/srv/irclogs.ubuntu.com/2016/05/27/#ubuntu-server.txt

=== JanC is now known as Guest50625
=== JanC_ is now known as JanC
=== Vertel_ is now known as Vertel
VertelI believe I've found a bug in ufw. Where do I go to report it?05:40
VertelNot a serious one, just a that-seems-wrong UI thing.05:40
sarnoldubuntu-bug ufw should Do The Right Thing05:42
VertelSpecifically, if I try to run "ufw insert 1 deny from [ipaddress] to any" with an empty ufw ruleset, it fails with "Invalid position '1'". My cloud host is firewalling ports, so I'm configuring this to only block IP addresses through fail2ban and ipset, hence why the ruleset is empty; unless those programs populate it, it's intended to be.05:44
VertelThat behaviour seem like a bug to you, failing to insert into rule 1 if there's no rules?05:45
VertelBut succeeding if I add even a dummy rule.05:45
sarnoldyeah a quick skim of the manpage makes think that's a bug :)05:46
VertelCool beans.05:46
Vertel(I think this situation was overlooked mostly because you wouldn't normally expect the ruleset to be empty with a default policy of allow; in my specific situation it's safe and secure, but as a rule...)05:47
jatin30I am getting this error can someone help please http://imgur.com/w4DQvav ?06:36
Seveasjatin30: you're pasting random crap in your terminal, that ain't gonna work06:37
jatin30Seveas: I was trying to set password for my root for mysql06:38
SeveasI can see that. But instead of pasting random trminal output from somewhere, try understanding what you're doing :)06:41
Seveas'cause on line 1 you already see that you don't have access to do this06:41
Seveasand all the other lines would have failed anyway, as they include the mysql prompt...06:42
sarnoldjatin30: try: sudo mysql -u root -- and see if that gets you the mysql> prompt ..06:45
jatin30sanold: no its not working06:46
jatin30sarnold: no its not working06:46
sarnoldjatin30: what error message do you get?06:47
jatin30ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)06:48
sarnoldhmm, I thought user root via unix sockets were allowed in without password06:49
madwizarddasjoe: Nope. Thanks07:00
madwizarddasjoe: Gonna be checking this out07:04
jklareHi, i am working in the openstack-chef team and we are deploying mitaka on trusty. I want to add gnocchi to the integration test setup on jenkins for trusty, but i realised that the "gnocchi-api" and "gnocchi-metricd" package seems to be only available for the mitaka release on xenial. Any chance it will be ported to the cloud-archive for trusty? @jamespage08:02
jamespagejklare, hey08:31
jklarejamespage hi :)08:31
jamespagelemme check - we had alot of issues with dependencies for gnocchi and it got dropped from the UCA for trusty as a result08:31
jamespagejklare, it might need to wait until coreycb shows up - I know he has more context as to why its not in08:33
jklarejamespage ok, thanks08:33
=== athairus is now known as afkthairus
=== _degorenko|afk is now known as degorenko
=== trochej is now known as madwizard
jamespagecoreycb, hmm pre mile beta versioning is confusing charms when deploying newton11:01
jamespagethe config-changed  hook things there is an upgrade avliable and tries todo it...11:02
jamespageas the versions are still mitaka major version aligned right now11:02
coreycbjamespage, jklare: I forget what the issues were with backporting gnocchi.  I'm trying a build again on trusty to see.11:46
jklarecoreycb cool, thanks11:46
coreycbjklare, np11:46
coreycbjamespage, is it the shapshot package versions that are forcing an upgrade?11:47
mdeslaurnacc: are you working on the php7.0 merge?12:16
SeanShey all, Im setting up an openstack lab in LXD containers, host and containers are all running 16.04. Im running into an apparmor issue. 'ip netns add test' in the controller container returns 'mount --make-shared /var/run/netns failed: Permission denied'12:31
SeanSdmesg shows "[645048.140027] audit: type=1400 audit(1464352113.453:7943): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxd-controller_</var/lib/lxd>" name="/run/netns/" pid=5107 comm="ip" flags="rw, rshared""12:31
jamespagecoreycb, yes - the newton ones currently look like mitaka versions12:48
jamespagebut the PPA say newton12:48
jamespagecoreycb, I could fix this in the configuration file that generates the jobs...12:48
jamespageits possible to override the version generated from pbr12:48
coreycbjamespage, either that or perhaps we could detect dev versions in the charms13:02
jamespagecoreycb, I think we can do something in the configs for the builds - trying now13:05
jamespagecoreycb, ok - I've massaged the config file for newton to inject X.X.X.0a1 versions - we can switch back to automatic versioning once upstream tag the first beta's13:15
