Guest43Installing Gazelle torrent tracker with 16.04 apache and php 7.1 - get a white screen upon install.. have php errors on but nothing but a white screen.. any help?02:43
sarnoldcheck error logs?02:44
sarnolddo you get better diagnostics if you connect via localhost rather than a public internet?02:52
sarnolds/internet/interface/ stupid fingers02:53
keithzgHmm, in the process of upgrading a bunch of servers, and I haven't yet actually upgraded the one that runs apt-cacher-ng for our repo mirroring/caching. But one of the VMs already upgraded is now refusing to update from that mirror because it "does not have a Release file".03:22
keithzgDoes anybody know if this would be expected to work again once I upgrade the server in question that's running the apt-cache-ng instance to 16.04 as well? Or will there be some further steps I'd have to take? Or, worst-case scenario, is apt-cacher-ng now being left behind by changes to apt security?03:27
sarnoldeven 0.6-1 knew to treat the InRelease files specially https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=62227203:29
ubottuDebian bug 622272 in apt-cacher-ng "apt-cacher-ng: should treat InRelease as a volatile file" [Important,Fixed]03:29
sarnoldso I'd hope whatever acng you've got installed is prepared to work with releases that prefer InRelease03:30
eatingthenighthello, I have 4 interfaces on my server but only one is plugged in normally ifconfig only shows the interface that is plugged in such as eth0. however on a new server class i got if config is showing all of the interfaces.05:15
eatingthenighteven though 2 of them are not plugged in05:15
eatingthenightcurrious what is causing this to happen and what i can look into to better understand why this is happening.05:15
eatingthenightalso cat /sys/class/net/eth1/speed reports -105:25
eatingthenightwhich as far as i know is not even a valid output05:25
eatingthenightthis is on bare metal not inside a container/vm where i would expect this kind of strange behavior05:26
cpaelzermwhahaha: thanks for the FYI - I'll take a look at libvirt if that needs a conffile change or even more06:49
cpaelzermwhahaha: that was already the case for yakkety (libvirt 2.1)06:53
cpaelzermwhahaha: but I see you are in the cloud archive version of these things, yet there seems to be a valid set of breaks/replaces between libvirt-bin and libvirt-daemon-system and a debian/libvirt-daemon-system.maintscript that should take care of the move06:55
* cpaelzer is looking if the version statements in there could cause any issues06:55
cpaelzerhmm the mv_confile says 1.3.3-2, while I'd have expected 2.1.0-1ubuntu1~ to be more correct but still, on a normal upgrade cycle this should match as xenial is on 1.3.1-1ubuntu10.607:01
cpaelzermaybe that is special to the upgrade paths you take through ubuntu cloud archive upgrades07:01
cpaelzercoreycb: jamespag`: could that be an issue only along the path of versions a cloud archive user traverses on upgrades? ^^07:04
fishcookerhttp://vpaste.net/WKF7A which is the failed one if i have 16 DIMM installed and this configuration http://imgur.com/WjLTxfJ is it C2 or C1 or something else  this is my manual https://data2.manualslib.com/pdf2/33/3250/324995-asus/rs720e7rs12e.pdf?6a64c52263547b881f8e426b24b633a808:07
lordievaderGood morning.08:25
lordievaderHey Raboo08:27
RabooHey, how's it going?08:27
lordievaderDoing okay, waiting for coffee.08:27
Raboohmm, brb gotta make some tea08:28
Raboonow i got a hot bewerage08:30
Rabooi'm having a problem, and don't really know where to start looking for solutions.08:30
lordievaderWhat is the problem?08:31
Rabooi wrote a ubuntu cloud image to a hdd on bare metal08:31
Raboobut when it boots, it's super slow08:31
Rabootakes like 30 minutes08:32
Rabooi'm trying to build some scripts to make it possible to deploy the cloud images to bare metal08:33
lordievaderWhat hypervisor are you using?08:35
Raboono hypervisor, told you, my intention is to push these images to bare metal nodes08:36
Rabooi'm using https://theforeman.org/ + pxe to deploy the image08:36
