[00:03] hallyn: nothing wrong with adding a second disk, using curtin to install ubuntu to the second disk, and updating grub to boot into the second disk [00:12] not a bad idea [00:12] curtin works with kboot or something? [00:15] I think you could just dd the cloud-image to the second disk; and then have main grub chain-load to the target disk [00:15] the cloud-image auto expands the rootfs to the size of the disk on first boot [00:16] can't get an actual second disk. maybe i can just chroot into a tree with ubuntu installer [00:18] well that won't *quite* work... hm. turn the huge /home into an installer disk maybe [00:19] yeah that should work [00:55] chuckle. so i just extracted a lxc zesty rootfs into the home device. tweaked it. pointed grub at it. will it work? [00:55] nah. i skipped a step. oh well. nothing to do but wait for reinstall now [02:25] hi all, i have two identical servers... running netatalk (afp)... one can clear gigabit speeds, the other 50 MB/s (max)... any ideas [02:25] running zfs... both systems, have very little fragmentation [02:25] fresh install on the slow system within the month [02:26] slow afp and smb [02:29] identical hardware? identical disk layout? [02:30] identical ashift? [02:30] qman - i just noticed something in my pfsense router.... now im getting full bandwidth over afp - huh - sorry [02:30] using vlans, and routing things over vpn... needed to local lan route [02:48] still only clearing 50 MB/s [02:49] the ashift is identical - the drives were migrated from an old install, where I was clearing full gigabit [02:51] just realized im running short lengths of cat 5e - would one machine be effected, even though they're right next to one another???? [02:51] ** 5e isn't certified for gigabit speeds [05:11] hi [05:12] how could I rename a bond interface? === JanC is now known as Guest10980 === JanC_ is now known as JanC === JanC is now known as Guest18582 === JanC_ is now known as JanC [09:37] rbasak: hiho [09:37] rbasak: any idea why ppa:uvtool-dev/master is rejected on some of my systems as ppa? [09:37] I just started debugging, but it seems not to trigger always [09:38] e.g. a local trusty container works [09:38] while one on horsea has this [09:45] rbasak: fyi not uvtool repo specific [09:45] it seems something (lxd?) sets up and sets http proxy - but that is on a format that is failing [09:46] on the "good" systems there is no http_proxy set at all [09:46] http_proxy=http://[fe80::1%eth0]:13128 seems wrong isn't it? [09:48] ping6 likes it, wget not [09:48] Error parsing proxy URL http://[fe80::1%eth0]:13128: Invalid IPv6 numeric address. [09:48] and apt key doesn't like it either [09:48] ?: invalid HTTP proxy (http://[fe80::1%eth0]:13128): bad URI [09:53] stgraber: maybe another change that came in by 2.0.9-0ubuntu1~16.04.2 ? [09:53] that seems to be the diff between good/bad systems [09:54] or .1 more likely given the change in .2 is so small [09:59] I suspect various things will attempt to validate the address and not pass through the %eth0 [10:00] I'm not sure there's an easy answer to this. I think it probably makes sense to treat the %eth0 thing as valid in http_proxy, but that would mean fixing all the upstreams and fixing all the different parsers out there. [10:02] cpaelzer: ^ might be worth starting a bug in LP saying "cannot parse %eth0 in http_proxy IPv6 numeric address specifications" or similar and then adding tasks. [10:02] stgraber: ^ any opinion? [10:08] does anyone have experience with the self hosted analytic platform piwik? [10:10] rbasak: stgraber: I found it goign deeper with brauner [10:11] it turns out that (recently?) a not "lxd init" install will have LXD_IPV6_PROXY set [10:12] and if set all this cascade of things happens: lxd configs the proxy, sets http:proxy in a format that many tools hat and eventually my apt-add-repository fails [10:13] it is in some sense broken setup, but since proxy seems to be on after lxd install (but off after an all-enter lxd init btw) more people might run into it [10:13] stgraber: not sure it really is a bug or a config issue, let me know if you want a bug to e.g. change the defaults of /etc/default/lxd-bridge [10:16] FYI - some related discussion with brauner going on in #server (to somewhat be able to track down logs for you later) [10:17] does anyone know why I cannot ifdown a nic ? it's specified but it replies with... [10:18] ifdown: interface eth1 not configured [10:18] but eth1 is configured [10:18] it is also up [10:38] rizonz maybe eth1 is configured by some other service [10:39] rizonz, is it listed in /etc/network/interfaces? or is it configured by systemd? [12:00] Aison: yes, it's some double setting === drab_ is now known as drab [12:09] trying my luck again, anybody knows what would trigger a graphical mode for the ubuntu installer? [12:09] I'm installing from mini.iso,but it still goes into a graphical mode (not GUI tho) [12:10] and I can't figure out what does that or who would know/where to ask [12:10] other than trying to look at the source code... [12:45] Good morning everyone o/ [12:53] moin tsglove2 [12:53] hey yah drab ! [12:53] How's it going over there? [12:53] let's say it's 5:53 and I've been working for 1hr already :) [12:54] how's things on your end? [12:55] Superb! 