/srv/irclogs.ubuntu.com/2017/04/21/#ubuntu-server.txt

rharperhallyn: nothing wrong with adding a second disk, using curtin to install ubuntu to the second disk, and updating grub to boot into the second disk00:03
hallynnot a bad idea00:12
hallyncurtin works with kboot or something?00:12
rharperI think you could just dd the cloud-image to the second disk; and then have main grub chain-load to the target disk00:15
rharperthe cloud-image auto expands the rootfs to the size of the disk on first boot00:15
hallyncan't get an actual second disk.  maybe i can just chroot into a tree with ubuntu installer00:16
hallynwell that won't *quite* work...   hm.  turn the huge /home into an installer disk maybe00:18
hallynyeah that should work00:19
hallynchuckle.  so i just extracted a lxc zesty rootfs into the home device.  tweaked it.  pointed grub at it.  will it work?00:55
hallynnah.  i skipped a step.  oh well.  nothing to do but wait for reinstall now00:55
moneylotionhi all, i have two identical servers... running netatalk (afp)... one can clear gigabit speeds, the other 50 MB/s (max)... any ideas02:25
moneylotionrunning zfs... both systems, have very little fragmentation02:25
moneylotionfresh install on the slow system within the month02:25
moneylotionslow afp and smb02:26
qmanidentical hardware? identical disk layout?02:29
sarnoldidentical ashift?02:30
moneylotionqman - i just noticed something in my pfsense router.... now im getting full bandwidth over afp - huh - sorry02:30
moneylotionusing vlans, and routing things over vpn... needed to local lan route02:30
moneylotionstill only clearing 50 MB/s02:48
moneylotionthe ashift is identical - the drives were migrated from an old install, where I was clearing full gigabit02:49
moneylotionjust realized im running short lengths of cat 5e - would one machine be effected, even though they're right next to one another????02:51
moneylotion** 5e isn't certified for gigabit speeds02:51
masberhi05:11
masberhow could I rename a bond interface?05:12
=== JanC is now known as Guest10980
=== JanC_ is now known as JanC
=== JanC is now known as Guest18582
=== JanC_ is now known as JanC
cpaelzerrbasak: hiho09:37
cpaelzerrbasak: any idea why ppa:uvtool-dev/master is rejected on some of my systems as ppa?09:37
cpaelzerI just started debugging, but it seems not to trigger always09:37
cpaelzere.g. a local trusty container works09:38
cpaelzerwhile one on horsea has this09:38
cpaelzerrbasak: fyi not uvtool repo specific09:45
cpaelzerit seems something (lxd?) sets up and sets http proxy - but that is on a format that is failing09:45
cpaelzeron the "good" systems there is no http_proxy set at all09:46
cpaelzerhttp_proxy=http://[fe80::1%eth0]:13128 seems wrong isn't it?09:46
cpaelzerping6 likes it, wget not09:48
cpaelzerError parsing proxy URL http://[fe80::1%eth0]:13128: Invalid IPv6 numeric address.09:48
cpaelzerand apt key doesn't like it either09:48
cpaelzer?: invalid HTTP proxy (http://[fe80::1%eth0]:13128): bad URI09:48
cpaelzerstgraber: maybe another change that came in by 2.0.9-0ubuntu1~16.04.2 ?09:53
cpaelzerthat seems to be the diff between good/bad systems09:53
cpaelzeror .1 more likely given the change in .2 is so small09:54
rbasakI suspect various things will attempt to validate the address and not pass through the %eth009:59
rbasakI'm not sure there's an easy answer to this. I think it probably makes sense to treat the %eth0 thing as valid in http_proxy, but that would mean fixing all the upstreams and fixing all the different parsers out there.10:00
rbasakcpaelzer: ^ might be worth starting a bug in LP saying "cannot parse %eth0 in http_proxy IPv6 numeric address specifications" or similar and then adding tasks.10:02
rbasakstgraber: ^ any opinion?10:02
Zero090does anyone have experience with the self hosted analytic platform piwik?10:08
cpaelzerrbasak: stgraber: I found it goign deeper with brauner10:10
cpaelzerit turns out that (recently?) a not "lxd init" install will have LXD_IPV6_PROXY set10:11
cpaelzerand if set all this cascade of things happens: lxd configs the proxy, sets http:proxy in a format that many tools hat and eventually my apt-add-repository fails10:12
