[00:00] <OerHeks> 
=== Kenrinx is now known as kenrin
[00:38] <bopnet> Boa noite!
[00:50] <bopnet> hi!
[02:09] <runelind_q> I added two more network interfaces to my Ubuntu VM, how do I find out what they are named?
[02:09] <runelind_q> this is 16.04
[02:09] <runelind_q> obvs not eth1 and eth2
[02:10] <runelind_q> first adapter is ens160
[02:13] <runelind_q> never mind, I found it via ip link.
[02:14] <runelind_q> why can't the names make sense? :(
=== Mobutils_ is now known as Mobutils
[02:30] <RoyK> runelind_q: the nic naming was changed
[02:31] <runelind_q> indeed.
[02:31] <RoyK> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Consistent_Network_Device_Naming.html says aomething about it
[02:36] <RoyK> no, it's not ubuntu, but the thing is in kernel
[02:41] <nacc> RoyK: udev, not kernel (iiuc): https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
[02:52] <satriyaningjagat> @nacc @RoyK good link .. it answer my old question :)
[03:52] <runelind_q> so for Landscape Dedicated Server you can register 10 computers or VMs or Containers?
[03:52] <runelind_q> I just tried to register a container and it showed up as a computer.
[03:53] <runelind_q> I got LDS 16.03 installed
[05:48] <House> does this channel have a searchable log anywhere?
[05:50] <hateball> House: http://irclogs.ubuntu.com/
[05:50] <House> thanks
=== gms is now known as Guest27527
=== stikky is now known as _gms
=== stikky is now known as _gms
[08:23] <lasus> hey, i'm doing 14.04 to 16.04 upgrade and i'm stuck on 'setting up cmanager (0.39-2ubuntu5) ...' for like 30min. should I 'ctrl+c' and try 'do-release-upgrade -d' again or what?
[09:05] <jelly> lasus: you could pstree the do-release-upgrade process, figure out what's hanging, and gnetly nudge it
=== _degorenko|afk is now known as degorenko
=== iberezovskiy|off is now known as iberezovskiy
[09:44] <lasus> jelly: yeah, 'sudo service cgmanager restart' fixed it. thanks.
[10:21] <bdrung_work> magicalChicken, rbasak and I were talking about lp #869017 on #ubuntu-devel. I solve that issue with this preseed configuration: d-i debian-installer/add-kernel-opts string consoleblank=0 net.ifnames=0
[10:21] <ubottu> Launchpad bug 869017 in kbd (Ubuntu) "Ubuntu server enables screenblanking, concealing crashdumps (DPMS is not used)" [Medium,Triaged] https://launchpad.net/bugs/869017
=== ashleyd is now known as ashd
[10:42] <jamespage> ddellav, coreycb: swift 2.8.0 uploaded to yakkety
[10:42] <jamespage> closed out a couple of bugs at the same time
[10:49] <jamespage> ddellav, coreycb and I see fresh oslo.* as of yesterday...
[10:49] <jamespage> nice
[11:19] <caribou> Is there a way to have squid-deb-proxy not block URL provided by  http://httpredir.debian.org which are not in .debian.org ?
[11:41] <rbasak> caribou: I hit that pain. I ended up flipping everything to use a fixed mirror. Alternatively you could loosen squid-deb-proxy's ACL.
[11:41] <caribou> rbasak: yeah,I think I'll use the fixed mirror
[12:24] <hxm> hello, can i use dd for create an image of the current disk in use?
[12:44] <lordievader> You could... but writes to the disk make this tricky. If it can be set to read-only it would make it alot easier.
=== deadnull_ is now known as _deadnull
=== _deadnull is now known as deadnull_
[13:44] <BrianBlaze> when I log into my ubuntu server 16.04 it says restart required... is it updating on its own?
[13:44] <hateball> BrianBlaze: you may have enabled automatic security updates when you installed
[13:45] <BrianBlaze> I don't remember the option but it's always possible
[13:45] <BrianBlaze> thanks
[13:46] <Odd_Bloke> Automatic security updates are enabled by default in 16.04, I believe.
[13:46] <teward> Odd_Bloke: you get to choose still at the installer screen
[13:46] <teward> but yes security updates should be installed by default for prebuilt images I believe...
