=== JanC_ is now known as JanC
[07:57] <patsToms> is there any way to find source for kernel which ubuntu was built?
[08:10] <cpaelzer> patsToms: http://askubuntu.com/questions/2964/where-can-i-find-the-source-code-for-the-ubuntu-kernel ?
[08:11] <cpaelzer> patsToms: if you just want source the third answer is probably your best which leads you to git repos at https://wiki.ubuntu.com/Kernel/Dev/KernelGitGuide
[08:11] <patsToms> thanks
=== giraffe is now known as Guest54596
[09:30] <samba35> i am trying to configure dpdk 1st time on ubuntu 16.04.1 ,and i am getting this error/message when i run systemctl status dpdk
[09:30] <samba35> WARNING: incomplete spec in /etc/dpdk/interfaces  - BUS '' ID '' MOD ''
[09:30] <cpaelzer> samba35: can you pastebin the interface file you use?
[09:31] <Hink> Does anyone know if there is a way to jail an executable and it's processes to be totally isolated within the system?
[09:31] <samba35> interface file from /etc/dpdk/interface ?
[09:31] <cpaelzer> yes samba35
[09:31] <samba35> thanks god you are here
[09:32] <samba35> its just one line   pci  (mac-id-of-nic )  uio_pci_generic
[09:33] <samba35> am i missing something i follow intel dpdk guide
[09:34] <samba35> and some setting from /etc/default/openvswitch-switch
[09:34] <cpaelzer> samba35: https://help.ubuntu.com/lts/serverguide/DPDK.html#dpdk-config-dev
[09:34] <samba35> DPDK_OPTS='--dpdk -c 0x3 -n 2'
[09:34] <samba35> ok thanks
[09:35] <cpaelzer> the opts lack the permission fixes you likely need and also you lack to specify memory (might grab all but that is rearely what you want)
[09:35] <cpaelzer> for the interfaces I wonder about the error if that is really all you have in there
[09:36] <cpaelzer> this message is only reported if it can't split it up to three pieces
[09:36] <cpaelzer> even "foo bar foobar" should fail later
[09:36] <samba35> can i use pci based device or do i require pci express cards ? and do i require vfio (vt-d ) ? to run basic dpdk
[09:37] <cpaelzer> you need a dpdk supported card - I doubt these days anybody has still old "only pci" cards
[09:37] <cpaelzer> suppoerted devices are also listed on the link I listed above
[09:37] <cpaelzer> including links to their device page in the dpdk doc
[09:38] <cpaelzer> which sometimes have constraints, special setup needs, firmware loads, ....
[09:38] <samba35> Network devices using DPDK-compatible driver is showing correct nic
[09:38] <cpaelzer> no vt-d needed
[09:38] <cpaelzer> if you really could just "pastebinit /etf/dpdk/interfaces" and list the link here
[09:38] <cpaelzer> I'd want to take a look
[09:39] <cpaelzer> samba35: and once your are add it also a status of dpdk devs
[09:39] <samba35> honestly speaking
[09:40] <samba35> there is only one line ,i am sorry  pci  0000:0mac    uio_pci_generic
[09:41] <samba35> '82566DC-2 Gigabit Network Connection' drv=uio_pci_generic unused=e1000e
[09:41] <samba35> this is a card
[09:41] <samba35> system is use ich10
[09:42] <cpaelzer> hrm
[09:42] <cpaelzer> maybe you have an empty line in it?
[09:42] <cpaelzer> so two things
[09:42] <cpaelzer> one - your card already seems to be assigned properly
[09:43] <cpaelzer> second - that error that you mentioned - it comes out for every lind where it can't find values for the defines
[09:43] <cpaelzer> grep -v '^[ \t]*#' "$DPDK_INTERF" | while read BUS ID MOD; do
[09:43] <cpaelzer> if any of BUS ID or MOD is empty you see the error you mentioned
[09:44] <cpaelzer> samba35: yet since your card is assigned "drv=uio_pci_generic" I wonder if you might just have an empty line in the config
[09:45] <cpaelzer> if you do systemctl status dpdk does the output hold anything about either assigning or the card already be assigned?
