[00:01] <curiousx> -rwxr-xr-x 1 root root  434 Nov  7 23:41 /etc/rc.local
[00:01] <curiousx> -rwxrw-r-- 1 urt  urt  2185 Nov  7 23:14 /opt/spunky/debian-startscript.sh
[00:02] <sarnold> aha, try chmod 775 /opt/spunky/debian-startscript.sh -- or chown root:root /opt/spunky/debian-startscript.sh -- depending upon which you would prefer
[00:02] <curiousx> the script gotta be run as root cuz opens up a pid file in /var/run/
[00:03] <curiousx> ok mate lemme try
[00:06] <curiousx> ok chmoding didn't worked, will try chowning
[00:06] <curiousx> I thought maybe rc.local doesn't support parameters, does it ?
[00:11] <sarnold> it should, it's just posix shell
[00:11] <curiousx> nope, no luck neither =(
[00:12] <curiousx> Is it any other way i coul run that script maybe at loggin time, maybe addin' a line in .bashrc ?
[00:13] <curiousx> using systemd maybe ?
[00:13] <sarnold> the cron service allows you to use @reboot specifiers; you could add a line like "@reboot root /opt/spunky/debian-startscript.sh start" to /etc/cron.d/spunky
[00:14] <curiousx> Oh! thanks will try that
[00:14] <sarnold> systemd service and unit files could also work. I found them a bit of a pain in the ass to get working, but once they work they work :)
[00:15] <sarnold> https://www.freedesktop.org/software/systemd/man/systemd.unit.html
[00:15] <sarnold> https://www.freedesktop.org/software/systemd/man/systemd.service.html#
[00:15] <sarnold> https://www.freedesktop.org/software/systemd/man/systemd.exec.html#
[00:16] <curiousx> it wasn't added, should i 'crontab -e' ?
[00:16] <curiousx> i mean, when i: 'contab -l'  can't see the job there -.-
[00:17] <sarnold> the cronjobs in /etc/ aren't managed via the 'user' cronjobs; crontab -e and crontab -l work with the user-cronjobs instead
[00:18] <sarnold> user root does have the standard user cronjobs too, but when it's system services, it feels like they ought to live in /etc instead
[00:18] <curiousx> Hm!
[00:19] <curiousx> thanks bruh! now i'll reboot to see if works :)
[00:21] <curiousx> Oh! gosh, it didn't worked =(
[00:21] <sarnold> dang
[00:21] <curiousx> Maybe i'll try systemd
[00:21] <sarnold> okay, next steps: ls -ld /opt/ /opt/spunky/   -- and head -2 /opt/spunky/debian-startscript.sh
[00:22] <curiousx> wait a second, i just removed spunky's pid file in /var/run/ will reboot again, maybe that was the issue
[00:25] <tarpman> curiousx: is your debian-startscript the same as https://github.com/SpunkyBot/spunkybot/blob/master/debian-startscript ? that one looks like it's designed to be used as an init.d script ...
[00:26] <curiousx> tarpman: lemme see
[00:27] <tarpman> in which case, the way to have it start on boot would be using update-rc.d(8)
[00:27] <curiousx> tarpman: yeah, the same one
[00:27] <sarnold> tarpman++
[00:28] <tarpman> curiousx: it's documented right there in the script how to install it
[00:28] <curiousx> tarpman: update-rc ? lemme check
[00:28] <tarpman> curiousx: read the comments in the script, all of that is covered, even the update-rc.d part
[00:28] <curiousx> rly ?
[00:28] <curiousx> ok
[00:28] <tarpman> https://github.com/SpunkyBot/spunkybot/blob/master/debian-startscript#L13-L17
[00:29] <tarpman> much better than nasty crontab hacks :)
[00:29] <curiousx> Oh! my... wth, sry, so dumb of me :D
[00:30] <curiousx> I mean, well, i'm not a sofisticated guy no more :p but i used tobe :p
[00:42] <curiousx> No can't do =(
[00:43] <curiousx> idk why tho
[00:51] <curiousx> To execute a scrip in 'bashrc' should i prefix a dot ? like: . /etc/init.d/spunkybot start  )
[00:51] <curiousx> ?*
[09:52] <xnox> do we still need juju-mongodb3.2 if src:mongodb is at the same version number?
[09:53] <rbasak> Juju would need to know which package to use, AFAIK. Also, what happens when Juju's mongodb needs get bumped? As it does get updated in stable releases.
[09:53] <rbasak> To be clear, I'm not objecting, just thinking of potential areas that need consideration.
[09:55] <xnox> rbasak, i have no idea how juju-mongodb* is different from mongodb* packages =)
[09:55]  * xnox simply has to fix boost 1.62 FTBFS twice at the moment, in both mongos
[09:56] <rbasak> xnox: it drops in binaries only, in a special path (IIRC). Then when Juju deployds, it sets up a system service specifically for itself using those binaries.
[09:58] <rbasak> IIRC, this was a requirement for promoting Juju to main, since the security team didn't want mongodb-at-large to be in main (due to the colossal Javascript engine maintenance burden, etc)
[09:58] <rbasak> And at least at that time, Juju's mongodb was built without a bunch of that stuff.
[10:48] <hypermist> what can cause kernel panic VFS ?
[10:49] <cpaelzer> hypermist: are you referring to a panic due to being unable to mount root on boot?
[10:50] <hypermist> yea cpaelzer
[10:51] <cpaelzer> hypermist: (IMHO) mostly broken bootloader configs, followed by broken lvm or rootfs setup, followed by more rare and special cases
[10:51] <hypermist> cpaelzer, its just that it was a fresh install so i was like whaat how can that be
[10:51] <hypermist> xD
[10:52] <cpaelzer> hypermist: I'd even think that this is the most likely place - on install either manual config was done wrong or the system/HW has a certain setup that leads the automations done on install into a trap creating a broken install
[10:52] <hypermist> i'll try re-install and see if it works this time
[10:52] <hypermist> :)
[10:53] <hypermist> ill change some stuff in the bios and such
[10:53] <cpaelzer> hypermist: ah ok, otherwise I'd assume it would just reproduce
[10:55] <cpaelzer> hypermist: if running into it again I tihnk that covers the most basic solution worth for maybe 75% of the cases http://askubuntu.com/questions/532835/kernel-panic-not-syncing-vfs-unable-to-mount-root-fs-on-unknown-block0-2
[10:55] <cpaelzer> hypermist: otherwise the recovery mode you reach from there might still be the best way to start understanding what is wrong
[10:56] <hypermist> alright  thanks cpaelzer :)
[10:57] <ronator> Hi. Does anyone know if and when canonical is going release the patch for memcached (CVE-2016-8704 and two others)?
