[00:20] <help-im-stuck> them all does nowdays
[00:29] <help-im-stuck> lxd.... been on it all day
[00:30] <help-im-stuck> just want a vpn+dnscrypt-proxy that gives out ip's to other containers such as my torrent-lxc
[00:31] <sarnold> doesn't each lxd container get their own network stack? i'm curious if 'gives out ips' is realistic or feasible
[00:34] <help-im-stuck> they get their ip from the lxcbr0.. managed by dnsmasq.. wonder if a lxc could create a bridge on the host..
[00:41] <help-im-stuck> it could work with static routing
[00:45] <help-im-stuck> i'm so tired of my crappy hardware for my "server".. wish esxi har support for the nics.. or if i had money to buy a nic that is supported by esxi
[03:20] <TLoFP> How well supported is ZFS in Ubuntu 17.04? I have to decide between Motherboard Raid 0 and a ZFS implementation; any suggestions?
[03:21] <YankDownUnder> TLoFP, I made the mistake of ReiserFS a long time ago...I shan't do that again...
[03:22] <YankDownUnder> TLoFP, If this is a VM situation - you can experiment..given the time and energy and ambition...
[03:22] <TLoFP> YankDownUnder: unfortunatly I have no time :P
[03:22] <YankDownUnder> TLoFP, THAT can be a problem.
[03:22] <TLoFP> YankDownUnder: this is going to be an 2x4TB for a video system
[03:23] <TLoFP> I will have two days to get the system operational, and that includes reinstalling the Hyper-V host
[03:23] <TLoFP> so I am preparing the ubuntu VM ahead of time so that I will be ready to deploy once the host is operational
[03:23] <TLoFP> unfortunaly that means I don't get to really play with the direct attach disks untill deployment though
[03:24] <YankDownUnder> TLoFP, In considering 1.) Time frame 2.) Application 3.) Priority => I'd not "experiment" with ZFS...too many "unknowns" in the mix for comfort.
[03:24] <TLoFP> YankDownUnder: thanks, thats kind of what I was trying to feel out with "how well is it supported"
[03:25] <YankDownUnder> TLoFP, I'd also RE-THINK using 17.04 - since it is NOT an LTS release...
[03:26] <YankDownUnder> I'd love to say that "problems MAY happen in upgrades/updates" - but nowadays I'd be more apt to say "problems WILL happen"...ergo, sticking to LTS releases...yadda yadda yadda.
[03:27] <TLoFP> YankDownUnder: ture I hadn't thought about that
[03:28] <TLoFP> I just read ubuntu systems are only supported for 9 months, LTS is 5 years... wow
[03:28] <TLoFP> I though the regular relases had 2 year support, boy was I wrong
[03:28] <YankDownUnder> TLoFP, "Plan the work, work the plan" - K.I.S.S. - saves YOU time and frustration/stress/anxiety.
[03:30] <TLoFP> so 16.04 must be a little over a year old now, yes? and in about a year we will see 18.04 LTS at which point 16.04 will be 2 years old
[03:30] <TLoFP> eventually I will have to upgrade.. so I am not sure that the fear of upgrading really makes sense
[03:30] <TLoFP> plus it is a VM so making a backup and restoring is trivial, shoudl something go awray
[03:31] <YankDownUnder> Yeah...something like that...I can wait for 18.04...ain't like it's a stress...and things just work...and if they don't work, there's enough resource that is DEPENDABLE to get it to work...know what I mean?
[03:31] <TLoFP> Yea
[03:31] <TLoFP> I think what I am most afraid of is me
[03:31] <YankDownUnder> Putting off "upgrades" - like on a two year basis - ain't a bad thing. Gives one time to "work it all out" prior to an actual upgrade...
[03:32] <TLoFP> in otherwords I "forget" to "maintain/update" 17.04 than in less then a year I am in a bad situation
[03:32] <TLoFP> whereas 16.04 will continue to install security updates for almost half a decade without me having to do major/if any maintance
[03:33] <YankDownUnder> Less work, less stress.
