[00:24] <teward> sarnold: ping, if you're around
[00:24] <teward> if not i'll catch you sometime tomorrow
[05:09] <NetworkingPro> hey everyone
[05:10] <NetworkingPro> Anyone recommend an easy to install and light weight mail server?
[05:12] <vbotka> NetworkingPro, my choice has always been postfix.
[05:13]  * NetworkingPro googles how to install postfix on ubuntu 14.04
[05:14] <vbotka> https://help.ubuntu.com/community/PostfixBasicSetupHowto
[05:18] <NetworkingPro> thx vbotka
[08:57] <rbasak> kickinz1: do you want to still be in the server team IRC meeting chairing rota? Or shall I remove you?
[08:57] <rbasak> (I'd like to take a swap day tomorrow and you're next on the list)
[08:57] <rbasak> kickinz1: so a second question if you'd like to remain: mind swapping with me tomorrow please? :)
[10:58] <stephank> Is there something holding back EC2 images for 16.04?
[10:58] <stephank> Or is there a discussion, or issue I can subscribe to? :)
[11:50] <wisur> Anyone know when Xenial will be availible as AWS AMI?
[12:06] <rbasak> Odd_Bloke: ^
[12:16] <jayjo> is it possible to use PAM if I have users that don't have passwords. Can I establish passwords for the users without being root?
[12:16] <jayjo> ls -l /etc/shadow
[12:16] <jayjo> sorry!
[12:21] <rbasak> Odd_Bloke: so a few bugs AFAICS. http://cloud-images.ubuntu.com/releases/16.04/release/ still refers to "DEVELOPMENT". https://cloud-images.ubuntu.com/locator/ doesn't list any EC2 images for Xenial.
[12:21] <Odd_Bloke> rbasak: wisur: There are some non-technical blockers on EC2 images for xenial; we'll deliver images there as soon as we can. :)
[12:22] <Odd_Bloke> rbasak: Good spot on the DEVELOPMENT thing; I'll file a bug. :)
[12:22] <rbasak> stephank: ^
[12:23] <rbasak> Odd_Bloke: it might be an idea to file a "Xenial images not available on EC2" bug as well perhaps? Then I can point people asking to that bug, and users can subscribe so they know when it's fixed.
[12:24] <teward> ^ that
[12:24] <teward> i was about to poke and ask if there was such a bug :P
[12:24] <teward> (#ubuntu had this question too)
[12:24] <teward> rodlogic: ^
[12:24] <teward> (crosschannel ping)
[12:26] <linuxmint> Hello, wget is not working. Error: Cannot write to '1WlAUJo’ (Success).
[12:30] <linuxmint> How can I join ##ubuntu. NickServ says channel is invite only.
[12:30] <teward> linuxmint: channel is #ubuntu
[12:30] <teward> not ##ubuntu
[12:30] <teward> linuxmint: but if you're on Mint, you are in the wrong channels
[12:30] <linuxmint> teward: thanks, but /join #ubuntu says I am banned.
[12:31] <linuxmint> Is there a process to correct this?
[12:31] <linuxmint> (it's for my ubuntu machine.
[12:31] <linuxmint> ).
[12:31] <hateball> !ban | linuxmint
[12:31] <linuxmint> Basically, re wget error.
[12:32] <linuxmint> ubuntulog: k, thanks.
[12:32] <linuxmint> not sure what hateball's comment means, sorry?
[12:33] <hateball> I'm not sure what is unclear, " If you think the ban was a mistake, please join #ubuntu-ops "
[12:33] <linuxmint> hateball: thanks, done.
[12:34] <linuxmint> Pretty quiet channel though.
[12:34] <Odd_Bloke> linuxmint: I suspect that 'linuxmint' is a default username on Linux Mint; as #ubuntu is not intended to answer Mint questions, the default user has probably been banned. :)
[12:34] <linuxmint> Odd_Bloke: yes, I suspect that.
[12:35] <linuxmint> I suppose I could ask Mint channel re this wget error: Cannot write to
[12:35] <linuxmint> Eventhough it's on an Ubuntu machine.
[12:36] <rbasak> So one Mint user does something bad, gets banned, and all Mint users can't get on IRC channels by default? That sounds like a crazy default!
