[00:16] <runelind_q> I am new to lxd and want to configure the networking to be a true bridge in that I want my guests to get v4 addresses via DHCP and v6 addresses via SLAAC
[00:16] <runelind_q> once I get this working I'm planning on having multiple interfaces on my host that binds to different VLANs (and thus multiple bridges, I would assume).
[00:18] <runelind_q> I created a test guest and it created a vethDMY03 interface, but the guest doesn't have a v4 or a v6 address
[00:23] <runelind_q> I went into the guest and set inet dhcp and inet6 auto in interfaces.d/50-cloud-init.cfg
[00:54] <winslow__> Hi, all. Not sure if there's a better room to reach the team that handles Ubuntu cloud images, but `vagrant box add ubuntu/xenial64` is currently failing with a 404 when fetching the box.
[00:54] <nacc> Odd_Bloke: --^ not sure if that is the same issue you were helping with earlier
[01:11] <jrwren> runelind_q: did you create your own br0 bridge device, add your eth0 to it and tell lxd to use that br0?
[01:12] <jrwren> runelind_q: this is a little dated, but may help: http://jrwren.wrenfam.com/blog/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/
[01:17] <masuberu> hi
[01:18] <masuberu> why loop
[01:18] <masuberu> , lp and
[01:18] <masuberu> rtc are missing from /etc/modules?
[01:18] <masuberu> on ubuntu 16.04?
[01:19] <masuberu> why loop, lp and rtc modules are missing from /etc/modules on ubunut 16.04?
[01:23] <runelind_q> jrwren: i thought lxdbr0 was the new hotness?
[01:24] <jrwren> runelind_q: it is, but that is a nated bridge interface which serves dhcp from a private range via dnsmasq.
[01:24] <jrwren> runelind_q: your question made it sound like you wanted to bridge to your local lan.
[01:24] <runelind_q> i did
[01:25] <runelind_q> ok, i will use a regular bridge
[01:36] <Yuri4_> Guys, how can I run some command automatically on every boot?
[01:37] <runelind_q> let me count the ways
[01:37] <runelind_q> you want to run it as root or a regular user?
[01:37] <jrwren> Yuri4_: a crontab entry with @reboot isntead of `m h dom mon dow` works well
[01:38] <runelind_q> that's what I was going to recommend.
[01:38] <Yuri4_> runelind_q, as root
[01:38] <runelind_q> sudo crontab -e
[01:38] <runelind_q> then do what jrwren recommended.
[01:38] <Yuri4_> jrwren, I'm very new to linux.
[01:38] <Yuri4_> Wher do I put that entry?
[01:40] <Yuri4_> Hmmm. Google says that crontab is timebased
[01:40] <Yuri4_> I only need it run once after boot
[01:40] <Yuri4_> Is this good solution?
[01:43] <Yuri4_> Guys?
[01:48] <runelind_q> yeah, if you set it to @reboot instead of a time, it will run the script on boot
[01:49] <Yuri4_> runelind_q, but it will run only after user logins?
[01:50] <Yuri4_> I'm on server and need to run that command when server restarts
[01:50] <runelind_q> no, it will run during the boot process, even before a user logs in.
[01:50] <runelind_q> jrwren: I'm assuming I want to swap eth0 for ens160 which is my actual interface name when I make changes to /etc/network/interfaces
[01:50] <runelind_q> ?
[01:51] <jrwren> runelind_q: yes.
[01:51] <Yuri4_> runelind_q, I'm new to linux. So how do I execute on every boo, let's say "sudo mount_folder_x"?
[01:51] <Yuri4_> boot*
[01:51] <runelind_q> oh, if you want to mount something, you want to edit /etc/fstab
[01:52] <Yuri4_> runelind_q, no, I absolutely don't want to do that
[01:52] <Yuri4_> it already broke to servers
[01:52] <Yuri4_> two*
[01:53] <Yuri4_> I just want to run it on every reboot
[01:53] <runelind_q> https://help.ubuntu.com/community/CronHowto
[01:53] <Yuri4_> And if it fails it doesn't break servers
[01:53] <jrwren> learn how to do it without "breaking" the servers ;]
[01:53] <runelind_q> look into the part about @reboot
[01:53] <Yuri4_> jrwren, I did everything correctly. I belive there is a bug in service I'm usuing
[01:53] <runelind_q> probably not
[01:54] <Yuri4_> jrwren, I'm very new to linux and can't understand that manual. I've been reading it for 10 min. Could you provide an example, how to do it, please?
[01:54] <Yuri4_> I don't uderstand how to do it
[01:54] <runelind_q> the link I provided is very thorough.
[01:56] <Yuri4_> runelind_q, It is thorough, but I'm a noob. I don't understand what it saying
[01:56] <Yuri4_> could you just give an example, please?
[01:56] <Yuri4_> I'm windows sysadmin, not linux
[01:57] <jrwren> Yuri4_: sorry, i've been doing this for 20yrs, if the docs at https://help.ubuntu.com/community/CronHowto aren't readable, I'm afraid i cannot help.
[01:57] <runelind_q> sudo crontab -e
[01:57] <runelind_q> then @reboot /path/to/script
[01:57] <Yuri4_> runelind_q, thank you!
[01:57] <Yuri4_> jrwren, see how it's done?
[01:57] <Yuri4_> runelind_q, you are the best!
[01:57] <jrwren> I do see.
[01:57] <jrwren> Thanks.
[02:09] <Yuri4_> runelind_q, I did sudo crontab -e then added @reboot /home/prouser/startup/command
[02:09] <Yuri4_> but it doesn't execute
[02:10] <runelind_q> did you set chmod +x /home/prouser/startup/command ?
[02:10] <Yuri4_> runelind_q, no
[02:11] <Yuri4_> runelind_q, thank you
[02:15] <runelind_q> jrwren: ok, my guest gets a v6 address, but I can't ping6 it.
