/srv/irclogs.ubuntu.com/2017/01/03/#ubuntu-server.txt

patdk-lapkarstensrage, that is not a very safe thing to do with security01:03
karstensragepatdk-lap, what do you mean?01:20
patdk-lapyou are not matching the whole string, only the start of the process name01:21
karstensrageso why is that bad? patdk-lap01:38
patdk-lapwhatever that check is doing, can be bypassed by using a process starting with the same name01:39
karstensragewell its an nss library like nss_ldap01:52
karstensrageand those processes are the ones that open the library but dont do anything with it01:52
karstensrageor close it01:53
karstensrageso that code is necessary to short circuit out if those processes open the library01:53
karstensrageso if there is process that has the same starting name, i guess i would want to short circuit out as well01:53
karstensragethis same problem is apparently with nss_ldap01:54
karstensragebut they handled it differently01:54
karstensragedebian sure makes things painful01:55
tarpmankarstensrage: was just about to say, nss-ldap doesn't seem to have any of those process names hard-coded in it; what did they do differently?01:55
karstensragetarpman, the work around afaict was to set a flag to either do a strong connection or a weak connection to the ldap server, in the former case keep trying after a failure, in the latter, abort if  it fails the first time01:56
karstensragei dont have that luxury01:56
karstensragei hate this way of doing it btw with the hardcoded names01:57
karstensragebut im not seeing a good way around it01:57
karstensragetarpman, basically if you google "dbus nss_ldap" you can find all the discussions about the troubles nss_ldap had02:00
karstensrageit was really hard to narrow it down to dbus, but once i did that, i was able to put in the right debugging to see these processes and filter them out02:01
tarpmanthis is ringing some bells now... some of these bugs look very familiar02:01
karstensragetarpman, any other suggestions?03:06
rbasakteward: I think you can set DEB_BUILD_MAINT_OPTIONS=hardening=-pie or something like that.03:11
rbasakteward: https://wiki.debian.org/Hardening#dpkg-buildflags03:11
tarpmankarstensrage: in your position I'd be trying very hard to detect the "network unreachable" state from my module... that wasn't possible for libnss-ldap since libldap hides the network state behind the LDAP result code03:34
=== nchambers is now known as hammwch
=== JanC_ is now known as JanC
jakstis this the right channel to ask for assistance with data recovery with Linux Raid 5 / LVM ?07:41
cpaelzerjakst: it is one channel to ask - there is no one specific to ubuntu + lvm/raid08:10
cpaelzerjakst: you can still go on to the wider community in #ubuntu if you find no help in the more server specific group around here08:11
jakstcpaelzer: Of course, just wanted to make sure I wouldn't be chased away with torches and pitchforks for asking here :) Already tried #ubuntu but didn't get much of a response08:12
cpaelzerjakst: it maybe is still a slow satrt of the year08:15
jakstWell, I'll give it a shot08:15
jakstThe thing is, my physical and logical volumes have disappeared from LVM, and my raid array has status 'active, degraded, not started' and reports the wrong size08:15
cpaelzerjakst: did any of the links that were linked there help you already ?08:16
jakstNo, not really08:16
cpaelzerjakst: if all is gone (pv and lv and likely also vg) you have to start looking bottom up08:17
cpaelzerjakst: so #1 are the raw devices like /dev/sd... still there?08:17
cpaelzerjakst: from there go on with pvdisplay, maybe pvscan ... to find your pv's - and from there to vg and lv and so on08:17
jakstI can see them with fdisk -l08:17
cpaelzerjakst: the question is where it breaks08:18
cpaelzerjakst: ok so disks are there - and for the moment we assume they are intact08:18
cpaelzerjakst: you said LVM / Raid before - is it only LVM or is also an md involved?08:18
