/srv/irclogs.ubuntu.com/2017/11/15/#ubuntu-server.txt

beatzz	I just installed Ubuntu Server 17.10 on a new system, with LAMP & OpenSSH selected for install.	00:34
beatzz	I ran ufw default settings, and allowed ssh + http	00:34
beatzz	modified /etc/netplan/01-netcfg.yaml for a static ip setup	00:35
beatzz	and I am connected, I am able to apt-get update/upgrade	00:35
beatzz	but I am getting no connection to my server via ssh/http	00:36
beatzz	the router's port mapping is also correct, wide open to the servers ip address.	00:36
beatzz	from my point of view, it looks like it should work. Anyone have any insight on this situation for me?	00:37
sarnold	does netstat or ss show apache listening on the ports and adresses you expect?	00:39
beatzz	yes, both	00:39
beatzz	sudo netstat -anp \| grep apache && ssh both return LISTEN	00:40
sarnold	does netcat on localhost work to connect to those services? how about netcat on another host on the LAN?	00:41
beatzz	although it dosent specify the address, just "tcp6 0 0 :::80 :::* LISTEN 892/apache2"	00:41
sarnold	does 'nc ::1 80' work?	00:42
beatzz	I will check	00:43
beatzz	no error, but it's not returning anything	00:43
beatzz	and has not returned my command-prompt	00:44
sarnold	try something like HEAD /<enter> and see if you get a nice error reply from your server	00:44
sarnold	I can't recall enough http by hand..	00:44
beatzz	"HEAD /" at the command-prompt?	00:45
sarnold	in netcat, to your webserver	00:45
beatzz	ahhhh	00:45
beatzz	that returned some info	00:45
sarnold	good good, okay, ssh next :) what address / port is openssh listening on?	00:46
beatzz	"400 bad request"	00:46
beatzz	22	00:46
sarnold	and the address?	00:46
beatzz	local address is 192.168.11.2	00:46
sarnold	does netstat or ss output show openssh listening on that address? or on 0.0.0.0?	00:47
beatzz	0.0.0.0	00:47
sarnold	okay, so something like echo hi \| nc localhost 22 ought to spit out the openssh banner	00:48
beatzz	"SSH-2.0-OpenSSH_7.5p1 Ubuntu-10 Protocol mismatch."	00:49
sarnold	okay, cool, so the services do seem to be up and working, one reachable via ipv4, one via ipv6... now try from another host on the LAN and make sure that they can be contacted	00:50
beatzz	aye	00:50
beatzz	Connection timed out on both	00:52
beatzz	I will try ipv6 address in web-browser	00:52
beatzz	that didn't work either.	00:54
sarnold	connection timed out sounds like a firewall configured to DROP packets; can the testing host contact other hosts on the LAN? on the network?	00:54
beatzz	yes	00:54
beatzz	I have a slackware VM that I can connect to, both http & ssh	00:56
sarnold	networking to VMs is funny..	00:57
beatzz	I'm booting it up now	00:59
beatzz	configuring it's eth0, and I will test it's connection via LAN	01:00
beatzz	just to be sure	01:00
beatzz	okay, roger. I am connected to my slackware server at 192.168.11.7, on both ports 80, and 22 (http/ssh)	01:02
beatzz	from my laptop here	01:02
beatzz	hey I appreciate your help sarnold, I think maybe I need to make an ubuntu forums post, displaying all these results.	01:04
sarnold	beatzz: alright; once you get there be sure to inclde the iptables -L output .. I don't know how to drive iptables real well, so that might not be the exact command..	01:05
sarnold	just whatever dumps all the rules.	01:05
beatzz	for sure, hey thanks a lot though	01:07
sarnold	good luck, have fun :)	01:07
beatzz	for real, thanks for helpin out :)	01:07
beatzz	this is my first run with ubuntu *	01:08
drab	tcpdump is good too	01:08
drab	to see if packets are getting there at all	01:08
drab	even if they get dumped	01:08
drab	also you can always add a LOG rule to iptables as last	01:08
drab	to figure out if that's what's happening	01:08
drab	beatzz: ^^	01:09
beatzz	aye, I shall	01:09
beatzz	gana go register at the ubuntu forums	01:09
drab	what for, try the above first :)	01:11
beatzz	tcpdump returned 109 packets captured	01:11
drab	on port 22?	01:11
beatzz	136 packets recieved by filter	01:11
beatzz	27 dropped by kerenel	01:12
drab	tcpdump -i $interface port 22	01:12
beatzz	kernel*	01:12
drab	run 'tcpdump -i $interface port 22' then go to you client and try to ssh in	01:12
drab	see if anything shows	01:12
beatzz	roger, client is attempted to connect.... and nothing	01:13
beatzz	connection timed out on client, tcpdump returns nothing.	01:13
drab	ok	01:13
drab	sudo ufw logging on	01:14
drab	then try again to ssh in	01:14
drab	grep "DST=22" /var/log/syslog after trying to connect/timeout	01:15
drab	if taht shows any output paste on dpaste.com, not here	01:15
beatzz	it outputs a shit ton	01:16
beatzz	but the server is on another system, I don't think I can dpaste it	01:16
beatzz	unless, does ubuntu server have a gui I'm not using?	01:16
beatzz	[UFW BLOCK] looks disturbing...	01:17
drab	grep "DST=22" /var/log/syslog \| head \| netcat termbin.com 9999	01:18