8:55am over here [12:55] Eager for today's projects. [12:55] Plus working on a side project - virtual lab, trying to setup FreeIPA [12:55] I like Canonical's Landscape... yet would like a 100% free solution/alternative. [12:56] I think that is missing in order to have a big competition to Microsoft's Active Directory. [13:35] tsglove2: foreman or katello [13:36] ikonia, thanks! I had not heard of Katello... checking it out now. [13:36] Foreman, I read about it... yet... didn't follow through. [13:36] totally open source, more advanced functions than landscape [13:36] I have no "actual" deployment at the moment for this FreeIPA install... (or foreman/katello)... yet would like to know the possibilities out there. [13:36] designed for the enterprise [13:38] Which one? Foreman? Katello? [13:38] oh wow... it's the same project [13:38] Katello was moved over to Foreman [13:38] ok, got it [13:38] https://theforeman.org/ [13:39] sort of [13:40] This is good. [13:40] That looks neat :o [13:40] This is what I want to try. Foreman says it's for servers... yet I want to use it for servers and workstations (to do simple things like --> map user's network drives, coporate-mandated wallpapers, etc etc) [13:41] I am going to setup the FreeIPA lab, play with it, then will do the same with Foreman [13:43] tsglove2: works great for workstations [13:44] ikonia, Foreman? [13:44] tsglove2: I have it managing 15000 workstations, and another 8000 servers [13:44] damn [13:44] tomreyn: fwiw the answer was fb=false [13:45] ikonia, then let me shoot you a question: What I want, is to not have to touch Microsoft Active Directory. I have a small client (12-13 workstations), which they want to move over to Linux. [13:45] ok ? [13:46] tsglove2: are these 12-13 workstations stand alone or part of a bigger network [13:46] ikonia: can foreman work with preseeding and ansible? [13:46] Oh no... sorry, just shooting talk. [13:46] drab: it can [13:46] I briefly looked at it, but it seemed more complexity than I needed and I already have most of it automated with preseed and ansible [13:46] so wasn't sure what it'd buy me [13:46] but we kinda need a ui to give to junior admin [13:46] drab: depends what you want, [13:46] and I'm still lacking an inventory [13:46] drab: it's much more than a gui [13:47] is full lifecycle management with public API's for external automation [13:47] ikonia: well the provisioning part I have, pxe boot, configs, etc and ansible takes care of settings up hosts as they shuold be [13:47] and I have nagios for monitoring of the nodes [13:47] drab: so that takes approx 90 minutes to port into foreman [13:47] but it's all a tad fragmented [13:47] as foreman just overlays ontop of the pxe process to manage the lifecycle [13:48] wow now I want to finish with my FreeIPA lab, so i can jump into Foreman [13:48] ikonia: will it be able to kickoff jobs too? one of the things I was looking at that I'm missing is implementing rundeck or similar [13:49] to kick off ansible job through an api [13:49] drab: yup [13:49] ok, that sounds interesting [13:49] do you know of anybody using it with ansible? homepage says puppet, chef, salt, but no ansible [13:49] use the katello components and you get things like package lifecycle process etc [13:49] drab: I have many clients, I have it running with ansible, puppet and chef [13:50] (as in many differnt client using it in different ways) [13:50] good to know, thank you, will try to set it up and maybe hit you up if you don't mind [13:50] glad I ran into this convo [13:50] sure [13:50] the next release has a terrform extension to the api - so you can call foreman functions from terraform [13:50] (to give you context) [13:51] so the monitoring is also done with external tools? no wheels reinvented? [13:51] does it like import data ala pnp4nagios? [13:51] reporting is internal, but "monitoring" is normally an external service [13:52] ok [13:52] however monitoring tools such as zabbix/nagios/datadog (just examples) all have functions that plugin to it [13:52] I was also looking at influxdb, migrating to that from nagios pnp [13:52] eg: if a host goes down, replace it [13:52] or scale two more [13:52] ok, cool, I don't need anything that fancy, just trying to give ppl here something esier to work with so I don't need to do it all myself [13:52] and some cohesive view and admin point is sorely missing [13:53] I can't give you numbers, but I've used it to create a