| WhoAmi00 | Hey guys | 01:36 |
|---|---|---|
| WhoAmi00 | does letsencrypt TLS cert works with postfix | 01:36 |
| WhoAmi00 | i'm using it but gmail shows that messages are not encrypted | 01:36 |
| WhoAmi00 | does the problem in my configuration or we need a S/MIME cert to avoid the red lock on google | 01:36 |
| WhoAmi00 | please help | 01:36 |
| sarnold | does gmail provide any details about which specific server contacting them wasn't using starttls? | 01:36 |
| sarnold | are you confident your server is contacting gmail's servers directly? | 01:37 |
| WhoAmi00 | i'm using openssl to send message to my gmail account | 01:37 |
| sarnold | does tcpdump or wireshark show plaintext or encrypted? | 01:37 |
| sarnold | ahhhh | 01:37 |
| WhoAmi00 | openssl s_client -connect 127.0.0.1:465 | 01:37 |
| sarnold | oh | 01:37 |
| sarnold | that's still just to your server | 01:37 |
| WhoAmi00 | i want to know does we need a | 01:37 |
| WhoAmi00 | S/MIME cert for that | 01:38 |
| WhoAmi00 | or the problem is in my configuration | 01:38 |
| sarnold | no, almost no one uses s/mime, google wouldn't make any headway if they wanted to force that :) | 01:38 |
| sarnold | the little red broken lock icon is when the last SMTP server that talks to google doesn't use STARTTLS when negotiating an ESMTP connection | 01:38 |
| WhoAmi00 | so why it shows that the message are not encrypted ?! | 01:39 |
| WhoAmi00 | i have reinstall everything | 01:39 |
| WhoAmi00 | this time i have reinstalled the OS | 01:39 |
| WhoAmi00 | and installed only postfix and letsencrypt | 01:39 |
| WhoAmi00 | with default configuration still nothing | 01:39 |
| nicola | hj | 01:41 |
| === bao1 is now known as crazyadm | ||
| === JanC_ is now known as JanC | ||
| RustyShackleford | how do you back up private keys? | 02:57 |
| RustyShackleford | do you only keep one copy? It would be pretty bad if you lost it | 02:58 |
| === jerichowasahoax` is now known as jerichowasahoax | ||
| cpaelzer_ | jamespage: do you know of any changes to the 2.6 ovs that forces one to configure differently? | 06:48 |
| cpaelzer_ | jamespage: the way I used to connect my guests no more gets them out to the network | 06:48 |
| cpaelzer_ | used libvirt to set them up with a openvswitch type network and a refernce to that in the guest xml | 06:49 |
| cpaelzer_ | the device still appears, but it seemt to have no connection | 06:49 |
| cpaelzer_ | the host reports the status of the ovs bridge as it did in the past | 06:50 |
| cpaelzer_ | jamespage: just let me know if you are aware of any to-be-expected changes that have to be done differently | 06:50 |
| cpaelzer_ | btw - no dpdk involved yet | 06:50 |
| === aluria` is now known as aluria | ||
| thekrynn | does anyone know why the find command might be brutally slow when used on a directory over NFS as compared to locally on the machine that's hosting it | 07:06 |
| cpaelzer_ | thekrynn: find mostly does read metadata on the fs which is mostly from memory on the local system | 07:07 |
| cpaelzer_ | thekrynn: it can't be fully from memory on a NFS setup, so you get network latencies in between which are >>> memory latencies | 07:08 |
| thekrynn | yuck.. so it almost makes more sense doing a find and making the file list locally on the machine and grabbing that remotely via NFS instead? | 07:09 |
| hateball | or use some sort of indexing | 07:12 |
| cpaelzer_ | jamespage: I'm dropping the breadcrumbs I found while debugging here - you let me know if anything rings a bell (other than my IRC messages in your chat lcient) | 07:15 |
| cpaelzer_ | jamespage: it seems that the host network interface that is connected to the OVS is "down" on yakkety | 07:16 |