drab	run that on the server and paste the resulting output link	01:19
beatzz	oh shit, cool trick	01:20
beatzz	http://termbin.com/nhmj	01:20
sarnold	all those DST packets look like multicast	01:21
drab	oh, I'm an idiot, lol	01:21
drab	I meant DPT	01:21
beatzz	no worries, one sec	01:21
drab	grep "DPT=22" /var/log/syslog \| head \| netcat termbin.com 9999	01:21
drab	in fact, just in case	01:21
drab	grep "DPT=22 " /var/log/syslog \| head \| netcat termbin.com 9999	01:21
drab	note the space	01:21
beatzz	roger	01:22
beatzz	it returned with no link?	01:22
drab	ok, so there's nothing, run it without the head/netcat, just the grep	01:22
drab	it should show no output, which means there's no ssh pkts (destinated to port 22) ebing dropped	01:22
beatzz	aye, again, nothing	01:23
drab	are you running ssh on a weird port?	01:23
sarnold	no link when there's nothing? that's very handy of them :)	01:23
beatzz	nope, port 22	01:23
beatzz	i have not edited /etc/ssh/ssh_config	01:23
drab	ok, so ufw is not dropping your ssh connections	01:23
drab	and tcpdump is not showing any ssh traffic	01:23
beatzz	aye	01:23
beatzz	i will show you ufw status	01:23
drab	so your problem is network, nothing to do with ssh or firewall	01:23
drab	pkts are simply not getting there, maybe swallowed by the VM Host's network interface	01:24
sarnold	beatzz: do all hosts involved agree on netmask and network addresses? :)	01:24
beatzz	http://termbin.com/uz65	01:24
beatzz	this ubuntu server is not a VM	01:24
drab	yeah like I said I don't think your issue is UFW	01:24
beatzz	aye, I agree	01:24
beatzz	so network-ish problem	01:25
drab	so again, what's your network layout?	01:25
drab	what ip/netmask are the client and server on and what's in between them	01:25
beatzz	I have routers port mapping wide open for both TCP/UDP to 192.168.11.2	01:25
beatzz	I have assigned a static IP of 192.168.11.2 to this ubuntu server	01:25
beatzz	via editing /etc/netplan/01-netcfg.yaml	01:26
drab	on the server, ip addr ls && ip route ls\| netcat...	01:27
beatzz	http://termbin.com/el91	01:27
drab	paste the link	01:27
beatzz	;)	01:27
drab	no, not useful, that's just a config, I want to see reality	01:27
drab	I mean, good to knwo you have that config, but that doesn't necesasrily imply it's being applied/etc	01:27
drab	so do the above pls	01:27
beatzz	ahh you want ifconfig?	01:27
drab	I want the above, ip addr ls...	01:28
beatzz	sorry, roger	01:28
drab	nothing to be sorry about	01:28
beatzz	http://termbin.com/pi6j	01:29
drab	uhm, I guess && doesn't work, that's only iproute	01:29
drab	can you just do ip addr ls \| netcat ... pls	01:29
beatzz	http://termbin.com/3sxw	01:30
beatzz	and just for reference, here is the full 01-netcfg.yaml : http://termbin.com/7mo4	01:31
drab	ok, where are you trying to ssh from?	01:32
drab	where's the client?	01:32
drab	and please confirm the server is an ubuntu server 16.04 on baremetal, no VM	01:33
drab	and is that connected with a cable to the router and the router to the internet?	01:33
beatzz	Ubuntu Server 17.10, not a VM (192.168.11.2)	01:34
beatzz	and I'm on irc on my laptop (192.168.11.20)	01:34
drab	ok, so both server and client are on the lan, correct?	01:34
beatzz	Ubuntu server is connected via ethernet cable to router, and laptop wifi, siting with both screens in front ofm e	01:35
beatzz	yessir	01:35
drab	ok	01:35
drab	please paste ip addr ls and ip route ls from the laptop	01:35
beatzz	windows :(	01:35
drab	ipconfig /all from cmd, copy paste to dpaste.com	01:35
beatzz	roger	01:36
beatzz	ipconfig /all --> http://dpaste.com/0RZQH89	01:36
drab	how are you running ssh?	01:37
beatzz	PuTTY on my windows client	01:38
beatzz	I have a successful ssh connection to my slackware-linux VM at 192.168.11.7	01:38
beatzz	via PuTTY	01:39
drab	ok, from cmd, ping 192.168.11.2	01:39
beatzz	"request timed out"	01:39
drab	ok	01:39
drab	ping 192.168.11.1 works?	01:40
drab	(it has to, but wth..)	01:40
beatzz	aye, working	01:41
drab	from the slackware VM, ping 192.168.11.1 , works?	01:41
drab	and then ping .2	01:41
drab	then from 11.2 ping 11.1 and 11.20	01:42
beatzz	SlackVM > 192.168.11.1 working	01:42
beatzz	SlackVM > Ubuntu Server, not	01:42
beatzz	Ubuntu > 192.168.11.1, working	01:43
drab	do you have a smartphone?	01:43
beatzz	Ubuntu > others, not	01:43
beatzz	yes	01:43
drab	ios/android?	01:44
beatzz	ios	01:44
drab	https://itunes.apple.com/us/app/termius/id549039908?mt=8	01:44
drab	install that	01:44
drab	it's free	01:44
beatzz	installing	01:45
beatzz	ready to use	01:45
beatzz	new host... ?	01:45
drab	ok, ssh to ur ubuntu server :)	01:45
drab	yeah	01:45
drab	add 192.168.11.2	01:45
drab	and connect	01:45
drab	also while you're at it, will come handy: https://itunes.apple.com/us/app/ping-network-utility/id576773404?mt=8	01:46
beatzz	attempting to connect	01:47
drab	I'm assuming phone is on wifi on the same router?	01:48