[10:59] <cpaelzer> ronator: I tihnk that is done already
[10:59] <ronator> did not find any updates neitehr in 14 or 16 repos
[10:59] <cpaelzer> ronator: not sure, but are these links externally reachable http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8704.html
[11:00] <cpaelzer> ronator: https://www.ubuntu.com/usn/usn-3120-1/
[11:00] <ronator> thank you gyus. btw this is what I see in Ubuntu 16: Version: memcached 1.4.25-2ubuntu1.2
[11:01] <cpaelzer> ronator: which is the latest update and has the CVE listed in the changelog
[11:01] <cpaelzer> ronator: https://launchpad.net/ubuntu/+source/memcached/1.4.25-2ubuntu1.2
[11:01] <cpaelzer> ronator: glad I could help
[11:01] <ronator> ah i see .25 is the patched version
[11:02] <cpaelzer> ronator: as it is a released version the fix will go in as SRU, so it will stay 1.4.25-2 in your case but got a .2 at the end for this update
[11:02] <ronator> okay, i was confused because i read version > 1.4.31 is patched but I tend to forget that canonicals folows a different numbering scheme ;-) thx again
[11:02] <ronator> cpaelzer: yes, I see that now
[11:03] <cpaelzer> ronator: see here if you want to learn more https://wiki.ubuntu.com/StableReleaseUpdates
[11:03] <ronator> cpaelzer: thx - will do (have to) :)
[11:08] <hypermist> error'd out when it was installing the kernel cpaelzer so maybe thats got something to do with it ?
[11:08] <cpaelzer> hypermist: yeah that should be almost 100% related
[11:09] <hypermist> fresh iso download too haha
[11:09] <hypermist> :(
[11:09] <hypermist> my life today has been so far a fail
[11:10] <hypermist> should i just redownload ?
[11:11] <cpaelzer> hypermist: the chance that this is a broken iso by the download is almost 0%, in any case just check the checksum
[11:11] <cpaelzer> hypermist: more likely some sort of incompatibility/issue with your HW
[11:12] <hypermist> its an amd apu
[11:32] <ronator> cpaelzer: "Regarding Dirty Cow": From the nice website you sent, I can find this info for fixed version: Ubuntu 16.04 LTS (Xenial Xerus): released (4.4.0-45.66) - but the newest kernel I have on ubuntu (16) server is Version: 4.4.0.45.48 - does that mean they are vulnerable?
[11:33] <ronator> (afk/brb/coffee)
[11:33] <maxb> pet peeve: there is no such thing as Ubuntu 16
[11:36] <maxb> there is 16.04 and 16.10 but these are no more closely related than consecutive versions that don't share a calendar year
[11:41] <maxb> To answer the actual question, I can tell from the pattern of dots and dashes that you are comparing a linux-meta version with a linux version. They are different packages and the version numbers are not directly comparable
[11:42] <ronator> i will read SRU now :D
[11:42] <maxb> https://www.ubuntu.com/usn/usn-3106-1/the package names you should be looking at are the ones in the USN : https://www.ubuntu.com/usn/usn-3106-1/
[11:42] <maxb> ugh, weird paste, but you get the idea
[11:47] <hypermist> tried 16.04 also no kernel install error just wont install packages cpaelzer ;(
[11:48] <ronator> what does "DNE" mean in context of security cve patches?
[11:50] <cpaelzer> ronator: 4.4.0-45.66 is latest and available to my machine - maybe just an apt update away?
[11:50] <hypermist> So what can i do about that haha :(
[11:51] <cpaelzer> hypermist: from the given info it is hard to recommend more
[11:51] <hypermist> yea it's sort of like why does freebsd based OS's install fine xD
[11:52] <cpaelzer> hypermist: on install issues it can be hard to share screen and logs, but often you can use the console fallback for that
[11:53] <hypermist> i just have no idea why its failing. considering any other os i've installed has never done that haha :D
[11:55] <ronator> cpaelzer: I did a dist-ugrade right before, that's why I went to check with the cve page ...
[11:56] <ronator> cpaelzer: what could be the reason for our difference in kernel versions?
[11:56] <cpaelzer> ronator: are you behind an apt mirror that isn't updated?
[11:57] <ronator> (basic ubuntu 16 installation from iso, no repos removed) - no I use the usual repos, e.g. I see this OK:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
[11:57] <ronator> and the german archive repos
[11:57] <cpaelzer> ronator: https://launchpad.net/ubuntu/+source/linux/4.4.0-45.66 here you see it was published on 20th October
[11:58] <ronator> I do believe you
[11:58] <cpaelzer> let me check this more in detail for you
[11:59] <ronator> cpaelzer: I am sorry, I am really confused, so I really do appreciate your help. If I do "aptitude show linux-image-generic" it show me "Version: 4.4.0.45.48". The server is located is Germany.
[12:02] <cpaelzer> ronator: be careful with the various linux-* package names - I often run into that as well
[12:02] <cpaelzer> ronator: what does apt-cache policy linux-image-4.4.0-45-generic tell you?
[12:03] <ronator> oh :)
[12:03] <ronator> cpaelzer: you are the man: Installed: 4.4.0-45.66
[12:04] <cpaelzer> so I it should be
[12:04] <ronator> bad aptitude :)
[12:04] <ronator> cpaelzer: I guess I learned sth. - thx
[12:04] <cpaelzer> ronator: and for even more security please check out http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html
[12:05] <ronator> yeah, I read sth that ubuntu also wants to offer kernel-live patching. thx, will read.
