/srv/irclogs.ubuntu.com/2017/12/13/#ubuntu-server.txt

cpaelzerteward: double thanks - for http2 info and for the nginx merge, lets see how it passed proposed migration and behaves then06:31
lordievaderGood morning07:02
cpaelzerhi lordievader07:08
lordievaderHey cpaelzer How are you doing?07:08
cpaelzeralready planning how to reach conclusion of all my tasks before christmas (=impossible) :-)07:08
cpaelzerso good I'd say07:08
tewardcpaelzer: indeed.07:08
tewardrbasak: cpaelzer: FWIW as this is an LTS, I'mma touch base with the TB / infinity to determine if we can get an after-release update to the stable branch of nginx07:09
tewardwhich *should* be a minimal diff at that point.07:09
tewardsimilar to what we had for the 16.04 cycle07:09
cpaelzerteward: do you want a single agreement or a general MRE to do this for the full time of 18.04 ?07:10
tewardcpaelzer: single-case07:10
cpaelzerok07:10
tewardcpaelzer: we had a 'single case' agreement for 16.04 up through release, with a special-case SRU for the version bump only in -updates, when Xenial was released.07:11
cpaelzersound fine to me to do it the same way again07:12
tewardsuch that we did standard FFes through release, and then SRU after that.07:12
cpaelzeryep07:12
tewardyeah there's precedent but I want to reach out at least to the Release team / infinity who helped a lot with this in 16.0407:12
lordievadercpaelzer: Good luck 👍07:12
tewardcpaelzer: and it's only during the LTS-cycle that I work on this, because getting to a stable branch is better than sticking to mainline :P07:13
cpaelzerabsolutely reasonable for fixes throughout the cycle07:13
tewardblurgh i'm tired but can't sleep07:13
cpaelzerI already wondered to see you here still07:13
tewardyeah i'm not usually online at this hour, 02:15 here :P07:15
rbasakteward: thanks. An email to ubuntu-release@ should be sufficient I think. No need for the TB.07:24
tewardyep, was thinking that recently.  I need sleep though so... gonna try and sleep now :p07:26
fstoltzRegarding the 'ss' command for investigating sockets. Is it possible to get a live feed for example 'ss -t', getting the same view, but a "dynamic" view? Anyone knows about this?11:45
ahasenackI didn't know about ss, nice11:46
fstoltzahasenack: :)11:49
fstoltzJust stumbled upon 'tcptrack', maybe that could be something11:49
ahasenackdo you just want to see existing connections and their traffic perhaps?11:49
ahasenacktry iftop in that case11:50
fstoltzSory of ye, essentially just having a live TCP feed with info11:51
fstoltzsort of ye*11:51
ahasenackthat will do it11:53
ahasenackyou can pass it filters in the tcpdump format11:53
ahasenacklike11:54
ahasenackiftop -i eth0 -n -f "port not 22 and not udp", which would skip all udp traffic and ssh, in case you are remotely logged in on the machine11:54
fstoltzahasenack: Just installed iftop and having a look, it looks really good thank you11:58
ahasenacknice :)11:59
ahasenackcpaelzer: do you know if this is a valid use case? https://bugs.launchpad.net/ubuntu/+source/samba/+bug/173753412:18
ubottuLaunchpad bug 1737534 in samba (Ubuntu) "smbd/nmbd don't restart after upgrade if started but disabled" [Undecided,New]12:18
ahasenackcpaelzer: tl;dr :12:18
ahasenackcpaelzer: systemctl disable smbd.service nmbd.service12:18
ahasenackcpaelzer: but the service is running still12:18
ahasenack(and systemctl start works just fine)12:18
ahasenackcpaelzer: then the package is upgraded12:18
ahasenackcpaelzer: after the upgrade, the service isn't running anymore12:18
ahasenackpresumably because postinst does restart, or stop+start, and since the service is disabled, it doesn't start12:18
cpaelzerhi ahasenack12:19
ahasenackI can reproduce it, I just couldn't locate yet exactly in which maintainer script the "stop" happens12:19
cpaelzerhmm12:20
cpaelzerat first I wanted to say no12:20
