naccdoes anyone here know enough about samba in 16.04 to say whether both libpam-winbind and libnss-winbind would both be necessary to auth to AD?00:04
naccor is it that libpam-winbind provides AD-based auth to PAM and libnss-bind provides winbindd with AD lookups?00:05
naccit seems that at some point, at least, libpam-winbind contained the files that are now in libnss-winbind (pre-trusty, i think)00:06
=== Kenrinx is now known as kenrin
=== arooni is now known as arooni__
=== arooni__ is now known as arooni
=== arooni is now known as arooni__
jamespagecoreycb, tempest full test failures against newton-staging http://paste.ubuntu.com/20154691/08:29
jamespage14 out of 130008:29
jamespagethat's good08:30
=== zubat is now known as Golbat
=== iberezovskiy|off is now known as iberezovskiy
=== _degorenko|afk is now known as degorenko
=== rcj` is now known as rcj
coreycbjamespage, that's great, just 14 failures11:11
=== degorenko is now known as _degorenko|afk
mdeslaurrbasak: I'm working on mysql security updates...unfortunately, that means I'll be superseding your xenial-proposed package12:27
rbasakmdeslaur: thank you for the note. It's very unfortunate timing. The SRU fixes a bunch of upgrade issues which users will hit once they upgrade after 16.04.1 is out.12:29
rbasakIt might even be better to verify quickly and forget the aging time.12:29
mdeslaurif you'd get them verified, I'll leave them in the security update12:29
rbasakMy original SRU included the MRE, but infinity wanted the two separated. Otherwise the SRU would already contain the version bump.12:30
rbasakI'll verify now, thanks.12:30
=== _degorenko|afk is now known as degorenko
rbasakcpaelzer: are you available?12:33
cpaelzerrbasak: hi12:37
cpaelzerreading ...12:37
cpaelzerrbasak: available for what - helping to verify soemthing in proposed or wherever it currently is?12:38
cpaelzerrbasak: actually no matter what - for how much time should I plan ?12:38
rbasakcpaelzer: yes please. https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.12-0ubuntu1.2 is the list. I'll start with 865. Could you start with 712 please, and we'll work our way through?12:39
rbasakcpaelzer: I'd like to do as thorough a job as possible as we'll be cutting the usual aging time short.12:40
cpaelzerrbasak: yeah I'll try to help - I can continue on that arch dependent curtin bug I'm n atm later12:40
rbasakThank you.12:40
cpaelzerrbasak: bug 1574458 done, continuing ...12:51
ubottubug 1574458 in mysql-5.6 (Ubuntu Xenial) "Logs.var.log.mysql.error.log.txt contains usernames and passwords" [Undecided,New] https://launchpad.net/bugs/157445812:51
cpaelzeryou said you are doing 157186512:52
cpaelzerI'm picking bug 1602763 next then12:52
ubottubug 1602763 in mysql-5.7 (Ubuntu Xenial) "postinst does not print a helpful message when the server will fail to start" [Undecided,Fix committed] https://launchpad.net/bugs/160276312:52
rbasakcpaelzer: thanks. Yes, I'm still on 865. I think I need to test 5 combinations, so may be a while.12:55
rbasakcpaelzer: for 763, I noticed that changing the datadir doesn't work - known upstream. The fix should cause the addition of "broken = 1" to /etc/mysql/mysql.cnf.d/... to result in a helpful postinst error though.12:56
rbasakcpaelzer: some people in the bug have reported it doesn't help them, but I think they have different unrelated underlying issues.12:56
rbasakcpaelzer, mdeslaur: SRU verification failure for the 865 bug. When infinity asked me to not bump to 5.7.13, I forgot to drop down the version string it compares against for the upgrade path fix. So it does nothing :-/13:00
rbasakI'm not sure what to do now.13:00
mdeslaurwell, my version will work :)13:00
rbasakdpkg --compare-versions "$2" le-nl "5.7.13-0ubuntu3~"13:01
rbasakIt might be wrong anyway. Sorry.13:01
mdeslaurah, yeah, it will be wrong13:01
mdeslaurI'll change it in my package, and will upload it to the the security team public ppa13:01
mdeslaurif you can verify the others in the meantime13:01
mdeslaurthen you can verify the one in the sec team ppa13:01
rbasakOK, thanks.13:02
rbasakcpaelzer: I'll take 458 next.13:03
rbasakcpaelzer: we just both verified 458?13:13
rbasakcpaelzer: I thought you were going to do 763?13:14
cpaelzeryeah, that was the first I did13:14
cpaelzersee above in chat13:15
rbasakI'm sorry, so you did.13:15
