/srv/irclogs.ubuntu.com/2017/05/08/#ubuntu-server.txt

cpaelzergood morning05:36
=== jelly-home is now known as jelly
yossarianukhi - I have a question about the default KSM setting (i.e ksm/kvm)10:15
yossarianuki.e -> /etc/default/qemu-kvm - has '# Set to 1 to enable KSM, 0 to disable KSM, and AUTO to use default settings.'10:15
yossarianukWhat are the default (AUTO) settings ?10:16
=== treaki_ is now known as treaki
yossarianukHi - we are setting up an office squid proxy / gateway using Ipfire in a KVM vm (using ubuntu 16.04 as the KVM host) - as there is going to be a lot of network traffic through the vm is it a good idea to enable 'vhost_net'?10:44
yossarianuk I notice in Ubuntu the default setting in /etc/default/qemu-kvm is 'VHOST_NET_ENABLED=0'10:44
yossarianuk so logically should I set that to 'VHOST_NET_ENABLED=1'?10:45
lordievaderGood afternoon10:51
yossarianukust wondering if it is more sensible to enable or disable in my situation (i.e a proxy/gateway vm that all office traffic will be flowing through)10:59
cpaelzerhi yossarianuk - just realized I answered you in #ubuntu already11:06
cpaelzerTL;DR yes I'd recommend vhost_net but it is very likely already loaded11:06
cpaelzerthe config you refer only checks if qemu-kvm loads it which is a failsafe mechanism, but some other triggers might load it anyway11:06
cpaelzerso they do for me at least11:07
yossarianukagain thanks11:07
cpaelzerand KSM auto is enable it on bare metal but not in guests11:08
ezethnesthrownHello, I have a problem. Please see at http://paste.ubuntu.com/24536348/11:53
cpaelzernacc: not sure IIRC - have you reworked the samba sections back then? any idea ^^12:00
cpaelzerrbasak: I'm trying to hunt down an issue with uvtool that tries to break my virt tests all too often - after a while I'm now down to systems not agreeing on the images available12:00
cpaelzerrbasak: the systems share /var/lib/uvtool/libvirt (via container shared paths)12:01
cpaelzerso what is in one is also in the other12:01
cpaelzerthat worked fine so far, but since I recently stared to have one more system that does stop sharing these paths by bindmounting something else over it things break too much12:01
cpaelzerrbasak: I only now start to dive into uvtool for this trying to understand what other paths they might read in those cases12:02
cpaelzerrbasak: but if something comes to your mind please let me know12:02
tewardrbasak: cpaelzer: powersj: nacc: any of you going to be at the server team meeting tomorrow?12:02
cpaelzerteward: I would be there I think12:03
cpaelzerthere is a chair pointer pointing to me12:03
tewardcpaelzer: well i won't be able to be at the meeting tomorrow - i have a more important meeting at my job - make a note on the action item for me re: nginx release notes  to push it to the next meeting for a status checkin12:04
tewardi've got the bulletpoints on a notepad document, i've not gotten much further12:04
tewardplease :)12:04
cpaelzerok, thanks teward for keeping us updated12:04
tewardyeppers.12:04
tewardUnrelated, anyone know how I can have a one-to-many SSH connection with one ingress and multiple backends based on the requested hostname?12:05
tewardi'm not 100% clear on how to multiplex SSH that way, but...12:05
tewardthought I'd ask :)12:05
cpaelzerteward: I think cluserssh does what you want?12:07
tewardooh prettu12:08
tewardpretty*12:08
cpaelzerI'm not clear on "multiple backends based on the requested hostname" but it gives you one-to-many ssh12:08
tewardcpaelzer: i think it'd be best if I diagram it12:08
cpaelzerThat tool is my poor mans mass deployment helper12:08
cpaelzersometimes12:08
tewardI have a server with multiple LXD containers on it, each with SSH.  To get into it i have to first SSH to the host machine, then SSH into the specific container12:08
tewardi'd like to cut out one of the 'hops' in what commands i type, if possible.12:08
