[01:19] <danrik> is it possible to use ssh to simulate vpn? as in - bridge 2 networks?
[01:50] <sarnold> danrik: I've done one of these before, it feels plausible that it could do network bridging http://www.tldp.org/HOWTO/ppp-ssh/
[02:20] <danrik> sarnold: thanks. im seeing that apparently these days ssh-vpn comes standard in fedora 27.
[02:21] <danrik> package called NetworkManager-ssh, testing that
[02:22] <sarnold> danrik: ha! :) that's awesome
[02:44] <danrik> which group should I add myself to so I have access to tun|tap devices in ubuntu 12.04 ?
[02:59] <jlacroix> I'm having a strange issue with passing an external USB hard disk to a KVM guest. Long story short, USB-passthrough works fine to this guest if I plug in a flash drive. However, my USB hard disk doesn't register on the guest at all whatsoever (the host does see it)
[06:39] <cpaelzer> good morning
[06:39] <cpaelzer> jlacroix: I remember I have seen another issue similar to yours
[06:39] <cpaelzer> jlacroix: in the case a device didn't show up in the guest because the real device controller messed up usb1/2/3
[06:39] <cpaelzer> jlacroix: the solution was to force it onto an (virtual) usb 2.0 controller
[06:40] <cpaelzer> jlacroix: if you want to try - I think virt-manager adds 4 types of ich9 usb controllers
[06:40] <cpaelzer> jlacroix: reduce that to one of them, then start a loop
[06:40] <cpaelzer> jlacroix: shutdown the guest via virsh, start it and test
[06:41] <cpaelzer> jlacroix: in that loop try all the different usb controllers that https://libvirt.org/formatdomain.html#elementsControllers lists
[06:41] <cpaelzer> jlacroix: but you said you will try different devices as well, that should be just as good to find if it is that
=== _ruben_ is now known as _ruben
[08:59] <lordievader> Good morning
[09:03] <tobasco> jamespage: coreycb has ubuntu changed static path for openstack-dashboard horizon package recently? had to change from /usr/share/openstack-dashboard/static to /var/lib/openstack-dashboard/static
[09:04] <tobasco> is this change consistent for all ubuntu packages for openstack-dashboard (and not just cloud-archive for xenial/ocata)
[09:04] <tobasco> if so, i'll push changes to the puppet modules
[09:04] <tobasco> since they write their own apache2 config, it seems like that was a breaking change
[11:32] <jamespage> tobasco: yes we switched static asset collection to use a guaranteed writeable location (/var/lib/openstackd-dashboard)
[11:32] <jamespage> that was a while back tho
[11:50] <tobasco> jamespage: ok, saw ut was changed now must have been in a hurry
[12:32] <boxrick> Hello! I am installing /var to a ZFS volume in the pre-seed right at the end. However when I do /sbin/start-stop-daemon is not present on the install.
[12:32] <boxrick> Any ideas why this may be?
[12:39] <boxrick> Or perhaps someone could tell me when  start-stop-daemon  is installed during a typical install?
[13:27] <rbasak> ahasenack: I think bug 1735744 should be fixed in beta. Just not stable. Did you find that it isn't?
[13:27] <ubottu> bug 1735744 in usd-importer "lint won't run: "Multiple candidate branches found and they do not target the same series:"" [Undecided,Fix committed] https://launchpad.net/bugs/1735744
[13:27] <ahasenack> rbasak: it's not in my snap
[13:27] <rbasak> https://git.launchpad.net/usd-importer/log/ - tagged snap/beta
[13:27] <ahasenack> I have 0.6.2+git49.967f050
[13:27] <rbasak> Maybe the snap didn't build.
[13:28] <ahasenack> does it build automatically on commit?
[13:28] <rbasak> 967f050 is where snap/beta is at the moment
[13:28] <rbasak> Yes
[13:28] <rbasak> And it has the lint fix as a parent
[13:28] <ahasenack> rbasak: oh, you are right
[13:28] <ahasenack> I was confused because it still required --target-branch
[13:29] <ahasenack> but once I provide that, the snap one works too
[13:37] <coreycb> jamespage: hey i'm going to bump openstacksdk
[14:36] <jamespage> coreycb: ack
[14:37] <rbasak> ahasenack: I ran update-maintainer and committed and pushed that for the MySQL merge MP. But I just realised that I accidentally pushed it to alioth's ubuntu/devel (my real target branch) instead of rbasak/ubuntu/devel (my staging area).