[02:15] <runelind_q> I set v6 forwarding =1
[02:18] <Yuri4_> runelind_q, I added 2 commands for @ reboot.  sudo mount -t cifs //myaccountname.file.core.windows.net/mysharename ./mymountpoint -o vers=3.0,username=myaccountname,password=StorageAccountKeyEndingIn==,dir_mode=0777,file_mode=0777 - this doesn't work
[02:18] <jrwren> runelind_q: a routable address, not just link local?
[02:18] <Yuri4_> but sudo mkdir - works
[02:19] <runelind_q> jrwren: yeah, routable
[02:19] <jrwren> runelind_q: I'm not familiar with SLAAC. I only use radvd
[02:19] <runelind_q> jrwren: SLAAC is the autoconfigured addresses from radvd
[02:20] <runelind_q> Yuri4_: put it into a script, run chmod +x on the script, then manually execute the script to make sure it works.
[02:20] <runelind_q> put the full path to all commnds
[02:20] <runelind_q> like /bin/mount instead of mount
[02:21] <Yuri4_> remix_tj, yeah it's full path. 1 command works and anothe doesn't
[02:21] <Yuri4_> how do I mannualy execute the script?
[02:24] <Yuri4_> runelind_q, when I do it mannualy both command works
[02:24] <Yuri4_> but on boot only 1 works
[02:25] <Yuri4_> this one doesn't sudo mount -t cifs //myaccountname.file.core.windows.net/mysharename ./mymountpoint -o vers=3.0,username=myaccountname,password=StorageAccountKeyEndingIn==,dir_mode=0777,file_mode=0777
[02:26] <runelind_q> you don't do sudo, just mount, since it runs as root
[02:26] <runelind_q> and make sure you have /bin/sudo in there.
[02:26] <runelind_q> and this should really really really really be done in fstab
[02:27] <Yuri4_> runelind_q, when I do it in fstab my serve stops booting
[02:27] <Yuri4_> server*
[02:33] <Yuri4_> runelind_q, still doesn't work
[02:33] <Yuri4_> I hade sudo mkdir though and it executed fine
[02:34] <runelind_q> I dunno man.
[02:34] <runelind_q> sounds like you need to hire someone to come over.
[02:39] <Yuri4_> runelind_q, that's me who have been hired to do that
[02:39] <Yuri4_> is there another option to do that on each boot?
[02:39] <Yuri4_> not cron?
[02:40] <runelind_q> nope, hire someone else as a subcontractor.
[02:42] <patdk-lap> did you add the _netdev flag?
[02:43] <winslow___> Hi all. Sorry if anyone responded recently. I had to travel some. Any word on the ubuntu xenial64 vagrant images being missing?
[02:49] <runelind_q> net.ipv6.conf.all.forwarding=1
[02:49] <runelind_q> net.ipv6.conf.br0.accept_ra=2
[02:49] <runelind_q> net.ipv6.conf.default.forwarding=1
[02:50] <runelind_q> guest gets a v6 address, but I can't ping it.
[02:56] <Yuri4_> runelind_q, I fiexed it by adding sleep 30; before the command
[02:56] <Yuri4_> thank you for the help!
[02:56] <patdk-lap> must be a dns issue
[02:56] <Yuri4_> patdk-lap, maybe some durty hack to change server IP after boot?
[02:57] <Yuri4_> when I put it into FSTAB it broke both my server that took 8 hours to set up
[03:13] <masuberu> I need to install fure-utils on ubuntu 16.04, any help?
[03:13] <masuberu> fuse-utils sorry
[04:00] <runelind_q> furry-utils
[05:37] <winslow___> FYI, I filed https://bugs.launchpad.net/cloud-images/+bug/1590647 just so this isn't lost
[06:58] <House> hi all, i've got sssd+ad working for ssh, login & sudo, but for the life of me i cant get "smbclient -k" or automount to work for any passwordless access to smb fileserver. just get a timeout. all ok if i skip the '-k' and manually enter password, but automount won't work, and multi-user access in fstab requires a passwordless method.     anyone have this working?
[07:41] <toshywoshy> Is there a significant difference between Debian partitioning and Ubuntu partitioning, as my debian preseed file used on ubuntu 16.04lts keeps on asking me to confirm the partitions manually
[07:49] <Odd_Bloke> nacc: Thanks for the pointer to that Vagrant bug. :)
[08:00] <toshywoshy> is there any way to prevent the installer from asking me to confirm manually the partition setup layout if it is already defined in an expert layout?
[08:05] <frickler> toshywoshy: this is what we use for our trusty and xenial nodes: http://paste.ubuntu.com/17138951/
[08:06] <toshywoshy> frickler: thanks, in the second partition you have '-1' as the maximum value, is that better than having '1000000000'?
[08:08] <frickler> toshywoshy: IIUC it will use the maximum available size, I'm not sure what happens if you use a value too large for your current disc
[08:11] <frickler> toshywoshy: I did some searching on the net to get that part together some years ago, most of the rest of the file is still the original https://github.com/puppetlabs/razor-server/blob/master/tasks/ubuntu.task/preseed.erb
[08:18] <toshywoshy> frickler: I solved it based upon your preseed file, the solution was adding "d-i partman-auto-lvm/guided_size string max", which is wat the installer was nagging me about to confirm manually, thanks again
[08:21] <frickler> toshywoshy: yw
[08:41] <Thumpxr> so, is uptrack really necessary / makes sense on a private server which host various public services with >100 users?
[08:52] <Teme_> hello
[08:52] <Teme_> anybody wake?
