[01:05] <v1s> I am trying to share connection with users on eth and wifi for some reason seems ip's are getting assigned but seems only one of the systems connected is actually able to connect and even able to get ping'd and its kind random depending when rebooted. Any ideas?
[01:07] <v1s> using ubuntu 16.04 server hostapd,dnsmasq
[02:30] <sarnold> v1s: are you doing standard NAT things? maybe pastebin your iptables ocmmands, that might help someone spot the issue
[03:30] <v1s> sarnold: here is my iptable rules http://pastebin.com/R8a8Vnce
[03:32] <v1s> my /etc/network/interface file: http://pastebin.com/S9evC2eD
[03:35] <patdk-lap> that is one very interesting ruleset for iptables
[03:38] <v1s> but is it bad?
[03:38] <patdk-lap> as far as, very loose and insecure? sure
[03:40] <v1s> hostapd conf: http://pastebin.com/zVuUFuQ9
[03:41] <v1s> dnsmasq conf: http://pastebin.com/nB8cYBcP
[03:42] <v1s> the problem is seems only one system is reachable on the network
[03:42] <v1s> security is a later concern
[06:59] <jamespage> coreycb, awesome!
[08:06] <frickler> coreycb: thanks for the update, lets hope that this gets accepted faster than the other stuff that is pending for almost a month now
[09:44] <frickler> coreycb: do you use gbp-pq to manage your patch sets? I'm assume not, because I'm getting something like http://paste.ubuntu.com/19160062/ if I do an import/export. it would be very helpful if you could get that cleaned up some day. (note: I've only just started to use gbp, so maybe I'm doing something wrong here)
[10:04] <cpaelzer> frickler: Hi I'm as new to gbp as you, but isn't gbp pq only needed if you need/want per-release-branch patch queues - maybe that isn't needed (yet)
[10:04] <cpaelzer> well, whatever the reasoning was it is for coreycb to clarify
[10:05] <rbasak> Sounds like the quilt patches just need dep3 headers.
[10:10] <cpaelzer> http://dep.debian.net/deps/dep3/
[11:49] <codepython777> dpkg --set-selections - hangs - how do i fix this?
[12:06] <cpaelzer> codepython777: on what does it hang?
[12:06] <cpaelzer> codepython777: ps axlf on column wchan
[12:06] <cpaelzer> codepython777: or /proc/<pid>/wchan
[12:06] <cpaelzer> rbasak: another bug for me please? (if not I'll try to pick one that wears the right tags)
[12:08] <cpaelzer> codepython777: also it is waiting for stdin, you are feeding a file to it right?
[12:08] <rbasak> cpaelzer: fancy preparing some MySQL SRUs for me? I was going to do those next, but I'd appreciate someone else reviewing the patches, and I can do some sponsorship/triaging/assignments instead perhaps?
[12:09] <cpaelzer> rbasak: I can try to review whatever you point me to
[12:09] <rbasak> OK, let me find them.
[12:09]  * cpaelzer lacks a review experience, but that means room to grow
[12:12] <rbasak> cpaelzer: there are four patches that I think are in Yakkety but need SRUing to Xenial:
[12:12] <rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=f12dd3fb5387113585a981e2b8d234e81c6a630d
[12:12] <rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=5d0dc4726f4a7b395c165907765f841547519ce9
[12:12] <rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=86c9a9052500551d94ed71318e785c5b23b2ff2c
[12:12] <rbasak> http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
[12:13] <rbasak> cpaelzer: finally, https://github.com/ltangvald/mysql-5.7/commit/fa6ea034692 also needs pushing to Debian, adding to Yakkety and SRUing to Xenial, together with the latest MySQL point release (.13 IIRC). pitti already reviewed this one, and had one suggestion (match against start of line or word boundary), so no need for you to look at it, I'm just including for completeness.
[12:14] <rbasak> cpaelzer: some of these fixes are essential for Xenial but also invasive, so I'm being quite cautious, which is why I haven't got round to them yet. So I'd appreciate an additional pair of eyes.