tiered support system that reduced costs massively [13:55] I can believe that, I've seen the benefits of stuff like that before, just not specifically foreman, hence trying to find a solution [13:56] most places I've been at before had something custom due to size/internal stuff [13:56] so never really looked into it [13:56] you could look at maas too [13:56] I don't think it's as advanced/mature/feaure rich though [13:56] and from the old days I had the impression it was a provisioning tool for RH... but I guess that was its very beginning [13:56] I'll take a look, thanks [13:57] it's hard to be dissapointed by it, being honest [14:11] darn it... now I want to try Foreman [14:28] rbasak, upload uvtool [14:28] ? [14:28] to artful. as in.. would you upload uvtool to artful ? [14:30] OK [14:31] Oh [14:31] smoser: artful isn't open yet. [14:31] But yes, I should when it is. [14:31] oh. i thought it was [14:55] cpaelzer: that's nothing new, http_proxy being set that way has been happening since before LXD 2.0 [14:56] cpaelzer: and the value we set it is absolutely valid, even a lot of software indeed don't parse it properly [14:57] cpaelzer: starting with LXD 2.3+ we don't have that proxy anymore, instead just not providing the container with an eth0 if the user didn't configure networking, but for the 2.0.x series we won't be doing any change to that behavior [14:58] bug 1 [14:58] bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1 [15:56] ikonia: do you know if there's anything to use foreman with qemu (without libvirt) and lxd (for which there's no frontend really)? === drab_ is now known as drab [15:59] also, urm, just read through the katello page, this is why I guess I stayed away from it... it just soudns like RH/puppet/yum/ruby stuff [16:00] does it actually integrate with ubuntu in any decent way? katello's home page starts with "yum and puppet repositories" and continues on that line [16:05] rbasak, why did you not think artful was open ? [16:06] smoser: #ubuntu-release says archive: closed [16:06] smoser: artful has been created but not yet active aiui [16:06] drab, it is very much RH centric [16:06] xnox, ^ [16:06] smoser: i assume there's some latency for the release copy? [16:06] nacc disagrees with you too [16:06] heh [16:06] it's possible /topic just hasn't been updated yet [16:07] Ussat: yeah, definitely looks like it, just found a thread where ppl are even asking if katello will ever support debian and it's from last year so not terribly old... [16:07] not sure how ikonia has it going [16:07] drab, I work with it a lot at work [16:08] Ussat: so is it like hammering a sqaure peg through a round hole? [16:08] to make it work with ubuntu that is [16:08] a very small round hole [16:08] lol [16:09] nacc, .... dude irc topic doesn't matter. [16:09] yes, it is in pre-open freeze, but that simply means the uploads land into unapproved queue, and they will be accepted by hand at the moment. [16:09] drab, even getting it to work with RHEL involves ancient banned black arts [16:09] or once britney is up, they will accept everything pending there. [16:09] xnox: i wasn't saying it as fact, tbh -- i was just trying to answer smoser's query, as rbasak may not be around [16:09] thus one can upload things into artful. [16:10] Ussat: ok, thanks for your input [16:10] nacc, i just like to have people fight :) [16:10] * xnox is building artful packages in my ppa, and uploading things into unapproved shortly [16:10] Ussat: I guess I'll try it in a VM and see what happens, I'm not wanting too much, just trying to get some central inventory and place to trigger ansible [16:11] and now we all have more info on what is open and such, so end result is good. [16:12] smoser: +1 [16:13] drab, ya it IS doable, because we have some Ubuntu here also that I need to pound it into [16:14] but not something I am looking forward to. [16:24] smoser, xnox, nacc: yeah, I was going from the topic in #ubuntu-release. I always considered it polite to wait until the customary "it's open" announcement. [16:25] rbasak, since proposed migration there is no need to wait for anything. because things are appropriately shoved into unapproved; and archive team flush it when things are ready. [16:25] rbasak, we care about developer velocity, and everyone should be able to develop all the time =) [16:26] (and e.g. upload to `devel` even if the name is not known yet) [16:28] xnox: perhaps then the archive should never be "closed"? :) === med_ is now known as Guest76746 [19:56] ok, this is really weird [19:56] it's like a service started inside the chroot is creating stuff in /run outside of the chroot... [19:58] I'm trying to get ssh going in the chroot after an install, I do an mkdir /var/run/sshd but the dir isn't there when I look [19:58] but there's a sshd dir and sshd.pid in /run on the host/installer [19:59] can you