/srv/irclogs.ubuntu.com/2016/09/28/#ubuntu-server.txt

WhoAmi00Hey guys01:36
WhoAmi00does letsencrypt TLS cert works with postfix01:36
WhoAmi00i'm using it but gmail shows that messages are not encrypted01:36
WhoAmi00does the problem in my configuration or we need a S/MIME cert to avoid the red lock on google01:36
WhoAmi00please help01:36
sarnolddoes gmail provide any details about which specific server contacting them wasn't using starttls?01:36
sarnoldare you confident your server is contacting gmail's servers directly?01:37
WhoAmi00i'm using openssl to send message to my gmail account01:37
sarnolddoes tcpdump or wireshark show plaintext or encrypted?01:37
sarnoldahhhh01:37
WhoAmi00openssl s_client -connect 127.0.0.1:46501:37
sarnoldoh01:37
sarnoldthat's still just to your server01:37
WhoAmi00i want to know does we need a01:37
WhoAmi00S/MIME cert for that01:38
WhoAmi00or the problem is in my configuration01:38
sarnoldno, almost no one uses s/mime, google wouldn't make any headway if they wanted to force that :)01:38
sarnoldthe little red broken lock icon is when the last SMTP server that talks to google doesn't use STARTTLS when negotiating an ESMTP connection01:38
WhoAmi00so why it shows that the message are not encrypted ?!01:39
WhoAmi00i have reinstall everything01:39
WhoAmi00this time i have reinstalled the OS01:39
WhoAmi00and installed only postfix and letsencrypt01:39
WhoAmi00with default configuration still nothing01:39
nicolahj01:41
=== bao1 is now known as crazyadm
=== JanC_ is now known as JanC
RustyShacklefordhow do you back up private keys?02:57
RustyShackleforddo you only keep one copy? It would be pretty bad if you lost it02:58
=== jerichowasahoax` is now known as jerichowasahoax
cpaelzer_jamespage: do you know of any changes to the 2.6 ovs that forces one to configure differently?06:48
cpaelzer_jamespage: the way I used to connect my guests no more gets them out to the network06:48
cpaelzer_used libvirt to set them up with a openvswitch type network and a refernce to that in the guest xml06:49
cpaelzer_the device still appears, but it seemt to have no connection06:49
cpaelzer_the host reports the status of the ovs bridge as it did in the past06:50
cpaelzer_jamespage: just let me know if you are aware of any to-be-expected changes that have to be done differently06:50
cpaelzer_btw - no dpdk involved yet06:50
=== aluria` is now known as aluria
thekrynndoes anyone know why the find command might be brutally slow when used on a directory over NFS as compared to locally on the machine that's hosting it07:06
cpaelzer_thekrynn: find mostly does read metadata on the fs which is mostly from memory on the local system07:07
cpaelzer_thekrynn: it can't be fully from memory on a NFS setup, so you get network latencies in between which are >>> memory latencies07:08
thekrynnyuck.. so it almost makes more sense doing a find and making the file list locally on the machine and grabbing that remotely via NFS instead?07:09
hateballor use some sort of indexing07:12
cpaelzer_jamespage: I'm dropping the breadcrumbs I found while debugging here - you let me know if anything rings a bell (other than my IRC messages in your chat lcient)07:15
cpaelzer_jamespage: it seems that the host network interface that is connected to the OVS is "down" on yakkety07:16
cpaelzer_jamespage: on Xenial something brought it up (as least I didn't before)07:16
cpaelzer_jamespage: I upped the ext interface on the host which got it doing "something" at least07:16
cpaelzer_jamespage: killing all outstanding dhcp processes and starting a fresh one gave me networking07:16
* cpaelzer_ goes stop/starting the guest to see what survives07:17
cpaelzer_oh I have a _07:17
=== cpaelzer_ is now known as cpaelzer
cpaelzerbetter07:17
cpaelzerjamespage: well, that was it - the device in the host seems no more to be default up in my Yakkety07:34
jamespagecpaelzer, is this the port connected to the outside world?07:35
cpaelzerjamespage: yes07:35
cpaelzerjamespage: in the past it was always up by default it seems - at least I never had to do anything07:35
jamespagecpaelzer, its always been dependent on the OS to up the interface - ovs won't ever do that07:35
jamespageip link set <interface> up07:35
cpaelzerjamespage: sure, that is what I added07:35
