[01:21] <oraqol1> hey guys, so I finally got conjure-up to load without the lxd and lxd init bug, created br0 and plugged it into eno2, but now the installer is stuck on 'Running step: 00_deploy-done.' and all the containers are stuck on 'waiting for machine'
[01:21] <stokachu> oraqol1: does /snap/bin/lxc list show containers with no ips?
[01:23] <oraqol1> they do show ips
[01:23] <oraqol1> on eth0
[01:23] <oraqol1> all but one are in the 192.168.1.x rnage
[01:23] <oraqol1> the last is on 10.232.183*
[01:24] <stokachu> oraqol1: whats output of `juju status --format yaml|pastebinit`
[01:27] <oraqol1> https://pastebin.com/g6TFLKJg
[01:30] <oraqol1> these are my network settings: https://pastebin.com/7b01EkNK
[01:32] <stokachu> oraqol1: can you do `/snap/bin/lxc list|pastebinit`
[01:33] <oraqol1> here ya go: https://pastebin.com/Cd7CMXMc
[01:37] <stokachu> oraqol1: you aren't running out of disk space are you?
[01:38] <stokachu> oh hmm
[01:38] <oraqol1> https://pastebin.com/mMWhXpvp
[01:39] <oraqol1> do you just wanna, like, jump on and see for yourself?
[01:39] <stokachu> sure
[01:39] <oraqol1> kk
[01:40] <stokachu> you can `ssh-import-id adam-stokes` for my ssh key
[05:01] <brianw> Hello. Great work with LXD!
[05:02] <brianw> Just setup a nce little vpn client gateway for a paid vpn service. Working great!
[05:31] <cpaelzer> good morning
[05:40] <sonu_nk> hi there.. i created a user apis for my ubuntu -server..  if i want to run composer with this user then what permission i required for this apis user and in which group i need to put this user
[05:40] <sonu_nk> ?
[05:42] <sonu_nk> apis is not in the sudoers file.  This incident will be reported.
[06:44] <lordievader> Good morning
[06:59] <jamespage> cpaelzer: I'm about to triage https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1718133
[07:00] <jamespage> as a high - we had a direct report and openstack gates just reverted back from the Pike UCA as live migration tests where failing 50% of the time
[07:00] <jamespage> I'll be back in about 1 hr
[07:03] <jamespage> cpaelzer: might be a behavioural incompatibility between nova@pike and qemu 2.10
[07:03] <jamespage> I'll dig in further in 1hr
[07:11] <sonu_nk> hi there.. i created a user apis for my ubuntu -server..  if i want to run composer with this user then what permission i required for this apis user and in which group i need to put this user
 ?
[07:11] <sonu_nk> apis is not in the sudoers file.  This incident will be reported.
[07:15] <cpaelzer> jamespage: ok
[07:15] <cpaelzer> jamespage: thanks for the heads up
[07:16] <cpaelzer> jamespage: we already had some issues around these logs
[07:16] <cpaelzer> all migrations I usualyl do (one of each type) worked eventually
[07:16] <cpaelzer> but surely this might trigger a case missed so far
[07:17] <cpaelzer> look at the "fixed in rc section" https://wiki.qemu.org/Planning/2.10 that was all me :-/
[07:17] <cpaelzer> too bad we seem to hit another one
[07:21] <cpaelzer> jamespage: I updated the bug but need you to reproduce and provide the data we almost always need
[07:22] <cpaelzer> jamespage: ping me for an interactive discussion once you have that if you want
[09:17] <cpaelzer> jamespage: I think I shortened your repro quite a bit
[09:17] <cpaelzer> updating the bug
[09:26] <cpaelzer> jamespage: updated the bug and submitted to qemu-devel
[09:26] <cpaelzer> jamespage: I'll add the link as soon as I have it
[09:27] <jamespage> cpaelzer: ta - just about to bounce some instances around a test deployment
[09:28] <cpaelzer> jamespage: have you ready my simplified testcase - three commands and you are there
[09:28] <cpaelzer> well we might need your testcase still to find if there is more
[09:28] <cpaelzer> once we have an idea how to fix it
[09:32] <jamespage> cpaelzer: tl;dr - qemu-img info defaults to needing a lock and fails as a result cause the instance is running right?
[09:32] <cpaelzer> yes
[09:32] <jamespage> glad I grokked that
[09:34] <cpaelzer> so the fix is either to make info (and other non crit actions) non conflicting or to provide no-lock option
[09:34] <cpaelzer> or both
[09:53] <ren0v0> Hi, ubuntu 16.04 ships with mariadb 10, but after installation there is no systemd unit ?
[10:01] <pascalou> hi
[10:01] <pascalou> Is there any whois cache ?
