[05:40] <Vertel> I believe I've found a bug in ufw. Where do I go to report it?
[05:40] <Vertel> Not a serious one, just a that-seems-wrong UI thing.
[05:42] <sarnold> ubuntu-bug ufw should Do The Right Thing
[05:44] <Vertel> Specifically, if I try to run "ufw insert 1 deny from [ipaddress] to any" with an empty ufw ruleset, it fails with "Invalid position '1'". My cloud host is firewalling ports, so I'm configuring this to only block IP addresses through fail2ban and ipset, hence why the ruleset is empty; unless those programs populate it, it's intended to be.
[05:45] <Vertel> That behaviour seem like a bug to you, failing to insert into rule 1 if there's no rules?
[05:45] <Vertel> But succeeding if I add even a dummy rule.
[05:46] <sarnold> yeah a quick skim of the manpage makes think that's a bug :)
[05:46] <Vertel> Cool beans.
[05:47] <Vertel> (I think this situation was overlooked mostly because you wouldn't normally expect the ruleset to be empty with a default policy of allow; in my specific situation it's safe and secure, but as a rule...)
[06:36] <jatin30> I am getting this error can someone help please http://imgur.com/w4DQvav ?
[06:37] <Seveas> jatin30: you're pasting random crap in your terminal, that ain't gonna work
[06:38] <jatin30> Seveas: I was trying to set password for my root for mysql
[06:41] <Seveas> I can see that. But instead of pasting random trminal output from somewhere, try understanding what you're doing :)
[06:41] <Seveas> 'cause on line 1 you already see that you don't have access to do this
[06:42] <Seveas> and all the other lines would have failed anyway, as they include the mysql prompt...
[06:45] <sarnold> jatin30: try: sudo mysql -u root -- and see if that gets you the mysql> prompt ..
[06:46] <jatin30> sanold: no its not working
[06:46] <jatin30> sarnold: no its not working
[06:47] <sarnold> jatin30: what error message do you get?
[06:48] <jatin30> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[06:49] <sarnold> hmm, I thought user root via unix sockets were allowed in without password
[07:00] <madwizard> dasjoe: Nope. Thanks
[07:04] <madwizard> dasjoe: Gonna be checking this out
[08:02] <jklare> Hi, i am working in the openstack-chef team and we are deploying mitaka on trusty. I want to add gnocchi to the integration test setup on jenkins for trusty, but i realised that the "gnocchi-api" and "gnocchi-metricd" package seems to be only available for the mitaka release on xenial. Any chance it will be ported to the cloud-archive for trusty? @jamespage
[08:31] <jamespage> jklare, hey
[08:31] <jklare> jamespage hi :)
[08:31] <jamespage> lemme check - we had alot of issues with dependencies for gnocchi and it got dropped from the UCA for trusty as a result
[08:33] <jamespage> jklare, it might need to wait until coreycb shows up - I know he has more context as to why its not in
[08:33] <jklare> jamespage ok, thanks
[11:01] <jamespage> coreycb, hmm pre mile beta versioning is confusing charms when deploying newton
[11:02] <jamespage> the config-changed  hook things there is an upgrade avliable and tries todo it...
[11:02] <jamespage> as the versions are still mitaka major version aligned right now
[11:46] <coreycb> jamespage, jklare: I forget what the issues were with backporting gnocchi.  I'm trying a build again on trusty to see.
[11:46] <jklare> coreycb cool, thanks
[11:46] <coreycb> jklare, np
[11:47] <coreycb> jamespage, is it the shapshot package versions that are forcing an upgrade?
[12:16] <mdeslaur> nacc: are you working on the php7.0 merge?
[12:31] <SeanS> hey all, Im setting up an openstack lab in LXD containers, host and containers are all running 16.04. Im running into an apparmor issue. 'ip netns add test' in the controller container returns 'mount --make-shared /var/run/netns failed: Permission denied'
[12:31] <SeanS> dmesg shows "[645048.140027] audit: type=1400 audit(1464352113.453:7943): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxd-controller_</var/lib/lxd>" name="/run/netns/" pid=5107 comm="ip" flags="rw, rshared""
[12:48] <jamespage> coreycb, yes - the newton ones currently look like mitaka versions
[12:48] <jamespage> but the PPA say newton
[12:48] <jamespage> coreycb, I could fix this in the configuration file that generates the jobs...
[12:48] <jamespage> its possible to override the version generated from pbr
[13:02] <coreycb> jamespage, either that or perhaps we could detect dev versions in the charms
[13:05] <jamespage> coreycb, I think we can do something in the configs for the builds - trying now
[13:15] <jamespage> coreycb, ok - I've massaged the config file for newton to inject X.X.X.0a1 versions - we can switch back to automatic versioning once upstream tag the first beta's
[13:22] <coreycb> jamespage, ok, thanks
[13:27] <sschirrxq> Hello, i am trying to setup a mdadm software raid as a luks device on top of it. i am using a keyfile and added the device in the crypttab and fstab. the problem is that the luks device is not opened during boot. after the boot completed i can open the luks device and mount the filesystem. can anyone help me?