jakstcpaelzer: pvdisplay and pvscan display nothing08:18
jakstyes08:18
cpaelzerstacked which way - are the pv's on the md array - or have you made a md array out of lv's ?08:19
jakstcpaelzer:  /dev/md0 consists of raid5 of  sdc sdd and sde08:19
cpaelzerjakst: ok and the pv(s) is on /dev/md0 to shape off lvms from there right?08:20
cpaelzerjakst: is cat /proc/mdstat still happy about /dev/md0?08:20
lordievaderGood morning, happy new year!08:20
cpaelzergood morning and year lordievader08:20
jakstHappy new year! :)08:21
jaksthttps://www.irccloud.com/pastebin/JcWed20J/08:21
jakstThis is /proc/mdstat08:21
cpaelzerjakst: ok, so not lvm is broken (maybe it is later) but your md is down08:21
jakstYeah that seems to be the case08:23
cpaelzerjakst: http://superuser.com/questions/603481/how-do-i-reactivate-my-mdadm-raid5-array08:23
cpaelzerjakst: that should get you to activate it again08:23
cpaelzerjakst: there are also commands to gather status on each member disk and such08:23
cpaelzerjakst: I'd do so and store that away before starting/assembling it08:23
jakstDo you mean mdadm --examine /dev/sdc etc?08:24
cpaelzerjakst: and all other raid devs08:24
cpaelzerjakst: I like to store debug info before changing something08:25
jakstThanks for the tip!08:25
cpaelzerjakst: and then likely go with08:25
cpaelzerjakst: mdadm --stop /dev/md008:25
cpaelzerjakst: mdadm --assemble --scan -v08:25
cpaelzerjakst: and let us know if it worked or why not if not08:25
cpaelzerjakst: the linked example has a case with out of date disks and uses force to reenable, but most of what follows depends so much on your case that you have to decide (e.g. if force is ok)08:26
jaksthttps://www.irccloud.com/pastebin/2FlDN3O1/08:28
jakstSo this is the output of assemble08:28
cpaelzerjakst: that is a good start08:29
cpaelzerjakst:  as I read it it means it could reassemble the state and currently syncs up one of your devices08:29
cpaelzeryour /proc/mdstat should show it syncing with an ETA08:30
cpaelzerjakst: after that you should be able to start it08:30
cpaelzerjakst: what does proc/mdstat show now?08:30
jaksthttps://www.irccloud.com/pastebin/nMMfc1Ir/08:30
cpaelzerjakst: also the state of the examine output should have changed now - the disks are now part of an array08:31
cpaelzerjakst: there is something like "Device Role" at the end of examine08:31
cpaelzerhrm - does that mean they are all as spares (S)08:31
cpaelzerneed to check08:31
jakstcpaelzer: Device Role is the same as before, Active device 0, 1 and 208:33
cpaelzerjakst: it very likely just needs the --force, but it is your data so I'm refusing to just say you should do so08:34
cpaelzerjakst: do you have enough spare storage to dd away the raw disk content before you do so?08:34
jakstNo, I don't08:34
jakstwhat does force do?08:34
cpaelzerjakst: essentially it starts it anyway referring to the last line in https://www.irccloud.com/pastebin/2FlDN3O1/08:35
cpaelzerjakst: from the bit I see in your case it is 98% fixing your issue, but 2% killing your data - that is why I need you to make the call08:35
cpaelzerjakst: "if you search for "assembled from 2 drives and 1 rebuilding - not enough to start the array while not clean - consider --force" the net is full of recommendations to just do it08:37
jakstWell I don't have enough space to backup, and it's not ultra critical to recover. Just very very nice if it works08:37
cpaelzerjakst: so do the assemble with force, then start it08:38
jakstIt says my devices are busy -.-08:38
cpaelzerjakst: it should be in recovery mode then08:38
cpaelzerjakst: stop before reassemble08:38
jakstOk, but should I assemble manually? Don't know what it get sr0 from and suh08:39
jakstNvm that08:40
jakstNow I forced it. Should I just mount it now?08:40
cpaelzerjakst: now that you forced the assemble you should madam start it and check /proc/mdstat08:41
jakstis that mdadm -A /dev/md0?08:42
cpaelzerjakst: assemble might start it automatically - it is too long ago since mine just works for years now08:43