[12:59] <SipriusPT_> hello guys
[12:59] <cpaelzer> hi SipriusPT_
[12:59] <SipriusPT_> I am in a big trouble trying do config my mail server to receive mails
[13:00] <SipriusPT_> i have wasted a lot of time trying to set this up but still no success
[13:00] <SipriusPT_> https://ubuntuforums.org/showthread.php?t=2342513
[13:00] <SipriusPT_> dont know if you can help me =/
[13:00] <SipriusPT_> i have created a tread in ubuntuforuns
[13:01] <SipriusPT_> with all the data, if you could help me and need more info i can provide without problem
[13:02] <SipriusPT_> P.S. is my first time trying to set a mail server
[13:06] <cpaelzer> SipriusPT_: from reading tzhat a bit this is more on port forwarding and such than mail
[13:06] <cpaelzer> SipriusPT_: right?
[13:06] <cpaelzer> SipriusPT_: as your issue still is that you can't connect at all, not that any part of the mail setup fails
[13:08] <cpaelzer> SipriusPT_: if I read that correctly you have no smtp port bound right?
[13:08] <cpaelzer> SipriusPT_: e.g. no 25
[13:10] <cpaelzer> SipriusPT_: I can't parse and validate all of your config, but you should focus on getting something bound to a port serving smtp
[13:10] <cpaelzer> SipriusPT_: all the forwarding and such comes later
[13:10] <cpaelzer> as long as your check for e.g. port 25 or equiv shows nothing something is missing
[13:11] <cpaelzer> SipriusPT_: check this for testing (as you did) but also log files https://help.ubuntu.com/lts/serverguide/postfix.html#postfix-testing
[13:11] <SipriusPT_> but i have my server in DMZ
[13:11] <SipriusPT_> i already made a ping to SMTP and IMAP ports from a outside web site
[13:11] <SipriusPT_> and those are all open
[13:12] <cpaelzer> SipriusPT_: you reported this as empty netstat -tnlp tcp | grep '\.25 '
[13:12] <cpaelzer> so nothing can connect to ..:25
[13:12] <SipriusPT_> ah yes that is from the service
[13:13] <SipriusPT_> ah yes
[13:13] <SipriusPT_> you are right i used the wrong dns name when was doing ping
[13:13] <SipriusPT_> with the right one i got all of them closed
[13:14] <SipriusPT_> just the 80 is open as expected i have a web service there
[13:14] <cpaelzer> SipriusPT_: so you can reiterate locally with your mail server setup until you can LOCALLY connect to :25
[13:14] <cpaelzer> SipriusPT_: then and only then you enter the domain of all the forwarding, maybe MX dns entries and such stuff
[13:15] <SipriusPT_> cpaelzer i will come back in a hour, thanks in advance for the help!
[13:23] <cpaelzer> bzr is a memory hog :-/
[13:29] <rbasak> cpaelzer: thank you for the review!
[13:30] <rbasak> cpaelzer: I am setting self.running = False on close.
[13:32] <cpaelzer> rbasak: maybe it was not part of the same commit where I thought it was missing
[13:32]  * cpaelzer is checkking full diff
[13:33] <cpaelzer> rbasak: yeah I see
[13:33] <cpaelzer> rbasak: the good part is that my assumption was right, the bad part that I missed to read that you have already done it
[13:33] <rbasak> cpaelzer: good to know you're reviewing properly. Thanks :)
[13:33] <rbasak> (rather than saying +1 without checking for things like that!)
[13:35] <rbasak> Hmm. I didn't provide a changelog entry in my MP.
[13:35]  * rbasak adds a commit for that
[14:07] <rbasak> cpaelzer: I added strongswan FTBFS in Xenial (bug 1592706) to our backlog. Rationale is that it blocks any SRUs or security updates, so we should prioritise fixing it.
[14:09] <cpaelzer> rbasak: yeah that is correct
[14:09] <cpaelzer> rbasak: I already added a backtrace as I think I was able to hit it on a local build
[14:09] <cpaelzer> rbasak: but it is in no way a blocker
[14:09] <cpaelzer> rbasak: it is an unwelcome but transient error
[14:10] <cpaelzer> rbasak: did you pick that up triaging yesterdays updates?
[14:10] <rbasak> Ah, only transient? That's not so bad.
[14:10] <rbasak> Yes, I'm triaging yesterday's bug updates today.
[14:11] <cpaelzer> rbasak:  I can't speak on the "transitivity" of the LP builders, but for me it was one of about nine builds
[14:16] <SipriusPT_> cpaelzer are you there?
[14:17] <cpaelzer> SipriusPT_: busy as always but here
[14:17] <cpaelzer> SipriusPT_: and I'm not the #1 postfix expert, so you don't need me in particular :-)
[14:17] <SipriusPT_> but i really dont know where the problem is because i can send and receive mail internally
[14:17] <SipriusPT_> with local accounts
[14:18] <SipriusPT_> at least with mail clients through local host
[14:18] <cpaelzer> SipriusPT_: well they might not really use smtp
[14:18] <cpaelzer> SipriusPT_: does your host now bind one of the smtp ports?
[14:18] <SipriusPT_> i have config those users to connect through smtp port
[14:18] <SipriusPT_> i will show you
[14:19] <SipriusPT_> internally with a mail client
[14:19] <SipriusPT_> http://prntscr.com/d4n6yj
[14:19] <SipriusPT_> my web mail service is also connected through IMAP and SMTP
[14:20] <SipriusPT_> both clients are connected the same way
[14:20] <SipriusPT_> but till now i am just testing this in localhost
[14:20] <SipriusPT_> i have not tried to use mail app on other pc in this network
[14:21] <SipriusPT_> but i am able to login in my web mail service everywhere and send mails to inside or outside email domains
[14:22] <cpaelzer> SipriusPT_: I don't mind the other tests as they could use whatever connection I don't know about
[14:22] <cpaelzer> SipriusPT_: but since you fail to connect to port 25 from the outside as your initial issue
[14:22] <cpaelzer> SipriusPT_: does netstat other than before now report any of the smtp ports as open?