[12:36] <teward> rbasak: heh
[12:36] <linuxmint> rbasak: hmm
[12:36] <Odd_Bloke> rbasak: I don't know for sure, but it sounds like a thing that could have happened. :p
[12:36] <jayjo> Is there a way to give a user a password without giving priveleges with that password?
[12:36] <linuxmint> I'll see if I can fix it. I left a message on #ubuntu-ops. Pretty quiet, so might take some time.
[12:36] <Odd_Bloke> jayjo: What do you mean by "priveleges"?
[12:38] <rbasak> linuxmint: change your nick to something less generic maybe? :)
[12:38] <jayjo> not completely sure - I just need the user to have a password for PAM authentication, but I don't wan that password to provide them with any additional priveleges/resources
[12:38] <rbasak> jayjo: ah. You can use PAM to do that, yes.
[12:38] <rbasak> If the thing authenticating uses PAM, your ability to customise that is pretty much entirely the point of PAM.
[12:39] <rbasak> Find a replacement auth module you want to use instead of pam_unix.
[12:39] <jayjo> I just want to make sure if I add a password to an account there is no additional default behavior granted to the user
[12:39] <jayjo> like sudo priveleges etc. just being cautious
[12:39] <rbasak> Oh
[12:40] <jayjo> or it won't allow them to ssh without keys or something like this, will it?
[12:40] <rbasak> If you're worried about that sort of thing, then don't give the user a Unix account at all.
[12:40] <rbasak> For ssh, you can configure ssh to require both a key and PAM if you wish. By default it'll do one or the other.
[12:40] <rbasak> http://www.justgohome.co.uk/blog/2013/07/better-two-factor-ssh-authentication-on-ubuntu.html
[12:40] <Guest93068> rbasak: Hmm, seem to be #ubuntu now with a different username.
[12:44] <Guest93068> test
[12:45] <Guest93068> k1l just banned me from #ubuntu, thinking I'm evading channel rules as Mint user?
[12:45] <teward> Guest93068: then you need to go to #ubuntu-ops
[12:45] <teward> and discuss with them
[12:45] <teward> because that's outside our ability to help
[12:46] <Guest93068> teward: ok. I have tried, but no answer. Guess I'll have to delay the wget install for a few days.
[12:46] <TJ-> Guest93068: read your dpaste; it tells you the problem  "1WlAUJo: Read-only file system"
[13:04] <wisur> Thanks Odd_Bloke :)
[14:08] <rbasak> smoser: I'm planning on taking a swap day tomorrow. After kickinz1 you're next on the list to chair. Do you mind swapping, please?
[14:08] <rbasak> (since I was supposed to chair)
[14:08] <rbasak> The IRC meeting is what I'm talking about. Sorry for the total lack of context!
[14:18] <smoser> rbasak, i suppose you should be allowed to take a day off. but i really think its irresponsible of you. ;)
[14:38] <lynxman> smoser: he's taking a day off? your iron grip is becoming softer? :D
[14:42] <smoser> GET BACK TO WORK LYNXMAN!
[14:42] <lynxman> smoser: yes sir! (he's still got it!)
[14:42]  * patdk-wk_ bets bribes would work
[14:44] <rbasak> smoser: I'll take that as a yes. Thanks :)
[15:25] <ranjibd> hello folks, anyone happens to know when xenial AMI images will be available on AWS ?
[15:32] <rcj> ranjibd, https://lists.ubuntu.com/archives/juju/2016-April/007098.html
[15:35] <jcastro> http://askubuntu.com/questions/761031/ubuntu-server-16-04-installs-on-sdc-but-fails-to-boot
[15:36] <jcastro> any help on this question would be much appreciated!
[15:37] <ranjibd> rcj, thanks. fingers crossed :-)
[17:48] <jayjo> Is there a way to get the contents of a screen buffer to a file?
[17:48] <jayjo> I have a lot of output that I want to capture, but I can't scroll therough the screen manually (with ctrl+a esc)
[17:50] <jayjo> I did hardcopy -h <filename> but it is not the whole file
[17:54] <sarnold> jayjo: looks like there's commands to write the pastebuffer to a file
[17:54] <sarnold> jayjo: and g and G look like they can move to the front and end of the window
[17:59] <rharper> jayjo: I really like byobu for that (shift-F7) opens a new window with the contents of the window scroll buffer
[18:18] <DirtyCajun> im having issues with my ubuntu-vm-builder. its building it properly... but not adding it to my qemu:///system
[18:42] <seven-dev> Hello, I'm having a problem with ssh can someone help me please?