cpaelzerand I updated the bug itself right away with tags and so13:16
=== ivoks is now known as mirka_
cpaelzerbetter twice than never verified13:16
cpaelzerrbasak: sorry I missed when you said you take that one next13:16
cpaelzerIf I'd feel better today I might have realized that before you did id - but that isn't my day :-)13:16
=== mirka_ is now known as ivoks
rbasakcpaelzer: it's OK, it's my fault.13:17
rbasakcpaelzer: OK, pad time.13:17
rbasakcpaelzer: http://pad.ubuntu.com/8qgZ3lJnHY13:17
cpaelzerok, I'm there with you13:18
rbasakThanks. Does what I have look correct?13:18
rbasakI'll do 712 now then13:18
cpaelzerrbasak: yes the status in the pad looks like reality atm IMHO13:20
rbasakOK thanks13:20
cpaelzerrbasak: 763 done, picking 647 next, pad and bug updated13:23
cpaelzerrbasak: 647 done13:41
rbasakcpaelzer: thank you!13:41
cpaelzerrbasak: so if I read that correctly all done right?13:41
rbasakcpaelzer: I wonder if we could pause and consider anything we might have missed?13:42
rbasakcpaelzer: can you think of any edge cases which could cause problems given the fixes we're putting in here?13:42
rbasakFor 865 I think there are many combinations to test, I'll do that once the package is in security-proposed with the version string fixed.13:43
* cpaelzer |><| <- shall show a spinning hourglass13:43
cpaelzerrbasak: I think the most critical one could be one based on 76313:44
rbasakFor 712 I checked that the ordering is correct, so it does pick up on the change before attempt to start the server again. That seems to work (say my reading of the logs).13:44
cpaelzerrbasak: where the prestart to check for errors actually breaks something13:44
rbasakGood point, I agree.13:44
cpaelzerrbasak: but that is just a risk evaluation - I have no idea of a real case that could do so yet13:44
rbasakIt did come from upstream. I found one false negative (changing datadir) but no false positives so far.13:45
rbasakAnd false negatives should be no worse than if we didn't change it.13:45
cpaelzerrbasak: yeah false negatives are ok13:45
cpaelzerrbasak: this is a best effort approach to fix this anyway13:45
cpaelzerI mean incompatible versions are incompatible13:45
cpaelzeryou can only do so much to auto-transition13:46
cpaelzerand since you tackled 865 it even is better than just "show them a message"13:46
cpaelzeras it takes care of the most common things13:46
rbasakOK. So are we agreed that we think this SRU is good, apart from the 865 version check and additional testing I need to do on that?13:46
cpaelzerthe apport fix might in rare cases remove too much lines, but that isn't of reasonable severity13:46
cpaelzerrbasak: yes, from what I see the SRU is good except thealready identified version check issue13:47
rbasakYeah the apport fix shouldn't cause a regression in production, only to apport reports, so shouldn't regress production.13:47
rbasakcpaelzer: thank you for your help. I really appreciate it - both in terms of time to get this done and for your second pair of eyes.13:47
cpaelzerrbasak: you are absolutely welcome13:48
cpaelzerok, I'll go back and fight with curtin then13:48
cpaelzerlet me know if anything comes up either in this or in the merges13:48
rbasakWill do.13:48
cpaelzerrbasak: ah since I missed the IRC yesterday13:48
cpaelzerrbasak: in terms of prio the NTP>>other merges13:48
rbasakI was reviewing your ntp merge but got interrupted by this. Sorry! I'll go back to it as soon as I'm done with this.13:49
cpaelzeryeah, and the ntp merge is really messy and bug due to all the req bugfixes13:49
cpaelzerso I beg a pardon and hope to not trigger too much facepalm mode review moments13:49
rbasakIt looks good so far - confusing but that's because it is complex. When I follow it through it has made sense so far.13:50
rbasakmdeslaur: I think we're done. Four bugs verified, the fifth one needs that version string fixing.13:51
mdeslaurrbasak: ok, I'll let you know once I've uploaded it to our public ppa13:51
mdeslaurrbasak: thanks!13:51
rbasakmdeslaur: thanks. Do you have a rough ETA please, so I can try and be available?13:51
mdeslaurcouple of hours probably13:52
rbasakOK thanks.13:52
mdeslauractually, before that, I'll just change the string and will upload it....30-45 min13:52
ddellavcoreycb lp:~ddellav/ubuntu/+source/keystone ready for push/review14:19