lordievaderAh, bare metal. Missed that.08:46
Rabooso basically what i do is partition the disk, dd the raw image to rootfs partition08:46
Raboomount it and add som cloud init configs, interfaces + resolv.conf08:47
Rabooinstall grub08:47
Raboounmount, reboot..08:47
Rabooand it boots, but it takes forever08:48
Rabooand i know it's using linux-image-XXX-generic so it should have support for the hardware08:49
Rabooi found one thing, gonna try that, https://bugs.launchpad.net/cloud-images/+bug/159810808:54
ubottuLaunchpad bug 1567265 in cloud-images "duplicate for #1598108 ubuntu/xenial64 vagrant box boots up slowly" [Undecided,New]08:54
qsongCan ubuntu 16.4 support selinux on s390x?09:29
lordievaderUbuntu has Apparmor.09:31
qsongHas anyone use selinux to replace apparmor09:38
qsongI just want to known whether selinux can be supported on ubuntu09:38
Rabooqsong i think selinux is "EL" specific09:39
RabooRHEL, CentOS, SuSE.. etc..09:39
qsongYes, EL support by default09:39
qsongbut we need to consider whether ubunbu is also support09:40
Rabooi don't think you will find anyone that have implemented selinux on Ubuntu09:40
qsongour application need to work on ubuntu, need to consider whether it will be blocked by selinux09:40
RabooApparmor is similar to selinux09:41
qsongDoes any official document on Ubuntu has listed that selinux is not recommend.09:42
Raboodon't think so, I just figure it's not implemented09:42
qsongYes, I know, what I want to do is to verify that our APP can work well even selinux is enabled on Ubunut09:42
qsongThanks Raboo, will pursuade other team members to abandon this test09:45
Rabooselinux exists for ubuntu, but my personal believe is that not many use it.09:45
Rabooi could be wrong09:46
qsongYes, I agree with you, Apparmor is the default choice.09:47
=== jamespag` is now known as jamespage
xnoxlordievader, Raboo: i think we have all security things enabled (at least in kernel) selinux, apparmor, smack.11:51
xnoxi think somebody did use selinux... but it's not default and they made their own policies for /everything/ they used.11:51
xnoxthe default is apparmor, but one can use selinux with determination11:51
=== chmurifree is now known as chmuri
cpaelzerjamespage: Debian now has DPDK 16.11-1 https://buildd.debian.org/status/package.php?p=dpdk12:46
cpaelzerjamespage: note that ppc now is also enabled12:46
cpaelzerjamespage: I'd like to sync that into zesty, but then I know that openvswitch needs a rebuild after that12:47
cpaelzerjamespage: never done a sync, nor a sync caused need for rebuild12:47
cpaelzerjamespage: if you'd have a minute to tell me who-does-what in this case that would be great12:47
cpaelzerjamespage: btw - that version is (almost) identical to what I tested at https://launchpad.net/~paelzer/+archive/ubuntu/dpdk-packaging-tests12:48
cpaelzerseems to be syncpackage + waiting + no-change-rebuild upload of openvswitch12:51
cpaelzeryet doing these particular steps the first time a mini-coordination would be nice12:51
mwhahahacpaelzer: it's not so much upgrades as our tooling (puppet) broken because the file location change and also the group changed13:03
cpaelzermwhahaha: ah I see, so the package upgrade makes sure that the old content is transferred (if you had any)13:05
cpaelzermwhahaha: but I see - if you had externel references that is an issue13:05
mwhahahawe're updating but it broke a bunch of stuff13:05
cpaelzermwhahaha: :-/13:05
mwhahahathere's also some ceilometer and aodh issues we're working through with the last update to the ocata cloud stuff13:05
cpaelzermwhahaha: then at least it broke due to the file no more being there instead of silently going on changing a file that has no effect - that was the bug I first thought would occur13:07
cpaelzerconffile changes are a defined thing, I wonder if there is a way to generate a list of all conffile changes along an upgrade so that automation (or at least operators) could be aware13:07
cpaelzermwhahaha: not sure if that would help, but with "dpkg-query -W -f='${Conffiles}\n' | sort" you can get a list of all configfiles on a system13:11