[12:15] <rbasak> cpaelzer: as well as any of your thoughts towards testing
[12:15] <cpaelzer> rbasak: so the task for now would be to backport, prep a debdiff and all needed for an SRU (test descriptions, reasoning) for Xenial of mysql
[12:15] <cpaelzer> rbasak: and then testing around which could be done by any of us, best by both :-)
[12:16] <rbasak> cpaelzer: that's the full task, yes. I don't necessarily intend to hand all of it to you, but at the same time I'm fed up of MySQL having been working on it in Debian so much for a couple of weeks :-/
[12:16] <cpaelzer> rbasak: I'll just start and at the end of the day we can check status and pass along among us
[12:16] <rbasak> cpaelzer: I'm keen to get the SRU done before the 16.04.1 point release. It would be nice to make the ISO image, but my main reason is timing, as more people will mass upgrade to Xenial. So I'm already a bit behind.
[12:16] <rbasak> cpaelzer: thank you :)
[12:17] <rbasak> cpaelzer: I'm hoping to do one mega-SRU which includes these five patches and the latest upstream microrelease.
[12:17] <coreycb> jamespage, can you add manila to the daily ci for liberty?
[12:19] <coreycb> ddellav, you'll want to get the packages you're testing promoted to liberty-proposed before you test them: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/liberty_versions.html
[12:32] <ddellav> jamespage beisner can one of you guys promote python-glance-store 0.9.2 to liberty-proposed from staging please?
[12:53] <cpaelzer> rbasak: I'd like to mark bug 1584234 as dup to bug 1571865 (just as bug 1567884 already is) and then state the master one fixed by SRUing http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
[12:54] <cpaelzer> ack?
[12:55] <cpaelzer> I see why you are building on digglett :-)
[13:03] <cpaelzer> rbasak: FYI patches almost applied fine, debdiff and changelog prepared - Test design written in pseudocode - now starting with the real work to convert that pseudocode in something that reliably triggers to be our verification after the fix
[13:09] <rbasak> cpaelzer: sorry, just catching up
[13:10] <rbasak> cpaelzer: I think bug 1571865 is separate. Did something refer to that?
[13:10] <rbasak> cpaelzer: this bug is that the default settings do not work if the system has low RAM. I've hit that myself. I think a proper fix might be to detect that situation and offer different default settings or something, but I'm not planning that for this current SRU.
[13:11] <cpaelzer> rbasak: essentially 1584234 is a special case of 1571865, it fails to start - just instead of tweaked config it is (actually any sort of) insufficient system config
[13:11] <cpaelzer> rbasak: I'm fine not linking them, just thought so
[13:12] <rbasak> cpaelzer: they're different, IMHO, because they have separate root causes. So as we apply fixes for different root causes, we want to track progress separately.
[13:12] <rbasak> cpaelzer: there is perhaps a third bug that the error message is unhelpful.
[13:13] <cpaelzer> rbasak: I just came by as I searched which one to adress with the last fix you linked - you don't have to over-work that now - you have time until the final SRU takes place to modify changelogs :-)
[13:13] <cpaelzer> rbasak: didn't want to stall whatever you do
[13:43] <rbasak> cpaelzer: FYI, I'm fixing up/testing https://github.com/ltangvald/mysql-5.7/commit/fa6ea034692, since that will block you soon.
[13:44] <rbasak> My plan is to push to Debian VCS and cherry-pick into Yakkety. Then we can SRU everything together.
[13:46] <cpaelzer> rbasak: I'm testing those two options already in the scope of the "fail with better error message" bug
[13:46] <cpaelzer> rbasak: but I see how auto-converting them is a better fix
[13:46] <rbasak> cpaelzer: OK. Note also https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/1596056 which will make it slightly better.
[13:46] <cpaelzer> rbasak: fyi http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=f12dd3fb5387113585a981e2b8d234e81c6a630d alone is incomplete as it is not removing it from the .install file
[13:47] <rbasak> cpaelzer: also there is http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=7897042ea6c65aeb608fb28b4b54639d3dbf3352
[13:47] <rbasak> cpaelzer: I guess we could SRU that patch as well
[13:48] <cpaelzer> rbasak: you already added that to the list I should watch before :-)
[13:48] <rbasak> Oh, sorry :)
[13:48] <rbasak> So many patches!