tewards/into it/into one container/12:09
cpaelzeryeah ok that works as well12:09
cpaelzeryou need a proxy ssh setup on your client12:09
tewardcpaelzer: any idea on how i'd go about that?12:09
tewardi've googled but am head-scratching12:09
cpaelzerto pass any command to foo-container actually to the host and fromt here to the container12:09
cpaelzerI can paste a snippet, let me search my notes12:09
tewardthank you kindly :)12:09
tewardi'm trying to take the fifteen or so VPSes and consolidate on one massive system heh12:10
tewardallllll the services >:D12:10
cpaelzerteward: that matches what I did and has some nice text around https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/12:11
cpaelzercombine that with cluserssh and you can do stuff on all containers at once12:11
tewardnice.12:12
tewardcpaelzer: that'll help because now i can create SSH configs for each 'container' heh.  I'll just have to set up some command evils for the SSH without-password part to the containers... but that shouldn't be too hard.12:13
tewardsince the containers aren't directly SSH exposed to the 'net... :P12:13
cpaelzerexactly12:13
teward(CBA to buy a /24, wayyyyyyy too expensive)12:13
tewards/buy/rent/12:13
tewardah heck, my license for avast expired.12:13
tewarddamn, that means my mailserver has no AV protection12:13
tewardah well after my next big paycheck comes in that won't be an issue heh12:14
teward(it's $150/yr.  Not bad but outside my current budget)12:17
ezethnesthrownHello, I have a problem, the text is quite long. Please see at http://paste.ubuntu.com/24536348/12:17
rbasakcpaelzer: that's all that uvtool cares about. But it uses libvirt's API to manipulate everything inside images/, and libvirt has its own in-memory cache of what that directory contains IIRC. So that could fall out of sync.12:26
cpaelzerrbasak: interesting hint, thanks12:27
rbasakcpaelzer: libvirt does support multiple image pool types. There might be one that is sufficiently networked?12:28
rbasakThen you'd only need to bind mount metadata/12:28
rbasakOnce uvtool-libvirt is installed I doesn't touch the pool configuration again IIRC.12:28
rbasak(except perhaps on removal/purge)12:28
cpaelzerthat might be a workaround12:28
rbasakIf it is indeed the problem.12:28
cpaelzerbut surely implementing that is as work intensive as understanding what goes on with the current one12:28
cpaelzerand understanding the current issue might reveal something that puzzles me some time now12:29
cpaelzerhere it seems reproducible12:29
rbasakThat makes sense12:29
cpaelzerso I want to know12:29
cpaelzerI can in that env e.g. show that query reports no images, and the subsequent sync fails because the file is already there12:29
cpaelzerrbasak: so effectively an affected guest can not make it working again (other than rm'ing files)12:30
rbasakIIRC, query reflects metadata/ exactly12:33
rbasakIs it doing that in your failure case?12:33
cpaelzerrbasak: output is different on two systems sharing the dir12:34
rbasakThe actual image can be there when the metadata is not. This is for images being removed while still being used.12:34
cpaelzerI verified they are still in sync (md5sums, touched files appear, ...)12:34
rbasakcpaelzer: that's puzzling. I can jump into a hangout to do some debugging with you if you can reproduce that difference right now?12:37
rbasakcpaelzer: though can you just double check that /var/lib/uvtool/libvirt/metadata/ really is the same directory on both affected machines?12:38
cpaelzerrbasak: it is active right now if you have a few minutes I'd be happy12:38
cpaelzersurely faster with more eyes/brains12:38
ezethnesthrownHello, I have a problem, the text is quite long. Please see at http://paste.ubuntu.com/24536348/13:07
ezethnesthrownHello, I have a problem, the text is quite long. Please see at http://paste.ubuntu.com/24536348/14:06
