[00:33] smoser, I [00:33] smoser, I'm glad you finally got your cubswin:) [00:34] for cirros and yourself. === JanC_ is now known as JanC [00:58] med_, https://git.launchpad.net/cirros/commit/?id=9a7c371ef329cf78f256d0a5a8f475d9c57f5477 [00:59] 0.4 series will include a new password. i would never do something like that just for fun, as it definitely causes pain [00:59] xlnt!!! [00:59] but bug 1454144 seemed legit for people. [00:59] bug 1454144 in CirrOS "Default password should use alphanumeric chars" [Low,Fix committed] https://launchpad.net/bugs/1454144 [00:59] fun :) [01:02] * med_ was actually using cirros when he posted above... validating some metadata service changes in openstack [02:29] hey everyone [03:48] I'm going a little crazy, and hoping someone can help. I am using Phabricator, and it's sending a POST request to somewhere else. That works fine with HTTP, but when it tries to do the same with the HTTPS URL (which I confirmed works and has a valid cert), it returns "HTTP 60" in head. What is going on? [04:27] CodeMouse92: bhat's not really related to ubuntu - I guess the same issue should arise on other platforms as well [04:28] RoyK: Okay, well, I thought I'd ask somewhere where people knew this stuff well. Anyway, I'm just working around it for now. [04:28] try #Phabricator [04:47] RoyK: Was already there [04:48] Thanks for the help. Heading out === devil is now known as Guest43423 [10:48] Hi, does anyone here have experience with LVM2 and dm-cache on 16.04? [10:48] I tried to set it up on 14.04 and it works with: ➜ ~ sudo lvconvert --type cache-pool --poolmetadata vgc/lvc_meta vgc/lvc [10:48] But the same thing on 16.04 complains about missing dm-cache kernel module [10:51] ➜ ~ sudo lvconvert --type cache-pool --poolmetadata vgc/lvc_meta vgc/lvc modprobe: FATAL: Module dm-cache not found in directory /lib/modules/4.4.0-45-generic /sbin/modprobe failed: 1 Failed to determine version of cache kernel module [10:52] And indeed the kernel module is nowhere in the system [10:59] nobody? ^^ [11:01] sat_: (following up from #ubuntu) those modules are present on my install. [11:02] sat_: /lib/modules/4.8.0-26-generic/kernel/drivers/md/dm-cache.ko [11:02] ducasse: oh, you have a newer kernel [11:03] sat_: sorry, this is 16.10... [11:03] ls -l /lib/modules/*-generic/kernel/drivers/md/dm-cache.ko zsh: no matches found: /lib/modules/*-generic/kernel/drivers/md/dm-cache.ko [11:03] sat_: let me check my 16.04 host... [11:04] sat_: /lib/modules/4.4.0-45-generic/kernel/drivers/md/dm-cache.ko [11:04] sat_: from linux-image-4.4.0-45-generic [11:04] damn... I know it should be there, but for some reason it's not [11:05] sat_: reinstall the package? [11:05] yeah, I'm trying that now (I think I already did that) and I definitely reinstalled -extras [11:05] oh, it's there now [11:06] very very strange [11:06] ducasse: thanks a lot! [11:06] sat_: np :) === skylite_ is now known as skylite === Guest43423 is now known as devil_ === Ussat is now known as BendOver2016 [13:33] coreycb: hey there ! the neutron namespace patch is merged :) [13:33] coreycb: I have seen the cherry picks [13:33] I dont they will not accept the cherry pick in MItaka [13:34] because it is not security related [13:34] should I refresh my ubuntu merge request ?? [13:35] or you guys have this patch in the radar for a wider set of ubuntu ditributions ? [13:35] because I can test only trusty/liberty [14:35] Hello, I am trying to install ubuntu server 16.04 on supermicro server (UEFI mode due to nvme drives not visible for legacy boot), booting a single drive works fine but I wish to configure everything with raid-1 like I used to do in the old MBR bootable machines. [14:35] For some reason I can only see the first nvme drive in the installer [14:35] cat /proc/partitions shows the other nvme device [14:35] I thought about trying to manually configure everything but the installer environment doesn't have any partition tools that I could find (fdisk/cfdisk/parted) [14:35] Any idea what's wrong with the installer and how come it sees only 1 drive? [14:50] Anyone around? [14:55] coreycb: yeah i got a better way of doing this [14:55] zul, ok let me know what you are thinking [14:55] zioproto, I figured I'd at least attempt to get the mitaka one merged. yes please refresh your merge request. [14:56] coreycb: its like having a template conf, generating the sample config and then using sed [14:57] zioproto, I'll work on the mitaka and newton package updates to cherry pick the patch [14:57] zul, so, using sed instead of patch? [14:58] coreycb: yeah [14:58] Has anyone ever encountered a case in which partman