cpaelzermwhahaha: doing so before & after a major upgrade test and diffinf git could identify changed location and/or changed default content (via the checksum)13:12
cpaelzerthat would allow you to process all changes logically one by one instead of trial&error into whatever shows up13:12
mwhahahaunfortunately the way the cloud archive updates are applied it's not possible to understand the diffs between the updates as the previous version of the package no longer exists13:12
mwhahahai'm not dealing with newton->ocata, but rather the live ocata repos13:13
cpaelzerah I see13:13
mwhahahaso what worked monday, got broken tuesday because of packaging13:13
cpaelzerand your external puppet now needs fixes to be able to handle, gotcha13:13
mwhahahaso i'm part of the puppet openstack team and so these are changes that used to work (for many cycles) that were broken with this latest update. and since there's no warning it just breaks all of our ci13:14
rbasakmwhahaha: I'm not familiar with most of this, but I believe that we pre-publish all proposed updates before they land for regression testing. Given you have CI, can you hook into that? Then you could report back before updates land, possibly blocking or fixing the update, etc.13:32
mwhahaharbasak: I can look into that as well. But rather than pushing that to us, perhaps it would be more beneficial for you to leverage our CI? we already integrate with RDO so they are aware of possible regressions. It'd be nice to get visibility UCA current work13:39
rbasakmwhahaha: not my department, I'm afraid. I'm just suggesting the possibility in the hope that it is helpful.13:40
coreycbzul, https://review.openstack.org/#/c/417591/13:40
rbasakbeisner, jamespage: ^13:40
zulcoreycb: yeah thats because keystoneauth was hiting the same issue keystone is and they made a backward/forward compatible change https://bugs.launchpad.net/keystone/+bug/165745213:44
ubottuLaunchpad bug 1657452 in OpenStack Identity (keystone) "Incompatibility with python-webob 1.7.0" [Undecided,New]13:44
zulcoreycb: this is my incomplete/perhaps wrong attempt to fix it https://git.launchpad.net/~ubuntu-server-dev/ubuntu/+source/keystone/tree/debian/patches/webob-1.7-fixes.patch13:45
coreycbmwhahaha, sorry i'm just looking, is there a package bug?13:48
mwhahahacoreycb: i did not create one as it seems to be intentional, just wasn't sure if people were aware of the impact of these things13:48
coreycbmwhahaha, can you catch me up?  i'm missing context.13:49
mwhahahacoreycb: new ocata packages, broken puppet openstack due to many new changes. first one we found was libvirt upgrade changed /etc/default/libvirt{-bin,d} and group libvirt{d,}13:50
mwhahahacoreycb: still working throught all the other items that were broken by the new packages (ceilometer, aodh are known for ow)13:50
coreycbmwhahaha, much of b2 was promoted to ocata-proposed yesterday.  ocata-updates is still the old packages fwiw.  once we get everything promoted i plan to send an announcement.13:51
coreycbmwhahaha, we moved a bunch of api's to mod_wsgi13:51
mwhahahacoreycb: right we already handle the mod_wsgi bits so the automatic file creation is problematic for us13:51
mwhahahacoreycb: we might be running proposed instead of updates i'm still getting spun up for the day so i haven't looked a that yet13:52
coreycbmwhahaha, ok I'd need to look into that.  we backported libvirt from zesty to the xenial-ocata cloud archive13:52
mwhahahacoreycb: i'm working on updating the puppets to handle the new locations and stuff, i just wanted to raise awareness that these things have impacts on external tooling13:53
coreycbmwhahaha, of course :)13:53
coreycbmwhahaha, we're definitely aware of that.  we maintain juju charms too so we know there are updates throughout every release that need to be made.13:54
coreycbmwhahaha, ok we hit that libvirt one too.  we had to put some logic in the charms to use different groups etc based on what release is being used.13:58