cpaelzerrbasak: fyi new test runs the shared screen is now gone due to cleanup14:12
=== med_` is now known as med_
ezethnesthrownOK nevermind my bad14:30
=== tyhicks` is now known as tyhicks
rbasakcpaelzer: np14:38
ahasenackezethnesthrown: sorry about your problem with the smbldap guide15:00
ahasenackezethnesthrown: I hope to get to that area of ubuntu-server pretty soon15:00
ahasenackin fact, I want to update this to current ubuntu: https://github.com/panlinux/openldap-dit/tree/master/doc (just imported it from LP)15:02
naccezethnesthrown: aiui, you have to create the file15:30
naccezethnesthrown: an example is shipped with smbldap-tools15:30
naccezethnesthrown: as documented in the README.Debian file15:33
naccezethnesthrown: specifically SMBLDAP-TOOLS bit15:33
naccahasenack: so i think a short term fix is to copy out those bits into server guide (that you need to take the example config and do stuff to it to match your local install)15:34
ahasenackyeah15:35
ahasenackI think I'll start on that after this samba fix15:35
naccahasenack: thanks15:35
cpaelzerahasenack: nacc: but next serverguide release is way way out15:39
ahasenackwe can update the current one, right?15:39
ahasenacki.e., fix it15:39
cpaelzerahasenack: nacc: I had another case which I wanted to fix in doc, but that will need time15:39
nacccpaelzer: agreed, i'm saying as a fix to the current release15:39
nacciirc, pmatulis has taken such thing with bugs15:39
cpaelzerahasenack: no it only updates the user readable html/pdf on explcit releases15:39
cpaelzeryes you can "bug" them and ask15:40
naccthat's how i got the original serverguide fixed15:40
cpaelzerthey will share doc release plans15:40
nacchrm, maybe i'm misremembering15:40
cpaelzernacc: yeah I pushed a few dpdk things that way as well15:40
cpaelzernacc: but15:40
cpaelzernacc: recently I wanted to add some libvirt things and got told that it will really take a while15:40
ahasenackseems silly not to be able to correct docs. It's not a rewrite15:40
naccthat policy seems less in the best interest of our users15:40
naccoh adding things is diifferent, imo15:40
ahasenackright15:41
naccfixing bugs should be allowed, if it's not, i think we should bring it up to the doc team15:41
cpaelzerI agree, but my case wasn't important enough to set me into the mood to punch this through15:41
ahasenackit has to have the SRU spirit15:41
nacccpaelzer: ack, i think i saw your case15:41
cpaelzeryeah, "SRU spirit" covers most of it15:41
cpaelzernot random doc changes15:41
nacccpaelzer: right, in this case, a missing step (at least_) that causes the next step to fail15:42
cpaelzerahasenack: lets ask on ubuntu-doc ML how/if they would agree to handle those15:42
cpaelzerand share/discuss the feedback in the IRC meeting15:42
cpaelzerand drive via actions from there15:42
nacc+115:42
cpaelzerahasenack: would you do the initial mail to them or should I?15:42
ahasenackcpaelzer: I think you have more context now15:44
cpaelzerhehe15:44
cpaelzerok15:44
cpaelzerleave a task open and you'll get it :-)15:44
ahasenacknp :)15:45
cpaelzerahasenack: nacc: I set you to cc15:51
ahasenackthx15:51
* ahasenack -> lunch15:51
cpaelzerI was in a hurry so enjoy my surely intersting fast writeup :-)15:51
nacccpaelzer: ack15:51
=== a1berto_ is now known as a1berto
cpaelzernacc: I see you pushing all the merges to done, if you could take an eye on the three in the review queue for the importer that would be very kind16:08
nacccpaelzer: yep, im swtiching tack this week back to the importer and will review16:08
cpaelzernacc: in order of complexity dovecot, ntp, strongswan16:08
nacccpaelzer: tbh, for these three, on some level, im trusting you16:08
cpaelzerI trust myself as well :-)16:08
nacccpaelzer: in that, you've done the merge, i just need to get them into the importer, right?16:08