mdeslaurrbasak: uploaded: https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages14:21
coreycbddellav, jamespage might have fixed up keystone already - https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/log/14:29
ddellavcoreycb ah ok, disregard14:29
rbasakmdeslaur: thanks! I'll test now.14:29
coreycbddellav, ok14:29
rbasakmdeslaur: W: Failed to fetch http://ppa.launchpad.net/ubuntu-security-proposed/ppa/ubuntu/dists/xenial/main/binary-amd64/Packages  403  Forbidden14:36
rbasakOh sorry, that's probably my local proxy.14:36
mdeslaurrbasak: it's not built yet14:37
mdeslaurthe hamsters are spinning14:37
rbasakOh, OK. Well, in the meantime I'll fix my proxy :)14:37
kpettitI'm using ubuntu 16.04 and for this server apache dies all the time it seems.  Well the process is still running but my test site goes down.14:46
Odd_Blokekpettit: Are you using the packages from the Ubuntu archive?14:47
kpettitIt's a default 16.04 running on Rackspace.14:47
kpettitsorry I mean digital ocean.14:47
kpettitI've got 10.04, 12.04, 14.04 and now this one.  But it's my only one that just craps out like that.14:48
Odd_Blokekpettit: Ubuntu doesn't come with Apache running by default; how did you install Apache on the system?14:48
kpettitI did tasksel and selected lamp14:49
Odd_BlokeOK, cool.14:49
kpettitFrom there the MPM settings are always too high so I adjusted those.  This is what I'm using http://pastebin.com/VXqEeMQz14:49
Odd_Blokekpettit: Do you see the issue you're having without any customised configuration?14:50
kpettitI think it's very minimal, but who knows.  The site I'm doing isn't public, it's a locked down wordpress site with at most 2 users14:50
Odd_Blokekpettit: (Just trying to narrow down what's causing it :)14:50
kpettitusually I don't have to mess with apache until a site goes public and starts getting real load.  So it threw me off out of the box with just me it would die frequently14:50
Odd_Blokekpettit: Are there any untoward messages in /var/log/apache?14:51
kpettitI don't see anything obvious when I do TOP.  And restarting apache always fixes it14:51
Odd_BlokeI've never really used Apache in anger, so I'm not going to have a huge amount of useful input from this point onward. :p14:53
kpettitYeah, usually apache is solid.  I've been doing lamp stuff for a decade.  Out of the box things normally work.  This is the first time I've had it just suck out of the box.14:54
kpettitBut I haven't used 16.04 in production yet either so was curious if anybody else has issues or maybe it's just this one VM or something weird on it14:54
cpaelzerkpettit: is there anything in the logs why it dies?14:55
kpettitI've been looking.  It just stops.14:55
cpaelzerkpettit: either the apache logs or in the journal for apache?14:55
cpaelzerkpettit: so process gone, and no message anywhere?14:55
kpettitThe process is still there.14:56
kpettitit's more like apache gets hung up14:56
kpettitso doing top everything still looks normal.14:56
rbasakKehet: define "goes down" then. Does it refuse new connections? Or accept and then hang? Or hang before accept?14:56
cpaelzerkpettit: so it doesn't accept new connections in that situation then?14:56
kpettityes.  I don't have the exact error up.  But it doesn't accept anything new for sure.14:57
kpettitI'm trying to re-create error....14:57
jonahHi does anyone know much about php.ini ? I'm using FastCGI and as far as I've read each website such as /home/domainname/ should have their own php.ini file you can set in /home/domainname/etc/php5/ - but when I amend a site's php.ini it still loads the one from /etc/php5/cgi/php.ini15:17
jonahHow do I get Virtual Servers to use their own php.ini files correctly?15:17
coreycbddellav,  python-pecan15:23
patdk-wkeach fastcgi php instance loads a php.ini file (the same php.ini)15:23
patdk-wkyou sound like your only using a single fastcgi php instance15:23
patdk-wknot sure who told you each website has it's own, that is not true15:23
patdk-wkunless you WORK VERY HARD, to make that the case15:24
ddellavjonah there are a few ways to do it. Usually you'd specify it with a php admin flag in the virtual host definition. I'm not sure if this works with nginx though (you can google to find out).15:34
