/srv/irclogs.ubuntu.com/2016/06/10/#ubuntu-server.txt

OerHeks00:00
=== Kenrinx is now known as kenrin
bopnetBoa noite!00:38
bopnethi!00:50
runelind_qI added two more network interfaces to my Ubuntu VM, how do I find out what they are named?02:09
runelind_qthis is 16.0402:09
runelind_qobvs not eth1 and eth202:09
runelind_qfirst adapter is ens16002:10
runelind_qnever mind, I found it via ip link.02:13
runelind_qwhy can't the names make sense? :(02:14
=== Mobutils_ is now known as Mobutils
RoyKrunelind_q: the nic naming was changed02:30
runelind_qindeed.02:31
RoyKhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Consistent_Network_Device_Naming.html says aomething about it02:31
RoyKno, it's not ubuntu, but the thing is in kernel02:36
naccRoyK: udev, not kernel (iiuc): https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/02:41
satriyaningjagat@nacc @RoyK good link .. it answer my old question :)02:52
runelind_qso for Landscape Dedicated Server you can register 10 computers or VMs or Containers?03:52
runelind_qI just tried to register a container and it showed up as a computer.03:52
runelind_qI got LDS 16.03 installed03:53
Housedoes this channel have a searchable log anywhere?05:48
hateballHouse: http://irclogs.ubuntu.com/05:50
Housethanks05:50
=== gms is now known as Guest27527
=== stikky is now known as _gms
=== stikky is now known as _gms
lasushey, i'm doing 14.04 to 16.04 upgrade and i'm stuck on 'setting up cmanager (0.39-2ubuntu5) ...' for like 30min. should I 'ctrl+c' and try 'do-release-upgrade -d' again or what?08:23
jellylasus: you could pstree the do-release-upgrade process, figure out what's hanging, and gnetly nudge it09:05
=== _degorenko|afk is now known as degorenko
=== iberezovskiy|off is now known as iberezovskiy
lasusjelly: yeah, 'sudo service cgmanager restart' fixed it. thanks.09:44
bdrung_workmagicalChicken, rbasak and I were talking about lp #869017 on #ubuntu-devel. I solve that issue with this preseed configuration: d-i debian-installer/add-kernel-opts string consoleblank=0 net.ifnames=010:21
ubottuLaunchpad bug 869017 in kbd (Ubuntu) "Ubuntu server enables screenblanking, concealing crashdumps (DPMS is not used)" [Medium,Triaged] https://launchpad.net/bugs/86901710:21
=== ashleyd is now known as ashd
jamespageddellav, coreycb: swift 2.8.0 uploaded to yakkety10:42
jamespageclosed out a couple of bugs at the same time10:42
jamespageddellav, coreycb and I see fresh oslo.* as of yesterday...10:49
jamespagenice10:49
caribouIs there a way to have squid-deb-proxy not block URL provided by  http://httpredir.debian.org which are not in .debian.org ?11:19
rbasakcaribou: I hit that pain. I ended up flipping everything to use a fixed mirror. Alternatively you could loosen squid-deb-proxy's ACL.11:41
caribourbasak: yeah,I think I'll use the fixed mirror11:41
hxmhello, can i use dd for create an image of the current disk in use?12:24
lordievaderYou could... but writes to the disk make this tricky. If it can be set to read-only it would make it alot easier.12:44
=== deadnull_ is now known as _deadnull
=== _deadnull is now known as deadnull_
BrianBlazewhen I log into my ubuntu server 16.04 it says restart required... is it updating on its own?13:44
hateballBrianBlaze: you may have enabled automatic security updates when you installed13:44
BrianBlazeI don't remember the option but it's always possible13:45
BrianBlazethanks13:45
Odd_BlokeAutomatic security updates are enabled by default in 16.04, I believe.13:46
tewardOdd_Bloke: you get to choose still at the installer screen13:46
tewardbut yes security updates should be installed by default for prebuilt images I believe...13:46
Odd_Bloketeward: Only if you use an installer. ;)13:47
* teward points at his second message which may have gotten briefly caught in the buffer13:47
Odd_BlokeWell, I wasn't just going to not hit Return after all that typing. :p13:47
teward:P13:47
BrianBlazeWell i found file I need to comment out so thanks guys :)13:48
Odd_BlokeBrianBlaze: Why don't you want automatic security upgrades? :P13:48
BrianBlazeI don't mind updates but I want to be in control lol13:49
tewardBrianBlaze: be advised you'll have security holes then unless you regularly check the server13:49
tewardI have automatic security updates (but not reboots) on all my servers pushed nightly (via Landscape) without reboots, but that's mostl;y because they're all web facing13:49