cpaelzerbut reading more it sounds interesting12:20
ahasenacklet me see what systemctl restart does in that case12:21
cpaelzerin any case if we say "yes this is a problem" it is not a samba but a generic problem12:21
ahasenackrestart works just fine12:21
cpaelzerwhich needs much (much++) wider discussion consideration12:21
ahasenackmight be something related to the sysv compatibility layer12:22
ahasenackas samba as sysv initscripts shipped in /etc/init.d12:22
cpaelzerand as service?12:22
ahasenackand upstart12:22
cpaelzeror only syssv?12:22
ahasenackand systemd12:22
ahasenackwhat a mess :/12:22
ahasenackall 3 are in the package12:22
cpaelzerthat is often done for backportability12:22
cpaelzeronly the systemd wins in that case12:22
cpaelzerbut if there are hardcoded calls in the *inst files that might be an issue12:22
ahasenacksystemd seems incomplete/not used12:23
ahasenackthere is just /lib/systemd/system/samba.service12:23
cpaelzerI once had a case where the drop of a sysv script made the systemd service fail - as dh helpers added an invoke.rc to the sysv script which was mapped to start the systemd12:23
cpaelzerjust to encourage the feeling of https://xkcd.com/1172/ being eveywhere12:23
cpaelzerahasenack: if you think this is an interesting caseI tihnk you'd want to trace all calls to start/stop maintainer scripts are doing in this case12:25
cpaelzerahasenack: will be a lot as the sysv will call but map to systemd if the name matches)12:26
ahasenackhow can I do that? If I modigy the script inplace, but use --reinstall, the new one will overwrite my changes12:26
cpaelzeronce summarized and reproducible without actual install this might be an interesting mail to ubuntu-devel to discuss in general12:26
cpaelzerahasenack: there is a trick12:26
ahasenackI'm sure :)12:26
cpaelzerwanted to talk about it in the standup a while ago actually12:26
cpaelzerbut people complained my time is over :-P12:26
cpaelzerahasenack: https://trello.com/c/covf8RG6/543-virt-stack-for-1804#comment-5a2fd28ff56266c5c7aec3b412:28
cpaelzerahasenack: I'm about to go to lunch, pleae check if this works for you12:28
ahasenackok12:31
ahasenackhm12:33
ahasenackI thought it would be export DEB_MAINT_SCRIPT_DEBUG=1 or something sensible like that :)12:33
ahasenackdeb packages are so easy, why would they need something sensible like that, right12:35
cpaelzerahasenack: actually such a env var exists13:09
cpaelzerahasenack: but it depends on the deb_helper which one (if any) they follow13:09
ahasenackin the meantime I suggested the person use policy-rc.d13:10
cpaelzerahasenack: with the unpack/modify/pack I got most hard cases solved th ebest way13:10
cpaelzerdoes it work for his case ahasenack?13:10
cpaelzerpolicy I mean13:10
ahasenackhe said he needed to check a disk, and then decrypt it (mount it probably), and only then start sambe13:10
ahasenackthe decrypt bit might be impossible to do automatically, depending on his security policy13:11
ahasenackbut he could at least avoid the error of trying to start samba at boot13:11
ahasenackif disk not mounted, exit13:11
ahasenackand the restart would work just fine13:12
ahasenackanother option I have under my sleeve is to add the share at the same time his scripts mount the disk13:12
ahasenackit doesn't have to be hardcoded in smb.conf13:12
ahasenackfrom the getgo13:13
jamespagecoreycb: I uploaded a snapshot of ceilometer - that's going to have some charm impact as both -api and -collector services have gone from upstream and the packaging!14:13
coreycbjamespage: oh wow. that is the advantage to releasing milestones. glad you did a snapshot early.14:14
coreycbjamespage: we should be all caught up on queens packaging now14:14
coreycbjamespage: probably need some promotions from staging14:14
jamespagecoreycb: I've been sweeping those throught hourly14:19
coreycbjamespage: great, thanks14:19
