/srv/irclogs.ubuntu.com/2017/05/30/#ubuntu-server.txt

=== hehehe is now known as hehehe_away
=== Jalen_ is now known as Jalen
hallyncpaelzer: the list is always too long :(  sad thing is the cycles they go in.  when i first joined, there were a lot of issues around net connectivity and live migration :)04:21
cpaelzerhallyn: yeah thanks for your sentiment - it raises me up to hear that I don't feel like that alone and that it was the same "before me"05:37
cpaelzerrbasak: hey if you are around - could you import virt-manager into usdi?06:01
cpaelzerI want to look ho complex the Delta looks like when I split it up06:02
cpaelzerand when I start I can as well prepare for the case that I might merge it - so usdi would be helpful06:02
=== pavlushka_ is now known as pavlushka
ws2k3is there something wrong with the ubuntu installer? i just installed ubuntu 16.04 and it refuses to boot. i installed it twice to make sure i didnt do anything wrong10:20
ikonia"refuses to boot" isn't really a problem description10:36
cpaelzerrbasak: I don't really need virt-manager in usdi itself, I currently try to import it myself locally10:58
cpaelzerrbasak: if it ends up with a working git tree I'm good10:58
rbasakcpaelzer: I've been importing it for a while. It's on unapplied xenial currently11:10
rbasakcpaelzer: in theory the hashes should match your import. So it'll be interesting to see if that happens.11:11
rbasakIt's just started on applied now11:13
cpaelzermine is in applied for about 15-20 minutes now11:14
cpaelzeryeah, interesting if all hashes match :-)11:15
cpaelzerrbasak: would you have 15 minutes for some conffile fun somewhen today?12:11
cpaelzerrbasak: I'll need to do a summary writeup for a clearer discussion - so not now (at least 15 minutes or so)12:11
cpaelzerrbasak: but I'd appreciate to find one to discuss some details before working on a proposed fix12:12
rbasakcpaelzer: sure12:22
rbasakcpaelzer: import complete12:23
ahasenackhi, does anybody know what this is about? https://launchpadlibrarian.net/234346016/DpkgTerminalLog.txt "innserv" is in a loop apparently12:34
ahasenackmaybe https://bugs.launchpad.net/ubuntu/+source/insserv/+bug/54102312:34
ubottuLaunchpad bug 541023 in insserv (Ubuntu) "insserv does not work when rsync or winbind are installed" [Undecided,New]12:34
ahasenackfrom the lucid (!) days12:35
cpaelzerahasenack: yeah I've seen those in the past12:35
cpaelzerahasenack: in 95/100 cases people have ppas or even "more out of archive" packages/tarballs installed12:35
cpaelzerahasenack: those mess up the system by placing things in init scropts which lead to loops at the dependency resolution12:35
cpaelzerahasenack: mostly it is about spotting the uncommon name in the logs and asking where this file is from (dpkg -S"12:36
ahasenackinsserv shouldn't be used anymore, right?12:36
tomreyndepends on your ubuntu release, which you have not yet disclosed12:36
ahasenack15.10 in that case12:37
tomreynwell that's unsupported for a good while now :(12:37
cpaelzerahasenack: if you have a low maintenance old package even insserv is fine - it will install its stuff and the systemd-generator will pick it up12:37
ahasenackit could be "smfpd", I don't recognize that name:12:38
cpaelzerso you see it here and there in packages that don't care about systemd yet but instead rely on the compat handling12:38
ahasenackinsserv: Starting smfpd depends on ondemand and therefore on system facility `$all' which can not be true!12:38
ahasenacktomreyn: sorry, let me clarify. It's not my system, it's a bug filed by someone12:38
ahasenackagainst "samba"12:38
ahasenackbut I've seen others like this filed against random packages when the real problem is insserv12:38
tomreynoh okay, also for supported releases then?12:39
cpaelzerahasenack: as I said before the "real problem" IMHO mostly is out-of-archive software12:39
cpaelzerI've seen messages like that up to and including zesty every now and then12:39
ahasenacktomreyn: no, wily, I'll close it but add a note that it's not in samba12:39
ahasenacktomreyn: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/153494412:39
ubottuLaunchpad bug 1534944 in samba (Ubuntu) "package samba 2:4.1.17+dfsg-4ubuntu3.1 failed to install/upgrade: подпроцесс установлен сценарий post-installation возвратил код ошибки 1" [Undecided,Confirmed]12:39
ahasenackit got in my radar because of the last comment, "confirmed"12:39
ahasenackwhich made me get an email :)12:40
cpaelzerahasenack: and if you want to do him a favor ask him to do a dpkg -S on /etc/init.d/smfpd12:40
tomreynoh you're bug triaging, sorry i thought you were seeking support.12:40
ahasenacktomreyn: yep :)12:40
ahasenackcpaelzer: good idea12:40
