=== shoutme is now known as hallyn === devil is now known as Guest83087 === Guest83087 is now known as devil__ === DonRichie2 is now known as DonRichie === profall_ is now known as profall === thumper-dogwalk is now known as thumper === daxcat is now known as dax [01:31] grr, smb, my libvirt pkg is already out of date. when did you push -1ubuntu5! [01:33] s'ok i've got plenty of time while these tests run to rebase :) [01:36] smb: do you have a github account? === devil is now known as Guest51142 [02:56] I have a 14.04 server, without FTP or SMB installed. Is there another way to get a file up to it from my desktop? [02:57] scp [03:05] sftp/scp/rsync/nc/zm/... [03:05] xmodem/zmodem used to be a standard way back in the day :) [03:07] :D [03:18] ok sarnold let me try that [03:19] and that would be going from one Ubuntu desktop to the server sarnold ? [03:21] designbybeck: from anything that can do scp to anything that can do scp :) [03:21] sarnold, Ok, I'm looking at a tut rightnow...seems easy enough! ;) thanks === Deliants is now known as Deliant [03:24] designbybeck: it's about a thousand times better than ftp [03:26] ok so sarnold .. on my local machine 14.04, I type: scp filename.mp3 username@domain [03:26] ? [03:27] sarnold, I'm looking at this https://help.ubuntu.com/community/SSH/TransferFiles [03:28] designbybeck: don't forget the : on the remote host [03:28] hmm, looked like it was going to work...asked for both passwords but then said permission denied [03:28] sarnold, and I'm sudo/root on both [03:28] designbybeck: scp filename.mp3 user@host: [03:29] yes I corrected that sarnold [03:29] "both passwords", that's.. potentially surprising. which passwords? [03:29] I'd expect just one, the user@remotehost -- but if you're going to scp/ssh often, it's worth setting up ssh keys [03:30] sarnold, ahh.. I needed "" around it [03:30] looks like it is uploading now [03:30] ....never new scp was that easy! HA! [03:30] I new people used it for windows to linux and such [03:31] :) [03:31] ..knew [03:32] ...I'm about 4 sheets into the wind ;) Had to make a podcast for an assignment, so I did it on Open Source [03:33] hah, you're doing pretty well for being four drinks in :) [03:34] that's what I'm thinking sarnold!! I hate my voice, but I was on a roll, and had my headset audio sounding great (very clean) so editing in Audacity was going reat [03:34] great... I just had to loosen up to talk and hear myself! === tsimonq2alt is now known as tsimonq2- [03:46] sarnold, can I send you a PM link? [03:50] sure === tsimonq2- is now known as tsimonq2 [04:53] https://download.samba.org/pub/samba/rc/samba-4.4.0rc4.WHATSNEW.txt === med_ is now known as Guest93664 === mfisch is now known as Guest38484 [07:34] Hey guys, I've had a server completely crap all over itself because the /boot partition got full and then I believe I made it worse. I'm not sure what really happened or what led up to these events; it's sort of a neglected server that I didn't install and was forced onto me. It's provided by a company so we can access resources from within their network [07:37] So anyway, check this out: http://paste.ee/p/FhFAl [07:42] Hmm, I found a reccomendation to just touch that file and let the package manager do whatever. But now I'm a little concerned that I don't even have a kernel .. or rather, the kernel that it is going to try to boot is either missing or a blank file... [08:34] hallyn, I pushed just about when I realized you were starting to fiddling with it while never given any feedback about the pending change I had and had been asking about. So I decided if there is someone stepping on someone else's toe, its me this time. ;-P [08:35] hallyn, and no github accound [08:35] account even [08:36] are you getting snarky with me? [08:36] no worries, see the libvirt-maintainers email :) [08:36] no github account needed [08:37] hallyn, not with you in particular. That is my morning personality in general. :) [08:57] hia, all my latest ubuntu server builds are failing to rotate logs? has anyone else had this? [09:06] anyoneeeeee? [09:07] logrotate looks identical, as do permissions on the directories [09:07] We've had a newer logrotate in Xenial. [09:07] Is there a bug somewhere? [09:07] these are trusty hosts [09:07] Ah, OK. [09:07] logrotate has never been updated in Trusty since release. [09:08] 14.04.4 LTS (on 6 hosts) is fooked but 14.04.3 is fine (on many) [09:08] So if there is a regression, it must be in some other package. [09:08] they all are configured with ansible using the same configuration(s) [09:08] See cron output perhaps? [09:08] all say permission denied [09:08] Or on a test server advance the date and run the cron job manually. [09:08] Permission denied on what? [09:08] but the perms are identical and so are the configs. [09:08] all the lgos [09:08] all the logs* [09:09] error: failed to rename /var/log/syslog to /var/log/syslog.1: Permission denied [09:09] error: failed to rename /var/log/upstart/console-setup.log to /var/log/upstart/console-setup.log.1: Permission denied [09:09] etc [09:09] Check kern.log for Apparmor denials? [09:09] Is logrotate running as the same user? [09:10] Are the ownership and permissions of all the directories leading up to syslog also the same? [09:10] ive checked recursively from / [09:10] comparing hosts user,group and mod [09:11] How are you installing 14.04.4? [09:11] preseed [09:11] one sec - what should i be lookin’ for in terms of apparmor? [09:12] This sort of thing: Mar 7 09:05:50 mal kernel: [849976.818097] audit: type=1400 audit(1457341550.955:64): apparmor="DENIED" operation="open" profile="/usr/bin/evince" name="/usr/local/lib/libXrandr.so" pid=25082 comm="evince" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [09:12] In kern.log. [09:12] checkin' [09:12] (thanks btw) [09:12] Seems unlikely that logrotate would be denied by apparmor, but it's a standard thing to check for any permission denied error on a system with selinux or apparmor. [09:13] nothing since set up time [09:13] in kern.log for apparmor [09:14] I can't think of anything else quick to check, sorry. [09:14] np - if you could let me know if you think of anything it’d be appreciated [09:14] *sighs* :( [09:14] If you