[00:43] Has anyone got systemd-networkd's DHCP sever working? [00:43] Here it doesn't seem to do anything, but it doesn't complain either. [01:13] Nitsuga: does systemd has a dhcp server? I usually just use isc-dhcp [01:13] it does [01:14] RoyK, there's a systemd-everythingd [01:14] see dhcpserver in https://www.freedesktop.org/software/systemd/man/systemd.network.html [01:17] there is a systemd-emacs? [01:17] or emacs-systemd? [01:19] Nitsuga: oh by the way I think systemd happy continues on when it doesn't understand something [01:20] Nitsuga: try systemd-analyze verify [01:20] sarnold, I introduced a typo on purpose and it didn't complain. Let's see… [01:21] The systemd.network man page promises very uncomplicated routing with the DHCPServer= and IPMasquerade= options, but the latter doesn't work in Ubuntu either. [01:21] It's missing a compile option. [01:23] sarnold, systemd-analyze verify returns nothing. [01:23] dang [01:29] patdk-lap: there should be https://xkcd.com/378/ === Mobutils_ is now known as Mobutils === magicalChicken_ is now known as magicalChicken === petevg_ is now known as petevg === trochej is now known as madwizard [08:02] hello, I'm looking for to script unattended upgrade using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new [08:03] Am I forgetting something [08:03] I'm upgrading from 12.04 to 14.04 [08:31] jamespage: coreycb: neutron has just landed a patch that requires dhcp_release6, which was only added recently in dnsmasq 2.76, see https://review.openstack.org/301747. now that is fine for yakkety, but not for xenial, do you think it would be possible to just add the new utility back into dnsmasq for xenial? [08:45] xnox, yikes - did the gpg switch likely kill things like add-apt-repository? [08:45] jamespage, shouldn't. [08:45] let me test that one. [08:46] Warning: apt-key output should not be parsed (stdout is not a terminal) [08:46] gpg: no valid OpenPGP data found. [08:46] har har [08:46] xnox, all of our yakkety branch builds for OpenStack and tripping on that today [08:46] interesting how that is not an autopkgtest.... [08:47] yeah, gnupg2 with the switch is in -proposed already. [08:47] xnox, yah - we build with proposed enabled [08:47] let's see if i can fix that quickly. [08:47] pls [08:47] jamespage, good! =) [08:56] No one has an hint for me ? (I can repeat my question if needed) === pavlushka is now known as Guest42214 === Guest42214 is now known as pavlushka === pavlushka is now known as Guest59036 [09:49] I'm doing an unattended upgrade from 12.04 to 14.04 using 'do-release-upgrade -f DistUpgradeViewNonInteractive'. In order to replace conffile with newest version I put a config file /etc/apt/apt.conf.d/local with 'Dpkg::Options { "--force-confdef"; "--force-confnew"; }'. However after the upgrade I find files *.dpkg-new [09:49] am I missing somethings === pavlushka_ is now known as Guest56533 === Guest56533 is now known as pavlushka [10:06] jamespage, off by chance do you know if autopkgtests allow enough internets for add-apt-repository to add launchpad ppas? [10:06] * xnox is adding an autopkgtest to software-properties to make sure add-apt-repository doesn't break in the future [10:10] xnox, i'd have to defer to pitti for that [10:17] xnox: AFAIK, you can do that. [10:19] yeay =) [11:06] coreycb, ddellav: fyi add-apt-repository is currently foobar on yakkety - xnox is working on a fix [11:06] its blocking all yakkety branch builds atm [11:06] coreycb, ddellav: xenial builds are ok apart from barbican and trove [11:07] jamespage, waiting for launchpad to crank it out.... https://launchpad.net/ubuntu/+source/software-properties/0.96.24.4 [11:07] xnox, good oh - thanks for picking that up! [12:01] jamespage, rmadison says new software-properties-common is in. could you retrigger/retest whatever was failing for you please? === TodPunk_ is now known as TodPunk === JanC is now known as Guest23252 === JanC_ is now known as JanC [13:03] xnox, ok so add-apt-repository looks ok now - but tripping over something sbuild-ish now [13:04] Failed to sign dummy archive Release file. [13:06] jamespage, right "sudo rm -rf /var/lib/sbuild/apt-keys" on the host [13:06] which invokes sbuild [13:06] jamespage, or alternatively the host should have up to date sbuild, and run sbuild-update -k [13:07] jamespage, do you care about building things for before precise? [13:07] xnox, no [13:08] then purge the apt-keys [13:09] and don't ever call sbuild-update -k | --keygen === pavlushka_ is now known as pavlushka === tikund is now known as tikun [14:01] xnox, hmm that's not working so well [14:02] E: Local archive GPG signing key not found [14:02] I: Please generate a key with 'sbuild-update --keygen' [14:02] do I have to twiddle a knob somewhere to allow that? [14:03] jamespage, what is the version of sbuild on your host? [14:04] what is the ubuntu release of the host? [14:04] xnox, 0.69.0-2ubuntu1~ubuntu14.04.1~ppa201607141228 [14:04] i've backported sbuild from yakkety and run that on xenial.... [14:04] its a backport of the xenial version on trusty [14:04] ok. [14:05] either get a newer backport. or there are manual things you can run on the host to export a armored keypair. [14:05] let me test that combo here. [14:06] or rebackport yakkety's sbuild.... [14:06] jamespage, you are not gonna upgrade the host to xenial just yet, are you? [14:06] xnox, that's a bit more than I can do right now [14:06] it hosts some other bits and pieces as well [14:06] I can backport it [14:07] jamespage, but NEWS file in sbuild claims that since 0.67.0 key generation is