[09:46] <samba35> dpdk_proc_info  when i run this command it show old card ,initally i try to configure this card but it did not work then i use other card
[09:46] <samba35>  Reassigning pci:0000:0mac to uio_pci_generic
[09:46] <samba35> Jan 23 14:49:48 ubuntu16 dpdk-init[1746]: WARNING: incomplete spec in /etc/dpdk/interfaces  - BUS '' ID '' MOD '
[09:47] <cpaelzer> well, I wonder about "0000:0mac", but other than that it seems to follow your config
[09:47] <cpaelzer> and I still expect you have an empty line after the config
[09:48] <cpaelzer> that would match the grep but not split into three valid arguments, which would cause your error message
=== JanC_ is now known as JanC
[13:01] <zul> coreycb: i fixed glance this morning
[13:02] <coreycb> zul, ok thanks. what was wrong?
[13:02] <zul> coreycb: glance-store was not installing its configuration files correctly so glance was not getting installed correctly
[13:03] <coreycb> zul, ok
[13:03] <zul> coreycb: the rootwrap.conf file was being installed into /etc/glance/glance
[13:15] <jamespage> zul, coreycb: dealing with webob and a nova fixup for ocata-proposed today
[13:15] <jamespage> then I think we're all good
[13:17] <coreycb> jamespage, ok.  did webob need a delta on the sync debian?
[13:17] <jamespage> nope
[13:17] <coreycb> sync from
[13:28] <patsToms> is there any way I can use private key to connect to ssh?
[13:30] <hateball> !ssh | patsToms
[13:30] <ubottu> patsToms: SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSH for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for its homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon)
[13:31] <hateball> this bit in particular https://help.ubuntu.com/community/SSH/OpenSSH/Keys
[13:31] <patsToms> so another question
[13:31] <patsToms> by ssh-dss they mean private key?
[13:33] <andol> ssh-dss might not be the key type you want...
[13:39] <coreycb> jamespage, these are ready to promote if you have a moment:  http://paste.ubuntu.com/23851946/
=== Jalen_ is now known as Jalen
[13:50] <alex88> hello everyone, after scheduling a shutdown how do I see the pending shutdown? tried `systemctl list-timers`, looked at atd.service, systemd-shutdownd.service, nothing
=== JanC_ is now known as JanC
[13:57] <jamespage> coreycb, looking at those shortly
[13:57] <coreycb> jamespage, thanks
[14:03] <lordievader> Good afternoon
[14:04] <jamespage> coreycb, all done
[14:04] <jamespage> ta
[14:47] <cpaelzer> jdstrand: thanks for your insight on bug 1658198
[14:47] <ubottu> bug 1658198 in libvirt (Ubuntu) "multi-level stacked qcow2 files are not properly handled in Apparmor" [Undecided,Incomplete] https://launchpad.net/bugs/1658198
[14:56] <rbasak> cpaelzer: a mysql-5.7 security update landed recently. So anyone whose system would have a failure on mysql-server-5.7.postinst before will have received one on receiving that update.
[14:58] <jdstrand> cpaelzer: yw
[15:03] <cpaelzer> rbasak: I see - that explains the sudden spike of reports - all bad configs coming in to report on an update
[15:16] <zul> coreycb/jamespage: i was thinking of going through https://qa.debian.org/developer.php?login=openstack-devel%40lists.alioth.debian.org and make sure the relevant stuff in universe archive is good
[15:17] <zul> (because im a masochist)
[15:20] <coreycb> zul, you could take a pass on upper-constraints to see how we stand
[15:20] <zul> coreycb: sure
[15:34] <FMan> I like Ubuntu Server, but people push me to deploy CentOS instead
[15:35] <cncr04s> i used to use centos, ubuntu is superior in every way
[15:37] <coreycb> zul, i asked the release team to reject python-oslo.context  2.12.0-0ubuntu1 because it's > upper-constraints
[15:37] <FMan> would you like to give specific examples?
[15:37] <zul> coreycb: ok sounds good
[15:39] <cncr04s> ubuntu packages get updated way faster then centos related ones. at least in my experence.
[15:41] <delewis> newer kernels, too.
[15:41] <delewis> CentOS 7.x kernel is ancient.
