[03:39] <dirty> on server how do I manually install security updates on a one time basis, I do not want it automated with unattended-upgrades for a couple local policy reasons
[03:39] <dirty> s/,/?/
[04:11] <b4r> dirty: I would think it's just apt-get update and the system will install anything at all which needs upgrades
[04:11] <b4r> but I might be missing something
[04:13] <b4r> dirty: apt-get update then upgrade
[04:17] <patdk-lap> cause that installs ALL updates
[04:17] <patdk-lap> not ONLY security
[05:39] <b4r> patdk-lap: so
[05:40] <b4r> patdk-lap: thanks for stating it isn't right
=== schmidtm_ is now known as schmidtm
=== athairus is now known as afkthairus
=== admcleod_ is now known as admcleod
=== jamespag` is now known as jamespage
=== gnuoy` is now known as gnuoy
[08:49] <caribou> rbasak: morning.
[08:49] <caribou> rbasak: nacc: interesting situation here :
[08:50] <caribou> rbasak: nacc: Debian just accepted the only delta I had for corosync so no more need to merge it; I'll request a sync but what should we do in such situation with the existing git repo ?
=== _degorenko|afk is now known as degorenko
=== m1dnight1 is now known as m1dnight_
=== bigon_ is now known as bigon
[12:06] <jelly> trying to decide on a platform for a small mail server with ha; choices are: debian, ubuntu lts or centos. we have most experience with debian but the ha stack is only barely completed with jessie-backports.  ubuntu is slightly better but centos/rh seem to have by far the best documentation for ha setups.  Goal: simple active/passive cluster, floating ip with smtp service.
[12:06] <teward> jelly: I should point out you're on an Ubuntu channel
[12:07] <teward> you can expect "Ubuntu" to be the recommendation here.  You may wish to ask in ##linux or Linux-distribution-agnostic forums to get better sets of information and recommendations
[12:07] <jelly> teward: I'm perfectly aware of that!
[12:07] <teward> (my two cents)
[12:09] <jelly> teward: I'll wait for comments from people who have actually dealt with linux-ha, er, clusterlabs, on ubuntu
[12:09] <teward> sure, I just wanted to make a note that since you are asking for an impartial analysis, you may want to avoid distro-specific channels ;)
[12:09]  * teward goes back to poking nginx
[12:13] <jelly> I'm going to ask the debian-ha people in their channel, too.  However logs of this channel seem to show reasonably intelligent conversation and avoid the less helpful forms of "Use $our_stuff it's the best!!!11"
[12:13] <teward> :P
[12:14] <jelly> you're going to take that compliment even if you don't like it.
[12:18] <teward> jelly: not arguing :)  just busy :P
[12:18]  * teward has a lot of things to get done :/
=== TREllis_ is now known as TREllis
[12:58] <jamespage> ddellav, coreycb: hey - backports most oslo.* things for newton and fixed up the changelog generation for new packages for the UCA
[12:58] <jamespage> it was generating against 12.04 for new entries...
[12:58] <jamespage> doh
[12:59] <coreycb> jamespage, thanks!
[12:59] <jamespage> coreycb, clients still need doing
[12:59] <jamespage> coreycb, nice weekend?
[13:01] <coreycb> jamespage, ok I can get the clients.  yes it was a great weekend.  how about you?
[13:01] <jamespage> coreycb, nice thanks - finally warmed up a bit on saturday
[13:02] <rbasak> caribou: we could optionally push reconstruct/deconstruct/logical tags for the previous delta if you think that would be helpful. Otherwise, go ahead and sync and throw work trees away?
[13:02] <coreycb> jamespage, that's nice.  it's been very rainy here.  hoping we'll dry up soon!
[13:03] <jamespage> coreycb, ddellav: so how about we get b1 out of the door today?
[13:03] <caribou> rbasak: well for now it doesn't hurt to keep it if it is simple enough to add new debian releases on top of it for later
[13:03] <caribou> rbasak: there was only one patch as a delta so it's not worth the overhead
[13:04] <coreycb> jamespage, sure let's do it.  I wasn't sure if it was ready or not.
[13:04] <caribou> rbasak: or trash it & rebuild later as I'm not going to use it
[13:05] <jamespage> coreycb, well some bits appear to be; I re-jigged the branch build configurations to auto version for ones that have
[13:05] <jamespage> which was most of them I think
[13:05] <caribou> rbasak: FYI I forced-pushed my kexec-tools changes (wanted to see how LP would react)
[13:06] <caribou> rbasak: good thing is that it keeps all the diffs with comments
[13:06] <rbasak> caribou: yeah it looks good!
