=== GeekMan1222 is now known as MathExamMan_RIP [00:24] sarnold: ping, if you're around [00:24] if not i'll catch you sometime tomorrow === chuck__ is now known as zul [05:09] hey everyone [05:10] Anyone recommend an easy to install and light weight mail server? [05:12] NetworkingPro, my choice has always been postfix. [05:13] * NetworkingPro googles how to install postfix on ubuntu 14.04 [05:14] https://help.ubuntu.com/community/PostfixBasicSetupHowto [05:18] thx vbotka [08:57] kickinz1: do you want to still be in the server team IRC meeting chairing rota? Or shall I remove you? [08:57] (I'd like to take a swap day tomorrow and you're next on the list) [08:57] kickinz1: so a second question if you'd like to remain: mind swapping with me tomorrow please? :) === athairus is now known as afkthairus [10:58] Is there something holding back EC2 images for 16.04? [10:58] Or is there a discussion, or issue I can subscribe to? :) === bearface is now known as beardface === beardface is now known as beardface_ === beardface_ is now known as beardface [11:50] Anyone know when Xenial will be availible as AWS AMI? [12:06] Odd_Bloke: ^ [12:16] is it possible to use PAM if I have users that don't have passwords. Can I establish passwords for the users without being root? [12:16] ls -l /etc/shadow [12:16] sorry! [12:21] Odd_Bloke: so a few bugs AFAICS. http://cloud-images.ubuntu.com/releases/16.04/release/ still refers to "DEVELOPMENT". https://cloud-images.ubuntu.com/locator/ doesn't list any EC2 images for Xenial. [12:21] rbasak: wisur: There are some non-technical blockers on EC2 images for xenial; we'll deliver images there as soon as we can. :) [12:22] rbasak: Good spot on the DEVELOPMENT thing; I'll file a bug. :) [12:22] stephank: ^ [12:23] Odd_Bloke: it might be an idea to file a "Xenial images not available on EC2" bug as well perhaps? Then I can point people asking to that bug, and users can subscribe so they know when it's fixed. [12:24] ^ that [12:24] i was about to poke and ask if there was such a bug :P [12:24] (#ubuntu had this question too) [12:24] rodlogic: ^ [12:24] (crosschannel ping) [12:26] Hello, wget is not working. Error: Cannot write to '1WlAUJo’ (Success). [12:30] How can I join ##ubuntu. NickServ says channel is invite only. [12:30] linuxmint: channel is #ubuntu [12:30] not ##ubuntu [12:30] linuxmint: but if you're on Mint, you are in the wrong channels [12:30] teward: thanks, but /join #ubuntu says I am banned. [12:31] Is there a process to correct this? [12:31] (it's for my ubuntu machine. [12:31] ). [12:31] !ban | linuxmint [12:31] linuxmint: If you have been banned it is probably because you have not gone along with what is acceptable !behaviour. If you're not sure what acceptable !behaviour is please see http://wiki.ubuntu.com/IRC/Guidelines - If you think the ban was a mistake, please join #ubuntu-ops [12:31] Basically, re wget error. [12:32] ubuntulog: k, thanks. [12:32] not sure what hateball's comment means, sorry? [12:33] I'm not sure what is unclear, " If you think the ban was a mistake, please join #ubuntu-ops " [12:33] hateball: thanks, done. [12:34] Pretty quiet channel though. [12:34] linuxmint: I suspect that 'linuxmint' is a default username on Linux Mint; as #ubuntu is not intended to answer Mint questions, the default user has probably been banned. :) [12:34] Odd_Bloke: yes, I suspect that. [12:35] I suppose I could ask Mint channel re this wget error: Cannot write to [12:35] Eventhough it's on an Ubuntu machine. [12:36] So one Mint user does something bad, gets banned, and all Mint users can't get on IRC channels by default? That sounds like a crazy default! [12:36] rbasak: heh [12:36] rbasak: hmm [12:36] rbasak: I don't know for sure, but it sounds like a thing that could have happened. :p [12:36] Is there a way to give a user a password without giving priveleges with that password? [12:36] I'll see if I can fix it. I left a message on #ubuntu-ops. Pretty quiet, so might take some time. [12:36] jayjo: What do you mean by "priveleges"? [12:38] linuxmint: change your nick to something less generic maybe? :) [12:38] not completely sure - I just need the user to have a password for PAM authentication, but I don't wan that password to provide them with any additional priveleges/resources [12:38] jayjo: ah. You can use PAM to do that, yes. [12:38] If