[15:43] <coreycb> zul, stevedore is > upper-constraints too but that's already promoted to -updates.  we need to be check upper-constraints before uploading.
[15:43] <zul> coreycb: ack
[15:45] <joelio> CentOS kernel in 7 is 3.10 but does have backports bear in mind - just to add some balance :)
[15:50] <joelio> I've noticed grsec stuff appearing in ubuntu sources, are there plans for full support soon?
[15:52] <lordievader> There are plans for the kernel itself to integrate grsec things. After all the grsec mess.
[15:53] <joelio> interesting, thanks
[16:01] <jge> probably not the best channel but anyone know how to remove a file monitored by rsync?
[16:02] <joelio> jge: not sure what you mean by monitored?
[16:03] <joelio> they're just files, so depending on which fs your rsyncing from remove it from there, there are also rsync flags to delete anything in the target dest that's not in source (--delete)
[16:03] <jge> keep getting "mv:cannot stat 'some file..' No such file or directory, which is fine since it's not there anymore but how could I tell it to stop
[16:04] <joelio> mv? perms ok etc?
[16:04] <joelio> or is it changing under the hood as you begin the rsync job
[16:04] <joelio> if something is moved, it'll still have the inital tree of files so that could be the cause
[16:04] <jge> the file does not exist on source or destination, so no perms to check
[16:04] <joelio> that sounds... strange :)
[16:05] <jge> I know...
[16:05] <joelio> where is the error too, rsync makes dot files when copying, so if it can't rename/move that might be a bit wtf
[16:06] <jge> let me double check again, make sure is not a case of being monday and I'm slow ;)
[16:08] <jge> joelio: it looks to be some sort of temp file, name starts with ~
[16:08] <jge> ~$File.xlsx
[16:09] <jge> but it's not in the destination or source
[16:10] <joelio> yea, that's not an rsync temp file, it'd be a randomly generated uid with a . at the start
[16:11] <joelio> are you doing something recurstively and it's bringing in that file? Or is a process writing to that area outside of rsync and it's a temportal file, so rsync reads it in the file listing but but the time it's come to copy, the temporary file has gone
[16:14] <jge> joelio: it's a network share, with several people working on that excel sheet at times
[16:14] <jge> so it gets saved, that file gets deleted
[16:15] <frickler> is it possible that Dir::Etc::SourceList is still mentioned in the man page of apt-get, but has no effect anymore?
[16:24] <frickler> ah, nevermind, need to override sourceparts instead
[16:25] <joelio> jge: yea, sounds about right.. is the network share something that you can snapshot? If so, do that and backup the snapshot - otherwise you'll always get inconsistent backups depending on the update frequency of that share
[16:26] <joelio> if you need to maintain the two in sync, checkout unison instead, you might have a better experience
[16:34] <jge> joelio: I need the two to be in sync, I've looked at unison and ended up going with osync.. I can't do snapshots on that fs, so I just added an exclusion list to ignore "~$" files for now
[16:35] <joelio> yea, sounds reasonable
=== beardfac1 is now known as beardface
[17:41] <DammitJim> so, I've asked before, but do you guys know where I can look since my Ubuntu 16 servers are taking 8 minutes to shut down?
[17:41] <DammitJim> this is happening on new install and upgrades
[17:41] <DammitJim> I narrowed it down to the fact that I use a logical volume for /var
[17:41] <sarnold> huhn
[17:41] <sarnold> that's interesting
[17:42] <DammitJim> yeah, If I have just a logical volume for /home and not for /var, the problem doesn't exist
[17:42] <sarnold> my own server seemed like it never shut down when I issued shutdown -h now but I chalked that up to servers being weird hardware and just smack the power button. I've never tried waiting eight minutes. ;)
[17:42] <DammitJim> but I don't know where to look to figure out where the problem resides or what is waiting for /var?
[17:42] <teward> I just never shut off my servers :P
[17:42] <teward> I have a graceful shutdown process of course for my VMs, but :P
[17:42] <DammitJim> I try not to, but this will hurt me when I do a dist-upgrade to 50 servers
[17:43] <sarnold> teward: well, the last time was at 4am when the UPSes were making the world's worst noise. heh.