cpaelzerjakst: what does /proc/mdstat show now (before searching for a start command that might not exists)08:43
jaksthttps://www.irccloud.com/pastebin/8LzgkVch/08:44
jakstRecovering08:44
cpaelzerjakst: good08:44
cpaelzerjakst: when that happened to me it was the day to read about upgrading to raid6 for the day two disks will break :-)08:44
cpaelzerjakst: you can use it now, after the recovery is done it will provide the extra level of failsafe again08:45
jakstHaha yeah, a lot of thoughts about upgrading have been passing through my head08:45
cpaelzerjakst: I waited to be recovered before using it thou08:45
jakstcpaelzer: Yeah I'll just check if it mounts properly, then I'll leave it to recovering08:46
cpaelzerjakst: in your case pvscan might be the next08:46
cpaelzerjakst: as you have pvs on the md08:46
cpaelzerjakst: and then vgscan, lvscan, mount08:46
jakstcpaelzer: Well it appears in pvscan, but without a volume group08:49
cpaelzerjakst: it apears without vg in pvscan because the vg isn't active I think08:50
jakstIt's supposed to belong to vg group008:51
jakstI think. Was a while since I set it up08:51
cpaelzerjakst: so pvdisplay shows your pv's08:52
cpaelzerjakst: but vgdisplay shows nothing - not even inactive?08:52
jakstvgdisplay shows my volume group, but only cointaing a caching disk that I never bothered to activate08:53
cpaelzerjakst: and vgscan is not re-finding your pvs now?08:54
jakstNope =/08:54
cpaelzerjakst: sorry I'm out of remote-usable-skills now I guess08:55
cpaelzerjakst: has the pvdisplay all your pv's at least?08:55
jakstcpaelzer: pvdisplay shows md0, but not the individual drives08:57
lordievaderjakst: That makes sense? Right?08:58
lordievaderJa08:58
lordievaderWhoops08:58
jakstlordievader: Well I think I recall that each drive was listed under pvs09:00
cpaelzerjakst: if you did pvcreate on /dev/md0 you will only see /dev/md0 in pvdisplay09:01
lordievaderFor mdraid perhaps... but if you layer lvm on top of mdraid you won't see all drives in pvs/pvdisplay.09:01
cpaelzerjakst: the member disks are no more to be accessed directly or you will kill your raid09:01
lordievader^ that.09:01
cpaelzerlordievader: ack09:01
lordievaderIf you'd let LVM do the raid5 then yes, you'd see all disks.09:02
jakstOk, but trying to mount the array I get 'mount: wrong fs type, bad option, bad superblock on /dev/md0'09:03
lordievaderjakst: You put lvm on the mdraid right?09:04
lordievaderLVM ain't a filesystem ;)09:04
jakstlordievader: No I guess I haven't. How would I do that without destroying the data?09:05
lordievaderjakst: What is the output of 'sudo pvscan && sudo vgscan && sudo lvscan'?09:06
cpaelzerthat ^09:06
jaksthttps://www.irccloud.com/pastebin/v8VXxrij/09:07
jakstsdb is the device I was meaning to use as cache, but never did09:07
lordievaderHmm, md0 contains a PV signature but is not assigned to any volume group?09:09
jakstBefore the crash I had a logical volume called data09:09
jakstHeh, yeah09:09
lordievaderjakst: Could you pastebin the output of 'sudo lsblk -o NAME,KNAME,FSTYPE'?09:10
jaksthttps://www.irccloud.com/pastebin/0oD8Q8cw/09:11
cpaelzerjakst: it will likely just complain not knowing about "data" but what does this give you?: "vgchange -ay data"09:14
jakstYeah not found09:14
lordievaderSda contains rootfs I presume?09:15
cpaelzerjakst: sudo vgcfgrestore --list data09:15
jakstyes09:15
jakstsudo vgcfgrestore --list data09:16
jakstNo archives found in /etc/lvm/archive.09:16
cpaelzer:-/09:16
jakstBut if I ls that directory I can see them09:16
cpaelzer?09:16
jaksthttps://www.irccloud.com/pastebin/4xEbEngI/09:16
cpaelzerjakst: well you have backup of the group0 cache, but not of a data vg09:17
cpaelzerjakst: I slowly lean to assuming you once had a data lvm, but stopped using it a while ago09:17
jakstMy system was up and running before new years09:17
lordievaderjakst: What happened that you lost it?09:18
lordievaderPower outage?09:18