[14:24] <zul> coreycb: heylo....python-tempest is broken im looking at it right now
[14:26] <SipriusPT_> cpaelzer: nop, nothing at 25, 2525, 465
[14:26] <SipriusPT_> with netstat
[14:27] <SipriusPT_> when i do telnet to the DNS name pointed to my external IP
[14:27] <cpaelzer> SipriusPT_: the I think your setup is still not complete
[14:27] <SipriusPT_> i got connection refuse
[14:27] <cpaelzer> SipriusPT_: sorry my lack of mail server expertise prevents me from suggesting more - but if your test is to connect to port 25 there has to be something binding that port
[14:27] <SipriusPT_> it is possible
[14:28] <SipriusPT_> all that i could do in my ISP, who is pointing a MX record to this server
[14:29] <SipriusPT_> and if i have not receive anything it could be something missing in postfix
[14:29] <SipriusPT_> but i have search a lot and all that i can find seems very simple and i already did that =/ it is more easier to receive then send
[14:30] <SipriusPT_> from what i have saw of configs
[14:30] <SipriusPT_> but thank you very much cpaelzer, at least you try!
[14:31] <teward> I've gotta ask - is your mail server at your home (residential) network on a non-static IP?
[14:31] <cpaelzer> SipriusPT_: yeah, sorry - I hope you find one with more postfixiness
[14:32] <teward> SipriusPT_: I've gotta ask - is your mail server at your home (residential) network on a non-static IP?
[14:32] <SipriusPT_> those guys dont help easelly
[14:34] <SipriusPT_> it is in an office, and right now just for test i have used a dynamic IP (that looks almost static 2 weeks in a row without change), associated with a DNS name with reverse DNS
[14:34] <rbasak> teward: o/
[14:34] <SipriusPT_> i will have to add a static IP soon
[14:34] <rbasak> teward: so we have a renewed effort to triage bugs on the Canonical server team. We have a schedule and have been able to look at all server bugs touched since August 8th so far.
[14:35] <rbasak> teward: what should we do with nginx bugs? For example, bug 1639814. I realised that your schedule probably means that you won't have had a chance to look yet, which is fine.
[14:35] <teward> rbasak: that ones' tricky
[14:35] <rbasak> teward: the trouble is that with our process, we have one opportunity to see it, and if I ignore it now we won't see it again unless it gets touched again.
[14:36] <teward> rbasak: because that's apt weirdness - ideally apt isn't going to overwrite configs
[14:36] <teward> but it is doing that
[14:36] <rbasak> teward: so in the general case, should I leave all nginx bugs to you unless you flag them up?
[14:36] <teward> rbasak: yeah, unless it's Security related in which case also ping the SEcurity team
[14:36] <teward> which is standard process
[14:36] <rbasak> OK
[14:36] <teward> rbasak: i get all the nginx bug notices as they come in
[14:36] <teward> to two emails
[14:36] <rbasak> For this bug, apt surely isn't touching those files - it can only happen through postinsts.
[14:36] <teward> rbasak: yeah the trouble is i've tried shoring up the postinsts in the past...
[14:36] <teward> and gotten NACKs
[14:37] <teward> (for the "code loss" bugs)
[14:37] <rbasak> Handling files in /etc is pretty messy due to the policy of "don't mess with users' local changes".
[14:37] <rbasak> That makes it hard.
[14:37] <rbasak> Making modifications is permitted (seddery) but can lead to conffile prompts, which is also bad.
[14:37] <teward> rbasak: so i'm stuck between the two evils: (1) don't radically change the structure of the postinst, and (2) add changes that only fix the specific issue
[14:37] <teward> rbasak: the *other* problem:
[14:37] <teward> i haven't been able to reproduce
[14:38] <teward> not even with automated Landscape isntallations of the package code
[14:38] <teward> it's on my radar to look at
[14:38] <teward> the merge from Debian is higher on my radar though if only because that needs to land before OpenSSL 1.1.0 ever doews
[14:38] <rbasak> Does Debian's packaging have this bug too?
[14:38] <teward> rbasak: if it does, I haven't seen it reported, but they're also at 1.6.x which is at least a year newer than Trusty
[14:39] <rbasak> OK
[14:39] <rbasak> Let me know if you need any help when you get to it.
[14:39] <rbasak> Thank you for working on these!
[14:39] <teward> rbasak: my pleasure!  Note that i'm also still handling the evils of the recent security fix
[14:39] <teward> (I'll blurb on it during the server team meeting, provided i'm not dragged through oblivion today)
[14:39] <rbasak> Noted. I appreciate not having to worry about it :)
[14:40] <teward> rbasak: it may not get rapid-fixes for complex issues, but you can see how some bugs have been filed and rapidly closed by me as not a bug.
[14:40] <teward> so i do see them.
[14:40] <teward> response time is dependent on my work and study schedules
[14:40] <teward> and complexity
[14:41] <rbasak> Sure. I have no problem with your response time. Also happy to back you up as needed. Just need to make sure our processes don't clash.
[14:41] <ronator> "Canonical is providing the Canonical Livepatch Service to community users of Ubuntu, at no charge for up to 3 machines." That's ridiculous - but typical. (Just my comment, no offense.)
[14:41] <teward> rbasak: Security issues get forwarded up to the SEcurity team, though i've ended up being the point-of-contact at times to relay
[14:41] <teward> almost same-day
[14:41] <teward> though as we all know the SEcurity team is amazing at those thigns
[14:42] <teward> rbasak: no clash on the processes, though it doesn't hurt to prod me if you're unsure
[14:43] <teward> email is faster than IRC though, teward AT ubuntu
[14:43] <rbasak> OK
[14:44] <teward> rbasak: wrt that bug, are we 100% certain apt isn't touching? the 'default' config file is in the .install file not the postinst...
[14:44] <rbasak> Have you been able to reproduce, or do we just have one reporter claiming it?