can reproduce it on a simple 14.04.4 installation (say without preseed, or a cloud image), then it's a regression in Ubuntu and I'd be happy to dive into it. [09:14] Or, you could try running the cron job by hand and figuring out what the difference is in your deployment. [09:14] will spend a bit more time looking into it before reproducing [09:15] Advancing the date on a test server would probably be useful, as would strace. [09:15] advance the time then run manually you mean? [09:15] Yes. You can use sudo to run as the user the cron job would run as. [09:16] Looks like root. [09:16] Something like "sudo -i sh /etc/cron.daily/logrotate" [09:16] Not exactly the same environment but close. [09:18] hmm [09:18] but i diffed logrotates and they’re identical [09:18] Sure, but some underlying behaviour could be different. [09:18] ok [09:18] :) [09:19] i won’t actually need to advance the time/date as they haven’t been rotated (ever) [09:19] i don’t think? [09:20] Looks like logrotate keeps something in /var/lib/logrotate to track what it thinks it's already rotated. [09:20] So best to advance the date to be sure it isn't rotating because the date hasn't moved forward. [09:30] errrm [09:31] switching euid to 109 and egid to 4 [09:31] woops [09:32] so upstart is trying to rotate with: switching euid to 109 and egid to 4 [09:33] 109 doesn’t exist at all [09:33] and group 4 (adm syslog) only has read on all files in the upstart dir [09:40] so where’s it getting 109 from? lol [14:00] jamespage, gnuoy: glance b3 will have the glare artficats api, I've added a init scripts for it [14:01] artifacts [14:08] Hi, I want to install a python package in Ubuntu 14.04 but I want to use python3 version (python2 is default in Ubuntu 14.04 and python 3 alternate available) [14:10] hariom: Do you have pip installed? [14:11] python3 is part of ubuntu.minimal, it should efinitely be installed [14:11] *ubuntu-minimal [14:13] lordievader: yea [14:13] Install your package through there: sudo pip3 install [14:13] don [14:13] don't use sudo and pip. Use a virtualenv. [14:13] lordievader: that package is not available in pypi [14:14] python-librdf [14:14] a lot of python packages are also available from apt [14:14] RoyK: yea, and I want to ensure that apt picks up python3 instead of python2 [14:15] hariom: apt-get install python3-pypdf2 [14:15] (that's on debian jessie - probably the same package in recent ubuntu) [14:16] recent :) [14:16] not in 14.04 [14:17] RoyK: The problem is python3-librdf is not available. Its just python-librdf [14:17] guess 14.04 is too old, then [14:17] ;) [14:17] well, install from pip [14:20] cpaelzer, https://launchpad.net/ubuntu/+source/openvswitch/2.5.0-0ubuntu1 [14:24] huwjr: btw, python3-pypdf2 is in 15.10, so 16.04 will be your friend ;) === Monthrect is now known as Piper-Off [14:26] how terrible an idea is it to run non-lts editions of ubuntu server? [14:27] I think it's fine providing that you have deployment tests and you're prepared to move up on a six monthly cadence, but others disagree. [14:27] depends if you stay on top of the updates [14:27] it’s not necessarily the OS that matters though, it’s more about a lack of regression testing [14:27] (on packages) [14:27] i have 0 deployment tests, this isn't enterprise prod, this is hometerprise prod [14:28] you wouldn’t want to run a dev version of a package on a production server (would you?) [14:28] are you desperate for something in an alpha/beta? [14:28] if not, why bother [14:28] There is certainly a benefit of using the LTS: it's a major synchronisation point for other users, so others are more likely to have found and flushed out bugs before you do. This is a bigger deal for an LTS because it's a bigger synchronisation point. [14:29] well the primary motivation i had for switching to ubuntu from debian was newer package versions, i just saw an example of a package in debian stable that isn't in ubuntu lts above [14:29] which then made me think i should consider non-lts builds, and thus posed the question [14:29] That'll happen on a regular basis, since Debian and Ubuntu releases leapfrog each other. [14:29] that is, debian actually released a *stable* version after ubuntus last lts [14:29] doesn't happen often [14:35] you can always get solid, tested backports Deeps [14:36] or compile yourself if necessary [14:36] either way none of it is truely tested/stable. === Piper-Off is now known as Monthrect [14:43] jamespage: 2.5 final - nice; I've got an s390 intercept but I should be able to hit openvswitch-dpdk again somewhen next week [14:49] ddellav, jamespage: looks like we're going to need a new openstack-pkg-tools before syncing mistral === Pici- is now known as Pici [15:24] hi i installed ubuntu server 15.10 with LVM (my mistake) and cant figure out how to expend it to use up the remaining free space [15:24] i just want to resize the partition to use up all the free space thats remaining [15:26] the partition or the pv or the lv? [15:26] oh man i have no clue [15:26] lvm is not my thing [15:26] I use it all the time :) [15:26] pastebin lsblk and vgs output, please [15:26] im a totally new to it...it feels like a pain but i cant knock it if i havent tried it [15:26] and lvs [15:27] so lsblk, vgsoutput and lvs [15:27] lsblk, lvs, vgs and perhaps pvs [15:28] ok let me do the first 3 [15:28] pvs too, I think, would be good [15:29] http://paste.ubuntu.com/15341671/ [15:30] aw crap that didnt go well hold on [15:33] RoyK, here we are http://paste.ubuntu.com/15341690/ [15:34] I'm just starting to play around with lxd and I'm having issues figuring out how to add a pre-start hook to a container (namely one to inject my squid-deb-proxy config). With plain lxc there were config files to set lxc.hook.pre-start, where do I do it in lxd? [15:36] fellayaboy: ok - looks like your sda5 partition isn't filling up the disk - use parted (or gparted) to extend it - gparted would be easier if you're not familiar with parted, although it'll require some x11 libs (just use it with x11 forward ofver ssh) [15:37] gparted from what i read you cant use gparted, also it was locked ..the extended parttion and the lvm partition...i unlocked it but when i chose to resize it it didnt see any