the thing authenticating uses PAM, your ability to customise that is pretty much entirely the point of PAM. [12:39] Find a replacement auth module you want to use instead of pam_unix. [12:39] I just want to make sure if I add a password to an account there is no additional default behavior granted to the user [12:39] like sudo priveleges etc. just being cautious [12:39] Oh [12:40] or it won't allow them to ssh without keys or something like this, will it? [12:40] If you're worried about that sort of thing, then don't give the user a Unix account at all. === ubuntu is now known as Guest93068 [12:40] For ssh, you can configure ssh to require both a key and PAM if you wish. By default it'll do one or the other. [12:40] http://www.justgohome.co.uk/blog/2013/07/better-two-factor-ssh-authentication-on-ubuntu.html [12:40] rbasak: Hmm, seem to be #ubuntu now with a different username. === kickinz1_ is now known as kickinz1 [12:44] test [12:45] k1l just banned me from #ubuntu, thinking I'm evading channel rules as Mint user? [12:45] Guest93068: then you need to go to #ubuntu-ops [12:45] and discuss with them [12:45] because that's outside our ability to help [12:46] teward: ok. I have tried, but no answer. Guess I'll have to delay the wget install for a few days. [12:46] Guest93068: read your dpaste; it tells you the problem "1WlAUJo: Read-only file system" === devil is now known as Guest27374 === Guest27374 is now known as devil_ [13:04] Thanks Odd_Bloke :) [14:08] smoser: I'm planning on taking a swap day tomorrow. After kickinz1 you're next on the list to chair. Do you mind swapping, please? [14:08] (since I was supposed to chair) [14:08] The IRC meeting is what I'm talking about. Sorry for the total lack of context! === jgrimm-afk is now known as jgrimm [14:18] rbasak, i suppose you should be allowed to take a day off. but i really think its irresponsible of you. ;) [14:38] smoser: he's taking a day off? your iron grip is becoming softer? :D [14:42] GET BACK TO WORK LYNXMAN! [14:42] smoser: yes sir! (he's still got it!) [14:42] * patdk-wk_ bets bribes would work [14:44] smoser: I'll take that as a yes. Thanks :) [15:25] hello folks, anyone happens to know when xenial AMI images will be available on AWS ? [15:32] ranjibd, https://lists.ubuntu.com/archives/juju/2016-April/007098.html [15:35] http://askubuntu.com/questions/761031/ubuntu-server-16-04-installs-on-sdc-but-fails-to-boot [15:36] any help on this question would be much appreciated! [15:37] rcj, thanks. fingers crossed :-) === nodoubleg is now known as nodoubleg-lunch === Karunamon|2 is now known as Karunamon === Executioner` is now known as Executioner [17:48] Is there a way to get the contents of a screen buffer to a file? [17:48] I have a lot of output that I want to capture, but I can't scroll therough the screen manually (with ctrl+a esc) [17:50] I did hardcopy -h but it is not the whole file [17:54] jayjo: looks like there's commands to write the pastebuffer to a file [17:54] jayjo: and g and G look like they can move to the front and end of the window [17:59] jayjo: I really like byobu for that (shift-F7) opens a new window with the contents of the window scroll buffer [18:18] im having issues with my ubuntu-vm-builder. its building it properly... but not adding it to my qemu:///system [18:42] Hello, I'm having a problem with ssh can someone help me please? [18:42] why don't you just state your problem [18:42] hum ok :P [18:43] I was trying to setup an ssh server on ubuntu server and I was having some problems because I thought the service was called sshd.service [18:44] and I would enable it and get a weird error saying it failed because the symbolic link has too many erros [18:44] errors* [18:44] too many levels* sorry [18:45] seven-dev: what version of ubuntu are you using [18:45] 16.04 [18:45] seven-dev: so that comes with ssh installed by default [18:45] now I have the service enabled but I can't disable passwordauthentication [18:45] look in /etc/ssh/sshd_config [18:46] does it? I'm pretty sure I didn't select it [18:46] i did look at that and changed it [18:46] it's part of the default build I believe [18:46] (I could be wrong) [18:46] then reloaded the service but it still allows me to connect with a password [18:46] maybe it is but I still had that problem :P [18:47] did you remember to