[13:07] <rbasak> caribou: not worth the overhead> agreed. Though in the general case, we could take MPs for reconstruct/deconstruct/logical and push them if desired.
[13:07] <caribou> rbasak: I'm also testing a new merge on an existing git repo of the previous merge (clamav)
[13:08] <coreycb> jamespage, ddellav: alright, I'll start working through the packages for b1 shortly.  should be really simple seeing as most everything builds ok for CI.
[13:08] <jamespage> coreycb, happy to help out - want me to take some?
[13:08] <jamespage> --parallel=2
[13:08] <coreycb> jamespage, sure feel free
[13:09] <jamespage> coreycb, do we have a list?
[13:09] <coreycb> jamespage, I'm still using the spreadsheet
[13:10] <jamespage> coreycb, gotit - taking keystone now
[13:10] <coreycb> jamespage, sounds good, I'll put my name by one
[13:12] <coreycb> jamespage, probably all that's needed is a refresh of d/control to align with upstream and release the new version
[13:13] <jamespage> coreycb, that was my thinking
[13:13] <coreycb> jamespage, ok
[13:17] <ddellav> coreycb jamespage ok, i'll start taking some packages as well.
[13:17] <coreycb> ddellav, ok, thanks
[13:21] <jamespage> --parallel=3
[13:21] <jamespage> \o/
[13:24] <ddellav> am I on the right spreadsheet? I dont see jamespage's name on keystone on the r-17 page: https://docs.google.com/spreadsheets/d/1DFhvygMhzVch4k_vr1W9wnc2h6ANemY6CNn0UKFJfxE/edit#gid=2077440986
[13:24] <ddellav> coreycb ^
[13:25] <jamespage> ddellav, I'd put it in on R-18
[13:25] <coreycb> ddellav, jamespage: I moved it to the new tab.  now that CI is in shape, I think I'll just change this back to the old way we had it with tabs only for milestone releases.
[13:26] <jamespage> +1 ack
[13:28] <coreycb> jamespage, ddellav, done
[13:29] <ddellav> coreycb jamespage ok, thanks
[13:39] <coreycb> jamespage, ddellav: cinder is calling for new versions of os-testr, paramiko, and mock.
[13:41] <coreycb> jamespage, ddellav: I'm bumping os-testr
[13:41] <jamespage> coreycb, ok
[13:48] <ddellav> jamespage coreycb ok, i'll look at paramiko as well
[13:54] <jamespage> ddellav, coreycb: keystone uploaded
[13:54] <jamespage> glance next
[14:06] <caribou> rbasak: what's the plan regarding the repository that were used last cycle to merge using git-dsc-commit ?
[14:07] <caribou> rbasak: nacc: do we want to migrate them over or keep using the same ones ?
[14:07] <caribou> rbasak: I've just done clamav using last cycle's repo
[14:14] <rbasak> caribou: I don't think we have decided on any particular plan, but I think it's OK to not worry about maintaining the logical deltas etc in a single coherent repository, but also not throw it away.
[14:14] <rbasak> caribou: I would set two git remotes, one for old and one for new, and rebase from the old tree to the new one.
[14:15] <caribou> rbasak: yeah, that's what I was thinking of so, at the end, each repo has the complete history
[14:18] <rbasak> caribou: yeah, but maybe in the end we'll throw away the old repos and won't have bothered to move every piece to the new ones. I think that's OK though - better that we move forward.
[14:36] <coreycb> ddellav, jamespage: os-testr uploaded
[14:37] <ddellav> coreycb ack
[14:37] <coreycb> ddellav, here's the repo for paramiko: https://github.com/jbouse-debian/paramiko
[14:37] <ddellav> coreycb ok,  thanks
[14:42] <coreycb> ddellav, jamespage: I'll take a look at python-mock
=== deadnull_ is now known as _deadnull
[14:43] <jamespage> coreycb, that might not be strictly required...
[14:43] <coreycb> jamespage, probably not
[14:43] <jamespage> coreycb, other than in the requirement - I'd not block b1 on it unless it actuall caused unit test failures...
[14:43] <coreycb> jamespage, sounds like a plan.
[14:43] <coreycb> ddellav, ^
[14:44] <ddellav> coreycb jamespage ok
[14:45] <ddellav> coreycb im getting a bad archive when I try to download the heat tarball: http://cl.ly/3W2q280G2K11/Image%202016-06-06%20at%2010.44.58%20AM.png
=== _deadnull is now known as deadnull_
[14:49] <coreycb> ddellav, it looks like they've tagged the release but not release the tarball yet. you can check here http://tarballs.openstack.org/heat/.