[17:43] <teward> sarnold: heh
[17:43] <teward> sarnold: were they on the verge of selfdestruction?  :P
[17:43] <DammitJim> oh man, we had a power outage on Saturday... I'm still bruised from that
[17:43] <DammitJim> so, do you know what I should do?
[17:43] <sarnold> DammitJim: I've heard suggestions that setting systemd's journal to persistant mode so that you can inspect previous boots can sometimes help.
[17:44] <DammitJim> how do I do that?
[17:44] <sarnold> teward: no, but after ten minutes I figured the power wasn't coming back right away. (It took 31 hours. I was not pleased.)
[17:44] <teward> sarnold: ouch
[17:44] <sarnold> DammitJim: systemd-journald(8) has the two-liner instructions
[17:44] <DammitJim> oh gosh, I was just told by the president that if power goes out, I need to drive to the office... I hope I don't have to wait 31 hours to go home!
[17:45] <DammitJim> sarnold, so, I need to do research on systemd-journald to figure out 2 lines I need to change to set persistent mode?
[17:45] <sarnold> DammitJim: well, you could just run them and hope for the best :) but five minutes to read the manpage would't hurt
[17:46] <DammitJim> yeah, I am just trying to understand your suggestion
[17:47] <DammitJim> so, I am reading about systemd-journald
[17:47] <DammitJim> sarnold, I need to find out how to set up persistent mode?
[17:47] <sarnold> DammitJim: if you search for 'pers' in systemd-journald manpage, you'll quite quickly find the two lines to paste :)
[17:47] <DammitJim> I found them
[17:48] <DammitJim> just trying to understand what that does
[17:48] <DammitJim> it seems related to /var/log/journal
[17:48] <sarnold> systemd maintains its own journal
[17:48] <DammitJim> maybe that mount is "unmounted" before it finishes the download and systemd still wants to write to it?
[17:48] <sarnold> rather than syslog's simple plain-text format, this thing is binary and easily broken
[17:48] <teward> sarnold: so, I'm gonna work on the merge sometime this week, maybe friday, for nginx to Zesty, do you need to do a cursory security review or are we good to go with me just doing the merge?
[17:48] <teward> It still needs Release team review anyways, because it needs work on which binaries go to which pockets.
[17:49] <sarnold> teward: no need, and better to not wait for me, I'm afraid I'm already holding up too much work for our teammates
[17:49] <teward> sarnold: that was more a generic question not a "put it on your list of crap to do" :p
[17:50] <sarnold> DammitJim: so my hope is that by setting it persistent it'll have a place to write the things it wants to write during shutdown. It's a longshot, but as my usual debugging approach is "read the logs then the source", it feels like a natural hope :)
[17:50] <sarnold> teward: normally once something is in main we don't bother re-reviewing
[17:50] <DammitJim> sarnold, you are 100% on this. I don't have eyes where I need them
[17:50] <DammitJim> and this sounds like would allow me to read something?
[17:51] <teward> sarnold: well, the exception was the HTTP/2 stuff
[17:51] <DammitJim> so, what you are helping me with is to have a log that I can read the next time I boot the server up because systemd will normally log to a volatile location, right?
[17:51] <teward> sarnold: but you're not wrong :)
[17:51] <sarnold> DammitJim: that's my hope. I don't know for sure that systemd is actually logging anythuing then, but it's the only idea I've got.
[17:51] <sarnold> DammitJim: exactly
[17:51] <DammitJim> thanks
[17:51] <DammitJim> looking and testing
[17:52] <sarnold> teward: right. but I'd be wasting my time looking over http/2 code, if it worked at all that would mean it's already too complex for me to find issues by inspection
[17:52] <teward> heh
[17:52] <teward> sarnold: well, we also know that the core headaches we had were w2ith the 3rd-party HTTP2 library implements that were evil on many of the webservers
[17:52] <teward> NGINX rolls their own so :P
[17:53] <sarnold> heh yeah.
[17:53] <sarnold> I'd trust the nginx team way more than the average group of yahoos
[17:53] <DammitJim> sarnold, so, actually, I found the section that talks about creating the folder and setting tmpfiles
[17:53] <DammitJim> is that what you were refering to?