nacccpaelzer: or do you need a full merge review as well?16:08
cpaelzernacc: the poitn I learned is that there are always issues - and we don#t need to stop the line but discussing them is step one16:09
nacccpaelzer: ack, ok -- one takes longer than the other :)16:09
cpaelzernacc: I don't need a formal review, yet on strongswan a pair of eyes would be nice16:09
nacccpaelzer: and, on some level, if you could upload these (and maybe you can?) you aren't technically gated by me normally16:09
nacccpaelzer: ack, strongswan was complicated before16:09
naccrbasak: what state is your linter in?16:10
cpaelzernacc: there is a lot of "known to drop delta" left that I made more clear in the MP and such16:10
cpaelzernacc: I'd want to upload them tomorrow, so getting them into the importer and tagged would be nice16:10
cpaelzernacc: tests are all good, so the issues left shoudl be easily possible as ubuntu2 or next-cycle as applicable16:11
rbasaknacc: not really usable yet, sorry. I just have pieces.16:11
rbasaknacc: it doesn't do merges at all yet.16:11
naccrbasak: np, just checking :)16:11
nacccpaelzer: ok, i'll bump it up my list16:12
rbasaknacc: but the script in wip/review can be used for merges.16:12
cpaelzerfyi I don't have merge bugs on these as they were trivial, but integrated that into my process so I'll in future open one in any case I think16:14
nacccpaelzer: i'm also tempted to just give you upload rights to the git repos16:15
naccor wait until we figure out where upload tags will live properly16:15
thatstevecenaHello. I'm having problems with Ubuntu 14.04LTS, Postfix & DKIM failing to verify signatures. My install runs fine for a few hours but ultimately starts failing signatures due to "no padding data". Has anyone seen this?17:31
ezethnesthrownWhat does this mean [[ bash: /usr/sbin/smbldap-populate: cannot execute binary file: Exec format error ]]17:44
naccezethnesthrown: what does `file /usr/sbin/smbldap-populate` say?17:44
ezethnesthrownTried 'cat' it now the CLI broke17:45
ezethnesthrownsmbldap-populate is a command17:45
naccezethnesthrown: yes, i know17:45
naccezethnesthrown: can you please tell me what the command i asked for says?17:46
naccezethnesthrown: if it's a binary, you don't wnat to `cat` it17:46
ezethnesthrownIt says exactly that. Straight up error17:46
naccezethnesthrown: what?17:47
naccezethnesthrown: it says "Straight up error"?17:47
ezethnesthrownNo17:47
ezethnesthrownThere's no prompt17:47
naccezethnesthrown: `file` doesn't output such a thing17:47
ezethnesthrownI'm sorry. I'm a bit lost here17:48
naccezethnesthrown: so you ran `cat` on a binary? you probably need to start a new terminal session17:48
ezethnesthrownRebooted17:48
naccezethnesthrown: ok, that was probably unnecessary17:48
naccezethnesthrown: run `file /usr/sbin/smbldap-populate`17:48
ezethnesthrown[[ /usr/sbin/smbldap-populate: gzip compressed data, max compression, from Unix ]]17:49
naccwell you can't run a data file17:51
naccezethnesthrown: what version of ubuntu?17:51
ezethnesthrownnacc: 16.04.2 LTS17:51
ahasenackrbasak: hey, where is the merge report output again?17:51
ahasenackI had http://people.canonical.com/~rbasak/merges.html from before you had commit access17:51
naccezethnesthrown: http://paste.ubuntu.com/24538078/ is what it should output17:52
naccezethnesthrown: that's from a fresh 16.04 container17:52
naccezethnesthrown: not sure what you're using17:52
naccezethnesthrown: `apt policy smbldap-tools` in a pastebin please17:52
rbasakahasenack: http://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html but it looks like the cronjob is still failing so it's very out of date. I'll need to sort that out :-/17:57
ezethnesthrownnacc: http://paste.ubuntu.com/24538099/17:58
naccezethnesthrown: hrm, that's worrisome, same version here17:59
