[00:33] <med_> smoser, I
[00:33] <med_> smoser, I'm glad you finally got your cubswin:)
[00:34] <med_> for cirros and yourself.
[00:58] <smoser> med_, https://git.launchpad.net/cirros/commit/?id=9a7c371ef329cf78f256d0a5a8f475d9c57f5477
[00:59] <smoser> 0.4 series will include a new password. i would never do something like that just for fun, as it definitely causes pain
[00:59] <med_> xlnt!!!
[00:59] <smoser> but bug 1454144 seemed legit for people.
[00:59] <sarnold> fun :)
[01:02]  * med_ was actually using cirros when he posted above... validating some metadata service changes in openstack
[02:29] <arooni> hey everyone
[03:48] <CodeMouse92> I'm going a little crazy, and hoping someone can help. I am using Phabricator, and it's sending a POST request to somewhere else. That works fine with HTTP, but when it tries to do the same with the HTTPS URL (which I confirmed works and has a valid cert), it returns "HTTP 60" in head. What is going on?
[04:27] <RoyK> CodeMouse92: bhat's not really related to ubuntu - I guess the same issue should arise on other platforms as well
[04:28] <CodeMouse92> RoyK: Okay, well, I thought I'd ask somewhere where people knew this stuff well. Anyway, I'm just working around it for now.
[04:28] <RoyK> try #Phabricator
[04:47] <CodeMouse92> RoyK: Was already there
[04:48] <CodeMouse92> Thanks for the help. Heading out
[10:48] <sat_> Hi, does anyone here have experience with LVM2 and dm-cache on 16.04?
[10:48] <sat_> I tried to set it up on 14.04 and it works with: ➜  ~ sudo lvconvert --type cache-pool --poolmetadata vgc/lvc_meta vgc/lvc
[10:48] <sat_> But the same thing on 16.04 complains about missing dm-cache kernel module
[10:51] <sat_> ➜  ~ sudo lvconvert --type cache-pool --poolmetadata vgc/lvc_meta vgc/lvc modprobe: FATAL: Module dm-cache not found in directory /lib/modules/4.4.0-45-generic   /sbin/modprobe failed: 1   Failed to determine version of cache kernel module
[10:52] <sat_> And indeed the kernel module is nowhere in the system
[10:59] <sat_> nobody? ^^
[11:01] <ducasse> sat_: (following up from #ubuntu) those modules are present on my install.
[11:02] <ducasse> sat_: /lib/modules/4.8.0-26-generic/kernel/drivers/md/dm-cache.ko
[11:02] <sat_> ducasse: oh, you have a newer kernel
[11:03] <ducasse> sat_: sorry, this is 16.10...
[11:03] <sat_> ls -l /lib/modules/*-generic/kernel/drivers/md/dm-cache.ko  zsh: no matches found: /lib/modules/*-generic/kernel/drivers/md/dm-cache.ko
[11:03] <ducasse> sat_: let me check my 16.04 host...
[11:04] <ducasse> sat_: /lib/modules/4.4.0-45-generic/kernel/drivers/md/dm-cache.ko
[11:04] <ducasse> sat_: from linux-image-4.4.0-45-generic
[11:04] <sat_> damn... I know it should be there, but for some reason it's not
[11:05] <ducasse> sat_: reinstall the package?
[11:05] <sat_> yeah, I'm trying that now (I think I already did that) and I definitely reinstalled -extras
[11:05] <sat_> oh, it's there now
[11:06] <sat_> very very strange
[11:06] <sat_> ducasse: thanks a lot!
[11:06] <ducasse> sat_: np :)
[13:33] <zioproto> coreycb: hey there ! the neutron namespace patch is merged :)
[13:33] <zioproto> coreycb: I have seen the cherry picks
[13:33] <zioproto> I dont they will not accept the cherry pick in MItaka
[13:34] <zioproto> because it is not security related
[13:34] <zioproto> should I refresh my ubuntu merge request ??
[13:35] <zioproto> or you guys have this patch in the radar for a wider set of ubuntu ditributions ?
[13:35] <zioproto> because I can test only trusty/liberty
[14:35] <ben911> Hello, I am trying to install ubuntu server 16.04 on supermicro server (UEFI mode due to nvme drives not visible for legacy boot), booting a single drive works fine but I wish to configure everything with raid-1 like I used to do in the old MBR bootable machines.
[14:35] <ben911> For some reason I can only see the first nvme drive in the installer
[14:35] <ben911> cat /proc/partitions shows the other nvme device
[14:35] <ben911> I thought about trying to manually configure everything but the installer environment doesn't have any partition tools that I could find (fdisk/cfdisk/parted)
[14:35] <ben911> Any idea what's wrong with the installer and how come it sees only 1 drive?
[14:50] <ben911> Anyone around?
[14:55] <zul> coreycb: yeah i got a better way of doing this
[14:55] <coreycb> zul, ok let me know what you are thinking
[14:55] <coreycb> zioproto, I figured I'd at least attempt to get the mitaka one merged. yes please refresh your merge request.
[14:56] <zul> coreycb: its like having a template conf, generating the sample config and then using sed
[14:57] <coreycb> zioproto, I'll work on the mitaka and newton package updates to cherry pick the patch
[14:57] <coreycb> zul, so, using sed instead of patch?
[14:58] <zul> coreycb: yeah
[14:58] <ben911> Has anyone ever encountered a case in which partman doesn't see one of the drives?