jakstMight have been, not sure. I was away09:18
jakstBut I also might have messed it up in my early rescue attempts09:19
cpaelzerI just checked your former pastes - since /dev/md0 is a proper PV it was used as PV - I wonder why it would auto-backup the cache but not the data config09:19
jakstBut group0 countained the lv data, so should be correct right?09:20
jakstdata wasn't it's own group09:20
cpaelzerjakst: are the files in /etc/lvm/archive human readable - and if yes is data in there?09:21
lordievaderjakst: Is the data lv defined in /etc/lvm/backup/*09:23
lordievader?09:23
jakstnot in backup, but in archive09:24
jakst# Generated by LVM2 version 2.02.98(2) (2012-10-15): Wed Jul 15 12:27:07 201509:24
jakstcontents = "Text Format Volume Group"09:24
jakstversion = 109:24
jakstdescription = "Created *before* executing 'lvcreate group0 -L20M -n dataCacheMe$09:24
jakstcreation_host = "NAS"   # Linux NAS 3.16.0-43-generic #58~14.04.1-Ubuntu SMP Mo$09:24
cpaelzerbut that seems only to be the cache device09:25
cpaelzeror came more before flood control kicked you09:25
lordievaderjakst: Could you pastebin that file?09:25
jaksthttps://www.irccloud.com/pastebin/xrkslaQV/09:26
jakstYeah, I accidentally pasted raw :P09:26
jakstHard to copy long texts from console...09:27
cpaelzernice, it really has a backup09:27
cpaelzernot sure but you might be able to reload that with vgcfgrestore09:27
jakstI could!09:30
jakstAnd it mounted!!! My data is back!!!!09:33
cpaelzeryeah09:33
lordievaderWhoop whoop09:33
cpaelzergz jakst09:33
lordievaderjakst: Nice09:33
jakstLove you guys cpaelzer lordievader09:33
lordievaderjakst: What was the actual command you used to restore the backup?09:33
jakstsudo vgcfgrestore -f /etc/lvm/archive/group0_00008-621465970.vg group009:34
lordievaderAh, cool.09:34
lordievaderThanks09:34
jakstI really couldn't have figured that out on my own, and I already spent a whole day trying09:35
jakstNow I learned a lot as well! Thanks :)09:35
cpaelzeryour welcome09:36
jakstSo, futureproofing.... Raid6. Anything else?09:36
lordievaderI'd do the raid in LVM, but that is me ;)09:37
jakstWhat's the upside?09:38
lordievaderMore flexibility. LVM uses dmraid, like mdraid, but does so per LV instead of per disk.09:38
lordievaderSo you can determine per LV if you want linear, raid0, raid1, raid-whatever.09:39
cpaelzerjakst: also maybe share your won insight in something like http://askubuntu.com/questions/13981/recover-lvm-after-hdd-crash or a new post09:39
jakstcpaelzer: Absolutely, I'll do that!09:40
jakstlordievader: Okay, sounds nice. I'll have to look at that when I get more disks09:40
ghostali need to set up sendmail on my ubuntu xenial server. the server just needs to send emails to users, it doesn't need to receive anything. i found this guide on DO, whose guides i've found to be excellent in the past, but this one seems a little more confusing to me https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-0409:48
ghostalparticularly, i'm confused about hostname settings. should it even matter if all i'm doing is sending email?09:49
=== chmurifree is now known as chmuri
rbasakghostal: unless you're using a service provider's email relay, if your hostname doesn't resolve to your source IP (and in reverse) then many hosts will block your emails for spam.10:08
ghostalrbasak: well, i'm not using a relay, i know that much :)10:10
ghostalmy hostname is just "mir"10:10
ghostalbut there is a DNS a record for the machine10:14
=== petevg_holidays is now known as petevg
=== jgrimm-holiday is now known as jgrimm
kirklanddasjoe: hmm, I think it's supposed to default to the last LTS14:10
=== PaulW2U_ is now known as pcw
=== med_` is now known as medberry
=== medberry is now known as med_
=== med_ is now known as Guest46232
=== Guest46232 is now known as medberry
zulcoreycb: ping can you update your upstream report please?15:30
coreycbzul, that's in progress, did you see I moved that btw?15:30