[14:38] <rbasak> ahasenack: just FYI. I'll leave things as they are, and sort them out once you've concluded the MP.
[15:03] <HackeMate> hi
[15:04] <HackeMate> i have 2 ethernet and i want to make route from one to the other one, when i try to use route add default gw <gateway> i get this: SIOCADDRT: Network is unreachable
[15:09] <coreycb> jamespage: i'm fixing up openstack-dashboard for b2. the install is broken with the move of openstack_auth in tree.
[15:09] <jamespage> coreycb: ack
[15:10] <jamespage> coreycb: doing a fixup on glance - duped rootwrap.conf with glance-store
[15:10] <coreycb> jamespage: ok
[15:33] <jamespage> coreycb: I've uploaded updates for glance, cinder and nova to fix uid/gid to reservations as detailed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884178
[15:33] <ubottu> Debian bug 884178 in base-passwd "base-passwd: uid/gid reservations for OpenStack users/groups (nova,glance,cinder)" [Normal,Open]
[15:33] <jamespage> coreycb: also mailed openstack-devel@debian with details on why
[15:33] <coreycb> jamespage: ack
[15:33] <jamespage> coreycb: zigo is going todo the same in openstack-pkg-tools for the debian variants
[15:34] <coreycb> jamespage: ok great
[15:34] <jamespage> coreycb: that should sort out the GPFS permissions consistency issues that the IBM team had; but I don't think we can retro that change into older releases
[15:34] <jamespage> might be wrong but that's my perspective
[16:08] <cpaelzer> Howdy all!  office hours is officially starting.  Please bring all questions
[16:09] <cpaelzer> rbasak: ahasenack and myself are around, dpb1 might be busy
[16:09] <cpaelzer> slashd: smb: anything from you this week to bring up?
[16:09] <ahasenack> o/
[16:10] <cpaelzer> teward: I wanted to ask you one thing - http2 in nginx
[16:10] <cpaelzer> teward: I did apache2 in regard to https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/1687454
[16:10] <ubottu> Launchpad bug 1687454 in curl (Ubuntu) "[MIR] nghttp2" [Undecided,Triaged]
[16:11] <cpaelzer> not sure but you might want to do so next time you touch nginx
[16:11] <cpaelzer> so I wanted to ask what you think about that
[16:15] <dpb1> thanks cpaelzer
[16:17] <slashd> cpaelzer, nothing in particular, everything under control sorry for the late answer.
[16:18] <cpaelzer> fine
[16:18] <cpaelzer> there is no being late in our new less formal process
[16:20] <slashd> cpaelzer, do you know if there is any SRU shutdown during the holidays ?
[16:20] <cpaelzer> question for rbasak as he is member of the SRU team
[16:21] <rbasak> I don't think we have a formal answer. IIRC generally people try to be extra cautious about releasing SRUs in case of regression.
[16:22] <rbasak> I will be reluctant to release an SRU if I'm not around for the next few days.
[16:22] <rbasak> Accepting into proposed shouldn't be problem as long as people are around to review them as normal.
[16:22] <slashd> rbasak, sound good to me thanks
[16:24] <fstoltz> Hi, I'm slightly confused as to why there are articles like this (first link) that talk about how to setup a normal user account with sudo priviliges. And then I read thomasrutters' answers on this (second link). Why does the first link explain in-depth of how to set this up when the default way seems to be the way the article tries to explain how to do yourself? Am I missing something or isn't Ubuntu-Server default way by
[16:24] <fstoltz> doing it that way(that the first link explains)?
[16:25] <fstoltz> first -> https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
[16:25] <fstoltz> second -> https://askubuntu.com/questions/189907/what-is-the-default-root-password
[16:28] <rbasak> Regarding the first link, Ubuntu cloud images set all of that up by default automatically.
[16:28] <rbasak> You get a user called 'ubuntu' (by default) which can already sudo.