[03:34] <TLoFP> YankDownUnder: either your old or you work in IT... wise words
[03:34] <YankDownUnder> I started in 86, bro.
[03:34] <TLoFP> i'll stick to 16.04 and upgrade to 18.04 if im in a good place when it comes out
[03:35] <lyn||ian> I run development releases day to day on my laptop but still use LTS for servers
[03:35] <YankDownUnder> TLoFP, In giving a solution that is "rock solid" to the client, you're only ensuring your own reputation for "doing the right thing" and being also dependable...
[03:35] <TLoFP> lol, it's been a while I am afraid I hadn't even seen day light back then
[03:36] <TLoFP> YankDownUnder: true. This is a high risk / high reward client too. Failure would be unacceptable. (read: the wife) hahah  :D
[03:36] <YankDownUnder> Wife: Most important client. Do *NOT* fail client.
[03:37] <TLoFP> Pretty much
[03:37] <YankDownUnder> TLoFP, Women do NOT forget. Anything. Ever. Infinitely.
[03:38] <TLoFP> true words
[03:39] <TLoFP> that still leavs: crappy on-board raid 0 or ubuntu-software raid 0.
[03:39] <YankDownUnder> Kinda been married a few times...AND some...ahem...yersh...MEANWHILE, back to the topic - the entire ideology about building ON and around an LTS release is safer in the long run, and you're warranted support. As well, since it's tried and true and tested, your "support" toward the client would be minimal (without hardware issues).
[03:40] <TLoFP> unfortunatly I am not a pro, but I know enough that pro's typically look at motherboard raid controllers with distain. But that was years ago and typically had to do with higher raid systems that actually have to do parity calculations
[03:40] <TLoFP> YankDownUnder: true
[03:40] <TLoFP> YankDownUnder: i'll take that to heart and play with 17.04 on my desktop sandbox. I get to have both :D
[03:41] <YankDownUnder> TLoFP, Software based RAID is easy to fix. Hardware based RAID - well, things can (and generally will) go "south"
[03:43] <TLoFP> YankDownUnder: and performance of RAID 0? overhead?
[03:44] <YankDownUnder> TLoFP, It's a server OS...YOU tweak the performance of the disk i/o...YOU tweak the server to do - well, whatever...and it's all tweak-able...hardware based RAID is, well, not very tweak-able...given the situation with the OS running in a VM and all that lovely jazz...hmm...
[03:45] <TLoFP> YankDownUnder: I figured i might get away with less dedicated resources to this particular VM, thus freeing up more for others
[03:46] <YankDownUnder> TLoFP, You're running a VM on a machine - and the VM is talking to external drives...what is this "host" machine doing aside from just hosting a VM?
[03:49] <TLoFP> YankDownUnder: the host is being downgraded from 2012 R2 to Win10; it will host a Ubuntu-server install with minimal resources. Three 2012 R2 or 2016 Servers (Storage Server, Domain Controller, Radius Server) and a Ubuntu-Desktop VM
[03:49] <TLoFP> YankDownUnder: to clarify the drives are internally connted SATA drives.
[03:49] <YankDownUnder> I have an absolute dislike/loathing/deep seated hatred for ANYTHING MS based - server or otherwise. Sorry.
[03:50] <TLoFP> YankDownUnder: I get that, and I don't blame you for it.
[03:51] <YankDownUnder> I was around before MS destroyed the industry and turned it into a complete lie/scam/legal nightmare/lie/illusion/lie/scam/lie...
[03:51] <TLoFP> I have tried to ditch MS many times but my professional career has always prevented me from doing that
[03:52] <TLoFP> so at some point I decided to put on the waders and embrace the sh*t
[03:53] <YankDownUnder> ...hence my move to Mac and linux...clients were told to either switch or be ditched. The ones that switched have all been very happy. The ones that were ditched - whinged about it - some came around eventually - the rest still try to "bait" me into fixing their crud.