[18:42] <ikonia> why don't you just state your problem
[18:42] <seven-dev> hum ok :P
[18:43] <seven-dev> I was trying to setup an ssh server on ubuntu server and I was having some problems because I thought the service was called sshd.service
[18:44] <seven-dev> and I would enable it and get a weird error saying it failed because the symbolic link has too many erros
[18:44] <seven-dev> errors*
[18:44] <seven-dev> too many levels* sorry
[18:45] <ikonia> seven-dev: what version of ubuntu are you using
[18:45] <seven-dev> 16.04
[18:45] <ikonia> seven-dev: so that comes with ssh installed by default
[18:45] <seven-dev> now I have the service enabled but I can't disable passwordauthentication
[18:45] <ikonia> look in /etc/ssh/sshd_config
[18:46] <seven-dev> does it? I'm pretty sure I didn't select it
[18:46] <seven-dev> i did look at that and changed it
[18:46] <ikonia> it's part of the default build I believe
[18:46] <ikonia> (I could be wrong)
[18:46] <seven-dev> then reloaded the service but it still allows me to connect with a password
[18:46] <seven-dev> maybe it is but I still had that problem :P
[18:47] <maswan> did you remember to remove the leading "#" in "#PasswordAuthentication no"?
[18:47] <seven-dev> yes
[18:47] <seven-dev> oh wait
[18:47] <seven-dev> oh yes i did sorry
[18:48] <seven-dev> (I thought i had put yes, but i did put no)
[18:48] <seven-dev> any idea about what the problem might be?
[18:49] <maswan> That change works for me, but I haven't gotten around to 16.04 on the server side yet
[18:49] <seven-dev> to restart the service I did: sudo service ssh restart
[18:50] <seven-dev> (I'm still trying to understand ubuntu, I come from arch) I also did: service ssh restart, systemctl restart ssh
[18:50] <seven-dev> and the same with sudo and sshd instead, nothing disabled the password
[18:51] <seven-dev> btw another question, do I use service or systemctl to manage services? What's the difference between them?
[18:51] <ikonia> systemctl for systemd
[18:52] <seven-dev> hmm but I have both
[18:52] <ikonia> you don't you have systemd
[18:52] <seven-dev> I think this version of ubuntu doesnt have upstart but service seems to (not) work the same as systemctl
[18:53] <ikonia> there are some legacy system V / upstart scripts that are wrapped in systemd as I recall
[18:53] <sdeziel> service is the generic wrapper that should work for system V/upstart/systemd
[18:53] <seven-dev> oh ok that makes sense ty
[18:54] <sdeziel> seven-dev: can you paste sshd -T?
[18:54] <sarnold> I think upstart is still installed because desktop stuff still uses upstart session management
[18:54] <seven-dev> sdeziel: ok, I just restarted it, 1 sec
[18:54] <sarnold> sdeziel: oh that's cool! thanks
[18:55] <seven-dev> is this the same?: "systemctl status ssh" and "systemctl status sshd"
[18:57] <seven-dev> sdeziel: It says "could not load host key"
[18:57] <sdeziel> seven-dev: on Ubuntu, the service is named "ssh"
[18:57] <sdeziel> seven-dev: you need to run it as root/sudo
[18:57] <seven-dev> yeah, I was just asking because they give me the same output
[18:57] <seven-dev> ah ok sorry
[18:58] <sdeziel> odd, here "systemctl status sshd" gives https://paste.ubuntu.com/16054989/
[18:58] <sarnold> odd, I get same output for both ssh and sshd
[18:59] <sarnold> lets try updating and try again :)
[18:59] <sdeziel> I vaguely remember having both working
[19:00] <tarpman> ssh.service contains Alias=sshd.service
[19:00] <sdeziel> hmm both work on my servers but not on my laptop
[19:00] <seven-dev> sdeziel: https://paste.ubuntu.com/16055009/
[19:02] <seven-dev> oh you think maybe this is happening because I have the server running in root and my user?