jamespagemaybe the switch to networkd ?07:35
cpaelzerjamespage: yeah, something like that might be the root cause07:35
cpaelzerjamespage: I already checked, but it is neither libvirts task when starting the network07:36
cpaelzerjamespage: it doesn't know the ext port to be added later07:36
cpaelzerjamespage: so as you say it is OS/Admins task - I was just in the pitfall of this being different now07:36
* cpaelzer is now out of the pit and ready for the next07:36
=== pavlushka is now known as Guest6734
=== Guest6734 is now known as pavlushka
Drecondiushellooooooooo, I have this really weird issue that makes no sense to me at all, I can log into my machine through ssh with no problem at all. but when I hook up a monitor and keyboard to the physical machine i have no access, just a blank screen, do i need to remove the ssh server and just leave client on it or did I goof something up bad?10:29
Drecondiusbtdubs, my google-fu is rusty and needs some work i'll readily admit, but I'm stumped, and so is google.10:30
ducasseDrecondius: what kind of gpu?10:31
Drecondiusonboard10:32
ducasseDrecondius: intel?10:32
Drecondiusintel i believe, the catch is I have display when running the installer10:32
Drecondiusand I'm ssh'd into my machine right now, but if I run team  viewer or go turn on the monitor and bang 30 or so keys there still isn't a login prompt10:33
ducasseDrecondius: not sure. do you see boot messages or just the grub menu?10:33
Drecondiusno messages10:33
Drecondiusi do catch the loading screen on occasion10:34
Drecondiusbut it's the splash screen after it loads the system, it's like the gpu is turned off almost10:34
Drecondiusbut I can go in there and boot my usb with the server installer on it and have full (relative term here) video10:35
ducasseDrecondius: edit /etc/default/grub, replace 'quiet splash' with 'text'. then run update-grub and reboot.10:36
Drecondiusback in a moment10:39
Drecondiusso the quiet splash was interfering with the framebuffer?10:40
ducasseDrecondius: tbh, i'm just guessing what causes this, but i had the same problem on my home file server :)10:44
=== _degorenko is now known as degorenko
DrecondiusWhich brings me to another question, How can i setup this server to accept ftp transfers?10:47
Drecondiusrun a samba daemon?10:48
Drecondiusor something easier lol10:48
Drecondiuslemme check first10:48
ducasseDrecondius: for ftp you need an ftp daemon, but consider sftp instead10:49
cpaelzerjamespage: are you also pushing OVS 2.5.1 into xenial since it was release along12:08
cpaelzerjamespage: and if so if you want a verify of the DPDK bits against a ppa let me know where you have it12:09
cpaelzerwell atm I'd need to redeploy my test system to xenial for that12:09
cpaelzerbut I expect that we rush all yakkety things first and then you'll get to 2.5.1 right?12:09
=== jelly-home is now known as jelly
=== sikun_ is now known as txeru
=== niedbalski_ is now known as niedbalski
=== setkeh is now known as KiraYameto
jamespagecoreycb, ddellav: swift 2.10.0 release 2 days ago13:30
coreycbjamespage, I'll get that, ironic, and any new rc2's today13:32
jamespagecoreycb, super13:32
jamespagethanks13:32
jamespagecoreycb, I did networking-ovn and I'm about to tidy vmware-nsx as well13:32
coreycbjamespage, awesome13:32
=== KiraYameto is now known as setkeh
=== notpratch is now known as pratch
crazyadmim using ubuntu server14:11
crazyadmis there a command line torrent downloader that works with magnet14:12
ducassecrazyadm: ask in #ubuntu, better chance of answer14:22
dlloyddeluge14:25
crazyadmdeluge is cmi?14:28
crazyadmi don't have gui14:28
dlloydthere is a deluge-cli package iirc14:29
dlloyddeluge-console14:29
ddellavrtorrent14:32
ddellavthough i don't know about magnet14:32
nacccoreycb: iirc, you said you had a handle on the cinder ftbfs (http://qa.ubuntuwire.org/ftbfs/test-rebuild-20160916-yakkety.html#ubuntu-server) -- do you also have fixes en-route for nova and nova-lxd?15:08
coreycbnacc, thanks for the nudge. I'll handle those.15:13
nacccoreycb: thank you!15:13
coreycbbeisner, python-novaclient was just accepted into xenial-proposed with the fix for bug 155907216:01
ubottubug 1559072 in python-cinderclient "[SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"" [Undecided,New] https://launchpad.net/bugs/155907216:01