[08:54] <vbotka> Teme_, It's lunch time here man :)
[08:54] <Teme_> aah, sorry to be a bother then ;)
[10:03] <jamespage> coreycb, ddellav: ok so updated oslo.messaging to 5.2.0 - needed for keystone
[10:03] <jamespage> fixed versions for keystone; should build through shortly
[10:03] <jamespage> there where some network connectivity issues overnight - so re-ran some failing builds that got impacted by that
[10:04] <jamespage> also pushed a small fix to pkgos-generate-snapshot to deal with .0b1 correctly -> will map to ~b1 for package version compatibiltiy
[10:05] <jamespage> still tripping on some networky type problems but almost clean
[10:05] <jamespage> I also took a look at the nova-lxd failure - its due to some missing mocking
[10:30] <frickler> jamespage: regarding https://bugs.launchpad.net/bugs/1564812, the main issue is that there is one log-file generated per rootwrap command executed, i.e. one file every 2 seconds for some neutron agents. and they never get cleaned up it seems.
[10:31] <jamespage> frickler, a file per command?
[10:31] <jamespage> or a log entry per command?
[10:32] <frickler> jamespage: no, each sudo invocation generates a new file
[10:32]  * jamespage checks an install
[10:33] <jamespage> frickler, I'm not seeing that on a openstack install we have for QA
[10:33] <jamespage> all sudo calls go to /var/log/auth.log
[10:33] <frickler> jamespage: you need to add "Defaults      log_output" to your /etc/sudoers to trigger the issue, default installation doesn't log anything
[10:35] <jamespage> frickler, well the default logs all commands and output to /var/log/auth.log
[10:36] <jamespage> frickler, no you are right - output is not logged by default
[10:36] <jamespage> only input
[10:37] <frickler> jamespage: yes, but as part of our hardening, we add the above options, so that everything a user does e.g. within a "sudo -i" session, can be looked at afterwards with sudoreplay
[10:37] <jamespage> frickler, ok so your proposed change does not alter the logging of commands to /var/log/auth.log
[10:38] <jamespage> it just stops the creation of the individual files that log_input and log_output turn on?
[10:38] <jamespage> if that's the case I misunderstood the problem - apologies...
[10:38]  * jamespage thinks
[10:40] <frickler> jamespage: at least that is my understanding of the impact of the change, yes
[10:41] <rbasak> Wouldn't turning off output by default be surprising to others who turn it on globally and expect all commands to follow?
[10:41] <rbasak> It seems to me that it would be less surprising for people who choose to turn global logging on to also disable it for specific cases where it is not wanted.
[10:43] <frickler> rbasak: the problem is that you have to do it on the same line, so we would have to patch again this after every package update
[10:43] <rbasak> frickler: it's a conffile. Your modifications should be maintained by packaging. You'll only have to handle it if the packaging changes the conffile it ships.
[10:44] <rbasak> frickler: even if that weren't true, the right fix would be to have some better override features in sudo.
[10:45] <rbasak> I just think that this kind of change just prompts another bug report saying the opposite. It's not the default configuration, so the fix should be to make it easier to get the behaviour you want, rather than changing the default for something that isn't even a default.
[10:45] <rbasak> But anyway, up to jamespage.
[10:48] <jamespage> hence my last /me thinks
[10:49] <jamespage> ;0)
[10:51] <jamespage> rbasak, frickler: this is tricky - I would tend to think it might be better set overrides per user that needs to be excluded
[10:52] <rbasak> Can sudo take that instruction from a separate .d file? In that case that would be the perfect solution - no changes in packaging needed and frickler can add it locally without much concern for what happens on packag eupdates.
[10:53] <ikonia> rbasak: it can
[10:53] <ikonia> I've often used seperate files, eg: normal.rules webowners.rules etc etc
[10:53] <ikonia> just make sure they don't conflict as ordering is not good
[10:54] <rbasak> The files would have rules that overlap. Hence my question.
[10:54] <jamespage> rbasak, looking now
[10:54] <ikonia> that can cause a problem then, I believe the most restrictive rule is honoured
[10:56] <jamespage> something like:
[10:56] <jamespage> Defaults:nova !requiretty,!log_input,!log_output
[10:56] <jamespage> might work ok
[11:00] <jamespage> yes that does work fine - so I still can set global log_ouput, log_input, but nova/neutron whatever gets excluded
[11:00] <jamespage> but still included in auth.log
[11:00] <jamespage> frickler, ^^ that might fit your requirement
[11:02] <jamespage> you can skip !requiretty as well as that's set in the pkg provided sudoers
[11:05] <jamespage> commented on bug as well
[11:08] <jamespage> rbasak, you'll have an opinion on https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1585794 just as I do
[11:10] <jamespage> system users in ldap sounds like bad karma to me...
[11:11] <jamespage> however that's not the actual bug here...
[11:12]  * rbasak looks
[11:15] <rbasak> jamespage: is the bug caused by there being a system user in LDAP, or just some normal user in LDAP that happens to be called "nova"?
[11:16] <rbasak> jamespage: the pattern in that postinst is the normal one. If something needs changing, it'd probably need change across the board (ie. a wider collective decision).
[11:16] <jamespage> rbasak, this issue is that the postinst tries todo usermod on the nova user for a switch in group way back before 12.04
[11:16] <jamespage> nobody -> nova
[11:16] <rbasak> jamespage: ah. That I did question but didn't realise it was relevant.
[11:16] <jamespage> that won't work with an ldap provided user
[11:17] <jamespage> that said I think ldap for system users is a little bonkers...
[11:17] <rbasak> jamespage: I'd do that on an upgrade path only (compare to $2 etc)
[11:17] <rbasak> I didn't think of that from an LDAP perspective though, just a "stepping on the user's customisations unnecessarily" perspective.
[11:19] <rbasak> Always good for upgrade path code to be conditional on the required upgrade versions since then it can be dropped eventually and make things simpler, as well as reduce the likelyhood of some kind of unpredicted conflict when the upgrade path code isn't needed. I guess this is one of those cases.