[13:47] <Odd_Bloke> teward: Only if you use an installer. ;)
[13:47]  * teward points at his second message which may have gotten briefly caught in the buffer
[13:47] <Odd_Bloke> Well, I wasn't just going to not hit Return after all that typing. :p
[13:47] <teward> :P
[13:48] <BrianBlaze> Well i found file I need to comment out so thanks guys :)
[13:48] <Odd_Bloke> BrianBlaze: Why don't you want automatic security upgrades? :P
[13:49] <BrianBlaze> I don't mind updates but I want to be in control lol
[13:49] <teward> BrianBlaze: be advised you'll have security holes then unless you regularly check the server
[13:49] <teward> I have automatic security updates (but not reboots) on all my servers pushed nightly (via Landscape) without reboots, but that's mostl;y because they're all web facing
[13:49] <BrianBlaze> I do of course and I mean if I have to restart to make fill in the holes it's not actually happening anyways
[13:50] <teward> and the ones that aren't that get updates are in my DMZ
[13:50] <teward> BrianBlaze: you don't have to reboot for most
[13:50] <teward> usually only the kernel upgrades
[13:50] <BrianBlaze> well this is the second time this week it asks me to
[13:55] <teward> BrianBlaze: and?
[13:55] <teward> BrianBlaze: consider this: I have a monthly maintenance period where I reboot my servers
[13:55] <BrianBlaze> that's twice in one week I am restarting a server
[13:55] <BrianBlaze> once a month I can live with
[13:55] <teward> Granted, I review the security updates and determine whether I need to critical-reboot
[13:55] <teward> in 99% of all cases
[13:56] <teward> i don't reboot servers
[13:56] <teward> because the issues fixed in the kernel are ones i'm not worried about (though they exist)
[13:56] <BrianBlaze> well it's asking to reboot to finish the update
[13:56] <teward> BrianBlaze: no, it's saying that "To finish kernel reboots please restart so you can boot into that kernel" most likely
[13:56] <teward> that's not the same as "Go reboot now" like Windows does
[13:56] <teward> you are **not required to restart your server after each update run**
[13:56] <BrianBlaze> for sure
[13:56] <teward> it's recommended, but not required
[13:57] <teward> so, use auto updates, but don't reboot unless you think it's necessary
[13:57] <BrianBlaze> but I figured if you don't restart then the update you just did isn't completed
[13:57] <teward> i think you need to start reading the USNs
[13:57] <teward> and understanding *what* these updates are
[13:57] <sdeziel> BrianBlaze: some updates apply "live" while other require the service to be manually restarted
[13:57] <teward> and *what* they entail
[13:57] <teward> sdeziel: isn't that 'most' updates?
[13:58] <BrianBlaze> when the server is asking me to reboot
[13:58] <teward> BrianBlaze: and by 'service' they mean software
[13:58] <teward> NOT the server reboot
[13:58] <BrianBlaze> doesn't that assume i need to?
[13:58] <teward> BrianBlaze: again, read the USNs.  Server reboots are for specific cases
[13:58] <sdeziel> teward: updates to libs generally don't trigger service restarts of all the services/binaries using them
[13:58] <teward> either kernel updates which *can't* be implemented without booting to the kernel
[13:58] <BrianBlaze> well that;s the message I have been getting
[13:58] <BrianBlaze> reboot server
[13:58] <teward> or C library issues that force it
[13:58] <BrianBlaze> twice in a week
[13:58] <teward> BrianBlaze: I have 25 servers
[13:58] <teward> all of them require a reboot to apply kernel updates
[13:59] <BrianBlaze> which is where the security updates will be right?
[13:59] <teward> hate my IRC client
[13:59] <teward> BrianBlaze: ONLY for the kernel
[13:59] <teward> let me finish
[13:59] <BrianBlaze> i hear you
[13:59] <teward> I reveiwed the USNs for the kernel updates
[13:59] <teward> and evaluated the risk to my servers
[13:59] <teward> I evaluated them as 'low'
[13:59] <teward> and then pushed the 'reboot' to the monthly reboot issued by Landscape to my servers
[13:59] <BrianBlaze> okay I understand
[13:59] <BrianBlaze> USNs are my friend
[13:59] <BrianBlaze> :)
[14:00] <teward> so, in an ideal world, you would reboot daily to get all the updates.