cpaelzerit is in some sense broken setup, but since proxy seems to be on after lxd install (but off after an all-enter lxd init btw) more people might run into it10:13
cpaelzerstgraber: not sure it really is a bug or a config issue, let me know if you want a  bug to e.g. change the defaults of  /etc/default/lxd-bridge10:13
cpaelzerFYI - some related discussion with brauner going on in #server (to somewhat be able to track down logs for you later)10:16
rizonzdoes anyone know why I cannot ifdown a nic ? it's specified but it replies with...10:17
rizonzifdown: interface eth1 not configured10:18
rizonzbut eth1 is configured10:18
rizonzit is also up10:18
Aison rizonz maybe eth1 is configured by some other service10:38
Aisonrizonz, is it listed in /etc/network/interfaces? or is it configured by systemd?10:39
rizonzAison: yes, it's some double setting12:00
=== drab_ is now known as drab
drabtrying my luck again, anybody knows what would trigger a graphical mode for the ubuntu installer?12:09
drabI'm installing from mini.iso,but it still goes into a graphical mode (not GUI tho)12:09
draband I can't figure out what does that or who would know/where to ask12:10
drabother than trying to look at the source code...12:10
tsglove2Good morning everyone o/12:45
drabmoin tsglove212:53
tsglove2hey yah drab !12:53
tsglove2How's it going over there?12:53
drablet's say it's 5:53 and I've been working for 1hr already :)12:53
drabhow's things on your end?12:54
tsglove2Superb! 8:55am over here12:55
tsglove2Eager for today's projects.12:55
tsglove2Plus working on a side project - virtual lab, trying to setup FreeIPA12:55
tsglove2I like Canonical's Landscape... yet would like a 100% free solution/alternative.12:55
tsglove2I think that is missing in order to have a big competition to Microsoft's Active Directory.12:56
ikoniatsglove2: foreman or katello13:35
tsglove2ikonia, thanks!  I had not heard of Katello... checking it out now.13:36
tsglove2Foreman, I read about it... yet... didn't follow through.13:36
ikoniatotally open source, more advanced functions than landscape13:36
tsglove2I have no "actual" deployment at the moment for this FreeIPA install... (or foreman/katello)... yet would like to know the possibilities out there.13:36
ikoniadesigned for the enterprise13:36
tsglove2Which one? Foreman? Katello?13:38
tsglove2oh wow... it's the same project13:38
tsglove2Katello was moved over to Foreman13:38
tsglove2ok, got it13:38
tsglove2https://theforeman.org/13:38
ikoniasort of13:39
tsglove2This is good.13:40
hateballThat looks neat :o13:40
tsglove2This is what I want to try.  Foreman says it's for servers... yet I want to use it for servers and workstations (to do simple things like --> map user's network drives, coporate-mandated wallpapers, etc etc)13:40
tsglove2I am going to setup the FreeIPA lab, play with it, then will do the same with Foreman13:41
ikoniatsglove2: works great for workstations13:43
tsglove2ikonia, Foreman?13:44
ikoniatsglove2: I have it managing 15000 workstations, and another 8000 servers13:44
tsglove2damn13:44
drabtomreyn: fwiw the answer was fb=false13:44
tsglove2ikonia, then let me shoot you a question: What I want, is to not have to touch Microsoft Active Directory.   I have a small client (12-13 workstations), which they want to move over to Linux.13:45
ikoniaok ?13:45
ikoniatsglove2: are these 12-13 workstations stand alone or part of a bigger network13:46
drabikonia: can foreman work with preseeding and ansible?13:46
tsglove2Oh no... sorry, just shooting talk.13:46
ikoniadrab: it can13:46
drabI briefly looked at it, but it seemed more complexity than I needed and I already have most of it automated with preseed and ansible13:46
drabso wasn't sure what it'd buy me13:46
drabbut we kinda need a ui to give to junior admin13:46
ikoniadrab: depends what you want,13:46
draband I'm still lacking an inventory13:46
ikoniadrab: it's much more than a gui13:46
ikoniais full lifecycle management with public API's for external automation13:47
