/srv/irclogs.ubuntu.com/2016/10/19/#ubuntu-server.txt

Geomis unfrar-free=unrar?00:06
Ben64yes00:09
Guest4915anyone able to help out with this question of mine? anyone able to help out with this ? http://askubuntu.com/questions/838981/local-apt-mirror-says-release-cant-be-found-but-its-there-what-am-i-missing01:10
=== Guest4915 is now known as gorelative1
tarpmanGuest46640: trying to reach https://apt.devita.co/puppet to have a look at the files, but it's timing out01:17
tarpmangorelative1: sorry, tab-complete fail ^01:18
gorelative1probably dns01:18
tarpmanapt.devita.co is an alias for devita.co.01:18
tarpmandevita.co has address 68.2.71.6601:18
gorelative1yeah add an alias to that ip01:19
gorelative1its up i just got to it externally01:19
gorelative1make sure itse https01:19
tarpmancan see it now, looking01:20
gorelative1thanks01:20
gorelative1tag me when you rsepond, im windowed out01:20
tarpmangorelative1: looks like your webserver isn't sending the intermediate certificate01:26
gorelative1its self signed internally it resolves right here in the lan01:27
gorelative1and thats actually a comodo wildcard cert01:28
tarpmangorelative1: the end certificate is fine, the root is fine and is in ca-certificates, it's the intermediate in between that's missing01:29
gorelative1hmm01:30
tarpmangorelative1: but that's different from the error you pasted, so I'll bypass that and carry on01:30
gorelative1yah01:30
gorelative1i dont think thats it because i dont get ssl warnigns on the server01:32
tarpmangorelative1: after bypassing the ssl problem and adding the gpg key, I'm getting:01:34
tarpmanE: Failed to fetch https://apt.devita.co/puppet/dists/xenial/PC1/binary-all/Packages  404  Not Found01:34
gorelative1what key did you add, what are those commands?01:34
tarpmansources.list entry is01:34
tarpmandeb https://apt.devita.co/puppet xenial PC1 main01:34
tarpmankey was https://apt.puppetlabs.com/DEB-GPG-KEY-puppet01:35
tarpmangorelative1: copied the sources.list from your askubuntu verbatim, and that's the only error I'm seeing - not seeing the error you originally posted at all :\01:37
gorelative1hmm01:37
gorelative1ran wget -qO - https://apt.puppetlabs.com/DEB-GPG-KEY-puppet | sudo apt-key add -01:37
gorelative1tried apt-get update agsin01:38
gorelative1https://gist.github.com/mikedevita/32288c4a6b87a24438cc83c64a593a8601:38
gorelative1if you look Packages is indeed missin01:39
gorelative1binary-amd64 is the onyl one there01:39
tarpmangorelative1: fine, but I don't get why you and I are getting different results. is your webserver/repo config at all different internally vs externally?01:41
gorelative1nope01:41
gorelative1its just nginx01:41
gorelative1could my apt be caching something?01:41
tarpmangorelative1: try apt-get -o Debug::acquire::https=1 update01:42
tarpmangorelative1: yeah, there's probably some sort of caching - clear out /var/lib/apt/lists if you want to be sure01:43
gorelative1https://gist.github.com/mikedevita/0ecff235d736e5e9f4d6c26b0a0dfe0301:43
tarpmangorelative1: hmm. do you have the ca-certificates package installed?01:44
gorelative1yeah i need to add the intermediate looks like01:44
gorelative1let me switch to http:// and see how it does01:44
tarpmangorelative1: the intermediate is one issue, sure, but the gist you just put up looks like your /etc/ssl/certs/ca-certificates.crt is screwed up01:45
tarpmangorelative1: if you don't have ca-certificates installed, install it; if you do, maybe run update-ca-certificates to regenerate that01:45
gorelative1https://gist.github.com/mikedevita/0ecff235d736e5e9f4d6c26b0a0dfe0301:46
gorelative1it throws warning01:46
gorelative1i removed the ca's i added01:46
gorelative1errors went away for update-ca-certificates01:47
gorelative1looks like my ca's are messed up01:47
tarpmangorelative1: so apt-get update gets as far as mine did now?01:48
gorelative1no lol01:48
tarpman:<01:48
gorelative1i even changed sources.list  to use http and its still trying to use https01:48
gorelative1i think hold on01:48
gorelative1im forcing ssl01:49
gorelative1k no errors with http01:49
gorelative1so its the CAs i added01:49
gorelative1gd comodo01:50