[14:50] <ddellav> coreycb isn't this the right one? http://tarballs.openstack.org/heat/heat-7.0.0.0b1.tar.gz
[14:51] <coreycb> ddellav, it is!  my mistake.
[14:51] <ddellav> coreycb for some reason im only getting 200k of the tarball
[14:52] <ddellav> coreycb i'll move onto something else and check back later
[14:53] <coreycb> ddellav, you could try manually downloading it and renaming it with orig in the name
[15:04] <ddellav> coreycb ah true, i'll try that
[15:24] <MacroMan> I'm attempting to compile scolorq, but getting an error from g++: overloaded ‘abs(double&)’ is ambiguous
[15:24] <MacroMan> I think this was written to compile with an older version of g++. Can I specify a different version to use?
[15:29] <ddellav> coreycb there does not appear to be a 2.0 release tag in the paramiko upstream. Shall I use master? *shrugs*
[15:37] <coreycb> ddellav, looks like there's one here: https://github.com/paramiko/paramiko
[16:11] <ddellav> coreycb heh ok
[16:30] <kyle__> /window close
[16:30]  * kyle__ sighs
=== afkthairus is now known as athairus
[16:45] <blizzow> Holy moly, what is going on with the mount command on a default install these days??  ELEVEN cgroup entries? FIVE tmpfs entries? It's nearly illegible.
[16:49] <nacc> blizzow: i believe lxd is seeded on server installs now
[16:50] <blizzow> nacc: That's effing lame.
[16:51] <nacc> blizzow: it was in the release notes: https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#LXD_2.0
[16:55] <blizzow> WTF happened to a bare bones OS that you CHOOSE to install virtualization on? If I wanted a bloatware platform, I'd buy Windows or a cellphone from ATT. What's next, forced xorg/mir installations in server?
[16:56] <blizzow> Screw it, hey let's force install KDE+QT+GTK+GNOME so servers are ready for ANYTHING.
[17:01] <ddellav> coreycb getting this weird error when trying to build paramiko with gbp: http://paste.ubuntu.com/17066343/
[17:04] <coreycb> ddellav, can you push it and I'll take a look?
[17:04] <ddellav> coreycb sure
[17:05] <ddellav> coreycb lp:~ddellav/ubuntu/+source/paramiko
[17:05] <nacc> blizzow: take rants elsewhere :)
[17:06] <coreycb> jamespage, neutron wants ovs >= 2.6.0.  I think you were going to bump ovs but if not, let me know.
[17:07] <jamespage> coreycb, not just yet
[17:07] <blizzow> nacc: Where should one take an ubuntu-server rant if not IRC? Seems the perfect platform.
[17:07] <jamespage> try it with 2.5.0
[17:07] <coreycb> jamespage, ok will do
[17:08] <sdeziel> blizzow: if you want a bare bones install you should use the mini.iso
[17:08] <nacc> blizzow: cf. topic, use an appropriate channel (e.g., #ubunut-offtopic)
[17:08] <nacc> err, #ubuntu-offtopic
[17:09] <nacc> sdeziel: hey! looking at the bug
[17:09] <nacc> sdeziel: (puppet)
[17:09] <sdeziel> nacc: yeah, thanks for assisting on this
[17:09] <nacc> sdeziel: would you be able to fix upstream? i have the PR done, but would need to setup the stuff to contribute to puppet
[17:09] <sdeziel> nacc: I feel like I'm not using the right tools at all
[17:10] <nacc> sdeziel: https://github.com/nacc/puppet/tree/ubuntu_1610_systemd is my branch right now
[17:10] <nacc> sdeziel: most of the past 6 months for me has been learning what tools to use :)
[17:10] <blizzow> I think it's pretty on-topic to say that ubuntu-server is turning bloated, and should NOT install virtualization garbage by default.
[17:11] <sdeziel> nacc: this PR should fix Yakkety but I feel the right way would be to default to systemd unless we detect a version < 15.04
[17:11] <nacc> sdeziel: yeah, i don't know ruby well enough at that point :)
[17:11] <nacc> sdeziel: ack, though, that would be cleaner, as this array is only going to grown from now on
[17:14] <nacc> sdeziel: so we technically need to fix 16.10 before we can fix 16.04 by SRU policy. It probably would be fine to do an out-of-band patch for 16.10, but I'd prefer if we can upstream it first, just to keep track of the changes properly
[17:14] <sdeziel> nacc: understood, I'll try to change how Ubuntu is handled so that systemd is considered default and were old releases are special cased to use upstart
[17:15] <sdeziel> nacc: will check up with upstream
[17:15] <nacc> sdeziel: great, thanks! i'll review as soon as I see a new patch
[17:15] <sdeziel> nacc: thanks!
