Faux-Pa | Is anyone actually active here? | 03:58 |
---|---|---|
Faux-Pa | I know that IRC can be hit-or-miss at times, but I'm only asking because I need some help. | 03:59 |
Faux-Pa | Hello? Anyone? | 04:25 |
lordievader | Good morning | 06:08 |
=== Curiontice is now known as Capprentice | ||
smoser | nacc, i added dropbear to the list and pushed. | 12:01 |
=== tinwood is now known as tinwood-afk | ||
=== tinwood-afk is now known as tinwood | ||
hosas | I know this sounds dump, but how do I execute this command the instructions says: `CTL+B, C` to open a new tmux window | 14:41 |
sdeziel | hosas: 1) start tmux, 2) create new tmux windows by pressing the key combo Ctrl+B then C | 14:43 |
sdeziel | hosas: you should then notice the multiple windows listed at bottom of the tmux session | 14:44 |
hosas | sdeziel: thanks- I it meant on same window. thanks again | 14:44 |
hosas | sdeziel: please be patient with me: is it Ctrl +B+C or Ctrl +B then followed by Ctrl+C | 14:47 |
sdeziel | hosas: yes, it's in the same window. tmux is a terminal multiplexor so it's by design :) | 14:48 |
hosas | because Ctrl +C is exiting the app as expected but not what I want | 14:48 |
sdeziel | hosas: it's Ctrl+B, then C (those are all lowercase in fact) | 14:49 |
drab | it's not ctrl-c, it's ctrl-b then precc c | 14:49 |
drab | press* | 14:49 |
drab | no shft, they are not intended to be uppercase | 14:49 |
drab | it's a keystroke-chain | 14:49 |
drab | ctrl-b enters "command mode", like ":" enters command mode in vim | 14:49 |
hosas | okay mahn | 14:49 |
drab | then "c" is "new window" command ("create") | 14:50 |
spm_draget | I am unable to find 'mod_privileges' for apache on ubuntu 16.04. Could it be that it is not shipped with apache nor in the repository? | 14:50 |
drab | hosas: https://gist.github.com/afair/3489752 | 14:50 |
drab | I have that printed next to my monitor, always comes handy, especially in the early period of tmux | 14:51 |
hosas | drab: I got it thanks a thousand times | 14:51 |
hosas | it works | 14:51 |
drab | just pass the favor on, that's the real thank you | 14:51 |
hosas | drab: :) okay | 14:52 |
nacc | spm_draget: https://httpd.apache.org/docs/trunk/mod/mod_privileges.html implies it's a solaris thing? | 15:14 |
nacc | spm_draget: i don't know much about it, but i do see in 17.10 it's in the documentation of apache2, which means it might be bundled with the main binary package (not its own module package) | 15:14 |
hashwagon | I'm needing to place a one-time script to run at system boot and delete itself after. Where is the best place to put this? A cron can't delete itself right? | 16:41 |
genii | hashwagon: A shell script can delete itself | 16:51 |
hashwagon | Best practice would be to place it in /etc/init.d/ for ubuntu 16.04? | 16:52 |
genii | hashwagon: Just put one that does whatever in rc.local, have it remove the reference to itself in that file after, then rm itself | 16:52 |
hashwagon | Thanks for the suggestion, I'll give it a go. | 16:54 |
Poster | I do something like that on disk images, it's something to the effect of | 17:18 |
Poster | if [ -x /usr/local/bin/firstboot ] ; then /usr/local/bin/firstboot ; rm -f /usr/local/bin/firstboot ; fi | 17:18 |
Poster | if the file is present and executable, it will run, if it is not (missing or not executable) it will not run | 17:19 |
=== arooni_team_b is now known as arooni | ||
teward | jgrimm: alive? | 19:10 |
nacc | rbasak: do you think you're going to get the pristine-tar branch MP comments to me today? or should i pivot to other things? | 19:48 |
nacc | rbasak: also, do you recall what was needed to adjust in https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/324476 ? | 19:51 |
nacc | powersj: thanks for the MP updates | 19:51 |
nacc | powersj: i think, if you haven't already, you can move the trello card back to review | 19:52 |