beatzz	aye	01:48
drab	ok, timed out I assume, if it was working it'd worked by now	01:48
drab	get that ping app, just to confirm	01:48
beatzz	did	01:49
drab	and try to ping it	01:49
beatzz	Request time-out	01:49
drab	yeah, fair enough	01:49
drab	do yuo have access to the web interface of the router?	01:50
beatzz	so strange O_O	01:50
beatzz	yes	01:50
drab	login, look for tools or something, there should be a diagnostic tab that let you run ping	01:50
drab	find it, ping 192.168.1.2	01:50
beatzz	works	01:51
drab	does it have telnet too by any chance?	01:52
beatzz	negative	01:52
drab	k, np	01:53
drab	can you find a "connected clients" tab on it?	01:53
drab	that shows mac addresses	01:53
drab	it should show your ubuntu server	01:53
drab	mac address	01:53
beatzz	that, it does not have.	01:53
drab	that's weird	01:53
beatzz	I've been lookin for that for a few days now.	01:53
beatzz	i know, but trust me, I've scoured the routers setup, it just dosnt have one	01:54
drab	k	01:54
drab	have you ever used 192.168.11.2 with something else?	01:54
beatzz	yes	01:54
drab	ok, can you change the ip please to something you've not used before, say 222 ?	01:55
beatzz	it was the static address of my SlackVM, prior to setting up the ubuntu server	01:55
beatzz	it is also outside the dhcp block	01:55
beatzz	I will, my wifes demanding I take the trash out though :/	01:55
beatzz	brb	01:56
drab	happy wife happy life, one thing I try hard not to forget	01:56
beatzz	okay	02:00
beatzz	so, change the IP address of the ubuntu server	02:00
drab	yep	02:01
drab	then try the ping dance again pls, one host is enough + the router	02:01
beatzz	okay	02:06
beatzz	Ubuntu Server is now on 192.168.11.8, dynamically assigned via DHCP	02:06
beatzz	Laptop(20) ping> Unbuntu, request timed out	02:07
beatzz	SlackVM(7) ping> Ubuntu, request timed out	02:07
beatzz	Router(1) ping> Ubuntu, working	02:08
drab	from the phone also no joy?	02:08
drab	I'm kinda wary about the laptop as Vbox can mess up networking	02:09
beatzz	iphone ping> ubuntu, request time out	02:09
beatzz	shouldn't, it's configured properly	02:09
* drab scratches head		02:10
beatzz	Ubuntu server ping> other machines, not working	02:10
beatzz	Ubuntu server ping> router, working	02:10
beatzz	im just gana turn off ufw and see what happens	02:11
drab	does phone to laptop work?	02:11
drab	if ufw was a problem blocking pings it'd block the router too	02:11
drab	but sure, try that	02:12
beatzz	hmmm... Phone ping> laptop, not working	02:12
drab	bingo	02:12
drab	ok	02:12
drab	should have thought of that earlier	02:12
drab	so it has nothing to do with the ubuntu server	02:12
drab	host to host communication on ur network is screwed up	02:12
drab	nodes can talk to the router they are directly connected to, but not to each host	02:12
drab	laptop to VM obviously work because they r on the same physical host	02:13
beatzz	but I can view my webserver from phone?	02:13
drab	u can? on the slack VM?	02:13
beatzz	yup	02:13
beatzz	you might be able to as well	02:13
drab	ah, holy cow	02:13
drab	ok	02:13
beatzz	http://beatzz.co	02:13
drab	yeah it's up	02:14
beatzz	right, and from within LAN, I can http://192.168.11.7	02:14
drab	from the ubuntu box	02:14
drab	telnet 192.168.11.7 80	02:14
beatzz	how so? with lynx?	02:15
drab	telnet :)	02:15
beatzz	"Trying 192.168.11.7..."	02:15
drab	you can basically work through any protocol using telnet if you speak it	02:15
drab	used to send emails with it :P	02:15
drab	argh	02:16
sarnold	I prefer netcat since it's easy to get out of	02:16
drab	true	02:16
sarnold	and telnet treats some chars as magic	02:16
drab	but the phone can see http://192.168.11.7 , correct?	02:16
beatzz	yup	02:16
beatzz	ubuntu box is not doing anything with telnet	02:16
drab	but cannot ping it?	02:17
drab	ok	02:17
drab	phone -> slack, no ping?	02:17
beatzz	roger	02:17
beatzz	phone > slack, no ping	02:17
drab	you're positive yuo did telnet 192.168.11.7 80 yes? including the 80 at the end	02:18
beatzz	yessir	02:18
* drab scratches head		02:18
beatzz	if finally returned something too	02:18
beatzz	"telnet: Unable to connect to remote host: Connection timed out"	02:19
drab	right, np	02:19
beatzz	so basically, host > host, no ping	02:19
beatzz	only thing that returns a ping, is host > router	02:20
beatzz	and router > host	02:20
drab	if the phone couldn't get to the webserver I'd thought the router somehow was isolating the nodes	02:20
drab	but since it can, that can't be true	02:20
drab	are you running a firewall of sort on slack or blocking ipngs on win?	02:21
drab	can the phone ping the laptop?	02:21
sarnold	< beatzz> hmmm... Phone ping> laptop, not working	02:21
beatzz	nope	02:21
beatzz	no host > host ping	02:21
sarnold	did you double-check the netmask and IPs on all the hosts?	02:22
drab	sarnold: but phone > slack http works	02:23