[13:28] <sschirrxq> maybe the raid is not loaded before luks opens the device...
[14:43] <yossarianuk> hi - is there an easy way of shrinking an LVM PV partition within a QCOW2 image ?
[14:45] <patdk-wk> define easy?
[14:47] <yossarianuk> prefereably using one of the libguestfs / qemu tools ?
[14:47] <yossarianuk> or lvm tools / gparted, etc
[14:48] <yossarianuk> im aware how to grow them using virt-resize - i.e to expand partition, lvm lv and fs in one command
[14:48] <yossarianuk> (something vmware/vbox cannot do..)
[14:58] <patdk-wk> it will be a whole chain of commands
[14:58] <patdk-wk> with a high probability of failure
[14:59] <patdk-wk> and I dunno why you claim vmware cannot do it
[14:59] <coreycb> jamespage, nova 1:2014.1.5-0ubuntu1.5~cloud0 is ready to promote to trusty-proposed
[14:59] <patdk-wk> I do it all the time growing and shrinking in vmware
[14:59] <coreycb> jamespage, to icehouse-proposed
[14:59] <yossarianuk> patdk-wk: I mean the ability to resize a disk image/partition + LVM partition + the filesystem in one command
[15:00] <patdk-wk> I don't see how that is possible in one command using qcow2, but heh
[15:00] <patdk-wk> I don't use kvm though
[15:00] <patdk-wk> and I don't use lvm at all
[15:01] <yossarianuk> patdk-wk: also say you wanted to reize a disk image - but just expand /dev/sda1  (when other partitons exist)
[15:01] <yossarianuk> in vmware that is hassle
[15:01] <yossarianuk> you would likely use fdisk/gdisk/kpartx , etc
[15:01] <yossarianuk> kvm = virt-resize
[15:02] <patdk-wk> kvm doesn't even know what a disk is :)
[15:02] <patdk-wk> that is a qemu thing
[15:02] <yossarianuk> sure
[15:02] <yossarianuk> its libguestfs-tools that does the 'majic' though
[15:02] <yossarianuk> *magic*
[15:03] <patdk-wk> yes, I know nothing about libguestfs-tools, you can keep talking about it to me, but heh, I have never used it, and have no plans to ever use it
[15:04] <patdk-wk> if it does it in one step nice, dunno how it can really do that though, guess your vm has to be powered off to do that, and I don't power off my vm's
[15:04] <patdk-wk> and dunno what kpartx has to do with resizing partitions
[15:04] <yossarianuk> yes it has to be powered off...
[15:05] <patdk-wk> all my resizes are online operations
[15:05] <yossarianuk> i.e say you wanted to just expand /dev/sda1 here is the command (just for interest) -> virt-resize --expand /dev/sda2 --LV-expand /dev/vg_guest/lv_root  olddisk newdisk
[15:05] <yossarianuk> (sorry sda2 in that example)
[15:05] <patdk-wk> ya, I don't care :)
[15:06] <patdk-wk> I am not going to do it
[15:06] <patdk-wk> I can only give you the *hard way*
[15:06] <yossarianuk> I know, I use vmware also (at work) there are no tools as flexible ...
[15:06] <yossarianuk> vmware is more like windows..... kvm moree like linux
[15:07] <nacc_> mdeslaur: LP: #1586425 filed
[15:08] <mdeslaur> nacc: ah, cool
[15:11] <nacc> mdeslaur: thank you for the ping, though! i'm just starting to catch up on my yakkety work :)
[15:12] <mdeslaur> nacc: I fixed the test suite on build in the xenial package
[15:12] <mdeslaur> nacc: once it's synced to yakkety, I'll add it and send it to debian
[15:12] <nacc> mdeslaur: oh nice!
[15:28] <coreycb> ddellav, this is what's failing for keystone: http://paste.ubuntu.com/16733690/
[15:29] <ddellav> coreycb i was just looking at that, that's weird. What do you think is causing that?
[15:30] <coreycb> ddellav, I'm not sure yet, the last successful build, if you scroll through the past jenkins jobs was against commit faa79c8e183a6d8383c8e34ca737aa20fc3cf693
[15:32] <coreycb> ddellav, commit faa79c8e183a6d8383c8e34ca737aa20fc3cf693 changed up some config files
[15:33] <ddellav> coreycb hmm, ok. I guess d/rules needs some tweaks
[15:34] <coreycb> ddellav, you may just need to change the paths in debian/keystone.install based on the error messages
[15:35] <ddellav> coreycb ok, i'll take a look at that as well
[15:37] <coreycb> jklare, I'm not having any luck with gnocchi backport to trusty-mitaka.
