[00:43] <Nitsuga> Has anyone got systemd-networkd's DHCP sever working?
[00:43] <Nitsuga> Here it doesn't seem to do anything, but it doesn't complain either.
[01:13] <RoyK> Nitsuga: does systemd has a dhcp server? I usually just use isc-dhcp
[01:13] <sarnold> it does
[01:14] <Nitsuga> RoyK, there's a systemd-everythingd
[01:14] <sarnold> see dhcpserver in https://www.freedesktop.org/software/systemd/man/systemd.network.html
[01:17] <patdk-lap> there is a systemd-emacs?
[01:17] <patdk-lap> or emacs-systemd?
[01:19] <sarnold> Nitsuga: oh by the way I think systemd happy continues on when it doesn't understand something
[01:20] <sarnold> Nitsuga: try systemd-analyze verify
[01:20] <Nitsuga> sarnold, I introduced a typo on purpose and it didn't complain. Let's see…
[01:21] <Nitsuga> The systemd.network man page promises very uncomplicated routing with the DHCPServer= and IPMasquerade= options, but the latter doesn't work in Ubuntu either.
[01:21] <Nitsuga> It's missing a compile option.
[01:23] <Nitsuga> sarnold, systemd-analyze verify returns nothing.
[01:23] <sarnold> dang
[01:29] <RoyK> patdk-lap: there should be https://xkcd.com/378/
[08:02] <baptistemm> hello, I'm looking for to script unattended upgrade using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new
[08:03] <baptistemm> Am I forgetting something
[08:03] <baptistemm> I'm upgrading from 12.04 to 14.04
[08:31] <frickler> jamespage: coreycb: neutron has just landed a patch that requires dhcp_release6, which was only added recently in dnsmasq 2.76, see https://review.openstack.org/301747. now that is fine for yakkety, but not for xenial, do you think it would be possible to just add the new utility back into dnsmasq for xenial?
[08:45] <jamespage> xnox, yikes - did the gpg switch likely kill things like add-apt-repository?
[08:45] <xnox> jamespage, shouldn't.
[08:45] <xnox> let me test that one.
[08:46] <jamespage> Warning: apt-key output should not be parsed (stdout is not a terminal)
[08:46] <jamespage> gpg: no valid OpenPGP data found.
[08:46] <xnox> har har
[08:46] <jamespage> xnox, all of our yakkety branch builds for OpenStack and tripping on that today
[08:46] <xnox> interesting how that is not an autopkgtest....
[08:47] <xnox> yeah, gnupg2 with the switch is in -proposed already.
[08:47] <jamespage> xnox, yah - we build with proposed enabled
[08:47] <xnox> let's see if i can fix that quickly.
[08:47] <jamespage> pls
[08:47] <xnox> jamespage, good! =)
[08:56] <baptistemm> No one has an hint for me ? (I can repeat my question if needed)
[09:49] <baptistemm> I'm doing an unattended upgrade from 12.04 to 14.04 using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new
[09:49] <baptistemm> am I missing somethings
[10:06] <xnox> jamespage, off by chance do you know if autopkgtests allow enough internets for add-apt-repository to add launchpad ppas?
[10:06]  * xnox is adding an autopkgtest to software-properties to make sure add-apt-repository doesn't break in the future
[10:10] <jamespage> xnox, i'd have to defer to pitti for that
[10:17] <rbasak> xnox: AFAIK, you can do that.
[10:19] <xnox> yeay =)
[11:06] <jamespage> coreycb, ddellav: fyi add-apt-repository is currently foobar on yakkety - xnox is working on a fix
[11:06] <jamespage> its blocking all yakkety branch builds atm
[11:06] <jamespage> coreycb, ddellav: xenial builds are ok apart from barbican and trove
[11:07] <xnox> jamespage, waiting for launchpad to crank it out.... https://launchpad.net/ubuntu/+source/software-properties/0.96.24.4
[11:07] <jamespage> xnox, good oh - thanks for picking that up!
[12:01] <xnox> jamespage, rmadison says new software-properties-common is in. could you retrigger/retest whatever was failing for you please?
[13:03] <jamespage> xnox, ok so add-apt-repository looks ok now - but tripping over something sbuild-ish now
[13:04] <jamespage> Failed to sign dummy archive Release file.
