| Nitsuga | Has anyone got systemd-networkd's DHCP sever working? | 00:43 |
|---|---|---|
| Nitsuga | Here it doesn't seem to do anything, but it doesn't complain either. | 00:43 |
| RoyK | Nitsuga: does systemd has a dhcp server? I usually just use isc-dhcp | 01:13 |
| sarnold | it does | 01:13 |
| Nitsuga | RoyK, there's a systemd-everythingd | 01:14 |
| sarnold | see dhcpserver in https://www.freedesktop.org/software/systemd/man/systemd.network.html | 01:14 |
| patdk-lap | there is a systemd-emacs? | 01:17 |
| patdk-lap | or emacs-systemd? | 01:17 |
| sarnold | Nitsuga: oh by the way I think systemd happy continues on when it doesn't understand something | 01:19 |
| sarnold | Nitsuga: try systemd-analyze verify | 01:20 |
| Nitsuga | sarnold, I introduced a typo on purpose and it didn't complain. Let's seeā¦ | 01:20 |
| Nitsuga | The systemd.network man page promises very uncomplicated routing with the DHCPServer= and IPMasquerade= options, but the latter doesn't work in Ubuntu either. | 01:21 |
| Nitsuga | It's missing a compile option. | 01:21 |
| Nitsuga | sarnold, systemd-analyze verify returns nothing. | 01:23 |
| sarnold | dang | 01:23 |
| RoyK | patdk-lap: there should be https://xkcd.com/378/ | 01:29 |
| === Mobutils_ is now known as Mobutils | ||
| === magicalChicken_ is now known as magicalChicken | ||
| === petevg_ is now known as petevg | ||
| === trochej is now known as madwizard | ||
| baptistemm | hello, I'm looking for to script unattended upgrade using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new | 08:02 |
| baptistemm | Am I forgetting something | 08:03 |
| baptistemm | I'm upgrading from 12.04 to 14.04 | 08:03 |
| frickler | jamespage: coreycb: neutron has just landed a patch that requires dhcp_release6, which was only added recently in dnsmasq 2.76, see https://review.openstack.org/301747. now that is fine for yakkety, but not for xenial, do you think it would be possible to just add the new utility back into dnsmasq for xenial? | 08:31 |
| jamespage | xnox, yikes - did the gpg switch likely kill things like add-apt-repository? | 08:45 |
| xnox | jamespage, shouldn't. | 08:45 |
| xnox | let me test that one. | 08:45 |
| jamespage | Warning: apt-key output should not be parsed (stdout is not a terminal) | 08:46 |
| jamespage | gpg: no valid OpenPGP data found. | 08:46 |
| xnox | har har | 08:46 |
| jamespage | xnox, all of our yakkety branch builds for OpenStack and tripping on that today | 08:46 |
| xnox | interesting how that is not an autopkgtest.... | 08:46 |
| xnox | yeah, gnupg2 with the switch is in -proposed already. | 08:47 |
| jamespage | xnox, yah - we build with proposed enabled | 08:47 |
| xnox | let's see if i can fix that quickly. | 08:47 |
| jamespage | pls | 08:47 |
| xnox | jamespage, good! =) | 08:47 |
| baptistemm | No one has an hint for me ? (I can repeat my question if needed) | 08:56 |
| === pavlushka is now known as Guest42214 | ||
| === Guest42214 is now known as pavlushka | ||
| === pavlushka is now known as Guest59036 | ||
| baptistemm | I'm doing an unattended upgrade from 12.04 to 14.04 using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new | 09:49 |
| baptistemm | am I missing somethings | 09:49 |
| === pavlushka_ is now known as Guest56533 | ||
| === Guest56533 is now known as pavlushka | ||
| xnox | jamespage, off by chance do you know if autopkgtests allow enough internets for add-apt-repository to add launchpad ppas? | 10:06 |
| * xnox is adding an autopkgtest to software-properties to make sure add-apt-repository doesn't break in the future | 10:06 | |
| jamespage | xnox, i'd have to defer to pitti for that | 10:10 |
| rbasak | xnox: AFAIK, you can do that. | 10:17 |
| xnox | yeay =) | 10:19 |
| jamespage | coreycb, ddellav: fyi add-apt-repository is currently foobar on yakkety - xnox is working on a fix | 11:06 |
| jamespage | its blocking all yakkety branch builds atm | 11:06 |
| jamespage | coreycb, ddellav: xenial builds are ok apart from barbican and trove | 11:06 |
| xnox | jamespage, waiting for launchpad to crank it out.... https://launchpad.net/ubuntu/+source/software-properties/0.96.24.4 | 11:07 |
| jamespage | xnox, good oh - thanks for picking that up! | 11:07 |
| xnox | jamespage, rmadison says new software-properties-common is in. could you retrigger/retest whatever was failing for you please? | 12:01 |
| === TodPunk_ is now known as TodPunk | ||
| === JanC is now known as Guest23252 | ||
| === JanC_ is now known as JanC | ||