powersj | nacc: will do, and thank you for the reviews :) | 19:52 |
jge | hey all, good afternoon. I have this strange problem where I have a user trying to synchronize a repo remotely from an Ubuntu laptop. He's connecting to a VPN, then issuing a synchronize repo command, but seeing: ssh_exchange_identification: read: Connection reset by peer | 20:06 |
nacc | jge: i'd check the ssh server's logs | 20:06 |
jge | when he VPNs through a separate appliance we have, he doesnt see that problem | 20:07 |
jge | I'm thinking some firewall filter, or something in between resetting his connection | 20:08 |
jge | he's connecting to the same server though | 20:09 |
nacc | jge: not sure (brb) | 20:09 |
drab | jge: msot likely something on the path, yeah, can you describe the vpn end point and the two different paths to the repo? | 20:14 |
drab | if he sees a connection reset right away, ie not a timeout, then it's most likely a firewall sending an explicit RST | 20:15 |
drab | maybe something that is not expecting traffic to the repo from that ip/vpn | 20:15 |
drab | (generally vpns are on a different net) | 20:15 |
jge | hey drab, the vpn end point is an ubuntu laptop, when he connects through one of my vpn servers, he reaches the repo just fine, if he connects to another vpn server, he connects fine but after he starts to synchronize his repos, the connection gets reset | 20:16 |
jge | same server, different vpn servers | 20:17 |
jge | (same repo server that is) | 20:17 |
drab | both vpn servers have interfaces on the same network as the repo? | 20:18 |
drab | one vpn server, the one that works, is an appliance or something Vs the one that doesn't is ubuntu with openvpn ? | 20:18 |
jge | drab: they are Palo Alto appliances, I'm checking to see if they both have interfaces on the same network | 20:19 |
drab | in other words, what I'm looking to find out is if both vpn servers will talk directly to the repo or not | 20:20 |
drab | so the path in both cases is laptop -> vpn -> repo server | 20:20 |
jge | got it, let me find out | 20:27 |
jge | jss | 21:02 |
jge | drab: so yeah, user traverses many other hops when he connects to the vpn server that we are seeing this problem | 21:03 |
jge | he goes from firewall - switch - router - router - switch - server | 21:03 |
jge | on the other vpn that works, he goes from firewall - switch - server | 21:04 |
drab | jge: ok so that's a pretty strong clue | 21:05 |
drab | jge: I'd confirm the clue in two ways: 1) do what nacc already suggested, do yuo see any logs in syslog on the repo server for ssh? you should see an attempt to auth at the very least 2) tcpdump on the repo host, do you see ssh traffic at all from the laptop? | 21:06 |
drab | if you don't then you'll have confirmed that the problem is on another node on the path | 21:07 |
drab | is the switch is a dumb L2 switch, that's out of the picture. if it's a L3, routing might be an sisue there too | 21:07 |
drab | tcpdump on intermediate nodes would again tell you where the pkt stops | 21:07 |
jge | drab: agree, but the problem seems to happen after he authenticates fine to repo server, and starts synchronizing | 21:07 |
rbasak | nacc: it's going to take me somewhat longer I think. I expect tomorrow. | 21:08 |
drab | jge: is the auth through ssh? | 21:08 |
jge | yep, and ssh keys | 21:08 |
rbasak | nacc: details of the adjustments we agreed in the Trello card. | 21:08 |
jge | and authenticates fine | 21:08 |
drab | jge: can he ssh to the repo server? | 21:08 |
drab | like get a shell | 21:08 |
drab | or can he scp? | 21:08 |
jge | yep | 21:08 |
drab | what repo are we talking about, git? | 21:09 |
jge | when he syncs, it starts to synchronize and somewhere after it resets | 21:09 |
jge | gerrit server | 21:09 |
drab | does the sync operation do something different than the auth in terms of port used? or is it always just a tunnel? | 21:10 |