[13:48] <cpaelzer> hehe
[13:48] <cpaelzer> you said mega SRU
[13:48] <cpaelzer> you get mega SRU
[13:48] <rbasak> :)
[13:48] <cpaelzer> That is why my testing isn't so much about testing, but about documenting the shortest possible way to trigger&verify an issue
[13:51] <rbasak> cpaelzer: wrt. not dropping from the install file, good catch. There's also http://anonscm.debian.org/cgit/pkg-mysql/mysql.git/commit/?id=b79c5b96d881b1d93f9da48f78d3e7155fb9cd84 which I think I forgot to mention.
[13:51] <rbasak> cpaelzer: debian-start still remains afterwards, but becomes a no-op.
[13:52] <cpaelzer> rbasak: that is just what I added :-)
[13:52] <rbasak> cpaelzer: I thought that was a safer approach than dropping debian-start entirely, in case users have locally modified upstart files.
[13:52] <rbasak> cpaelzer: thanks :)
[13:52] <rbasak> cpaelzer: mega SRU == complexity :-/
[13:53] <beisner> hi ddellav, promoted python-glance-store 0.9.2-0ubuntu1~cloud0 to uca liberty-proposed re: bug 1596973
[14:00] <v1s> I am running hostapd / dnsmasq but only one of the connected clients is reachable any one have any idea why that maybe?
[14:02] <lordievader> They get an ip?
[14:03] <v1s> yes
[14:04] <v1s> they get ip address
[14:05] <lordievader> Do they respond to arp?
[14:07] <v1s> do u mean $arp IPADDRESS
[14:08] <lordievader> Do they respond when you arpping them?
[14:10] <v1s> yes they both respond when arping them
[14:12] <coreycb> ddellav, jamespage: trove and ironic uploaded for yakkety.  I haven't seen any other core packages released by upstream yet.
[14:12] <jamespage> coreycb, awesome
[14:12] <jamespage> due this week right?
[14:12] <lordievader> v1s: Is there a firewall active?
[14:12] <coreycb> jamespage, yep
[14:12] <jamespage> coreycb, uh-oh whole load of red on the master branch builds
[14:13] <jamespage> I better take a look
[14:13] <v1s> lordievader: no I did not put one
[14:13] <coreycb> jamespage, it seems like tooling issues possibly
[14:14] <lordievader> v1s: Do both reply to ping?
[14:16] <v1s> lordievader: only one replies. If if both are connected. if only one of them is connected then it will ping
[14:16] <v1s> lordievader: it will not ping more then one of the ip address if there are more then one system connected
[14:16] <lordievader> v1s: But both reply to arp when both are connected?
[14:17] <v1s> lordievader: yes correct
[14:17] <lordievader> v1s: How did you configure your address space?
[14:18] <v1s> lordievader: single line in dnsmasq.conf http://pastebin.com/1Bts1bFz
[14:18] <jamespage> zul, any specific reason pylxd declares  python-cryptography (>= 1.4)
[14:18] <jamespage> ?
[14:19] <lordievader> v1s: What routes do all the boxes have to each other?
[14:20] <jamespage> coreycb, there are some installability issues on xenial in the ppa
[14:20] <v1s> lordievader: do u mean my routing table?
[14:21] <v1s> if so http://pastebin.com/hBvJR52i
[14:21] <lordievader> v1s: Part of that, for example does your AP have a route to the whole address space?
[14:21] <coreycb> jamespage, hmm, ok
[14:21] <zul> jamespage: off the top of my head i dont remember....check with rockstar
[14:21] <lordievader> v1s: That looks okay.
[14:22] <jamespage> zul, I don't really want to have to backport cryptography to the UCA so early in the 2 year interim release cycle
[14:22] <lordievader> v1s: Can the two clients ping each other?
[14:22] <jamespage> so if its not required...
[14:22] <v1s> lordievader: no only the one that I am able to ping can ping me back
[14:22] <zul> jamespage: ahaha....yeah i can see that
[14:22] <lordievader> v1s: That is not what I am asking, can client one ping client two.
[14:22] <jamespage> zul, that's not inline with global-requirements btw
[14:23] <v1s> lordievader: sorry no it can not
[14:23] <zul> jamespage: 2.0.3?