[19:02] <seven-dev> not sure if i do, just an idea
[19:04] <seven-dev> eh, didnt work, still allows me to login
[19:04] <seven-dev> with a password
[19:05] <sarnold> so, uh, this is going to show more ignorance than I usually like to show..
[19:05] <seven-dev> tarpman: oh ok so they're the same
[19:05] <sdeziel> seven-dev: I have ChallengeResponseAuthentication set to no here
[19:06] <seven-dev> hm let me try
[19:06] <seven-dev> I did that o purpose
[19:06] <seven-dev> 1 sec
[19:06] <sarnold> when sshd_config has usepam yes -- does sshd then use the /etc/pam.d/sshd file for e.g. password authentication too? mine at least include's common-auth, which uses pam_unix ..
[19:07] <seven-dev> sdeziel: oh ok I think it worked
[19:07] <seven-dev> but why didn't it work before
[19:08] <sdeziel> sarnold answered that ^
[19:08] <seven-dev> what is pam sorry?
[19:08] <sarnold> pluggable authentication modules
[19:09] <sarnold> they let you configure your services to require different kinds of authentication or authorization checks, handle sessions, update passwords, etc..
[19:09] <seven-dev> oh okok
[19:09] <sdeziel> hmm, UsePAM: "Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication."
[19:09] <sarnold> the config files in /etc/pam.d/* are used by services to describe which modules to use, with which parameters, when users log in or change passwords
[19:10] <sdeziel> so it's "either or" which leaves me wondering why you needed to disable both
[19:10] <seven-dev> so if I wanted to setup two step auth I would need a PAM, right?
[19:10] <sdeziel> seven-dev: not required IIRC
[19:10] <sarnold> seven-dev: that's usually how it is done, ye, see the libpam-duo package for one example
[19:11] <seven-dev> uhm
[19:11] <sdeziel> seven-dev: what I do is simply use "AuthenticationMethods publickey,password" and "PasswordAuthentication yes"
[19:11] <sdeziel> this way, no additional lib/configuration is needed but both key and passwords are required
[19:11] <sdeziel> this also has the advantage that you can put it in some Match blocks
[19:11] <sarnold> oo
[19:11] <seven-dev> you can have a key with a password right?
[19:11] <seven-dev> with those settings
[19:12] <sdeziel> seven-dev: the password *on the* key is not considered a 2nd factor
[19:13] <seven-dev> ok found this: https://wiki.archlinux.org/index.php/Secure_Shell#Two-factor_authentication_and_public_keys
[19:13] <seven-dev> sdeziel: Yeah I know I was just checking
[19:13] <sdeziel> http://paste.ubuntu.com/16055152/ => TFA for sudoers
[19:13] <seven-dev> I meant a cellphone key
[19:13] <sdeziel> then libpam-duo is probably a good idea
[19:14] <seven-dev> ok ty
[19:14] <seven-dev> I'll try that later ty :)
[19:14] <sdeziel> you are welcome
[19:38] <DirtyCajun> ok. i have figured out that it just doesnt show until active the first time. which is odd but whawtever. side note. it builds for eth0 but my vm's all get ens# is there a way to specify?
[19:38] <heydrick> http://cloud-images.ubuntu.com/locator/ec2/ is missing Xenial images, where should I report that?
[19:40] <rcj> heydrick, known issue https://lists.ubuntu.com/archives/juju/2016-April/007098.html but we'll get a bug link on that page
[19:41] <sdeziel> DirtyCajun: as a workaround you can pass net.ifnames=0 to the kernel boot command
[19:43] <DirtyCajun> that will only give it an ens0 tho right?
[19:43] <DirtyCajun> it still wont change it to eth0
[19:44] <sdeziel> DirtyCajun: this will prevent the rename from eth0 to ensX
[19:45] <DirtyCajun> oh!. ok. why does it do that btw? i understand the meaningful naming change but its a vm....
[19:45] <sdeziel> those are supposedly stable/predictable names
[19:45] <DirtyCajun> i guess i mean why doesnt ubuntu-vm-builder correct/accomodate for that
[19:45] <showaz> Where can I find a map of all public references to the similarity (SitteMap Tree) http://cloud-images.ubuntu.com/locator/ec2/ and https://people.canonical.com/~ubuntu-security/cve/universe.html ?