ddellavalso it's not strictly necessary to have a different php.ini for each site, that's only necessary if you need completely different settings for each domain, or if you want to have certain domains more secure than others. This is a typical use-case for hosting companies, to allow customers to have a completely different setting file than other customers on the same box15:35
ddellavbut inside php scripts you can set/get ini settings by using the ini_set and ini_get methods15:36
rbasakmdeslaur: it still doesn't work :-(16:05
patdk-wkddellav, that won't work16:05
rbasakmdeslaur: this is another oversight. mysql-server-5.7 is a new package when upgrading from Trusty, since it was mysql-server-5.5 (or 5.6) back there. So the maintainer script doesn't treat it as an upgrade.16:05
patdk-wkphp flag in the virtual host does not work for fastcgi16:05
rbasakThis is frustrating.16:05
ddellavpatdk-wk ok, i thought it would still pick it up but the last time i did it was with the apache module16:06
patdk-wkthe .user.ini file16:06
patdk-wkbut really, that isn't the issue, the issue is any other customer can read the other customers configs16:06
mdeslaurrbasak: oh, right, duh16:06
ddellavthat means he'll probably have to setup different pools for each domain16:06
patdk-wkunless yo uhave each php running as a different user16:07
rbasakI guess maybe the logic should be "if installing fresh and /etc/mysql/my.cnf.migrated exists, or upgrading and the previous package is prior to 5.7.13-0ubuntu0~, then run fix_old_config_options"16:07
rbasakNot ideal, but it'll work.16:07
mdeslaurrbasak: can you give me a diff?16:08
rbasakmdeslaur: http://paste.ubuntu.com/20192824/ maybe? Untested. I'll test now, but would appreciate your opinion.16:10
mdeslaurrbasak: how about removing the version and just using le instead of le-nl16:14
mdeslaurle should treat empty as less16:14
rbasakGood point, thanks.16:15
mdeslaursorry, s/the version/the empty string check/16:15
rbasakThat seems to have worked. I need to test further though.16:20
blizzowI have some virtual machines running ubuntu 16.04.  Of course ye olde eth0 is now ens3.  A) What's the proper way to get it back to eth0?  There seems to be a udev rule that people are 50/50 on the fact that it may work. or there is a modification to GRUB that can be done. B) Why the heck did this change?16:33
rbasakblizzow: A) net.ifnames=0 on kernel command line; B) because in the case of multiple NICs, it was always racy and broken before.16:34
tewardninja'd >.<16:34
tewardhttps://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ if you care to read about the new predictable network interface names system16:34
tewardblizzow: ^16:34
rattkingthe new system for naming nics only seems predictable if I know what bus and where on it the nic is located16:36
rbasakThis is indeed true. The old system for naming nics was only predictable if you only had one.16:37
rattkingor didn't change them around..16:37
rbasakThere are other modes available I believe.16:37
naccrattking: technically, no, even if you didn't physically alter the order, you weren't guaranteed the enumeration was the same16:38
naccrattking: so if you never saw that bug, jsut consider yourself lucky :)16:38
rbasakIt would be nice if in the case of one NIC it defaulted to not doing this, but I didn't ask for this because AFAIK it is impossible to determine if you have only one NIC because hotplug.16:38
naccyeah, it's not just having one NIC, but forever only having one NIC :)16:39
rattkingheh I definitely had the drive enumeration problem before uuid's but for NICs on servers I guess I have been lucky16:39
naccrattking: yeah, it's a very similar problem to the drive enumeration issue; it also is a "good thing" in that it makes the user interface (even if an ugly naming) not dependent on kernel naming (which eth* was)16:40
naccrattking: but yeah, i've seen it a few times with NICs on big machines ... debugging that was no fun :)16:40
rbasakmdeslaur: looks good with that fix. I'm just writing up.16:47
rbasakmdeslaur: I've written up my testing in https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1571865/comments/1616:58
ubottuLaunchpad bug 1571865 in mysql-5.7 (Ubuntu Xenial) "mysql fails to start after upgrade if previous defaults were customised" [High,Fix committed]16:58
rbasakmdeslaur: so on top of your version string match fix, we also need to s/le-nl/le/ on that line.16:58
mdeslaurrbasak: ok, I'll upload a new package to the ppa, thanks!16:59