zulcoreycb: yeah im using the new location15:31
coreycbzul, ok15:31
coreycbzul, i'm working on barbican update-excuses failure.  waiting on a s390 instance to debug the neutron autopkgtest failure.15:32
zulcoreycb: ack15:33
coreycbzul, do you have an MIR open for monasca-statsd?15:40
=== wwalker_ is now known as wwalker
zulcoreycb: no there needs to be one i think15:40
=== bladernr is now known as bladernr-doc
coreycbzul, ok i'll open one15:41
zulcoreycb: k15:43
jgeanyone ever used chrony in ubuntu before? I'm trying to query a chrony client on my network as "chronyc -h 192.168.1.22 tracking" but I'm wondering if it needs to be allowed first inside chrony.conf16:31
ikoniaallowed ?16:31
ikoniaif you're specifying it on the command line it won't take that parameter from the config16:31
jgeikonia: chrony operates as an ntp client by default, if I allow a host inside chrony.conf then it becomes a server for that client (if it needs to) but I just want to query it for skews16:35
jgeI'll test it16:35
ikoniajge: right, but you're specifying -h on the command line so it won't care about that option in the host16:36
ikonia(host config)16:36
jgeikonia: I'm querying the remote server from another host in the network16:36
ikoniajge: yes, I understand that,16:37
ikoniajge: however the fact that you're setting -h on the command line replaces that parameter from the config16:37
jgesame thing as an "ntpq -p16:37
jgebut the other end needs to allow the connection16:38
jgeno?16:38
ikoniajge: so you're talking about the config on the remote servcer it's querying16:38
ikoniarather than the client16:38
jgeyep16:38
ikoniajge: ok, so yes you'll need to tell it to allow queries16:38
jgeyeah I did, let me test it16:39
jgenever worked with chrony so I wasnt sure16:39
ikoniajge: works %80 the same as ntp16:39
jgeyeah the guy who has it running here swears by it16:41
jge"it's so much better than ntpd"16:41
jgebut no explanation as to why he thought that.. had to look it up.16:41
ikoniaI'm not sure why it's "better"16:42
ikoniaI've found it "fine" but nothing to write home about as a big song and dance16:42
ikoniaI don't see any real world benifit over ntp16:42
ctjctjHello.  I'm attempting to mount a filesystem from an iscsi server.   My fstab has the _netdev option for the filesystem and it is using UUID.  The problem is that during the boot sequence iscsi-open start script hasn't run at the time the system attempts to mount the disk.  How do I get iscsi-open to run after network start and before the mounting of filesystems?16:50
naccctjctj: i wonder if you need to include iscsi into your initramfs16:54
ctjctjnacc, no.  I'm not booting off an iscsi disk.16:55
ctjctjUUID="xyzzy" /var/lib/mysql defaults,_netdev 1 116:55
ctjctjSo we boot of a local disk and then we should mount the iscsi disk before mysqld (mariadb) starts16:56
naccctjctj: ah sorry16:56
ctjctjnacc, it was a great answer, just not the one I needed.16:56
naccctjctj: 16.04?16:56
ctjctj14.04 LTS16:56
naccctjctj: hrm, so maybe an upstart ordering is needed?16:57
ctjctjI thought that.  But we have S45open-iscsi in rcS.d which I *think* means to do this before we change out of single user mode and into a multi-user runstate.16:59
ctjctjMy understanding was that by putting the _netdev it would cause the mount of network devices to wait until after open-iscsi completed.17:00
coreycbzul, monasca-statsd is optional so I added it to suggests17:03
coreycbzul, upstream report is updated now too for ocata17:05
=== medberry is now known as med_
jgeikonia: that worked but now I'm getting "517 Protocol versin mismatch" not much about it online.. the client querying is running Ubuntu and the other CentOS.. wondering if this is the problem17:26
ikoniashouldn't be17:27
jgeubuntu has chrony version 1.29 and Centos 1.29.117:27
ikoniaI have multiple distros using it with each other17:28
jgeikonia: looking at source here https://github.com/SuperQ/chrony/blob/master/client.c17:29