[03:54] <TLoFP> It's not possible in many cases. Allot of software runs only on WinSux
[03:55] <YankDownUnder> "That which you allow - continues" - I'll take a higher ground. I will stay away from it and stay in the niche and in the background. MS already has planted the seeds for their own destruction. Long ago. I'll just sit in the background making use of OS's that have lived a longer life...hmm... :)
[03:56] <TLoFP> YankDownUnder: nice play. Just in case you haven't heard, but apparenlty MS is embracing linux/open source now
[03:57] <TLoFP> also btw. I am currently having this issue with my boss: how do you explain to people that open-source isn't evil?
[03:57] <TLoFP> or even, what I take for granted, that open-source is NOT less secure than MS but in fact more secure due to its open-source nature
[03:57] <TLoFP> idk... that both souded really stupid when I read it back
[03:58] <TLoFP> but the really is I am dumbfounded when somebody tells me that they think MS is more secure "because it is a closed software and thus people don't know how to exploit it"
[03:58] <YankDownUnder> F.O.S.S. newsletters and open document media presentations. Always good to offer information to the uninformed.
[03:58] <TLoFP> like all exploits ever where discovered by reading the source code.... sigh
[03:59] <YankDownUnder> Could show the documentation about "Section 7"...hmm...
[04:00] <YankDownUnder> Either which, I digress.
[05:36] <cpaelzer> good morning everybody
[06:13] <lordievader> Good morning.
[08:38] <Skittishtrigger> I could use the advice for 16.04-server.  No ufw or isp tables (All disabled/flushed, etc atm)  Installed a basic lamp(apache/info.php all work as expected. all defaults)then did basic vsftp server.  Functioned with basic setup locally and remotely(did the ssl/userlist/chroot_list setup) everything worked fine up until the chroot_list.  Removed/purged reinstalled, default config, no response/connection refused.
[08:38] <Skittishtrigger> Ever ran into this on a simple vfstp setup or possible have a point in the direction I should be using??.
[08:39] <Skittishtrigger> Maybe I am missing something for 16.04(14 was the last I was really active with servers at all)
[08:40] <sarnold> Skittishtrigger: check netstat -tlnp output to see what state the socket is in
[08:41] <sarnold> of course I took long enough to find your question that there's a chance it's already fallen out of the various TIME_WAIT states and is free to use again
[08:41] <Skittishtrigger> (lol) ya, that was the first think I tried. everything was listening where it should be at the time(in the middle of purging it all again. lol)
[08:42] <Skittishtrigger> I am probably missing something obvious since I am so tired.
[08:42] <sarnold> do you -need- an ftp server? it's a terrible protocol..
[08:43] <Skittishtrigger> it is, and I set up ftp then do sftp
[08:43] <Skittishtrigger> I might have to just go with something like elfnider
[08:44] <Skittishtrigger> eflnider/slfidner
[08:44] <Skittishtrigger> screwit. close enough
[09:31] <cpaelzer> rbasak: I also mass submit remaining Delta this morning even though hope is low to be taken given what happened last time
[09:32] <cpaelzer> rbasak: I'd guess if we really want that Delta in I'd need to adopt ntp in Debian
[09:32] <cpaelzer> a step I considered but not yet want to take
[09:32] <cpaelzer> we will see how things work with this round of changes
[09:32] <cpaelzer> you also remember the long set of potential-delta we submitted last year
[09:32] <cpaelzer> that isn't in either
[09:33] <cpaelzer> skip the last sentence
[09:33] <cpaelzer> but it is not accepted
[09:33] <cpaelzer> the only thing that was accepted is accepted wrong (bug closed no change done)
[09:33] <cpaelzer> I already reopened
[10:34] <TafThorne> I am trying to setup a telnet server on an Ubuntu test machine (I need it because I am writing a noddy Telnet client on an eCos platform and want a server to test against).  I have tried following a few instructions about installing xinetd and telnetd and editing the /etc/init.d/xinetd files but I don't think the server is accepting traffic.  Any time I try to connect in I get a connection refused.  Can anyone suggest what I am missing?
[10:40] <tomreyn> TafThorne: the servers (both inetd and telnetd) will be logging, check their log files.