[14:23] <zul> or 2.0.2
[14:23] <jamespage> zul, 2.0.3
[14:23] <zul> jamespage: yeah i need to update that
[14:23] <jamespage> zul, https://github.com/openstack/requirements/blob/master/global-requirements.txt#L23
[14:23] <jamespage> zul, please do its blocking manila and nova-lxd builds atm
[14:24] <zul> jamespage:yeah pylxd is not apart of the openstack project so it doesnt sync with the global-requirements.txt
[14:24] <lordievader> v1s: What happens when you tcpdump everything (on the AP) from everything of an unpingable client, and then let that client ping the AP?
[14:24] <jamespage> zul, sure but it would be a good idea given desire to be in-tree if it aligned right :-)
[14:24] <jamespage> oh wait sorry - getting confused
[14:24] <jamespage> I see
[14:25] <zul> jamespage: yeah
[14:25] <jamespage> zul, lets check with rockstart
[14:25] <jamespage> r
[14:25] <zul> he should been on #ubuntu-server but he isnt..
[14:28] <v1s> lordievader: I am not expert with tcpdump but is this what you mean? http://pastebin.com/1siL3JLA
[14:28] <v1s> lordievader: right now I can reach WINDOWS-5910H5R but cannot reach gary-PC
[14:31] <lordievader> v1s: Interesting, I get the feeling your ARP responses don't make it to the client. I'd tcpdump there to verify.
[14:32] <v1s> lordievader: u think something in the server is blocking it ?
[14:33] <lordievader> v1s: No, I am saying it might not reach it destination. I have no idea wether this is true, or even if there is something blocking it.
[14:34] <lordievader> First find the problem, then find the cause ;)
[14:45] <ddellav> thanks beisner
[14:46] <codepython777> cpaelzer: thank you!
[14:46] <nacc_> cpaelzer: thanks for covering last week; i blame the holidays
[14:47] <codepython777> If I have to do 100s of apt-gets, how can i do this so that I dont have to download all these from the web everytime?
[14:47] <nacc_> codepython777: i thought someone answered you yesterday in #ubuntu
[14:48] <codepython777> nacc_: not this one? If you saw the answer, can you please cut and paste?
[14:48] <nacc_> codepython777: is your only goal to avoid downloading the packages?
[14:48] <codepython777> nacc_: I use a usb stick to run a script that installs a lot of packages
[14:48] <nacc_> codepython777: and i assume you mean on multiple machines?
[14:48] <codepython777> nacc_: At this point, it would be nice if i could avoid downloading
[14:48] <codepython777> nacc_: yes
[14:48] <cpaelzer> nacc_: hehe
[14:49] <nacc_> codepython777: the issue you run into is the time delay between one machine and the next; what if you're installing what are now insecure packages (due to -security updates to them)
[14:49] <cpaelzer> nacc_: you are welcome, and due to the holidays it wasn't th emost crowded and complex of meetings
[14:49] <codepython777> nacc_: Then we do a apt-get update/upgrade after the whole install process?
[14:49] <nacc_> cpaelzer: regardless, thanks -- and i'll do today's meeting
[14:49] <nacc_> codepython777: ok, so you're hoping to statistically catch most; just making sure you were doing that step
[14:49] <RoyK> codepython777: setup a local mirror
[14:50] <codepython777> nacc_: yes.
[14:50] <codepython777> RoyK: Can one do that on a usb stick?
[14:50] <nacc_> codepython777: i would either use ubumirror, an apt-cacher, or put all the packages you care about on the usb stick (which ubumirror might be able to do)
[14:50] <codepython777> what command do i need for that?
[14:52] <codepython777> I dont want to setup an apache+ local mirror
[14:52] <codepython777> Just want all the files on the usb disk - If I could [r]sync them with better versions over time, that would be cool
[14:53] <RoyK> codepython777: afaics using https://help.ubuntu.com/community/Apt-Cacher-Server would be an easier and probablye better approach
[14:54] <nacc_> codepython777: why is the usb stick necessary, btw? can't you just scp your script to each machine?