[10:01] <pascalou> or w ahois proxy/cache
[10:07] <cpaelzer> jamespage: --force-share
[10:07] <cpaelzer> jamespage: bug is updated
[10:12] <jamespage> cpaelzer: ok so my read on this is that its intended behaviour so we need to make nova understand what todo with newer qemu versions
[10:13] <cpaelzer> yes
[12:29] <jamespage> cpaelzer: ok so we can put in a distro-only patch to fix this short term, to be superceeded by something better in Nova when landed - thanks for your help here
[12:36] <cpaelzer> I'm glad I could help
[12:36] <cpaelzer> this locking has caused too much headache for me anyway
[12:36] <cpaelzer> was "just another one"
[12:37] <cpaelzer> on 18.04 I'm refusing to be pushed to merge so late in the cycle no matter who has shiny new HW
[12:37] <cpaelzer> but the 2.11 release plan is not yet written so I can't start to plan my dates yet
[13:54] <Oskars__> Can a user have 2 groups? Because when I create a new user and add it to an existing group, and check in /etc/passwd I see: <user>:x:1001:1002, where 1002 is the group I added the user to
[13:55] <mason> Oskars__: Just one primary group. No cap I'm aware of on secondary group membership, other than potential issues with NFS group handling.
[13:56] <Oskars__> mason, So 1001 is the primary group? And 1002 the secondary?
[13:57] <mason> Oskars__: man 5 passwd
[13:57] <Oskars__> mason, thank you
[13:57] <mason> You want to be familiar with that content.
[13:57] <mason> Groups beyond the first will generally mean the username shows up in the right place(s) in /etc/group
[13:58] <Oskars__> Indeed, sorry it's getting late here and I just realised that the 1001 is the user ID...
[14:02] <sdeziel> Oskars__: to get various info on a given user, "id $user" is quite handy
[14:05] <Oskars__> sdeziel, thank you! Trying to figure out why I can't FTP in to the server with my new created user. The only difference is that the user no longer owns the directory, but the group he is in, this should work right? The group has r+w to the directory. My old user which can FTP in is the owner of the directory
[14:07] <sdeziel> Oskars__: is it the FTP server denying connection (rejecting your username/pass) or is it a problem entering/writing into a given dir?
[14:08] <mason> Been ages since I've used ftp... It's generally a good idea to use encrypted protocols nowadays. That said, seeing the logs from the login attempts would probably help nail it down.
[14:08] <Oskars__> sdeziel, I get "GnuTLS error -15: An unexpected TLS packet was received.
[14:08] <Oskars__> " from filezilla
[14:08] <mason> That can come about from something as simple as the connection breaking.
[14:09] <sdeziel> I never setup a FTP, only SFTP, much easier IMHO
[14:09] <sdeziel> Oskars__: looks like you are trying FTPS ?
[14:09] <Oskars__> The logs say nothing, just that the client get an OK LOGIN. I setup an vsftpd and try to FTPS in
[14:11] <sdeziel> Oskars__: I'd check vsftpd's logs to see what's going on
[14:12] <Oskars__> sdeziel, vsftpd's logs says nothing, the client get an OK LOGIN then it just stops, no error message or nothing in the log
[14:13] <sdeziel> Oskars__: I know very little about FTP(S) so I'm afraid I can't help you with that
[14:13] <mason> Likewise.
[14:13] <Oskars__> No problem, thank you for the help you gave me, appreciated!
[14:14] <sdeziel> np
[22:26] <andybiker> Hi, I have a new ubuntu server running, but I have lost the ability to install software and updates. How can I reconfigure or test mirrors?
[22:26] <whosawhatsit> so I am trying out landscape. However when I apply package profiles they dont install correctly. The "Release" folder doesn't seem to get created properly on the target machines mean apt update fails
[22:28] <andybiker> I am interested to put glances on as I seem to get a hot processor reading
[22:29] <sarnold> andybiker: start with sudo apt-get update && sudo apt-get -u dist-upgrade
[22:29] <whosawhatsit> to get apt working cleanly again I have to "rm /etc/apt/sources.list.d/_landscape-internal-facade.list"
[22:29] <sarnold> if those give you errors you've got a place to start
[22:30]  * whosawhatsit is guessing nobody actually uses landscape
[22:34] <andybiker> Err:x http://gb.archive.ubuntu.com/ubuntu xenial/*     -- multiple errors
[22:34] <sarnold> andybiker: what errors?
[22:34] <andybiker> gb.archive and security  repositories inaccessible.
[22:35] <andybiker> Temporary failure resolving those sites
[22:35] <sarnold> curious; can you resolve other names alright?