[10:40] <tomreyn> start with /var/log/syslog
[10:41] <tomreyn> TafThorne: also, are you aware that you can run ssh clients on eCos? there are multiple implementations.
[10:42] <tomreyn> my understanding is that even in RTOS people are starting to move away from insecure protocols wherever possible.
[10:43] <TafThorne> tomreyn: I am working on a _very_ old version of eCos with a few layers of a 3rd partie's code and then my code on a resource constrained platform.
[10:44] <tomreyn> okay, i just felt the need to point it out in case you have other options.
[10:44] <TafThorne> tomreyn: I cannot add new utilities to the eCos system.  Only write my own little bif of applicaiton code to run on the side.  These coms should all stay inside the metal case of the unit so security on the channel is not that critical. Thanks for checking though.
[10:45] <TafThorne> tomreyn: all static linking and using 3rd party closed code too.  Else I would be looking at getting someone else's anything client installed.
[10:46] <tomreyn> :-/ hope you can finish that task soon. ;)
[10:47] <TafThorne> We really, really, really want to move on to a more modern Linux Kernel.
[10:48] <tomreyn> here are some hints on making inetd log more: http://ubuntuguide.net/install-and-enable-telnet-server-in-ubuntu-linux
[10:49] <tomreyn> any luck with the logs?
[10:49] <TafThorne> Anyway back to telnet.  In the syslog I can see http://pastebin.ubuntu.com/24504511/
[10:51] <TafThorne> And further down I have noticed that freshclam is still moaning "freshclam[1036]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net" becasue once appon a time I used apt-cacherng and it seems to think its a full http mirror proxy even after it is disabled >_<
[10:51] <tomreyn> can you also share the configuration file(s) you modified?
[10:51] <TafThorne> Sure
[10:51] <tomreyn> "missing service keyword [file=/etc/xinetd.d/telnet] [line=1]" sounds like an issue
[10:52] <TafThorne> That bit did look a bit iffy to me too http://pastebin.ubuntu.com/24504515/
[10:53] <tomreyn> i'm not sure about initd configuration really, haven't used it for ages, but i guess this line is wrong, or misplaced: telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
[10:55] <tomreyn> also uncomment the log_type statement so you actualyl get logs
[10:56] <tomreyn> so the "telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd" line should probably go into /etc/inetd.conf (no 'x' there!)
[10:58] <tomreyn> (so not into /etc/xinetd.d/telnet where you have it now)
[10:58] <tomreyn> As a result, /etc/xinetd.d/telnet will start with a 'service' line, which it must.
[10:58] <tomreyn> (comments as indicated by a # character are ok)
[10:59] <tomreyn> does this help?
[10:59] <TafThorne> OK I shall try out those suggestions.  I will be AFK for a couple of minutes while I run out to the sandwidch van.
[10:59] <TafThorne> It does all sound helpful.  Thank you.
[11:00] <Haris> hello all
[11:00] <tomreyn> good luck. i may or may not be around when you return
[11:00] <tomreyn> hi Haris
[11:01] <Haris> directoryindex is not working on 14.04 lts apache 2.4.7, even after explicit mention in vhost config
[11:02] <Haris> I have a laravel framework in a vhost, where I'm redirecting / to /public via index.html. that index.html is not being found. apache is returning me an empty page for /
[11:02] <Haris> on the vhost
[11:02] <Haris> ..laravel framework install+. ...
[11:03] <Haris> most likely directoryindex function is not working. I'v verified, the dir mod is loaded, so it should be working out of the box
[11:04] <TafThorne> tomreyn: I am back.  I shall give your suggestions a spin.
[11:04] <tomreyn> chances are you have conflicting or overriding configurations?
[11:04] <tomreyn> Haris: ^
[11:05] <tomreyn> https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex is the documentation
[11:05] <Haris> I agree. that may be the case
[11:05] <tomreyn> Haris: maybe you have a .htaccess file with an Options statement aroudn somewhere?
