[01:36] <WhoAmi00> Hey guys
[01:36] <WhoAmi00> does letsencrypt TLS cert works with postfix
[01:36] <WhoAmi00> i'm using it but gmail shows that messages are not encrypted
[01:36] <WhoAmi00> does the problem in my configuration or we need a S/MIME cert to avoid the red lock on google
[01:36] <WhoAmi00> please help
[01:36] <sarnold> does gmail provide any details about which specific server contacting them wasn't using starttls?
[01:37] <sarnold> are you confident your server is contacting gmail's servers directly?
[01:37] <WhoAmi00> i'm using openssl to send message to my gmail account
[01:37] <sarnold> does tcpdump or wireshark show plaintext or encrypted?
[01:37] <sarnold> ahhhh
[01:37] <WhoAmi00> openssl s_client -connect 127.0.0.1:465
[01:37] <sarnold> oh
[01:37] <sarnold> that's still just to your server
[01:37] <WhoAmi00> i want to know does we need a
[01:38] <WhoAmi00> S/MIME cert for that
[01:38] <WhoAmi00> or the problem is in my configuration
[01:38] <sarnold> no, almost no one uses s/mime, google wouldn't make any headway if they wanted to force that :)
[01:38] <sarnold> the little red broken lock icon is when the last SMTP server that talks to google doesn't use STARTTLS when negotiating an ESMTP connection
[01:39] <WhoAmi00> so why it shows that the message are not encrypted ?!
[01:39] <WhoAmi00> i have reinstall everything
[01:39] <WhoAmi00> this time i have reinstalled the OS
[01:39] <WhoAmi00> and installed only postfix and letsencrypt
[01:39] <WhoAmi00> with default configuration still nothing
[01:41] <nicola> hj
[02:57] <RustyShackleford> how do you back up private keys?
[02:58] <RustyShackleford> do you only keep one copy? It would be pretty bad if you lost it
[06:48] <cpaelzer_> jamespage: do you know of any changes to the 2.6 ovs that forces one to configure differently?
[06:48] <cpaelzer_> jamespage: the way I used to connect my guests no more gets them out to the network
[06:49] <cpaelzer_> used libvirt to set them up with a openvswitch type network and a refernce to that in the guest xml
[06:49] <cpaelzer_> the device still appears, but it seemt to have no connection
[06:50] <cpaelzer_> the host reports the status of the ovs bridge as it did in the past
[06:50] <cpaelzer_> jamespage: just let me know if you are aware of any to-be-expected changes that have to be done differently
[06:50] <cpaelzer_> btw - no dpdk involved yet
[07:06] <thekrynn> does anyone know why the find command might be brutally slow when used on a directory over NFS as compared to locally on the machine that's hosting it
[07:07] <cpaelzer_> thekrynn: find mostly does read metadata on the fs which is mostly from memory on the local system
[07:08] <cpaelzer_> thekrynn: it can't be fully from memory on a NFS setup, so you get network latencies in between which are >>> memory latencies
[07:09] <thekrynn> yuck.. so it almost makes more sense doing a find and making the file list locally on the machine and grabbing that remotely via NFS instead?
[07:12] <hateball> or use some sort of indexing
[07:15] <cpaelzer_> jamespage: I'm dropping the breadcrumbs I found while debugging here - you let me know if anything rings a bell (other than my IRC messages in your chat lcient)
[07:16] <cpaelzer_> jamespage: it seems that the host network interface that is connected to the OVS is "down" on yakkety
[07:16] <cpaelzer_> jamespage: on Xenial something brought it up (as least I didn't before)
[07:16] <cpaelzer_> jamespage: I upped the ext interface on the host which got it doing "something" at least
[07:16] <cpaelzer_> jamespage: killing all outstanding dhcp processes and starting a fresh one gave me networking
[07:17]  * cpaelzer_ goes stop/starting the guest to see what survives
[07:17] <cpaelzer_> oh I have a _
[07:17] <cpaelzer> better
[07:34] <cpaelzer> jamespage: well, that was it - the device in the host seems no more to be default up in my Yakkety
[07:35] <jamespage> cpaelzer, is this the port connected to the outside world?
[07:35] <cpaelzer> jamespage: yes
[07:35] <cpaelzer> jamespage: in the past it was always up by default it seems - at least I never had to do anything
[07:35] <jamespage> cpaelzer, its always been dependent on the OS to up the interface - ovs won't ever do that
[07:35] <jamespage> ip link set <interface> up
[07:35] <cpaelzer> jamespage: sure, that is what I added
[07:35] <jamespage> maybe the switch to networkd ?