coreycbjamespage, ok, thanks13:22
sschirrxqHello, i am trying to setup a mdadm software raid as a luks device on top of it. i am using a keyfile and added the device in the crypttab and fstab. the problem is that the luks device is not opened during boot. after the boot completed i can open the luks device and mount the filesystem. can anyone help me?13:27
sschirrxqmaybe the raid is not loaded before luks opens the device...13:28
=== bladernr` is now known as bladernr
yossarianukhi - is there an easy way of shrinking an LVM PV partition within a QCOW2 image ?14:43
patdk-wkdefine easy?14:45
yossarianukprefereably using one of the libguestfs / qemu tools ?14:47
yossarianukor lvm tools / gparted, etc14:47
yossarianukim aware how to grow them using virt-resize - i.e to expand partition, lvm lv and fs in one command14:48
yossarianuk(something vmware/vbox cannot do..)14:48
patdk-wkit will be a whole chain of commands14:58
patdk-wkwith a high probability of failure14:58
patdk-wkand I dunno why you claim vmware cannot do it14:59
coreycbjamespage, nova 1:2014.1.5-0ubuntu1.5~cloud0 is ready to promote to trusty-proposed14:59
patdk-wkI do it all the time growing and shrinking in vmware14:59
coreycbjamespage, to icehouse-proposed14:59
yossarianukpatdk-wk: I mean the ability to resize a disk image/partition + LVM partition + the filesystem in one command14:59
patdk-wkI don't see how that is possible in one command using qcow2, but heh15:00
patdk-wkI don't use kvm though15:00
patdk-wkand I don't use lvm at all15:00
yossarianukpatdk-wk: also say you wanted to reize a disk image - but just expand /dev/sda1  (when other partitons exist)15:01
yossarianukin vmware that is hassle15:01
yossarianukyou would likely use fdisk/gdisk/kpartx , etc15:01
yossarianukkvm = virt-resize15:01
patdk-wkkvm doesn't even know what a disk is :)15:02
patdk-wkthat is a qemu thing15:02
yossarianuksure15:02
yossarianukits libguestfs-tools that does the 'majic' though15:02
yossarianuk*magic*15:02
patdk-wkyes, I know nothing about libguestfs-tools, you can keep talking about it to me, but heh, I have never used it, and have no plans to ever use it15:03
patdk-wkif it does it in one step nice, dunno how it can really do that though, guess your vm has to be powered off to do that, and I don't power off my vm's15:04
patdk-wkand dunno what kpartx has to do with resizing partitions15:04
yossarianukyes it has to be powered off...15:04
patdk-wkall my resizes are online operations15:05
yossarianuki.e say you wanted to just expand /dev/sda1 here is the command (just for interest) -> virt-resize --expand /dev/sda2 --LV-expand /dev/vg_guest/lv_root  olddisk newdisk15:05
yossarianuk(sorry sda2 in that example)15:05
patdk-wkya, I don't care :)15:05
patdk-wkI am not going to do it15:06
patdk-wkI can only give you the *hard way*15:06
yossarianukI know, I use vmware also (at work) there are no tools as flexible ...15:06
yossarianukvmware is more like windows..... kvm moree like linux15:06
nacc_mdeslaur: LP: #1586425 filed15:07
ubottuLaunchpad bug 1586425 in php7.0 (Ubuntu) "Sync php7.0 7.0.7-1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/158642515:07
=== nacc_ is now known as nacc
mdeslaurnacc: ah, cool15:08
naccmdeslaur: thank you for the ping, though! i'm just starting to catch up on my yakkety work :)15:11
mdeslaurnacc: I fixed the test suite on build in the xenial package15:12
mdeslaurnacc: once it's synced to yakkety, I'll add it and send it to debian15:12
naccmdeslaur: oh nice!15:12
coreycbddellav, this is what's failing for keystone: http://paste.ubuntu.com/16733690/15:28
ddellavcoreycb i was just looking at that, that's weird. What do you think is causing that?15:29
coreycbddellav, I'm not sure yet, the last successful build, if you scroll through the past jenkins jobs was against commit faa79c8e183a6d8383c8e34ca737aa20fc3cf69315:30
coreycbddellav, commit faa79c8e183a6d8383c8e34ca737aa20fc3cf693 changed up some config files15:32
ddellavcoreycb hmm, ok. I guess d/rules needs some tweaks15:33
coreycbddellav, you may just need to change the paths in debian/keystone.install based on the error messages15:34
ddellavcoreycb ok, i'll take a look at that as well15:35
coreycbjklare, I'm not having any luck with gnocchi backport to trusty-mitaka.15:37
coreycbjklare, tests are causing carbonara to run out of threads.  trusty python packages build on i386 only whereas xenial are on amd64, so that may be why this surfaces.  I'll open a bug upstream about it.15:41
coreycbjklare, jamespage, bug 158644315:50
ubottubug 1586443 in Gnocchi "i386 tests exhaust threads" [Undecided,New] https://launchpad.net/bugs/158644315:50
=== terje is now known as Guest90680
synchronetgnu lib c regression?16:50
