[00:12] <danny_> I truely hate nfs now
[00:45] <trippeh_> danny_: that is normal
[00:45] <trippeh_> :-)
[00:51] <RoyK> danny_: why?
[00:54] <patdk-lap> trippeh_, they are effective for local transfers, more effective for higher latency though
[00:54] <patdk-lap> the increased/dynamic window scaling for ssh helps a crapload
[00:55] <patdk-lap> the crypto changes doesn't help as much with aes-ni, sure
[01:53] <danny_> RoyK, Permissions issues, I can mount it but it won't let me open it sometimes, I change something and I can open it but can't put anything into it
[05:32] <FarhaadN> hi, how can i execute 2 command , in one secend? i need 2 command exacly run togheter
[05:34] <FarhaadN> together*
[05:34] <hateball> FarhaadN: is "command1 & command2" not exact enough ?
[05:34] <Sling> FarhaadN: 1 second is an eternity, what do you mean with together? are the commands related?
[05:34] <Sling> is this a concurrency problem you're trying to solve or do you just want 2 things to run really fast after each other
[05:35] <FarhaadN> no not enough
[05:35] <hateball> FarhaadN: have a look at parallel
[05:35] <FarhaadN> Sling: i need together ,not after each other
[05:36] <Sling> FarhaadN: give more details if you want better help :)
[05:37] <FarhaadN> i need to run 2 command for voip service to find what channel is hangup and writ to 2 file,and then search one by one channel in 2nd file
[05:38] <sarnold> FarhaadN: what have you tried so far? what about it didn't work?
[05:39] <sarnold> as Sling points out, one second is an eternity
[05:41] <FarhaadN> if i run my 2 commands after each othe ,properly one of them not exacly what i am need
[05:41] <FarhaadN> sry my language
[05:41] <FarhaadN> is bad
[05:41] <FarhaadN> how can i run command parallel?
[05:42] <sarnold> command1 & command 2
[05:42] <sarnold> the & puts the first command in the background
[05:43] <FarhaadN> you mead if i use & , 2 commands run in one moment?
[05:43] <FarhaadN> mean*
[05:44] <FarhaadN> or run command 1 , and then run command 2?
[05:45] <hateball> & means it starts the second one straight after it starts the first one
[05:45] <hateball> FarhaadN: but as I said, have a look at the command parallel
[05:45] <sarnold> FarhaadN: try this: "sleep 2 & sleep 2 & echo hi"  -- then hit enter a few times
[05:50] <FarhaadN> [1] 4974
[05:50] <FarhaadN> [2] 4975
[05:50] <FarhaadN> hi
[05:50] <FarhaadN> output is
[05:51] <FarhaadN> what is that?
[05:51] <sarnold> note how the 'hi' shoewd up immediately
[05:51] <sarnold> hit enter again
[05:51] <sarnold> and the shell will then tell you about the two commands that have also finished
[05:51] <FarhaadN> hateball: can u tell me command for use parallel?
[05:51] <FarhaadN> sarnold: yes , when use few time,is goes up
[05:52] <FarhaadN> you mean commands exec emediatly?
[05:52] <sarnold> yes
[05:54] <FarhaadN> tanx for helps hateball, Sling and sarnold  ;-)
[05:54] <sarnold> have fun FarhaadN :)
[05:59] <hateball> FarhaadN: the command is called "parallel"
[05:59] <hateball> FarhaadN: "man parallel" to read how it works
[06:29] <FarhaadN> hateball: tnx man
[09:04] <jamespage> ddellav, coreycb: https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1618765
[09:04] <jamespage> for crypto issue
[09:04] <jamespage> I think we'll need to bump in a new pyopenssl version
[09:05] <ddellav> ok, i'll take a look jamespage
[09:06] <jamespage> ddellav, I'm on it - focus on the other oslo bits for now
[09:06] <ddellav> allllrighty
[09:06] <jamespage> ddellav, oh also uploaded os-vif to experimental
[09:06] <jamespage> hopefully that will get through the NEW queue quickly
[09:06] <ddellav> awesome
[09:30] <xnox> coreycb, obviously ipmi test failed on armhf & ppc64el =) so actually restrict ipmi test to armhf/ppc64el. Pushed to master https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/ceilometer/commit/?id=d8500b77fa9f3f619439bac404da1d7469be066a
[09:30] <xnox> should be good to go, with next proper release.