paste your script? [20:00] sure, sec [20:02] sarnold: http://dpaste.com/0T71JHF [20:04] crazy :/ [20:04] ppl tell me that a lot, yeah [20:04] :) [20:05] Apr 21 12:50:24 sshd[8778]: fatal: Missing privilege separation directory: /var/ [20:05] run/sshd [20:05] that's in sshlog [20:05] eeer, syslog [20:05] the thing is, if I get a shell, chroot /target bash [20:05] and mkdir /var/run/sshd it works [20:05] I don't even have to restart sshd [20:06] drab: normally /var/run/ is a symlink to /run, which is a tmpfs.. [20:06] that wouldn't be systemd's shared mounts thing again, would it? [20:06] tarpman: oh hell. it might be. [20:07] drab: read this see if it feels irght https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739593 [20:07] Debian bug 739593 in systemd "systemd makes / shared by default" [Important,Open] [20:07] I was pleased to note schroot's latest upload finally started unsharing mounts automatically [20:07] uh, debian upload [20:09] so I need to do mount --make-rprivate /var/run/ ? [20:12] but yeah, it sounds like something is going on, because I thought I saw the symlinks in the root host [20:12] then chrooted, came out, and they are gone... I swear they were there [20:14] I think it'd be --make-rprivate /run if anything. but I don't remember clearly [20:16] ok, testing that to see what happens [20:37] drab: I don't think you can use qemu without libvirt, you can use it with lxd with the docker plugin [20:44] ikonia: oh? [20:45] sarnold: ? [20:45] ikonia: I'd love to know more about using qemu via lxd rather than libvirt [20:46] sarnold: you are missing a bit of backscroll / history there, sorry, it's also a bit off topic for here, but I drab was asking about a differnt tool and I was saying you "can't" use qemu without libvirt using that tool, but you CAN use it with lxd via the docker plugin [20:46] ikonia: oh. dang. :/ thanks for the explanation [20:47] sarnold: yeah, I've just re-read what I typed and without the history it does look like an interesting setup [20:53] sarnold: the mount rprivate made no diff [20:53] still same error [20:53] on the host /run has the sshd dir [20:53] /run inside the chroot does not [20:54] I've no idea why mkdir is doing nothing when ran from the late-command script [20:54] it works just fine if I run it manually [20:54] unless there's some sort of namespace thingie that bug was referring to that I don't get [20:54] and it exists when I run ssh from the late command, but is delete when the script finshes [20:55] in which case... wait... maybe I can move the mkdir to the preseed file [20:55] * drab goes to test that [21:20] \o/ [21:20] so adding a "mkdir /target/run/sshd" from the late-command line worked [21:21] that makes me question everything else in that script [21:22] you're running an sshd inside d-i? o.O [21:23] sarnold: I think it's just because /run is special [21:23] and a symlink to a tmpfs [21:23] everything else in the script works [21:23] tarpman: yes [21:24] so the workflow is reboot the box -> pxe boot -> mini.iso install with defaults -> ansible run [21:24] ->reboot [21:24] this way by the time the host comes back it's fully configured [21:24] interesting [21:24] I've had too many problems with post-reboot being wonky [21:24] I tried to do a similar thing in the past, with puppet [21:24] especially around interfaces and other stuff due to "predictable naming" and netcfg bugs etc [21:24] run a puppet agent in late-command [21:25] yeah, the thing is, I wanna push to the new instance, not pull [21:25] never got it working reliably, all sorts of weirdness :\ [21:25] because pulling implies that I have to make the repo available to each instance and that's more problems [21:25] tarpman: fair enough [21:25] my very first ansible role completed :) [21:25] so end-to-end success \o/ [21:25] sarnold: why would you question the rest of the script? I guess it all makes sense, the sshd was the only service running [21:26] and the only thing touching a fs on a tmpfs [21:26] drab: if a mkdir in the script didn't do what you expected why would anything else in the sciprt/ [21:26] so per bug you pointed out I guess there's something going on with namespaces and ssytemd maybe, I don't claim to understand it [21:26] sarnold: because the mkdir was making ad ir in a "special fs" [21:26] like I said everything else touches things that are on the actual device mounted at / [21:26] ie the installed system [21:27] while that mkdir was touching a symlinked path to a tmpfs location [21:27] that is shared with the host [21:27] so it was special in respect everything else [21:27] s/was/is [21:27] to everything* [21:27] brb [23:55] so i set the chmod 777 / for my webserver running as root and i was wondering what do i need to do to revert those changes? [23:57] chmod 755 / [23:58] thank you [23:58] so 755 is the default always right/ [23:58] yes