I thought that I read somewhere that it would be included.  Any thoughts about this?16:18
urthmover16.04 daily server to be exact16:18
patdk-wkno thoughts, no nothing about it16:19
patdk-wkbut I would find it HIGHLY odd, if it was16:19
SchallaAnyone here can recommend the Official Ubuntu Server book?16:19
urthmoverpatdk-wk: http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-in-ubuntu-1604.html16:19
ddellavcoreycb oslo-sphinx and python-oslotest are ready for review and upload16:19
urthmoverpatdk-wk: I guess it's really only that zfs will be native for lxc containers16:20
nacc_urthmover: it specifically says it's not installed by default? that is, you have to set it up16:20
patdk-wkwhat does, zfs for conainers have to do with, installed by default16:20
patdk-wkya, atleast that blog post only claims the kernel module will be installed16:21
patdk-wknot even administrator utils to manage it will be installed by default16:21
urthmoverI made an incorrect assumption....I thought that the inclusion of zfs for containers would also mean that zfs utils etc. would be installed by default...possibly a choice of filesystem during install16:21
urthmovernot the end of the world...I can do it myself....just a bad assumption on my part16:22
nacc_urthmover: i believe it's explicitly not on the install media, as it can't be used for / -- but i might be wrong16:22
JanCwhy not for / ?16:22
patdk-wkdoes ubuntu grub have the needed zfs parts?16:22
urthmoverif you want it on /...these docs look sound  https://github.com/zfsonlinux/pkg-zfs/wiki/HOWTO-install-Ubuntu-16.04-to-a-Native-ZFS-Root-Filesystem16:23
JanCgrub doesn't need to access (the later) /16:23
nacc_JanC: as i said, i might be wrong...16:23
patdk-wkwell, my grub does :)16:23
patdk-wkatleast considering /boot is on zfs16:24
nacc_urthmover: that link also does mention you have to do some steps outside the installer16:24
nacc_urthmover: that's all i meant, really16:24
urthmovernacc_: ah...I see...yeah there are steps outside the installer16:25
patdk-wkalso very nice to use beadm :) to boot snapshots16:25
ddellavcoreycb python-heatclient fixed and ready for review/upload.16:32
coreycbddellav, can you add python-os-client-config to the binary package Depends for oslotest?16:33
coreycbddellav, awesome, looking16:33
ddellavcoreycb ok, i saw that and was wondering if i should add it.16:33
ddellavcoreycb oslotest updated16:43
coreycbddellav, for heatclient can you update python3-oslo.serialization and tempest-lib in d/control?16:44
ddellavcoreycb ok16:45
ddellavcoreycb tempest-lib has no version in d/control. I was under the impression we do not add one if no version currently exists.16:47
coreycbddellav, ah yeah it's not really needed since it didn't exist in trusty (ie. no need to differentiate from what's in trusty when using the cloud archive)16:48
ddellavcoreycb ok so i added that missed serialization update, pushing now16:48
coreycbddellav, thx16:48
coreycbddellav, oslo-sphinx uploaded16:50
ddellavcoreycb ok great. heatclient updated and pushed16:53
coreycbddellav, hmm I can't generate a good orig tar file for oslotest16:59
coreycbddellav, not with zigo's workflow, at least17:01
jamespagecpaelzer, uploaded - then realized the Vcs-Origin fields are foobar - pushed a change to the repo - not worth its own upload17:01
ddellavcoreycb yea, it says it cant verify the tag17:01
ddellavbut i was still able to build the package with gbp17:01
cpaelzerjamespage: those VCS fields are a reoccurring discussion if/how they should be added17:02
biebSSL question.. We have a wildcard ssl cert, it has been installed on a couple subdomains. Our webserver was Windows/IIS and had the SSL cert installed. I have just built an Ubuntu server with Apache to be our new webserver, everything on that end is fine. I was not sure if I will have to rekey our SSL for ubuntu, or can I install the same key used on IIS? I think I have the original keys saved in a zip file from godaddy17:02
cpaelzerjamespage: last time rbasak did kind of collect the last status and I have a few caht/mail threads to refer - but all ok for now17:03
ddellavbieb: https://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-an-apache-server.html17:05
coreycbddellav, heatclient uploaded17:15
biebddellav: Thanks!!17:20
ddellavbieb np17:20
ddellavfwiw it was the first result in google ;)17:20
* RoyK uses let's encrypt17:21
ddellavRoyK thats the free ssl cert site?17:21
ddellavi've been using startssl certs for ages, they work really well17:22
biebddellav: I asked here.. because Godaddy told me I would have to rekey the cert, then update any subdomain that is using the current cert.. I figured someonw here would have a better idea.. :)17:24
ddellavbieb yea, they might, idk, but i do know that moving from IIS to apache is pretty common :P17:24
biebddellav: gotta love support from godaddy..17:25
ddellavbieb they are pretty much complete garbage. I stopped doing business with them many years ago. I use hover for domains (even though im considering switching since they dont support dnssec).17:25
ddellavand i've always done my own hosting17:25
RoyKddellav: yeah17:26
RoyKddellav: it's rather neat with let's encrypt if you have a bunch of subdomains/hosts17:27
RoyKI only have a single domain (mostly), so I stuff a lot of hosts/subdomains in there, and things like startssl means I have to pay rather a lot for that17:28
biebddellav: we dont host there, we host our own. We have had SSL with them for a few years and domains17:28
ddellavRoyK oh i use the free startssl certs. If i buy them i use thawte or comodo usually.17:30