remove the leading "#" in "#PasswordAuthentication no"? [18:47] yes [18:47] oh wait [18:47] oh yes i did sorry [18:48] (I thought i had put yes, but i did put no) [18:48] any idea about what the problem might be? [18:49] That change works for me, but I haven't gotten around to 16.04 on the server side yet [18:49] to restart the service I did: sudo service ssh restart [18:50] (I'm still trying to understand ubuntu, I come from arch) I also did: service ssh restart, systemctl restart ssh [18:50] and the same with sudo and sshd instead, nothing disabled the password [18:51] btw another question, do I use service or systemctl to manage services? What's the difference between them? [18:51] systemctl for systemd [18:52] hmm but I have both [18:52] you don't you have systemd [18:52] I think this version of ubuntu doesnt have upstart but service seems to (not) work the same as systemctl [18:53] there are some legacy system V / upstart scripts that are wrapped in systemd as I recall [18:53] service is the generic wrapper that should work for system V/upstart/systemd [18:53] oh ok that makes sense ty [18:54] seven-dev: can you paste sshd -T? [18:54] I think upstart is still installed because desktop stuff still uses upstart session management [18:54] sdeziel: ok, I just restarted it, 1 sec [18:54] sdeziel: oh that's cool! thanks [18:55] is this the same?: "systemctl status ssh" and "systemctl status sshd" [18:57] sdeziel: It says "could not load host key" [18:57] seven-dev: on Ubuntu, the service is named "ssh" [18:57] seven-dev: you need to run it as root/sudo [18:57] yeah, I was just asking because they give me the same output [18:57] ah ok sorry [18:58] odd, here "systemctl status sshd" gives https://paste.ubuntu.com/16054989/ [18:58] odd, I get same output for both ssh and sshd [18:59] lets try updating and try again :) [18:59] I vaguely remember having both working [19:00] ssh.service contains Alias=sshd.service [19:00] hmm both work on my servers but not on my laptop [19:00] sdeziel: https://paste.ubuntu.com/16055009/ [19:02] oh you think maybe this is happening because I have the server running in root and my user? [19:02] not sure if i do, just an idea [19:04] eh, didnt work, still allows me to login [19:04] with a password [19:05] so, uh, this is going to show more ignorance than I usually like to show.. [19:05] tarpman: oh ok so they're the same [19:05] seven-dev: I have ChallengeResponseAuthentication set to no here [19:06] hm let me try [19:06] I did that o purpose [19:06] 1 sec [19:06] when sshd_config has usepam yes -- does sshd then use the /etc/pam.d/sshd file for e.g. password authentication too? mine at least include's common-auth, which uses pam_unix .. [19:07] sdeziel: oh ok I think it worked [19:07] but why didn't it work before [19:08] sarnold answered that ^ [19:08] what is pam sorry? [19:08] pluggable authentication modules [19:09] they let you configure your services to require different kinds of authentication or authorization checks, handle sessions, update passwords, etc.. [19:09] oh okok [19:09] hmm, UsePAM: "Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication." [19:09] the config files in /etc/pam.d/* are used by services to describe which modules to use, with which parameters, when users log in or change passwords [19:10] so it's "either or" which leaves me wondering why you needed to disable both [19:10] so if I wanted to setup two step auth I would need a PAM, right? [19:10] seven-dev: not required IIRC [19:10] seven-dev: that's usually how it is done, ye, see the libpam-duo package for one example [19:11] uhm [19:11] seven-dev: what I do is simply use "AuthenticationMethods publickey,password" and "PasswordAuthentication yes" [19:11] this way, no additional lib/configuration is needed but both key and passwords are required [19:11] this also has the advantage that you can put it in some Match blocks [19:11] oo [19:11] you can have a key with a password right? [19:11] with those settings [19:12] seven-dev: the password *on the* key is not considered a 2nd factor [19:13] ok found this: https://wiki.archlinux.org/index.php/Secure_Shell#Two-factor_authentication_and_public_keys [19:13] sdeziel: Yeah I know I was just checking [19:13] http://paste.ubuntu.com/16055152/ => TFA for sudoers [19:13] I meant a cellphone key [19:13] then libpam-duo