[07:35] <cpaelzer> jamespage: yeah, something like that might be the root cause
[07:36] <cpaelzer> jamespage: I already checked, but it is neither libvirts task when starting the network
[07:36] <cpaelzer> jamespage: it doesn't know the ext port to be added later
[07:36] <cpaelzer> jamespage: so as you say it is OS/Admins task - I was just in the pitfall of this being different now
[07:36]  * cpaelzer is now out of the pit and ready for the next
[10:29] <Drecondius> hellooooooooo, I have this really weird issue that makes no sense to me at all, I can log into my machine through ssh with no problem at all. but when I hook up a monitor and keyboard to the physical machine i have no access, just a blank screen, do i need to remove the ssh server and just leave client on it or did I goof something up bad?
[10:30] <Drecondius> btdubs, my google-fu is rusty and needs some work i'll readily admit, but I'm stumped, and so is google.
[10:31] <ducasse> Drecondius: what kind of gpu?
[10:32] <Drecondius> onboard
[10:32] <ducasse> Drecondius: intel?
[10:32] <Drecondius> intel i believe, the catch is I have display when running the installer
[10:33] <Drecondius> and I'm ssh'd into my machine right now, but if I run team  viewer or go turn on the monitor and bang 30 or so keys there still isn't a login prompt
[10:33] <ducasse> Drecondius: not sure. do you see boot messages or just the grub menu?
[10:33] <Drecondius> no messages
[10:34] <Drecondius> i do catch the loading screen on occasion
[10:34] <Drecondius> but it's the splash screen after it loads the system, it's like the gpu is turned off almost
[10:35] <Drecondius> but I can go in there and boot my usb with the server installer on it and have full (relative term here) video
[10:36] <ducasse> Drecondius: edit /etc/default/grub, replace 'quiet splash' with 'text'. then run update-grub and reboot.
[10:39] <Drecondius> back in a moment
[10:40] <Drecondius> so the quiet splash was interfering with the framebuffer?
[10:44] <ducasse> Drecondius: tbh, i'm just guessing what causes this, but i had the same problem on my home file server :)
[10:47] <Drecondius> Which brings me to another question, How can i setup this server to accept ftp transfers?
[10:48] <Drecondius> run a samba daemon?
[10:48] <Drecondius> or something easier lol
[10:48] <Drecondius> lemme check first
[10:49] <ducasse> Drecondius: for ftp you need an ftp daemon, but consider sftp instead
[12:08] <cpaelzer> jamespage: are you also pushing OVS 2.5.1 into xenial since it was release along
[12:09] <cpaelzer> jamespage: and if so if you want a verify of the DPDK bits against a ppa let me know where you have it
[12:09] <cpaelzer> well atm I'd need to redeploy my test system to xenial for that
[12:09] <cpaelzer> but I expect that we rush all yakkety things first and then you'll get to 2.5.1 right?
[13:30] <jamespage> coreycb, ddellav: swift 2.10.0 release 2 days ago
[13:32] <coreycb> jamespage, I'll get that, ironic, and any new rc2's today
[13:32] <jamespage> coreycb, super
[13:32] <jamespage> thanks
[13:32] <jamespage> coreycb, I did networking-ovn and I'm about to tidy vmware-nsx as well
[13:32] <coreycb> jamespage, awesome
[14:11] <crazyadm> im using ubuntu server
[14:12] <crazyadm> is there a command line torrent downloader that works with magnet
[14:22] <ducasse> crazyadm: ask in #ubuntu, better chance of answer
[14:25] <dlloyd> deluge
[14:28] <crazyadm> deluge is cmi?
[14:28] <crazyadm> i don't have gui
[14:29] <dlloyd> there is a deluge-cli package iirc
[14:29] <dlloyd> deluge-console
[14:32] <ddellav> rtorrent
[14:32] <ddellav> though i don't know about magnet
[15:08] <nacc> coreycb: iirc, you said you had a handle on the cinder ftbfs (http://qa.ubuntuwire.org/ftbfs/test-rebuild-20160916-yakkety.html#ubuntu-server) -- do you also have fixes en-route for nova and nova-lxd?
[15:13] <coreycb> nacc, thanks for the nudge. I'll handle those.
[15:13] <nacc> coreycb: thank you!