tarpmangodaddy and comodo? those are both normally part of the default root list anyway...01:51
gorelative1namecheap01:51
gorelative1not part of apparently lol01:51
gorelative1no ca included and it fails01:51
gorelative1with https01:51
gorelative1ill combine the ca chain with my cert and see what that does01:52
tarpmangorelative1: popping out for a bit, back later if you get stuck again01:57
gorelative1tarpman, looks like the ca chain is borked and i cant get it to work :\ i just moved to http://02:02
gorelative1using the latest chain from namecheap with cat'ing it together domain.crt ca-bundle.crt > domain-full.crt02:03
gorelative1https://www.ssllabs.com/ssltest/analyze.html?d=apt.devita.co02:03
gorelative1had to add [arch=all] to apt-mirror list to get the binary-all02:06
gorelative1thanks gain tarpman i set your answer as the right one02:38
pavlosuvt-kvm: error: libvirt: Domain not found: no domain with matching name 'secondttest'06:55
pavloswhen trying to create a vm using uvtools06:55
pavlosusing this page ... https://help.ubuntu.com/lts/serverguide/cloud-images-and-uvtool.html07:02
pavlosvirsh all shows both firsttest and secondtest running07:03
JavezimAnyone have an issue where ISCSITARGET maxes out 100% of one CPU Core?07:44
JavezimAs soon as a windows client connects to it, bam, 100% CPU Core07:45
Javezimand it locks up07:45
=== smb` is now known as smb
=== smb is now known as Guest48400
=== jamespag` is now known as jamespage
=== Guest48400 is now known as smb
=== smb is now known as Guest7110
zuljamespage/coreycb: ping zesty isnt open yet, where should we stuff stuff for when its ready?13:16
coreycbzul, I think you can upload and it'll sit in the queue for now13:17
coreycbzul, we can also upload to the daily build ppas to get CI working13:17
zulack13:18
coreycbzul, https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/ocata13:18
coreycbzul, I'm going to start working through ci failures13:18
zulcoreycb: just packaging a new dependency13:18
coreycbzul, ah, which one?  I just noticed monasca-statsd is needed by designate13:19
zulyes that one13:19
coreycbzul, cool13:20
coreycbzul, I'll look at heat13:21
zulcoreycb: keystone needs a newer oslo.policy13:21
coreycbzul, ok13:22
zulcoreycb: hah no python3 for monasca-statsd13:43
coreycbzul, really?  it shouldn't have made it through global-requirements review if that's the case.13:43
zulcoreycb: yeah that file is empty13:44
coreycbzul, I'd open a bug13:44
zulcoreycb: https://bugs.launchpad.net/monasca/+bug/163490113:46
ubottuLaunchpad bug 1634901 in Monasca "monasca-statsd" [Undecided,New]13:46
zulcoreycb: monasca-statsd uploaded to the ppa13:57
coreycbzul, great. are you pushing that repo to ubuntu-server-dev?13:59
zulcoreycb: yeah sure13:59
coreycbzul, ok14:00
zulcoreycb: how?14:00
coreycbzul, I'd model it after the existing packages and use this workflow: https://wiki.ubuntu.com/OpenStack/CorePackages14:01
zullp:~ubuntu-server-dev/ubuntu/+source/monasca-statsd14:26
=== oxynom is now known as elrohim
Bravenis there away to control if an interface registers in DNS16:05
swebwhat's the best solution for  high availability in ubuntu servers ?17:08
=== iberezovskiy is now known as iberezovskiy|off
andolsweb: That's entirely service specific.17:33
swebandol: i read somthing about bgp anycast ... can i run this solution by software ? or i need hardware and ISP configuration ?17:34
swebi used DNS round robin (multiple A record) but seems be it's not for HA17:34
swebi need the solution can be used entirely with software (Operation System and Software)17:35
andolsweb: Had you been doing your own BGP you would very likely have known that. So yeah, an anycast solution would require the assistance of your ISP,17:38
andolsweb: Having a DNS failover is valuable as a much-better-than-nothing alternative when an entire site falls down. Yet, there is a lot to gain by making each individual site more resilient.17:40
swebandol: best solution is Dns round robin ... cause end user can better find out which server can accessible ... butin solutoin like dns health checker will be check server network from server to server and that's not good enough ... but i can find out why this good soltion is not implemented well on clients like wget ... modern browsers use it but with long timeout check17:42