drabikonia: well the provisioning part I have, pxe boot, configs, etc and ansible takes care of settings up hosts as they shuold be13:47
draband I have nagios for monitoring of the nodes13:47
ikoniadrab: so that takes approx 90 minutes to port into foreman13:47
drabbut it's all a tad fragmented13:47
ikoniaas foreman just overlays ontop of the pxe process to manage the lifecycle13:47
tsglove2wow now I want to finish with my FreeIPA lab, so i can jump into Foreman13:48
drabikonia: will it be able to kickoff jobs too? one of the things I was looking at that I'm missing is implementing rundeck or similar13:48
drabto kick off ansible job through an api13:49
ikoniadrab: yup13:49
drabok, that sounds interesting13:49
drabdo you know of anybody using it with ansible? homepage says puppet, chef, salt, but no ansible13:49
ikoniause the katello components and you get things like package lifecycle process etc13:49
ikoniadrab: I have many clients, I have it running with ansible, puppet and chef13:49
ikonia(as in many differnt client using it in different ways)13:50
drabgood to know, thank you, will try to set it up and maybe hit you up if you don't mind13:50
drabglad I ran into this convo13:50
ikoniasure13:50
ikoniathe next release has a terrform extension to the api - so you can call foreman functions from terraform13:50
ikonia(to give you context)13:50
drabso the monitoring is also done with external tools? no wheels reinvented?13:51
drabdoes it like import data ala pnp4nagios?13:51
ikoniareporting is internal, but "monitoring" is normally an external service13:51
drabok13:52
ikoniahowever monitoring tools such as zabbix/nagios/datadog (just examples) all have functions that plugin to it13:52
drabI was also looking at influxdb, migrating to that from nagios pnp13:52
ikoniaeg: if a host goes down, replace it13:52
ikoniaor scale two more13:52
drabok, cool, I don't need anything that fancy, just trying to give ppl here something esier to work with so I don't need to do it all myself13:52
draband some cohesive view and admin point is sorely missing13:52
ikoniaI can't give you numbers, but I've used it to create a tiered support system that reduced costs massively13:53
drabI can believe that, I've seen the benefits of stuff like that before, just not specifically foreman, hence trying to find a solution13:55
drabmost places I've been at before had something custom due to size/internal stuff13:56
drabso never really looked into it13:56
ikoniayou could look at maas too13:56
ikoniaI don't think it's as advanced/mature/feaure rich though13:56
draband from the old days I had the impression it was a provisioning tool for RH... but I guess that was its very beginning13:56
drabI'll take a look, thanks13:56
ikoniait's hard to be dissapointed by it, being honest13:57
tsglovedarn it... now I want to try Foreman14:11
smoserrbasak, upload uvtool14:28
smoser?14:28
smoserto artful. as in.. would you upload uvtool to artful ?14:28
rbasakOK14:30
rbasakOh14:31
rbasaksmoser: artful isn't open yet.14:31
rbasakBut yes, I should when it is.14:31
smoseroh. i thought it was14:31
stgrabercpaelzer: that's nothing new, http_proxy being set that way has been happening since before LXD 2.014:55
stgrabercpaelzer: and the value we set it is absolutely valid, even a lot of software indeed don't parse it properly14:56
stgrabercpaelzer: starting with LXD 2.3+ we don't have that proxy anymore, instead just not providing the container with an eth0 if the user didn't configure networking, but for the 2.0.x series we won't be doing any change to that behavior14:57
smoserbug 114:58
ubottubug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/114:58
drab_ikonia: do you know if there's anything to use foreman with qemu (without libvirt) and lxd (for which there's no frontend really)?15:56
=== drab_ is now known as drab
drabalso, urm, just read through the katello page, this is why I guess I stayed away from it... it just soudns like RH/puppet/yum/ruby stuff15:59
drabdoes it actually integrate with ubuntu in any decent way? katello's home page starts with "yum and puppet repositories" and continues on that line16:00