[11:19] <jamespage> rbasak, tbh that all applied to day 0 packaging anyway
[11:19] <rbasak> I agree that an LDAP system user is pretty broken though, but that's not my justification.
[11:20] <rbasak> Most packaging I've seen would work with an LDAP system user though, if the user knows what he's doing. In that postinsts just leave it alone in that case, and silently accept failure to remove on postrm I think.
[11:20] <rbasak> jamespage: not sure what you mean?
[11:21] <jamespage> rbasak, all of the part of the maintainer script was due to mistakes made prior to 12.04 release...
[11:21] <jamespage> that's pretty much the earliest point we support upgrades from now
[11:21] <rbasak> jamespage: ah, I see. So you could just drop the usermod?
[11:22] <jamespage> just did :-)
[11:23] <rbasak> :-)
[11:39] <coreycb> jamespage, ddellav: all of the newton b1 core packages from our end are backported
[11:40] <coreycb> jamespage, still need this to land I believe before testing right?  https://review.openstack.org/#/c/326597/
[11:55] <jamespage> coreycb, is that the keystone one?
[11:55] <coreycb> jamespage, yep
[12:59] <Xin> stupid question
[12:59] <Xin> but how do I allow access to apache only from my internal network
[12:59] <Xin> no external access
[13:11] <coreycb> ddellav, testing for bug 1546116 is complete.  can you tag the bug as verification-done and verification-liberty-done?
[13:16] <rbasak> nacc: do you want bug 1590623 sponsoring?
[13:26] <ddellav> coreycb ok, i'll try
[13:30] <jamespage> coreycb, ddellav: nova branch build failed fixed; patch accepted upstream!
[13:31] <coreycb> jamespage, that must have landed quick
[13:31] <jamespage> over a week
[13:31] <jamespage> it was just some assert call badness
[13:31] <jamespage> https://review.openstack.org/#/c/318568/
[13:35] <coreycb> jamespage, ah that one
[13:35] <jamespage> coreycb, have fix up for nova-lxd as well as soon as rockstart or zul are around...
[13:35] <jamespage> rockstar rather..
[13:35] <jamespage> doh
[13:35] <coreycb> jamespage, oh awesome
[13:36] <zul> jamespage: yeah no one can approve patches yet
[13:36] <jamespage> zul, ha
[13:36] <jamespage> zul, just ask someone in -infra to add you and rockstar to the groups
[13:36] <jamespage> unless you have already done that...
[13:36] <jamespage> yolanda is alway a good egg :-)
[13:36] <zul> jamespage: i think rockstar already has
[13:36] <jamespage> oh ok
[13:38] <EmilienM> coreycb, jamespage: hey
[13:38] <EmilienM> can I try to deploy newton on xenial?
[13:38] <jamespage> sure
[13:38] <EmilienM> how?
[13:38] <jamespage> EmilienM, ppa:openstack-ubuntu-testing/newton
[13:39] <EmilienM> ok cool
[13:39] <EmilienM> jamespage: did you deploy already?
[13:39] <jamespage> b1 is working its way into the UCA - but that PPA has branch builds for most projects
[13:39] <jamespage> EmilienM, yes
[13:39] <EmilienM> cool
[13:39] <jamespage> EmilienM, you'll probably trip over the changes we've made to the keystone package for wsgi/apache2 support
[13:39] <jamespage> well you might
[13:39] <jamespage> /etc/apache2/sites-enabled/keystone.conf
[13:40] <EmilienM> jamespage: ok so I use ppa but in a close future I can use uca, right?
[13:40]  * jamespage crosses fingers...
[13:40] <jamespage> EmilienM, coreycb or ddellav will email the openstack-dev ML once its all up and verified
[13:41] <EmilienM> ok
[13:41] <jamespage> coreycb, btw I'm going to push all of newton staging -> proposed right now
[13:42] <coreycb> jamespage, +1
[13:42] <jamespage> we may as well test proposed as no one else is just yet...
[13:43] <EmilienM> jamespage: so should I wait that you push and then I test it?
[13:43] <EmilienM> well, let's try the ppa this morning and ping me when you pushed in proposed I'll test it too
[13:43] <jamespage> EmilienM, up to you - will take several hours to work through
[13:43] <EmilienM> ahhhh
[13:43] <EmilienM> ppa :)
[13:43] <jamespage> if you want to start now use the PPA
[13:44] <jamespage> EmilienM, we've done a bit of rejig in the openstack-dashboard packaging as well; the ubuntu theme is just installed alongside the other themes, and is end user selectable.
[13:44] <jamespage> DEFAULT_THEME='xxxx' to switch the default between options - default|ubuntu|material
[13:45] <EmilienM> mhh ok
[13:45] <EmilienM> iberezovskiy: ^ fyi
[13:45]  * EmilienM take notes on https://etherpad.openstack.org/p/puppet-openstack-xenial
[13:46] <EmilienM> jamespage: so you put a default vhost for keystone, right?
[13:47] <jamespage> EmilienM, yah - for admin and public endpoint ports
[13:47] <EmilienM> mhh ok
[13:47] <EmilienM> it's a bit annoying
[13:47] <jamespage> EmilienM, is based on the one keystone provides in httpd
[13:47] <EmilienM> for people using deployment tools like chef/puppet/ansible
[13:47] <jamespage> https/wsgi-keystone.conf
[13:47] <EmilienM> most of people deploy their own vhost
[13:47] <EmilienM> why not in site-available?
[13:47] <EmilienM> it would be better imho
[13:48] <jamespage> EmilienM, for those not using puppet/chef/ansible
[13:49] <EmilienM> it's like zigo does, forcing stuffs
[13:49] <EmilienM> I don't like it... but that's my opinion...
[13:49] <EmilienM> our keystone module already manage vhost with the capacity of configure the vhost
[13:49] <EmilienM> so we'll have to drop this file...