BrianBlazeI do of course and I mean if I have to restart to make fill in the holes it's not actually happening anyways13:49
tewardand the ones that aren't that get updates are in my DMZ13:50
tewardBrianBlaze: you don't have to reboot for most13:50
tewardusually only the kernel upgrades13:50
BrianBlazewell this is the second time this week it asks me to13:50
tewardBrianBlaze: and?13:55
tewardBrianBlaze: consider this: I have a monthly maintenance period where I reboot my servers13:55
BrianBlazethat's twice in one week I am restarting a server13:55
BrianBlazeonce a month I can live with13:55
tewardGranted, I review the security updates and determine whether I need to critical-reboot13:55
tewardin 99% of all cases13:55
tewardi don't reboot servers13:56
tewardbecause the issues fixed in the kernel are ones i'm not worried about (though they exist)13:56
BrianBlazewell it's asking to reboot to finish the update13:56
tewardBrianBlaze: no, it's saying that "To finish kernel reboots please restart so you can boot into that kernel" most likely13:56
tewardthat's not the same as "Go reboot now" like Windows does13:56
tewardyou are **not required to restart your server after each update run**13:56
BrianBlazefor sure13:56
tewardit's recommended, but not required13:56
tewardso, use auto updates, but don't reboot unless you think it's necessary13:57
BrianBlazebut I figured if you don't restart then the update you just did isn't completed13:57
tewardi think you need to start reading the USNs13:57
tewardand understanding *what* these updates are13:57
sdezielBrianBlaze: some updates apply "live" while other require the service to be manually restarted13:57
tewardand *what* they entail13:57
tewardsdeziel: isn't that 'most' updates?13:57
BrianBlazewhen the server is asking me to reboot13:58
tewardBrianBlaze: and by 'service' they mean software13:58
tewardNOT the server reboot13:58
BrianBlazedoesn't that assume i need to?13:58
tewardBrianBlaze: again, read the USNs.  Server reboots are for specific cases13:58
sdezielteward: updates to libs generally don't trigger service restarts of all the services/binaries using them13:58
tewardeither kernel updates which *can't* be implemented without booting to the kernel13:58
BrianBlazewell that;s the message I have been getting13:58
BrianBlazereboot server13:58
tewardor C library issues that force it13:58
BrianBlazetwice in a week13:58
tewardBrianBlaze: I have 25 servers13:58
tewardall of them require a reboot to apply kernel updates13:58
BrianBlazewhich is where the security updates will be right?13:59
tewardhate my IRC client13:59
tewardBrianBlaze: ONLY for the kernel13:59
tewardlet me finish13:59
BrianBlazei hear you13:59
tewardI reveiwed the USNs for the kernel updates13:59
tewardand evaluated the risk to my servers13:59
tewardI evaluated them as 'low'13:59
tewardand then pushed the 'reboot' to the monthly reboot issued by Landscape to my servers13:59
BrianBlazeokay I understand13:59
BrianBlazeUSNs are my friend13:59
BrianBlaze:)13:59
tewardso, in an ideal world, you would reboot daily to get all the updates.14:00
tewardin the PRACTICAL world... you analyze the updates yourself14:00
tewarddetermine the need to reboot14:00
tewardand if the need doesn't exist, ignore the message14:00
tewardit's just there as informational14:00
BrianBlazegotcha14:00
jrwrenteward: purchase landscape support and many security updates are dynamically applied to the kernel using canonical-liveupdate ;]14:00
BrianBlazeget out of windows mentality14:00
BrianBlazelol14:00
tewardjrwren: :P14:00
tewardjrwren: yeah, well, Landscape's expensive, and these servers're mine ;)14:00
jrwrenteward: indeed.  25 is a lot for one person. Why so many?14:01
tewardjrwren: service separation, VPSes, etc.14:01
tewardalso14:01
tewardtest servers14:01
jrwrenteward: life is about choices :p14:01
tewardnginx update testing, etc.14:01
teward:)14:01
tewardof that 25, i only really care about 8, the others are run for clients ;)14:01
jrwrenteward: lxc/lxd for all that, then they cna share a kernel, and share downtime when you need to reboot the one kernel14:01
tewardjrwren: 14.04 old, been around longer than lxc/lxd14:02
jrwrenoh.. clients, well clients pay you. factor in cost of landscape when billing clients14:02
tewardjrwren: also, E:NoStaticIP14:02
tewardcan't run all that from one or two hypervisors/boxes14:02