drab	that's what is so damn weird	02:23
drab	but windows can block pings	02:23
beatzz	and ssh	02:23
drab	so the ping not working may be ok	02:23
sarnold	.. and VM networking software sometimes only ever works for TCP and UDP and drops everything else on the floor	02:24
drab	on the phone you put "http://192.168.11.7" in your browser?	02:24
beatzz	yeah, or just the IP works as well.	02:24
drab	sarnold: true, but telnet 192.168.11.7 80 doesn't work, which is tcp	02:24
drab	what's ip route ls and ip addr ls on the slack VM?	02:25
drab	and how is virtual box network configured? bridge mode?	02:27
beatzz	ip route ls --> 127.0.0.0/8 dev lo scope link 192.168.11.0/24 dev eth0 proto kernel scope link src 192.168.11.7 metric 202	02:27
beatzz	bridged, yes	02:27
drab	sudo tcpdump -i lxdbr0 icmp on the ubuntu server	02:30
drab	ping it from the phone	02:30
drab	and from the router	02:30
sarnold	lxdbr0?	02:30
drab	eer, sorry	02:30
drab	that was my test	02:30
drab	-i whatever your interface	02:30
sarnold	that's what that smelled like :) hehe	02:30
beatzz	phones ping utility shows request time-out	02:33
beatzz	tcpdump shows nothing	02:33
beatzz	which means the ping request is getting blocked at the router	02:33
beatzz	aye?	02:33
beatzz	which makes sense, why we cant ping host > host	02:34
drab	if you ping from the router do you see the pings?	02:34
beatzz	yes, router > host works	02:34
beatzz	on all hosts	02:34
drab	but yes, it feels like somehow traffic is dying at the router... no idea why	02:34
drab	ufw is stopped?	02:35
drab	sudo iptables -L -v , shows no rules all ACCEPT?	02:35
drab	on the ubuntu server	02:35
sarnold	sometimes routers have buttons to prevent wifi segments frmo communicating with wired segments	02:36
drab	oh, good call sarnold	02:37
drab	beatzz: check that, will ya?	02:38
drab	or otherwise, plug the ethernet cable straight into ur laptop if you have a port	02:38
drab	and try that, I was gonna suggest that anyway because I'm out of guesses...	02:39
beatzz	aye, me too	02:39
beatzz	i think we've beat this horse to death	02:39
drab	poor horse	02:39
beatzz	gana give it a rest	02:39
beatzz	thanks for the support drab & sarnold	02:40
drab	wait, last test!	02:40
drab	check the router :P	02:40
drab	what model is it?	02:40
beatzz	ummm...	02:40
beatzz	buffalo WZR-300HP	02:40
drab	https://superuser.com/questions/856499/buffalo-wzr-1750dhp-cant-reach-the-lan-side-using-wireless	02:41
drab	According to the manual that router supports SSID and Wireless Client isolation	02:41
drab	:........(	02:41
drab	sarnold wins	02:42
drab	maybe	02:42
beatzz	so wait, okay	02:42
beatzz	if thats the case	02:42
beatzz	I should be able to access the http server from another network	02:42
beatzz	http/ssh on the Ubuntu server	02:42
drab	altho that's not quet what it says, it says wireless client isolation, not to lan	02:42
beatzz	from outside my network	02:42
drab	yes	02:42
drab	if you put it back on 2 / the port forwarding on the router matches	02:43
beatzz	port forwarding goes to 8	02:43
beatzz	its currently open	02:43
drab	doesn't seem to be quite it actually	02:44
drab	If enabled, the Wireless client isolation blocks communication between wireless devices	02:44
drab	connected to the AirStation. Wireless devices will be able to connect to the Internet	02:44
drab	but not with each other. Devices that are connected to the AirStation with wired	02:44
drab	connections will still be able to connect to wireless devices normally	02:44
sarnold	what about connections from wireless to wired? o_O	02:45
drab	didn't work	02:45
beatzz	omfg	02:45
drab	no ping from laptop to ub or phone to ub	02:45
beatzz	it works	02:45
beatzz	you should be connecting to it as well	02:45
drab	ok, so sarnold wins somehow still	02:45
beatzz	from http://beatzz.co	02:45
sarnold	hahaha	02:45
sarnold	beatzz: apache default page! \o/	02:46
beatzz	refresh ur browser, and it will show the ubuntu	02:46
beatzz	holy nuts	02:46
drab	ever watched office space?	02:46
sarnold	printer scene	02:46
beatzz	yeah	02:46
beatzz	to the buffalo router	02:46
drab	it's almost xmas, get urself another router... le sigh	02:46
beatzz	damn	02:46
beatzz	i was just starting to smell smoke coming out of my ears a minute ago	02:47
beatzz	like, wth, everything is correct	02:47
drab	ok, this is a good time to quit, I'm out	02:48
sarnold	gnight drab :)	02:48
beatzz	thanks so much man	02:48
drab	like I said the other day, trust in sarnold, ignore everybody else	02:48
drab	ttyl	02:49
=== JanC_ is now known as JanC
=== JanC_ is now known as JanC
=== JanC_ is now known as JanC
=== JanC is now known as Guest67213
=== JanC__ is now known as JanC
=== JanC__ is now known as JanC
beatzz	just another shout out to drab and sarnold ! Server's up and running, nice and safe behind firewalls and stuff. http://www.beatzz.co	06:28
oerheks	now get your free ssl certificate :-)	06:29