[11:05] <Haris> hmm
[11:06] <Haris> not on / path
[11:06] <Haris> in /public yes
[11:06] <tomreyn> temporarily disabling .htaccess files via https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride may help identify this
[11:06] <Haris> Options -MultiViews <---
[11:06] <Haris> in /public/.htaccess
[11:08] <Haris> pasting vhost config
[11:08] <tomreyn> that might help
[11:09] <tomreyn> "Options -MultiViews" is not an issue in this context
[11:11] <Haris> https://pastebin.ca/3806640
[11:12] <Haris> this is my vhost config file
[11:12] <Haris> most other than this is out of the box
[11:12] <TafThorne> hmm... got a little further, syslog had complaints about the only_from and access_times lines so I dropped those.  No errors now but no telnet either.
[11:12] <tomreyn> can you post your updated configurations?
[11:13] <Haris> which updated ones
[11:13] <tomreyn> this was to TafThorne
[11:13] <TafThorne> Sorry, I am confusing things.  I will do so.
[11:13] <Haris> DirectoryIndex explicit mention also doesn't help in making it work
[11:13] <tomreyn> Haris: i can't access the pastebin:
[11:13] <tomreyn> orry, an error has occurred. Reason: That is an invalid ID, or the post has expired.
[11:13] <Haris> https://pastebin.ca/raw/3806640 ?
[11:14] <tomreyn> this one works, interesting
[11:14] <Haris> https://pastebin.com/zz9QKz0P
[11:15] <Ben64> need more conf
[11:15] <Haris> which part ?
[11:15] <Ben64> /etc/apache2/apache2.conf probably
[11:15] <Haris> that's the default one. no chagnes from my end in it
[11:15] <Haris> changes+
[11:16] <Ben64> oh well
[11:16] <Ben64> i tried
[11:16] <Haris> I was surprised not have found directoryindex on it
[11:16] <Haris> on=it
[11:16] <Haris> on=in
[11:16] <TafThorne> tomreyn: here is my updated set of configs http://pastebin.ubuntu.com/24504607/
[11:16] <tomreyn> Haris: and there's nothing in /var/log/apache2/devwebapp-error_log and /var/log/apache2/devwebapp-access_log ?
[11:16] <Haris> nope
[11:17] <Ben64> its a conf problem
[11:17] <Haris> that's also surprising
[11:17] <Haris> it should at least say / was accessed
[11:17] <Haris> apachectl -t says OK
[11:17] <Haris> apachectl -S also says ok
[11:17] <Haris> AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message <--- just this msg. but this is inconsequential
[11:18] <Haris> but this won't detect conflicts
[11:18] <tomreyn> TafThorne: /etc/init.d/telnet is not /etc/inetd.conf
[11:19] <Haris> apache is not even logging when I access /index.html or / specifically
[11:20] <tomreyn> Haris: unless you have much traffic on this server, run tail -f across all apache log file and use it to find out which vhost your requests are hitting
[11:20] <Haris> already doing that
[11:20] <Haris> =)
[11:20] <tomreyn> your requests seem to end up on a different vhost or the default vhost
[11:21] <Haris> the index.html file only 3 lines of html code, for redirecting to /public
[11:22] <Haris> hmm
[11:22] <tomreyn> i'm suggesting that this file is never read or returned
[11:22] <tomreyn> because your requests hit a different vhost
[11:23] <TafThorne>  tomreyn: moved the file.
[11:23] <tomreyn> (but it's really just a guess)
[11:23] <Haris> its like links has cached the pages
[11:23] <Haris> :@
[11:24] <tomreyn> Haris: use curl or wget -O- to debug this
[11:25] <tomreyn> TafThorne: any change?
[11:25] <Haris> wget is getting the 3 liner html code i.e., <script> window.location = 'public'; </script>
[11:25] <tomreyn> Haris:  "curl -I <url>" that is
[11:26] <Haris> perhaps its the links text browser which is not yet capable of going through html redirects ?