optional. [14:08] jamespage, can i see the logs of what/where breaks for you? [14:08] or access those systems, no? [14:09] backporting yakkety's sbuild is best option, i think. === pavlushka_ is now known as Guest89318 === Guest89318 is now known as pavlushka [14:48] xnox, apparently we where still runnng and older sbuild version [14:48] not sure why [14:48] checking now [16:13] anyone know a good server config management tool? [16:14] the command line? :) [16:15] also: what do you actually want it to do? [16:24] ssh :) === neoark is now known as Guest3396 [16:50] your brain? [18:01] rbasak, you have a dep8 test example you'd suggest me start from ? [18:12] ddellav, can you also include sahara 4.0.1 and ironic 5.1.2 in the mitaka SRU [18:13] coreycb sure [18:13] ddellav, thanks [19:43] ddellav, also for liberty can you pick up aodh 1.1.2, designate 1.0.2, ironic 4.2.5, manila 1.0.1, and sahara 3.0.2? (sorry if this went through twice, got disconnected) [19:44] coreycb i'll add it to the bug [19:44] ddellav, sound good === Mobutils_ is now known as Mobutils [19:59] rbasak: hey are you and nacc doing the git thing for multipath-tools? someone in #ubuntu-devel just proposed a patch, see 1231182 -- it got lost last time around... [20:26] jamespage, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827315 [20:26] Debian bug 827315 in src:sbuild "sbuild: Does not work with gnupg 2.x installed in the chroot" [Important,Fixed] [20:26] *soon* things will break =) [20:26] or might. basically new enough sbuild is required. [20:28] actually no, all has been fixed. [20:51] Can someone help me to get back into my system [20:52] I got locked out when trying to install openvpn [20:52] I can mount it [20:53] mundus2018: was this after accidentially enabling ufw after forgetting to allow 22/tcp (or ssh) ? [20:54] Yeah I enabled ufw and didnt allow ssh [20:54] but is it on at reboot? [20:54] mundus2018: ufw doesn't require a "save" argument - it just sticks [20:55] mundus2018: what sort of machine is this? [20:55] like hardware or software? [20:55] vm? physical? [20:55] phisical [20:55] in /etc/default/ufw I changed /etc/default/ufw DEFAULT_FORWARD_POLICY="DROP" to DEFAULT_FORWARD_POLICY="ACCEPT" [20:56] that however doesn't say anything about INPUT and OUTPUT [20:56] mundus2018: do you have KVM access to it or something? [20:56] its a kimsufi box [20:56] RoyK, he can boot a rescue image, and that's what he's doing right now [20:56] within reach? [20:57] jelly: ok [20:57] the rescue image provides some sort of remote access apparently [20:57] yeah [20:58] this is a common setup with cheap providers [20:58] this is essentially ovh [20:58] (hardware that has proper remote mgt is usually more expensive) [21:00] mundus2018, you could chroot into the thing, see if you can disable the ufw service with service or systemctl command, then reboot [21:00] alright I can try that [21:00] im rebooting to see if something I did worked [21:01] if you're playing with cron jobs, you can also make one that does "iptables-save > /root/iptables-saved-temp" and look at that file afterwards [21:01] that will save the active config? [21:01] that would confirm whether it's iptables state that's keeping you locked out [21:01] ok [21:02] sorry, "/sbin/iptables-save > /root/iptables-saved-temp" [21:02] cron PATH does not contain /sbin by default [21:02] ok so reverting that stuff did not wor [21:03] which error message do you get when you try to ssh into your system? [21:03] can I chroot and just do sudo ufw allow 22/tcp [21:04] maybe, I'm clueless about ufw [21:04] and you don't need "sudo" when you're already root [21:04] on putty, Network Error: Connection Timed Out [21:05] right, if ping works that does point to a local fw issue === devixor is now known as Deva === Deva is now known as Devixor [21:13] how can I pipe errors? [21:15] this is my rules http://termbin.com/j621 [21:16] Ill add -A ufw-user-input --dport 22 -j ACCEPT and hopefully that will work === Malediction_ is now known as Malediction [21:20] mundus2018: 2>&1 | pastebinit [21:21] thanks [21:21] mundus2018: there's no port 22 in that pastebin [21:21] yeah just added it [21:22] I added "-A ufw-user-input --dport 22 -j ACCEPT" [21:22] usually ufw allow 22/tcp should do [21:23] I couldnt do that, it said erros with /dev/urandom [21:23] it really shouldn't need /dev/urandom [21:25] so that didnt work [21:31] brb [21:38] hey, how can I can create a FAT32 partion with sfdisk, I don't see an option for it when i run sfdisk -T [21:38] ops [21:38] sorry [21:38] blind, it's W95 FAT32 [21:51] eatingthenight: normally I think you want 0x0c (W95 FAT32 (LBA)) [21:51] eatingthenight: note of course that the partition type code is orthogonal to what filesystem you actually choose to format the partition with... [22:16] sarnold: we're updating trees on request right now - we haven't cronned the importer yet. [22:17] aha [22:41] will ubuntu server updates address ssl3 disabling? [22:49] renatosilva: try asking in #ubuntu-hardened, though most full time people are done for the day now so it might be worth asking tomorrow when there are more people about. [22:49] renatosilva: I think we've only disabled ssl3 in xenial and yakkety [22:49] sarnold: why not all? [22:50] renatosilva: likely because we don't want to break existing deployments [22:51] so you people prefer instead keep a LTS server vulnerable to ssl3 attacks? weird! [22:53] I would never knew the server I manage is vulnerable if I did not randomly found it, a pity that updating the system packages actually does not bring all important updates!