| === JanC_ is now known as JanC | ||
| lordievader | Good morning | 07:31 |
|---|---|---|
| zioproto | hello ubuntu folks | 08:38 |
| zioproto | my monitoring system is not happy because of these errors in kern.log https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1705447 | 08:38 |
| ubottu | Launchpad bug 1705447 in linux (Ubuntu Zesty) "misleading kernel warning skb_warn_bad_offload during checksum calculation" [Medium,Fix released] | 08:38 |
| zioproto | this happens on Bare Metal | 08:39 |
| zioproto | I guess I can safely ignore them ... is anyone else hitting this stuff ? | 08:39 |
| jamespage | coreycb: https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1677207 seem familiar to you? I'm not sure our flush cache/upgrade bits are working in the horizon pacakges. | 09:57 |
| ubottu | Launchpad bug 1677207 in horizon (Ubuntu) "dashboard not workable after upgrade from newton to ocata" [High,Confirmed] | 09:57 |
| zioproto | good... some Ocata bugs are popping up before I start my upgrade :) | 10:04 |
| coreycb | jamespage: ah, is it memcache do you think? | 11:49 |
| hehehe | hey hey | 12:17 |
| hehehe | if I am making new sftp user - chrooting it to images directory and using strong password is all that I need? | 12:17 |
| hehehe | :) | 12:17 |
| hehehe | just a user who can upload images via www :D | 12:18 |
| jamespage | coreycb: I don't think so | 12:18 |
| hehehe | Match Group sftp_users - whats that for ?X11Forwarding no AllowTcpForwarding no ChrootDirectory /images | 12:19 |
| hehehe | ok I see whats up | 12:29 |
| hehehe | :) | 12:29 |
| hehehe | its to catch users to whom following commands apply | 12:29 |
| hehehe | however in my cases, dirs are owned by root:www-data lol | 12:29 |
| hehehe | can I use Match user somehow instead of a group? | 12:30 |
| hehehe | so I add 1 more user to www-data group :) | 12:30 |
| hehehe | mm anyhow now I see that entire path have to be root:root | 13:18 |
| hehehe | but my php app required group write read access | 13:18 |
| hehehe | via group | 13:18 |
| rbasak | nacc: "debian/changelog must exist in source packages" | 13:50 |
| rbasak | Looks like that's only just become a requirement. | 13:50 |
| rbasak | Interesting for us. | 13:50 |
| nacc | rbasak: where is that? | 15:12 |
| rbasak | nacc: lastest Debian policy change. | 15:26 |
| rbasak | Sent to devel-debian-announce | 15:26 |
| nacc | rbasak: ah | 15:27 |
| nacc | rbasak: I mean, beyodn perhaps adding it to the linter, what do you expect to chagne? | 15:28 |
| rbasak | nacc: I mean that we're assuming that it exists when importing historical packages. | 15:46 |
| rbasak | But I suppose if it did in practice, then we're OK. Hence interesting rather than a problem. | 15:46 |
| nacc | rbasak: ah ok | 15:47 |
| nacc | rbasak: yeah, I think we just would't see any versiosn | 15:47 |
| nacc | rbasak: which would mean orphans | 15:47 |
| nacc | perhaps we'd fail to tag too | 15:47 |
| nacc | not sure | 15:47 |
| nacc | rbasak: is your schedule pretty full today, or do you think you'll be able to get to ay of the reviews? | 15:48 |
| rbasak | nacc: seems unlikely, sorry. Do you have any small ones you can point out that I can try to tackle when I find a few minutes here and there? | 15:59 |
| nacc | rbasak: no it's fine, just gauging my own expectations | 16:00 |
| lol768 | https://help.ubuntu.com/community/UFW states that "By default, UFW allows ping requests" | 16:02 |
| lol768 | the minute I do an "ufw enable", I can no longer ping6 the server, or ping6 out from it | 16:03 |
| nacc | rbasak: the only one that definitively you need to review is the queue change | 16:22 |
| nacc | rbasak: was cjwatson's suggestion that we add a Git-Ubuntu: field to the DSC? | 17:43 |
| nacc | rbasak: i see dgit adds a Dgit | 17:43 |
| === hehehe is now known as misterjones | ||
| drab | hello .o/ | 18:12 |
| sarnold | hey drab :) | 18:12 |
| drab | I'm considering doing something "different" for our centralized home dirs and hoped to hear some opinions | 18:13 |
| drab | basically right now we have a standard ldap + nfs shares, users auth against ldap and pam_mount mounts their homedir | 18:13 |
| drab | however as I've been moving stuff to containers nfs is a pita becuase the userspace version is awfully slow and the kernel version won't run in a container | 18:14 |
| drab | there's also the problem that a network blip and/or issue with the nfs server freezes up the clients very badly | 18:14 |
| drab | I've read that may be fixed using soft rather than hard mounts with nfs tho | 18:15 |