cpaelzer	cpaelzer: xnox: yes we enable nested by default on e.g. intel as smb pointed out	07:13
cpaelzer	cpaelzer: I wanted to drop that (an admin can still opt in at any time) but I see that this might be too much of a churn for all of the consumers of qemu	07:14
cpaelzer	xnox: smb: on s390x yeah - I don't vote to make it nestes=1 by default (as it isn't atm), but users should be able to switch it on	07:14
cpaelzer	smb: did I get you right that due to not being a module you can't set the value to 1 ?	07:15
lordievader	Good morning	07:16
cpaelzer	hi lordievader	07:16
lordievader	Hey chamar (IRC)	07:17
lordievader	cpaelzer (IRC)*	07:17
lordievader	How are you doing?	07:17
cpaelzer	oh I got an asterisk :-)	07:18
cpaelzer	doing good	07:18
cpaelzer	skipped the disturbing mails for now :-)	07:18
lordievader	Hahaha	07:18
lordievader	Nice	07:18
stoned	Hello	07:32
stoned	Do you know of any bash scripts someone might have written to quicky deploy services, setup services, etc, on newly created ubuntu server instances or installs?	07:33
lordievader	I use puppet for such things.	07:38
rbasak	cloud-init?	07:38
rbasak	Or yeah: puppet, ansible, chef, etc.	07:38
stoned	Here's how I have things setup	07:42
stoned	I have git repository in /etc/ where I backup my config files	07:42
stoned	All my static sites live in git repositories	07:42
stoned	my nginx vhosts live in git repositories	07:43
stoned	Say I spin a new ubuntu 16 lts server on rackspace	07:43
stoned	I want to clone the server I already have	07:43
stoned	I dunno how	07:43
stoned	:)	07:43
rbasak	Cloning is a poor approach because you end up with an unreproducible machine carrying problems forward over time. Instead, look into codifying your deployments: having the minimal code that can be applied to a fresh server to make it how you want it. Then edit your code rather than the server.	07:48
rbasak	Deploying multiple servers from that state is trivial.	07:48
rbasak	And you can also write automated tests for your deployments.	07:49
stoned	Well, I'm thinking, I could write a bash script intead of depending on config management things.	07:49
rbasak	For basic deployments, supplying cloud-config via cloud-init is the easiest way to do this.	07:49
stoned	a script that basically installs the packages I need, as well as cloning the git repositories I need, and then copying the configs over	07:49
stoned	that sound like a sound approach?	07:49
rbasak	For more complex ones, choose from chef, puppet, ansible, etc.	07:49
rbasak	Sounds like you want ansible.	07:50
stoned	Ok	07:50
rbasak	You could write a bash script by hand, but you'll be reinventing much of what the existing tooling solves.	07:50
rbasak	Though if you just want a learning experience, then sure.	07:50
stoned	I	07:51
stoned	I'll invest time into ansible.	07:51
stoned	Write a playbook I can rely on.	07:51
smb	cpaelzer, xnox, actually when following the git history further it seems that vsie was only added with 4.8 (could have sworn nested was there before but obviously I am wrong). So Xenial showing /dev/kvm seems to be the real bug. As for changing the nested: there are some kernel parameters which can be changed at any time but nested is not changable, so one has to put it on commandline kvm.nested=1. However that	08:03
smb	does not help on its own if the host is not running a kernel that allows this too. So xenial host bad luck z/a/b maybe	08:03
cpaelzer	smb: yeah	08:06
cpaelzer	smb: and there is more	08:07
cpaelzer	not only does the host need kvm.nested=1	08:07
cpaelzer	it only works with -cpu host (libvirt host-passthrough) or host-model (remember to refresh libvirt capabilities after enabling vsie via the module)	08:07
cpaelzer	it is really meant to be off and an explicit opt-in	08:07
cpaelzer	so I agree, xenial having it on by default is the actual bug	08:08
smb	Yeah, and given that this was never really working, I would no longer worry about more recent releases. MAybe need to "fix" xenial to avoid confusion	08:09
cpaelzer	well the default (no cpu specified) works as well for me but "officially" the sie feature might be missing	08:10
cpaelzer	or taken away for migratability or ...	08:10
cpaelzer	smb: ack	08:10
cpaelzer	smb: btw could I have a bug number on this	08:10
cpaelzer	it didn't subscribe qemu yet	08:10
cpaelzer	so I only work on gossip atm :-)	08:10
smb	cpaelzer, maybe (not sure there was one opened already)	08:12
* smb moves channels		08:12
=== JanC_ is now known as JanC
jamespage	coreycb: that setuptools issue in gnocchi was python_distutils debhelper not being very clever	09:57
jamespage	coreycb: pybuild appears to deal with py3 only better, so switching buildsystem	09:57
jamespage	coreycb: something in the BD's pulls in python2, which gets detected by debhelpers distutils integration...	09:59
jamespage	and then things explode	09:59