[15:41] <coreycb> jklare, tests are causing carbonara to run out of threads.  trusty python packages build on i386 only whereas xenial are on amd64, so that may be why this surfaces.  I'll open a bug upstream about it.
[15:50] <coreycb> jklare, jamespage, bug 1586443
[16:50] <synchronet> gnu lib c regression?
[16:50] <synchronet> So I have to reboot my servers gain?
[16:51] <synchronet> ubuntu updates and reboot needs are getting daft
[16:54] <dasjoe> Here, you'll probably like this: <°(((><
[16:55] <synchronet> dasjoe:  how you know that?  :)
[16:55] <dasjoe> Trolls like fish!
[16:55] <synchronet> lol
[16:56] <synchronet> I thought you were very clever for a moment
[16:57] <nacc> synchronet: i appreciate your frustration, but a) there are many versions of ubuntu currently supported, so if you are asking for help, it helps to specify which version you are referring to; b) you are welcome to do whatever you want, if you would rather be insecure and not process updates, you can deal with the fallout of that; c) you've mostly just ranted in this channel for the past few days,
[16:57] <nacc> that's neither a discussion nor a support, so I would consider it offtopic (#ubuntu-offtopic)
[16:57] <synchronet> dasjoe: moaning because of a very relevant problem is not trolling
[16:58] <synchronet> nacc: all I can do is rant?
[16:58] <synchronet> trying to run a server business using Ubuntu is very trying
[16:58] <nacc> synchronet: if that is all you can do, please do it in #ubuntu-offtopic
[16:58] <synchronet> ok
[16:59] <synchronet> if you dont complain you dont get anywhere
[16:59] <synchronet> and nothing changes
[17:00] <nacc> synchronet: if you would like to file a bug, please consider doing that. But I believe so far your complaint is "there are too many updates to Ubuntu", which is nonsensical to me.
[17:00] <synchronet> file a bug, I just want something that works out of the box
[17:00] <nacc> synchronet: was something broken or not working for you?
[17:00] <synchronet> bugs are you devs end
[17:00] <nacc> synchronet: you have yet to mention any such problems
[17:01] <synchronet> updates and reboots
[17:01] <synchronet> twice this week
[17:01] <nacc> synchronet: those are neither broken nor bugs.
[17:03] <dasjoe> 16.04 was not affected by the libc regressions
[17:03] <sdeziel> synchronet: if you find those frequent updates/reboot disruptive, feel free to delay them a bit and apply them in batch at a convenient time
[17:03] <synchronet> sdeziel: they are security updayes
[17:03] <synchronet> updayes
[17:03] <synchronet> updates
[17:04] <sdeziel> synchronet: yes so that's why I apply them ASAP but you don't seem to like that so I'm proposing alternatives
[17:04] <synchronet> sdeziel: respect if you part of the security team
[17:04] <sdeziel> synchronet: I'm not
[17:04] <synchronet> ah
[17:06] <synchronet> things are getting more and more complicated I know
[17:07] <sdeziel> synchronet: re the libc regression. As far as I understand the regression fix (http://changelogs.ubuntu.com/changelogs/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.9/changelog), if you have rebooted after the previous patch (6.8) you don't need to deploy this one
[17:08] <synchronet> 2.15
[17:08] <synchronet> as well
[17:08] <synchronet> tells me I need to reboot
[17:09] <degorenko> coreycb, hi, i found that swift package missed one config file, as for master-newton and for mitaka: https://github.com/openstack/swift/blob/master/etc/container-sync-realms.conf-sample Is it possible to add it? :)
[17:09] <degorenko> jamespage, ^
[17:10] <synchronet> sdeziel: thanks
[17:10] <sdeziel> synchronet: I would assume it's the same situation on Precise. You can probably ask for clarifications in LP: #1585614 or ask sbeattie
[17:11] <sbeattie> sdeziel, synchronet: that's correct, that you don't need to reboot if you went from the broken update to the fixed one. The issue was that people don't always reboot or restart services completely on libc updates, and the update was breaking things like apache when it was soft reloaded, which happens during events like logrotation.
[17:11] <sbeattie> same situation for 12.04 and 14.04.
[17:11] <synchronet> ty
[17:11] <sdeziel> sbeattie: good, thanks
[17:12] <synchronet> hetzner dumped 120.04 btw
[17:12] <synchronet> 12.04
[17:12] <coreycb> degorenko, sure, mind opening a bug here so we can track it? https://bugs.launchpad.net/ubuntu/+source/swift
[17:12] <synchronet> why I dont know EOL is good
[17:14] <synchronet> sbeattie: I noticed apache would not start, I use Virtualmin and people were mentioning that
[17:14] <synchronet> quick restart and all wa fine
[17:14] <synchronet> was
[17:17] <synchronet> no one can know everything
[17:20] <synchronet> sbeattie: do you think Linux could be made a lot simpler?