[14:00] <teward> in the PRACTICAL world... you analyze the updates yourself
[14:00] <teward> determine the need to reboot
[14:00] <teward> and if the need doesn't exist, ignore the message
[14:00] <teward> it's just there as informational
[14:00] <BrianBlaze> gotcha
[14:00] <jrwren> teward: purchase landscape support and many security updates are dynamically applied to the kernel using canonical-liveupdate ;]
[14:00] <BrianBlaze> get out of windows mentality
[14:00] <BrianBlaze> lol
[14:00] <teward> jrwren: :P
[14:00] <teward> jrwren: yeah, well, Landscape's expensive, and these servers're mine ;)
[14:01] <jrwren> teward: indeed.  25 is a lot for one person. Why so many?
[14:01] <teward> jrwren: service separation, VPSes, etc.
[14:01] <teward> also
[14:01] <teward> test servers
[14:01] <jrwren> teward: life is about choices :p
[14:01] <teward> nginx update testing, etc.
[14:01] <teward> :)
[14:01] <teward> of that 25, i only really care about 8, the others are run for clients ;)
[14:01] <jrwren> teward: lxc/lxd for all that, then they cna share a kernel, and share downtime when you need to reboot the one kernel
[14:02] <teward> jrwren: 14.04 old, been around longer than lxc/lxd
[14:02] <jrwren> oh.. clients, well clients pay you. factor in cost of landscape when billing clients
[14:02] <teward> jrwren: also, E:NoStaticIP
[14:02] <teward> can't run all that from one or two hypervisors/boxes
[14:02] <teward> and some clients want 'dedicated IP space' which requires VPSes or dedis offsite
[14:02] <jrwren> teward: ah, yes, I understand the legacy.
[14:06] <BrianBlaze> thanks for making it clear teward much appreciated
[14:11] <runelind_q> I thought the 4.x series kernel didn't require reboot after upgrading?
[14:13] <teward> runelind_q: I don't think it does, but that's 16.04 world I believe?
[14:13] <runelind_q> yeah, I have 16.04 and just updated to the newest kernel and it prompted me for reboot.
[14:14]  * teward shrugs
[14:15] <teward> I think live patching can be done but reboots still work a tad better for some cases
[14:15] <teward> that's a Kernel Team / Security Team thing
[14:15] <teward> :)
[14:17] <runelind_q> And Landscape standalone identifies containers as full computers by design?
[14:19] <jrwren> does anyone know of a good nginx update source for 14.04? is 16.04's nginx in trusty backports? Maybe I could rebuild that deb myself?
[14:24] <andol> jrwren: https://launchpad.net/~nginx/+archive/ubuntu/stable is maintained by the same guy who does most of the work on the nginx packages on the official repos.
[14:24] <iliv> exit
[14:24] <iliv> oops
[14:25] <jrwren> andol: thank you! that is exactly for what I was looking
[14:41] <jamespage> coreycb, ddellav: newton branch and proposed deployable with charms now btw; however
[14:41] <jamespage> nova-compute is borking on loading auth information for neutron access...
[14:41] <jamespage> looking at that now
[14:42] <coreycb> jamespage, awesome (almost) :)
=== HouseMD is now known as SpikeSpiegel
[14:52] <Sairon> We're having troubles every now and then with our wehbosts SMTP server getting blacklisted, probably because it's shared. We do have an ubuntu server box at the office, and what I'd like to do is setup an SMTP server in order to avoid the problem. It would seem postfix is the way to go, but is this possible without moving the domain over to the ubuntu box? If it's possible, I'd love to
[14:52] <Sairon> get some pointers on what to look into
[14:54] <teward> Sairon: i assume you mean SMTP for a web site/service
[14:54] <teward> ?