is probably a good idea [19:14] ok ty [19:14] I'll try that later ty :) [19:14] you are welcome === afkthairus is now known as athairus [19:38] ok. i have figured out that it just doesnt show until active the first time. which is odd but whawtever. side note. it builds for eth0 but my vm's all get ens# is there a way to specify? [19:38] http://cloud-images.ubuntu.com/locator/ec2/ is missing Xenial images, where should I report that? [19:40] heydrick, known issue https://lists.ubuntu.com/archives/juju/2016-April/007098.html but we'll get a bug link on that page [19:41] DirtyCajun: as a workaround you can pass net.ifnames=0 to the kernel boot command === nodoubleg-lunch is now known as nodoubleg [19:43] that will only give it an ens0 tho right? [19:43] it still wont change it to eth0 [19:44] DirtyCajun: this will prevent the rename from eth0 to ensX [19:45] oh!. ok. why does it do that btw? i understand the meaningful naming change but its a vm.... [19:45] those are supposedly stable/predictable names [19:45] i guess i mean why doesnt ubuntu-vm-builder correct/accomodate for that [19:45] Where can I find a map of all public references to the similarity (SitteMap Tree) http://cloud-images.ubuntu.com/locator/ec2/ and https://people.canonical.com/~ubuntu-security/cve/universe.html ? [19:46] but they are quite annoying since your NIC name then depends on the PCI ordering which tends to be changing quite easily with VMs [19:46] DirtyCajun: I think that official cloud image use the net.ifnames=0 workaround. Maybe ubuntu-vm-builder could do the same [19:47] sdeziel, cloud images do not use net.ifnames=0, cloud-init is enabled to use the new systemd "predictable network interface names" [19:47] rcj: oh, thanks didn't know that [19:48] i just want to find a way to utelize the predictable name instead of bootlegging it [19:48] sdeziel, we are avoiding turning back to net.ifnames=0. the cloud and server images use the systemd network names in xenial [19:49] rcj: I'm glad that cloud-init properly supports this now. It's unfortunately not the case for every packages (LP: #1541678) [19:49] Launchpad bug 1541678 in vlan (Ubuntu) "if-post-down.d/vlan and if-pre-up.d/vlan should support en* interfaces" [High,Confirmed] https://launchpad.net/bugs/1541678 [19:50] sdeziel, it is unfortunate that the experience isn't 100%, it is a big change. And net.ifnames=0 can provide temporary relief, I just wouldn't want people to make that a default tuning. [19:51] rcj: understood [19:54] DirtyCajun: I cannot find a bug report about this on ubuntu-vm-builder. You might want to report it [19:54] on it. [19:55] looks like with virtio_net enabled it establishes them as "Names incorporating Firmware/BIOS provided PCI Express hotplug slot index numbers" [19:56] which give the ens prefix [20:08] i dont report bugs often... what do i need to add to this [20:08] https://bugs.launchpad.net/ubuntu/+source/ubuntu-vm-builder/+bug/1574843 [20:08] Launchpad bug 1574843 in ubuntu-vm-builder (Ubuntu) "Ubuntu-VM-Builder Doesnt accomodate for Meaningful Naming" [Undecided,New] [20:09] Does anyone know how do I create an EC2 AMI from a 'Cloud Image/EC2 tarball' I found in http://cloud-images.ubuntu.com/releases/xenial/release/? [20:23] rodlogic, We are expecting to have the official cloud image in ec2 later this week - https://lists.ubuntu.com/archives/juju/2016-April/007098.html [20:24] rodlogic, not sure what was driving your question about creating an ami, but wanted to make sure you knew the official images were coming soon. [20:24] gaughen: great! Yes, I was trying to get Xenial into EC2 on my own so your ping is fantastic [20:25] I will make do with 14.04 for now and wait until next week [20:25] awesome rodlogic! [21:01] radlogic: i've been using the xenial daily AMIs [21:21] is there a way to name the qcow2 file [21:22] as opposed to it being named tmprandomcrap.qcow2 [21:45] Is the ubuntu server installer where the loss of UTC timezone selection happened or is that an upstream change in Debian? [21:47] zul, hallyn. rharper: hey - just had a chat with someone who's trying to use the numa features of openstack with libvirt/kvm [21:48] jamespage: howdy! [21:48] our packages are building with libnuma-dev (which enabled one numa feature) but not numad, which I think is disabling use of numad to manage CPU placement