size larger...ive read gparted doesnt work with lvm [15:38] RoyK, yeah maybe...lets see [15:39] fellayaboy: first resize the partition, then run pvresize to resize the pv, then use lvextend to extend the lv, then resize2fs (if this is ext4) [15:39] it is ext4 [15:39] should work well - you may need a reboot after resizing the partition, though [15:40] would i have to umount though. i mean if i did that i wouldnt be able to run commands [15:40] resize should work without umouting it, but the result won't be useful until a reboot [15:41] okay would you happen to know a good site that explains how to perform the steps being that i dont know any of the commands [15:42] thanks for all your help RoyK [15:45] fellayaboy: lvm is rather neat when you get used to it [15:46] i guess so right? RoyK i want to try it out, doesnt seem so bad just have to learn it [15:46] ima see if i can use the system-config-lvm gui tool for now [15:47] is lvm used popularly with SAN/NAS? [15:47] or you can use the commandline and actually learn something ;) [15:47] lol i have to figure out the command [15:47] fellayaboy: rhel/centos always uses lvm for everything, which is good [15:47] e2fsck ? lvreduct? [15:47] oh okay cool good to know, i didnt know that [15:48] if your lvm is encrypted is it possible to do all this modifications? [15:48] coreycb, I'm pretty optimistic we'll get django-compressor to 2.0 either this week or early next week [15:48] jamespage, nice [15:48] well, the filesystem sits on top of a logical volume, lv, and the lv sits in a volume group, vg, and the vg sits on top of one or more physical volumes, pv, and the pv sits on top of either a disk or a partition [15:48] usually when you install ubuntu you have the option to encrypt. if you encrypt could you modify and such? [15:49] I'm quite sure encryption doesn't matter in this equation [15:49] ok cool [15:51] i see so lv lives inside the vg, lg sits ontop of the phsycial volumes, and pv sits on ontop of disk / partition cool [15:51] its likea raid [15:53] jamespage, ddellav: everything is uploaded for b3 except openstack-trove, swift, sahara, mistral, murano-dashboard. I'm going to start poking at stuck in proposed and cloud archive issues. and the horizon staging issue. [15:54] fellayaboy: PVs are providing the actual storage space. VGs aggregate PVs and can be sliced up into multiple LVs that you can then use to put a fs on [15:54] jamespage, ddellav: note: neutron-vpnaas is deferred to rc1 due to an upstream issue with the released tar file [15:54] coreycb, ok [15:54] is neutron still stuck on -lib [15:54] ? [15:55] cool sounds awesome...so i guess in my scenario i would have to first increase the size of the volume group? and then increate the logical volume? [15:55] jamespage, looks like it, I'll see if I can move that along [15:56] fellayaboy: before growing your VG, you need more PV space [15:56] coreycb, awesome - you might be able to such aodhclient from debian btw [15:56] fellayaboy: and since your PV is taking the full partition sda5, you have to make sda5 bigger [15:56] if you've not done so already [15:57] jamespage, it's waiting in the new queue, bug 1552415 needs some action [15:57] bug 1552415 in Ubuntu "[FFE] Please sync python-aodhclient (0.1.0-1) from Debian (experimental)" [High,New] https://launchpad.net/bugs/1552415 [15:57] fellayaboy: an alternative that would be less clean would be to put another PV on a freshly created sda6. Then you could vgextent your VG to have it use the 2 PVs (the one residing on sda5 and the other on sda6) [15:58] jamespage, bug title updated [15:58] hmm sounds good sdeziel but i would want to just increase the sda5 if it'll be easier..if i have 2 pv then i could configure them to look like 1 LV [15:58] is that correct? [15:58] fellayaboy: since your sda5 part is the last one (nothing but free space at the end), you are better off growing it then it will be a matter of pvresizing it [15:59] jamespage, hmm looks like it's missing from the new queue, I'll re-upload [15:59] fellayaboy: a given LV can span across many PVs as long as they all belong to a single VG. [16:00] okay sdeziel i guess im seeing the bigger picture here then [16:04] jamespage, neutron-lib is missing from the xenial new queue too. they were both there the other day. [16:04] coreycb, try unapproved [16:05] jamespage, nothing there either [16:14] fellayaboy: when you resize the pv, the vg grows, since the vg consists of PVs [16:15] how do i increase the pv [16:15] pvresize [16:16] but first the partition needs to be resized [16:16] i went int parted and rm 5 [16:16] and recreated it? [16:16] im in the process of that [16:16] did i lose all my data by anychance? [16:16] better do that before you reboot :P [16:17] so if i reboot then it'll apply and ill lose my data correct? === JanC_ is now known as JanC [16:17] fellayaboy: before you do such things, always make sure you have a good backup - things may break [16:18] aw snaps [16:18] well its obvious [16:18] fellayaboy: but I've removed/recreated partitions before without issues - should work - just don't blame me if you lose your data if you don't have a backup ;) [16:19] come to think of it - another way would be to create a new partition, put a pv on it and add that to the vg [16:19] but then - if you've already removed sda5, it's a bit late for that [16:19] shoot [16:20] have you recreated sda5 yet? or have you saved your settings in parted? [16:21] i hope i didnt save it..i did rm 5 and i had to cancel out of parted [16:21] when i do print i dont see the 5 partition [16:21] ok - better recreate it, then [16:21] should work [16:21] how do i do that [16:22] create a new partition starting at the same point as the old one [16:22] should be default if you create a new one [16:23] when i do that it asks me what file system i want to use [16:23] should i use ext4 since thats what i used before? [16:23] just don't do anything stupid as in making a new filesystem [16:23] perhaps better use fdisk [16:24] if you create a new fs, you *will* lose your data [16:24] mkpart asks for a FS but doesn't create one [16:24] ah [16:24] ok [16:24] sdeziel: just flags partition type 0x83 or something? [16:24] it just sets the partition type