[14:58] <ben911> (during installation)
[14:59] <coreycb> zul, that seems just as fragile or even more fragile than using patch
[14:59] <zul> coreycb: well no lemme show you
[15:22] <coreycb> zul, patching nova/common/config.py appears to be the right way to do this
[15:22] <zioproto> coreycb: I reworked the patch for Liberty, compiling ubuntu packages just now
[15:23] <coreycb> zul, the only issue is that the defaults you set in that file appear to show up commented in the generated config
[15:23] <zul> coreycb: yeah thats where the sed stuff comes in
[15:31] <zul> coreycb: something like this as well paste.ubuntu.com/23425973/
[15:32] <zul> coreycb: but you would still need the wrapper
[15:33] <zul> coreycb: patching the sample configuration is juet crazy maintenance wise
[15:39] <coreycb> zul, that approach makes sense, although we may also need to patch nova/common/config.py for options not in the nova namespace
[15:39] <coreycb> not sure what you mean by wrapper though
[15:39] <zul> coreycb:small shell script modifies the nova.conf.sample basically
[15:40] <ddellav> zul coreycb you guys talking about upstream configs for nova?
[15:41] <zul> ddellav: yes
[15:41] <coreycb> zul, ok let me know when you're done, curious to see it
[15:42] <zul> coreycb: yep yep...
[15:42] <coreycb> zul, seems like the generator or apis should allow you to expose a config option though instead of leaving the default commented out
[15:42] <ddellav> zul me too. I could never figure out what to do for nova so I left it for last
[15:43] <zul> coreycb: you should be able to, i guess no one has asked for it
[15:46] <zul> coreycb: btw the virtio flag isnt needed anymore its default
[15:46] <coreycb> zul, ok
[15:48] <zioproto> coreycb: https://code.launchpad.net/~zioproto/ubuntu/+source/neutron/+git/neutron/+merge/309457
[15:48] <zioproto> I pushed the new patch for Liberty
[15:48] <zioproto> reworked on the one that was merged upstream
[15:48] <zioproto> I have to go, see you guys monday
[15:48] <zioproto> Weekend is starting here in Europe :)
[15:49] <coreycb> zioproto, thanks!  little bit of a backlog on neutron srus right now but next week hopefully we can get newton and mitaka patches sru'd and then liberty.
[15:52] <zioproto> noproblem
[15:52] <zioproto> I have already patched packages in production
[15:52] <zioproto> so I am running safe
[15:52] <zioproto> just make sure you dont drop this patch at the next package upgrade
[15:53] <zioproto> or my cloud will break :)
[15:53] <zioproto> now I am really leaving ! have a good weekend everyone
[16:29] <fuzzywuzzy> Who should own /var/log/apache2 ?
[16:29] <fuzzywuzzy> If I created a user, added them to adm and gave them SUDO why would they not be able to read apache2 logs?
[16:30] <fuzzywuzzy> Ooooh, its www-data:www-data
[16:37] <fuzzywuzzy> Wow... its quite in here
[16:38] <sarnold> fuzzywuzzy: I think apache suffers from the same problem as https://www.ubuntu.com/usn/usn-3114-1/
[16:47] <fuzzywuzzy> sarnold, What do you mean?
[16:47] <fuzzywuzzy> sarnold, Does apache have the same vuln?
[16:48] <sarnold> fuzzywuzzy: I can't recall now; but if apache is writing the logs as www-data:www-data then at least it can't overwrite important root-owned files
[16:49] <teward> sarnold: erm, I think Apache handles file opening differently than nginx
[16:49] <teward> 3114-1 was nginx-specific
[16:49] <sarnold> teward: lets hope so :)
[16:49] <teward> and specific to the way the packaging is permissions wise vs. how nginx handles files
[16:49] <teward> sarnold: you should have a very *lengthy* email chain on this
[16:50] <sarnold> teward: because it was lengthy is why I can't recall the details :)
[16:50] <teward> sarnold: see the other channel for a 'poke'
[16:54] <fuzzywuzzy> sarnold, so /var/log/apache2/ should be www-data:www-data?
[16:55] <sarnold> fuzzywuzzy: yeah, I think so.
[16:55] <fuzzywuzzy> So should I add this non-root user to www-data too?
[16:56] <fuzzywuzzy> or just use sudo su to view the logs in apache2
[16:56] <sarnold> if you want them to have access to the web server too, yeah
[17:02] <fuzzywuzzy> sarnold, Thanks I will do that
[17:04] <fuzzywuzzy> Can anyone recommend a good supported HID like Lynis for a very small install (2 servers)?
[17:05] <genii> !info lynis
[17:06] <genii> hm
[17:07] <fuzzywuzzy> genii, I'm looking for something commercially supported. Like Lynis enterprise.  Not the FOSS versions
[17:07] <fuzzywuzzy> Oh dear, Stallman is gonna strike me down. =P
[17:13] <genii> fuzzywuzzy: I've never used it myself, but UpGuard seems to have solid reviews and has 3 tiers from free to enterprise
[17:29] <fuzzywuzzy> genii, Gracias I will check it out
[17:44] <genii> np
[22:26] <CodeMouse92> Hey gang, if I have a duplicity server backup encrypted with GPG, is it enough to retain just the password for restoring to a fresh server if this one dies?
[22:26] <CodeMouse92> Or do I have to be concerned with storing the key somewhere>