[14:45] <rbasak> It wouldn't be apt, it'd be dpkg.
[14:45] <rbasak> And if using a modern dpkg-source (IIRC, or is it debhelper?), then anything from a .install file to go into /etc will be automatically marked a conffile, and result in a conffile prompt over overriding a user's changes.
[14:46] <teward> rbasak: i've only seen the one person report
[14:46] <teward> otherwise i'd have dupe-reported
[14:46] <rbasak> Then it might be Invalid.
[14:46] <teward> s/reported/linked/
[14:46] <rbasak> I'm only speculating of course based on what's common. I haven't actually looked.
[14:46] <teward> rbasak: i'm in the process of repairing one of my testing servers, happy to nuke/rebuild/nuke/rebuild to try and reproduce
[14:46] <rbasak> Thanks
[14:46] <teward> but i'd need a copy of their configs they had to try and 'test' with
[14:46] <rbasak> Also you can do it in a container pretty easily.
[14:46] <rbasak> lxc launch ubuntu:trusty foo
[14:47] <rbasak> lxc exec foo bash
[14:47] <teward> rbasak: fun fact: you're right, but I already have a Trusty VM I use for full testing
[14:47] <rbasak> OK :)
[14:47] <teward> rbasak: also, Trusty != Xenial, it doesn't like me with lxc on this system
[14:47] <teward> rbasak: also, when doing QA testing, the VM allow for full install tests - another reasons I'm in the "VMs > LXC Containers for Testing" niche :)
[14:48] <teward> oop that reminds me, I need to renew my Landscape licenses...
[14:48] <rbasak> IMHO, containers are good enough for most packages. Except for some packages that it isn't.
[14:49] <teward> rbasak: indeed.  But if i have the servers running as test servers to test different things (INCLUDING bad SSL config testing heh), why not use it :)
[14:49] <rbasak> Containers tend to be a little quicker :)
[14:49] <teward> :)
[14:50] <teward> back in a moment, VPN tunnel construction in progress
[14:57] <coreycb> zul, ok I uploaded a new version of tempest yesterday
[14:57] <zul> coreycb: just uploaded a fixed version
[14:57] <zul> <-- ninja
[14:58] <coreycb> zul, cool
[15:03] <rbasak> cpaelzer: the dovecot dep8 test is still failing :-(
[15:04] <cpaelzer> rbasak: but it is failing much nicer now
[15:04] <rbasak> Interesting though. Different failure.
[15:04] <rbasak> Yeah
[15:04] <rbasak> I wonder if that's because the Python 3 imap library produces better (more helpful) exceptions.
[15:06]  * rbasak requests a retest to see if the results change
[15:18] <coreycb> jamespage, when you get a chance can you promote python-glance-store and mistral from newton-staging -> newton-proposed?  also could use a flush of mitaka-staging -> mitaka-proposed for openstack-trove, mistral, and python-django.
[15:20] <rbasak> cpaelzer: it passed on retry.
[15:20] <coreycb> jamespage, also python-novaclient is ready to promote to mitaka-updates
[15:25] <coreycb> jamespage, and one more, python-pylxd 2.0.5 is ready to promote to mitaka-updates
[15:26] <jamespage> coreycb, looking now
[15:28] <jamespage> coreycb, ok shoved the proposed updates for novaclient and pylxd to updates
[15:29] <jamespage> flushing staging -> proposed now
[15:29] <jamespage> coreycb, it would be good to get that lot tested and out of the door
[15:29] <jamespage> there is some ceph stuff in that to
[15:30] <coreycb> jamespage, thanks. I'll get testing going on those.
[15:32] <zul> coreycb: monasca-statsd with proper license has been packaged i uploaded it to the archive and put it in the ppa for now
[15:33] <coreycb> zul, awesome thanks
[15:33] <coreycb> zul, can you push to lp:~ubuntu-server-dev?
[15:33] <zul> coreycb: doing it now
[15:34] <coreycb> zul, thanks
[15:42] <sikun> anyone familiar with Ubuntu OpenStack?
[15:42] <sikun> in a production environment
[16:00] <SipriusPT_> any expert at postfix here?
[16:01] <joelio> sikun: any specific question?
[16:01] <sikun> joelio, I guess just a couple broad questions
[16:02] <sikun> more so on possibly building an OpenStack cluster for a production environment
[16:03] <SipriusPT_> well if anyone here have set a postfix server to receive mail from outside please check this tread:
[16:03] <SipriusPT_> http://www.linuxforums.org/forum/servers/208607-not-receiving-mail-postfix-external-server-post983645.html?highlight=#post983645
[16:04] <sikun> The Ubuntu O/S site says a requirement of 5 servers with two disks, two with 2x NICs, I'm guessing the two servers with the drives would just be iSCSI storage targets for the VMs?
[16:04] <rbasak> SipriusPT_: I suggest that you summarise the question here. Many able and willing people won't bother to follow your link.
[16:04] <sikun> and the other three along with those two would be compute nodes
[16:04] <SipriusPT_> ok rbasak thanks i will post here
[16:04] <coreycb> jamespage, pthon-pytest has some pypy dependencies, so I think i'll drop those via ca-patches vs backporting them if you are ok with that
[16:05] <SipriusPT_> i am unable to receive mail with my postfix, i can only send to inside and outside domains, and cannot receive from outside or even from my ISP mail server
[16:06] <SipriusPT_> I am trying to do a middle mail server between group of people and my ISP mail server
[16:06] <SipriusPT_> till now i am only able to send from multi local users to multi external users created at my ISP mail server
[16:07] <SipriusPT_> in my ISP mail server i have set a MX record to my public IP
[16:07] <SipriusPT_> right now is a dynamic but its pretty stable for testing
[16:07] <SipriusPT_> i have a DNS name pointed to that IP, with reverse DNS
[16:08] <SipriusPT_> i was able to telnet port 25 locally and then notice that i was unable to telnet to that port externally
[16:08] <joelio> sikun: it depends on what storage backend you chose. You could use local storage or shared storage. Obviously shared storage requires additional nodes, setup etc for the target type (iscsi, ceph etc) but provides true migration capabilities
[16:09] <teward> SipriusPT_: i would keep in mind a lot of 'dynamic IPs' are in mail blacklists
[16:09] <SipriusPT_> so i add it for port forwarding to an expecific external IP but i didnt receive any mail and no socket was open to that port as i have saw in netstat
[16:09] <sikun> joelio, preferably I would like to go with local storage.