drab | and you confirm he can scp, yes? like a large file, 10MB or so (how much does he need to sync btw?) | 21:10 |
jge | drab: he uses the same exact command to synchronize, hitting the same server | 21:11 |
jge | i haven't confirmed large file transfers though, just ssh login | 21:11 |
DammitJim | on Ubuntu 16.04 LTS, if I install Tomcat8, why does it not set a tomcat8.service file to use with systemd, but instead it still uses /etc/init.d/tomcat8? | 21:32 |
drab | jge: if he can ssh and can auth, I'd check for larger file transfer with scp and see if that works | 21:40 |
drab | I'd also run tcpdump on the repo server while he tries to sync | 21:40 |
drab | to see if it's that machine that actualyl sends the RST | 21:41 |
drab | and look at the auth.log to see if ssh is indeed terminating the connection | 21:41 |
drab | jge: or if it's being dropped on the path | 21:41 |
drab | jge: the fact that it works on a simple path with vpn directly talking to the server and not the other to me suggests something on traffic type that gets dropped | 21:44 |
drab | jge: another question is, do the 2 vpn servers serve the same vpn subnet? | 21:45 |
drab | altho if the ssh traffic goes through there shouldn't really be any reason why the sync traffic gets routed differently | 21:45 |
drab | jge: so I'd test with scp and maybe netcat with a large file transfer (or http if you have a webserver running and can drop a file on it) | 21:46 |
drab | just make a random file with dd | 21:46 |
jge | drab: will do, to answer your previous question, yes, the two vpn servers serve a different subnet | 21:50 |
nacc | rbasak: np, thanks and i'll check the trello card | 22:07 |
nacc | rbasak: was the A/B testing the idea that we'd keep the old implementation around and assert for some time that they produced the same results? | 22:34 |
rbasak | nacc: right | 22:44 |
rbasak | nacc: bad choice of words, sorry. | 22:44 |
nacc | rbasak: ok, will Tests be covered by your spike? | 22:44 |
nacc | rbasak: and not sure on the last one -- to be honest, i think we can drop that special case, I think it was only necessary in an older version of the code, I'm testing now without it | 22:44 |
drab | Dasoren[m]: not everything has been migrated to systemd ime | 22:45 |
drab | nm, damnitjim no more | 22:45 |
rbasak | nacc: I suppose the tests would be for checking the output of parsing known changelog files. | 22:46 |
rbasak | nacc: I can add that to my spike though it's a separate piece really, as the code should already be isolated enough to be testable when the changelog parsing branch lands. | 22:46 |
nacc | rbasak: yeah, that's true -- where/how do you want me to store 'known' changelog files? | 22:46 |
rbasak | nacc: I think we should check minimal changelogs into the tree. I'm not sure about wholesale ones though. | 22:50 |
nacc | rbasak: in a tests/ directory or something? what's the pythonic standard for that? | 22:52 |
rbasak | nacc: I'm not aware of a standard. How about tests/changelogs at the top level as a start? | 22:53 |
nacc | rbasak: +1 | 22:53 |
=== nacc_ is now known as nacc | ||
nacc | rbasak: may be totally off-base, but here's a first run at adding some tests. I had to change our Changelog class to allow to get the contents from a file (as well as from a treeish in a repo). But it does pass here (with the version from your branch, rebased and fixed): http://paste.ubuntu.com/25236260/ | 23:30 |
nacc | rbasak: do you think it's worth trying to add unit tests to the code we have now, in order to verify if our changes are good? I started down that path and it would take quite a bit of refactoring, I think | 23:47 |
rbasak | nacc: for the changelog parsing, or generally? For the former, I think we should perhaps start with just a couple to test the parsing, that's all. Do you think that would still need significant refactoring? | 23:52 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!