jamespagebug 160893416:14
ubottubug 1608934 in OpenStack Compute (nova) mitaka "ephemeral/swap disk creation fails for local storage with image type raw/lvm" [High,In progress] https://launchpad.net/bugs/160893416:14
rattkingHello does anyone have any experience using syslog-ng on 16.04? I am finding that the kernel boot messages are not being logged in syslog-ng, and if I add /proc/kmsg as a source the log lines from boot come in out of order with other log messages16:30
patdk-wkrattking, likely a systemd issue16:43
rattkinglol yeah.. I had a feeling like it had something to do with journald16:44
coreycbnacc, for the nova and nova-lxd ftbfs, the new versions in -proposed will fix those17:01
nacccoreycb: great, thanks for following up17:02
coreycbnacc, np17:02
naccjgrimm: --^ making slow and steady progress then, i think we're down to 10-11 total17:02
jgrimmnacc great!17:02
km0rzHello everyone, just dipping my toes into Linux for the first time in a lab at home. I'm currently trying to get internal DNS configured on ubuntu-16.04.1 server, so far I've got it resolving the one internal "lab" zone i created. What i was wondering is it possible for it to reply authoritatively for the one zone i've configured, but forward on all other DNS requests externally?17:27
electriclewisyes17:34
electriclewisI find easiest way to configure DNS for home is to use webmin17:35
genii!webmin17:35
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.17:35
genii...just FYI17:35
electriclewisouch17:36
electriclewiswhat should I use instead?17:36
km0rzI was reading that I should be able to do a "Hybrid" mode, where i can host primary zones but also forward17:39
km0rzbut when i turned on forwarders my one primary zone that was working, stopped17:39
electriclewisOK, so apparently webmin was bad in 2008 but since 2012 it's fine with Debian and Ubuntu.  Is this wrong?17:47
beisnercoreycb, tyvm17:56
Walexelectriclewis: it has improved a lot, but I prefer non-graphical configuration18:07
electriclewisWalex I do for most things too, but DNS files are a PITA18:12
patdk-wkwhy would you touch a dns file?18:14
patdk-wkwhat is a dns file?18:14
=== degorenko is now known as _degorenko
coreycbddellav, jamespage: I just uploaded a bunch of rc2's for newton as well as new swift, ironic, and synced python-swiftclient18:21
ThePentesteranyone with experince in mailing ?!20:13
GorianI have a lot of experience in receiving mail20:21
Gorianboth physical AND virtual20:21
jgrimmnacc, can you kindly nominate 1611923/pythond-django for xenial?20:27
naccack20:28
jgrimmthanks!20:28
naccjgrimm: i think your update was meant to go against the original description, though?20:29
jgrimmnacc, doh, thanks20:29
naccjgrimm: np, task opened btw20:29
Ussathttps://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet22:13
OerHeksUssat, oef, ugly one.22:14
OerHeksDid you verify?22:15
Ussatyup22:15
UssatRHEL, Cent and Ubuntu 16.04 LTS system22:15
Ussatall verified on22:15
OerHekslets wait for reactions here :-)22:15
Ussatfortunatelt my systems locked down pretty tight, but still22:16
OerHeksmaybe worth a bugreport, i am looking for simular now.22:16
Ussatbecause, ya know, everything should run as 1 pid22:17
Ussat...22:17
OerHekshttps://bugs.launchpad.net/ubuntu/+source/systemd/+bug/162868722:17
ubottuLaunchpad bug 1628687 in systemd (Ubuntu Yakkety) "Assertion failure when PID 1 receives a zero-length message over notify socket" [Undecided,Confirmed]22:17
OerHeksthank you for reporting, Ussat , maybe you can confirm this one.22:17
Ussatits the same22:18
OerHeksthen 'affects 1 person will be 2.22:18
UssatThat is the same bug22:19
OerHeksOh you are already on it?22:20
UssatI saw that earlier is all22:20
OerHekshmm even as non-root user.22:26
tomreynis thit is cross-user then it's a security vulnerability (denial of service) and should be tagges security22:26
tomreyn*tagged22:26
tomreynwhich should then get it the attention it (then) deserves22:27
tomreyn*if this22:27
tomreynsorry about the spelling ;)22:28
OerHeksCVE is requested now.22:32
tomreyni just realized22:33
OerHeks"It is unfortunate that this was not handled using a 'responsible disclosure' process. "  true, this channel is logged :-(22:43

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!