[22:36] <andybiker> such as? I can access the server from my mint pc, so that seems okay
[22:37] <sarnold> I normally pick a few servers that are highly unlikely to be broken; something like ping www.google.com ; ping www.yahoo.co.uk ; ping yandex.ru
[22:39] <andybiker> Interesting... I believe google's ip address is 8.8.8.8 and that can be pinged, but www.google.com cannot!
[22:40] <sarnold> andybiker: what's in /etc/resolv.conf ? does it look sane?
[22:40] <sarnold> andybiker: 8.8.8.8 is just an open recursor that people are free to use; when you try to resolve www.google.com it'll resolve to something other than 8.8.8.8 :)
[22:41] <andybiker> nameserver 192.168.0.1 is the only relevant line
[22:41] <sarnold> can you ping that address?
[22:41] <andybiker> I disd wonder about 8.8.8.8! :)
[22:41] <andybiker> yes, I can ping the main router
[22:42] <andybiker> 4ms
[22:42] <sarnold> how about dns queries? dig www.google.com @192.168.0.1  or dig yandex.ru @192.168.0.1 ?
[22:42] <andybiker> 8.8.8.8 takes 33ms
[22:43] <sarnold> so, the funny thing about 8.8.8.8... it's got something like 250 MILLION users. That's people who have chosen to use Google's free recursive resolver rather than their ISP's resolvers..
[22:44] <andybiker> dig timed out, no servers found
[22:44] <andybiker> reached
[22:44] <sarnold> and because so many people use google's services, they have probably already looked up whatever it is you're about to look up, so they can give an answer right from teh cache. That knocks another 100ms off finding addresses, compared to asking a DNS recursor that doesn't have the answer cached already
[22:45] <sarnold> andybiker: okay; how about firewalls on this server or on 192.168.0.1 that might be blocking UDP 53 or TCP 53?
[22:47] <andybiker> I have two routers to check, but I have not blocked them. I did set up some fixed ip addresses but that is it connecting two routers together
[22:48] <andybiker> My virginmedia router is really noddy/simple and the netgear connected to it is dhcp disabled and acting as an access point/second wifi
[22:48] <andybiker> my pc and server have to go through two routers
[22:49] <andybiker> the second router, server and my pc have fixed ip addrsses
[22:56] <andybiker> sudo lsof -i TCP| fgrep listen gives no results,as does using UDP
[22:58] <andybiker> tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN
[22:58] <andybiker> udp        0      0 127.0.1.1:53            0.0.0.0:*
[22:58] <andybiker> from netstat -lntu
[22:59] <sarnold> is that on the 192.168.0.1 machine?
[23:00] <sarnold> note that the binding 127.0.1.1:53 means that that server can only handle requests from loopback interfaces; whatever DNS server you've got on that machine may need to be told that it should listen on 192.168.0.1 as well
[23:00] <andybiker> Hang on. The netgear router default is 192.168.1.1 and the Virgin box is 192.168.0.1 and the netgear was modified to 192.168.0.5
[23:01] <andybiker> Why is 127.0.1.1:53 being used?
[23:02] <andybiker> You have explines
[23:02] <andybiker> explained
[23:02] <andybiker> sorry!
[23:04] <andybiker> nameserver is 192.168.0.1, the main virgin router
[23:05] <andybiker> do I need a line for 127.0.0.1?
[23:06] <sarnold> no, the 127/8 range is Very Special. All those addresses wind up going to loopback
[23:07] <sarnold> so a DNS server listening on 127.0.1.1:53 can be reached by 127.1.1.1 or 127.0.0.1 or whatever, no trouble
[23:11] <andybiker> resolv.conf is okay with just one line. I can't ping specific websites by name. How about downloading the ubuntu packages locally to my mint machine and acting like a mirror here?
[23:12] <sarnold> while you can definitely do that I think you'd be better served by actually sorting out your networking / dns to make this work properly :)
[23:13] <sarnold> if you don't want to do that, you could pop the IP address for gb.archive.ubuntu.com into your /etc/hosts file and skip bouncing through your desktop
[23:15] <andybiker> btw /etc/hosts has 127.0.0.1  as localhost ans 127.0.1.1 as ubuntu (server)
[23:15] <sarnold> that's normal
[23:36] <trippeh> hm. ubuntu is not shipping a /usr/lib/systemd/resolv.conf?
[23:36] <trippeh> man systemd-resolved refers to it, but it is not showing up on my systems.
[23:37] <trippeh> (unrelated to previous discussion)
[23:38] <nacc> trippeh: it's mentioned as an option, not the onen used by default
[23:38] <nacc> afaict
[23:39] <trippeh> man says it should be there.
[23:40] <trippeh> "A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients that bypass local DNS APIs to systemd-resolved."