| cpaelzer_ | jamespage: on Xenial something brought it up (as least I didn't before) | 07:16 |
| cpaelzer_ | jamespage: I upped the ext interface on the host which got it doing "something" at least | 07:16 |
| cpaelzer_ | jamespage: killing all outstanding dhcp processes and starting a fresh one gave me networking | 07:16 |
| * cpaelzer_ goes stop/starting the guest to see what survives | 07:17 | |
| cpaelzer_ | oh I have a _ | 07:17 |
| === cpaelzer_ is now known as cpaelzer | ||
| cpaelzer | better | 07:17 |
| cpaelzer | jamespage: well, that was it - the device in the host seems no more to be default up in my Yakkety | 07:34 |
| jamespage | cpaelzer, is this the port connected to the outside world? | 07:35 |
| cpaelzer | jamespage: yes | 07:35 |
| cpaelzer | jamespage: in the past it was always up by default it seems - at least I never had to do anything | 07:35 |
| jamespage | cpaelzer, its always been dependent on the OS to up the interface - ovs won't ever do that | 07:35 |
| jamespage | ip link set <interface> up | 07:35 |
| cpaelzer | jamespage: sure, that is what I added | 07:35 |
| jamespage | maybe the switch to networkd ? | 07:35 |
| cpaelzer | jamespage: yeah, something like that might be the root cause | 07:35 |
| cpaelzer | jamespage: I already checked, but it is neither libvirts task when starting the network | 07:36 |
| cpaelzer | jamespage: it doesn't know the ext port to be added later | 07:36 |
| cpaelzer | jamespage: so as you say it is OS/Admins task - I was just in the pitfall of this being different now | 07:36 |
| * cpaelzer is now out of the pit and ready for the next | 07:36 | |
| === pavlushka is now known as Guest6734 | ||
| === Guest6734 is now known as pavlushka | ||
| Drecondius | hellooooooooo, I have this really weird issue that makes no sense to me at all, I can log into my machine through ssh with no problem at all. but when I hook up a monitor and keyboard to the physical machine i have no access, just a blank screen, do i need to remove the ssh server and just leave client on it or did I goof something up bad? | 10:29 |
| Drecondius | btdubs, my google-fu is rusty and needs some work i'll readily admit, but I'm stumped, and so is google. | 10:30 |
| ducasse | Drecondius: what kind of gpu? | 10:31 |
| Drecondius | onboard | 10:32 |
| ducasse | Drecondius: intel? | 10:32 |
| Drecondius | intel i believe, the catch is I have display when running the installer | 10:32 |
| Drecondius | and I'm ssh'd into my machine right now, but if I run team viewer or go turn on the monitor and bang 30 or so keys there still isn't a login prompt | 10:33 |
| ducasse | Drecondius: not sure. do you see boot messages or just the grub menu? | 10:33 |
| Drecondius | no messages | 10:33 |
| Drecondius | i do catch the loading screen on occasion | 10:34 |
| Drecondius | but it's the splash screen after it loads the system, it's like the gpu is turned off almost | 10:34 |
| Drecondius | but I can go in there and boot my usb with the server installer on it and have full (relative term here) video | 10:35 |
| ducasse | Drecondius: edit /etc/default/grub, replace 'quiet splash' with 'text'. then run update-grub and reboot. | 10:36 |
| Drecondius | back in a moment | 10:39 |
| Drecondius | so the quiet splash was interfering with the framebuffer? | 10:40 |
| ducasse | Drecondius: tbh, i'm just guessing what causes this, but i had the same problem on my home file server :) | 10:44 |
| === _degorenko is now known as degorenko | ||
| Drecondius | Which brings me to another question, How can i setup this server to accept ftp transfers? | 10:47 |