cpaelzerrbasak: could you check if 1737984 is also hash-abi-break tag worthy?14:24
cpaelzerit is on pristine-tar not the actual package content14:24
jamespagecoreycb: I'll do the same with aodh and panko14:24
jamespagecoreycb: oh there was a bit of brokenness around swift as well - that should be fxied(needed to backprot swift-plugin-s3)14:25
coreycbjamespage: ok14:28
coreycbjamespage: horizon is partially py3 now. moving openstack_auth in tree forced me to do it for that code.14:29
jamespagecoreycb: ok14:30
rbasakcpaelzer: thank you for the report. I'm not sure about hash-abi-break because a change to pristine-tar won't change the main imported commit graph, but a change to upstream/ might. So I'll tag it for now.14:35
cpaelzerthat is exactly why I was unsure14:39
cpaelzerrbasak: and right chan :-)14:39
* rbasak hands cpaelzer a sticker :)14:58
cpaelzeryay14:59
jamespagecoreycb: ok aodh snapshot uploaded15:31
jamespagecoreycb: fwiw I'm seeing some behavioural diff between stestr and testr15:32
jamespagehad to switch heat and aodh back to using testr directly15:32
coreycbjamespage: hmm ok15:33
cpaelzerrbasak: stgraber: and other ipv6 experienced users around - I'd like to ask for expertise on https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1737998/comments/215:34
ubottuLaunchpad bug 1737998 in ntp (Ubuntu) "trying to bind on all interfaces is a good default, but fails on ipv6 link local" [Undecided,Incomplete]15:34
cpaelzerrbasak: stgraber: the actual issue that got me there doesn#t exist atm, but I wonder in general if ntp binding on those is ever wanted/useful15:34
DevilTigeri've downloaded a xenial cloud image; how do i go about logging into it?15:42
NafalloDevilTiger: ssh -l ubuntu ip :-)15:44
Nafallopassword is also ubuntu15:45
DevilTigeroh, ok. well that was easier than i thought. was overthinking it. now if i can just get it to boot15:45
DevilTigerstuck on blk_update_request: I/O error, dev fd0, sector 015:45
cpaelzerahasenack: on the reply of powersj will you file a/the bug(s) for the discussion or do you want me to file my "extras" that came up separately15:46
cpaelzer?15:46
ahasenackI think it's two issues15:46
ahasenackone a bug, one an enhancement request15:47
ahasenackeach files his own15:47
ahasenackas soon as I understand the difference between sponsor and signer15:47
ahasenackin another topic15:48
powersjthank you both :)15:48
ahasenackwhy do all the samba bugs turn into support requests so easily15:48
cpaelzerok then I'll file my extra parts15:48
cpaelzerahasenack: actualyl let me file it in one15:50
cpaelzerit really is the detection that is broken15:50
cpaelzerwhile writing I found another issue15:50
cpaelzerI'll start with one issue for it15:51
ahasenackok15:51
cpaelzerand whoever works on it can decide to break out pieces if one is easier to sovle than the other15:51
cpaelzerahasenack: powersj: https://github.com/canonical-server/dev-summary/issues/715:55
cpaelzerpowersj: no PR at hand (yet?) - sry15:55
powersjcpaelzer: haha shucks :)15:56
powersjcpaelzer: and of course, didn't expect one, but didn't want to loose your request15:56
cpaelzersure15:56
cpaelzerthe urgency is low15:56
cpaelzerbut I think especially the "invite to test from proposed" might be good15:57
cpaelzerparticipation in this is too low anyway15:57
cpaelzerso every bit helps15:57
cpaelzerrbasak: can we all get another sticker please ?15:57
powersjtotally agree15:58
cpaelzerwhen LP has its short hickup once a day it is nice to get all updates missed in that ~10 minutes at once16:03
cpaelzerI always feel like "WTF happened to my inbox"16:03
DevilTiger@Nafallo: ubuntu/ubuntu doesn't work16:04
* rbasak hands out stickers all round. But only to people active in _this_ channel :)16:08
rbasakDevilTiger: Ubuntu cloud images have no default password. Otherwise they'd be insecure in production.16:09