mwhahahacoreycb: yea but we don't have that concept, so it makes our puppet-nova incompatible with the previous one. so that breaks our desire to keep modules at least 1 version backwards compatible13:58
mwhahahacoreycb: so like i said, we're updating but it's not great for backwards compatibility :(13:59
coreycbmwhahaha, we'd have to chat with libvirt folks on that one.  i'm not too up-to-date as to why that stuff changed.14:00
mwhahahaprobably to align it with the debian version14:00
cpaelzercoreycb: to drop a major delta to debian14:00
cpaelzerdone already in the early yakkety cycle14:00
cpaelzerlike "big changes post-LTS"14:00
cpaelzerto give time to adapt pre next LTS14:00
coreycbcpaelzer, ack thanks14:01
mwhahahaoh btw we do use proposed14:01
mwhahahaso that's why we hit it yesterday14:01
coreycbmwhahaha, that makes sense14:02
jamespagecoreycb, mwhahaha: fwiw it might be worth running the puppet models CI gate against -updates, we a regular test against proposed for early vis of these types of changes14:10
jamespagegosh I can't type today14:13
coreycbjamespage, mwhahaha: that would make sense. just make sure you run a regular test against proposed to see these changes coming.14:16
=== ashleyd is now known as ashd
zuljamespage: btw glance https://bugs.launchpad.net/glance/+bug/165745914:27
ubottuLaunchpad bug 1657459 in Glance "WebOb>=1.2.3 requirement for Glance will lead to 0 bytes backing image files on OpenStack Newton, although the image file sent to the python client does not have 0 bytes" [Low,Triaged]14:27
jamespagezul, reason for build failures in proposed right?14:28
zuljamespage: yeah...14:28
zuljamespage: glance/nova probably as well14:28
mwhahahajamespage: so it's kinda when we want to get hit by these, honestly running against updates means we'd just get hit by these later. Since we can't control the promotion process, it's more beneficial to get these sooner than later :D specifically these changes are not backwards compatible so we'd get broken either way. it would just be a matter of time14:54
coreycbjamespage, zul: yeah so webob issues with 1.7.0 look like they run deeper than just test failures15:05
zulcoreycb: gah15:05
coreycbzul, well based on that glance bug you posted15:05
zulcoreycb: yeah...im not too happy about this15:05
=== JanC_ is now known as JanC
=== tekku is now known as tekk
=== tomaw is now known as 02HAAAAAN
=== lau is now known as Guest2345
=== giraffe is now known as Guest98986
=== BlackDex_ is now known as BlackDex
=== Adri2000_ is now known as Adri2000
=== disposable3 is now known as disposable2
jgehey all good morning, I'm trying to find out what process is sending a bunch of UDP traffic out onto the network but I'm not getting anything.. I did a tcpdump on the box, found out the local port: 3955 then do a netstat -apn | grep 3955 but nothing15:36
jgethe connection is active as I'm seeing that traffic flowing15:36
jgeI'm trying to find out what process (if any) is sending it15:36
jgeany ideas?15:36
=== tarpman_ is now known as tarpman
=== baggar11_ is now known as baggar11
rbasakjge: try with --inet616:28
rbasak(even if it's IPv4 traffic you're seeing)16:28
=== stgraber_ is now known as stgraber
jgerbasak: I did a netstat -apn --inet6 | grep 3955 and nothing16:44
DammitJimwhat log tells me information with timestamps of a shutdown?16:46
DammitJimI'm trying to figure out why when shutting down a server, it takes close to 10 minutes16:46
DammitJimand the last thing I see on the screen is: Stopped LVM2 metadata daemon16:47
rbasakjge: I'm not sure then, sorry. Try without the -a and separately with --inet and --inet6 instead, only because that's what I normally do. If that doesn't work, then the only things I can think of are rootkit and a process that doesn't hold the socket for long, so it's racing you.16:49
rbasakThere probably a simpler, less serious explanation but I cannot think of one.16:49
rbasakiptables can do logging of origin user I think. If not try nftables if you have a new enough system.16:50
jgerbasak: it's a bunch of UPnP traffic, which I automatically associate with something up to no good, so I'm not throwing away the idea of a rootkit or malicious process, if iptables do do logging of origin user would it show a PID or the likes?16:53