xnox	cpaelzer, smb - somehow i feel odd that in later releases i cannot override this with a module reload. Would it still make sense to make kvm a module; and adjust qemu-system-init to load kvm module, such that one can adjust modprobe settings without rebooting?	11:31
cpaelzer	xnox: I'd try to suggest so in #zkvm - I'd tihnk that is less am ubunut than general upstream change	11:51
jamespage	coreycb: some progress on deps (avoiding os-testr 1.0.0 for now)	12:19
jamespage	coreycb: did heat, keystone in progress but needs pysaml2 version bump (dealing with that ATM)	12:19
jamespage	coreycb: also have patch for dh-python to auto-detect and execute ostestr, testrepository or stestr based unit tests...	12:20
jamespage	coreycb: http://paste.ubuntu.com/25967169/	12:21
ztane	hi, trying to understand the relation of rsyslog vs journald on 16.04 server default install	12:48
ztane	what would go into rsyslog and what would go into journald and which order?	12:48
ztane	ie do some syslog facilities, or all, get written to journal, or journal written to syslog or...	12:49
BlackDex	win 29	12:49
ztane	no such window	12:52
coreycb	jamespage: very nice, taking a closer look at dh-python now	12:55
ztane	my goal is to get all of the logs to the papertrail, but if I pipe all of journal from journalctl I find out that most will be duplicates with also those from rsyslog and now trying to find out whether or not I can get everything of importance from just journald	13:08
ztane	ok... it seems that not everything gets into journald	13:13
ztane	also not everything gets into syslog, hmhmh	13:13
smb	cpaelzer, according to this older bug report xnox claims the kvm module (when it was still a module) could not be loaded (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1532886) hence it became built-in	13:14
ubottu	Launchpad bug 1532886 in linux (Ubuntu Xenial) "s390x kernels are inconsistent for cloud stuff" [Medium,Fix released]	13:14
xnox	smb, cpaelzer - that was true on xenial; on xenial all cloud/kvm instances have /dev/kvm.... despite that being "nested"	13:16
xnox	smb, and by "all" i think it was comparison with amd64 and ppc64el.	13:16
smb	which maybe was the reason for module loading failing (as 4.4 had no nested support on s390x at all) as we believe now.	13:18
smb	there is time to try again module for bionic but then with more than just an irc discussion as background	13:20
xnox	smb, well, there is some nesting support, i thoght. since launching kvm in z/vm on lpar works, launching kvm in a kvm on an lpar should work too.	13:27
smb	xnox, I'd say launching it in zVM is different because there vVM handles the one stage of nesting which for the kvm case the Linux kernel would have to do	13:30
xnox	smb, right.	13:30
xnox	smb, kvm in z/vm is slow	13:31
smb	as would be kvm in kvm if it were working (what was said yesterday iirc)	13:32
cpaelzer	I discussed and speed wise 4 levels are the last sane thing	14:04
cpaelzer	so 2x HW + 2* shadow virt	14:04
cpaelzer	but that is already borderline	14:04
coreycb	jamespage: i've been dropping the drop-openstackdoctheme.patch's and bumping sphinx to >= 1.6.2 as I go	15:37
jamespage	coreycb: ack - I've mostly dropped that patch, but some earlier uploads have not	15:37
coreycb	jamespage: great	15:37
coreycb	jamespage: that was kind of a pain last cycle	15:38
jamespage	coreycb: I can imagine	15:38
jamespage	coreycb: I'm really liking pybuild btw - digging on the code has been revelaing	15:38
jamespage	coreycb: basically it attempts to auto-configure testing based on what deps are in the BD's	15:38
coreycb	jamespage: cool. yeah so basically we can drop our dh_auto_test sections if the simply call ostestr, etc?	15:38
jamespage	so all you have todo is add python-nose/stestr etc...	15:38
jamespage	coreycb: thats the idea	15:39
coreycb	jamespage: that's really nice	15:39
cpaelzer	nacc: wondering about http://paste.ubuntu.com/25968338/	16:00
cpaelzer	nacc: why would it try to spawn a debian lxd for build-source	16:00
nacc	cpaelzer: head debian/changelog please ?	16:00
cpaelzer	this is identical to your merge last week except the d/rules change	16:00
cpaelzer	nacc: nut (2.7.4-5.1ubuntu2) bionic; urgency=medium	16:00
nacc	cpaelzer: annd edge snap?	16:01
cpaelzer	I didn't even write binonic this time	16:01
cpaelzer	r291 = stable	16:01
cpaelzer	I always cycle edge/edge-fixes as needed	16:01
nacc	cpaelzer: and it happens with edge too?	16:01
* cpaelzer downloading snap		16:01
nacc	cpaelzer: for right now, tnohting but the importer should use the stable snap	16:02
cpaelzer	nacc: it now took ubuntu-daily:bionic, seems bette ron 333 from edge	16:03
cpaelzer	many (many++) warnings from likely apt being parsed about non stable CLI	16:03
cpaelzer	but that is something else	16:03
cpaelzer	the petname of this is matching the test	16:04