[14:54] <RoyK> nacc_: or use something sensible like ansible :P
[14:54] <nacc_> RoyK: i figured that was a step too far :)
[14:54] <codepython777> nacc_: I dont want to assume network
[14:54] <nacc_> codepython777: i would also end up probably suggesting an installation/configuration tooling
[14:55] <codepython777> RoyK: how does ansible help?
[14:55] <nacc_> codepython777: so you have machines that don't have network at all? that seems to deviate from your earlier `apt-get update; apt-get upgrade` step :)
[14:55] <codepython777> nacc_: I want to install everything from usb stick, then get it on network and do apt-get update/upgrade step
[14:55] <RoyK> codepython777: well, if you don't want networking, well, I really don't know what you use these things for - what sort of machines are these?
[14:56] <codepython777> a machine that i just assembled from scratch
[14:56] <RoyK> ubuntu/debian will find network adapters on a very large majority of the machines out there
[14:56] <codepython777> then install ubuntu + then run my apt-gets from usb + then connect to network and update
[14:57] <RoyK> I beleive you should read up a bit more on managing lots of machines first
[14:57] <RoyK> you could do a network install
[14:57] <nacc_> codepython777: i'm not sure there is a trivial way to do what you want, unfortunately
[14:57] <RoyK> lots of machines in parallel
[14:57] <codepython777> btw, I need to install upwards of 1000 packages using apt-get !
[14:58] <nacc_> codepython777: why??
[14:58] <codepython777> because of software dependencies
[14:58] <codepython777> can this be done using dpkg-dev?
[14:58] <nacc_> codepython777: no, i mean why do you need 1000s of packages above the base install by default?
[14:58] <RoyK> codepython777: it'd probably be faster using the LAN than using a bunch of USB sticks
[14:59] <nacc_> codepython777: seems like you should just master your own ISO or something similar with the packages on it?
[14:59] <RoyK> codepython777: please tell why you don't want to use network for this
[14:59] <codepython777> RoyK: USB3 is faster than my gigabit conneciton, right?
[14:59] <patdk-wk> it could be, depending on the usb3 storage media
[14:59] <RoyK> codepython777: possibly, but the memory chips on that usb pen is quite possibly a lot slower
[14:59] <codepython777> RoyK: why use network? when its slower?
[15:00] <codepython777> patdk-wk: Its a top of the line SSD
[15:00] <patdk-wk> top of the line ssd's don't have usb3 interfaces
[15:00] <patdk-wk> they have pcie x4 interfaces
[15:00] <RoyK> codepython777: then you can just start all installations at once with PXE or something
[15:00] <v1s> lordievader: so I removed /var/lib/misc/dnsmasq.leases restarted dnsmasq and it let me ping both address. I restart and it seems if I dont start pinging them then it wont let me do it later
[15:00] <patdk-wk> maybe even do some kind of multicast pxe install :)
[15:00] <codepython777> RoyK: Yes, but its easier if it not dependent on another machine?
[15:01] <patdk-wk> but that can get really complex, and only useful if you do full reinstalls often
[15:01] <nacc_> codepython777: excpet you're now finding why it's not easier (to scale) :)
[15:01] <codepython777> Why cant we just keep it simple
[15:01] <codepython777> ?
[15:01] <RoyK> patdk-wk: please don't :P
[15:01] <lordievader> v1s: Still sounds a bit like a misconfigured network... but hey if it works ;)
[15:01] <codepython777> USB3 shell script ?
[15:01] <patdk-wk> not depending on another machine != easier
[15:01] <v1s> lordievader: ok trying to figure out where the isssue is
[15:02] <patdk-wk> for me, sitting in a single location, and doing remote pxe boots and installed to all other machines
[15:02] <patdk-wk> seems much simpler
[15:02] <RoyK> codepython777: I've only worked with linux for 20ish years, I'm just trying to help, just like the other guys here
[15:02] <nacc_> codepython777: what does USB3 have to do with shell scripts?
[15:02] <codepython777> nacc_: I run the script that picks the packages from the disk and installs it on the system?