[16:01] <coreycb> beisner, python-novaclient was just accepted into xenial-proposed with the fix for bug 1559072
[16:14] <jamespage> bug 1608934
[16:30] <rattking> Hello does anyone have any experience using syslog-ng on 16.04? I am finding that the kernel boot messages are not being logged in syslog-ng, and if I add /proc/kmsg as a source the log lines from boot come in out of order with other log messages
[16:43] <patdk-wk> rattking, likely a systemd issue
[16:44] <rattking> lol yeah.. I had a feeling like it had something to do with journald
[17:01] <coreycb> nacc, for the nova and nova-lxd ftbfs, the new versions in -proposed will fix those
[17:02] <nacc> coreycb: great, thanks for following up
[17:02] <coreycb> nacc, np
[17:02] <nacc> jgrimm: --^ making slow and steady progress then, i think we're down to 10-11 total
[17:02] <jgrimm> nacc great!
[17:27] <km0rz> Hello everyone, just dipping my toes into Linux for the first time in a lab at home. I'm currently trying to get internal DNS configured on ubuntu-16.04.1 server, so far I've got it resolving the one internal "lab" zone i created. What i was wondering is it possible for it to reply authoritatively for the one zone i've configured, but forward on all other DNS requests externally?
[17:34] <electriclewis> yes
[17:35] <electriclewis> I find easiest way to configure DNS for home is to use webmin
[17:35] <genii> !webmin
[17:35] <genii> ...just FYI
[17:36] <electriclewis> ouch
[17:36] <electriclewis> what should I use instead?
[17:39] <km0rz> I was reading that I should be able to do a "Hybrid" mode, where i can host primary zones but also forward
[17:39] <km0rz> but when i turned on forwarders my one primary zone that was working, stopped
[17:47] <electriclewis> OK, so apparently webmin was bad in 2008 but since 2012 it's fine with Debian and Ubuntu.  Is this wrong?
[17:56] <beisner> coreycb, tyvm
[18:07] <Walex> electriclewis: it has improved a lot, but I prefer non-graphical configuration
[18:12] <electriclewis> Walex I do for most things too, but DNS files are a PITA
[18:14] <patdk-wk> why would you touch a dns file?
[18:14] <patdk-wk> what is a dns file?
[18:21] <coreycb> ddellav, jamespage: I just uploaded a bunch of rc2's for newton as well as new swift, ironic, and synced python-swiftclient
[20:13] <ThePentester> anyone with experince in mailing ?!
[20:21] <Gorian> I have a lot of experience in receiving mail
[20:21] <Gorian> both physical AND virtual
[20:27] <jgrimm> nacc, can you kindly nominate 1611923/pythond-django for xenial?
[20:28] <nacc> ack
[20:28] <jgrimm> thanks!
[20:29] <nacc> jgrimm: i think your update was meant to go against the original description, though?
[20:29] <jgrimm> nacc, doh, thanks
[20:29] <nacc> jgrimm: np, task opened btw
[22:13] <Ussat> https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
[22:14] <OerHeks> Ussat, oef, ugly one.
[22:15] <OerHeks> Did you verify?
[22:15] <Ussat> yup
[22:15] <Ussat> RHEL, Cent and Ubuntu 16.04 LTS system
[22:15] <Ussat> all verified on
[22:15] <OerHeks> lets wait for reactions here :-)
[22:16] <Ussat> fortunatelt my systems locked down pretty tight, but still
[22:16] <OerHeks> maybe worth a bugreport, i am looking for simular now.
[22:17] <Ussat> because, ya know, everything should run as 1 pid
[22:17] <Ussat> ...
[22:17] <OerHeks> https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1628687
[22:17] <OerHeks> thank you for reporting, Ussat , maybe you can confirm this one.
[22:18] <Ussat> its the same
[22:18] <OerHeks> then 'affects 1 person will be 2.
[22:19] <Ussat> That is the same bug
[22:20] <OerHeks> Oh you are already on it?
[22:20] <Ussat> I saw that earlier is all
[22:26] <OerHeks> hmm even as non-root user.
[22:26] <tomreyn> is thit is cross-user then it's a security vulnerability (denial of service) and should be tagges security
[22:26] <tomreyn> *tagged
[22:27] <tomreyn> which should then get it the attention it (then) deserves
[22:27] <tomreyn> *if this
[22:28] <tomreyn> sorry about the spelling ;)
[22:32] <OerHeks> CVE is requested now.
[22:33] <tomreyn> i just realized
[22:43] <OerHeks> "It is unfortunate that this was not handled using a 'responsible disclosure' process. "  true, this channel is logged :-(