ahasenackI think there are hundreds of apport-reported bugs against eol releases now12:41
cpaelzeryep ahasenack12:42
cpaelzerahasenack: we have the discussion if we should mass-close them or something like it every now and then12:43
cpaelzerahasenack: bring it up next week, it might be time to have that talk again12:43
ahasenackcpaelzer: I think dpb1 will favor that12:43
ahasenackI will add it to the agenda12:44
ahasenackalthough I think he has something like that already in it12:44
cpaelzerahasenack: my opinion last time was to only process those that are on ubuntu-server subscription and for those do the extra work of really checking on newer versions12:45
ahasenackcpaelzer: it's tough when the bug happened during apt upgrade and the logs are not conclusive, it's almost impossible to get into that same scenario again12:46
ahasenackupdates have been issued and superseeded older packages which are no longer available12:46
ahasenacksometimes the user refuses to add extra logs, for privacy concerns, and it's awkward to start a dialogue 2-3 years later "hey, could you please attach /etc/foo/bar.conf?"12:47
cpaelzerahasenack: I'm not objecting :-)13:00
cpaelzerahasenack: yet it will make the "ubuntu gives up on 12345678 bugs" post go around the world13:00
ahasenackwill make it clear though13:01
ahasenackbut deserves a discussion13:01
cpaelzerwhich is what I suggested and you agreed, so we are on the path13:01
cpaelzerdid you add to the agenda?13:01
ahasenackjust did13:02
ahasenackcpaelzer: sprint agenda13:02
ahasenackdpb1 had a topic already, I expanded it a bit13:02
zuljamespage:  pinghttp://pastebin.ubuntu.com/24714955/ (fyi)13:20
PresidentTrumpI want to run npm install as http user but http user is nologin. I prefer not to run as root and then chown to http. npm install is being run by a systemd script.13:26
dpb1PresidentTrump: you can: sudo chsh -s /bin/bash http13:28
ogra_or just sudo apt install npm13:29
dpb1ogra_: he wants to npm install, not install npm.  funny turn of words. :)13:30
ogra_eeep ... indeed ... blind me, sorry for the noise13:30
ogra_:)13:30
PresidentTrumpthanks13:31
ahasenack    raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "13:36
ahasenackhm, zfs13:36
ahasenacknsn7/lxc on /var/lib/lxc type zfs (rw,noatime,xattr,noacl)13:36
ahasenack:(13:36
* ahasenack inspects zfs set acltype13:39
ahasenackyay13:41
ahasenacknsn7/lxd/containers/zesty-samba-ad on /var/lib/lxd/storage-pools/default/containers/zesty-samba-ad type zfs (rw,noatime,xattr,posixacl)13:41
ikoniathats interesting your running a samba service to replicate AD in a container ?13:42
ahasenackthe container is just the development aspect of it, I'm doing some testing13:42
ikoniais it doing a full AD substitute ?13:43
ahasenackit should, but it's the first time I set samba up like that13:43
ahasenackthey have a nifty tool nowadays13:43
ahasenackjust run "samba-tool domain provision"13:43
ikoniainteresting, standalone or will it integrate into an existing AD setup ?13:43
ahasenackwhat I'm trying is standalone. It sets up kerberos, dns, ldap13:44
ahasenackjoining an ad forest is simpler13:44
ikoniavery interesting indeed13:44
ikoniawell....maybe not13:44
ikoniaas I'm curious to how the AD txt/srv records would be managed with containers13:44
ikoniaand an overlay network13:44
ahasenackyou just don't use the dnsmasq services13:45
ahasenackuse a static ip, setup bind, rndc keys13:45
ahasenackuse the container as if it were a vm13:45
ahasenackI attached this container to a libvirt-managed network where there is no libvirt-provided dhcp (dnsmasq)13:46
ikoniabind is a dns server, it won't manage the txt and srv records an AD service would require/generate13:46
ahasenacksamba4 can either use bind, or its own internal implementation13:46
ahasenackthe default is its own internal implementation13:46
ahasenacksame for ldap13:46
ikoniahence why I'm curious how hooking it into an AD service that is expecting to manage it's own DNS would work13:46
ahasenackin the ldap case, it can't use any other ldap implementation actually13:46
ikoniayes, Samba can, but AD can't13:47
ikoniahence why joining the forest is of inerest13:47
ikoniainterest13:47
ahasenackI'll get to that at some point :)13:47
ahasenackright now I'm checking a bug report13:47
ikoniabe interested how you get on with that13:49
ikoniaespecially with a container and an overlay network13:49
ahasenackhm, finding some rough spots in the samba4 packaging14:03
ahasenackwhen setting up an ad dc14:03
ahasenackbut ok, got it to work14:04
ahasenackhttp://pastebin.ubuntu.com/24715338/14:06
* ahasenack finds the rough spots in the TODO.Debian file14:12
Da9elEn fra dk der lige kan hjælpe med en SSH der driller14:36
masonDa9el: er der en liste her, der kan hjælpe: https://lists.ubuntu.com/mailman/listinfo/ubuntu-dk14:38