[14:55] <Sairon> I want to use it for all our outgoing emails, hopefully being able to set it up in gmail which all of us use
[14:55] <ivoks> your problem is sending mail
[14:55] <ivoks> you don't need to move domain for that
[14:56] <ivoks> just set up your own postfix on your server
[14:56] <ivoks> and make sure that server is added to SPF as designated SMTP IP
[14:56] <ivoks> +, if you use, make sure it's DKIM key is also valid
[14:56] <teward> but you have to give any external servers access to the SMTP and such
[14:56] <teward> as well
[14:56] <ivoks> correct
[14:57] <teward> so if you have any off-site services using SMTP (like at your web host) you have to configure them to reach into your office ubuntu server where SMTP is located to send from
[14:57] <ivoks> he shouldn't use office' server
[14:57] <ivoks> it should be a proper server, within a DC
[14:57] <ivoks> :)
[14:58] <Sairon> Thanks, have something to start with at least :)
[14:59] <ivoks> you can run an instance in amazon or something
[15:28] <ddellav> coreycb there's a requirement update for aodh mitaka point release, should I maintain it? I thought version changes for SRU's were prohibited?
[15:31] <coreycb> ddellav, what's the update?
[15:31] <ddellav> coreycb tooz 0.16.0 -> 1.28.0
[15:32] <coreycb> ddellav, yikes
[15:38] <ddellav> coreycb yea... lol
[15:40] <cucumber> Hello
[15:40] <cucumber>  I just switched from CentOS to Ubuntu server and realized it was installing updates automatically even though I chose "no" during the setup. It seems that unattended-upgrades is on by default.... why is this the case?
[15:42] <Walex> cucumber: "unattended-upgrades" is by default just security upgrades. Avoids leaving vulnerable machines on the net
[15:44] <cucumber> Walex: I understand that. But it feels a bit Windows like
[15:49] <jamespage> ddellav, aodh is not on the same type of cadence as other projects
[15:49] <jamespage> but that is odd
[15:50] <jamespage> that said we're all good on versions anyway so I'd not worry to much
[15:51] <ddellav> jamespage ok, im going to skip it for now
[15:53] <coreycb> ddellav, jamespage, that update is actually fine, since it is inline with g-r: https://github.com/openstack/requirements/blob/stable/mitaka/global-requirements.txt
[15:59] <coreycb> ddellav, btw the cinder ci failure I think that's just a patch not applying cleanly.
[16:00] <ddellav> coreycb ok, i will check it out
[16:00] <coreycb> ddellav, see "Hunk #x FAILED"
=== iberezovskiy is now known as iberezovskiy|afk
[16:51] <yebyen> does anyone know about the OVA images like ubuntu-16.04-server-cloudimg-amd64.ova ?
[16:52] <yebyen> i downloaded one to use in a vsphere template, but i am having trouble importing it
[16:52] <yebyen> and i'm having a look at the manifest and it looks wrong in a couple of ways, but i wasn't able to find any launchpad bugs filed about it
[16:53] <yebyen> the import fails i'm assuming because the manifest has an invalid sha in it
[16:53] <yebyen> (about to confirm that)
[16:55] <yebyen> actually looks like the SHA256 sums are correct
[16:55] <yebyen> maybe there is a syntax error in the manifest?
[16:55] <yebyen> if anyone uses these OVAs and has run into similar issues i'd love to pick your brain for a minute
=== iberezovskiy|afk is now known as iberezovskiy
[17:21] <yebyen> i guess that ESXi/vSphere does not support SHA256 hashes in the OVA manifest
[17:22] <yebyen> i rebuilt the manifest as SHA1 hashes and tarred it back up, works fine now
=== degorenko is now known as _degorenko|afk
[17:44] <yebyen> well that's cool
[17:47] <yebyen> does anyone use vagrant-vsphere?
[17:48] <ddellav> coreycb getting this error when building keystone after point releaase: http://paste.ubuntu.com/17178697/ I checked and cryptography 1.2 is whats currently available in xenial so not sure why it's breaking on that dependency.