[13:06] <xnox> jamespage, right "sudo rm -rf /var/lib/sbuild/apt-keys" on the host
[13:06] <xnox> which invokes sbuild
[13:06] <xnox> jamespage, or alternatively the host should have up to date sbuild, and run sbuild-update -k
[13:07] <xnox> jamespage, do you care about building things for before precise?
[13:07] <jamespage> xnox, no
[13:08] <xnox> then purge the apt-keys
[13:09] <xnox> and don't ever call sbuild-update -k | --keygen
[14:01] <jamespage> xnox, hmm that's not working so well
[14:02] <jamespage> E: Local archive GPG signing key not found
[14:02] <jamespage> I: Please generate a key with 'sbuild-update --keygen'
[14:02] <jamespage> do I have to twiddle a knob somewhere to allow that?
[14:03] <xnox> jamespage, what is the version of sbuild on your host?
[14:04] <xnox> what is the ubuntu release of the host?
[14:04] <jamespage> xnox, 0.69.0-2ubuntu1~ubuntu14.04.1~ppa201607141228
[14:04] <xnox> i've backported sbuild from yakkety and run that on xenial....
[14:04] <jamespage> its a backport of the xenial version on trusty
[14:04] <xnox> ok.
[14:05] <xnox> either get a newer backport. or there are manual things you can run on the host to export a armored keypair.
[14:05] <xnox> let me test that combo here.
[14:06] <xnox> or rebackport yakkety's sbuild....
[14:06] <xnox> jamespage, you are not gonna upgrade the host to xenial just yet, are you?
[14:06] <jamespage> xnox, that's a bit more than I can do right now
[14:06] <jamespage> it hosts some other bits and pieces as well
[14:06] <jamespage> I can backport it
[14:07] <xnox> jamespage, but NEWS file in sbuild claims that since 0.67.0 key generation is optional.
[14:08] <xnox> jamespage, can i see the logs of what/where breaks for you?
[14:08] <xnox> or access those systems, no?
[14:09] <xnox> backporting yakkety's sbuild is best option, i think.
[14:48] <jamespage> xnox, apparently we where still runnng and older sbuild version
[14:48] <jamespage> not sure why
[14:48] <jamespage> checking now
[16:13] <NetworkingPro>  anyone know a good server config management tool?
[16:14] <JanC> the command line?  :)
[16:15] <JanC> also: what do you actually want it to do?
[16:24] <patdk-wk> ssh :)
[16:50] <lunaphyte> your brain?
[18:01] <smoser> rbasak, you have a dep8 test example you'd suggest me start from ?
[18:12] <coreycb> ddellav, can you also include sahara 4.0.1 and ironic 5.1.2 in the mitaka SRU
[18:13] <ddellav> coreycb sure
[18:13] <coreycb> ddellav, thanks
[19:43] <coreycb> ddellav, also for liberty can you pick up aodh 1.1.2, designate 1.0.2, ironic 4.2.5, manila 1.0.1, and sahara 3.0.2? (sorry if this went through twice, got disconnected)
[19:44] <ddellav> coreycb i'll add it to the bug
[19:44] <coreycb> ddellav, sound good
[19:59] <sarnold> rbasak: hey are you and nacc doing the git thing for multipath-tools? someone in #ubuntu-devel just proposed a patch, see 1231182 -- it got lost last time around...
[20:26] <xnox> jamespage, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827315
[20:26] <xnox> *soon* things will break =)
[20:26] <xnox> or might. basically new enough sbuild is required.
[20:28] <xnox> actually no, all has been fixed.
[20:51] <mundus2018> Can someone help me to get back into my system
[20:52] <mundus2018> I got locked out when trying to install openvpn
[20:52] <mundus2018> I can mount it
[20:53] <RoyK> mundus2018: was this after accidentially enabling ufw after forgetting to allow 22/tcp (or ssh) ?
[20:54] <mundus2018> Yeah I enabled ufw and didnt allow ssh
[20:54] <mundus2018> but is it on at reboot?
[20:54] <RoyK> mundus2018: ufw doesn't require a "save" argument - it just sticks
[20:55] <RoyK> mundus2018: what sort of machine is this?
[20:55] <mundus2018> like hardware or software?
[20:55] <RoyK> vm? physical?