[17:23] <degorenko> coreycb, check please: https://bugs.launchpad.net/ubuntu/+source/swift/+bug/1586483
[17:25] <keithzg> Any suggestions for an antivirus program whose administration console can be run on an Ubuntu server? (I've asked this before, I'll probably ask it again, and my fruitless Google searches probably mean the answer is no, but I'm determined nonetheless!)
[17:26] <synchronet> keithzg: most people deal with AV at local these days
[17:27] <synchronet> I use clamav etc on the servers, not sure why but comes packaged with Virtualmin GPL
[17:29] <keithzg> synchronet: Yeah I'm not really worried about my servers (although some, particularly the mail server, do have clamav installed and running), and *most* of our Windows desktops are just using the free Microsoft one built into Windows, which is Good Enough™, but we do have some Windows Server desktops and Microsoft doesn't distribute Windows Defender for those.
[17:29] <keithzg> We previously were using Bitdefender, which had a workable central admin console so I could get reports on the state of the various machines, but the admin console was clunky and had to be run from a Windows instance.
[17:30] <synchronet> its about educating people I think
[17:30] <keithzg> They're engineers, it's like herding cats ;)
[17:31] <synchronet> clamav, no idea what it does but take upo some resources
[17:31] <keithzg> Eh, the instance we have running on our mail server seems quite light on resources. But again, not at all what I'm looking for, I'
[17:31] <synchronet> I dont think much of server side AV
[17:31] <coreycb> degorenko, thanks, we'll take a look
[17:31] <keithzg> d prefer something to run on Windows machines but centrally administer via a Linux server.
[17:32] <synchronet> ABG do server side
[17:32] <synchronet> AVG
[17:32] <keithzg> Last I checked, although they had a product for running antivirus on Linux, they didn't have any for administering Windows instances *from* a Linux instance.
[17:33] <synchronet> Good spam detection is usually rapped up with AV
[17:33] <synchronet> its when the click things happen
[17:33] <synchronet> they
[17:34] <synchronet> avg free will help at office desk end
[17:34] <keithzg> Eh, I'm not too worried about email (as aforementioned, we have clamav running on the mail server, and it does get run on each message that comes in or goes out).
[17:35] <synchronet> not sure what clam av does??
[17:35] <synchronet> waste of spave matbe?
[17:35] <synchronet> space
[17:35] <keithzg> ...it's an antivirus program, that's what the "av" part means. It certainly seems to be more reliable than AVG in my experience.
[17:35] <synchronet> not sure what it has ever done for me
[17:36] <synchronet> apart from take up resources
[17:36] <keithzg> *sigh* Well if anyone is out there that has any suggestions that aren't trolling, I'd be very happy to hear them! Otherwise, cheers everyone, and hope you enjoy your weekends.
[17:37] <synchronet> not trolling
[17:37] <synchronet> I have used Linux and I suppose clam AV since 1995 and never got a report about anything
[17:38] <synchronet> what do you mean by virus
[17:38] <synchronet> email
[17:38] <synchronet> please click here
[17:38] <synchronet> open attachement
[17:39] <synchronet> I get them every day and have clam av running
[17:39] <synchronet> so whats the point
[17:40] <synchronet> spamassissin is a better one
[17:41] <synchronet> works quite well but does not much more than a email client can do if setup right
[17:42] <synchronet> education at local end
[17:44] <genii> keithzg: Actually, AVG has a linux version which allows you to remotely scan and fix Windows machines. But it's a paid version and not free.
[17:44] <synchronet> hopefully not too much
[17:44] <synchronet> they used to do a free version
[17:46] <synchronet> does not matter some dumb fcuk will open an email one day and bam
[17:48] <synchronet> and clamav would not have picked up on it and thats for sure.
[22:12] <devster31> can I configure apt to behave like yum regarding new config files? meaning install the new one with a suffix like .aptnew without prompting?
[22:20] <nacc> devster31: that's a dpkg thing not an apt thing
[22:20] <nacc> devster31: which sounds like you want the conf file equivalent of --force-confold ?
[22:21] <dasjoe> apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install your-package
[22:21] <nacc> dasjoe: thanks :)
[22:23] <dasjoe> "confold: If a conffile has been modified and the version in the package did change, always keep the old version without prompting, unless the --force-confdef is also specified, in which case the default action is preferred."
[22:23] <devster31> nacc: thanks, yes, that's exactly what I was looking for
[22:27] <dasjoe> devster31: use it with --force-confdef, too
[22:28] <dasjoe> Otherwise existing files you didn't edit don't get upgraded
[22:34] <devster31> oh, ok, thanks