[16:28] <cpaelzer> on an ISO install your initial user also can do that
[16:28] <rbasak> I'm not sure why Digital Ocean aren't just using that. It sounds like they're just making things more complicated for their customers.
[16:28] <cpaelzer> because that is the way to administrate
[16:28] <cpaelzer> my mesg was not in reply to the last of rbasak but to the one before
[16:29] <cpaelzer> I also think link #1 is makeing things complex that shouldn't be that way
[16:30] <rbasak> fstoltz: does that answer your question?
[16:30] <cpaelzer> in general I think sudo also provides a nice level of extra auditability
[16:31] <cpaelzer> if (any)one can log in as root you have much less traction what happened why
[16:33] <sdeziel> but then people use "sudo -i" and your audit track vanishes
[16:34] <cpaelzer> true
[16:34] <sdeziel> still slightly better than a direct SSH to root though
[16:34] <cpaelzer> but it is better than handing all admins the key to root@
[16:34] <cpaelzer> that is what I meant
[16:34] <cpaelzer> I didn't want to say it is all needed for good tracking
[16:35] <sdeziel> good tracking is hard
[16:35] <fstoltz> Yes, it does, thank you. Since I'm still new to Ubuntu and the whole GNU/Linux world and I'm fiddling around with Ubuntu-Server for the first time I was unsure whether that step was necessary (firstlink) since it seemed to me that it was already setup like that(without me doing anything in particular). And like cpaelzer said it seems like they're just making it more complex, and that's what I just wanted to confirm, that I
[16:35] <fstoltz> wasn't missing some detail. When I try typing "su" i get asked for a password that I do not know, and I'm assuming there is no password since I haven't touched 'root' user. I appreciate you talking about it, makes it clearer for me.
[16:36] <sdeziel> fstoltz: with su, you are trying to change to another user so you have to know the other user's password
[16:36] <sdeziel> fstoltz: unless you invoke su as the super user (sudo su) in which case you won't be require to provide the other user's password
[16:37] <fstoltz> sdeziel: But when I type solely "su" I get asked for a password
[16:37] <fstoltz> sdeziel: I don't specify a user, nor does the password prompt specify anything
[16:37] <sdeziel> fstoltz: I think it asks for your own password then
[16:38] <sdeziel> fstoltz: but invoking su alone is probably not very useful
[16:38] <fstoltz> sdeziel: Doesn't accept my password
[16:38] <sdeziel> fstoltz: sorry, I was wrong, su will by default try to auth as root
[16:39] <sdeziel> fstoltz: could you share a little more context around what you want to achieve?
[16:43] <fstoltz> sdeziel: Nothing in particular, it was more just to ease my confusement. I was looking around on this guide regarding ufw, and saw that their prerequisites was following the first link in my first message. And so I was pondering whether I actually needed to do that because it seems that's the way my setup already looks, so I just wanted to confirm that I wasn't missing anything. And seems like I wasn't, so I'll go ahead and
[16:43] <fstoltz> start configuring ufw now :)
[16:44] <fstoltz> https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04
[16:45] <sdeziel> fstoltz: alright then :)
[16:57] <teward> cpaelzer: http2 is already good to go in NGINX in Ubuntu
[16:57] <teward> cpaelzer: nginx rolls its own implementation, not nghttp2
[16:57] <teward> this is one reason it was ACK'd by the Security team back in one of the earlier cycles
[16:58] <teward> cpaelzer: so, in short, NGINX has been ahead of Apache2 wrt HTTP/2 for well over a year now.
[16:58] <teward> i forget when we actually enabled it, I'd ahve to dig into the histories.
[16:58] <sdeziel> I know I'm happily using http2 on Xenial so thanks teward :)
[16:59] <teward> yep
[16:59] <teward> cpaelzer: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1565043 i think is the relevant one
[17:00] <ubottu> Launchpad bug 1565043 in nginx (Ubuntu) "Please enable HTTP/2 in NGINX for Xenial" [Wishlist,Fix released]
[17:00] <teward> back in the 16.04 cycle we enabled it
[17:01] <teward> cpaelzer: so, wrt nginx, there's nothing to do wrt HTTP/2 - it's been available since 1.9.14 in Xenial
[17:14] <ahasenack> teward: nice
[17:15] <albech> any tools similar to imapsync on ubuntu? I have looked at imapsync but it appears that it will require git source and compilation, which i dont want on a production system.