| Drecondius | run a samba daemon? | 10:48 |
| Drecondius | or something easier lol | 10:48 |
| Drecondius | lemme check first | 10:48 |
| ducasse | Drecondius: for ftp you need an ftp daemon, but consider sftp instead | 10:49 |
| cpaelzer | jamespage: are you also pushing OVS 2.5.1 into xenial since it was release along | 12:08 |
| cpaelzer | jamespage: and if so if you want a verify of the DPDK bits against a ppa let me know where you have it | 12:09 |
| cpaelzer | well atm I'd need to redeploy my test system to xenial for that | 12:09 |
| cpaelzer | but I expect that we rush all yakkety things first and then you'll get to 2.5.1 right? | 12:09 |
| === jelly-home is now known as jelly | ||
| === sikun_ is now known as txeru | ||
| === niedbalski_ is now known as niedbalski | ||
| === setkeh is now known as KiraYameto | ||
| jamespage | coreycb, ddellav: swift 2.10.0 release 2 days ago | 13:30 |
| coreycb | jamespage, I'll get that, ironic, and any new rc2's today | 13:32 |
| jamespage | coreycb, super | 13:32 |
| jamespage | thanks | 13:32 |
| jamespage | coreycb, I did networking-ovn and I'm about to tidy vmware-nsx as well | 13:32 |
| coreycb | jamespage, awesome | 13:32 |
| === KiraYameto is now known as setkeh | ||
| === notpratch is now known as pratch | ||
| crazyadm | im using ubuntu server | 14:11 |
| crazyadm | is there a command line torrent downloader that works with magnet | 14:12 |
| ducasse | crazyadm: ask in #ubuntu, better chance of answer | 14:22 |
| dlloyd | deluge | 14:25 |
| crazyadm | deluge is cmi? | 14:28 |
| crazyadm | i don't have gui | 14:28 |
| dlloyd | there is a deluge-cli package iirc | 14:29 |
| dlloyd | deluge-console | 14:29 |
| ddellav | rtorrent | 14:32 |
| ddellav | though i don't know about magnet | 14:32 |
| nacc | coreycb: iirc, you said you had a handle on the cinder ftbfs (http://qa.ubuntuwire.org/ftbfs/test-rebuild-20160916-yakkety.html#ubuntu-server) -- do you also have fixes en-route for nova and nova-lxd? | 15:08 |
| coreycb | nacc, thanks for the nudge. I'll handle those. | 15:13 |
| nacc | coreycb: thank you! | 15:13 |
| coreycb | beisner, python-novaclient was just accepted into xenial-proposed with the fix for bug 1559072 | 16:01 |
| ubottu | bug 1559072 in python-cinderclient "[SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"" [Undecided,New] https://launchpad.net/bugs/1559072 | 16:01 |
| jamespage | bug 1608934 | 16:14 |
| ubottu | bug 1608934 in OpenStack Compute (nova) mitaka "ephemeral/swap disk creation fails for local storage with image type raw/lvm" [High,In progress] https://launchpad.net/bugs/1608934 | 16:14 |
| rattking | Hello does anyone have any experience using syslog-ng on 16.04? I am finding that the kernel boot messages are not being logged in syslog-ng, and if I add /proc/kmsg as a source the log lines from boot come in out of order with other log messages | 16:30 |
| patdk-wk | rattking, likely a systemd issue | 16:43 |
| rattking | lol yeah.. I had a feeling like it had something to do with journald | 16:44 |
| coreycb | nacc, for the nova and nova-lxd ftbfs, the new versions in -proposed will fix those | 17:01 |
| nacc | coreycb: great, thanks for following up | 17:02 |
| coreycb | nacc, np | 17:02 |
| nacc | jgrimm: --^ making slow and steady progress then, i think we're down to 10-11 total | 17:02 |
| jgrimm | nacc great! | 17:02 |
| km0rz | Hello everyone, just dipping my toes into Linux for the first time in a lab at home. I'm currently trying to get internal DNS configured on ubuntu-16.04.1 server, so far I've got it resolving the one internal "lab" zone i created. What i was wondering is it possible for it to reply authoritatively for the one zone i've configured, but forward on all other DNS requests externally? | 17:27 |