[20:55] <mundus2018> phisical
 in /etc/default/ufw I changed /etc/default/ufw DEFAULT_FORWARD_POLICY="DROP" to DEFAULT_FORWARD_POLICY="ACCEPT"
[20:56] <jelly> that however doesn't say anything about INPUT and OUTPUT
[20:56] <RoyK> mundus2018: do you have KVM access to it or something?
[20:56] <mundus2018> its a kimsufi box
[20:56] <jelly> RoyK, he can boot a rescue image, and that's what he's doing right now
[20:56] <RoyK> within reach?
[20:57] <RoyK> jelly: ok
[20:57] <jelly> the rescue image provides some sort of remote access apparently
[20:57] <mundus2018> yeah
[20:58] <jelly> this is a common setup with cheap providers
[20:58] <mundus2018> this is essentially ovh
[20:58] <jelly> (hardware that has proper remote mgt is usually more expensive)
[21:00] <jelly> mundus2018, you could chroot into the thing, see if you can disable the ufw service with service or systemctl command, then reboot
[21:00] <mundus2018> alright I can try that
[21:00] <mundus2018> im rebooting to see if something I did worked
[21:01] <jelly> if you're playing with cron jobs, you can also make one that does "iptables-save > /root/iptables-saved-temp" and look at that file afterwards
[21:01] <mundus2018> that will save the active config?
[21:01] <jelly> that would confirm whether it's iptables state that's keeping you locked out
[21:01] <mundus2018> ok
[21:02] <jelly> sorry, "/sbin/iptables-save > /root/iptables-saved-temp"
[21:02] <jelly> cron PATH does not contain /sbin by default
[21:02] <mundus2018> ok so reverting that stuff did not wor
[21:03] <jelly> which error message do you get when you try to ssh into your system?
[21:03] <mundus2018> can I chroot and just do sudo ufw allow 22/tcp
[21:04] <jelly> maybe, I'm clueless about ufw
[21:04] <jelly> and you don't need "sudo" when you're already root
[21:04] <mundus2018> on putty, Network Error: Connection Timed Out
[21:05] <jelly> right, if ping works that does point to a local fw issue
[21:13] <mundus2018> how can I pipe errors?
[21:15] <mundus2018> this is my rules  http://termbin.com/j621
[21:16] <mundus2018> Ill add -A ufw-user-input --dport 22 -j ACCEPT and hopefully that will work
[21:20] <RoyK> mundus2018: 2>&1 | pastebinit
[21:21] <mundus2018> thanks
[21:21] <RoyK> mundus2018: there's no port 22 in that pastebin
[21:21] <mundus2018> yeah just added it
[21:22] <mundus2018> I added "-A ufw-user-input --dport 22 -j ACCEPT"
[21:22] <RoyK> usually ufw allow 22/tcp should do
[21:23] <mundus2018> I couldnt do that, it said erros with /dev/urandom
[21:23] <RoyK> it really shouldn't need /dev/urandom
[21:25] <mundus2018> so that didnt work
[21:31] <mundus2018> brb
[21:38] <eatingthenight> hey, how can I can create a FAT32 partion with sfdisk, I don't see an option for it when i run sfdisk -T
[21:38] <eatingthenight> ops
[21:38] <eatingthenight> sorry
[21:38] <eatingthenight> blind, it's W95 FAT32
[21:51] <tarpman> eatingthenight: normally I think you want 0x0c (W95 FAT32 (LBA))
[21:51] <tarpman> eatingthenight: note of course that the partition type code is orthogonal to what filesystem you actually choose to format the partition with...
[22:16] <rbasak> sarnold: we're updating trees on request right now - we haven't cronned the importer yet.
[22:17] <sarnold> aha
[22:41] <renatosilva> will ubuntu server updates address ssl3 disabling?
[22:49] <rbasak> renatosilva: try asking in #ubuntu-hardened, though most full time people are done for the day now so it might be worth asking tomorrow when there are more people about.
[22:49] <sarnold> renatosilva: I think we've only disabled ssl3 in xenial and yakkety
[22:49] <renatosilva> sarnold: why not all?
[22:50] <sarnold> renatosilva: likely because we don't want to break existing deployments
[22:51] <renatosilva> so you people prefer instead keep a LTS server vulnerable to ssl3 attacks? weird!
[22:53] <renatosilva> I would never knew the server I manage is vulnerable if I did not randomly found it, a pity that updating the system packages actually does not bring all important updates!