synchronetSo I have to reboot my servers gain?16:50
synchronetubuntu updates and reboot needs are getting daft16:51
dasjoeHere, you'll probably like this: <°(((><16:54
synchronetdasjoe:  how you know that?  :)16:55
dasjoeTrolls like fish!16:55
synchronetlol16:55
synchronetI thought you were very clever for a moment16:56
naccsynchronet: i appreciate your frustration, but a) there are many versions of ubuntu currently supported, so if you are asking for help, it helps to specify which version you are referring to; b) you are welcome to do whatever you want, if you would rather be insecure and not process updates, you can deal with the fallout of that; c) you've mostly just ranted in this channel for the past few days,16:57
naccthat's neither a discussion nor a support, so I would consider it offtopic (#ubuntu-offtopic)16:57
synchronetdasjoe: moaning because of a very relevant problem is not trolling16:57
synchronetnacc: all I can do is rant?16:58
synchronettrying to run a server business using Ubuntu is very trying16:58
naccsynchronet: if that is all you can do, please do it in #ubuntu-offtopic16:58
synchronetok16:58
synchronetif you dont complain you dont get anywhere16:59
synchronetand nothing changes16:59
naccsynchronet: if you would like to file a bug, please consider doing that. But I believe so far your complaint is "there are too many updates to Ubuntu", which is nonsensical to me.17:00
synchronetfile a bug, I just want something that works out of the box17:00
naccsynchronet: was something broken or not working for you?17:00
synchronetbugs are you devs end17:00
naccsynchronet: you have yet to mention any such problems17:00
synchronetupdates and reboots17:01
synchronettwice this week17:01
naccsynchronet: those are neither broken nor bugs.17:01
dasjoe16.04 was not affected by the libc regressions17:03
sdezielsynchronet: if you find those frequent updates/reboot disruptive, feel free to delay them a bit and apply them in batch at a convenient time17:03
synchronetsdeziel: they are security updayes17:03
synchronetupdayes17:03
synchronetupdates17:03
sdezielsynchronet: yes so that's why I apply them ASAP but you don't seem to like that so I'm proposing alternatives17:04
synchronetsdeziel: respect if you part of the security team17:04
sdezielsynchronet: I'm not17:04
synchronetah17:04
=== Guest90680 is now known as terje
synchronetthings are getting more and more complicated I know17:06
sdezielsynchronet: re the libc regression. As far as I understand the regression fix (http://changelogs.ubuntu.com/changelogs/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.9/changelog), if you have rebooted after the previous patch (6.8) you don't need to deploy this one17:07
synchronet2.1517:08
synchronetas well17:08
synchronettells me I need to reboot17:08
degorenkocoreycb, hi, i found that swift package missed one config file, as for master-newton and for mitaka: https://github.com/openstack/swift/blob/master/etc/container-sync-realms.conf-sample Is it possible to add it? :)17:09
degorenkojamespage, ^17:09
synchronetsdeziel: thanks17:10
sdezielsynchronet: I would assume it's the same situation on Precise. You can probably ask for clarifications in LP: #1585614 or ask sbeattie17:10
ubottuLaunchpad bug 1585614 in glibc (Ubuntu) "libc on 2016-05-25 causes Apache not to restart, libm.so.6: symbol __strtold_nan, version GLIBC_PRIVATE not defined in file libc.so.6 with link time reference" [Critical,Fix released] https://launchpad.net/bugs/158561417:10
sbeattiesdeziel, synchronet: that's correct, that you don't need to reboot if you went from the broken update to the fixed one. The issue was that people don't always reboot or restart services completely on libc updates, and the update was breaking things like apache when it was soft reloaded, which happens during events like logrotation.17:11
sbeattiesame situation for 12.04 and 14.04.17:11
synchronetty17:11
sdezielsbeattie: good, thanks17:11
synchronethetzner dumped 120.04 btw17:12
synchronet12.0417:12
coreycbdegorenko, sure, mind opening a bug here so we can track it? https://bugs.launchpad.net/ubuntu/+source/swift17:12
synchronetwhy I dont know EOL is good17:12
synchronetsbeattie: I noticed apache would not start, I use Virtualmin and people were mentioning that17:14
synchronetquick restart and all wa fine17:14
synchronetwas17:14
synchronetno one can know everything17:17
synchronetsbeattie: do you think Linux could be made a lot simpler?17:20
degorenkocoreycb, check please: https://bugs.launchpad.net/ubuntu/+source/swift/+bug/158648317:23
ubottuLaunchpad bug 1586483 in swift (Ubuntu) "Swift package missed container-sync-realms config file" [Undecided,New]17:23