rbasakmdeslaur: thank you for working through this with me. Do you need anything else from me?17:00
mdeslaurrbasak: nope, I should be good. Thanks!17:00
rbasakmdeslaur: OK. FYI, I'm EOD now. I'll keep an eye on IRC but will be slow to respond.17:00
=== cmagina is now known as cmagina_lunch
=== iberezovskiy is now known as iberezovskiy|off
=== arooni__ is now known as arooni
=== degorenko is now known as _degorenko|afk
=== seventy_ is now known as seventy
=== Golbat is now known as GitGud
Housecan anyone recommend a mysql server backup tool? i'm using `automysqlbackup` now but having problems using NFS mount as the target. we don't have a huge setup, but still  the database server locks up for too long and the various CMSs and apps using it lose their connection23:09
sarnoldHouse: can you save the output locally and then move it over nfs later?23:11
Housesarnold : yes, automysqlbackup has a nice option for pre- and post-run commands, so i'm using an rsync there to shift it over, but while i'm looking at the various issues we have with the current setup, i thought i'd get recommendations for alternatives too23:13
sarnoldHouse: aha :) good thinking.23:13
Housei love rsync.  previous job had a network admin who thought rsync initiated by the remote to central server was the only way to move scheduled traffic. so, backups were pushed into the DC, and data bundles were periodically (like every 5mins) polled for and retrieved when they existed...    love/hate relationship with rsync, but it's now grafted to my soul and cannot be ignored!23:15
sarnoldhaha. I know the feeling...23:16
patdk-laphouse, that is the issue with using it23:19
patdk-lapuse it on a slave mysql23:19
patdk-lapuse lvm snapshot and backup from that23:19
patdk-lapor use percona xtrabackup23:19
sarnoldlvm snapshot with a database? o_O23:22
patdk-lapsarnold, why not?23:36
patdk-lapisn't that the whole point of lvm snapshots?23:36
patdk-lapused it years ago, when that was the only option23:36
sarnoldyeah but you've normally got to bring the database to a quienscent state so you don't snapshot garbage23:37
Househmmmm http://dba.stackexchange.com/questions/18017/how-to-create-snapshot-backups-in-mysql23:37
patdk-lapflush tables with lock on mysql23:37
patdk-lapsnapshot lvm23:37
patdk-lapunlock tables23:37
patdk-lapthen copy/backup/...23:37
Housesarnold : link shows flush+lock, snapshot, unlock23:37
patdk-lapbut these days, just xtrabackup :)23:37
sarnoldHouse: it's certainly encouraging that what you found matches exactly with patdk-lap's advice :)23:38
sarnoldpoor percona, they had such grand dreams, and now they're known primarily for the backup tool? heh23:38
Houseso patdk-lap, you're cloning a filesystem snapshot of a quiesced database server's data volume, out to a backup location?23:38
Housethen i presume releasing the snapshots immediately or some time in the future23:38
patdk-lapI did that when I wanted to make a new slave, like 10years ago23:39
blizzowIf I make a change to /etc/network/interfaces, it seems like a 50/50 chance that the change takes place immediately with no 'services networking restart'.  Is there some newfangled, proper way to give a server a static IP?23:39
Houseah, k23:39
sarnoldblizzow: "service networking restart" isn't safe, and should report an error ...23:39
sarnoldblizzow: ifdown and ifup after making the changes23:39
Housepatdk-lap, sarnold: this approach is quite similar to vmware+vdp/veeam with windows VSS. I'm not sure how well it works in linux guests. (i had poor experience with dell/equallogic integration with rhel6)23:41
patdk-lapvmware supports it for linux23:41
patdk-lapyou just have to setup the freeze and unfreeze scripts to sync/flush the filesystems properly that you are using23:41
patdk-lappersonally, anything that doesn't flush properly to begin with, is improperly designed23:42
blizzowsarnold: that's the problem, I copy a new file into /etc/networking/interfaces, and half the time my connection dies instantly and is changed over to the new config, the other half it stays and I should expect to reboot or do the ifdown ifup dance.23:44
blizzowso I'm wondering if there is some new accepted stable way to change IP addresses.23:46
naccblizzow: i think it's rather unexpected that an "immediate" change to eni takes effect.23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!