Logos01Howdy, folks. Anyone have a notion as to why an Ubuntu 16.04 box created via Vagrant would fail to generate its ssh host keys upon first startup?17:43
andolLogos01: As in it has no ssh host keys, or as it doesn't get a new unique one?17:45
Logos01andol: As in it somehow winds up with none and doesn't generate any.17:45
andolLogos01: Sounds like a problem with a particular box? Not seeing that issue with the official Ubuntu boxes.17:46
Logos01andol: I'm using the bento repo's boxes and building them myself via packer; the initial run works fine, but once I make my local customizations and do a vagrant package, somehow the ssh keys are getting purged and they don't get created when using that box later.17:48
Logos01For now I've put a hack in place by having a oneshot service invoke a script to regenerate the keys if they're absent before SSH starts but that is peculiar.17:48
Logos01(I can't actually use the official Ubuntu boxes for a few reasons one of which being that they only support Virtualbox.)17:49
andolAfraid I don't know Packer well enough to help you there.17:50
Logos01andol: It's possible that the "Vagrant Package" command strips the keys out but that's irritating.17:51
andolNot a big fan of VirtualBox either, but a while back I decided that my Vagrant usage would become so much easier if I just accepted having VirtualBox in the background.17:51
Logos01andol: I've been doing alright with libvirt mostly.17:51
=== Ussat is now known as WeAreScrewed2016
Logos01I suspect I'd have this problem no matter what though because if it's anywhere that it's breaking down, it's the packaging process.17:51
coreycbzul, jamespage, ddellav: ok I think we're all populated: https://code.launchpad.net/~ubuntu-server-dev/+git19:04
coreycbthe new repos will need new upstream releases before they're useful.   pristine-tar and upstream branches are empty right now.19:05
zulcoreycb: can you put the script somewhere so if you did miss anything then we can rerun19:05
coreycbzul, sure19:05
zulcoreycb:  sweet....lets get busy19:05
zulrhetorically19:05
coreycbawkward silence19:06
zulheh19:06
coreycb:)19:06
=== Mundus2018_ is now known as mundus2018
coreycbzul, https://github.com/coreycb/pkg-scripts/blob/master/pkg-lp-to-ubuntu-server-dev19:13
nacccoreycb: zul: fwiw, have you looked at https://wiki.ubuntu.com/UbuntuDevelopment/Merging/GitWorkflow ?19:14
naccit's what the server team is using for managing source packages in git19:14
coreycbnacc, no but I've been meaning to19:14
nacccoreycb: :)19:14
coreycbnacc, thanks for the reminder :)19:15
nacci'm going to be sending a follow-up e-mail today hopefully to the MLs, with the latest developments, etc19:15
naccit's not in and of itself dgit/gbp compatible necessarily (no pristine-tar branch, etc.), but i'm open to feedback and comments :)19:17
rbasakThe difference here is that coreycb is the source of the packaging, rather than a consumer as in most of the packages our team looks after.19:27
rbasakHe might still find git-dsc-commit useful if another Ubuntu developer uploads without using the official git tree.19:28
rbasakBut otherwise, I'm not sure our workflow makes sense for him. He doesn't do merges, for example, only new upstream versions.19:28
naccrbasak: ah ok19:32
coreycbrbasak, nacc: this might be useful to us, thanks for sharing.  we do a little bit of merging.  one of the issues we have is that new releases of openstack are developed in experimental, so we don't get any merge-o-matic benefits.19:41
BravenMy servers are multihomed. They have two network interfaces.  I only want to register Interface One in Windows DNS and not register interface two.  I have created a static entry on Windows DNS server using Interface One's IP.  But since the servers are part of Active Directory, they can up date their DNS record and the servers are randomly updating DNS with Interface TWO's IP. I would like to know if I can prevent19:43
Braven the servers from updating DNS with Interface TWO's IP.19:43