[17:16] <sdeziel> blizzow: the mini.iso works really well is you want 0 fat ;)
[17:19] <sdeziel> blizzow: that said, the many cgroup related mounts are due to systemd and cgmanager. lxd isn't to blame
[17:21] <nacc> sdeziel: appreciate your patience and sorry for the churn on the patches
[17:22] <blizzow> It still shouldn't be on a server install by default. It's akin to installing nginx by default.
[17:22] <sdeziel> blizzow: lxd being socket activated it's probably not running unless you asked it to
[17:24] <blizzow> sdeziel: see my prior comment.  It's like saying, "oh we install nginx by default but don't turn it on. It'll only turn on if you ask it to."  What is the reasoning behind installing lxd by default?
[17:25] <blizzow> Don't even get me started on the fact that SERVER cannot choose UTC as a timezone during installation.
[17:26] <blizzow> Choosing Iceland isn't an option if I choose "Americas" Thus I'm forced into some weird language/geography choices.
[17:26] <sdeziel> blizzow: what I'm saying is the Server ISO comes with some collection of packages deemed appropriate/handy for the majority. If you want something smaller, the mini.iso is probably a very good alternative
[17:32] <blizzow> And the establishment has deemed Trump or Clinton appropriate/handy for the majority of voters in the USA. That doesn't make the decision right.  I'm here to voice my opinion about the choices of "appropriate/handy for the majority" in the hopes that someone will listen.
[17:33] <sdeziel> OK
[17:37] <jelly> blizzow: can you preseed UTC?
[17:43] <blizzow> Don't know. It should be an option during the standard install procedure though. If one is forced to go choose a timezone, at a minimum, UTC should be an option, ideally, a choice of any timezone should be available. Some people install in disparate geographies but use a single timezone.
[17:43] <nixnothing> yo
=== johnlage_ is now known as johnlage
[18:03] <nixnothing> so, there was this game strategy I used to play where the main character was a demon overlord
[18:04] <nixnothing> and thats what I names to user that runs all my server deamons
=== degorenko is now known as _degorenko|afk
[18:19] <coreycb> ddellav, horizon and python-django-openstack-auth uploaded
[18:26] <coreycb> ddellav, I don't get the same error for paramiko.  but I do get:
[18:26] <coreycb> http://paste.ubuntu.com/17069078/
[18:30] <coreycb> ddellav, if I run 'sphinx-build sites/docs html' manually against upstream it seems to be ok. so I'd try to drop into the chroot on failure with pbuilder and see what's different.
[18:34] <ddellav> coreycb ok
[18:49] <halvors> My ubuntu-server is loosing connectivity when IP address is renewed from DHCP.
[18:49] <halvors> Why can that be?
=== deadnull_ is now known as _deadnull
[19:16] <halvors> How can i disable ifupdown?
[19:26] <coreycb> ddellav, neutron's uploaded
[19:27] <ddellav> coreycb ack
[19:27] <ddellav> coreycb almost got paramiko building
[19:27] <coreycb> ddellav, awesome
[19:34] <halvors> How can i use systemd-networkd instead of ifupdown?
=== _deadnull is now known as deadnull_
[20:29] <ddellav> coreycb heat pushed and ready for review: lp:~ddellav/ubuntu/+source/heat
[20:29] <coreycb> ddellav, cool I'll take a look
[20:52] <coreycb> ddellav, can you push upstream and pristine-tar branches for heat?
[20:52] <ddellav> coreycb doesn't git push --all do that?
[20:52] <coreycb> ddellav, it should but I don't see it in your repo
[20:53] <ddellav> coreycb hmm... ok, i'll take a look
[20:53] <ddellav> coreycb strange, it shows up here: https://code.launchpad.net/~ddellav/ubuntu/+source/heat/+git/heat
[20:55] <coreycb> ddellav, I'm using the wrong version. error on my end, sorry.
[20:56] <ddellav> coreycb np
[21:03] <coreycb> ddellav, ok heat's uploaded!