[17:15] <albech> or possible imapsync on a repo
[17:17] <albech> never mind seems like larch is what i was looking for
[17:25] <teward> ...
[17:26] <teward> rbasak: cpaelzer: either of you know how to fix an issue where dpkg doesn't realize changes are actually applied via a quilt patch but it sees them as 'unusual' changes?
[17:26] <teward> and new non-upstream changes?
[17:26] <teward> ... nevermind.
[17:27] <teward> it's a Merge-o-Matic problem
[17:27] <rbasak> teward: you might find http://people.canonical.com/~cjwatson/dpkg-quilt-setup helpful
[17:28] <teward> rbasak: actually, it was a MoM issue
[17:28] <teward> i fixed it by applying the same set of debian/* to a pristine upstream tarball
[17:28] <rbasak> Indeed. That script works around the MoM issue :)
[17:28] <teward> and it stopped complaining
[17:29] <teward> rbasak: well, I use MoM as a 'base', then test against pristine
[17:29] <teward> so meh
[17:29] <teward> *Yawns*
[17:29] <teward> I need more coffee
[17:41] <teward> rbasak: i got it to build - https://launchpad.net/~teward/+archive/ubuntu/nginx-merge-bionic/+packages - could use some help testing, so I'll put a call for tests out on the ML because I'm busy the next couple days (final exams).
[17:41] <teward> good news though: if I do well on these finals, GRADUATION GUARANTEED
[17:41] <teward> no more school :p
[17:45] <powersj> woohoo :)
[17:45] <dpb1> teward: :)
[17:48] <Laney> hey, is the server team responsible for cloud images?
[17:48] <Laney> if so, wondering if anyone has investigated systemd-networkd-wait-online.service hanging on boot?
[17:48] <Laney> happens with uvt-kvm
[17:48] <Laney> (bug link would be ok)
[17:49] <ahasenack> I heard something about that today
[17:51] <ahasenack> Laney: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1737704 perhaps?
[17:51] <Laney> yes someone mentioned it in #ubuntu-release
[17:51] <ubottu> Launchpad bug 1737704 in cloud-init (Ubuntu) "Cloud-init fails if iso9660 filesystem on non-cdrom path in 20171211 image." [High,In progress]
[17:52] <ahasenack> Laney: http://paste.ubuntu.com/26169046/ output (bad)
[17:52] <ahasenack> (from the bug)
[17:52] <Laney> yes sounds right
[17:52] <Laney> thanks!
[18:09] <ahasenack>   E: Failed to fetch http://br.archive.ubuntu.com/ubuntu/dists/bionic/main/i18n/Translation-en.xz  File has unexpected size (517768 != 517816). Mirror sync in progress?
[18:09] <ahasenack> I was hoping these errors were behind us
[19:33] <teward> rbasak: powersj: sdeziel: cpaelzer: dpb1: and anyone else who cares, just pushed an nginx merge up, assuming nothing explodes from it we're tracking Mainline now.  SRUs will behave as normal once Freeze hits, until then we're in sync with Debian except for upstream nginx version changes.
[19:39] <sdeziel> teward: great, will give it a try soon-ish and report back any problems
[19:39] <teward> sdeziel: well patience
[19:39] <teward> it's been uploaded but *not* yet done building/syncing
[19:40] <sdeziel> ack
[20:34] <rbasak> teward: thanks!
[20:55] <lucidguy> Setting up openldap with ppolicy and I was password complexity.  What pwdCheckModule do people recommend. pqchecker seems to be popular.  Recommendations?
[23:44] <ktechmidas> Anyone know if it's possible to do something like this with a one-liner? lxc config set sf-dc-{seafile,mysql,ex} boot.autostart true
[23:44] <ktechmidas> I thought that would generate three seperate commands...
[23:44] <ktechmidas> but it doesn't
[23:47] <ScottE> for i in seafile mysql ex; do echo lxc config set sf-dc-${i} boot.autostart true;done
[23:47] <ScottE> Note "echo" - remove that to actually run the commands