RoyKddellav: last I checked, you couldn't get multiple host certs on startssl17:33
RoyKfor free, that is17:34
ddellavRoyK you can't get free wildcards, no but you can get unlimited free subdomain certs17:34
ddellavso it's a bit more work but it's doable17:34
RoyKwell, I ditched it for let's encrypt, which works well17:34
qman__I have a paid startssl cert, unlimited names17:34
qman__The free ones are limited, forget the exact limits17:35
ddellavwildcards are great, and technically what you should be using if you have multiple domains/subdomains on a single IP17:35
ddellavyou're supposed to have 1 cert per ip address but it's not strictly necessary17:35
qman__IP addresses are irrelevant, certs only specify names17:36
ddellavqman__ thats true, cname is only domain however for added security, some browsers will complain if it detects multiple certs from the same ip address so for that reason it should be 1 per ip17:37
ddellavor at least thats how it used to be17:37
qman__Read about SNI17:37
qman__You appear to have an incorrect understanding of the isaue17:38
ddellavqman__ last time i got in depth with ssl certs was with apache and i dont think SNI was widely supported. But i see now what you mean17:38
jamespagecoreycb, xenial is being awkward - won't start instances17:54
jamespageafaict messages for port creation don't get to the n-ovs-agent on the compute host17:54
patdk-wkthese days, there is no need to do one cert per ip17:58
patdk-wkcause everything does SNI, that is not a security issue17:58
patdk-wkthe problem is, people *still* use windows xp, and old java, and custom coded apps17:59
patdk-wkthough, for browser based website access, I have started deploying sni without issues17:59
patdk-wk(though today we did find out that android does not support sni, if set to tls 1.2 only)17:59
trippeh2.x android?18:00
patdk-wk5.x android18:00
patdk-wkyou have to have ONLY tls 1.2 enabled18:01
patdk-wkif anything else is, like tls 1.1, it works18:01
patdk-wkeven using tls 1.2 :)18:01
ddellavi've had a lot of issues with windows applications that use .net to make api requests over ssl. I had to really tweak my ssl settings to allow these apps to get through18:01
patdk-wktls 1.2 was added in android 4.118:02
patdk-wkin android 4.x it works18:02
qman__Yeah, you can reasonably expect SNI to work today, only really old stuff and the occasional bug like that are problems18:04
qman__But even without SNI, the issue is one cert for a given IP, not one IP for a cert18:05
qman__Because the server must blindly send the cert when no SNI is specified18:06
jamespagecoreycb, gotcha - https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/154991918:11
ubottuLaunchpad bug 1549919 in neutron (Ubuntu) "neutron-server fails to use configured plugin configuration file" [Critical,In progress]18:11
jamespagemy revert of the agent crossover was imcomplete.18:11
jamespagecoreycb, fix uploaded18:13
jamespagecoreycb, that took me way to long to find18:16
jamespageI was poking at deps and hacking debug into code to try to figure out wtf was going on18:16
jamespagemaybe its time to eod18:16
eeinhello. I was looking to install the digital signage concerto on a 14 ubuntu server and the guide reads to me as though the packages are in the repo but I don't find that to be the case. I can add a repo but were these packages in the official repos and removed recently or am i just reading this wrong? https://github.com/concerto/concerto/wiki/Installing-Concerto-218:21
coreycbjamespage, ugh, thanks for the fix18:23
eeinhmm I guess it was never in the repo the guide is just organized poorly and a little misleading.18:24
sarnoldeein: step 2 involves running a shell script to add their repository to your apt sources -- it isn't in the ubuntu archives18:24
eeinyeah, thanks sarnold. the headings make it seem like they are seperate options but I see now the main headings have a <hr>18:25
sarnoldeein: .. and it appears that their script is quite old, it adds _saucy_ sources. ubuntu EOLed saucy in july 201418:25
coreycbddellav, I think oslotest needs some fixing because it's missing git tags for the new release, or maybe you just didn't push them?18:29
ddellavcoreycb weird, it shows up on mine: https://www.dropbox.com/s/blxmeuvsemg7v3b/Screenshot%202016-02-25%2013.31.15.png?dl=018:31
coreycbddellav, did you git push --tags?18:31
ddellavcoreycb indeed18:31
coreycbddellav, anyway that's why generating the tarball failed. ok. me looks again.18:32
ddellavcoreycb i have the tags and it fails for me too18:32
coreycbddellav, ok I think I'm just not picking up the tags on the merge18:38
coreycbddellav, ok figured it out, I needed "git remote add --tags". not sure why it usually works for me without that though. anyway..18:47
ddellavcoreycb are you able to gen the orig? im still unable to18:47
coreycbddellav, yes, I can now18:48
Razvais Liberty ready for production, or should I go with Kilo?18:56
coreycbRazva, Liberty released last Oct and most if not all of the core projects have had at least one stable point release since then19:01
coreycbso they've had at least a round of bug fixes at this point, neutron just had it's third point release19:02
coreycbyou'll also get an extra 6 months of support out of Liberty: https://wiki.ubuntu.com/ServerTeam/CloudArchive19:03
coreycbddellav, I just uploaded a new python-monotonic if you want to retry oslo.utils once it builds19:34
=== alexisb is now known as alexisb-brb
coreycbddellav, oslotest uploaded21:00
ddellavcoreycb ack21:01
=== alexisb-brb is now known as alexisb

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!