rbasakDevilTiger: you can either modify the image, or boot it via a tool that provides cloud-init with the desired authentication mechanism (usually a ssh public key but a plaintext password can also be used if you insist)16:09
rbasakDevilTiger: to help you further, please explain how you're booting the image.16:10
rbasakDevilTiger: if you want to hack the image locally for dev/test purposes, there's a handy tool "mount-image-callback".16:10
rbasakThat lets you mount the image in place.16:11
DevilTigeri'm using hyper-v to mount vdk file that i converted from a ova file16:16
DevilTiger@rbasak: how would i go about doing this?16:41
rbasakDevilTiger: if not on Ubuntu or another Linux, then I'm not sure, sorry.16:42
rbasakPerhaps the easiest way is to create a config drive.16:43
DevilTigeri have linux subsystem on windows. if that wont work i could i could fire up 14.04 in a VM16:43
rbasakSorry I think that's technically "NoCloud"16:44
rbasakDevilTiger: https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html16:44
DevilTigerim not sure what to do with that information16:44
rbasakDevilTiger: two steps.16:45
DevilTigeri dont see any steps listed anywhere16:45
rbasakDevilTiger: 1) create a cloud-init metadata file that supplies your ssh public key or ubuntu password in the correct format16:45
rbasakDevilTiger: 2) make that file available to the booting cloud image16:46
rbasakDevilTiger: for step 1, see https://cloudinit.readthedocs.io/en/latest/topics/examples.html16:46
DevilTigeri don't think i can do this. i don't understand the underlying concept. i think i'll just start with a non-cloud image16:46
rbasakDevilTiger: the underlying concept is that all cloud images start off the same. That provides production reliability.16:47
rbasakDevilTiger: but a consequence is that on first boot the image needs to find the stuff that'll differentiate it into what you want it to be.16:48
DevilTigeri get that. i don't understand what cloud init is or what a metafile is or where to put it or how or the syntax. the link has several code examples that i have no idea which one is what i need16:48
rbasakDevilTiger: cloud-init is the component inside the cloud images (of most distributions) that turns the image into what you want.16:48
rbasakIt might be easier to learn this if you start with a real cloud rather than hyper-v.16:49
rbasakSince most people here won't know much about hyper-v's tooling.16:49
dpb1DevilTiger: you need to inform that image about your ssh ID, the cloud image isn't something that you can boot and use like that.16:49
rbasakWhereas on Ubuntu as a host we have tooling that does this all automatically by default./16:49
DevilTigeri get that. i don't get how to tell it what my ssh keys are.16:49
dpb1DevilTiger: you are on windows?16:49
DevilTigerespecially since i'm using a vhd file, not an img file. i am on windows but i have access to linux in a VM16:50
DevilTigeri guess i'll just try to create my own image16:50
dpb1DevilTiger: you should look at vagrant then?   I mean, if the WSL stuff isn't doing what you need.16:50
DevilTigertried vagrant, too much of a PITA to get running on server 08 R216:50
dpb1ok16:51
dpb1ya, I mean, basically, what vagrant is doing is interacting with cloud-init to set that ssh key inserted16:52
DevilTigeri'm trying to get xenial running in a VM so i can have pi-hole doing its thing on our windows server. i figured using a cloud image was the easiest way to get going fast without having to install it.16:53
dpb1DevilTiger: or, you use the standard 16.04 server .iso that has a UI that walks you through options.16:53
DevilTigerthats what i'm doing now16:53
dpb1DevilTiger: ya, really, that is what I would do, unless it's at scale, then I would look into automation16:53
dpb1but if it's a one off, that's what the server .iso is for16:53
DevilTigeroh no this is just for a small office of 3-5 people. tired of ads16:53