[15:03] <RoyK> codepython777: we're managing some 10 or 15 thousand PCs and we don't really run around with USB sticks to reinstall them
[15:03] <lordievader> v1s: I'm not saying it is... Just what I think ;)
[15:03] <lordievader> RoyK: hahaha, that would be fun.... not.
[15:05] <RoyK> lordievader: so please try with apt-cacher and perhaps pxe install if you want that
[15:05] <nacc_> codepython777: --^
[15:05] <nacc_> codepython777: https://help.ubuntu.com/community/InstallingSoftware#Installing_packages_without_an_Internet_connection also may be of use
[15:06] <patdk-wk> apt-cacher-ng + pxe net installs, works great
[15:15] <v1s> is there anyway to tell if there is another dhcp server on the network ?
[15:15] <v1s> or other system offering dhcp
[15:16] <lordievader> v1s: Ask for an address, see who responds ;)
[15:19] <nacc_> v1s: i think you'd use tcpdump or just dhcpdump to do that
[15:19] <nacc_> lordievader's suggestion is probably easiest, though :)
[15:20] <lordievader> nacc_: My anwser involves tcpdump ;)
[15:21] <nacc_> lordievader: ah; i read it as 'run dhclient and see who responds'
[15:22] <codepython777> RoyK: I just copied the .deb files from usb to /var/cache/apt/archives/ - and then fired apt-get = > Is there a problem with that approach?
[15:23] <lordievader> nacc_: That is pretty much it, but it will probably limit the answer to one, hence the tcpdump for others ;)
[15:24] <rattking> Hello folks, with sysvinit we had /etc/default/ for shell sniplets and configuration pieces to be sourced in the init script where the package would not over write.. how is that done with systemd services?
[15:30] <jge> Hey all good morning, I'm looking to upgrade mysql 5.5 to 5.6 could I just do an inplace upgrade with: apt-get install mysql-server-5.6
[15:30] <jge> ?
[15:31] <RoyK> codepython777: should work, but network will probably be faster
[15:31] <codepython777> RoyK: You are underestimating the speed of USB3 :)
[15:31] <RoyK> codepython777: *you* are underestimating managability
[15:32] <codepython777> RoyK: yes ! You are right! I need to take your advice and setup a pxe installer sometime :)
[15:33] <RoyK> codepython777: better start now
[15:40] <nacc_> jge: what version of ubuntu?
[15:47] <jge> nacc_: 14.04
[15:49] <nacc_> jge: presuming you've read this, http://dev.mysql.com/doc/refman/5.6/en/upgrading-from-previous-series.html, i think the packages should handle data migration; however you should make backups, etc.
[15:51] <jge> nacc_: yep read that, thanks
[16:01] <rbasak> o/
[16:02] <smoser> rbasak, ubuntu-meeting
[16:02] <nacc> heh
[16:02] <rbasak> Oh :)
[16:53] <rbasak> cpaelzer: FYI, I uploaded the fix for bug 1571865 to Yakkety. So that should unblock the mega-SRU. I'm EOD now.
[16:53] <cpaelzer> rbasak: ok
[16:54] <cpaelzer> rbasak: I have one test completed and the next will finish shortly
[16:54] <cpaelzer> I'll end with a mail to you once I'm done
[16:54] <cpaelzer> rbasak: so you can take over then
[16:54] <rbasak> cpaelzer: many thanks for your help!
[17:09] <spm_draget> Upon upgrade I see in the log "error: open /var/lib/lxd/containers: no such file or directory" - lxd fails to start. Which is logical since I have no containers configured. But why is lxd installed? Is it part of the default server packages?
[17:09] <spm_draget> Can I disable it?
[17:10] <degorenko> coreycb, hey, is it possible to update saharaclient to 0.15.0 version? :) which contain fix for https://launchpad.net/bugs/1565775
[17:14] <coreycb> degorenko, sure I'll take a look, might be a few days though
[17:16] <degorenko> coreycb, ack, thanks
[18:55] <jnex26> Howdy.
[18:55] <jnex26> Question... has anyone seen ubuntu server stall a process once the CPU time hits 06:00:00
[18:55] <jnex26> ?
[18:55] <jnex26> it has done it twice now !