[17:49] <ddellav> also coreycb cinder ci failure fixed: lp:~ddellav/ubuntu/+source/cinder
[17:50] <ddellav> coreycb for the mitaka SRU, lp:~ddellav/ubuntu/+source/neutron, lp:~ddellav/ubuntu/+source/neutron-vpnaas, lp:~ddellav/ubuntu/+source/aodh ready for review, once i figure out that keystone build failure that will be ready as well
[17:50] <ddellav> coreycb no changes to neutron-lbaas and neutron-fwaas so i skipped those in the SRU
[17:51] <coreycb> ddellav, I think we hit that python-cryptography != issue recently
[17:51] <coreycb> I think dh_python had a fix
[17:55] <coreycb> ddellav, jamespage fixed that in bug 1581065
[17:55] <ubottu> bug 1581065 in dh-python (Ubuntu Yakkety) "incorrect parsing of != dependency versions" [High,Fix released] https://launchpad.net/bugs/1581065
[17:55] <ddellav> coreycb ok, cool, thanks
[17:56] <coreycb> ddellav, but this is on xenial?
[17:56] <coreycb> ddellav, it should be fixed on xenial
[17:57] <ddellav> coreycb yea, building in xenial
[17:58] <coreycb> ddellav, has the chroot been updated recently?
[17:58] <ddellav> coreycb actually yes i updated it this morning
[17:58] <coreycb> ddellav, hmm, darn
[17:59] <coreycb> ddellav, ok let me see if I can recreate
[17:59] <ddellav> ok, i will push up my branch
[17:59] <coreycb> thx
[17:59] <ddellav> coreycb lp:~ddellav/ubuntu/+source/keystone
=== iberezovskiy is now known as iberezovskiy|afk
[18:05] <ddellav> coreycb ugh, xstatic build error with horizon, this looks very familiar though I dont have any notes on how to fix it: http://paste.ubuntu.com/17179390/ http://paste.ubuntu.com/17179390/
[18:05] <ddellav> coreycb oops, meant to paste this instead of the pastebin again lp:~ddellav/ubuntu/+source/horizon
[18:06] <coreycb> ddellav, I think there's a patch that updates the python path, that may need updates
[18:07] <ddellav> coreycb ok, i ran all the patches and they applied without fuzz or offsets
[18:10] <coreycb> ddellav, ok you might have to look at the code
[18:12] <ddellav> coreycb say whaaaaaaat? how cruel and unusual lol
[18:22] <jzulauf_> created and AMI from the 16.04 image, but cannot login to it.
[18:23] <jzulauf_> I used the standard 16.04 LTS hvm image and added some packages.
[18:23] <ikonia> does the standard image work / let you login in
[18:24] <jzulauf_> After creating an AMI from the running image, I launch it, but cannot log in.  Am I missing a step?
[18:24] <ikonia> have you allocated a key to it ?
[18:24] <ikonia> do you have the private key
[18:24] <ikonia> whats the error when you login
[18:24] <jzulauf_> I allocated a key to the original
[18:25] <jzulauf_> enabled sshd passwd login
[18:25] <jzulauf_> have attempted launch with and without key pair generation, but the passwd is always rejected
[18:25] <jzulauf_> I can boot the orginal AMI and login with passwd.
[18:25] <ikonia> so then you've altered the base image more than you thought
[18:26] <ikonia> go back to the original AMI and start again
[18:26] <ikonia> maybe make modular changes
[18:26] <jzulauf_> ?
[18:26] <coreycb> ddellav, cinder is pushed
[18:26] <ikonia> go back to the orignial image - confirm it works, then make one or two changes, build the ami, test it, it works continue to make more changes it fails, back up
[18:27] <jzulauf_> so... go to the original image.  create an AMI with no changes and see if I can launch it?
[18:29] <jzulauf_> should what I'm doing work, or do I need to somehow reenable the ssh inject of the new key pair when launching the created AMI?
[18:32] <coreycb> ddellav, do the rest build ok (minus keystone)?
[18:32] <ddellav> coreycb yes
[18:32] <ddellav> coreycb also horizon is broken, but im looking into that
[18:32] <jrwren> cloud-init handles the installing of the ssh-key from metadata.
[18:32] <jrwren> jzulauf_: how much changes are you making to the AMI? it may be easier to use cloud-config from cloud-init to make the changes on machine instance start rather than rebuild an AMI.
[18:32] <jzulauf_> I'm enabling passwd ssh, installing a handfull of packages
[18:32] <jzulauf_> (cpp development + tmate)
[18:34] <jzulauf_> and adding a default passwd.
[18:34] <ikonia> jzulauf_: there is no need for any additional step
[18:34] <jzulauf_> okay.