[16:10] <sikun> Wondering if 5 nodes is truly necessary
[16:10] <SipriusPT_> i know teward but i have check this on before i use it and was just blacklisted in one of a big list
[16:10] <SipriusPT_> right now i have no idea on what is doing this
[16:10] <joelio> sikun: no, if you're testing you can run a single node with the service on.. multinode I'd go for 3 at least
[16:10] <joelio> but it depends on your requirements really..
[16:11] <sikun> I suppose I could just install Ubuntu and the KVM packages and just run it w/o OpenStack but I guess I'm trying to "sell" it as a benefit if we did a full on OpenStack cluster
[16:11] <SipriusPT_> it could be from my IP provider? that is blocking this kind of services?
[16:12] <sikun> joelio, I need to condense three 12 year old servers running CentOS 5.? which are the current KVM hosts
[16:12] <sikun> they are going to die soon I just know it, but... I don't want to setup new servers to migrate what's on the VMs as they are all so horribly outdated I just want to move the VMs themselves to a new host
[16:14] <teward> SipriusPT_: most residential ISPs block mail server ports
[16:14] <sikun> As I said in my meeting the other day... Who knows if a freaking butterfly in China is going to flap its wings and I loose 2 of the three KVM hosts due to hardware failure
[16:14] <teward> SipriusPT_: if you're on a dynamic IP host, and it's not a business class connection and is residential class, it's likely being blocked at ingress by the ISP
[16:14] <sikun> lol, just as long as I can keep them running for 2 more years tops... that is all I need.
[16:14] <SipriusPT_> as i suspect
[16:15] <SipriusPT_> i was just counting with the blacklist part of this dynamic IP
[16:15] <teward> there's also port forwarding that has to be done as well at the NAT level at your connection, but SMTP is probably being blocked
[16:16] <SipriusPT_> i am able to send mails from my local server to my ISP mail server and even do SMTP auth
[16:16] <SipriusPT_> but receiving it is showing to be a pain in the a**
[16:17] <teward> SipriusPT_: SMTP outbound is usually not filtered, it's inbound that's usually the problem
[16:18] <teward> as I said before, ISPs of a residential grade usually don't allow SMTP mail servers on their network for receiving
[16:18] <SipriusPT_> ok ok teward thanks a lot!
[16:18] <teward> some might, but you'd have to check with that ISP
[16:18] <SipriusPT_> this could be a noob problem but it is my first time doing it
[16:19] <joelio> sikun: well you could just got native KVM, but you lose all the functionality that openstack provides, API's, Tennencies etc. It entirely depends on your requirements, if you don't need that stuff then maybe just vanilla KVM is fine. If you decide to do anything 'at scale' as it were, you may find openstack (or any other cloud orchestration) a better fit
[16:20] <joelio> there can be quite a lot to take on board when first approaching openstack, I'd recommend looking at devstack first perhaps, get the feel for it (devstack is a cloud in a vagrant vm essentially).
[16:20] <joelio> if it's too much and time pressing, then you know early on at least, in terms of workload required to bootstrap it all
[16:20] <sikun> oh nice
[16:22] <sikun> yeah, I just have to somehow convince 4 people that Ubuntu/Debian is a very reliable production worth OS...
[16:22] <sikun> worthy**
[16:24] <joelio> Well, we run ubuntu here for pretty much everything (not that that counts for much) - this may count more - http://www.zdnet.com/article/ubuntu-linux-continues-to-dominate-openstack-and-other-clouds/
[16:24] <sikun> awesome, it's current too
[16:25] <sikun> I've ran Debian/Ubuntu for years, in production, dev, personal.
[16:25] <sikun> I'm now in a BSD environment
[16:25] <sikun> where it is either OpenBSD or FreeBSD, and never is the OS that was chosen actually the proper choice of OS for the situation.
[16:26] <joelio> Hey, got nothing wrong with BSD.. just tooling different (although bhybe etc is pretty awesome!)
[16:26] <joelio> *bhyve
[16:26] <station> dose nfs-kernel-server replace the kernel or is it a module?
[16:27] <joelio> sikun: VMM on OpenBSD looks promising too, just they don't support any other OS guests yet
[16:27] <sikun> I'd be more apt to use VMM on FreeBSD than OpenBSD
[16:28] <sikun> OBSD is just lacking too much in driver support in my opinion
[16:53] <rbasak> mysql-5.7 migrated \o/
[18:06] <hallyn> cpaelzer: new qemu v2.7 hit debian :)
[18:11] <jgrimm> hallyn, cool
[18:20] <zul> coreycb: vmware-nsx needs vmware-nsxlib now :(
[18:20] <coreycb> zul, yeah, saw that
[18:21] <zul> coreycb: on it
[18:21] <coreycb> zul, thanks. good news is we don't need to get it into main.
[19:42] <jge> hey all, trying to install libcrypt-ssleay-perl on ubuntu 14.04 but it says is not available, bit reffered to by another package (this may mean that the package is missing, has been obsoleted, or..)
[19:43] <sarnold> ssleay was renamed to openssl in 1998
[19:43] <jge> woah
[19:43] <jge> so why does it still show as ssleay here http://packages.ubuntu.com/trusty/libcrypt-ssleay-perl
[19:45] <sarnold> wow, it's still packaged? o_O crazy
[19:45] <sarnold> jge: maybe you don't have the 'universe' pocket of the repository enabled?