jgeI captued about 2-3 minutes worth of traffic and around %50 of it was all UPnP broadcasts, which seems excessive but it could also be that this box doesn't see a lot of traffic flowing16:54
rbasakjge: oh. There's a thought. Could it be a raw socket?16:54
rbasakUPnP is more likely than average to use raw sockets.16:54
rbasakjge: iptables may be able to capture pid as well.16:54
jgeI used 'ss -w -a' to check that and three connections come up but they're binded to *:icmp and :::ipv6-icmp16:55
rbasakjge: if it's using a raw socket, it'll show up in netstat but not under --inet or --inet6 and it won't show you port numbers.16:55
jgeI did a netstat, under proto all show up as unix16:57
jgeif it's a rootkit or process that doesnt hold socket for long, would I be able to see it if I fire up the netstat command under "watch 1" for example?16:59
rbasakjge: I think your netstat would take orders of magnitude of attempts in order to win the race.17:21
rbasakI'm not sure it's that likely though.17:22
cpaelzerrbasak: ping, still around?18:34
=== dames is now known as thedac
jfk-cmI don't know where to ask this question. I was on #ubuntu and someone suggested this. I'm having problems running Selenium Standalone server on Ubuntu 16.10. It seems to start in Terminal but when I try to create a session it says "Unable to create new session". It works fine in Fedora.18:47
sarnolddoes it have a verbose option that would give some useful information? or an error log?18:50
DammitJimwhat log tells me information with timestamps of a shutdown?18:51
DammitJimI'm trying to figure out why when shutting down a server, it takes close to 10 minutes18:51
DammitJimand the last thing I see on the screen is: Stopped LVM2 metadata daemon18:51
jfk-cmThis is what shows when I try to run a Nightwatch test:18:53
jfk-cmError retrieving a new session from the selenium server18:53
jfk-cmConnection refused! Is selenium server started?18:53
jfk-cm{ state: 'unhandled error',18:53
jfk-cm  sessionId: null,18:53
jfk-cm  hCode: 920681884,18:53
jfk-cm  value:18:53
jfk-cm   { localizedMessage: 'Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext',18:53
jfk-cm     cause: null,18:53
jfk-cm     suppressed: [],18:53
jfk-cm     message: 'Could not initialize class sun.security.ssl.SSLContextImpl$TLSContext',18:53
jfk-cm     hCode: 728090681,18:53
jfk-cm     class: 'java.lang.NoClassDefFoundError',18:53
jfk-cm     screen: null },18:53
jfk-cm  class: 'org.openqa.selenium.remote.Response',18:53
jfk-cm  status: 13 }18:53
jfk-cmI don't know how to find any logs18:53
teward!pastebin | jfk-cm18:53
ubottujfk-cm: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.18:53
tewardfor the future18:53
sarnoldoy, if you're going to paste more than about two lines it's best to use a pastebin site :)18:53
tewardsarnold: ohai18:53
sarnoldmorning teward :)18:53
jfk-cmThanks. I'm new to this.18:54
tewardsarnold: I assume you saw my pings from over 24 hours ago18:54
sarnoldjfk-cm: so, that thing at least says the server isn't running. that's a starting point. use ss or netstat to look for the server on the ports you expect it to be on.18:54
sarnoldteward: maybe? which ones.. sorry.18:54
tewardsarnold: in -hardened18:55
jfk-cmI can go to the localhost port and see the server is up. But even when I try to create a browser connection through that interface it says "Connection refused"18:55
sarnoldteward: aha, right, the pie/pic problem :( I really wish they just used bloody makefiles as they were intended rather than trying to generate magic makefiles with scripts that are longer than the things they were generating. I'm sure of it.18:56
tewardsarnold: well i'm going to *try* and implement a fix that we did back in the 14.04 days to fix some of the Perl compile fails anyways18:56
tewardbut, I'm not sure it'll work18:56
tewardbecause even with fPIE disabled, I'm still getting a lot of fails18:56