[09:48] <jonah> Hi all, you'll have to excuse my ignorance as I've always been a cPanel user, but I've just set up a small lamp server without any gui tools etc. In cPanel though you tend to have a site that has it's own home user, then it's own databases and users for mysql. So I'm just trying to get my head round how this works without cPanel to keep things relatively secure. If I just want say 5 sites on this small server, do I make each site it's own
[09:48] <jonah> home user, or do I just put them in seperate directories in /var/www/vhosts/site1 /var/www/vhosts/site2 etc. If I do the latter do I just login to mysql to make databases and users - or will these not then work as they're all under one main user? Or if I make each user it's own linuc user with home dir, will those marry up with mysql? Just a little confused how this works with permissions/chown etc...
[10:06] <xnox> jonah, create mysql database per website. Use separate credentials for each per-site mysql database (non-admin)
[10:07] <xnox> coreycb, nova-scheduler.service fails to start simply after package installation, and hence autopkgtest fails - see https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1618812
[10:07] <jonah> xnox: so don't bother with different linux users, just have different database users and databases?
[10:07] <xnox> jonah, yeah.
[10:07] <jonah> xnox: and then do I just chown them all to my normal ubuntu sudo user?
[10:07] <jonah> xnox: the site files I mean
[10:07] <xnox> jonah, thats minimal separation. why ubuntu?
[10:08] <xnox> why not www-data?
[10:08] <xnox> (all webservers on ubuntu use www-data user to serve websites)
[10:09] <jonah> xnox: ah ok, just as I login with my normal user to make the files, create the site files whatever, so then I just chown them instead to www-data...?
[10:09] <xnox> jonah, just read this https://help.ubuntu.com/lts/serverguide/
[10:12] <jonah> xnox: I just ask in terms of users really because say one site is a cms and a hacker gets in with a mysql injection or something, won't they then be able to insert a file that can also get at the other sites due to them all using www-data rather than their own user perms?
[10:13] <xnox> jonah, no... because mysql user cannot write to www-data owned directories.
[10:13] <xnox> jonah, if you care about security, you can run all of your websites and databases inside lxc containers with lxd and/or juju local provider.
[10:14] <xnox> that way things are namespaced and protected/isolated from each other. But uses a little more resources.
[10:14] <jonah> xnox: so the mysql user is safe, but what about if say the cms is bruteforced and then a file can be uploaded from the backend - would that then mean all the files use the sames owner and can be compromised?
[10:25] <ddellav> any chance i can get unbanned from #ubuntu? Looks like the bot banned a few billion ipv6 addresses
[11:35] <ajikny> JanC: Thanks.. Issue solved. We gave up on diagnosing kb
[11:57] <coreycb> xnox, I'll take a look and include your change in the next upload.  thanks again for the fixes!
[12:01] <ddellav> coreycb ready for review: lp:~ddellav/ubuntu/+source/python-oslo.cache, lp:~ddellav/ubuntu/+source/python-oslo.db, lp:~ddellav/ubuntu/+source/python-oslo.vmware, lp:~ddellav/ubuntu/+source/python-oslotest, lp:~ddellav/ubuntu/+source/designate
[12:01] <coreycb> ddellav, great, will look shortly
[12:01] <ddellav> coreycb im working on horizon b3 right now but (as usual) horizon is fighting me
[12:01] <coreycb> ddellav, oh is it out?