[19:46] <sdeziel> but they are quite annoying since your NIC name then depends on the PCI ordering which tends to be changing quite easily with VMs
[19:46] <sdeziel> DirtyCajun: I think that official cloud image use the net.ifnames=0 workaround. Maybe ubuntu-vm-builder could do the same
[19:47] <rcj> sdeziel, cloud images do not use net.ifnames=0, cloud-init is enabled to use the new systemd "predictable network interface names"
[19:47] <sdeziel> rcj: oh, thanks didn't know that
[19:48] <DirtyCajun> i just want to find a way to utelize the predictable name instead of bootlegging it
[19:48] <rcj> sdeziel, we are avoiding turning back to net.ifnames=0. the cloud and server images use the systemd network names in xenial
[19:49] <sdeziel> rcj: I'm glad that cloud-init properly supports this now. It's unfortunately not the case for every packages (LP: #1541678)
[19:50] <rcj> sdeziel, it is unfortunate that the experience isn't 100%, it is a big change.  And net.ifnames=0 can provide temporary relief, I just wouldn't want people to make that a default tuning.
[19:51] <sdeziel> rcj: understood
[19:54] <sdeziel> DirtyCajun: I cannot find a bug report about this on ubuntu-vm-builder. You might want to report it
[19:54] <DirtyCajun> on it.
[19:55] <DirtyCajun> looks like with virtio_net enabled it establishes them as "Names incorporating Firmware/BIOS provided PCI Express hotplug slot index numbers"
[19:56] <DirtyCajun> which give the ens prefix
[20:08] <DirtyCajun> i dont report bugs often... what do i need to add to this
[20:08] <DirtyCajun> https://bugs.launchpad.net/ubuntu/+source/ubuntu-vm-builder/+bug/1574843
[20:09] <rodlogic> Does anyone know how do I create an EC2 AMI from a 'Cloud Image/EC2 tarball' I found in http://cloud-images.ubuntu.com/releases/xenial/release/?
[20:23] <gaughen> rodlogic, We are expecting to have the official cloud image in ec2 later this week - https://lists.ubuntu.com/archives/juju/2016-April/007098.html
[20:24] <gaughen> rodlogic, not sure what was driving your question about creating an ami, but wanted to make sure you knew the official images were coming soon.
[20:24] <rodlogic> gaughen: great! Yes, I was trying to get Xenial into EC2 on my own so your ping is fantastic
[20:25] <rodlogic> I will make do with 14.04 for now and wait until next week
[20:25] <gaughen> awesome rodlogic!
[21:01] <heydrick> radlogic: i've been using the xenial daily AMIs
[21:21] <DirtyCajun> is there a way to name the qcow2 file
[21:22] <DirtyCajun> as opposed to it being named tmprandomcrap.qcow2
[21:45] <blizzow> Is the ubuntu server installer where the loss of UTC timezone selection happened or is that an upstream change in Debian?
[21:47] <jamespage> zul, hallyn. rharper: hey - just had a chat with someone who's trying to use the numa features of openstack with libvirt/kvm
[21:48] <rharper> jamespage: howdy!
[21:48] <jamespage> our packages are building with libnuma-dev (which enabled one numa feature) but not numad, which I think is disabling use of numad to manage CPU placement dynamically
[21:48] <jamespage> rharper, hey!
[21:48] <rharper> numad is not included in ubuntu at this time IIRC
[21:48] <jamespage> erm
[21:48] <rharper> we've discussed whether we should have something like that
[21:49] <rharper> numad is a perl script that calls the page migration code periodically
[21:49] <jamespage> rharper, is in universe...
[21:49] <rharper> it's avail in Fedora
[21:49] <rharper> ah, cool
[21:49] <jamespage> rharper, well I guess this is a little late for 16.04...
[21:49] <jamespage> rharper, I asked him to raise a bug so we can track it...
[21:50] <hallyn> sounds ogod, yeah i see it in universe
[21:50]  * hallyn fetches
[21:50] <rharper> is there an issue with it ?