doesn't see one of the drives? [14:58] (during installation) [14:59] zul, that seems just as fragile or even more fragile than using patch [14:59] coreycb: well no lemme show you [15:22] zul, patching nova/common/config.py appears to be the right way to do this [15:22] coreycb: I reworked the patch for Liberty, compiling ubuntu packages just now [15:23] zul, the only issue is that the defaults you set in that file appear to show up commented in the generated config [15:23] coreycb: yeah thats where the sed stuff comes in [15:31] coreycb: something like this as well paste.ubuntu.com/23425973/ [15:32] coreycb: but you would still need the wrapper [15:33] coreycb: patching the sample configuration is juet crazy maintenance wise [15:39] zul, that approach makes sense, although we may also need to patch nova/common/config.py for options not in the nova namespace [15:39] not sure what you mean by wrapper though [15:39] coreycb:small shell script modifies the nova.conf.sample basically [15:40] zul coreycb you guys talking about upstream configs for nova? [15:41] ddellav: yes [15:41] zul, ok let me know when you're done, curious to see it [15:42] coreycb: yep yep... [15:42] zul, seems like the generator or apis should allow you to expose a config option though instead of leaving the default commented out [15:42] zul me too. I could never figure out what to do for nova so I left it for last [15:43] coreycb: you should be able to, i guess no one has asked for it [15:46] coreycb: btw the virtio flag isnt needed anymore its default [15:46] zul, ok [15:48] coreycb: https://code.launchpad.net/~zioproto/ubuntu/+source/neutron/+git/neutron/+merge/309457 [15:48] I pushed the new patch for Liberty [15:48] reworked on the one that was merged upstream [15:48] I have to go, see you guys monday [15:48] Weekend is starting here in Europe :) [15:49] zioproto, thanks! little bit of a backlog on neutron srus right now but next week hopefully we can get newton and mitaka patches sru'd and then liberty. [15:52] noproblem [15:52] I have already patched packages in production [15:52] so I am running safe [15:52] just make sure you dont drop this patch at the next package upgrade [15:53] or my cloud will break :) [15:53] now I am really leaving ! have a good weekend everyone [16:29] Who should own /var/log/apache2 ? [16:29] If I created a user, added them to adm and gave them SUDO why would they not be able to read apache2 logs? [16:30] Ooooh, its www-data:www-data [16:37] Wow... its quite in here [16:38] fuzzywuzzy: I think apache suffers from the same problem as https://www.ubuntu.com/usn/usn-3114-1/ [16:47] sarnold, What do you mean? [16:47] sarnold, Does apache have the same vuln? [16:48] fuzzywuzzy: I can't recall now; but if apache is writing the logs as www-data:www-data then at least it can't overwrite important root-owned files [16:49] sarnold: erm, I think Apache handles file opening differently than nginx [16:49] 3114-1 was nginx-specific [16:49] teward: lets hope so :) [16:49] and specific to the way the packaging is permissions wise vs. how nginx handles files [16:49] sarnold: you should have a very *lengthy* email chain on this [16:50] teward: because it was lengthy is why I can't recall the details :) [16:50] sarnold: see the other channel for a 'poke' [16:54] sarnold, so /var/log/apache2/ should be www-data:www-data? [16:55] fuzzywuzzy: yeah, I think so. [16:55] So should I add this non-root user to www-data too? [16:56] or just use sudo su to view the logs in apache2 [16:56] if you want them to have access to the web server too, yeah [17:02] sarnold, Thanks I will do that [17:04] Can anyone recommend a good supported HID like Lynis for a very small install (2 servers)? [17:05] !info lynis [17:06] lynis (source: lynis): security auditing tool for Unix based systems. In component universe, is optional. Version 2.3.2-1 (yakkety), package size 161 kB, installed size 1221 kB [17:06] hm [17:07] genii, I'm looking for something commercially supported. Like Lynis enterprise. Not the FOSS versions [17:07] Oh dear, Stallman is gonna strike me down. =P [17:13] fuzzywuzzy: I've never used it myself, but UpGuard seems to have solid reviews and has 3 tiers from free to enterprise [17:29] genii, Gracias I will check it out [17:44] np === JanC is now known as Guest51811 === JanC_ is now known as JanC === lionel_ is now known as lionel === JanC_ is now known as JanC [22:26] Hey gang, if I have a duplicity server backup encrypted with GPG, is it enough to retain just the password for restoring to a fresh server if this one dies? [22:26] Or do I have to be concerned with storing the key somewhere>