accordingly [16:24] yeah [16:25] okay so file system type? ext4 is okay...its asking me "start?" [16:25] should be ok, then, fellayaboy [16:25] shall i say yes [16:25] "yes" isn't a good start offset ;) [16:26] lol [16:26] ok give me one second [16:26] or 2 minutes really [16:26] good luck :) [16:27] screw it im backing things up lol [16:27] while i have the chance [16:27] good [16:27] better use something like crashplan - keep things backed up [16:28] i got 4 gigs let that fnish il be back [16:28] crashplan? [16:28] dot com [16:28] let me go see [16:28] perhaps not now - just backup things locally for now [16:28] i am [16:29] so whhaaa... crashplan lets you back all unlimited data for free with no account? [16:29] nah - $5 a month or so [16:29] but yes, unlimited [16:30] and it works well - given you turn off that stupid dedup setting [16:30] lol not bad [16:31] I have 5,5TiB on my account there ;) [16:31] wow [16:31] lol [16:31] thats alot of data.. [16:31] way better than dropbox i would say [16:32] well, a friend of mine has 15TiB space on her home server - she's a film nerd of sorts... [16:32] wow never even herd of one person with 15tib [16:32] fellayaboy: heh - I've been working with storage for a while ;) [16:33] which reminds me something. if you try to add more physical disks to a raid would you have to recreate the whole raid thus losing all your data? [16:33] im only starting to know the importance of storage..bought myself a server just for it [16:33] no, you just add a disk and --grow it [16:33] a rack server [16:33] mdraid is *very* flexible [16:33] cool ill jump that bridge when i get to it [16:33] md? [16:34] ok perfect [16:34] i backed up my data [16:34] linux' software raid [16:35] cool [16:35] ok - did you create a new partition as well? [16:35] so now parted says "start?", [16:36] its looking for anumber i believe [16:37] probably the start block - I'm not quite used to parted - sdeziel? anyone? [16:37] yes, outta be the start block/offset as the original partition [16:38] i didnt record that info [16:38] http://pastebin.com/mgPtySMX [16:39] ha what i silly chimp i am [16:39] thank god i pastebinit! [16:40] yeah, that's not the kind of info you want to lose after rm'ing a part [16:40] nothing there about sector numbers, though [16:40] parted accepts offsets in various different units [16:41] could be sectors, MB, MiB, etc [16:41] or % [16:41] sdeziel: if you choose to create a new, say #5, would it start at the first available sector? [16:41] * RoyK is a bit old-school and still uses fdisk for small things [16:42] RoyK: in my experience, parted doesn't guess, it just asks and then will round your input [16:42] RoyK: that's why I use MiB as unit because those align well [16:44] sdeziel: so it won't overlap? [16:44] I don't see the reason for even asking for a start sector unless there's default "first free" [16:45] RoyK: the rounding is for performance reasons. I don't know if parted would prevent your from overlapping 2 parts (probably) [16:46] what does an extended partition do..whats it for [16:46] it's a legacy from the MSDOS era [16:46] it is a way to overcome the limit of 4 primary partitions [16:46] Can someone elaborate on what is necessary to create a channel on an irc server? I just created a ircd server that runs on us [16:47] so you put an extended partition then in that extended part, you can create many logical part. This pushed the total amount of part to 26 IIRC [16:47] when i try to register a channel, it does not work [16:48] okay cool that makes sense sdeziel [16:49] fellayaboy: and 26 happens to cover A to Z for drive mapping [16:54] sdeziel: ironically, since DOS/Windoze still reserves A: and B: for floppies ;) [16:54] lol. i should've used gpt [16:54] and uefi [16:55] fellayaboy: did you create a new partition? [16:55] fellayaboy: if not, just use fdisk, it may be easier [16:55] fdisk - n - l - enterenterenter [16:55] well [16:56] we started back at sqaure one [16:56] square one [16:56] me and sdeziel couldnt expand it beyond..he said the extended partition was to blame [16:56] RoyK: so I assisted fellayaboy to resize sda5 but forgot that sda2 had to be resized first [16:57] fellayaboy: this HDD being bigger than what your partitions cover smells the VM disk resize, am I right? [16:57] im not so sure [16:58] i resized it in vmware esxi [16:58] there you go [16:58] that could be the problem? [16:58] yeah its a vm living in vmware esxi [16:58] inside the datastore [16:59] fellayaboy: not a problem but an explanation to why you have a 400G drive with partitions covering only ~160G [17:00] well i needed to expand my data...when i created the vm i started it with 150gb...now i wanted to increase it to 400gb.. [17:00] I never understood why the Ubuntu installer created an extended partition to then put "/" inside a logical partition. This makes it harder to resize the whole thing later one... [17:00] thats all i realLY KNOW [17:02] i feel like i should just blow this whole thing...i dont even remember i configured vmware esxi server as a bios or uefi [17:02] make it all uefi gpt [17:09] fellayaboy: got a snapshot, perhaps? [17:10] thats true [17:10] fellayaboy: next time you need to extend the vg/lv, just add another drive and add it to the vg - it's easier - just don't partition that drive, just add it as a pv - I always do that in vcenter [17:11] yeah i have to find me a tutorial that breaks all this down [17:11] get the whole birds eye view of lvm and then tinker with it all [17:11] fellayaboy: just add a disk, vgextend /dev/newdisk, lvextend ... [17:12] fellayaboy: it's not hard ;) [17:12] lol [17:12] i really wanna learn instead of using gparted all the time [17:12] this seems cool [17:12] :) [17:12] thanks for that info RoyK now i just gotta figure out how to extend this msdos partition to use up the freespace [18:25] RoyK: TIL: parted "resizepart". No need to do the rm + mkpart dance :) [18:48] Testing out openstack-single on 15.10, had it running, rebooted, now openstack-status errors out, any pointers, suggestions? === esde_ is now known as esde [19:13] ttpearso: does it use juju to fire up everything? juju status may be a good starting point [19:18] juju status was hanging [19:18] I just wiped it, starting again [19:19] debugging a test env just not worth the time, was hoping it was simple/common [19:22] moin, what's the EOL for 12.04 server? [19:23] ddellav, swift 2.6.0 uploaded, thanks for the updates [19:23] xmj: 17.04 [19:23] coreycb ack [19:23] RoyK: 2016? [19:23] !precise [19:23] Ubuntu 12.04 LTS (Precise Pangolin) is a currently-supported !LTS release of Ubuntu. Download http://releases.ubuntu.com/12.04/ - Release Info: http://www.ubuntu.com/getubuntu/releasenotes/1204 [19:23] xmj: 5y on lts [19:24] thanks === funkyHat_ is now known as funkyHat [19:39] coreycb openstack-pkg-tools is ready for review: lp:~ddellav/ubuntu/+source/openstack-pkg-tools my changes are in ubuntu/mitaka [19:50] rharper: know anything about qemu blockcommit stuff? bug 1554031, wondering whether qemu is wrong for demanding write access to lower layers? [19:50] bug 1554031 in qemu (Ubuntu) "error: internal error: unable to execute QEMU command ‘block-commit’: Could not reopen file: Permission denied" [High,Triaged] https://launchpad.net/bugs/1554031 [19:51] (easily reproduced using any uvt-kvm -created vm) [19:52] ddellav, just a couple of things, can you run update-maintainer and also the merge of d/changelog dropped a bunch of old entries from ubuntu [19:53] coreycb ok [19:55] coreycb fixed. reclone [19:58] ddellav, getting there, still missing old merge changelogs [19:59] coreycb hmm, the only changelogs i see are the ones from james for 37ubuntu1-3 [20:00] coreycb oop nevermind, there they are [20:00] i scrolled too fast [20:00] ddellav, ok [20:02] coreycb i need to use vimdiff more often [20:03] ddellav, that's what i use, seems to work well [20:04] coreycb take 3, try now [20:07] ddellav, looks good, thanks [20:15] I just installed a 16.04 development branch server instance, and it appears to have created lxcbr0 interface by default, is this expected behavior? If so, how can I disable it at install time? [20:17] runelind_q: did you happen to pick lxc or lxd to install? also, is there some issue with lxcbr0 being configured? [20:17] I did not pick that, only OpenSSH server [20:19] runelind_q: i believe ubuntu-server depends on lxd now (looking at `apt-cache` output [20:19] not sure if it did/didn't earlier [20:20] jamespage, any objections to me uploading ddellav's new merge of openstack-pkg-tools? [20:20] nacc: iirc lxd is intalled by default, and lxd creates the bridge by default.. [20:20] jamespage, it all looks good just want to double check that it is a sane thing to upload at this point in the cycle. the sync of mistral needs it. [20:23] sarnold: agreed [20:35] hrm, well that's less than ideal. [20:36] runelind_q: please do file bugs if you dislike it; I know a goal is for things on ubuntu to Just Work so it may not get very far, but still, if no one files bugs it just won't be visible [20:38] I'll probably just figure out how to disable the lxcbr0 interface. [20:40] runelind_q: brctl something or toerh.. [20:41] guessing lxd will just recreate it [20:42] ah, could be upgrades might.. [20:43] runelind_q: you can try to set USE_LXC_BRIDGE to false in /etc/default/lxc-net [20:51] runelind_q: soon lxd will no longer depend on lxc-net and that won't happen by default. For now just do what sdeziel said, lxd will not recreat it. [20:52] that does seem to resolve the issue. [20:53] would rather have lxd be an install-time installation decision, but it is what it is I guess. [20:53] this was never an issue until very recently when lxd was added to the server seed (quietly), causing all sorts of hillarity [20:56] is this a debian upstream thing, or a decision by Canonical? [20:58] there is no debian upstream for lxd, and debian and ubuntu are not in sync (yet) for lxc. [20:58] but again, by 16.04 release lxc-net will not be starting on your server images [20:58] and lxd doesn't start - it's socket-activated [20:58] so meh [20:59] i personally think it's a good thing (just would've liked time for testing :) but of course i would :) [21:04] in need of a lifeline.. I just set up a 6x4TB raid 5 array, installed webmin and installed transmission.. I set the server to reboot. After reboot I get login prompt, type password, and get sent back to login prompt. I can't SSH any more either.. nor is webmin interface working. [21:04] I've never seen this before [21:05] fortunately I still have the server connected with keyboard and monitor, so I can see that it IS there [21:05] I just can't login [21:05] ... for whatever reason [21:08] rharper, https://code.launchpad.net/~ubuntu-server-dev/ubuntu/+source/tgt/+git/tgt [21:08] smoser: thx! [21:09] Froberg it goes without saying, but you're sure you're using the right password? And logging in as root I assume? [21:10] yeah my during-install configured user [21:10] it doesn't reject the password, just sends me back to the username prompt [21:10] doesn't even display the "packages that can be updated" stuff [21:11] are you talking a bout logging into webmin or loging into the server via the terminal? [21:11] or ssh? [21:11] terminal direct access [21:11] ssh is fucked [21:11] webmin too [21:11] I only just installed this server yesterday [21:12] ok, so when you type in your username and hit enter, it gives you a password prompt, if you type in the wrong password and hit enter it dumps you to the username prompt again without any messages [21:12] i.e. wrong password [21:12] I type username, password, get "welcome to ubuntu", see the link for documentation.. it pauses.. and clears terminal and shows me username prompt again [21:12] ahhh ok, thats new information [21:12] Apologies if I was unclear about that [21:12] sounds like your pseudo terminal process is crashing [21:13] is this a start over scenario? [21:13] brb sorry [21:15] Froberg it might not help, i did some quick googling and there are a few different possibilities. I would check here: http://lmgtfy.com/?q=terminal+process+crashing+after+login [21:16] it depends a lot on what kind of hardware you have and if you installed the desktop software [21:16] also, you may want to include webmin in that search since it only started happening after using webmin [21:16] i dont personally use webmin so i don't know much about it [21:16] but