[21:51]  * hallyn leaves it to sarnold to puke all over it :)
[21:51] <hallyn> not a perl script
[21:51] <rharper> it's "graduated"
[21:51] <hallyn> well at least it graduated to plain c
[21:52] <rharper> c seems like overkill for this
[21:52] <hallyn> 2500 lines
[21:52] <hallyn> i think i agree
[21:53] <hallyn> maybe they did it so they could attach file caps or make it setuid
[21:55] <rharper> jamespage: I'd definitely be interested in the details;  libvirt itself will do the initial placement and confinement w.r.t affininty and cpusets;  numad is about periodically kicking the kernel to do page migration;
[21:55] <jamespage> rharper, ok lets see what he shows up with for things that don't work without numad
[21:55] <rharper> yeah, can't think of what would block numad from working
[21:56] <rharper> it;'s sorta process agnostic
[21:56] <hallyn> wonder how much overhead it introduces
[21:56] <rharper> which part
[21:56] <rharper> numad or page migration
[21:56] <hallyn> numad
[21:56] <hallyn> running with -i 15
[21:57] <rharper> the real question (which always comes up) is why isn;'t the existing in-kernel page migration code good enough
[21:57] <hallyn> good q
[21:57] <rharper> in addition to strategies (process migration vs. page migration to process)
[21:57] <hallyn> really based on the name i'd have expected this to be like the balancing thread in lxd,
[21:57] <rharper> and the impact on things like THP
[21:57] <hallyn> which re-balances contianers based on their limits as cpus are hotplugged
[21:57] <hallyn> but i guess not
[21:57] <rharper> and the heuristics on knowing how long and where the processes will run
[21:58] <rharper> looking at the code; they have rudimentary "Detection" of kvm processes with notes that things like io-threads may confuse it
[21:58] <hallyn> yeah, i don't see this passing MIR muster
[21:58] <DirtyCajun> i havent found even the slightest anything on the webz about the naming of the qcow2 file thats created.
[21:58] <hallyn>     // FIXME: someday figure out some better way to do this...
[21:58] <rharper> right
[21:59] <hallyn> all right, let's see waht kind of justification they come up with :)  thx
[22:00] <rharper> numad also provides a pre-placement advice service that can be queried by various job
[22:00] <rharper> management systems to provide assistance with the initial binding of CPU and memory resources for
[22:00] <rharper> their processes. This pre-placement advice is available regardless of whether numad is running as
[22:00] <rharper> an executable or a service
[22:00] <rharper> that looks like what openstack might be interested in
[22:00] <jamespage> hallyn, rharper; tbh this may be a red-herring
[22:00] <rharper> jamespage: ^^
[22:00] <rharper> if the "nova scheduler" is asking for some numa data via numad
[22:00] <jamespage> rharper, hmm - looking
[22:00] <rharper> but not clear to me how we build qemu would affect this
[22:01] <rharper> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/Performance_Tuning_Guide/Red_Hat_Enterprise_Linux-7-Performance_Tuning_Guide-en-US.pdf
[22:01] <rharper> jamespage: quote from that document
[22:01] <sarnold> gah I thought I gave feedback already on terrible user-space "kick the kernel to migrate pages" crap
[22:01] <jamespage> rharper, so numad appears to be used when the 'auto' value is provide in the xml for numa placement
[22:01] <rharper> but that's never worked for us ?
[22:01] <jamespage> rharper, I can't find use of that in the nova codebase
[22:01] <rharper> or folk have been adding it on ?
[22:01] <sarnold> if the kernel isn't doing migration enough/correctely etc it'd be far better to file kernel bugs and get it _fixed_
[22:02] <rharper> jamespage: then indirectly via libvirt calls ?
[22:02] <hallyn> sarnold: :)
[22:02] <jamespage> rharper, so i suspect this might be a ERRENDUSER but lets see
[22:02] <rharper> sarnold: indeed
[22:02] <hallyn> exactly what rharper was saying earlier
[22:02] <rharper> it's a tricky beast
[22:04] <jamespage> rharper, hallyn: suggest we wait for the bug and see
[22:04] <hallyn> yup
[22:05] <rharper> jamespage: cool
[22:51] <Edgan> Are we not getting AMIs still 16.04.1?
[22:52] <teward> Edgan: patience
[22:52] <teward> they'll be ready as soon as they will be ready
[22:52] <teward> no sooner (sorry, no timelines)
[22:53] <Edgan> teward: I am advanced enough to make my own. I guess I should then.