[11:26] <tomreyn> okay so your index.html IS returned
[11:26] <Haris> yep
[11:26] <Haris> links is just not parsing it correctly
[11:26] <Haris> or not giving the "user friendly" parsing
[11:26] <Ben64> still a conf problem
[11:26] <tomreyn> http redicrections with javascript are ugly, why do you do this?
[11:26] <Haris> I just have the <script> 3 liner snippet in index.html
[11:26] <TafThorne> tomreyn: I thought not based on netstat but I just tried to run telnet from PuTTY and it is working!  Thank you for all your assistance.
[11:27] <Ben64> yeah, should be a 301 or something though
[11:27] <Haris> there's no 3xx in log :@
[11:27] <tomreyn> TafThorne: a pleasure ;)
[11:27] <Haris> just a 200 for / or /index.html
[11:27] <Ben64> no i mean do that instead of that silly redirect
[11:27] <Haris> at most
[11:28] <tomreyn> right, use a Redirect statement
[11:28] <TafThorne> tomreyn: I'll go try setting some IP range limits and things now.  Not the end of the world as I am behind a corporate firewall and I mostly trust my work colleges.
[11:29] <tomreyn> TafThorne: trusting your co,legues helps with the work athmosphere ... and breaks stuff. ;)
[11:38] <TafThorne> tomreyn: sounds about right
[13:01] <cpaelzer> rbasak: are you SRU duty anyway today?
[13:01] <cpaelzer> rbasak: and even if not might I ask for a share of this hat of yours :-)
[13:02] <cpaelzer> I just realized I might better continue to ask in ubuntu-release so that others can pick if they want as well
[13:02] <rbasak> Sure
[13:31] <cpaelzer> jamespage: is there an even more minimal version of getting openstack to control my system than e.g. the conjure-up openstack?
[13:31] <cpaelzer> jamespage: all I'd need is a setup good enough to verify bug 1643911 - it seems with openstack out it just works :-/
[15:10] <yossarianuk> hi - how can I use EFI using mdraid (software raid)
[15:10] <yossarianuk> i.e I cannot use swraid for /boot/efi can i ?
[15:13] <nacc> yossarianuk: swraid for /boot/efi makes no sense, afaict
[15:13] <compdoc> you would hope mdadm would also clone the the boot sections
[15:14] <yossarianuk> nacc: so how do I use mdraid with EFI ?
[15:14] <yossarianuk> or is it best to go back to legacy  and use biosboot partition to still use GPT ?
[15:15] <yossarianuk> i.e the EFI partition would need to be on every disk (in case the primary disk fails)
[15:19] <yossarianuk> i.e how should I deal with mirroring the EFI partition on other disks if not using RAID?
[15:22] <nacc> yossarianuk: i'm not sure
[15:22] <nacc> yossarianuk: i would be amazed if your bios can understand a raid'd efi partition
[15:22] <nacc> yossarianuk: unless youmean you are just mirroring all your disks
[15:23] <nacc> yossarianuk: efi requires efi system partition is fat32 as recongized by bios
[15:24] <nacc> yossarianuk: i think you'd basically need to partition the disks similarly
[15:24] <nacc> yossarianuk: and then dd sda1 to sdb1 etc
[15:24] <nacc> yossarianuk: and raid the non-/boot/efi dirs
[15:24] <nacc> yossarianuk: *partitions
[15:24] <nacc> yossarianuk: and then you'd need multiple efi menus
[15:25] <nacc> yossarianuk: e.g., https://www.centos.org/forums/viewtopic.php?t=46952
[15:25] <yossarianuk> nacc: by multiple efi menus - do you mean i.e 1. ubuntu - sda 2. ubuntu -sdb , etc
[15:25] <yossarianuk> ok cheers
[15:26] <yossarianuk> i guess its just a extra step when changing disks, etc
[15:26] <nacc> yossarianuk: i think there is, e.g. efibootmgr
[15:26] <yossarianuk> I may just go back to legacy and use biosboot (to use GPT with legacy)..