hopefully that has helped narrow down your issue. [21:18] if i had to guess i'd say its a misconfiguration in your bashrc thats causing the terminal process to crash, unless you've installed unity or the other desktop software in which case it could be trying to start it and crashing. [21:19] back, sorry, parental duties [21:19] most of those solutions involve rebooting into recovery mode and/or passing kernel args during boot [21:19] np [21:19] I actually never even started webmin up [21:19] I just apt-get installed it [21:19] as I've used it before to manage samba shares, since it makes it a bit easier [21:19] yea just the install process may install directives into the global bashrc that gets included everywhere [21:20] no desktop installed [21:20] or, to be more correct, the global bashrc is run first then your local one is included [21:20] it's meant to be a headless server with no keyboard or monitor connected [21:20] ok, that rules out the desktop stuff then [21:20] i have new Ubuntu 14.04 with apache, and want give all privilege on /var/www/ what is best chmod for this? [21:20] i've definitely had bad bashrcs make it difficult or impossible to login [21:21] It's run for half a year or so with no problems, only had to restart because I was unaware of the 16TB raid5 limit [21:21] Aleksandar86 All privileges is 777 but thats not usually best practice for a publicly accessible webroot. [21:21] hm, guess if I restart I can just remount the array, it did finish syncing, right? [21:21] i have problem with prestashop and 775 [21:21] not like I set up anything too grand, might be simpler to just start over [21:22] ddellav what chmod you using? [21:22] you can try starting over but it sounds like it might happen again [21:22] bar the webin then ;) [21:22] *webmin === Guest51142 is now known as devil__ [21:22] Aleksandar86 644 is usually a good starting place. [21:22] It's not like I *need* to have it [21:23] Froberg yea, i find those control panels to be more a crutch, i prefer to do most things on my own [21:23] it was running headless for half a year running multiple kvm's with no issues [21:23] ddellav if I give chom 644 on /var/www/ all inside folder will have this privilege? [21:23] I refuse to believe that there should suddenly be any hardware compatibility issues [21:23] Aleksandar86 no, you have to pass -R to chmod to make it recursive [21:24] Froberg yea, unlikely, issues like that have to do with sudden changes, since you just installed webmin, i would point to that [21:24] ddellav the transmission documentation on ubuntu help did say to enter in some bash aliases, could that be the problem? [21:24] 644 is fine for files, but not for a directory, users need execute permission to traverse into it [21:24] Froberg it's possible [21:24] gravy [21:24] symbolic permissions are usually more understandable: u=rwX,g=rX,o=rX [21:25] well ddellav, thanks, don't think it's worth the time to begin troubleshooting on so fresh an install [21:25] was hoping for a 'quick-fix for a known rare issue' [21:25] the capital X makes chmod mostly do the right thing with files and directories [21:25] ddellav: Aleksandar86: ^ [21:25] google only mentioned various GUI related issues with similar effects [21:25] tarpman yes, usually for apache i make the directories 750 and the files inside 644 while owned by root.www-data [21:26] https://help.ubuntu.com/community/TransmissionHowTo < here's the documentation I followed, wanted to try transmission instead of deluge for a change [21:26] Froberg those aliases are not likely to be an issue, they are just shortcuts for starting the service [21:26] s/starting/managing/ [21:26] I was pretty sure of that, too :) [21:27] still, doesn't hurt to ask [21:27] now I'm worried about trying for webmin AND transmission :p [21:27] ain't paranoia lovely [21:27] if i were you, and since you're doing a fresh install anyway, i would install webmin right away and make sure that works [21:27] get a solid base then add on top of that [21:27] good point [21:27] not doing kvm's again though [21:27] too much micro-management [21:28] even if one-box-with-all-the-stuff-that-will-ruin-my-day-when-it-breaks is riskier :p [21:28] you might want to check out containers instead [21:28] lxd and/or docker containers make things much easier imo [21:28] yeah I've heard mention of docker [21:29] also take a look at juju for deploying things, it's one of the canonical products: jujucharms.com [21:29] Froberg: any idea why nano is invoked via sudo to edit the ~/.bash_aliases file? [21:29] yea, thats weird [21:29] sdeziel I've no clue, I just assumed ubuntu documentation would be accurate [21:29] probably just an oversight [21:29] I will admit to some blind-sheeping there [21:29] if nano gets to create a new file it would be root owned [21:29] unless they are expecting you to edit another users file [21:30] sdeziel would a root owned .bash_aliases cause the terminal to crash? [21:30] ddellav: doubt it, would be a terrible failure mode but I never tested it :P [21:30] sounds possible [21:30] try it ;) [21:31] i was just about to lol [21:31] I did try executing the command example just prior to things becoming.. odd [21:31] remove raid array physically from hot-swap slots before re-install or not? [21:31] nope, doesn't cause any problem on 14.04 [21:32] .. might as well [21:32] hmm, well it didnt crash [21:32] also, it read the file without issue on login [21:32] which i guess is kinda expected since the login process runs as root i think [21:32] but im also on 16.04 [21:32] gonna switch screen input and start the installation, back soon :) [21:33] ddellav: I sure hope that ~/.bash* is ran as your user, not root [21:33] otherwise priv escalations would be too easy to be fun :) [21:34] sdeziel yea, you're right, it was 644, i changed it to 640 and i got an error on login [21:34] that said, by default the root owned file is still world readable [21:35] that confirms that bash does the right thing and fails gracefully [21:36] I wonder if a motd script could be at fault [21:36] 'aight setup started, waiting for IPMI is a bitch [21:37] ironically this is my sixth install in one day [21:38] it failed horribly a few times yesterday due to