tewardand some clients want 'dedicated IP space' which requires VPSes or dedis offsite14:02
jrwrenteward: ah, yes, I understand the legacy.14:02
BrianBlazethanks for making it clear teward much appreciated14:06
runelind_qI thought the 4.x series kernel didn't require reboot after upgrading?14:11
tewardrunelind_q: I don't think it does, but that's 16.04 world I believe?14:13
runelind_qyeah, I have 16.04 and just updated to the newest kernel and it prompted me for reboot.14:13
* teward shrugs14:14
tewardI think live patching can be done but reboots still work a tad better for some cases14:15
tewardthat's a Kernel Team / Security Team thing14:15
teward:)14:15
runelind_qAnd Landscape standalone identifies containers as full computers by design?14:17
jrwrendoes anyone know of a good nginx update source for 14.04? is 16.04's nginx in trusty backports? Maybe I could rebuild that deb myself?14:19
andoljrwren: https://launchpad.net/~nginx/+archive/ubuntu/stable is maintained by the same guy who does most of the work on the nginx packages on the official repos.14:24
ilivexit14:24
ilivoops14:24
jrwrenandol: thank you! that is exactly for what I was looking14:25
jamespagecoreycb, ddellav: newton branch and proposed deployable with charms now btw; however14:41
jamespagenova-compute is borking on loading auth information for neutron access...14:41
jamespagelooking at that now14:41
coreycbjamespage, awesome (almost) :)14:42
=== HouseMD is now known as SpikeSpiegel
SaironWe're having troubles every now and then with our wehbosts SMTP server getting blacklisted, probably because it's shared. We do have an ubuntu server box at the office, and what I'd like to do is setup an SMTP server in order to avoid the problem. It would seem postfix is the way to go, but is this possible without moving the domain over to the ubuntu box? If it's possible, I'd love to14:52
Saironget some pointers on what to look into14:52
tewardSairon: i assume you mean SMTP for a web site/service14:54
teward?14:54
SaironI want to use it for all our outgoing emails, hopefully being able to set it up in gmail which all of us use14:55
ivoksyour problem is sending mail14:55
ivoksyou don't need to move domain for that14:55
ivoksjust set up your own postfix on your server14:56
ivoksand make sure that server is added to SPF as designated SMTP IP14:56
ivoks+, if you use, make sure it's DKIM key is also valid14:56
tewardbut you have to give any external servers access to the SMTP and such14:56
tewardas well14:56
ivokscorrect14:56
tewardso if you have any off-site services using SMTP (like at your web host) you have to configure them to reach into your office ubuntu server where SMTP is located to send from14:57
ivokshe shouldn't use office' server14:57
ivoksit should be a proper server, within a DC14:57
ivoks:)14:57
SaironThanks, have something to start with at least :)14:58
ivoksyou can run an instance in amazon or something14:59
ddellavcoreycb there's a requirement update for aodh mitaka point release, should I maintain it? I thought version changes for SRU's were prohibited?15:28
coreycbddellav, what's the update?15:31
ddellavcoreycb tooz 0.16.0 -> 1.28.015:31
coreycbddellav, yikes15:32
ddellavcoreycb yea... lol15:38
cucumberHello15:40
cucumber I just switched from CentOS to Ubuntu server and realized it was installing updates automatically even though I chose "no" during the setup. It seems that unattended-upgrades is on by default.... why is this the case?15:40
Walexcucumber: "unattended-upgrades" is by default just security upgrades. Avoids leaving vulnerable machines on the net15:42
cucumberWalex: I understand that. But it feels a bit Windows like15:44
jamespageddellav, aodh is not on the same type of cadence as other projects15:49
jamespagebut that is odd15:49
jamespagethat said we're all good on versions anyway so I'd not worry to much15:50
ddellavjamespage ok, im going to skip it for now15:51
coreycbddellav, jamespage, that update is actually fine, since it is inline with g-r: https://github.com/openstack/requirements/blob/stable/mitaka/global-requirements.txt15:53
coreycbddellav, btw the cinder ci failure I think that's just a patch not applying cleanly.15:59
ddellavcoreycb ok, i will check it out16:00
coreycbddellav, see "Hunk #x FAILED"16:00
=== iberezovskiy is now known as iberezovskiy|afk