keithzgAny suggestions for an antivirus program whose administration console can be run on an Ubuntu server? (I've asked this before, I'll probably ask it again, and my fruitless Google searches probably mean the answer is no, but I'm determined nonetheless!)17:25
synchronetkeithzg: most people deal with AV at local these days17:26
synchronetI use clamav etc on the servers, not sure why but comes packaged with Virtualmin GPL17:27
keithzgsynchronet: Yeah I'm not really worried about my servers (although some, particularly the mail server, do have clamav installed and running), and *most* of our Windows desktops are just using the free Microsoft one built into Windows, which is Good Enough™, but we do have some Windows Server desktops and Microsoft doesn't distribute Windows Defender for those.17:29
keithzgWe previously were using Bitdefender, which had a workable central admin console so I could get reports on the state of the various machines, but the admin console was clunky and had to be run from a Windows instance.17:29
synchronetits about educating people I think17:30
=== InfoTest1 is now known as InfoTest
keithzgThey're engineers, it's like herding cats ;)17:30
synchronetclamav, no idea what it does but take upo some resources17:31
keithzgEh, the instance we have running on our mail server seems quite light on resources. But again, not at all what I'm looking for, I'17:31
synchronetI dont think much of server side AV17:31
coreycbdegorenko, thanks, we'll take a look17:31
keithzgd prefer something to run on Windows machines but centrally administer via a Linux server.17:31
synchronetABG do server side17:32
synchronetAVG17:32
keithzgLast I checked, although they had a product for running antivirus on Linux, they didn't have any for administering Windows instances *from* a Linux instance.17:32
synchronetGood spam detection is usually rapped up with AV17:33
synchronetits when the click things happen17:33
synchronetthey17:33
synchronetavg free will help at office desk end17:34
keithzgEh, I'm not too worried about email (as aforementioned, we have clamav running on the mail server, and it does get run on each message that comes in or goes out).17:34
synchronetnot sure what clam av does??17:35
synchronetwaste of spave matbe?17:35
synchronetspace17:35
keithzg...it's an antivirus program, that's what the "av" part means. It certainly seems to be more reliable than AVG in my experience.17:35
synchronetnot sure what it has ever done for me17:35
synchronetapart from take up resources17:36
keithzg*sigh* Well if anyone is out there that has any suggestions that aren't trolling, I'd be very happy to hear them! Otherwise, cheers everyone, and hope you enjoy your weekends.17:36
synchronetnot trolling17:37
synchronetI have used Linux and I suppose clam AV since 1995 and never got a report about anything17:37
synchronetwhat do you mean by virus17:38
synchronetemail17:38
synchronetplease click here17:38
synchronetopen attachement17:38
synchronetI get them every day and have clam av running17:39
synchronetso whats the point17:39
synchronetspamassissin is a better one17:40
synchronetworks quite well but does not much more than a email client can do if setup right17:41
synchroneteducation at local end17:42
geniikeithzg: Actually, AVG has a linux version which allows you to remotely scan and fix Windows machines. But it's a paid version and not free.17:44
synchronethopefully not too much17:44
synchronetthey used to do a free version17:44
synchronetdoes not matter some dumb fcuk will open an email one day and bam17:46
synchronetand clamav would not have picked up on it and thats for sure.17:48
=== degorenko is now known as _degorenko|afk
=== afkthairus is now known as athairus
=== gugugaga is now known as gagagugu
devster31can I configure apt to behave like yum regarding new config files? meaning install the new one with a suffix like .aptnew without prompting?22:12
naccdevster31: that's a dpkg thing not an apt thing22:20
naccdevster31: which sounds like you want the conf file equivalent of --force-confold ?22:20
dasjoeapt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install your-package22:21
naccdasjoe: thanks :)22:21
dasjoe"confold: If a conffile has been modified and the version in the package did change, always keep the old version without prompting, unless the --force-confdef is also specified, in which case the default action is preferred."22:23
devster31nacc: thanks, yes, that's exactly what I was looking for22:23
dasjoedevster31: use it with --force-confdef, too22:27
dasjoeOtherwise existing files you didn't edit don't get upgraded22:28
devster31oh, ok, thanks22:34
=== DropItLikeItsHot is now known as AfroThundr

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!