tarpmanBraven: I'm not aware of anything on the ubuntu side that would be automatically updating DNS. normally that's done by the DHCP server as part of handling the DHCP request.19:44
BravenI have network trace show it19:44
Braventhe IP are static19:45
=== NegativeFlare_ is now known as NegativeFlare
Bravenso there is no setting in ubuntu that say do not update DNS with this IP19:45
Bravenor do not register this IP in dns19:46
tarpmanI don't know. the fact that it would be doing it at all is news to me19:46
tarpmanshutting up now, sorry I don't know enough about that to help19:46
Bravenin windows u just uncheck a box19:47
nacccoreycb: we import anyting that launchpad sees as published, so experimental, if used does get picked up19:52
nacccoreycb: if you want to send me a source pacakge, i can do a test import for you to see what the tree looks like19:52
nacc*source package name19:52
rbasakBraven: how are you configuring the network? /etc/network/interfaces? If using DHCP, then the configuration of dhclient might be relevant here. But I didn't think it did DNS updates by default.19:56
rbasakMy guess would be that the Windows side is doing it in your case.19:56
rbasakI'd look into the configuration of your Windows DHCP server.19:57
coreycbnacc, thanks. let me get back to you.  i want to use a package that needs a merge so I can go through the workflow.19:57
rbasakBut if you're using DHCP on the Ubuntu side, you can definitely tweak pretty much the entire DHCP request process in dhclient's configuration.19:57
nacccoreycb: ack, sounds good19:58
Bravenrbasak: interface ONE is using MAAS for DHCP20:07
Bravensorry I mean interface TWO is using MAAS for DHCP20:08
Bravenrbasak: are familiar with MAAS?20:12
BravenI am I the only person on earth does not want ubuntu to register itself in windows DNS server20:54
SmurphyI am using linux servers for everything. why?20:58
SmurphyOnly, I don't use Windows to screw my network. I configure the linux servers as being authoritative, and Windows has nothing to say. Period.20:59
SmurphyIt works.20:59
patdk-lapbraven, yes21:54
patdk-lapit's normal for a dhcp client to resgister itself wit hthe authorative dns server for what it was assigned21:55
patdk-lapdoesn't matter if it is windows or any other server21:55
=== Guest46640 is now known as IdleOne
naccrbasak: one thing i meant to say earlier; even if not directly useful to coreycb, I think based upon smoser's experience, it is pretty handy to have a `git blame` for files ina  source package :) and i was basing it purely off looking at the script linked to and it resembles in some ways what the importer does (for the latest version, at least)22:37
echosystmhi guys22:53
=== Jordan_U_ is now known as Jordan_U
echosystmi need to run a DNS server for a delegated subdomain22:53
echosystmall i need is some A records22:54
echosystmwhat is the easiest way to do this? i'd like to avoid bind if possible22:54
echosystmare any alternatives worth investigating? nsd? ??22:54
mwhudsoncan an ~ubuntu-server admin subscribe the team to bugs on https://launchpad.net/ubuntu/+source/golang-1.723:21
rbasakmwhudson: should that still be an ~ubuntu-server thing or should it be foundations now?23:23
rbasakjgrimm: ^23:23
mwhudsonrbasak: good point23:23
rbasakI don't want to block you though. Shall I do it anyway, and you can think/ask about it?23:24
rbasakGiven that previously the previous version is already ~ubuntu-server.23:24
mwhudsonrbasak: would be nice23:28
mwhudsoni mean, in practice i'm going to handle the bugs and i'm subscribed already23:29
mwhudsonbut this is about what if i am MIA23:29
mwhudsonsuch as e.g. paternity leave...23:29
naccrbasak: jgrimm: http://paste.ubuntu.com/23351245/23:34
naccfrom http://paste.ubuntu.com/23351249/23:34
naccadding vcs to the update-maintainer parameters23:34
rbasakmwhudson: done, though it looks like foundations are already subscribed?23:49
mwhudsonrbasak: yeah, turns out i could do that myself23:50
mwhudsonrbasak: just wanted to make it match golang-1.6, if we decide something different is more appropriate we should change both i guess23:50
rbasakOK23:50
rbasakThat makes sense.23:51
notuvois self-hosting an email server difficult?23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!