DevilTigerinstalling now, i should've just done this at first. silly me16:54
dpb1DevilTiger: fwiw, for 18.04, we are making a better single-system installer called subiquity that doesn't have the miriads of questions that the 16.04 one does.  doesn't help you now, but figured I would let you know about it16:55
DevilTigeroh sweet16:55
Ussatdpb1, when you plan to have Aplas out of that, I would be interested in testing17:18
rbasakdpb1: I prefer even one-off installs to be reproducible if they are going to be used for some production purpose.17:21
dpb1rbasak: can't argue, but there is also something to be said, for just want to install this one thing and use it.17:27
Nafallotime permitting, I'll build my own minimal image for lxd, and then use ansible to get it where I want it :-)17:28
Nafalloso "cloudy", but for production.17:29
Nafallo*shrugs*17:29
rbasakNafallo: very easy to trip up badly if you try hand rolling that kind of thing.17:29
Nafallorbasak: how so?17:30
rbasakFor example, ssh host keys.17:30
rbasakcloud-init is the tool where all the distros put all the knowledge on how to do it right.17:30
Nafallorbasak: pre-installed ssh, host keys erased and a tiny systemd unit for running ssh-keygen -A oneshot :-)17:30
rbasakNafallo: and every other gotcha that I haven't mentioned17:31
dpb1Ussat: it's ready to test now, if you are interested: http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/17:31
rbasakNafallo: well done. You've reinvented cloud-init :)17:31
UssatThanks, will do17:31
Nafallorbasak: nah. that and pre-creating the ansible user is pretty much it. ;-)17:31
Ussatgot a full esxi test system to myself17:31
rbasak/etc/hosts?17:32
rbasak/etc/hostname?17:32
Nafallorbasak: also, I said small... debootstrap --include=python,netbase,iproute2,sudo,lsb-release,openssh-server --variant=minbase rootfs xenial http://se.archive.ubuntu.com/ubuntu/17:32
Ussatdpb1, any particular way you all want feedback ? carrie pigeon, smoke signals ?17:32
Nafallorbasak: them two is lxd templates :-)17:32
rbasakAnyway, it's Free Software. You're Free to reinvent the wheel :)17:32
dpb1Ussat: haha17:32
rbasakI just wouldn't recommend that to others to use in production.17:33
rbasakSince it's quite error-prone, even if a good learning experience.17:33
Nafallorbasak: I'm not doing it to reinvent the wheel. I'm removing stuff I don't need to get a smaller attack vector, amongst other things :-)17:33
rbasakMost people don't compile their binaries in production either.17:33
dpb1Ussat: probably here: https://bugs.launchpad.net/subiquity17:33
rbasakThis is just the same thing but one level up.17:33
dpb1rbasak: oh come on, gentoo ftw17:34
Ussatdone deal.....I work at a research hospital, and our labs are exclusively Ubuntu, so I might have some help with the testing17:34
rbasakNafallo: by deviating from everyone else you're also introducing attack surface: everything you've done differently is subject to your mistakes.17:34
* dpb1 waits for X to compile17:34
rbasakNafallo: we make mistakes too, but we have the benefit of a large number of people looking and examining what we're doing.17:34
Ussatmarking your calendar dpb1 ?17:34
rbasakSomeone finds a problem and we fix it for everyone. You'll get left out.17:34
Nafalloehrm. its not like I won't use packages...17:35
dpb1Ussat: what's that?17:35
Ussatwaiting for X to cmpile17:35
Ussathave you marked on the calendar a target date17:35
Nafallowhat sort of problem would you fix outside of a package in this scenario? :-)17:36
rbasakNafallo: it's not just the packages. Problems, including security problems, can also get introduced in the interactions between the moving pieces.17:36
rbasakssh host keys is just one example of that.17:36
rbasakIt's an example of an entire class of problems. You can't say that you're fine because you've covered one instance of that class.17:36