UEFI issues [21:38] weird considering I had no issues when briefly trying Open Media Vault.. or even when installing the old ubuntu server [21:38] then again, I used the LTS last time.. [21:38] dumb of me going for the latest? [21:38] practice makes perfect [21:40] there, nothing but openssh selected [21:40] so, finish install, ssh, assemble raid, reboot, test [21:54] not too promising [21:54] server booted up, no ssh [21:54] .. [21:55] rharper: i'll just go make a fool of myself on #virt [21:55] lol, nvm, user error [22:02] seems odd that there's package updates post install [22:10] why? [22:10] security updates should be applied, but non-security shouldn't be [22:11] maybe.. I just figure it's a live install with network access.. and I'm not installing an LTS version [22:11] might as well grab all packages [22:15] hallyn: sorry, blockcommit most certainly will need write access; the general idea is that the backing layers are rw; qcow2 handles diverging writes to the base; but in the case you want to commit changes from the current level to parent (aka backing dev) then it expects to squash the delta in the top level into the backing device [22:16] jdstrand: hi. if i were to say that when libvirt apparmor driver's load_profile is called to update a profile to add rw access to a block device, it adds a 'rw' rule but leaves a prexisting 'deny device w' rule, would that ring a bell? [22:17] hallyn: if you do qemu-img create -f qcow2 -b my-base-image top-layer 2G; no writes will happen to my-base-image; it's effectively RO even though it may be opened in 'rw' mode to support a blockcommit which would push changes from 'top-layer' into the base of the qcow2 file (my-base-layer) [22:17] rharper: yeah, most of the libvirt code is doing the right thing to update the security profile to allow write access, virt-aa-helper is just screwing up i think [22:17] rharper: yeah, the whole 'blockcommit' thing and its directionality constantly confuse me [22:17] hallyn: ok; it may be a profile oversight [22:18] so i create a base layer, run qemu with a layer over that, and then do 'blockcommit' the intent is to merge my changes back into the base layer? [22:18] basically if you 'RO' a layer, it wil prevent any rebasing (block commit) [22:18] like a git rebase squash? [22:18] yes [22:18] exactly [22:18] kthx [22:18] back to the code [22:18] you can specify the number of layers; ie, if you'bve done incremental snapshots (internal qcow snapshots) if you commit the upper most to the bottom, then you can delete all of the intermediate snapshots [22:19] so i guess virt-aa-helper needs a new hook that says 'if adding rw permissoin remove any preeixsting deny w rules' [22:19] yuck [22:19] (in update mode) [22:20] https://kashyapc.fedorapeople.org/virt/lc-2012/snapshots-handout.html [22:22] heh i think i was at that talk [22:23] but time heals all groks [22:23] hehe [22:23] re-added to my readitlater list [22:24] jdstrand: if you know of a clean way i can say "remove a deny write rule for this policy' in virt-aa-helper's vah_add_path() that'd be great [22:24] as opposed to having to mmap the file and walk it [22:25] hallyn: if we 're using qcow files, the qemu-img info --backing chain will show the files involved; shouldn't we always allow rw on any of the backing devices ? or rather, ensure each of the backing files are in an acceptable location for rw; if so, then there's no need for ro policy on any the elements in a qcow file ? [22:25] * hallyn confused. where do we read the existing profile [22:26] rharper: I dunno. the libvirt domain description marks those files as readonly, so virt-aa-helper marks htem ro [22:26] which seems fine to me [22:26] it gets called to update it when write access is needed [22:26] but libvirt will change on a blockcommit ? [22:26] it's just effing up when asked to do that [22:26] huh [22:26] yes, it calls the security module to update [22:26] interesting [22:27] and a rw rule *is* added :) but the deny w rule is kept [22:27] it seems redundant , either qcow2 works or it doesn't [22:27] ah [22:27] I see [22:27] well, this should protect the base of shared images from hypervisor bugs, i guess [22:28] hallyn: any reason why the write is explicitly denied instead of just relying on the default deny? [22:29] hallyn: this sounds related to the recent patch for readonly files and updating vah_add_file to add 'R' for readonly without a corresponding deny rule [22:29] hallyn: perhaps something similar needs to be done here-- but for something to be read/write and get a deny w is definitely a bug [22:30] jdstrand: I don't think it "gets" it, I think it just doesn't remove the old one on update [22:30] sdeziel: nope [22:30] seems like the file should be regenerated then instead of appended to [22:31] sdeziel all working fine now.. it seems, rebooting after webmin install now. Oddly webmin reports 600GB used of my empty array.. even assuming it's including the 128 gig system drive, that's just odd :p df -h has the proper figures though (24k/16T) [22:31] Intel(R) Atom(TM) CPU C2750 @ 2.40GHz, 8 cores << loving this CPU if anyone's been considering it [22:32] Froberg: nice [22:32] login works after reboot [22:32] now I truly wonder what fucked up [22:32] jdstrand: well the context code is calling domainSetSecurityLabel... [22:33] so i suppose this is a bug in AppArmorSetSecurityLabel [22:33] what is this java code? :) [22:33] (annoying since my mouse isn't working, no cut-paste :) [22:34] sdeziel appreciate the help.. even if I'm at a loss as to what may have happened [22:34] AppArmorSetSecurityImageLabel, that is [22:34] Thank you, Sir! :) [22:34] Froberg: you are welcome [22:35] seems like load_profile() should see append=false and then decide to regenerate? [22:37] it claims to do that... [22:37] btw i think if we fix this we fix a large set of the open libvirt bugs [22:46] aloha. anybody up to snuff with 16.04? I'm used to doing minimal server installs without any added packages. Seems like LXC wedges itself in (I like LXC, just not on these servers). [22:46] The other option for minimal is to use the mini.iso [22:46] Wondering if I'm missing something on install using the ubuntu server isos that will further reduce the installed