[13:49] <EmilienM> and chef/ansible will have to do the same
[13:49] <EmilienM> people should be able to enable the vhost themselves I think
[13:50] <EmilienM> it's very intrusive to add a vhost & enable it by default
[13:50] <iberezovskiy> jamespage, why did you decide to change this behavior? it always was at sites-available as I know
[13:50] <EmilienM> degorenko, iberezovskiy: FYI I updated https://etherpad.openstack.org/p/puppet-openstack-xenial with the notes I took from ^
[13:50] <EmilienM> right, this change is not cool
[13:51] <jamespage> what are we talking about
[13:51] <EmilienM> keystone vhost
[13:54] <jamespage> keystone has never shipped a sites-avaliable; as there is no longer a eventlet based daemon, we have to provide an enabled daemon in someway
[13:54]  * jamespage ponders this...
[13:55] <EmilienM> I just say, that most of people won't use this vhost in production, because everybody does vhost tunning. In puppet-keystone, we allow such tunning since you can configure everything in the vhost (SSL, workers, etc)
[13:56] <EmilienM> so you better disable it by default and people will enable it before starting apache2
[13:56] <jamespage> I appreciate that...
[13:56] <EmilienM> I think providing a vhost is awesome
[13:56] <EmilienM> it really helps people to easily deploy keystone
[13:56] <EmilienM> but enabling it by default is a bit too much and I think most of people know how to enable a vhost, and if they don't lol. Don't continue OpenStack deployment :)
[13:57] <iberezovskiy> providing of vhost is good, but please do not force to use it
[13:57] <jamespage> I'm actually considering whether we should do the same with the dashboard as well - we should be consistent...
[13:57] <EmilienM> anyway, I kicked off a CI job with PPA, I'll give you feedback as soon as jobs finish
[13:57] <jamespage> coreycb, what do you think?
[13:58] <coreycb> jamespage, we provide init scripts by default, so it seems like a default vhost makes sense
[13:58] <coreycb> jamespage, I think we'll get complaints either way
[13:59] <EmilienM> I just hope the packaging does not start apache by default
[13:59] <EmilienM> ie: apt-get install keystone
[13:59] <jamespage> EmilienM, yes it does
[13:59] <EmilienM> ...
[13:59] <jamespage> because it installs apache2
[13:59] <coreycb> EmilienM, just like horizon
[14:00] <EmilienM> ansible/chef/puppet folks will have big issues
[14:00] <EmilienM> for orchestration
[14:01] <jamespage> this is really about which expectations we break
[14:01] <jamespage> I mr end user install keystone, and nothing is running
[14:01] <jamespage> unlike pretty much everything else in the archive..
[14:01]  * jamespage ponders this some more...
[14:04] <jamespage> EmilienM, ftr I think 'big issues' is over egging it a bit - disabling a site is not that hard :-)
[14:05] <jamespage> yes you will have to make a change to adapt to the changes in packaging behaviour...
[14:07] <EmilienM> my concern is that ubuntu packaging is getting more and more intrusive
[14:08] <EmilienM> I don't think production deployments need you to start apache, they have orchestration tools and they need to decide when they start services
[14:08] <EmilienM> but anyway, yeah we can workaround all-the-things, I just say it's getting worse over the releases.
[14:08] <coreycb> EmilienM, do you have examples?
[14:08] <EmilienM> coreycb: containers
[14:09] <EmilienM> coreycb: or people who use puppet/ansible/chef/whatever
[14:09] <coreycb> EmilienM, containers where?
[14:09] <EmilienM> they want to wait before starting apache, maybe they need to add more vhosts before
[14:09] <coreycb> EmilienM, do you have examples of where we're getting worse?
[14:09] <EmilienM> coreycb: keystone is the right example I guess
[14:10] <EmilienM> as it's a core service that everyone use
[14:10] <ogra_> EmilienM, enforced starting of services is a core part of the debian packaging requirements since over a decade ... thats not an ubuntu thing at all
[14:10] <ogra_> has been like that forever for debian packages
[14:10] <EmilienM> great, if everyone likes it then I'm wrong
[14:10]  * ogra_ didnt say he likes it, but it is simply like that forever and it is a debian requirement, not an ubuntu one
[14:11] <EmilienM> it's not because it's here forever that we can't change
[14:11] <EmilienM> RDO packaging was a mess a few years ago
[14:11] <EmilienM> (RDO = Red Hat OpenStack packaging)
[14:11] <ogra_> what i'm saying is that you have to change debian
[14:11] <EmilienM> and we changes lot of things, and now things are much better
[14:12] <EmilienM> anyway, I'm trying to satisfy OpenStack community as a Project technical lead of Puppet modules
[14:12] <rbasak> EmilienM: puppet is broken wrt. starting daemons. It takes over running services; it should use policy-rc.d.
[14:12] <EmilienM> and as a PTL I'm trying to engage work with other communities to make things better
[14:12] <EmilienM> our CI deploys Ubuntu jobs so I'm here
[14:13] <rbasak> EmilienM: and if it did, then a default enabled or disabled "site" would make no difference. Your puppet module would just force it one way or other before starting the service.
[14:13] <EmilienM> sure, we'll adapt
[14:13] <EmilienM> just giving feedback, take it it's free ;-)
[14:14] <rbasak> We can't have defaults one way for interactive users and the other way for automation. It makes sense for automation to override things as needed rather than the user because that can be...well, automated.
[14:15] <rbasak> Debian provides the hook necessary to do it. Automation should use it.
[14:20] <caribou> rbasak: just pushed the new merge.v1 tag
[14:26] <rbasak> caribou: thanks! I'm out of time before meetings and EOD today. I'll try to look tomorrow.
[14:26] <caribou> rbasak: no worry & thanks for looking at it
[14:56] <rbasak> stgraber: FYI, bug 1590747 - is CI broken somehow?