[17:54] <sarnold> DammitJim: yes
[17:54] <DammitJim> ok, cool. I'm taking a snapshot and running updates
[17:54] <teward> sarnold: true statement, but we also have pretty good rapid-reply responses to things with them
[17:54] <DammitJim> what's funny is the system freezes only after I do an: apt-get upgrade
[17:54] <teward> coord. between Debian and Ubuntu nginx needs to improve, but eh
[17:54] <DammitJim> just installing ubuntu 16 doesn't hang on shutdown
[17:55] <sarnold> DammitJim: o_O that's insanely strange
[17:55] <DammitJim> so, 1 of the gazillion packages that gets updated must be the cause
[17:55] <DammitJim> blah
[17:56] <DammitJim> brb
[17:56] <DammitJim> thanks sarnold
[18:46] <DammitJim> does Ubuntu change from EST to EDT when the timezone is set up to America/New York?
[18:46] <DammitJim> like when one runs `date`
[18:49] <sarnold> well, the time doesn't _change_, like it does on windows systems. instead, all the time-and-date routines know the transition points and print the correct time.
[18:49] <DammitJim> right, so right now my boxes say EST
[18:49] <DammitJim> when summer comes, it should print EDT
[18:49] <sarnold> but the kernel just keeps counting seconds since 0:00:00 1 Jan 1970 UTC
[18:49] <DammitJim> just because of the fact that I picked America/New York, right?
[18:49] <sarnold> right
[18:49] <DammitJim> thanks
[18:50] <DammitJim> so, basically there is no way to NOT observe DST when one is on an eastern time zone
[18:51] <sarnold> DammitJim: you could set the timezone of the box to report UTC if you wanted to skip timezone nonsense
[18:52] <DammitJim> yeah, the developers would go crazy on that
[18:52] <DammitJim> LOL because they don't do utc conversions, yet
[18:52] <DammitJim> we are still in the process
[18:55] <zul> coreycb: ping we are pushing it with python-sphinx, python-stevedore, python-docutils
[18:57] <coreycb> zul, hmm?
[18:57] <zul> coreycb: just going through my upper-constraints check
[19:00] <coreycb> zul, we should evaluate the diffs of what we have vs the upper-constraints versions
[19:01] <coreycb>  zul, oslo.context too
[19:01] <zul> coreycb: http://pastebin.ubuntu.com/23853429/ (None - No status, ??? - Unknown Status - X - Cutting it close)
[19:02] <zul> coreycb: oslo.context got bumped this morning
[19:02] <coreycb> zul, ok cool
[19:02] <zul> coreycb: but yeah ^^^
[19:03] <coreycb> zul, that must not have landed yet though
[19:03] <zul> coreycb: not yet
[19:03] <zul> coreycb: my eyeballs are going squirley
[19:04] <coreycb> zul, castellan and gabbi should get bumped
[19:04] <zul> yeah..
[19:04] <zul> ill put it on my list
[19:04] <coreycb> zul, and might as well bump the tempests
[19:05] <zul> yeah
[19:05] <zul> coreycb: http://paste.ubuntu.com/23853450/
[19:07] <coreycb> zul, thanks
[19:18] <zul> reno probably as well
[19:37] <zul> coreycb: tempest updated ;)
[19:57] <rangergord> Hi. I'm using Ubuntu Server to run an embedded app. My application dependencies come from various sources: official apt, 3rd party PPAs, manual downloads, python pip, etc. I do not trust those dependencies to still be downloadable in a year or two or three, so I would like to freeze what I got right now, and have a way to copy those dependencies on new systems. What is the simplest and
[19:57] <rangergord> safest way to do this? Imaging the partition and restoring it on new systems?
[20:01] <rangergord> also wondering what issues could arise from having different HW. It will always be x64, but like, will the new system fail to boot cause the old one had 1 soundcard and 2 network cards but the new one has 0 soundcards and 1 network card?
[20:01] <rangergord> will/could
[20:02] <sarnold> man that all sounds so brittle
[20:02] <tarpman> rangergord: if you don't plan to port your app forward to future versions of (for example) the system packages it relies on, IMO you should just install it on a virtual machine so you can carry that forward to whatever hardware you like in future
[20:03] <tarpman> rangergord: but you really do need a plan for taking into account, for example, security issues in your dependencies that are only fixed in newer versions
[20:03] <sarnold> if it were me I'd go to more effort to copy the original sources, and document how to perform the install. THat way you stand a chance of addressing security updates in the component pieces.