yebyendoes anyone know about the OVA images like ubuntu-16.04-server-cloudimg-amd64.ova ?16:51
yebyeni downloaded one to use in a vsphere template, but i am having trouble importing it16:52
yebyenand i'm having a look at the manifest and it looks wrong in a couple of ways, but i wasn't able to find any launchpad bugs filed about it16:52
yebyenthe import fails i'm assuming because the manifest has an invalid sha in it16:53
yebyen(about to confirm that)16:53
yebyenactually looks like the SHA256 sums are correct16:55
yebyenmaybe there is a syntax error in the manifest?16:55
yebyenif anyone uses these OVAs and has run into similar issues i'd love to pick your brain for a minute16:55
=== iberezovskiy|afk is now known as iberezovskiy
yebyeni guess that ESXi/vSphere does not support SHA256 hashes in the OVA manifest17:21
yebyeni rebuilt the manifest as SHA1 hashes and tarred it back up, works fine now17:22
=== degorenko is now known as _degorenko|afk
yebyenwell that's cool17:44
yebyendoes anyone use vagrant-vsphere?17:47
ddellavcoreycb getting this error when building keystone after point releaase: http://paste.ubuntu.com/17178697/ I checked and cryptography 1.2 is whats currently available in xenial so not sure why it's breaking on that dependency.17:48
ddellavalso coreycb cinder ci failure fixed: lp:~ddellav/ubuntu/+source/cinder17:49
ddellavcoreycb for the mitaka SRU, lp:~ddellav/ubuntu/+source/neutron, lp:~ddellav/ubuntu/+source/neutron-vpnaas, lp:~ddellav/ubuntu/+source/aodh ready for review, once i figure out that keystone build failure that will be ready as well17:50
ddellavcoreycb no changes to neutron-lbaas and neutron-fwaas so i skipped those in the SRU17:50
coreycbddellav, I think we hit that python-cryptography != issue recently17:51
coreycbI think dh_python had a fix17:51
coreycbddellav, jamespage fixed that in bug 158106517:55
ubottubug 1581065 in dh-python (Ubuntu Yakkety) "incorrect parsing of != dependency versions" [High,Fix released] https://launchpad.net/bugs/158106517:55
ddellavcoreycb ok, cool, thanks17:55
coreycbddellav, but this is on xenial?17:56
coreycbddellav, it should be fixed on xenial17:56
ddellavcoreycb yea, building in xenial17:57
coreycbddellav, has the chroot been updated recently?17:58
ddellavcoreycb actually yes i updated it this morning17:58
coreycbddellav, hmm, darn17:58
coreycbddellav, ok let me see if I can recreate17:59
ddellavok, i will push up my branch17:59
coreycbthx17:59
ddellavcoreycb lp:~ddellav/ubuntu/+source/keystone17:59
=== iberezovskiy is now known as iberezovskiy|afk
ddellavcoreycb ugh, xstatic build error with horizon, this looks very familiar though I dont have any notes on how to fix it: http://paste.ubuntu.com/17179390/ http://paste.ubuntu.com/17179390/18:05
ddellavcoreycb oops, meant to paste this instead of the pastebin again lp:~ddellav/ubuntu/+source/horizon18:05
coreycbddellav, I think there's a patch that updates the python path, that may need updates18:06
ddellavcoreycb ok, i ran all the patches and they applied without fuzz or offsets18:07
coreycbddellav, ok you might have to look at the code18:10
ddellavcoreycb say whaaaaaaat? how cruel and unusual lol18:12
jzulauf_created and AMI from the 16.04 image, but cannot login to it.18:22
jzulauf_I used the standard 16.04 LTS hvm image and added some packages.18:23
ikoniadoes the standard image work / let you login in18:23
jzulauf_After creating an AMI from the running image, I launch it, but cannot log in.  Am I missing a step?18:24
ikoniahave you allocated a key to it ?18:24
ikoniado you have the private key18:24
ikoniawhats the error when you login18:24
jzulauf_I allocated a key to the original18:24
jzulauf_enabled sshd passwd login18:25
jzulauf_have attempted launch with and without key pair generation, but the passwd is always rejected18:25
jzulauf_I can boot the orginal AMI and login with passwd.18:25
ikoniaso then you've altered the base image more than you thought18:25
ikoniago back to the original AMI and start again18:26
ikoniamaybe make modular changes18:26
jzulauf_?18:26
coreycbddellav, cinder is pushed18:26
ikoniago back to the orignial image - confirm it works, then make one or two changes, build the ami, test it, it works continue to make more changes it fails, back up18:26
jzulauf_so... go to the original image.  create an AMI with no changes and see if I can launch it?18:27