naccezethnesthrown: this is a VPS or anything? did you do any changes after installing?17:59
ezethnesthrownnacc: I'm installing in Virtual Box18:00
ezethnesthrownnacc: I followed the Samba and LDAP guide and the guide at the bug post18:00
naccezethnesthrown: can you run `dpkg -V smbldap-tools` ? and/or `dpkg -C smbldap-tools`18:01
ezethnesthrowndpkg -V smbldap-tools > [[ ??5??????    /usr/sbin/smbldap-populate ]]18:02
ezethnesthrowndpkg -C smbldap-tools > [[ ]]18:02
naccezethnesthrown: yeah so you've changed it from how it isinstalled18:02
naccezethnesthrown: 5 is 'file contents have changed'18:02
naccezethnesthrown: so ... what did you do? :)18:03
ezethnesthrownI did 'sudo dpkg-reconfigure slapd' I few times18:03
ezethnesthrownA few times*18:03
ezethnesthrownnacc: Thank you for your time. I'll restart then18:04
naccezethnesthrown: np, i don't thnk the dpkg-reconfigure should have changed the contents of an executable18:05
naccezethnesthrown: something else must have happened, but i don't know what18:05
naccrbasak: do you have time this week for a importer/git sync?18:08
ezethnesthrownnacc: Is it inside smbldap files? I don't think I tampered anything inside. But I'll report here if it happens again.18:09
naccezethnesthrown: yes, that file (/usr/sbin/smbldap-populate) is fromm smbldap-tools afaict, and should be a perl script18:10
ezethnesthrownnacc: I can't recall18:13
naccezethnesthrown: you'd have to have been root to do so, and just imo, you should always konw what you did as root :)18:13
ezethnesthrownnacc: Thank you. I'll keep that in mind18:14
cpaelzernacc: upload rights to the repos would help with trivial thigs at least18:21
cpaelzernacc: and I think I can decide when to push and when not to18:23
nacccpaelzer: yeah18:23
nacccpaelzer: our eventual goal is if you can upload a srcpkg you can upload the corresponding tag18:23
nacccpaelzer: but that needs lp stuff, etc.18:23
cpaelzernacc: and in the worst case it is easy for you to catch me :-)18:23
cpaelzernacc: I know the target18:24
nacccpaelzer: yeah :)18:24
cpaelzernacc: yet given that we mainly sync server and I have server + a few as upload rights ...18:24
nacccpaelzer: yep18:24
cpaelzernacc: the remaining subset isn't that big18:24
nacccpaelzer: yeah18:24
=== lordievader is now known as Guest16696
=== Guest16696 is now known as lordievader
ezethnesthrownnacc: Works magically now19:09
naccezethnesthrown: did you reinstall?19:10
rbasaknacc: yeah, let's arrange something.19:27
naccrbasak: thanks19:30
greenmanspiritHello all! I am trying to preseed NIS and when I reboot, rpcbind won't start. Is there something like networkmanager-wait-online that centos has? I am guessing the network isn't ready when rpcbind tries to start.19:54
sarnoldwhich release? 16.04 uses a different service framework than 14.04..19:55
* sarnold -> lunch19:55
greenmanspiritsarnold, 16.0419:56
naccgreenmanspirit: well on server, you wont' have networkmanager20:05
naccgreenmanspirit: if someting depending on network it shoulbe After=network.target in the service file, i think?20:06
naccgreenmanspirit: but i would thing rpcbind would be generally broken if it won't start becasue it needs networking and network isn't up in your case20:10
nacccpaelzer: i did dovecot just now, but let's do it at the same time, as there is a bit of an inherent race20:14
manukapuaim trying to delete a samba user after i deleted their unix account but get errors from smbpasswd - x and pdbedit -x , do i have to recreate the unix accoint before deleting the samba one ?20:14
nacccpaelzer: tmrw AM for the others?20:14
greenmanspiritnacc, rpcbind doesn't have After=Network in the rpcbind.server file20:17
manukapuaanswered my own question - apparently yes20:18
manukapuahave a fun mad day all : )20:18
greenmanspiritsorry, After=network.target20:19
gartralok so i migrated my server from that half-ass VPS into a better host annd i'm still having issues with apache21:02