sarnoldjfk-cm: just to be clear, when you see 'the server is up', is that the selenium server that you see up? or your website?18:56
sarnoldteward: ugh18:57
tewardsarnold: so for now i'm just working on standard builds, without dynamic modules.  For now.18:57
teward(next LTS, I want it all merged heh)18:57
kyle__cleaning up an old server, and noticed an entry in /etc/passwd where the second col starts with 8+.  I'm used to $6$, $5$, $2a$, $2y$, $1$...is .... is that seriously a 3DES password in there?19:51
sarnoldwow :)19:57
blacknred0is there a way to sync ~/.ssh/known_hosts ?19:59
blacknred0is rsync my answer :P :)19:59
sarnoldblacknred0: depending upon what you're trying to do, look into monkeysphere and sshfp20:02
blacknred0sarnold: i'll take a look at both, but essentially every time i add a host to one server i would like to have that host sync across other servers20:03
=== kees_ is now known as kees
=== 02HAAAAAN is now known as tomaw
DammitJimwhat is ens160?20:24
sarnoldDammitJim: looks like a NIC http://www.ehowstuff.com/new-naming-scheme-for-the-network-interface-on-rhel-7centos-7/20:32
DammitJimso, I guess we need to learn to use ens now20:53
sypherDammitJim: Not always "ens."20:58
tewardsarnold: I think i may have found the issue21:56
tewardsarnold: holy crap I think I fixed the build failures...22:32
tewardit just has to finish compiling a few more modules and I'll know if it worked22:32
tewardsarnold: ^ that's... good news, because I only disabled -fPIE in the perl flags heh22:35
tewardthe rest is... working, I think22:35
tewardgonna push to a PPA and test22:35
PryMar56teward, or append to cflags: -fno-pie22:50
PryMar56^^ was it yakkety?22:50
tewardPryMar56: it was all distros22:52
tewardPryMar56: it was actually lacking -fPIC as a build flag22:52
tewardadding that seems to make it work22:52
tewardwhile disabling -fPIE in the hardening flags for the perl modules specifically22:54
=== o is now known as Guest53862
sarnoldteward: sweeeet :D23:00
tewardsarnold: HOLY HELL IT BUILDS!23:01
sarnoldPryMar56: the thing is, nginx's makefiles are a mess. it's quite hard to just say "please build with -fpic" :(23:01
sarnoldteward: well done :D23:01
tewardsarnold: does this look sane?  http://paste.ubuntu.com/23824662/23:01
teward'cause while this lands in the PPAs, it's going to land in the merge delta23:02
tewardunless I can get Debian to include the -fPIC changes, which will fix a lot of the issues23:02
teward(even though it doesn't break in Debian, getting it there will help if something ever *does* break in Debian)23:02
sarnoldteward: I'm a touch surprised about the hardening=+all, but all that machinery predates me, so I never learned it well23:03
tewardsarnold: i have an sbuild log if you want to review that too23:03
tewardsarnold: that's actually still in Debain23:03
tewardbut hey it works and fixes some build explodes, so blarghl23:04
sarnoldteward: oh right right23:04
tewardsarnold: some of that is left over from 14.0423:04
tewardwhen we implemented to address a wishlist to enable bindnow and PIE23:04
tewardbut hey I have something that builds heh23:05
sarnoldteward: have you had a chance to run hardening-check on the results?23:05
tewardsarnold: no, but for the PPAs I'm more concerned about getting that building first23:06
tewardsince the PPAs are, what, three months behind?23:06
tewardi'll hardening-check that after it's uploaded23:06
PryMar56take a look at: dpkg-buildflags --export | sed -e '/fix me/', insert into the debian/rules after importing default.mk23:07
tewardsarnold: holy crap, look at all the successful builds!  ^.^   https://launchpad.net/~teward/+archive/ubuntu/nginx-stable-testing/+packages23:51
teward(except the two that are waiting)23:51
tewardsarnold: once amd64 builds go through, i'll install and hardening-check it23:51
tewardsarnold: that means now all I have to do is apply the Ubuntu delta to a base from Debian, and add in the delta for fixing fPIE/fPIC, and boom23:58
sarnoldteward: heh is there no chance to get debian to accept the different package splits I forced on you?23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!