jgesomething to do with a bad header?17:30
ikoniajge: not sure, I'll need to look into it, but it works on mine17:30
jgeikonia: are you able to query other clients as "crhonyc -h ip tracking"17:31
jge?17:31
ikoniajge: I can't check it at the moment as I don't have access to those hosts from where I am17:32
jgehmm ok.17:32
jgeI don't know then :(17:32
jgeit would be nice to have a switch for verbose17:33
ikoniaI can try it for you later on17:35
zulcoreycb: cool beans17:56
coreycbbeisner, hi can you promote python-cryptography 1.0.1-1ubuntu1~cloud1.2 to liberty-proposed please?18:13
beisnercoreycb, done, re: https://bugs.launchpad.net/horizon/+bug/160198618:27
ubottuLaunchpad bug 1601986 in OpenStack Dashboard (Horizon) "RuntimeError: osrandom engine already registered" [Undecided,New]18:28
coreycbbeisner, ty sir18:28
zulcoreycb: mind if i sync python-muranoclient over from debian?18:29
coreycbzul, fine by me18:29
jakstHow would I go about doing a smart scan of a disk if my ubuntu server is hosted in an ESXi hypervisor? In Ubuntu or in ESXi?19:02
ctjctjHow do I force open-iscsi to start before network mounts?  At this point I have a _netdev in fstab for the disk in question. open-iscsi attaches the device correctly when it runs but upstart/systemd(?) are attempting to mount the disk before open-iscsi starts19:28
=== Spydar007 is now known as Guest70417
=== bladernr-doc is now known as bladernr
coreycbbeisner, hey these are ready to promote from liberty-proposed->liberty-updates: cinder, heat, manila, nova, openstack-trove, sahara21:38
ctjctjI'm looking at an issue that /etc/init/mountall-net.conf will attempt to mount devices that are attached via open-iscsi.  But mountall-net.conf runs before open-iscsi runs.  Is there a fix for this?21:48
jgehey all, could I install a version of a package that's meant for say Xenial to Trusty?22:26
naccjge: that's not recommended or supported22:27
ikoniajge: no22:29
jgeso I'm better of intsalling from source if I need a version that's not available in repos?22:29
ikoniajge: what do you actually want22:31
jgeikonia: chrony version 2.322:31
jgettp://chrony.tuxfamily.org/doc/2.3/manual.html#Installation22:31
ikoniajge: why do you want that version ?22:32
naccjge: 2.3 is not available in xenial either, afaict22:32
ikoniawin 1222:33
ikoniaoops22:33
jgeikonia: I'm getting an error trying to query another chrony client in Cent0S, "Read command packet with protocol version 5 (expected) 6" and from the mailing list here it looks like it might be related to the version: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-users/2010/06/msg00005.html22:33
jgeso I wanted to test if upgrading to the latest release will help22:34
ikoniaI've got 16.04 and Centos 7 hosts in sync from each other22:34
jgewhat version of chrony on both?22:34
ikoniasaly, I can't check as I ended up not going home tonight22:35
jgeI was able to test earlier from different clients (one 1.29 and the other 2.2) both CentOS and it worked, so I'm thinking is the version of Ubuntu..22:36
ikoniajge: what version does ubuntu use22:37
jgeit appearently sends protocol version 5 when the other ends expects 622:37
ikoniawhat actual chrony version does ubuntu use22:37
ikonia(not got a box here to check)22:37
jgeikonia: it's on 1.29.1 which is the latest stable22:37
ikoniajge: so applying logic, you have a 1.29 box working and 2.2 box working22:37
ikoniai don't think a 1.29.1 "won't" work, when a 1.29 box does22:38
jgesame OS though22:38
ikoniajge: so ?22:38
jgewell, I'm thinking it might be implemented differently.. it's clearly sending a different version of the protocol22:39
ikoniaso if you think it's a different implmentation, upgrading it won't do anything22:39
jgeif it would be the same code base then it shouldn't complain22:39
ikoniajge: have you actually looked at the config or arguments to see if things can be set22:39
ikoniajge: it is the same code base22:40
ikoniayou've just said that22:40