[14:56] <nacc> rbasak: if you could, that would be great, just added ~sponsors (re: 1590623)
[14:57] <nacc> Odd_Bloke: np, just figured the context was similar enough (re: vagrant bug)
[14:58] <Odd_Bloke> nacc: Yep, much appreciated!
[14:59] <rbasak> nacc: done
[14:59] <stgraber> rbasak: we don't test those images, so CI isn't broken, Debian most likely is :)
[14:59] <nacc> rbasak: thanks!
[15:00] <stgraber> rbasak: that error seems to indicate that debootstrap succeeded but didn't give us a rootfs with a working /sbin/init :)
[15:00] <rbasak> stgraber: one might argue that not testing the images means that CI is broken :)
[15:00] <rbasak> But fair enough.
[15:06] <stgraber> root@dakara:/var/lib/lxd/containers/foo/rootfs# ls /sbin/init -l
[15:06] <stgraber> lrwxrwxrwx 1 root root 20 May 12 05:39 /sbin/init -> /lib/systemd/systemd
[15:06] <stgraber> root@dakara:/var/lib/lxd/containers/foo/rootfs# ls -lh lib/systemd/systemd
[15:06] <stgraber> ls: cannot access 'lib/systemd/systemd': No such file or directory
[15:06] <stgraber> rbasak: ^
[15:06] <stgraber> so yeah, looks like Debian sid is busted today
[15:06] <stgraber> kinda surprised that debootstrap succeeded though :)
[15:07] <rbasak> stgraber: you checked your host for existence of /sbin/init, not the guest. But yeah, it's broken :)
[15:08] <rbasak> s/guest/image/
[15:08] <stgraber> rbasak: oops
[15:09] <stgraber> root@dakara:/var/lib/lxd/containers/foo/rootfs# ls sbin/init -l
[15:09] <stgraber> ls: cannot access 'sbin/init': No such file or directory
[15:09] <stgraber> it's even worse than I thought :)
[15:09] <stgraber> how the hell is debootstrap succeeding without an init system :)
[15:09] <rbasak> stgraber: well now at least you see the same behaviour I do :)
[15:10] <stgraber> confirmed that debootstrap didn't feel like picking an init system, no error reported during bootstrap... https://jenkins.linuxcontainers.org/view/All/job/lxc-template-debian/arch=amd64,release=sid,restrict=lxc-priv,variant=default/986/console
[15:11] <stgraber> so yeah, that might surprise a few people :)
[15:14] <rbasak> Hmm. deboostrap hasn't changed recently.
[15:50] <jamespage> coreycb, we need to not backport packages which have not changed since xenial (it creates conflicts in the UCA sync)
[15:51] <coreycb> jamespage, oops, ok
[15:52] <coreycb> jamespage, does anything need fixing?
[15:52] <jamespage> coreycb, deleting offenders now
[15:52] <coreycb> jamespage, thanks
[16:25] <mrjazzcat> For reasons I will keep to myself :) I want to install Mitaka OpenStack components on Xenial without tooling.  But, the cloud archive says only Trusty is supported.  What methods can I use, short of building from source?
[16:26] <mrjazzcat> zul:  Can you help me with this Q?  ^
[16:37] <frickler> mrjazzcat: what do you mean by "without tooling"? mitaka packages are part of plain xenial, no need to use any cloud archive anymore
[16:38] <mrjazzcat> frickler: ah, I see.  the packages are already on my machine (or VM)!  Thank you!
[16:39] <Yuri4_> Is it possible to mount.cifs so the files and folders belong to www-data:user1 ?
[16:47] <genii> Yuri4_: That would be done on the server, by setting default user and group in the smb.conf
[16:48] <Yuri4_> genii, I don't have access to that server. Some person at #linux advices me how to do it through mount parametrs now
[16:48] <teward> Yuri4_: the mount parameters they mean is on the server
[16:49] <Yuri4_> genii, meant on SMB server
[16:49] <Yuri4_> of course I have access to the server where I mount it
[16:52] <sdeziel> Yuri4_: on the client, mount with "-o uid=www-data,gid=user1"
[16:52] <Yuri4_> sdeziel, cool!
[16:52] <Yuri4_> thank you
[16:52] <Yuri4_> gonna try
[16:54] <sdeziel> Yuri4_: Here is what my fstab entry looks like: //smb/share /data/share cifs  vers=3.0,rw,noauto,credentials=/etc/samba/simon.secrets,_netdev,nodev,nosuid,noexec,uid=simon,gid=users    0       0
[16:54] <Yuri4_> sdeziel, eh fstab
[16:54] <Yuri4_> already broke my server when I put wrong space
[16:54] <sdeziel> Yuri4_: there is more than what you asked but it shows how the auth creds are decoupled from the local UID/GID mapping
[16:55] <Yuri4_> sdeziel, I just crontab it
[16:55] <sdeziel> Yuri4_: the noauto should allow you to manually test before rebooting :)
[16:55] <Yuri4_> crontab rocks
[16:55] <Yuri4_> @reboot
[17:04] <Yuri4_> sdeziel, is uid = :x:33:
[17:04] <Yuri4_> or just 33?
[17:04] <sdeziel> Yuri4_: just 33 or www-data
[17:05] <Yuri4_> sdeziel, does that command look right? sudo mount -t cifs //myaccountname.file.core.windows.net/mysharename ./mymountpoint -o uid=33,gid=1000 vers=3.0,username=myaccountname,password=StorageAccountKeyEndingIn==,dir_mode=0777,file_mode=0777
[17:05] <Yuri4_> -o uid=33,gid=1000
[17:05] <Yuri4_> other works for sure
[17:05] <Yuri4_> not sure about -o uid=33,gid=1000 syntax
[17:06] <sdeziel> Yuri4_: there seem to be a missing "," between gid=1000 and vers=3.0
[17:06] <Yuri4_> sdeziel, this works  sudo mount -t cifs //myaccountname.file.core.windows.net/mysharename ./mymountpoint -o vers=3.0,username=myaccountname,password=StorageAccountKeyEndingIn==,dir_mode=0777,file_mode=0777
[17:07] <Yuri4_> oh I see
[17:07] <Yuri4_> thank ou!