[20:05] <rangergord> sarnold: I already documented how to perform the install, I have a script that does it, it's just not reliable. especially npm (Node/Javascript package manager) is the weakest link in the chain, there's packages that stopped working for a week even though I'm pinning specific version.
[20:05] <rangergord> I like the idea of a VM
[20:05] <sarnold> rangergord: holy cow, npm, pip, apt, ppas.. russian roulette!
[20:06] <rangergord> sarnold: it's a Node webapp...and I have to use Python for the the work Node can't do, need pip to get the snmp library, and I save on Postgres.  :P
[20:07] <rangergord> PPAs is for latest Node LTS
=== jelly-home is now known as jelly
[20:25] <theGoat> i have a syslog-ng box forwarding me events where the IP addresses are spoofed.  but none of the events are getting written.  i go lookin the logs and see this:  kernel: IPv4: martian source 192.168.1.13 from 1.2.3.4, on dev eth1 -- are the packets being dropped?
[20:26] <sarnold> I thought the kernel only had options to -log- the martians; if you want them dropped, I think you have to use iptables to do it
[20:26] <theGoat> ok...i'll have to some more digging.  thanks
[20:30] <sarnold> theGoat: please report back what you find, if you find something :) thanks
[20:31] <theGoat> will do
[20:56] <theGoat> doing some goodling i came across: https://wiki.ubuntu.com/BasicSecurity/Firewall. when i checked /proc/sys/net/ipv4/conf/eth1/rp_filter it was set to 1.  if i set it to 0, what do i have to restart for the change to take effect?
[21:27] <rbasak> theGoat: it takes immediate effect on eth1 I believe
[21:28] <theGoat> ok....hmmmmm.....still seeing the martian packet events....i'll have to do more digging
[22:31] <sarnold> theGoat: the logging happens via net.ipv4.conf.*.log_martians -- does rp_filter do the trick?
=== Darkman802_ is now known as Darkman802
[22:38] <DammitJim> sarnold, you still around?
[22:39] <sarnold> hey DammitJim :) any luck?
[22:39] <DammitJim> well, for some reason after doing that, the system no longer hangs!
[22:39] <DammitJim> how do I read the journal logs?
[22:39] <sarnold> journalctl
[22:39] <DammitJim> I did see that the system was having a hard time unmounting /var
[22:39] <sarnold> iirc you can use -b 1 or -b 2 to select previous boots
[22:39] <DammitJim> but this time it just kept going
[22:41] <DammitJim> I can't copy and paste from the server, but this is kinda what it says: Starting Unattended Upgrades Shutdown... Unmounting /var... Stopped Apply Kernel Variables... umount: /var: target is busy
[22:41] <DammitJim> var.mount: Mount process exited, code=exited status=32
[22:41] <DammitJim> Failed unmounting /var
[22:42] <tarpman> DammitJim: https://github.com/systemd/systemd/issues/867 probably
[22:42] <DammitJim> is my system trying to unmount var before some other service needs it?
[22:42] <DammitJim> thanks tarpman ... reading
[22:43] <DammitJim> gosh, that issue is old
[22:43] <tarpman> but unfixed afaik
[22:43] <tarpman> also why can't you copy and paste from the server?
[22:43] <DammitJim> I am not ssh'd... just VMWare consle
[22:43] <DammitJim> console
[22:43] <DammitJim> and on another machine
[22:45] <DammitJim> crap, so this problem exists for real?
[22:45] <DammitJim> thanks sarnold and tarpman
[22:45] <DammitJim> interesting, though that the systemd changes I made helped
[22:46] <DammitJim> I had also changed the timeouts, but I don't think it's even waiting the 30 seconds
[22:47] <DammitJim> but thanks. I think I might switch all my servers over to that
[22:47] <DammitJim> I gotta run
[22:47] <DammitJim> have a good one
[22:49] <sarnold> tarpman: nice find. ugh.