| electriclewis | yes | 17:34 |
| electriclewis | I find easiest way to configure DNS for home is to use webmin | 17:35 |
| genii | !webmin | 17:35 |
| ubottu | webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. | 17:35 |
| genii | ...just FYI | 17:35 |
| electriclewis | ouch | 17:36 |
| electriclewis | what should I use instead? | 17:36 |
| km0rz | I was reading that I should be able to do a "Hybrid" mode, where i can host primary zones but also forward | 17:39 |
| km0rz | but when i turned on forwarders my one primary zone that was working, stopped | 17:39 |
| electriclewis | OK, so apparently webmin was bad in 2008 but since 2012 it's fine with Debian and Ubuntu. Is this wrong? | 17:47 |
| beisner | coreycb, tyvm | 17:56 |
| Walex | electriclewis: it has improved a lot, but I prefer non-graphical configuration | 18:07 |
| electriclewis | Walex I do for most things too, but DNS files are a PITA | 18:12 |
| patdk-wk | why would you touch a dns file? | 18:14 |
| patdk-wk | what is a dns file? | 18:14 |
| === degorenko is now known as _degorenko | ||
| coreycb | ddellav, jamespage: I just uploaded a bunch of rc2's for newton as well as new swift, ironic, and synced python-swiftclient | 18:21 |
| ThePentester | anyone with experince in mailing ?! | 20:13 |
| Gorian | I have a lot of experience in receiving mail | 20:21 |
| Gorian | both physical AND virtual | 20:21 |
| jgrimm | nacc, can you kindly nominate 1611923/pythond-django for xenial? | 20:27 |
| nacc | ack | 20:28 |
| jgrimm | thanks! | 20:28 |
| nacc | jgrimm: i think your update was meant to go against the original description, though? | 20:29 |
| jgrimm | nacc, doh, thanks | 20:29 |
| nacc | jgrimm: np, task opened btw | 20:29 |
| Ussat | https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet | 22:13 |
| OerHeks | Ussat, oef, ugly one. | 22:14 |
| OerHeks | Did you verify? | 22:15 |
| Ussat | yup | 22:15 |
| Ussat | RHEL, Cent and Ubuntu 16.04 LTS system | 22:15 |
| Ussat | all verified on | 22:15 |
| OerHeks | lets wait for reactions here :-) | 22:15 |
| Ussat | fortunatelt my systems locked down pretty tight, but still | 22:16 |
| OerHeks | maybe worth a bugreport, i am looking for simular now. | 22:16 |
| Ussat | because, ya know, everything should run as 1 pid | 22:17 |
| Ussat | ... | 22:17 |
| OerHeks | https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1628687 | 22:17 |
| ubottu | Launchpad bug 1628687 in systemd (Ubuntu Yakkety) "Assertion failure when PID 1 receives a zero-length message over notify socket" [Undecided,Confirmed] | 22:17 |
| OerHeks | thank you for reporting, Ussat , maybe you can confirm this one. | 22:17 |
| Ussat | its the same | 22:18 |
| OerHeks | then 'affects 1 person will be 2. | 22:18 |
| Ussat | That is the same bug | 22:19 |
| OerHeks | Oh you are already on it? | 22:20 |
| Ussat | I saw that earlier is all | 22:20 |
| OerHeks | hmm even as non-root user. | 22:26 |
| tomreyn | is thit is cross-user then it's a security vulnerability (denial of service) and should be tagges security | 22:26 |
| tomreyn | *tagged | 22:26 |
| tomreyn | which should then get it the attention it (then) deserves | 22:27 |
| tomreyn | *if this | 22:27 |
| tomreyn | sorry about the spelling ;) | 22:28 |
| OerHeks | CVE is requested now. | 22:32 |
| tomreyn | i just realized | 22:33 |
| OerHeks | "It is unfortunate that this was not handled using a 'responsible disclosure' process. " true, this channel is logged :-( | 22:43 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!