smoserrbasak, why did you not think artful was open ?16:05
naccsmoser: #ubuntu-release says archive: closed16:06
naccsmoser: artful has been created but not yet active aiui16:06
Ussatdrab, it is very much RH centric16:06
smoserxnox, ^16:06
naccsmoser: i assume there's some latency for the release copy?16:06
smosernacc disagrees with you too16:06
naccheh16:06
naccit's possible /topic just hasn't been updated yet16:06
drabUssat: yeah, definitely looks like it, just found a thread where ppl are even asking if katello will ever support debian and it's from last year so not terribly old...16:07
drabnot sure how ikonia has it going16:07
Ussatdrab, I work with it a lot at work16:07
drabUssat: so is it like hammering a sqaure peg through a round hole?16:08
drabto make it work with ubuntu that is16:08
Ussata very small round hole16:08
drablol16:08
xnoxnacc, .... dude irc topic doesn't matter.16:09
xnoxyes, it is in pre-open freeze, but that simply means the uploads land into unapproved queue, and they will be accepted by hand at the moment.16:09
Ussatdrab, even getting it to work with RHEL involves ancient banned black arts16:09
xnoxor once britney is up, they will accept everything pending there.16:09
naccxnox: i wasn't saying it as fact, tbh -- i was just trying to answer smoser's query, as rbasak may not be around16:09
xnoxthus one can upload things into artful.16:09
drabUssat: ok, thanks for your input16:10
smosernacc, i just like to have people fight :)16:10
* xnox is building artful packages in my ppa, and uploading things into unapproved shortly16:10
drabUssat: I guess I'll try it in a VM and see what happens, I'm not wanting too much, just trying to get some central inventory and place to trigger ansible16:10
smoserand now we all have more info on what is open and such, so end result is good.16:11
naccsmoser: +116:12
Ussatdrab, ya it IS doable, because we have some Ubuntu here also that I need to pound it into16:13
Ussatbut not something I am looking forward to.16:14
rbasaksmoser, xnox, nacc: yeah, I was going from the topic in #ubuntu-release. I always considered it polite to wait until the customary "it's open" announcement.16:24
xnoxrbasak, since proposed migration there is no need to wait for anything. because things are appropriately shoved into unapproved; and archive team flush it when things are ready.16:25
xnoxrbasak, we care about developer velocity, and everyone should be able to develop all the time =)16:25
xnox(and e.g. upload to `devel` even if the name is not known yet)16:26
rbasakxnox: perhaps then the archive should never be "closed"? :)16:28
=== med_ is now known as Guest76746
drabok, this is really weird19:56
drabit's like a service started inside the chroot is creating stuff in /run outside of the chroot...19:56
drabI'm trying to get ssh going in the chroot after an install, I do an mkdir /var/run/sshd but the dir isn't there when I look19:58
drabbut there's a sshd dir and sshd.pid in /run on the host/installer19:58
sarnoldcan you paste your script?19:59
drabsure, sec20:00
drabsarnold: http://dpaste.com/0T71JHF20:02
sarnoldcrazy :/20:04
drabppl tell me that a lot, yeah20:04
drab:)20:04
drab  Apr 21 12:50:24 sshd[8778]: fatal: Missing privilege separation directory: /var/20:05
drab   run/sshd20:05
drabthat's in sshlog20:05
drabeeer, syslog20:05
drabthe thing is, if I get a shell, chroot /target bash20:05
draband mkdir /var/run/sshd it works20:05
drabI don't even have to restart sshd20:05
sarnolddrab: normally /var/run/ is a symlink to /run, which is a tmpfs..20:06
tarpmanthat wouldn't be systemd's shared mounts thing again, would it?20:06
sarnoldtarpman: oh hell. it might be.20:06
sarnolddrab: read this see if it feels irght https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=73959320:07
ubottuDebian bug 739593 in systemd "systemd makes / shared by default" [Important,Open]20:07
tarpmanI was pleased to note schroot's latest upload finally started unsharing mounts automatically20:07
tarpmanuh, debian upload20:07