nacc	cpaelzer: ok	16:04
cpaelzer	you better fly :-)	16:04
cpaelzer	/usr/bin/lxc launch -e ubuntu-daily:bionic better-fly	16:04
jamespage	coreycb: neutron is being awkward - some sort of multiprocessing issue during test discovery	17:32
coreycb	jamespage: hmm	17:34
jamespage	coreycb: trying with a minor patch level on evetlnet	17:34
jamespage	coreycb: https://launchpad.net/~james-page/+archive/ubuntu/bionic/+build/13733732	17:34
coreycb	ok	17:35
coreycb	jamespage: glance unit tests get a bunch of mismatched http status asserts. i'm thinking one of the http deps needs to be bumped, so trying that route now.	17:40
jamespage	coreycb: ack	17:44
jamespage	coreycb: I think kje	17:44
jamespage	coreycb: I think keystone will be OK now	17:44
jamespage	I'll upload that later	17:44
coreycb	jamespage: ok	17:44
jamespage	however might be stuck on neutron for now	17:44
jamespage	coreycb: I think we should probably push what we have into archive tomorrow AM	17:44
coreycb	jamespage: ok	17:44
jamespage	thus avoiding any conflicts with anyone elses work	17:44
jamespage	coreycb: see how far you get with things; I'll publish tomorrow am	17:45
coreycb	jamespage: sounds good	17:45
=== stoned is now known as EnchanterTim
sarnold	drab: thanks for helping out beatzz yesterday :)	18:38
drab	sarnold: hey man, you're the one that figured it out, I just stabbed at the dark for like an hr... :)	19:33
sarnold	drab: hehe, I only got lucky after you did all the grunt work :)	19:34
drab	some call that genius :P	19:38
sarnold	not the first time I stuck my nameo n papers where I did much less of the work..	19:40
R_P_S	Hi, was told to try this channel as well for juju support	20:02
R_P_S	I created a juju controller from machine that is about to be decommissioned. I'd like to register the controller as admin/superuser from another machine but I have no idea how to find the registration string	20:03
grendal_pure	im loosing my mind here. all of the sudden my kvm virtualhost will not bring up the second bridge	20:54
grendal_pure	looks like some sort of kernel bug.	20:54
grendal_pure	set forward delay failed: Numerical result out of range	20:55
grendal_pure	i cant even add a virtual nic to the one working nic on this machine. its werid.	20:56
powersj	cyphermox: did we ever come to a conclusion on the preseed of bionic?	20:57
powersj	I wasn't clear if it was something missing on my end or something else.	20:57
grendal_pure	has anyone else run into this issue?	21:09
grendal_pure	set forward delay failed: Numerical result out of range	21:09
grendal_pure	I have two nics in this sever, one comes up and bridges eth1 -> br1 but eth0 ->br0 fails and when i manually kick it , it throws that error.	21:10
grendal_pure	looks like i am able to connect a virtual network to the one device. Im having to change the interface on a lot of machines though	21:14
grendal_pure	setting up nat on that virtual device with same ip as the physical hardware that was bridged...what a mess	21:15
cyphermox	powersj: I don't know what's wrong, it works here?	21:15
cyphermox	maybe if you share more of the logs	21:16
powersj	cyphermox: works with a bionic iso? because I could reproduce	21:16
cyphermox	oh, that's right	21:16
cyphermox	but yeah, it did here	21:16
cyphermox	ppc64el	21:16
cyphermox	no reason for architecture to matter to this	21:16
powersj	correct	21:17
powersj	http://cdimage.ubuntu.com/ubuntu-server/daily/pending/	21:17
cyphermox	could it be because you preseed xkb-keymap?	21:17
powersj	I could pull that out and re-kick them off	21:18
powersj	is that not a valid option?	21:18
cyphermox	I don't really think it would make a difference since I did my test with it too	21:18
cyphermox	but technically we don't really support that	21:18
cyphermox	anything might be different between the /proc/cmdline on bionic and artful?	21:20
necrophcodr	It is possible to have an application that binds to a port, forcibly bind to a unix socket instead?	21:24
necrophcodr	And if not, is it somehow possible to force it to only bind to that port in a specific namespace, and to communicate with that specific namespace on that port?	21:24
cyphermox	powersj: I should already have been prompted for it (I just started a preseeded install again)	21:24
powersj	cyphermox: can I see what pressed you are using?	21:25
cyphermox	sure	21:25
cyphermox	http://people.canonical.com/~mtrudel/preseed/utah-bionic.cfg	21:25
cyphermox	I changed it to comment out xkb-keymap just before starting this install, but with it yesterday it was working well too	21:26
cyphermox	I am getting prompted here and there for things (hostname, which drive to format, etc), but I didn't set priority=critical to give it more chance to prompt.	21:27
powersj	cyphermox: interesting, that pressed locally works for me, which is further than I got before :)	21:29