[18:55] <jnex26> thanks
[18:58] <sarnold> you could set an rlimit for cpu time (see ulimit -a output)
[18:58] <jayjo> I'm trying to run some commands with aws cli, and I'm getting different results from different machines. I checked the versioning and there is a discrepency... on the machine that works it reads: aws-cli/1.10.36 Python/2.7.10 Darwin/15.5.0 botocore/1.4.26 and on the one it does it not it reads: aws-cli/1.2.9 Python/3.4.3 Linux/3.13.0-74-generic
[18:59] <jayjo> Can I force the install to use the versions that work on one machine on the machine that doesn't work -- 1 is a mac and the other is ubuntu
[18:59] <jnex26>  ulimit -a
[18:59] <jnex26> core file size          (blocks, -c) 0
[18:59] <jnex26> data seg size           (kbytes, -d) unlimited
[18:59] <jnex26> scheduling priority             (-e) 0
[18:59] <jnex26> file size               (blocks, -f) unlimited
[18:59] <jnex26> pending signals                 (-i) 7394
[18:59] <jnex26> max locked memory       (kbytes, -l) 64
[18:59] <jnex26> max memory size         (kbytes, -m) unlimited
[18:59] <jnex26> open files                      (-n) 1024
[18:59] <jnex26> pipe size            (512 bytes, -p) 8
[18:59] <jnex26> POSIX message queues     (bytes, -q) 819200
[18:59] <jnex26> real-time priority              (-r) 0
[18:59] <jnex26> stack size              (kbytes, -s) 8192
[18:59] <jnex26> cpu time               (seconds, -t) unlimited
[19:01] <sarnold> I didn't know you could run OS X on aws
[19:04] <jayjo> that is the local machine
[19:08] <RoyK> !pastebin | jnex26
[19:15] <jnex26> sorry
[19:15] <jnex26> http://paste.ubuntu.com/19202648/ process limits
[19:16] <sarnold> jnex26: did you check the ulimit via whatever mechanism spawns your process?
[19:16] <sarnold> or just a shell on the system?
[19:16] <jnex26> php spawns the process. but it runs under a shell it is a exec(); in php
[19:16] <sarnold> damn that's terrifying
[19:17] <sarnold> anyway, check your php.ini there may be a "maximum cpu time" thing specified there?
[19:20] <jnex26> just out of interest, why is it terrifying ?
[19:21] <spm_draget> Upon upgrade I see in the log "error: open /var/lib/lxd/containers: no such file or directory" - lxd fails to start. Which is logical since I have no containers configured. But why is lxd installed? Is it part of the default server packages?
[19:21] <spm_draget> Can I disable it?
[19:21] <sarnold> spm_draget: feel free to apt-get purge lxd if you don't intend to use it
[19:22] <sarnold> jnex26: I've just seen too many poorly-written php scripts that allow more or less complete control of a computer by attackers..
[19:24] <jnex26> ahh... I would do it all in php, but handbrake does not have a php lib !
[19:25] <sarnold> aha :)
[19:25] <sarnold> just be insanely careful about what inputs you accept..
[19:28] <jnex26> no inputs to it at all, spawns a user process when a specific type of disk is inserted in the drive !
[19:29] <sarnold> good good
[19:30] <jnex26> irony is I wrote this in ubuntu desktop and it works fine. only running on the server version am i having issues
[19:54] <b-yeezi> Hi all, I have a question about accessing a mongodb server (trusty) running in an LXD 2.0 container from the host (xenial)
[19:55] <b-yeezi>  I am just trying to connect to it, but it say connection refused by server.  I can ping it, I made sure the port is open. Still no luck
[19:55] <b-yeezi> I can see a new lxbr0 network device, and when I ping the container, I see that it's using that device's gateway
[19:55] <nacc> b-yeezi: have you looked at the logs in the container?
[19:56] <b-yeezi> I did. It doesn't even notice the request
[19:57] <b-yeezi> I can't find much in the docs for only opening up to the host, and not to the entire lan
[19:57] <sarnold> b-yeezi: are you using macvlan? iirc that doesn't alow containers to talk with the host
[19:58] <b-yeezi> Do I need to set up another bridge? Create a new container profile? Add a new nic device to the container?