[12:01] <ddellav> stupid debuild applies the patches, then complains that the files have changed because of the applied patches
[12:01] <ddellav> yea
[12:02] <ddellav> coreycb according to your little webapp ;)
[12:02] <ddellav> very helpful :)
[12:03] <coreycb> ddellav, oh yeah look at that :)  "webapp"
[12:03] <ddellav> hey, it's on the web and it's app-like so the name is appropriate
[12:03] <ddellav> heh
[12:09] <coreycb> xnox, were you planning on fixing the nova-scheduler issue?
[12:10] <coreycb> xnox, just planning my next move, I don't want to dup any work
[12:22] <munsking> Hello, i'm trying to set up an ubuntu web server, but i need php 5.x, is that still in the official repos?
[12:30] <rbasak> munsking: yes - use 14.04.
[12:30] <munsking> rbasak: dang, i just spent a few hours setting up and configuring 16.04
[12:31] <xnox> munsking, you can run lxc 14.04 container with php.
[12:31] <xnox> and reverse proxy to that from the 16.04 host.
[12:31] <munsking> xnox: alright, i'll take a look at that
[12:34] <NetworkingPro> Anyone familiar with lsof?
[12:34] <xnox> munsking, $ lxc start ubuntu:x myphpserver -> $ lxc exec myphpserver bash
[12:35] <xnox> in $ lxc ls -> you will see it's ip address.
[13:03] <coreycb> jamespage, beisner: when you get a chance, can you promote cinder 2:7.0.2-0ubuntu1~cloud1 to liberty-proposed?
[13:04] <jamespage> coreycb, yah
[13:04] <coreycb> jamespage, thx
[13:08] <jamespage> coreycb, done
[13:51] <coreycb> ddellav, oslo.db is failing -- https://launchpadlibrarian.net/281914828/buildlog_ubuntu-yakkety-amd64.python-oslo.db_4.13.0-0ubuntu1_BUILDING.txt.gz
[13:53] <ddellav> coreycb thats the same error i saw when i was building in yakkety without the delta (the patch)
[13:53] <ddellav> i builds fine for me locally, i'll push it up to a PPA
[13:53] <coreycb> hmm, which patch?
[13:55] <ddellav> coreycb are you building from the ubuntu/newton branch?
[13:55] <ddellav> coreycb pymysql-default.patch
[13:55] <coreycb> ah, yeah that's what I'm prob missing
[14:35] <rbasak> cpaelzer: if there is no objection to my post about ntpdate, does that allow you to Won't Fix (with reference to the thread in a comment) all of the ones you're blocked on? Or would there be any left?
[14:39] <jamespage> coreycb, ddellav: crypto problems sorted in xenial and yakkety
[14:39] <jamespage> oslo.config is failing to backport atm
[14:39] <coreycb> jamespage, \o/
[14:39] <ddellav> jamespage  :D
[14:41] <coreycb> jamespage, ddellav: all of ddellav's packages from earlier today are uploaded now
[14:41] <jamespage> \o/
[14:41] <ddellav> coreycb yay
[14:43] <med_> hi, is there a way to remove all but the latest two kernels in a stream in Ubuntu server like there is in yum?
[14:45] <med_> zul, jamespage, kirkland ^
[14:45] <med_> coreycb, ^
[14:46] <smb> med_, usually "sudo apt-get autoremove --purge" should do what you want (and also clean other unneeded packages)
[14:46] <med_> smb, yep we're considering that without the purge
[14:46] <med_> (purge takes some config files we likely need)
[14:47] <med_> was looking for a kernel specific solution as I'm running out of space on /boot (specifically)
[14:48] <med_> ah kirkland has buried this in byobu
[14:48] <med_> purge-old-kernels
[14:48] <kirkland> med_: you're welcome.
[14:48] <med_> :-)
[14:50] <med_> maybe only on newer (xenial)
[14:50] <med_> doesn't work in my trusty env
[14:51] <med_> yep in xen not in t
[14:51] <med_> 5.103 or newer
[14:52] <med_> ah previously in bikeshed
[14:58] <coreycb> ddellav, what's left for non-client libraries?