dpb1Ussat: haha17:37
dpb1Ussat: no kidding17:37
dpb1you know, I ran gentoo for a while for fun.  for me, I knew it was a problem when I started scheming ways to set up distcc so I could compile faster and update packages faster.17:37
Ussatdpb1, yea I did also, needed a space heater :)17:38
Nafalloheh. I remember gentoo as well. ran it for almost a year solid before moving back to Debian :-)17:39
Ussatstage1 installs FTW17:39
Nafallothat was before they started with pre-compiled binaries and installers and stuff though :-P17:39
dpb1Ussat: :)17:39
* Ussat remembers doin a stage 1 on a Pentium417:45
* Ussat cries17:45
NafalloI did my first gentoo install on a P200 with 16MB memory IIRC. took a week to get Fluxbox :-)17:45
Nafallothis would have been around 98-99 maybe?17:46
Ussatyup17:46
UssatMy first linux was with Gentooo, thats also about the time I started drinking :)17:47
Ussatgo figure17:47
Nafallo26 July 2000; 17 years ago ← a little later :-)17:47
Nafalloinitial release date, btw17:47
tewardrbasak: FWIW i think the nginx autopkgtests are 'working', but... http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#nginx - looks like some arm64 tests are hung, they've been in that state for a while now18:33
rbasakcpaelzer: regarding 1737998, I was under the impression that NTP over local link IPs should be fine in principle, and was going to ask if there was a specific case where that doesn't work.18:48
rbasakcpaelzer: but I think you've already asked that?18:48
hdon__hi all :) i've been using linux since i was like 13, ten years later, i'm starting to identify some foolish notions i still harbor. i used to think that by deleting password with passwd -d <user> that i was disabling password authentication for that user. that my be so, but the user can also reset their password without knowing their existing password at that point.18:57
hdon__my question is: what's the correct procedure for password reset?18:58
Ussatpasswd <username>18:59
metastablehdon__: passwd -l <username> will disable password authentication.21:07
DevilTigerinstalling ubuntu server with only 512MB of RAM takes forever21:28
dpb1DevilTiger: uh, ya21:32
sarnoldI'll be curious if it even completes..21:32
DevilTigerheh i had to restart it once due to grub failing. unplugged ethernet (why that has anything to do with grub failing is beyond me) and its gotten past that. at "running update-initramfs right now21:33
DevilTigerannoyed me enough to order 3gb more ram for the hypervisor its under. 1 GB just ain't cuttin it21:34
sarnoldthat 'unplug ethernet' thing sounds vaguely familiar, but from ages ago...21:34
DevilTigersays install is completed. waiting on reboot now21:35
DevilTigersince i didn't autoconfig my lan adapter what would i do to set that up? dhclient wlan0 ?21:40
sarnold/etc/network/interfaces  .. mine is entirely too simple:21:41
sarnoldauto enp5s0f021:41
sarnoldiface enp5s0f0 inet dhcp21:41
sarnold(with lo of course, same as yours :)21:41
DevilTigeri've added iface wlan0 inet dhcp to my interfaces file. that isn't going to be enough21:43
DevilTigeras there is no wlan0 device21:43
sarnoldright, either rename the device or live with the name it has :)21:43
DevilTigeruh maybe i'm confused but there is no device21:43
sarnoldand no idea about how to manage a wifi card via /e/n/i, sorry21:43
DevilTigerlike i said, there is no wlan021:44
DevilTigererr excuse me, i'm not adding wifi. eth021:44
sarnoldso, "ip l" doesn't show you the nic you expect to be there?21:45
sarnoldmaybe you need to load a kernel module for your nic21:45
DevilTigerthe NIC is there, yes. eth021:45
DevilTigerpihole21:47
DevilTigererr wrong channel for the last one21:47
DevilTigeradding eth0 to the interfaces file did it. ty. figured there was more to the process21:51
hdon__metastable: ahhh thanks :)22:02

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!