[19:45] <jge> yeah that could be it, let me check
[19:47] <jge> that was it, thx sarnold rbasak
[19:47] <jge> ignore rbasak (keyboard lag) ;)
[20:33] <kukuruzo> Hi friends. I'm new to linux servers and now choosing distribution for deployment. There is a choise between centos and ubuntu. I like ubuntu, centos seems to conservative for me. But lookin for documentation, i have a question - can you recomended some books or other literature about ubuntu server? Centos = RHEL, and red hat has a dozen manuals at docs.redhat.com. Oficial ubuntu server manual is very short, and don't answers
[20:33] <nacc> kukuruzo: serverguide maybe?
[20:34] <kukuruzo> is too easy and short
[20:34] <Pici> kukuruzo: Whats missing?
[20:35] <nacc> kukuruzo: are you sure you're not confusing the manual with serverguide? https://help.ubuntu.com/lts/serverguide/
[20:36] <kukuruzo> For example it's don't answers question about apparmor in ubuntu. RH has a lot of docs about selinux. Seems ubuntu supports SElinux, but in server guide are few words about apparmor, and links to novell site.
[20:36] <kukuruzo> nacc - yep i'm sure
[20:38] <kukuruzo> for example - about app armor said "This section is plagued by a bug ( LP #1304134 7 ) and instructions will not work as advertised."
[20:39] <nacc> kukuruzo: and that bug is fixed
[20:39] <kukuruzo> but when i read this bugreport - it's from 2014 - is it fixed?
[20:39] <nacc> kukuruzo: it says "fix released"...
[20:39] <kukuruzo> if yes - why there is annotation in manual to 16.04 server version from 2016?
[20:39] <nacc> kukuruzo: also, if you follow the links from the serverguide, you eventually get to https://wiki.ubuntu.com/AppArmor
[20:40] <nacc> kukuruzo: feel free to send a patch, if you test that it's fixed in 16.04
[20:40] <sarnold> heh, an example profile from 9.04. Ouch.
[20:40] <sarnold> so little time..
[20:41] <nacc> kukuruzo: yeah, those sections probably need some love :)
[20:42] <kukuruzo> nacc: yep - need some work =)
[20:43] <kukuruzo> why ubuntu uses apparmor? seems a lot of people talking that selinux is more secure and more actual. apparmor is novell child, and suse linux is not in good shape now i think.
[20:44] <nacc> kukuruzo: that's a fair amount of opinion
[20:50] <kukuruzo> anyway not too much information about using services in ubuntu server - very few words about apache, links to "necro" books from oreilly (http://shop.oreilly.com/product/9780596001919.do - i think this is not best book about todau apache), nothing about nginx, very strange
[20:51] <kukuruzo> it will be very good if ubuntu server sometime will get something like this - https://access.redhat.com/documentation/en/
[20:52] <nacc> kukuruzo: it's open source, feel free to contribute...
[20:53] <kukuruzo> before contribute i need to learn somewhere and something about using ubuntu-server
[20:53] <kukuruzo> i think official documentation is way to go
[20:54] <kukuruzo> but ubuntu docs are not complete and sometimes outdated
[20:55] <kukuruzo> loiking on amazin gives a lot of "begginers guide", but i'm not absolutely beginner, but need a good docs to start
[20:55] <kukuruzo> looking*
[20:56] <kukuruzo> o found a very good video lessons from Sander van Vugt - but his ubuntu manual is very outdated, all new lessons are about red hat
[20:57] <kukuruzo> is there somesing like Sander van Vugt lessons but about ubuntu?
[20:57] <nacc> kukuruzo: what more do you specifically need to see about apache than what is at: https://help.ubuntu.com/lts/serverguide/httpd.html
[20:58] <SimonKLB> hey, trying to run openstack on lxd using conjure-up but im getting: cannot start instance for machine "0": Missing parent 'conjureup0' for nic 'eth1'
[20:58] <SimonKLB> is conjureup supposed to setup a network dev or cant it be specified by the user or something?
[21:00] <SimonKLB> nvm, just had to run: systemctl start conjure-up
[21:37] <metaf5_> I'm using AWS EC2 and I'm trying to switch my base AMI from Ubuntu's official 14.04 to 16.04.  However, when I use my identical provisioning scripts the user-data script doesn't run in 16.04.  Does anyone have a suggestion for things to check?
[21:39] <metaf5_> I see the script in /var/lib/instance/cloud/user-data.txt, so it's definitely still getting onto the machine correctly.
[21:40] <rharper> metaf5_: /var/log/cloud-init.log and /var/log/cloud-init-output.log should have some info;  ideally compare those from 14.04 to 16.04
[21:40] <rharper> metaf5_: 16.04 uses systemd, so depending on what your script does, maybe it ran but didn't have the same effect w.r.t services and such;
[21:47] <metaf5_> rharper: I already looked at these, but I didn't see anything about "user data" in cloud-init-output.log (nor the output from my very simple script).
[21:47] <metaf5_> Interestingly though, in cloud-init.log I see it say something about looking at /var/lib/cloud/seed/nocloud/user-data, which doesn't exist.
[21:48] <metaf5_> Is there some bad configuration that has it looking there instead of /var/lib/cloud/instance ?
[21:48] <metaf5_> I also see "Failed to get raw userdata in module rightscale_userdata" at one point.
[21:48] <rharper> metaf5_: -output captures stderr/stdout from things run via user-data hooks like run_cmd or bootcmd
[21:49] <rharper> nocloud is searched for seeds built into the image (there are no such dirs in the cloud image by default) so that's just noise
[21:49] <rharper> I suspect your provising script is included in your user-data as a runcmd or bootcmd?  if so, if it produces any stdout or stderr, that would be captured in the -output.log file
[21:50] <rharper> metaf5_: are you using rightscale config module in your user-data ?
[21:50] <metaf5_> I don't know what that is, I was just dumbly looking for things that said "user" in them :)
[21:50] <metaf5_> My user data script is just a "#!/bin/bash ..." base64 encoded.
[21:51] <metaf5_> I can see from the user-data.txt file that it's decoded successfully.
[21:51] <rharper> you can try to run that by hand
[21:51] <rharper> to debug
[21:51] <rharper> what config keys are in your user-data ? writefiles and runcmd ?