[14:59] <coreycb> hi med_  o/
[14:59] <ddellav> coreycb afaik the only one left is oslo-log and that was a bit of a pickle. The version currently available won't build for me. It's throwing test failures
[15:01] <coreycb> ddellav, got a link to any?
[15:02] <ddellav> coreycb just pull-lp-source python-oslo.log. I went and updated it but it's still failing at the same test. Even when built via ppa
[15:03] <coreycb> ddellav, ok I'll take a look
[15:15] <radish_> hi everyone! Just a quick question: On my mysql server, character_set_server and collation_server are set to the defaults latin1 and latin1_swedish_ci respectively. If I would change them to utf8 and utf8_general_ci respectively, will this affect existing databases/tables/data?
[15:45] <ddellav> coreycb can you move your bug back to fix committed and comment that it needs to be re-promoted? I did yaql and monasca but this one is owned by you: https://bugs.launchpad.net/ubuntu/+source/python-aodhclient/+bug/1552415
[15:50] <coreycb> ddellav, done
[17:23] <coreycb> ddellav, I'm going to work through the rest of the deps from the upstream report this afternoon and come back to oslo.log
[17:24] <ddellav> coreycb ok, what are some of the ones you're going to work on? I guess it's not super clear which ones need updating
[17:25] <coreycb> for now I'm working from here to see what's done: https://private-fileshare.canonical.com/~coreycb/ca_upstream_versions_newton.html
[17:26] <coreycb> ddellav, ^ after that I just refer to upper-constraints.  at this point we will likely limit our uploads to openstack specific packages, unless a non openstack-specific package needs to get updated.
[17:26] <coreycb> since we're past feature freeze
[17:33] <coreycb> ddellav, although, be careful with that report. the os-brick upstream version from https://github.com/openstack/releases/tree/master/deliverables/newton doesn't match what's in upper-constraints.
[17:34] <coreycb> ddellav, https://review.openstack.org/#/c/360878/
[17:44] <cpaelzer> rbasak: rbasakI think that will allow me to close all formerly assigned - I''ll do so and let you know only in case there are any left
[17:59] <cpaelzer> rbasak: I was able to drop all but bug 1046340 due to that reference
[17:59] <cpaelzer> rbasak: and that one remains at low prio waiting for Debian
[18:08] <UNIcodeX> during the install process, i'm asked if i want to encrypt my home directory, to which i replied 'yes'. but then i have the option to use encrypted LVM. could anyone advise me on how to proceed?
[18:10] <sarnold> the encrypted home directories are done using ecryptfs; this allows different users to have different keys/passwords for their data
[18:10] <rbasak> cpaelzer: thanks!
[18:10] <rbasak> cpaelzer: I wonder if that one is worth a delta. What do you think?
[18:11] <sarnold> the encrypted lvm is probably faster but all the data is going to be encrypted with the one key
[18:12] <UNIcodeX> sarnold, thanks. that's on top of drive encryption, if it were to also be enabled? is the drive encryption LUKS based? I think I have that right...
[18:13] <sarnold> UNIcodeX: yeah, the lvm / encrypted disk ought to be LUKS .. I haven't looked lately :/
[18:13] <cpaelzer> rbasak: yeah, especially not particularly important, but since I'm like 75% done anyway already probably the easiest way to handle it
[18:13] <cpaelzer> rbasak: not sure about an SRU thou, but easy enough to be fixed in Yakkety at least
[18:13] <cpaelzer> rbasak: I assigned to myself, but don't know yet when I get to it
[18:16] <rbasak> cpaelzer: sure, thanks.
[18:16] <UNIcodeX> sarnold, thanks. Do you know if it makes use of the patch, which is talked about on the Kali site? The patch allows the definition of a nuke password.