powersj	only change was commenting out the xkb-keymap?	21:29
cyphermox	well, yeah, and commenting out unrelated things I just didn't want to add that are for utah	21:31
cyphermox	xkb-keymap makes no difference here -- there's clearly a bug in what I'm trying to do, since I'm not getting the us:intl keymap I expect	21:32
cyphermox	but that's different from prompting.	21:32
cyphermox	it could just be that it's not called "intl"	21:32
cyphermox	nah, it really is "intl"	21:34
cyphermox	something looks not right, but it's not the same thing as prompting for something it already has in preseed, so I don't know what to tell you	21:35
powersj	ok let me go play with the tests again then, as it does look like something changed	21:36
cyphermox	ah?	21:38
cyphermox	I'd really be on the lookout for auto=true and priority=critical not being in the command-line, if that's the case then the preseed would not be applied yet, which would explain getting prompted for keyboard	21:38
powersj	cyphermox: I only see debconf/priority=critical	21:40
powersj	auto=true required?	21:40
cyphermox	powersj: not really	21:40
cyphermox	powersj: can you remind me the url to utah? I believe I still have access	21:47
powersj	cyphermox: the project itself or where we run the tests?	21:47
cyphermox	just the url of the jenkins, I can't seem to find it anymore	21:51
powersj	https://platform-qa-jenkins.ubuntu.com/view/server/	21:52
cyphermox	ah, thanks!	21:53
powersj	The daily xenial test shows keyboard-configuration/layout as "30 question skipped", yet bionic is reporting "0 question will be asked"	21:56
powersj	They use the same preseed	21:56
cyphermox	yeah, but xenial vs. bionic is not a very useful comparison	21:57
cyphermox	would be better to compare very late cycle artful	21:57
srgjames	I could use someone who is smart. So i just reset up an apache web server on Ubuntu and could use the ip address in a url to access the default page. I then went back and created the files in sites-available Im pretty sure correctly but now cant get to the site from url or ipaddress and no errors when i restart apache2.. Anyway I can check if i set up the wrong settings on DigitalOcean or Google Domains ?	21:57
powersj	cyphermox: same with artful, last test was 27 days ago https://platform-qa-jenkins.ubuntu.com/view/smoke-default/job/ubuntu-artful-server-amd64-smoke-default/173/artifact/log/utah-56128-artful-server-amd64/installer/	21:58
cyphermox	powersj: yeah	22:00
cyphermox	the preseed isn't quite the same though	22:00
powersj	other than adding the xkb-keymap they should be the same	22:01
powersj	which I added because I thought it needed it :\	22:01
cyphermox	nah	22:01
cyphermox	it might actually be breaking things, as it resets some values	22:01
powersj	ok let me revert that then	22:01
powersj	but it was broken before I added it :\	22:02
cyphermox	I don't understand though, because I tried with both options	22:02
powersj	cyphermox: Here is what is appending to the cmdline: -append netcfg/get_hostname=utah-6554-bionic-server-ppc64el log_host=192.168.122.1 log_port=0 DEBCONF_DEBUG=developer debconf/priority=critical	22:12
cyphermox	yeah, but that's not anything special, nothing wrong	22:21
powersj	cyphermox: I got an install syslog from a bionic install by pressing enter	22:51
powersj	Comparing it to artful and before it asks me for the keyboard layout I see "Nov 15 21:37:51 debconf: --> GET debconf/priority Nov 15 21:37:51 debconf: <-- 0 high"	22:52
powersj	whereas in artful it says critical	22:52
nacc	rbasak: my branch cuts ipsec-tools full reimport time from 68 to about 40 minutes. Still working on checking the correctness	22:58
powersj	cyphermox: artful: http://paste.ubuntu.com/25970598/ bionic: http://paste.ubuntu.com/25970599/	23:00
cyphermox	powersj: ack, I'll dig in to that	23:01
powersj	thx	23:01
nacc	rbasak: i'm thinking we should add a 'git repository comarison' function to the integration tests and have that help us assert hash abi breaks. We have the as-imported repository now, and we can see if the hashes change on a reimport at a given commit.	23:40
nacc	powersj: is it possible to make a given pipeline stage a warning, but not a failure, or provide a flag to say "we know this breaks ABI, pass CI ayways"?	23:40
powersj	nacc: I am not sure	23:41
nacc	powersj: ok, np -- it's ok for it to be a failure anyways, in theory, we want that to trigger a manaul examinationn	23:41
nacc	powersj: as developers, we knonw (currently) when to expect a chagne to break hashes and when not	23:42
powersj	nacc: looks like https://issues.jenkins-ci.org/browse/JENKINS-45579 is what we want	23:42
nacc	powersj: ok, thanks	23:43
nacc	rbasak: heh, i'm finally looking at your branch (not final review) a lot of what my branch does as well is prefix -> ref_namespace (aka ref_prefix).	23:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!