[17:07] <sdeziel> you are welcome
[17:07] <Yuri4_> sdeziel, seriously, you are the best! Very appreciate your help!
[17:07] <sdeziel> Yuri4_: using sudo will mean the credentials will leak into /var/log/auth.log
[17:08] <Yuri4_> sdeziel, it will be without sudo
[17:08] <sdeziel> Yuri4_: credentials= has the advantage to avoid such leaks
[17:08] <Yuri4_> it will run as crontab script @reboot
[17:08] <Yuri4_> without sudo
[17:08] <Yuri4_> and it won't ask for credentials
[17:23] <hallyn> gaughen: hi - so afaik the only ppl inside canonical using vmbuilder are the cloud image team.  i'd love it if they would consider maintaining it upstream, and pushing community-relevant patches up
[17:37] <gaughen> hallyn, I'll consider it, but will chat with the team.
[17:43] <hallyn> thx.  the users will appreciate it :)  of course i'd tried to get rid of it during 14.04, but adt was still requiring it at the time...
[17:51] <hhee> hey! guys. how can i create local mirror main ubuntu server repos?
[17:51] <hhee> which tools do i need to use for this?
[17:52] <nacc> hhee: ubumirror?
[17:55] <hhee> nacc, official tool for is?
[17:55] <nacc> hhee: hrm?
[17:56] <hhee> nacc, where can i find out how big main repos?
[17:56] <hhee> nacc, for prepare my hdd :)
[17:57] <nacc> hhee: that i'm not sure, they are large
[17:57] <hhee> nacc, got it. but how large,...
[17:58] <nacc> hhee: i don't know
[17:58] <OerHeks> 80 gb+
[17:58] <OerHeks> https://wiki.ubuntu.com/Mirrors
[17:58] <hhee> OerHeks, thx a lot
[17:59] <OerHeks> wait ...
[17:59] <OerHeks> Make sure you have enough disk space. The Ubuntu archive, as of 2016-04-21, uses about:
[17:59] <OerHeks> 912GB of disk space for the Ubuntu package archive.
[17:59] <OerHeks> 16GB for Ubuntu release CD images... and growing
[18:00] <OerHeks> You might want to check #ubuntu-mirrors too
[18:01] <hhee> OerHeks, for example i need local repo mirror with packages and sources for 14 LTS. (for personal usage)
[18:01] <hhee> OerHeks, got it
[18:04] <hhee> guys. i need it for isolated net, without direct access into the internet
[18:07] <hhee> i mean i dont want to become internet mirror
[18:15] <patdk-wk> define isolated net without direct access
[18:15] <patdk-wk> that sounds like proxy server territory
[18:15] <patdk-wk> unless you actually mean, a isolated disconnected network
[18:17] <hhee> patdk-wk, nope. not proxy territory. place in very remote place, almost without internet or with very expensive one
[18:17] <patdk-wk> ya, that would be really, disconnected
[18:20] <Yuri4_>  
[18:20] <Yuri4_>  Is crontab -e @reboot reliable. I got a very important command there. It won't break, right?
[18:23] <dasjoe> Clearly depends on which cron daemon you're using
[18:24] <Yuri4_> dasjoe, I don't know. I'm running Ubuntu 16.04 server
[18:24] <Yuri4_> how do I check?
[18:31] <dasjoe> Yuri4_: it should simply work, then
[18:31] <Yuri4_> dasjoe, thank you!
[19:06] <jayjo_> I'm having trouble to connecting to mongo on an ec2 ubuntu instance. the mongo command won't connect, but ive run sudo service mongod start and it says its starting. killall mongod says nothing found
[19:06] <jayjo_> ps not showing it either
[19:08] <coreycb> beisner, python-os-brick 0.5.0-0ubuntu3~cloud0 is ready to promote to liberty-updates when you have a moment
[19:10] <coreycb> beisner, manila 1:1.0.0-0ubuntu2~cloud0 is also ready to promote to liberty-updates
[19:10] <beisner> coreycb, ok python-os-brick promoted re: bug 1524989
[19:12] <beisner> coreycb, also manila promoted re: bug 1546116
[19:12] <coreycb> beisner, awesome thanks
[19:12] <beisner> coreycb, yw :)
[20:44] <EmilienM> coreycb, jamespage: results of Xenial/Newton: 2/3 jobs are green, and some failures here and here but nothing really critical
[20:46] <EmilienM> coreycb, jamespage: wait, in fact ppa repo was down and jenkins used xenial repo
[20:48] <EmilienM> testing again
[20:56] <jayjo_> I have a problem with mongodb on ubuntu... I am getting an out of memory error when trying to upload about 12 gb of data to a database. I don't have a much memory, but I have a drive of about 40 GB. Can I add swap space? Is that the best way to do this?
[21:18] <Yuri4_> Can someone help me to understand, why my cronotab -e @reboot script doesn't run?
[21:18] <Yuri4_> sleep 30; mount -t cifs //secret.file.core.windows.net/cgi-bin /var/www/course/cgi-bin -o uid=33,gid=1000,vers=3.0,username=secret,password=PASSWORD,dir_mode=0755,file_mode=0644
[21:25] <jjrabbit443> hello
[21:25] <jjrabbit443> how come folder structure is so much more confusing on unix than windows?
[21:25] <jjrabbit443> All your programs -> Program Files
[21:25] <jjrabbit443> All system files -> Windows
[21:25] <jjrabbit443> All user configurations -> Users
[21:26] <jjrabbit443> all three of those are at the root of the drive and all are pretty much self explanatory
[21:27] <jjrabbit443> what do i get on unix?