[19:59] <nacc> sarnold: i assume if lxdbr0 showed up (default lxd config), then it's not macvlan but bridged
[19:59] <b-yeezi> sarnold, whatever the default is. I don't think its macvlan
[19:59] <sarnold> nacc: could be. I haven't done battle with this, just skimmed the docs..
[20:00] <b-yeezi> I confirm. It's just bridged
[20:02] <nacc> b-yeezi: and you are tryin to connect from the host, right?
[20:02] <b-yeezi> What do I have to do to allow it to talk to the host? I'm setting up an environment on my laptop with mongodb in a trusty container to talk to a dev wsgi server
[20:02] <b-yeezi> from my laptop, the host
[20:02] <b-yeezi> nacc, yes
[20:04] <nacc> b-yeezi: ok
[20:06] <b-yeezi> nacc, my use case is to use lxd to set up dev environments of many configurations instead of vms. This is my first test
[20:07] <nacc> b-yeezi: i've not setup a database in a container, but it should be fine
[20:08] <nacc> b-yeezi: to be sure, mongo is actually running, and if you `lxc exec .. bash` to the container and connect locally, you can (with the same credentials)?
[20:08] <b-yeezi> I don't know if it makes a difference, but it is mongodb 3.2, not the 2.6 that comes from the official repo.
[20:08] <nacc> b-yeezi: and ... support stops :)
[20:09] <b-yeezi> I'm about to create a new one with 2.6
[20:09] <nacc> b-yeezi: my trivial guess is that your /etc/mongod.conf says to only allow localhost connectivity (bind_ip) or so
[20:10] <sarnold> maybe try using nc -l in the container and connect via nc from the host to double check that tcp is allowed through with simple tools?
[20:10] <nacc> sarnold: good call
[20:11] <b-yeezi> sarnold, I used ufw allow 27017
[20:15] <b-yeezi> I will try both and get back to you
[20:16] <b-yeezi> Thanks for your help
[20:51] <minx> Hi I am for all intents and purposes a complete noob in linux can anyone point me in the right direction of a detail step by step guide to the fundemental basics and possible within the same source leads onto more advance stuff? I have tried a google around and can't seem to find what I'm looking for
[20:53] <sarnold> minx: as far as I know, no such guide exists. it would be immensely difficult to create one of that scope..
[20:53] <genii> The Linux Documentation Project may be a good place to start
[20:55] <sarnold> minx: you can use general-purpose guides like https://help.ubuntu.com/lts/serverguide/  -- specific guides like http://mywiki.wooledge.org/BashGuide -- the general set of HOWTOs (possibly badly dated by now) http://www.tldp.org/docs.html
[20:55] <sarnold> minx: and of course most tools, configuration files, etc. have manpages; I started learning linux via "ls /usr/share/man/man*" and reading everything in there
[20:57] <minx> man pages?
[20:58] <sarnold> there's extensive system documentation in the manpages
[20:58] <sarnold> run "man ls" to see an example
[20:59] <sarnold> they document user commands, sysadmin commands, configuration files, device drivers, subsystems, programming interfaces, etc
[21:00] <b-yeezi> sarnold, nacc it was the mongodb.conf bind_ip only allowing localhost. In the docs, it says that it is suppose to default to allow all, but debian changes it to only allow 127.0.0.1
[21:00] <b-yeezi> Thanks for your help
[21:00] <sarnold> b-yeezi: ahhhhhh
[21:01] <sarnold> b-yeezi: see e.g. https://www.riskbasedsecurity.com/2016/07/redis-over-6000-installations-compromised/ for a description why :)
[21:01] <sarnold> b-yeezi: thanks for reporting back, I always like hearing the end results :)
[21:04] <minx> Thank you very much! these look like some good places to start thank you very much! ^__^
[21:05] <sarnold> minx: oh yes, most packages leave documentation in /usr/share/doc/<packagename> too -- sometimes it's just the packaging changelogs, sometimes there's things that don't really fit in to a manpage
[21:06] <b-yeezi> sarnold, yeah I totally understand why. From a risk standpoint, it's better to fail by leaving the defaults rather than leaving the system open by default.
[23:55] <kantlivelong> help
[23:55] <kantlivelong> oop