| jamespage | xnox, ok so add-apt-repository looks ok now - but tripping over something sbuild-ish now | 13:03 |
| jamespage | Failed to sign dummy archive Release file. | 13:04 |
| xnox | jamespage, right "sudo rm -rf /var/lib/sbuild/apt-keys" on the host | 13:06 |
| xnox | which invokes sbuild | 13:06 |
| xnox | jamespage, or alternatively the host should have up to date sbuild, and run sbuild-update -k | 13:06 |
| xnox | jamespage, do you care about building things for before precise? | 13:07 |
| jamespage | xnox, no | 13:07 |
| xnox | then purge the apt-keys | 13:08 |
| xnox | and don't ever call sbuild-update -k | --keygen | 13:09 |
| === pavlushka_ is now known as pavlushka | ||
| === tikund is now known as tikun | ||
| jamespage | xnox, hmm that's not working so well | 14:01 |
| jamespage | E: Local archive GPG signing key not found | 14:02 |
| jamespage | I: Please generate a key with 'sbuild-update --keygen' | 14:02 |
| jamespage | do I have to twiddle a knob somewhere to allow that? | 14:02 |
| xnox | jamespage, what is the version of sbuild on your host? | 14:03 |
| xnox | what is the ubuntu release of the host? | 14:04 |
| jamespage | xnox, 0.69.0-2ubuntu1~ubuntu14.04.1~ppa201607141228 | 14:04 |
| xnox | i've backported sbuild from yakkety and run that on xenial.... | 14:04 |
| jamespage | its a backport of the xenial version on trusty | 14:04 |
| xnox | ok. | 14:04 |
| xnox | either get a newer backport. or there are manual things you can run on the host to export a armored keypair. | 14:05 |
| xnox | let me test that combo here. | 14:05 |
| xnox | or rebackport yakkety's sbuild.... | 14:06 |
| xnox | jamespage, you are not gonna upgrade the host to xenial just yet, are you? | 14:06 |
| jamespage | xnox, that's a bit more than I can do right now | 14:06 |
| jamespage | it hosts some other bits and pieces as well | 14:06 |
| jamespage | I can backport it | 14:06 |
| xnox | jamespage, but NEWS file in sbuild claims that since 0.67.0 key generation is optional. | 14:07 |
| xnox | jamespage, can i see the logs of what/where breaks for you? | 14:08 |
| xnox | or access those systems, no? | 14:08 |
| xnox | backporting yakkety's sbuild is best option, i think. | 14:09 |
| === pavlushka_ is now known as Guest89318 | ||
| === Guest89318 is now known as pavlushka | ||
| jamespage | xnox, apparently we where still runnng and older sbuild version | 14:48 |
| jamespage | not sure why | 14:48 |
| jamespage | checking now | 14:48 |
| NetworkingPro | anyone know a good server config management tool? | 16:13 |
| JanC | the command line? :) | 16:14 |
| JanC | also: what do you actually want it to do? | 16:15 |
| patdk-wk | ssh :) | 16:24 |
| === neoark is now known as Guest3396 | ||
| lunaphyte | your brain? | 16:50 |
| smoser | rbasak, you have a dep8 test example you'd suggest me start from ? | 18:01 |
| coreycb | ddellav, can you also include sahara 4.0.1 and ironic 5.1.2 in the mitaka SRU | 18:12 |
| ddellav | coreycb sure | 18:13 |
| coreycb | ddellav, thanks | 18:13 |
| coreycb | ddellav, also for liberty can you pick up aodh 1.1.2, designate 1.0.2, ironic 4.2.5, manila 1.0.1, and sahara 3.0.2? (sorry if this went through twice, got disconnected) | 19:43 |
| ddellav | coreycb i'll add it to the bug | 19:44 |
| coreycb | ddellav, sound good | 19:44 |
| === Mobutils_ is now known as Mobutils | ||
| sarnold | rbasak: hey are you and nacc doing the git thing for multipath-tools? someone in #ubuntu-devel just proposed a patch, see 1231182 -- it got lost last time around... | 19:59 |
| xnox | jamespage, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827315 | 20:26 |
| ubottu | Debian bug 827315 in src:sbuild "sbuild: Does not work with gnupg 2.x installed in the chroot" [Important,Fixed] | 20:26 |
| xnox | *soon* things will break =) | 20:26 |
| xnox | or might. basically new enough sbuild is required. | 20:26 |
| xnox | actually no, all has been fixed. | 20:28 |
| mundus2018 | Can someone help me to get back into my system | 20:51 |
| mundus2018 | I got locked out when trying to install openvpn | 20:52 |
| mundus2018 | I can mount it | 20:52 |
| RoyK | mundus2018: was this after accidentially enabling ufw after forgetting to allow 22/tcp (or ssh) ? | 20:53 |
| mundus2018 | Yeah I enabled ufw and didnt allow ssh | 20:54 |
| mundus2018 | but is it on at reboot? | 20:54 |
| RoyK | mundus2018: ufw doesn't require a "save" argument - it just sticks | 20:54 |
| RoyK | mundus2018: what sort of machine is this? | 20:55 |
| mundus2018 | like hardware or software? | 20:55 |