[23:40] <nacc> trippeh: the default is sytemd-resolved maintaining /run/systemd/resolve/resolv.conf
[23:40] <nacc> trippeh: read the line just above it
[23:40] <nacc> trippeh: three modes are supported
[23:40] <nacc> trippeh: it doesn't say that file is there by default or which of the three modes is the dfault
[23:41] <trippeh> yes, seems like the file should be shipped, so you can actually use the first mode if you want to.
[23:41] <sarnold> /etc/resolv.conf is Super Complicated with systemd-resolved. Sometimes it consumes the file. Sometimes it populates the file. much sadness.
[23:42] <andybiker> Hi sarnold. I have just been looking at the routers and there is only one using udp/tcp on 16396
[23:42] <trippeh> I just want stuff not using NSS to go through resolved, instead of to the upstreams directly.
[23:42] <nacc> trippeh: you can file a bug, but my point simply was nothing in the manpage says that file should be there (to me)
[23:42] <trippeh> nacc: "is provided" seems pretty clear to me :p
[23:43] <sarnold> andybiker: oh? none of the routers actually have a dns recursor for you to use? :)
[23:43] <trippeh> the symlink decides what actually happens anyway
[23:43] <nacc> trippeh: ah, i read that differently -- as in 'is provided...' by you
[23:43] <andybiker> That suprisingly is on the netgear. The virgin has no list of udp/tcp ports
[23:43] <nacc> trippeh: not by the package, but your way also makes sense. I'd file a bug if it's not alrady done
[23:44] <andybiker> Netgear has a dynamic dns option
[23:44] <andybiker> DynDNS or noip
[23:45] <nacc> trippeh: it's i /lib/systemd/resolv.conf
[23:45] <sarnold> those normally mean "contact dyn or similar and get them to provide me with DNS A entries" or something similar
[23:45] <nacc> trippeh: so i wonder if it's a typo in the manpage or in the way the pkg is built
[23:45] <trippeh> nacc: aaah!
[23:45] <sarnold> that's unrelated to having a DNS recursor
[23:45] <trippeh> so a simple documentation fail
[23:45] <nacc> trippeh: that's my initial read (i did an apt-file search resolv.conf | grep systemd)
[23:45] <andybiker> Port forarding!
[23:45] <nacc> trippeh: you can still file a bug, and xnox may be able to tell us :)
[23:46] <trippeh> I guess due to redhat going all in on /usr? :)
[23:46] <trippeh> while we use /
[23:48]  * trippeh is just replacing his client/servers/vms local unbounds with resolved
[23:48] <trippeh> which reminds me, I have some bugs to file on the unbound package as well.
[23:50] <andybiker> I have set up port forwarding for the server on the Netgear router : service ftp for udp/ftp on port start 53 to end 53 on internal and external ports
[23:50] <andybiker> tcp/udp
[23:53] <trippeh> sarnold: I almost found it sensible after reading the man page; but might have preferred having a resolved.conf option instead.
[23:53] <trippeh> have not put much thought into it of course.
[23:56] <sarnold> andybiker: 53 is dns. ftp is 20 and 21
[23:56]  * RoyK wonders why the systemd folks chose to put config files under /usr/lib instead of /etc
[23:56] <andybiker> I have set 53 on Netgear and 20-81 0n the virgin box
[23:56] <sarnold> RoyK: their vision is a completely empty /etc for a system that changes no defaults
[23:57] <nacc> i sort of agree with it, /etc is for customizatio
[23:57] <andybiker> sorry, 40-81
[23:57] <sarnold> trippeh: that's one of the hard parts .. a lot of systemd stuff sounds good from the docs. I'll be curious to hear your conclusions ;)
[23:57] <RoyK> sarnold: hm - ok - so what do you do with /usr/lib/systemd/resolv.conf? just create /etc/resolv.conf and that'll be accepted?
[23:57] <nacc> it then becomes clear(er) what is the default and what is changed locally, and their can be a comon inheritance pattern
[23:58] <trippeh> rl
[23:58] <trippeh> l
[23:58] <trippeh> oops
[23:58] <sarnold> RoyK: or /etc/systemd/resolv.conf or something like that. you've got check the docs to figure out what goes where.. and as trippeh finds, it might not always be correct unless you're on fedora. heh.
[23:58] <sarnold> nacc: having seen exim configs and sendmail configs i'm slightly supportive of the idea :)
[23:59] <trippeh> RoyK: /{,usr/}lib/systemd/resolv.conf is always pointing to 127.0.0.53
[23:59] <RoyK> some things are rather good in systemd, but then again, it turns my linux systems into something completely new, which is rather annoying, having used linux, being more or less the same, since 1994
[23:59] <nacc> sarnold: yeah .. and honestly, let's say you did edit some random file a few years ago, it's always hard to remember what you did :)
[23:59] <trippeh> RoyK: that is its sole purpose in life