package requirements. [22:47] hardwire: right, lxd is part of the base server now (aiui) [22:47] ah.. part of the ubuntu-server metapackage [22:47] hardwire: yep [22:47] * hardwire makes a face [22:48] thanks nacc [22:48] * hardwire attempts to dig up why harden-* disappeared as well. [22:48] I might just be losing my buntu mojo! [22:49] hardwire: what packages, e.g.? [22:50] oh i see [22:50] in debianland there's some metapackages that explicitely require some tools and conflict with lots of packages that are considered insecure [22:50] hm, no. [22:51] hardwire: oh i see them, i think [22:51] hardwire: e.g., harden-clients? [22:51] hardwire: possibly harden itself [22:51] and harden-servers [22:51] and harden-* [22:52] heh [22:52] no worries. I'll just miss them [22:52] hardwire: https://launchpad.net/ubuntu/+source/harden/+publishinghistory [22:52] oh! [22:52] I'm so used to reading debian bug reports for that info [22:52] thanks nacc [22:52] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782978 [22:52] Debian bug 782978 in ftp.debian.org "RM: harden -- RoQA; no longer useful" [Normal,Open] [22:53] hardwire: so no longer in debian either :) [22:53] lol [22:53] it's pretty useful :) [22:53] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760449 [22:53] Debian bug 760449 in harden "harden: outdated info" [Serious,Fixed] [22:53] not according to the maintainer, it's not :) [22:53] yehhh.. that makes it less useful [22:53] it was a large undertaking. [22:54] ok.. so I'm guessing the ubuntu-server isos even with no packages selected in tasksel makes sure ubuntu-server metapackage is installed. [22:55] I'll just have a lot of lxc bridges laying around :) [22:56] jdstrand: so i think libvirt is not updating the actual vm config, just asking for a new rw rule for the backing element... not sure though [22:56] jdstrand: so is the 'deny' rule really needed? [22:56] if we didn't have that, then this would "just work". [22:56] I'd have to see the policy [22:57] Sarnold are you there? [22:57] apparmor_parser -p /etc/apparmor.d/libvirt/ [22:58] i pasted the bits in the bug, but virt-aa-helper explicitly adds a deny rule any time it sees a readonly element [22:58] line 835 [22:59] ok, that is what I was referring to before [22:59] it sounds like the call to vah_add_file for this type of file should pass 'R' instead of 'r' with the recent patch that is on the list and that smb pulled in [23:00] 'R' won't add the deny rule [23:01] jdstrand: paste.ubuntu.com/15344294 fwiw [23:02] jdstrand: hm, i'm on the verison before that, so maybe it's already fixed [23:02] I find it exceedingly curious that libvirt marks it readonly only to later not honor the flag [23:02] jdstrand: it only temporarily marks it rw, [23:02] for the duration of blockcommit [23:02] i would've thought you'd appreciate that [23:03] i'll update and re-try, but am on slow link... actually, rharper, coudl you test it out, od you have a xenial host? [23:03] I have [23:03] okokok last one. Why is bootp not bound to 10.0.3.1 via dnsmasq? [23:03] * jdstrand notes he is about to head out [23:03] hallyn: if you've some debs for me to test, I can do that [23:04] rharper: no, just the current uptodate libvirt in xenial [23:04] sure [23:04] i'm on -1ubuntu4, -1ubuntu5 has smb's fix [23:04] I've not updated in a while, on 1ubuntu2 [23:04] hallyn: what do you need test-wise ? [23:04] pull latest and ? [23:05] * rharper has been dorking with multipathd, sd_notify and systemd services (*shakes fist*) [23:05] oh but it probably wil fail, because indeed it is using -r not -R [23:05] rharper: the blockcommit command from bug 1554031 [23:05] bug 1554031 in qemu (Ubuntu) "error: internal error: unable to execute QEMU command ‘block-commit’: Could not reopen file: Permission denied" [High,Triaged] https://launchpad.net/bugs/1554031 [23:06] hallyn: ok, run that on my current out-of-date package ? [23:06] oh, no. [23:06] i missed that comment. no, need -1ubuntu5 [23:07] there's a 1ubuntu6 too; [23:07] well, i should be ready to test it in an hour or two :) [23:07] yeah that woudl be fine [23:07] 5 has the smb fix [23:07] anyway may as well look more closely at that fix while i wait for downloads [23:08] % virsh blockcommit x1 vda --active --pivot --verbose [23:08] error: internal error: unable to execute QEMU command 'block-commit': Could not reopen file: Permission denied [23:08] ii libvirt-bin 1.3.1-1ubuntu6 [23:09] let me destroy and recreate a new one [23:09] not sure when I created that VM [23:09] ok, yeah, we'd need one more little patch, which jdstrand might object to but i dont' think so: [23:09] nope, freshly created, still fails [23:10] hallyn: ok [23:10] add_file_path should use R not r when it sees disk->src->readonly [23:10] jdstrand: is tha tok with you? [23:10] rharper: I'll push a new package t oserge-hallyn/virt in a bit [23:10] with that attempted fix [23:10] rharper: btw did i add you to the libvirt-maintainers team? [23:10] hallyn: sure; just poke me here, I'll check back in a bit [23:10] hallyn: probably not [23:11] drat. it's for access to a libvirt tree which i'd like to be the staging tree to archive packages [23:11] all right thanks will ping you in a bit [23:12] cool [23:13] jdstrand: http://paste.ubuntu.com/15344361 <- i'm going to try that [23:14] hallyn: I'm ok with that assuming that vah_add_file in the version you are patching supports 'R' :) [23:14] * jdstrand wonders if there will be noisy denials now-- the explicit deny rule was for iso images iirc [23:15] I guess we'll see [23:17] jdstrand bleh yeah that rings a bell [23:17] we may then end up needing a more baroque fix, but let's see whether this even works [23:17] besides isos are so 2013 [23:18] jdstrand: ok, pushed to ppa:serge-hallyn/virt; will take 20 mins to build (if it doesn't fail) [23:24] Has anyone here seen this web chat? http://frug.github.io/AJAX-Chat/screenshots.html Is it safe secure and has anyone used it? === mburns is now known as not_mburns === not_mburns is now known as mburns [23:38] rharper: grr, virt aa helper test fails now; i'll have to build locally so i can get details :( [23:38] i'm going to drop off irc a bit while i switch clients === Synthbread is now known as Synthead