| drab | in any case, as I was trying to help some folks with a samba share, I came across some links wondering if I could use samba for homedirs... | 18:15 |
| drab | it turns out there's some largish university campuses doing homedirs on samba as it can be interoperated with windows too, but generally I've not seen a lot of setups like that and wondered how crazy of an idea it is | 18:16 |
| nacc | i mean, i'd expect to see some similar caveats a la network blips | 18:16 |
| nacc | i'm not sure how resilient samba is to long outages | 18:16 |
| sarnold | soft mounts definitely help nfs clients | 18:17 |
| drab | I've no experience with samba so wondering if: a) is it performing alright compared to nfs? (will test of course) 2) is it crazy to put homedirs on it coupled with ldap? | 18:17 |
| nacc | and/or how it reconciles remote changes onn the server | 18:17 |
| nacc | drab: +1 on soft, though | 18:17 |
| drab | tbh the most appealing part of this is avoiding to run kvm so that I can run nfs-kernel-server | 18:18 |
| drab | right now I'm 99% lxc with the exception of the nfs server, requiring kvm | 18:18 |
| drab | and that means handing off the infra to people requires them to know how to deal with that too which isn't terribly hard but does add some complications | 18:18 |
| drab | so if I could be 100% lxc using samba for homedirs that would be, in the larger picture, quite a win | 18:19 |
| drab | but I don't want of course to ruin it for all the users by making their experience terrible | 18:19 |
| nacc | drab: in theory, could your VM be a privileged container? | 18:19 |
| drab | nacc: the thing is, that doesn't really solve the isolation issue... I've had nfs locking up on the server and taking down the whole thing | 18:20 |
| nacc | drab: ah sure | 18:20 |
| nacc | drab: yep, i can see that happening :) | 18:20 |
| drab | so even if I could do a privileged containres, which I guess would solve having kvm | 18:20 |
| nacc | yeah, if you need isolation, then that's a different issue | 18:20 |
| drab | I don't quite feel comfortable given everything else going on on that box | 18:20 |
| nacc | yep | 18:20 |
| drab | yeah, but you're right, that would solve my kvm issue | 18:20 |
| sarnold | drab: are you sure the samba mounts _would_ be allowed? | 18:20 |
| nacc | drab: nfs lockinng up in the kernel? | 18:20 |
| drab | nacc: yes, basically locking up the machines, doing something bad to the drives, whatever | 18:21 |
| drab | ending up impacting all the other containers/services on that box | 18:21 |
| drab | sarnold: based on what I read, it looks like it. this is the best link so far: | 18:21 |
| drab | https://sites.duke.edu/linux/cifs-nfs-homes/ | 18:21 |
| drab | so it seems the workflow is the same | 18:21 |
| drab | except it uses pam_cifs | 18:22 |
| drab | altho right now I'm using autofs to mount the homes, not even pam_mount | 18:22 |
| drab | but that should also work with samba no prob | 18:22 |
| drab | except that samba requires user/pwd so maybe pam is required in this workflow | 18:22 |
| drab | the added benefit to using samba over nfs is auth | 18:22 |
| sarnold | drab: btw i've had success unsticking nfs mounts by bringing up the IP address of the server on an interface, exporting an identically-named filesystem, and umounting | 18:22 |
| drab | good to know, thanks for sharing | 18:23 |
| drab | I guess I'll take it as a good sign that neither of you called me crazy and begin experimenting :) | 18:27 |
| drab | that will give me a better sense, the general principle seems fairly simple/standard, I just have no clue how well samba is going to handle disconnections or multiple logins (sometimes ppl forget to log out and their home stays mounted) | 18:28 |
| nacc | ahasenack: --^ has also been doing quite a bit to get samba up to snuff relative to bug reports | 18:28 |
| nacc | he may have further insights | 18:28 |
| drab | that's another pretty annoying this I found no good solution to... log people out after inactivity | 18:29 |
| drab | ok, cool, thanks | 18:29 |
| drab | always good to be here, you guys are great :) | 18:29 |
| sarnold | drab: check out systemd-logind for the idle thing. | 18:30 |
| drab | k, thanks | 18:31 |
| drab | brb | 18:31 |
| sarnold | my own experience with samba is decades ago at this point but I recall being massively annoyed at how many bloody authentication types there are. public, share-level security, user auth, etc etc | 18:31 |
| sarnold | but if you get to run the server and clients and control them yourself you can probably get something happy | 18:32 |