[15:26] <nacc> yossarianuk: so you basically have to tell efi, there is another efi boot menu on this partition
[15:26] <nacc> yossarianuk: and yeah, it'd be a distinct step on adding/replacing each disk in the RAID
[15:28] <yossarianuk> thanks for your help
[15:30] <nacc> yossarianuk: np
[15:46] <tomreyn> interesting discussion, i don't see how using BIOS + biosboot is an improvement over UEFI + ESP when it comes to data security though?
[15:47] <tomreyn> i'd say you depend on a single disk / partition / file system and have no RIAD option in either configuration
[15:47] <tomreyn> yossarianuk: am i wrong?
[15:48] <tomreyn> * RAID
[16:01] <yossarianuk> tomreyn: you are right I believe
[16:02] <yossarianuk> however you can install a bios boot  partiton on every drive, and gruib-install ... should pick it up I think..
[16:02] <yossarianuk> I've chosen to try and use UEFI..
[16:02] <yossarianuk> as soon enough therer will be no legacy option
[16:03] <tomreyn> i guess what we'd need would be a patch to the shim package to add a script which allows for cloning the ESP to a list of given devices upon updates.
[16:03] <yossarianuk> I used to use mdraid all the time, however when I did no one was really using UEFI..
[16:03] <yossarianuk> tomreyn: that would be really useful.
[16:04] <tomreyn> just, i odnt feel qualified to develop it ;)
[16:04] <tomreyn> + time + money yaddayaddayadda
[16:05] <tomreyn> with the bios boot partition i think you'd have the same issue - update grub would only update one of them by default, unless you run it manually and specify the secondary target
[16:07] <yossarianuk> i thought you did (with bios boot)  -  grub-install /dev/sda /dev/sdb , etc
[16:07] <tomreyn> this said, i did a uefi firmware upgrade over the network from within the uefi shell the other day for the first time, and i find a proprietary firmware having this capability very scary.
[16:09] <tomreyn> yes, you instruct grub to be installed to the given device this way. but when grub packages update, how does the updated boot block get written to all biosboot disks?
[16:10] <tomreyn> (IIRC it does not get written there automatically at all, you'll need to re-run the comand manually)
[16:12] <yossarianuk> its the first time not using HWRAID in a while for me...
[16:12] <yossarianuk> just can't face using legacy - seems like a defeat..
[16:45] <teward> Greetings to you all.
[16:56] <drab> hi, I'm trying to figure out how I'm supposed to do remote backups/snapshosts with zfs without creating a huge sec hole
[16:58] <drab> when I used to use things like backupninja the destination would be a directory owned by a backup user so even if they got in through that ssh key they wouldn't get access to the whole system (altho they'd have access to the backups, but that's unavoidable)
[16:59] <drab> with zfs you need sudo to run it, so even if I created another user and allowed it to take snapts etc, being able to run zfs on the system would mean access to the whole system (assuming root on zfs)
[17:00] <drab> with just a data partition and no root on zfs I guess I could add a backup user to sudoers to only use zfs and that's the best I've managed to get so far
[17:00] <drab> any other idea?
[17:04] <drab> another option I guess would be to stream to files into a spool dir on the remote machine and then have another cron to zfs receive and delete the snaps
[17:09] <blizzow> I have a wad of servers running 16.04.2 with intel x504-t2 10GBe network cards plugged into netgear 10GBe switches.  I am going to set the MTU to 9000 on the NIC interfaces and on the switches. Anyone here know what other tunables I should be setting and what they should be set to?
[17:11] <cncr04s> all devices on the 10g switches should be set to 9000 then
[17:13] <cncr04s> if you talk to internets from there, it will have to fragment the packets then, which is not ideal.
[17:14] <blizzow> I have a pfSense firewall cluster talking to the internets.
[17:14] <blizzow> No other kernel tunables I should be setting?
[17:15] <blizzow> What about VMs running on those ubuntu based servers?  They're running bridged interfaces.
[17:15] <cncr04s> set the mtu to 9000 on those too
[17:16] <cncr04s> mtu is just the mtu, comms are done by ip protocols and work with the mtu size
[18:53] <meena> Hello happy people o/~
[18:54] <meena> I'm debugging an issue where a freshly provisioned VM doesn't show any signs of PV / VG / LV
[18:54] <ikonia> ok ?