[21:27] <jjrabbit443> bin, dev, etc, usr, var, lib and bunch of other 3 letter folders that tells you practically nothing
[21:30] <OerHeks> jjrabbit443, good start https://help.ubuntu.com/community/LinuxFilesystemTreeOverview
[21:30] <rattking> jjrabbit443: there are reasons for all of it. http://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
[21:31] <OerHeks> and rattking's url goes into depth about the folders and purpose
[21:32] <soLucien> hi guys ! how do i overwrite the system apt sources with a single one
[21:32] <soLucien> ?
[21:32] <jjrabbit443> thanks guys
[21:32] <jjrabbit443> i definitely need to read this
[21:33] <jjrabbit443> but keeping things simple is an attractive quality
[21:33] <jjrabbit443> no wonder windows is on every damn computer
[21:33] <OerHeks> soLucien, please don't crosspost, see the apt-proxy answer in #ubuntu
[21:33] <soLucien> http://pasteboard.co/1yYdZxjv.png
[21:33] <soLucien> okay
[21:35] <sudormrf> so...suppose I want something internal where DNS forwards requests for google.com to an internal server.  that internal server then redirects the request to facebook.com, setting up the DNS forward is the easy part
[21:35] <sudormrf> how would I go about forwarding stuff from the apache server over to a different site
[21:41] <JanC> there are by far more linux/unix computers than windows computers in the world
[21:42] <Guest_84757> Allah is doing
[21:42] <Guest_84757> sun is not doing Allah is doing
[21:42] <Guest_84757> moon is not doing Allah is doing
[21:42] <Guest_84757> stars are not doing Allah is doing
[21:43] <Guest_84757> planets are not doing Allah is doing
[21:43] <JanC> Guest_84757: please stay on-topic
[21:43] <JanC> !ops
[21:43] <FManTropyx> praise Allah
[21:43] <Guest_84757> galaxies are not doing Allah is doing
[21:43] <Guest_84757> oceans are not doing Allah is doing
[21:43] <FManTropyx> I haven't gotten around to updating yet
[21:44] <Guest_84757> mountains are not doing Allah is doing
[21:44] <FManTropyx> perhaps Allah will do it for me
[21:44] <Guest_84757> trees are not doing Allah is doing
[21:44] <genii> If he returns and persists, I'll make it a +b
[21:44] <teward> genii: thanks
[21:50] <jjrabbit443> drugs are helluva drug
[21:53] <JanC> been several people who have been spamming "islamic" stuff in various channels on Freenode recently
[21:53] <dirty> E: Package 'vncserver' has no installation candidate
[21:53] <dirty> any idea what's going on guys?
[21:54] <jjrabbit443> JanC: so they're bots?
[21:54] <JanC> jjrabbit443: no
[21:54] <JanC> at least, in one case they responded to someone
[21:54] <genii> dirty: Try vnc4server
[21:55] <soLucien> it is a bot
[21:55] <dirty> genii: strnger, second host I've done this on
[21:55] <dirty> err strange*
[21:55] <dirty> it worked on a second one
[21:55] <jjrabbit443> what do you guys think the population of unix admins is to windows admins
[21:55] <jjrabbit443> 1:60 unix vs windows?
[21:56] <genii> !info vncserver trusty
[21:56] <genii> !info vnc4server trusty
[21:56] <dirty> genii: maybe I was too sleepy and spelled it correctly, I do appreciate it :D
[21:56] <dirty> genii: that did work
[21:57] <genii> dirty: Glad to assist
[21:58] <JanC> “State: not a real package (virtual)”
[21:59] <jjrabbit443> if unix admins are in such high demand it's because there are hardly any right?
[21:59] <count-zero> I keep seeing "[FAILED] Failed to start LXD - container startup/shutdown." when booting a fresh installation of Ubuntu Server 16.04. Running "systemctl status lxd-containers.service" yields the following info "error: open /var/lib/lxd/containers: no such file or directory". I haven't created any LXD containers, so is this error just a result of some sloppy logic in the LXD service during boot? Is this the expected behaviour?
[23:22] <blizzow> count-zero: it's because some idiots thought it would be a good idea to install the lxc/lxd virtualization platform by default in the server installation. Hell, even openssh server is not installed by default.
[23:23] <blizzow> Oh, and there are other (possibly more commonly used) virtualization platforms.
[23:24] <nacc> blizzow: stop being rude.
[23:24] <rbasak> count-zero: please report a bug.
[23:27] <blizzow> nacc: you certainly don't like the fact that I'm calling out LXC/LXD as bad decision, do you?
[23:28] <nacc> blizzow: calling anyone an 'idiot' because you disagree with them, is what i disagree with
[23:32] <blizzow> nacc: at what point exactly is it that you're allowed to call bad policy makers idiots? I want to make sure I speak in a manner you approve.
[23:33] <teward> in this channel, you shouldn't
[23:33] <teward> !rules
[23:33] <teward> for the most part, name calling is against those guidelines
[23:35] <nacc> blizzow: I think you could review the responses in https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1563026
[23:36] <count-zero> rbasak: Will do.
[23:49] <blizzow> teward and nacc, let me rephrase - I disagree wholeheartedly with the geniuses that seeded lxc/lxd into the default server installation. They are mensa level mofos with the looks of supermodels and know practicality better than all others. I should prostrate myself in front of them because I am a lowly user with no value and should have known it was coming because LXC/LXD was in the 15.10 installer.
[23:53] <OerHeks> "LXD does not start the bridge (so no dnsmasq or iptables) until you start interacting with lxd. "  no security risc i guess, only wasted diskspace
[23:54] <teward> ^
[23:54] <teward> blizzow: also, calling someone a 'mofo' is already against the guidelines and rules for respectfulness, please cease with the profanity.