| coreycb | beisner: hi, can you please promote horizon 3:11.0.3-0ubuntu3~cloud0 to ocata-proposed? it's a high-priority fix for upgrade from newton->ocata. | 20:49 |
| beisner | hi coreycb - on that ^ | 20:50 |
| coreycb | beisner: cheers, thanks | 20:51 |
| drab | sarnold: nacc: fwiw found this which seems possibly problematic: https://github.com/lxc/lxd/issues/3442 | 22:12 |
| drab | but stgraber says he has it working so maybe I'm misunderstanding the issue | 22:12 |
| nacc | drab: do you use zentyal? | 22:12 |
| drab | I only need to serve files, not even the DC part, altho it'd be nice to do that later | 22:12 |
| drab | I don't , but it didn't seem zentyal specific, maybe I misread | 22:13 |
| drab | the problems seemed to be related how samba stores the acls in the security.* namespace | 22:13 |
| nacc | drab: zentyal sets the --use-xattrs bits | 22:14 |
| nacc | drab: but not really sure either | 22:14 |
| nacc | i'd try it and see :) | 22:14 |
| drab | heh, I'm setting stuff up nowish, had to deal with some broken hardware and building sorting box frames | 22:14 |
| drab | the "fun" part of being a charity is that we hold on whatever junk we can get our hands on for the rainy days | 22:15 |
| drab | it's like a flashback 20yrs in my father's garage... | 22:15 |
| drab | I don't think he ever threw away a single screw, everything had to come off before the boards ended up in the bin | 22:16 |
| nacc | that's how my dad was too | 22:16 |
| nacc | i had one of his boxes of screws until it got rained | 22:16 |
| nacc | somehow he kept it totally organized by type, size, thread, etc. too | 22:16 |
| * drab nods | 22:16 | |
| drab | I think the first tool I was every introduced to was a labelling machine :P | 22:17 |
| nacc | heh | 22:17 |
| drab | now that it's up to me I just write with sharpies on masking tape lol :P | 22:18 |
| nacc | yeah, that's what we do in our pantry, e.g. :) | 22:18 |
| stgraber | drab: the xattrs stuff is configurable IIRC and my DC is deployed manually through samba-tool, so I'm simply not passing that particular option | 22:18 |
| drab | stgraber: sounds good, thanks for chiming in | 22:18 |
| drab | stgraber: any chance you have an opinion on the craziness of replacing nfs+ldap with samba+ldap for centralized homedirs for a bunch of linux desktops? | 22:19 |
| stgraber | I haven't done either in a while. I used to do that kind of stuff for school districts in a previous life and I seem to remember both being annoying but in different ways :) | 22:20 |
| nacc | heh | 22:20 |
| drab | yep, that's exactly where I am... edu charity/school and being annoyed :P | 22:21 |
| stgraber | IIRC we'd usually do nfs on trusted networks where no sharing was needed with Windows and cifs for the rest | 22:21 |
| drab | I guess testing will tell... getting to it | 22:21 |
| drab | yeah, I'd normally do that if it wasn't that I'm trying to get everything into containers | 22:21 |
| drab | and nfs-kernel-server won't play nice with it and still be a nuisance to the host if I go with a privileged container | 22:22 |
| drab | samba would solve that problem, which is quite a plus in this setup | 22:22 |
| stgraber | yeah, and the old nfs-user-server wasn't exactly fun to use :) | 22:22 |
| drab | yap | 22:22 |
| Village | Hello, | 23:02 |
| Village | what's best SMTP server is on ubuntu 16.04? | 23:03 |
| Village | Where you can chnge ports? | 23:03 |
| nacc | Village: 'best' is a really ... vague ... term to use. I would think every SMTP server worth using is configurable as to what port it listens onn. | 23:06 |
| nacc | Village: which have you looked at? | 23:07 |
| Village | I want that Internet Site can send emails via SMTP and email addresses sender by not same.. | 23:08 |
| Village | now i looking | 23:08 |
| Village | postfix | 23:08 |
| drab | postfix is good | 23:14 |
| drab | postfix and exim are 2 of the common ones and largely a matter of taste which one you pick | 23:15 |
| drab | personally exim would drive me bonkers each time I tried to configure it and always stuck with postfix, but really it's just a personal preference thing | 23:15 |
| drab | Village: ^^ | 23:15 |
| Village | Ok, i have at mind that two of best is postfix and exim | 23:22 |
| Village | but i wanna know google smtp not allow send user@gov.us ? | 23:23 |
| drab | why do you think it does not? | 23:27 |
| Village | i don't know need try | 23:29 |
| oerheks | make sure you leave a copy on your gov.us server :-D | 23:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!