[18:17] <sarnold> UNIcodeX: I'd be surprised but I haven't looked :)
[18:18] <UNIcodeX> sarnold, k
[18:18] <UNIcodeX> sarnold, I found what I needed to know. Here it is in case you'd be interested in it. http://linuxbsdos.com/2014/01/14/apply-the-nuke-patch-to-luks-cryptsetup-in-linux-mint-16-and-ubuntu-13-10/
[18:20] <sarnold> neat
[18:24] <kirkland> med_: purge-old-kernels has been around for ages in bikeshed;  honestly, it's not supposed to exist at all, as 'sudo apt autoremove' should just work
[18:24] <kirkland> med_: alas, apt autoremove doesn't actually work in many cases
[18:25] <kirkland> med_: so purge-old-kernels is kind of a stop-gap, hack
[18:25] <kirkland> med_: but it's saved many people who have long running cloud instances (more than a year old), and their little 8GB root disk fills up with 37 kernels in /boot
[18:26] <kirkland> med_: it's a standalone shell script that you can wget or bzr or git grab and run on any Ubuntu machine
[19:34] <b3h3m0th> Can ubuntu server 14.04 running on 16 gigs ram and 3gz quad core xeon processors handle ~5000 tcp connections to a socat wrapper running a process ?
[19:41] <sarnold> b3h3m0th: that sounds like a definite "maybe" :)
[19:42] <sarnold> b3h3m0th: how long do the processes live? how long do the connections live? how much data through them?
[19:42] <ogra_> and how good is your network card/connection
[19:49] <NetworkingPro> hey everyone
[19:49] <NetworkingPro> Anyone know a command that can dump the contents of memory relating to a particular appliation?
[19:50] <sarnold> NetworkingPro: gdb's gcore command https://sourceware.org/gdb/onlinedocs/gdb/Core-File-Generation.html
[19:54] <b3h3m0th> sarnold:  child process spawned by the socat (each instance of the app socat is running) runs for under a minute
[19:54] <b3h3m0th> and TCP traffic is there from start to end of that minute
[19:54] <b3h3m0th> actually << 1 min
[19:54] <b3h3m0th> ~10 seconds
[19:55] <b3h3m0th> so in the worst case, all 5000 users connects simultaneously
[19:56] <sarnold> how long does it take to exec each of those?
[19:56] <Exec> ...
[19:57] <sarnold> lol
[19:59] <b3h3m0th> the process is interactive session
[19:59] <b3h3m0th> with sigalarm of 15 seconds
[20:00] <sarnold> sounds promising
[22:12] <danny_> What are the advantages of Ubuntu-server over debian?  Systemd?
[22:58] <RoyK> danny_: debian 8 has systemd
[22:58] <RoyK> danny_: tbh, I prefer debian over ubuntu for servers
[22:59] <danny_> RoyK, Yeah, I just wanted to hear why I might be wrong about debian being generally better for servers
[22:59] <danny_> RoyK, I guess if you need something really up to date on a server for some reason
[23:01] <RoyK> then either debian backports or some fresh ubuntu install
[23:01] <RoyK> (or fedora, if you're completely out of your mind)
[23:02] <danny_> other than that I guess just familiarity with ubuntu
[23:02] <jesseg> hahaha how stupid. So I stuck latest ubuntu-server ISO on an external USB mass storage unit because, I mean, in 2016, who really wants to burn a *CDROM*? OK great, install fails, because it can't mount the cdrom. Yes, Virginia, the path "/dev/sr0" seems to be hardcoded into ubuntu server installation scripts! LOL LOL. So I deleted /dev/sr0 and symlinked it to /dev/sdb and now it's happily installing
[23:03] <RoyK> managing ubuntu is about the same as debian
[23:04]  * RoyK hands jesseg a stack of floppies
[23:05] <sarnold> jesseg: how strange, I did the same dd to usb and it worked flawlessly first try :/
[23:05] <sarnold> jesseg: please file bug, 'ubuntu-bug debian-installer', I think that'll get it to the right place
[23:05] <RoyK> sarnold: perhaps he's installing Hardy ;)
[23:05] <sarnold> RoyK: hehe :)