[18:55] <meena> This is Ubuntu 16.04.2, we setup pv on our second disk, create vg01, and two lvs
[18:56] <ikonia> so what have you done to debug this ?
[18:56] <meena> now, the funny part is, i can
[18:57] <meena> o_O i honestly don't know what's going on any more.
[18:57] <ikonia> so what have you done to debug this ?
[18:58] <meena> ikonia: usually, before i join an irc channel to ask a question i have collected all the facts, command outputs, links to bugs, etc…
[18:58] <ikonia> so what have you done to debug this ?
[18:59] <meena> however, in this particular case, nothing matches up, i think i'll have to restart gathering facts.
[18:59] <meena> (is ikonia a bot?)
[18:59] <ikonia> no
[18:59] <ikonia> I'm asking what you have actually done to debug this
[19:00] <C-Otto> ikonia: enjoy life
[19:58] <meena> aah, cool. i'm destroying my work in a loop.
[20:05] <meena> *that* does dfinitely explain why it's non-deterministic.
[20:12] <rfleming> Greetings.  Can anyone recommend a fast, lightweight, secure DNS server?
[20:16] <blizzow> djbdns?
[20:16] <blizzow> bind?
[20:17] <meena> rfleming: for which purpose?
[20:19] <drab> rfleming: authoritative or recursive?
[20:20] <mybalzitch> imperial or metric
[20:21] <drab> wait, there's something else besides the metric system?
[20:21] <meena> in two countries, yes.
[20:22] <rfleming> Authoritative
[20:22] <rfleming> Internet
[20:22] <rfleming> Sorry... got distracted in #ubuntu-offtopic
[20:23] <rfleming> I've been toying with djbdns, but it's not real 'friendly'
[20:23] <rfleming> :)
[20:23] <drab> rfleming: for prod/heavy loads or local stuff?
[20:24] <rfleming> internet facing for a domain
[20:24] <rfleming> I don't think it'll get hit too hard
[20:25] <drab> prvoided that if you ask 10 ppl you'll probably get 10 different answers and maybe even some good reasons, for me it boils down to:
[20:25] <drab> maradns for simple things, bind for simple-to-grow-or-large
[20:25] <drab> and if you need any fancier backends, pdns
[20:25] <drab> (powerdns)
[20:26] <rfleming> there will be several domain names served, but most of them will have a CNAME pointing to the primary domain
[20:26] <drab> djb ime is just a pita, I don't see the value added to justify the headaches
[20:26] <rfleming> and the primary domain only has <10 A records and <5 CNAME records...
[20:27] <rfleming> throw in MX, TXT for _dmarc, _domainkey and spf... and the odd-man-out SRV record.
[20:28] <rfleming> do any support replication?
[20:29] <drab> rfleming: pdns and bind do, I don't think maradns does
[20:30] <rfleming> OK.  Thanks for you input.
[20:30] <rfleming> I'll poke around some of those.
[20:31] <drab> rfleming: in case you haven't seen it, it's reasonably good comparison chart: https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software#Feature_matrix
[20:32] <rfleming> now THAT is something I haven't seen.
[20:32] <rfleming> Thanks for that
[20:33] <blizzow> BIND has everything.
[20:35] <rfleming> blizzow: including the kitchen sink
[20:35] <rfleming> Correct me if I'm wrong... Split-horizon is the ability for the DNS server to offer up different data depending upon where the call originates?
[20:36] <blizzow> correct
[20:36] <rfleming> ok, cool.  That's handy
[20:37] <rfleming> I guess I'm going to use BIND :)
[20:42] <blizzow> I found learning and managing it to be painful, but I've never used the webmin module. Once learned and set up, it was pretty damn reliable. Especially after using source code management to store the BIND configs. We did end up using djbdns to do some reverse lookup caching and blacklist lookup because that was just really, really fast.
[20:43] <blizzow> and small.