[18:34] <jzulauf_> looking at cloud-config
[18:35] <jrwren> jzulauf_: for those little things, cloud-config sounds perfect. I'd not bother with AMI building
[18:35] <ikonia> I would bother
[18:35] <coreycb> ddellav, your stable/mitaka branch of keystone seeems to be building ok for me against xenial.  it's running tests now.
[18:35] <ikonia> as each time you launch it it will have to run
[18:36] <jzulauf_> is there a good quickstart for cloud-config?
[18:36] <ddellav> coreycb mine failed after the tests ran
[18:36] <ddellav> coreycb it ran for a solid 30 minutes before it failed heh
[18:36] <ikonia> I'd only use a config tool to change variable data, eg: dns name depending on what region its in
[18:36] <ikonia> if you have a persistent need for those packages, build it into the ami
[18:36] <coreycb> ddellav, ah.  I'll stay tuned then.
[18:46] <coreycb> ddellav, neutron uploaded
[19:08] <coreycb> ddellav, aodh uploaded
[19:09] <ddellav> coreycb excellent, thanks
[19:13] <hhee> guys, what most known company are using ubuntu-server?
[19:13] <hhee> companies
[19:13] <hhee> just interesting
[19:15] <genii> hhee: http://www.ubuntu.com/server bottom right of page, "Read our success stories"
[19:15] <hhee> genii, thx a lot
[19:15] <genii> More like mid-page,actually ...
[19:27] <genii> hhee: Also others to be found at http://insights.ubuntu.com/group/cloud-and-server?cat=1172
[19:34] <hhee> genii, got it
[19:38] <coreycb> ddellav, neutron-vpnaas uploaded, I switched that over to ostestr to
[19:41] <jzulauf_> the issue appears to be adding a password (that is timed out) to the default ubuntu user.
[19:42] <jzulauf_> so I've added another user with a default timed-out passwd.
[19:43] <jzulauf_> that appears to work.
=== iberezovskiy|afk is now known as iberezovskiy
[19:53] <coreycb> ddellav, I'm hitting that keystone python-cryptography dh-python != issue too.. another option is to patch requirements.txt
[19:56] <ddellav> coreycb if jamespage fixed it, how can we get that fix to apply to this?
[19:57] <coreycb> ddellav, I think it's just manifesting itself differently
=== guntbert_ is now known as guntbert
[20:42] <adac> if I want to start gparted on my server via ssh -X I get: (gpartedbin:4272): Gtk-WARNING **: cannot open display:  any ideas how to resolve this?
=== iberezovskiy is now known as iberezovskiy|off
=== tinoco is now known as tinoco-vacation
=== tinoco-vacation is now known as tinoco
=== tinoco is now known as tinoco-vacation
[21:36] <dasjoe> Why would you want to start a GUI application on a server without a display?
[21:49] <teward> dasjoe: -X enables x-forwarding :p
[21:49] <teward> which means it should show on their system's side but run from the remote guest
[21:49] <teward> but good question
[22:28] <dasjoe> teward: oh right, I didn't read the -X part :)
[22:28] <teward> adac: ignore those warnings
[22:28] <teward> because I get them launching gparted from the terminal locally on any computer as well
[22:29] <adac> teward, I did not do ssh -X but only normal ssh
[22:29] <adac> that was the problem
[22:29] <teward> um
[22:29] <teward> adac: you said `ssh -X`:  [2016-06-10 16:42:26] <adac> if I want to start gparted on my server via ssh -X I get: (gpartedbin:4272): Gtk-WARNING **: cannot open display:  any ideas how to resolve this?
[22:30] <teward> adac: if you run without -X that's the problem - it can't access a display, nor the 'virtual' connection that's being presented via SSH
[22:30] <teward> (because there isn't one)
[22:30] <teward> when you use -X it 'masquerades' your system as the display (I don't know the proper word) and throws the graphical parts to your system
[22:30] <adac> teward, yes taht was the problem. I thought I'd set X but I didnt
[22:30] <teward> ah OK
[22:30] <teward> adac: cool :)
[22:30] <teward> glad you fixifed it :)
[22:30] <adac> yeah :D
[22:30] <adac> all works!