gartralnacc  sarnold thank you by the way, for other day21:04
sarnoldhey gartral ;)21:10
gartralsarnold: I figured it out21:11
gartralit was a port collision between my vpn server and apache21:11
sarnoldgartral: woot21:13
Anonymeshi21:17
gartralsarnold: arrrrrrrrrrgh21:34
gartralthis is a game of catch 22 wrapped in a game of catch 2221:35
sarnolduhoh :) I was hoping that was the 'argh' of "i can't believe that mistake was so simple" :)21:35
gartralsarnold: I need a valid ssl cert, so I go through and try to use a let's encrypt cert for 'simplicity'... except certbot only uses port 443 and that port is already taken up by openvpn21:40
sarnoldgartral: can't LE do dns too?21:41
sarnoldgartral: and probably openvpn can be made to run on another port, if only temporarily21:41
sarnoldgartral: I know some people run their vpn on ALL PORTS, so a simple nmap from their hotel room or airplane or whatever can often find a way through that's... ahem... cheaper than usual :)21:42
gartralsarnold: yea but I have ~30 or so devices on this vpn21:45
gartralmost of which are family, and I don't need my mother screaming at me that her internet broke (again, because I had to re-issue cert packets to everyone from the the server move)21:46
sarnoldgartral: ouch that's a lot of devices to reconfigure21:46
gartralyes it is... everyone tells me I'm a good IT guy... I don't think so but meh21:47
sarnoldgartral: stand up a second server?21:52
gartralsarnold: moneies21:52
sarnoldgartral: it's only got to live for an hour or something to get certbot to work; if you haven't used it already, aws's free tier may be enough?21:55
=== manjo` is now known as manjo
eatingthenightHey i am pxe booting an image and i see this passed in as the command line argument for /proc/cmdline root=live:/genesis.iso22:50
eatingthenightwhat does that do specificly.22:50
eatingthenighti'm puzzled where it's getting the iso from since it's booting over ipxe using the initrd and vmzlinuz22:50
eatingthenightI read the kernel docs and it doesn't mention anything about live: and everything I have found is using live:http://....22:51
eatingthenightwhich make sense22:51
nacceatingthenight: root= is not parsed by the kernel22:52
nacceatingthenight: it's parsed by the init process, i think22:52
nacceatingthenight: i don't where genesis.iso lives, because that's not ubuntu afaict?22:52
eatingthenightnacc: correct sorry i just figured people here may know a bit more about the command line boot args23:30
eatingthenightit's a custom image23:30
eatingthenightbut I belive /genesis.iso in this case would mean it was baked into the image.23:31
nacceatingthenight: i *think* that live: is just a prefix to something (init? not sure) that says it's a livecd rootfs. i'm guessing that if you're pxe booting, maybe it knows to alos look on the network for the iso23:32
naccit being the boot processe23:32
eatingthenightaa ok, so might be looking it up on a sftp server on the network23:36
nacceatingthenight: yeah, i'm not 100% on that, but i'd believe it23:36
eatingthenighthmm, darn. That does sound correct to me but the sftp server that it is using only contains the ipxe kpxe file.23:40
eatingthenightjust checked to make sure. very strange.23:40
nacceatingthenight: is it in the initramfs by any chance?23:41
eatingthenighthmm i dont see that file but i see this pre-udev/30dmsquash-liveiso-genrules.sh which looks interesting23:45
eatingthenighto ok https://www.redhat.com/archives/rhl-list/2009-December/msg01582.html looks to confirm that that is what does it23:52
eatingthenightlooks like some legacy stuff from the liveiso creator23:52
eatingthenightnacc: thanks for the help! I'm somewhat satisfied knowing that it's custom to liveiso23:53
nacceatingthenight: yw23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!