jzulauf_should what I'm doing work, or do I need to somehow reenable the ssh inject of the new key pair when launching the created AMI?18:29
coreycbddellav, do the rest build ok (minus keystone)?18:32
ddellavcoreycb yes18:32
ddellavcoreycb also horizon is broken, but im looking into that18:32
jrwrencloud-init handles the installing of the ssh-key from metadata.18:32
jrwrenjzulauf_: how much changes are you making to the AMI? it may be easier to use cloud-config from cloud-init to make the changes on machine instance start rather than rebuild an AMI.18:32
jzulauf_I'm enabling passwd ssh, installing a handfull of packages18:32
jzulauf_(cpp development + tmate)18:32
jzulauf_and adding a default passwd.18:34
ikoniajzulauf_: there is no need for any additional step18:34
jzulauf_okay.18:34
jzulauf_looking at cloud-config18:34
jrwrenjzulauf_: for those little things, cloud-config sounds perfect. I'd not bother with AMI building18:35
ikoniaI would bother18:35
coreycbddellav, your stable/mitaka branch of keystone seeems to be building ok for me against xenial.  it's running tests now.18:35
ikoniaas each time you launch it it will have to run18:35
jzulauf_is there a good quickstart for cloud-config?18:36
ddellavcoreycb mine failed after the tests ran18:36
ddellavcoreycb it ran for a solid 30 minutes before it failed heh18:36
ikoniaI'd only use a config tool to change variable data, eg: dns name depending on what region its in18:36
ikoniaif you have a persistent need for those packages, build it into the ami18:36
coreycbddellav, ah.  I'll stay tuned then.18:36
coreycbddellav, neutron uploaded18:46
coreycbddellav, aodh uploaded19:08
ddellavcoreycb excellent, thanks19:09
hheeguys, what most known company are using ubuntu-server?19:13
hheecompanies19:13
hheejust interesting19:13
geniihhee: http://www.ubuntu.com/server bottom right of page, "Read our success stories"19:15
hheegenii, thx a lot19:15
geniiMore like mid-page,actually ...19:15
geniihhee: Also others to be found at http://insights.ubuntu.com/group/cloud-and-server?cat=117219:27
hheegenii, got it19:34
coreycbddellav, neutron-vpnaas uploaded, I switched that over to ostestr to19:38
jzulauf_the issue appears to be adding a password (that is timed out) to the default ubuntu user.19:41
jzulauf_so I've added another user with a default timed-out passwd.19:42
jzulauf_that appears to work.19:43
=== iberezovskiy|afk is now known as iberezovskiy
coreycbddellav, I'm hitting that keystone python-cryptography dh-python != issue too.. another option is to patch requirements.txt19:53
ddellavcoreycb if jamespage fixed it, how can we get that fix to apply to this?19:56
coreycbddellav, I think it's just manifesting itself differently19:57
=== guntbert_ is now known as guntbert
adacif I want to start gparted on my server via ssh -X I get: (gpartedbin:4272): Gtk-WARNING **: cannot open display:  any ideas how to resolve this?20:42
=== iberezovskiy is now known as iberezovskiy|off
=== tinoco is now known as tinoco-vacation
=== tinoco-vacation is now known as tinoco
=== tinoco is now known as tinoco-vacation
dasjoeWhy would you want to start a GUI application on a server without a display?21:36
tewarddasjoe: -X enables x-forwarding :p21:49
tewardwhich means it should show on their system's side but run from the remote guest21:49
tewardbut good question21:49
dasjoeteward: oh right, I didn't read the -X part :)22:28
tewardadac: ignore those warnings22:28
tewardbecause I get them launching gparted from the terminal locally on any computer as well22:28
adacteward, I did not do ssh -X but only normal ssh22:29
adacthat was the problem22:29
tewardum22:29
tewardadac: you said `ssh -X`:  [2016-06-10 16:42:26] <adac> if I want to start gparted on my server via ssh -X I get: (gpartedbin:4272): Gtk-WARNING **: cannot open display:  any ideas how to resolve this?22:29
tewardadac: if you run without -X that's the problem - it can't access a display, nor the 'virtual' connection that's being presented via SSH22:30
teward(because there isn't one)22:30
tewardwhen you use -X it 'masquerades' your system as the display (I don't know the proper word) and throws the graphical parts to your system22:30
adacteward, yes taht was the problem. I thought I'd set X but I didnt22:30
tewardah OK22:30
tewardadac: cool :)22:30
tewardglad you fixifed it :)22:30
adacyeah :D22:30
adacall works!22:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!