[21:07] <ddellav> coreycb great ty
[21:14] <ddellav> coreycb neutron-fwaas ready for review lp:~ddellav/ubuntu/+source/neutron-fwaas
=== Seveas_ is now known as Seveas
=== Seveas is now known as Guest39314
=== Guest39314 is now known as Seveas
=== Kenrinx is now known as kenrin
=== freyes__ is now known as freyes
[23:06] <FManTropyx> I have two questions
[23:09] <FManTropyx> the PHP5 in the repo is 5.5.9+dfsg-1ubuntu4 but the latest version is already 5.5.39 so will I be able to get a newer one any time soon without bypassing the official repository? and what is "dfsg-1ubuntu4"?
[23:10] <teward> FManTropyx: "php5 in the repo"
[23:10] <teward> what Ubuntu version are you looking at?
[23:11] <teward> because it's no longer in the repos as of Xenial
[23:11] <teward> (php7.0 is Xenial, and no php5)
[23:11] <sarnold> dfsg means "debian freesoftware guidelines" -- stuff that doesn't conform to debian's guidelines have been removed (often documentations)
[23:11] <teward> ^
[23:12] <FManTropyx> I am running 14.04
[23:15] <teward> http://askubuntu.com/questions/151283/why-dont-the-ubuntu-repositories-have-the-latest-versions-of-software is relevant
[23:16] <teward> FManTropyx: ^
[23:17] <teward> FManTropyx: there are third party PPAs which have php5 updated... but of course, the obvious applies:
[23:17] <teward> !ppa
[23:17] <ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
[23:17] <sarnold> the "1ubuntu4" probably means that it's been through roughly four ubuntu-specific updates of some sort since it was copied from debian's "5.5.9+dfsg-1" package.
[23:17] <sarnold> FManTropyx: also: why is 5.5.9+dfsg-1ubuntu4 the newest version available to you? did you turn off the updates and security pockets?
[23:18] <FManTropyx> that's what I was asking :) I haven't done anything
[23:18] <teward> FManTropyx: well
[23:18] <teward> your -updates and -security pockets must be disabled
[23:18] <teward> or the package held
[23:19] <teward> from rmadison which lists the versions of stuff: http://paste.ubuntu.com/17076262/
[23:19] <teward> ignore -proposed but meh
=== alexisb is now known as alexisb-afk
[23:19] <sbeattie> or the mirror you're updating fro has fallen behind.
[23:19] <sarnold> FManTropyx: run apt-cache policy php5 -- on a 14.04 VM i've got I get these results: http://paste.ubuntu.com/17076269/
[23:20] <teward> sbeattie: indeed
[23:23] <FManTropyx> yeah, 5.5.9
[23:24] <sarnold> FManTropyx: what's the _full_ version number?
[23:25] <FManTropyx> I have 5.5.9+dfsg-1ubuntu4.16 installed and 5.5.9+dfsg-1ubuntu4.17 candidate, but what does that matter? 5.5.9 is the version of the PHP
[23:25] <teward> FManTropyx: again, read the AskUbuntu question I linked, and the answers to it, especially the selected one.
[23:25] <teward> It's version fixed, I believe
[23:25] <FManTropyx> I think I have read it, but isn't 5.5.9 pretty old?
[23:26] <FManTropyx> not that I really need the latest :)
[23:26] <sarnold> ah, good, then that means everything is working as expected. You should install your updates of course -- you're missing ten CVE fixes...
[23:26] <FManTropyx> yeah, I'll run update&upgrade later
[23:26] <teward> FManTropyx: keep in mind you're using 14.04
[23:26] <teward> which is at least two years old
[23:26] <sarnold> FManTropyx: see also https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions and https://www.debian.org/security/faq#version
[23:26] <teward> ^ there you go
[23:27] <FManTropyx> also I think that the latest kernel isn't being used, even after reboot
[23:27] <FManTropyx> I have some old ones that apt-get keeps nagging about, so is it safe to run autoremove on them?
[23:27] <sarnold> yeah, and in fact you may fill your /boot or / whatever if they aren't being automatically cleaned
[23:28] <sarnold> I never figured out why they are for some people and not for others
[23:28] <sarnold> the usual advice is to keep at least two kernels -- the latest, and whichever you're running now, and if that's the same kernel, then the previous one too :)
[23:28] <FManTropyx> I had 4 there IIRC
[23:29] <FManTropyx> should I set up a cronjob to run apt-get inst-upgrade daily?
[23:30] <sarnold> there's an unattended-upgrades package that you may find helpful
[23:31] <FManTropyx> okay, thanks for all the help - I will look into all this later!
[23:31] <sarnold> have fun :)