ikoniayou have a 1.29 client that works22:40
ikonia1.29.1 is the same codebase22:40
jgemy idea with upgrading is that the latest release could have better (compatability) with earlier versions as opposed to the opposite22:41
ikoniajge: sorry, thats just blind randomess22:42
jgemaybe downgrade connection protocol, I don't know ..just spitting ideas22:42
ikoniajge: have you even done basic research to see if the clients support both versions of the protocol22:42
ikoniaand if you can force the protocol, and what the default is22:42
jgei looked up focing the protocol but manual doesn't have anything for that..22:43
jgeclient obviously does not support one of the protocols22:43
ikoniawhy though22:45
ikoniaas it's in the code base22:45
ikonialogically it's more likley to be a configuration option22:45
jgeikonia: https://github.com/mlichvar/chrony/blob/master/NEWS22:47
jgecheck out the security fix under version 1.29.122:48
jgeincompatible with previous protocol version..22:48
ikoniathere you go then22:48
ikoniaso you need to use the other protocol22:48
jgebut would that be referring to 1.29 or 1.28?22:48
ikoniawould what ?22:49
jgeprevious protocol version22:49
ikoniaso 1.29 seems to support both22:49
ikonia1.29.1 seems to patch one to fix a problem22:49
ikoniaso the logical approach is to use the one that is supported by both22:50
ikoniahow to foce it the question22:50
ikoniaif you look there is a similar change in 1.2722:50
jgehm yeah I see it22:51
=== hammwch is now known as nchambers
jgeikonia: I dont have chronyd open on the internet, maybe I could just go back to 1.2922:53
jgewait a minute, I was looking at another box... the ubuntu box is already on version 1.2922:54
ctjctjFor anybody that cares about the open-iscsi mount on boot issue I was describing.  When we went to upstart we created a helper tool called "mountall" which processes fstab and mounts drives as they become available.  Once upstart starts the network /etc/init/mountall-net.conf runs and kills the mountall process.  BUT /etc/init.d/open-iscsi start has not yet run so any iscsi targets have not yet been mounted.  Thus the mount23:18
ctjctjfails and boot hangs.  The original intention was for the _netdev in /etc/fstab to keep any mount of the iscsi device from happening.  All the other remote devices would then be mounted by commands like "mount -a -t nfs -O _netdev"  Thus /etc/init.d/open-iscsi also does a "mount -a -O _netdev" because it runs after all of NFS/CIFS and such.  Catch 22.23:18
keithzgAny built-in way with systemd to have an escalating set of shutdown commands for a service? Specifically, I have a VirtualBox VM set up as a service, and I'd like it to first try VBoxManage controlvm $vmname acpishutdown, and (perhaps after a timeout) try poweroff instead of acpishutdown if the process hasn't halted.23:21
CurionticeHi! is it possible to compile squid into a package such that no shared dependency exist?23:22
* keithzg has tried to read systemd documentation, but for instance https://www.freedesktop.org/software/systemd/man/systemd.unit.html doesn't even *mention* ExecStop, much less document it.23:23
ctjctjkeithzg, i believe there is a method.  The easiest that I can think of is to just have two shutdown VM commands.  One does the acpishutdown and waits upto 30 seconds  Then the second VM shutdown runs and does the poweroff.  Since all VMs that could be shutdown with acpishutdown will already be shutdown this only catches the once still on.23:30
keithzgctjctj: Fair enough, I was thinking perhaps there was some native systemd way of doing this but that certainly sounds like it'd work. I'll try just using `/usr/bin/VBoxManage controlvm Sibrel acpipowerbutton && /bin/sleep 30 && /usr/bin/VBoxManage controlvm Sibrel poweroff`23:32
ZJAY how would i soft link a path like /Volumes to my main path /media/dumpebut/<somehugedrive> i need it to see the soft link path in a script.23:48

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!