| RoyK | vm? physical? | 20:55 |
| mundus2018 | phisical | 20:55 |
| jelly | <mundus2018> in /etc/default/ufw I changed /etc/default/ufw DEFAULT_FORWARD_POLICY="DROP" to DEFAULT_FORWARD_POLICY="ACCEPT" | 20:55 |
| jelly | that however doesn't say anything about INPUT and OUTPUT | 20:56 |
| RoyK | mundus2018: do you have KVM access to it or something? | 20:56 |
| mundus2018 | its a kimsufi box | 20:56 |
| jelly | RoyK, he can boot a rescue image, and that's what he's doing right now | 20:56 |
| RoyK | within reach? | 20:56 |
| RoyK | jelly: ok | 20:57 |
| jelly | the rescue image provides some sort of remote access apparently | 20:57 |
| mundus2018 | yeah | 20:57 |
| jelly | this is a common setup with cheap providers | 20:58 |
| mundus2018 | this is essentially ovh | 20:58 |
| jelly | (hardware that has proper remote mgt is usually more expensive) | 20:58 |
| jelly | mundus2018, you could chroot into the thing, see if you can disable the ufw service with service or systemctl command, then reboot | 21:00 |
| mundus2018 | alright I can try that | 21:00 |
| mundus2018 | im rebooting to see if something I did worked | 21:00 |
| jelly | if you're playing with cron jobs, you can also make one that does "iptables-save > /root/iptables-saved-temp" and look at that file afterwards | 21:01 |
| mundus2018 | that will save the active config? | 21:01 |
| jelly | that would confirm whether it's iptables state that's keeping you locked out | 21:01 |
| mundus2018 | ok | 21:01 |
| jelly | sorry, "/sbin/iptables-save > /root/iptables-saved-temp" | 21:02 |
| jelly | cron PATH does not contain /sbin by default | 21:02 |
| mundus2018 | ok so reverting that stuff did not wor | 21:02 |
| jelly | which error message do you get when you try to ssh into your system? | 21:03 |
| mundus2018 | can I chroot and just do sudo ufw allow 22/tcp | 21:03 |
| jelly | maybe, I'm clueless about ufw | 21:04 |
| jelly | and you don't need "sudo" when you're already root | 21:04 |
| mundus2018 | on putty, Network Error: Connection Timed Out | 21:04 |
| jelly | right, if ping works that does point to a local fw issue | 21:05 |
| === devixor is now known as Deva | ||
| === Deva is now known as Devixor | ||
| mundus2018 | how can I pipe errors? | 21:13 |
| mundus2018 | this is my rules http://termbin.com/j621 | 21:15 |
| mundus2018 | Ill add -A ufw-user-input --dport 22 -j ACCEPT and hopefully that will work | 21:16 |
| === Malediction_ is now known as Malediction | ||
| RoyK | mundus2018: 2>&1 | pastebinit | 21:20 |
| mundus2018 | thanks | 21:21 |
| RoyK | mundus2018: there's no port 22 in that pastebin | 21:21 |
| mundus2018 | yeah just added it | 21:21 |
| mundus2018 | I added "-A ufw-user-input --dport 22 -j ACCEPT" | 21:22 |
| RoyK | usually ufw allow 22/tcp should do | 21:22 |
| mundus2018 | I couldnt do that, it said erros with /dev/urandom | 21:23 |
| RoyK | it really shouldn't need /dev/urandom | 21:23 |
| mundus2018 | so that didnt work | 21:25 |
| mundus2018 | brb | 21:31 |
| eatingthenight | hey, how can I can create a FAT32 partion with sfdisk, I don't see an option for it when i run sfdisk -T | 21:38 |
| eatingthenight | ops | 21:38 |
| eatingthenight | sorry | 21:38 |
| eatingthenight | blind, it's W95 FAT32 | 21:38 |
| tarpman | eatingthenight: normally I think you want 0x0c (W95 FAT32 (LBA)) | 21:51 |
| tarpman | eatingthenight: note of course that the partition type code is orthogonal to what filesystem you actually choose to format the partition with... | 21:51 |
| rbasak | sarnold: we're updating trees on request right now - we haven't cronned the importer yet. | 22:16 |
| sarnold | aha | 22:17 |
| renatosilva | will ubuntu server updates address ssl3 disabling? | 22:41 |
| rbasak | renatosilva: try asking in #ubuntu-hardened, though most full time people are done for the day now so it might be worth asking tomorrow when there are more people about. | 22:49 |
| sarnold | renatosilva: I think we've only disabled ssl3 in xenial and yakkety | 22:49 |
| renatosilva | sarnold: why not all? | 22:49 |
| sarnold | renatosilva: likely because we don't want to break existing deployments | 22:50 |
| renatosilva | so you people prefer instead keep a LTS server vulnerable to ssl3 attacks? weird! | 22:51 |
| renatosilva | I would never knew the server I manage is vulnerable if I did not randomly found it, a pity that updating the system packages actually does not bring all important updates! | 22:53 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!