dynamically [21:48] rharper, hey! [21:48] numad is not included in ubuntu at this time IIRC [21:48] erm [21:48] we've discussed whether we should have something like that [21:49] numad is a perl script that calls the page migration code periodically [21:49] rharper, is in universe... [21:49] it's avail in Fedora [21:49] ah, cool [21:49] rharper, well I guess this is a little late for 16.04... [21:49] rharper, I asked him to raise a bug so we can track it... [21:50] sounds ogod, yeah i see it in universe [21:50] * hallyn fetches [21:50] is there an issue with it ? [21:51] * hallyn leaves it to sarnold to puke all over it :) [21:51] not a perl script [21:51] it's "graduated" [21:51] well at least it graduated to plain c [21:52] c seems like overkill for this [21:52] 2500 lines [21:52] i think i agree [21:53] maybe they did it so they could attach file caps or make it setuid [21:55] jamespage: I'd definitely be interested in the details; libvirt itself will do the initial placement and confinement w.r.t affininty and cpusets; numad is about periodically kicking the kernel to do page migration; [21:55] rharper, ok lets see what he shows up with for things that don't work without numad [21:55] yeah, can't think of what would block numad from working [21:56] it;'s sorta process agnostic [21:56] wonder how much overhead it introduces [21:56] which part [21:56] numad or page migration [21:56] numad [21:56] running with -i 15 [21:57] the real question (which always comes up) is why isn;'t the existing in-kernel page migration code good enough [21:57] good q [21:57] in addition to strategies (process migration vs. page migration to process) [21:57] really based on the name i'd have expected this to be like the balancing thread in lxd, [21:57] and the impact on things like THP [21:57] which re-balances contianers based on their limits as cpus are hotplugged [21:57] but i guess not [21:57] and the heuristics on knowing how long and where the processes will run [21:58] looking at the code; they have rudimentary "Detection" of kvm processes with notes that things like io-threads may confuse it [21:58] yeah, i don't see this passing MIR muster [21:58] i havent found even the slightest anything on the webz about the naming of the qcow2 file thats created. [21:58] // FIXME: someday figure out some better way to do this... [21:58] right [21:59] all right, let's see waht kind of justification they come up with :) thx [22:00] numad also provides a pre-placement advice service that can be queried by various job [22:00] management systems to provide assistance with the initial binding of CPU and memory resources for [22:00] their processes. This pre-placement advice is available regardless of whether numad is running as [22:00] an executable or a service [22:00] that looks like what openstack might be interested in [22:00] hallyn, rharper; tbh this may be a red-herring [22:00] jamespage: ^^ [22:00] if the "nova scheduler" is asking for some numa data via numad [22:00] rharper, hmm - looking [22:00] but not clear to me how we build qemu would affect this [22:01] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Performance_Tuning_Guide/Red_Hat_Enterprise_Linux-7-Performance_Tuning_Guide-en-US.pdf [22:01] jamespage: quote from that document [22:01] gah I thought I gave feedback already on terrible user-space "kick the kernel to migrate pages" crap [22:01] rharper, so numad appears to be used when the 'auto' value is provide in the xml for numa placement [22:01] but that's never worked for us ? [22:01] rharper, I can't find use of that in the nova codebase [22:01] or folk have been adding it on ? [22:01] if the kernel isn't doing migration enough/correctely etc it'd be far better to file kernel bugs and get it _fixed_ [22:02] jamespage: then indirectly via libvirt calls ? [22:02] sarnold: :) [22:02] rharper, so i suspect this might be a ERRENDUSER but lets see [22:02] sarnold: indeed [22:02] exactly what rharper was saying earlier [22:02] it's a tricky beast [22:04] rharper, hallyn: suggest we wait for the bug and see [22:04] yup [22:05] jamespage: cool [22:51] Are we not getting AMIs still 16.04.1? [22:52] Edgan: patience [22:52] they'll be ready as soon as they will be ready [22:52] no sooner (sorry, no timelines) [22:53] teward: I am advanced enough to make my own. I guess I should then.