[21:52] <metaf5_> Works fine running user-data.txt manually.
[21:52] <metaf5_> And like I said, it's just a shebang'd bash script which the documentation claims should work.
[21:53] <metaf5_> And I can confirm that -output.log doesn't have output from my script.
[21:53] <metaf5_> Just in case I'm really stupid - is there an extra systemd unit I have to enable to get user-data scripts to run?
[21:53] <rharper> no
[21:55] <rharper> metaf5_: like this? http://cloudinit.readthedocs.io/en/latest/topics/format.html#user-data-script
[21:56] <metaf5_> Precisely.  And to re-iterate, it worked just fine on 14.04 and it doesn't seem to be an issue with the script's contents.
[21:56] <rharper> k, testing here too
[21:56] <rharper> that's worth fileing a bug; if you can easily, test with the example script in the docs
[21:56] <rharper> that writes out to a file which should confirm that it's getting executed properly
[21:58] <metaf5_> So do you suspect that the "base64+shebang'd script" is the problem?
[21:58] <rharper> I dunno
[21:58] <rharper> the plain-text script is working for me
[21:59] <rharper> in latest xenial image (openstack cloud not ec2, but I the cloud-init code is the same level)
[21:59] <rharper> I'll try base-64'ing it
[21:59] <metaf5_> I'll try plaintexting my same script via the EC2 console and see if that works...
[22:02] <rharper> metaf5_: it appears that b64'ed script fails in 16.04; testing in trusty now
[22:04] <rharper> I just base64  < user-data-script > uds.b64 and passed that instead
[22:05] <metaf5_> Hrm.  The sample script from the doc also fails on AWS EC2 if I paste it into their user-data textbox.
[22:05] <metaf5_> But I am suspcious that their console's text-box is actually B64ing it
[22:05] <metaf5_> Because in the "review intance before launching" page it's displayed as b64....
[22:06] <rharper> it fails in trusty too, it needs to be a multi-part mime message with type x/shell-script
[22:06] <rharper> trusty warns with: 2016-11-08 22:04:39,059 - __init__.py[WARNING]: Unhandled non-multipart (text/x-not-multipart) userdata: 'IyEvYmluL3NoCmVjaG8gIkhl...'
[22:06] <rharper> hrm
[22:07] <rharper> there's a  raw version of the user-data
[22:07] <rharper> that'd be useful to see what it came over as (confirm they're sending it as multipart mime and using Content-Type: text/x-shellscrip
[22:08] <metaf5_> I was doing everything the same way (b64+#!/bin/bash) in trusty and it was working fine for me.
[22:08] <metaf5_> Only stopped working when I tried using xenial
[22:08] <rharper>  sudo cat user-data.txt.i
[22:08] <rharper> should show it as a multi-part message
[22:08] <metaf5_> On the one where I pasted the example script into the console?
[22:08] <metaf5_> I'll check
[22:09] <rharper> yeah, and if we can see that the .i file is the same
[22:09] <rharper> then we can blame cloud-init (I think)
[22:10] <metaf5_> That .i file begins "Content-Type:multipart/mixed;"
[22:10] <rharper> and what about the parts?
[22:10] <rharper> is one of them x-shellscript ?
[22:11] <metaf5_> http://pastebin.com/h5MrNsKk (tl;dr "yes")
[22:11] <rharper> and does that show up in scripts/  at all ?
[22:12] <metaf5_> Yep, part-001  But no /root/output.txt so I'm pretty sure it didn't run.
[22:13] <rharper> interesting, and when we don;'t have it b64'ed, it runs
[22:13] <rharper> at least it has for me, not sure how to make it not be b64'ed in ec2 via the console tool
[22:14] <metaf5_> Oh is multipart/mixed what comes out out b64?
[22:14] <rharper> metaf5_: do you have the /var/log/cloud-init.log for that example script run ?
[22:15] <metaf5_> http://pastebin.com/h1zwBQtj
[22:16] <metaf5_> I notice it mentions writing to user-data.txt{,.i} but doesn't seem to say anything about running it.
[22:20] <rharper> metaf5_: so theres scripts/part-001 and it's executable?
[22:21] <metaf5_> It's 0700
[22:21] <metaf5_> Do user data scripts run as root?
[22:22] <rharper> yes
[22:22] <rharper> exec'ed by cloud-init running as root
[22:23] <rharper> so my b64'ed script into the instance as user-data didn't translate, I suspect the console you have does it write if you have a file that 0700 and readable (and runnable)
[22:23] <rharper> I'd be super surprised if the file is written out and marked executable but not run
[22:23] <rharper> but the example test you did didn't write out /root/output.txt ? and cloud-init-output.log didn't have the "Hello World" line ?
[22:26] <metaf5_> What do you mean didn't translate?  Didn't translate from b64->"multipart/mixed", or didn't translate from "multipart/mixed -> executable script"?
[22:26] <metaf5_> And I can confirm that /var/lib/cloud/instances/scripts/part-001 is definitely 0700, contains the example script, and that there's no "Hello World" in -output.log, nor is there /root/output.txt
[22:26] <rharper> metaf5_: ideally, the part-007 should look exactly like your input script
[22:27] <metaf5_> it does
[22:27] <metaf5_> Does it need a newline at the end?
[22:30] <rharper> shouldn't
[22:33] <rharper> metaf5_: I've got to drop for a bit; it smells like a bug, but I'm not quite sure why it would get written out correctly but not called
[22:33] <rharper> so please do file a bug with your steps (against cloud-init) and we'll see if we can get it sorted out
[22:40] <metaf5_> rharper: Will do, thanks for the help.  I'd have just assumed I was an idiot and never filed otherwise, haha.
[23:52] <metaf5_> rharper: no rush to get back to me, but I believe we've jumped to false conclusions here.  I accidentally used *my* AMI (ubuntu with some provisioning already done).  When tested with stock (ami-40d28157) it seems to work from the AWS EC2 console.
[23:52] <metaf5_> I'm investigating further right now, and have marked my bug report incomplete in the meantime in case it's erroneous.