drabso I need to do mount --make-rprivate /var/run/ ?20:09
drabbut yeah, it sounds like something is going on, because I thought I saw the symlinks in the root host20:12
drabthen chrooted, came out, and they are gone... I swear they were there20:12
tarpmanI think it'd be --make-rprivate /run if anything. but I don't remember clearly20:14
drabok, testing that to see what happens20:16
ikoniadrab: I don't think you can use qemu without libvirt, you can use it with lxd with the docker plugin20:37
sarnoldikonia: oh?20:44
ikoniasarnold: ?20:45
sarnoldikonia: I'd love to know more about using qemu via lxd rather than libvirt20:45
ikoniasarnold: you are missing a bit of backscroll / history there, sorry, it's also a bit off topic for here, but I drab was asking about a differnt tool and I was saying you "can't" use qemu without libvirt using that tool, but you CAN use it with lxd via the docker plugin20:46
sarnoldikonia: oh. dang. :/ thanks for the explanation20:46
ikoniasarnold: yeah, I've just re-read what I typed and without the history it does look like an interesting setup20:47
drabsarnold: the mount rprivate made no diff20:53
drabstill same error20:53
drabon the host /run has the sshd dir20:53
drab /run inside the chroot does not20:53
drabI've no idea why mkdir is doing nothing when ran from the late-command script20:54
drabit works just fine if I run it manually20:54
drabunless there's some sort of namespace thingie that bug was referring to that I don't get20:54
draband it exists when I run ssh from the late command, but is delete when the script finshes20:54
drabin which case... wait... maybe I can move the mkdir to the preseed file20:55
* drab goes to test that20:55
drab\o/21:20
drabso adding a "mkdir /target/run/sshd" from the late-command line worked21:20
sarnoldthat makes me question everything else in that script21:21
tarpmanyou're running an sshd inside d-i? o.O21:22
drabsarnold: I think it's just because /run is special21:23
draband a symlink to a tmpfs21:23
drabeverything else in the script works21:23
drabtarpman: yes21:23
drabso the workflow is reboot the box -> pxe boot -> mini.iso install with defaults -> ansible run21:24
drab->reboot21:24
drabthis way by the time the host comes back it's fully configured21:24
tarpmaninteresting21:24
drabI've had too many problems with post-reboot being wonky21:24
tarpmanI tried to do a similar thing in the past, with puppet21:24
drabespecially around interfaces and other stuff due to "predictable naming" and netcfg bugs etc21:24
tarpmanrun a puppet agent in late-command21:24
drabyeah, the thing is, I wanna push to the new instance, not pull21:25
tarpmannever got it working reliably, all sorts of weirdness :\21:25
drabbecause pulling implies that I have to make the repo available to each instance and that's more problems21:25
drabtarpman: fair enough21:25
drabmy very first ansible role completed :)21:25
drabso end-to-end success \o/21:25
drabsarnold: why would you question the rest of the script? I guess it all makes sense, the sshd was the only service running21:25
draband the only thing touching a fs on a tmpfs21:26
sarnolddrab: if a mkdir in the script didn't do what you expected why would anything else in the sciprt/21:26
drabso per bug you pointed out I guess there's something going on with namespaces and ssytemd maybe, I don't claim to understand it21:26
drabsarnold: because the mkdir was making ad ir in a "special fs"21:26
drablike I said everything else touches things that are on the actual device mounted at /21:26
drabie the installed system21:26
drabwhile that mkdir was touching a symlinked path to a tmpfs location21:27
drabthat is shared with the host21:27
drabso it was special in respect everything else21:27
drabs/was/is21:27
drabto everything*21:27
drabbrb21:27
imightbestupid12so i set the chmod 777 / for my webserver running as root and i was wondering what do i need to do to revert those changes?23:55
sarnoldchmod 755 /23:57
imightbestupid12thank you23:58
imightbestupid12so 755 is the default always right/23:58
sarnoldyes23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!