Da9elOkay må jeg prøve tak14:40
masonDa9el: Held og lykke.14:40
tewardis there a server team meeting or was it postponed?15:49
tewardor cancelled15:50
dpb1teward: there is, in 10m15:51
tewardcool, wasn't sure :)15:52
tewardi'll be there.  ish.15:52
teward*still trying to figure out IPv6-from-public-to-LXD-container stuff*15:52
dpb1teward: :)15:52
tewarddid I happen to mention that IPv6 is painful15:53
tewardor is that just 'implied' now15:53
naccjamespage: any luck with your artful runs for openstack with new django?16:21
jonfatinoSo it seems casper doesn't support http fetch of filesystem.squashfs. I found a patch on https://forum.kde.org/viewtopic.php?f=309&t=136596 but it doesn't seem to be working with the latest initrd/scripts/casper17:01
jonfatinoPerhaps someone can take a look at the altered initrd/scripts/casper file and fix it up?  https://pastebin.com/V6W39XJu17:02
PresidentTrumpwhat is the proper way to deploy passwords as env on production servers? add them to /etc/environment ?17:47
naccPresidentTrump: why would you ever want to do that?17:47
PresidentTrumpnacc, https://caddyserver.com/docs/automatic-https see section under enabling dns challenge17:52
naccPresidentTrump: i see -- it seems dangerous to store credentials in the environment, but that's just me17:55
PresidentTrumpnacc, would storing them in the systemd file be safer?17:56
PresidentTrumpsystemd has a method of setting variables17:57
naccPresidentTrump: i'm not sure -- it just seems 'dangerous' to put credentials like that anywhere that if you were to get hacked, then all of a sudden the hacker has access to everything else17:57
PresidentTrumpnacc, if they hack into the server don't they already have access to everything18:00
PresidentTrumpdatabase passwords are there18:00
naccPresidentTrump: i assume your database passwords are encrypted18:00
naccPresidentTrump: i'm saying if your server is hacked and your credentials are stored in plaintext in the environment or in a systemd file, that seems odd18:01
PresidentTrumpnacc, if its encrypted then how can the application access the database?18:03
naccPresidentTrump: different problem, i'm just looking at the idea of storing credentials in the environment18:03
PresidentTrumpand its encrypted but the key is also stored on the server then it serves no purpose18:03
PresidentTrumpcan I get a practical answer?18:04
PresidentTrumpthere is no point on focusing on securing credentials when there is lower hanging fruit18:05
PresidentTrump99% of small websites out there are far more insecure18:06
ahasenackPresidentTrump: /etc/environment is meant to be read by all users of the system at login time. Isn't it just one user who needs access to this password?18:06
PresidentTrumpyes18:06
ahasenackdoes it have to be a shell variable? Can it be a file in the user's /home directory for example?18:06
PresidentTrumpahasenack, can you look at the caddy documentation I linked to?18:07
PresidentTrumpis there a way for it not to be a shell env?18:07
PresidentTrumpI think the most sensible way of making it a single application env is to add it to the systemd file18:07
ahasenackis that a daemon?18:08
ahasenackI think in systemd you can refer to a file that has your variables18:09
ahasenackthat sounds ok. You would make that file 0600 then or something like that18:09
ahasenackor have whatever script starts the daemon source the file with the variables18:09
ahasenackbut not /etc/environment, that is system-wide and meant to be 064418:10
PresidentTrumpahasenack, so I have a bash script that needs the vars too18:10
ahasenackit can source that file that the systemd config is sourcing18:10
ahasenackI don't recall the systemd configuration key now, sorry18:10
PresidentTrumpahhhh18:10
PresidentTrumpright I should use source...18:10
PresidentTrumpthanks18:10
ahasenackI checked upon that once when researching how to pass proxy variables to a service18:10
ahasenacknacc: hi, the bug I need sponsoring on, following up our irc meeting: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/167732918:14
ubottuLaunchpad bug 1677329 in samba (Ubuntu Zesty) "libpam-winbind: unable to dlopen" [High,In progress]18:14
ahasenackit has a branch attached18:14
ahasenackmeant for artful18:14
naccahasenack: reviewing18:17
ahasenacknacc: thx18:17
ahasenacknacc: thanks for the review18:48
naccahasenack: np, does it make sense?18:49
ahasenackyes18:49
ahasenack:)18:49
naccahasenack: feel free to fix up and push back over the top, i'll pull your changes down and re-review whenever you need18:50
ahasenackok18:50
=== nymony_ is now known as nymony
=== lfrlucas_ is now known as lfrlucas

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!