[06:34] <cpaelzer> good morning
[07:01] <lordievader> Good morning
[10:03] <jamespage> cpaelzer: good morning
[10:03] <jamespage> cpaelzer: need some help with https://bugs.launchpad.net/cloud-archive/+bug/1739585
[10:03] <cpaelzer> hi jamespage
[10:03] <cpaelzer> let me read
[10:03] <jamespage> cpaelzer: ta
[10:04] <cpaelzer> jamespage: you know the nested story is "it works great most of the time until it doesn't" :-)
[10:04] <jamespage> cpaelzer: yup
[10:04] <cpaelzer> so this is one :-)
[10:04] <jamespage> cpaelzer: unfortunately we kinda rely on this for testing
[10:04] <jamespage> cpaelzer: I guess I could switch back to using userspace qemu
[10:04] <cpaelzer> sure I know the CI things behind this
[10:05] <cpaelzer> which isn't 100% reliable either
[10:05] <cpaelzer> jamespage: you could think next time you buy HW to buy AMD which is said to be slightly more stable at nested
[10:05] <cpaelzer> like 99.99 vs 99.9 %
[10:05] <jamespage> lol
[10:05] <cpaelzer> but none in the 5-9s or more
[10:08] <cpaelzer> jamespage: to confirm - this is Host "xenial (4.4) + queens stack" running zesty (or X-HWE) 4.10 KVM guests and in said KVM guests running 4.10 again
[10:08] <jamespage> cpaelzer: base cloud is 4.4 with ocata
[10:08] <cpaelzer> ok
[10:08] <jamespage> cpaelzer: test cloud is xenial (4.4 or 4.10) with queens stack
[10:08] <jamespage> from bionic basically
[10:08] <cpaelzer> yep
[10:08] <cpaelzer> ok
[10:08] <cpaelzer> thx
[10:09] <cpaelzer> jamespage: also I wonder about "specific hosts" in the bug - what makes them "specific"
[10:09] <cpaelzer> just a few of your systems but those always failing?
[10:09] <jamespage> cpaelzer: I think they are the newer hardware ones
[10:14] <jamespage> cpaelzer: yeah confirmed - flemming is ~12 months old, caipora is 6 years old
[10:14] <cpaelzer> jamespage: is flemming the failing one and is it >=Haswell thne?
[10:14] <jamespage> yes
[10:15] <jamespage> its a "Intel(R) Xeon(R) CPU E5-2650 v4"
[10:20] <cpaelzer> jamespage: IIRC openstack will make model a host-passthrough or host-model right?
[10:36] <cpaelzer> jamespage: I dumped some background, comparison data from my system and a few requests to the bug
[10:36] <jamespage> cpaelzer: ta
[10:36] <cpaelzer> jamespage: I hope based on this we can spot a difference that is a tunable you might be able to change
[10:36] <cpaelzer> but no guarantees
[10:37] <cpaelzer> this is just setting up the scanners based on how this issue showed up a few years ago
[10:41] <jamespage> cpaelzer: http://paste.ubuntu.com/26226375/ thats in the vm
[10:41] <jamespage> http://paste.ubuntu.com/26226377/ is the host
[10:41] <jamespage> so infact its a broadwell, not a haswell
[10:42] <jamespage> so I think that's host-model rather than host-passthrough
[11:07] <cpaelzer> jamespage: (me reading)
[11:07] <jamespage> cpaelzer: attached stuff
[11:07] <cpaelzer> thx
[11:07] <jamespage> cpaelzer: the last two are odd - one is from an OK host the other from a failing one
[11:08] <jamespage> the OK host as an AMD cpu definition
[11:08] <jamespage> but its not AMD?
[11:08] <cpaelzer> G4 AMD ?
[11:08] <cpaelzer> wut
[11:09] <jamespage> yeah
[11:09] <jamespage> that's what I said
[11:10] <cpaelzer> jamespage: I'm picke dup for lunch, back later
[11:10] <cpaelzer> jamespage: how much can you tune the cpu definitions?
[11:11] <cpaelzer> for testing would you be fine dropping all these host-* things?
[11:11] <cpaelzer> a "normal"  defautl cpu might do
[11:11] <cpaelzer> back later
[11:15] <jamespage> cpaelzer: ack - tbh this is not a priority right now - need to figure it out but its nearly christmas :-)
[11:17] <jamespage> cpaelzer: tbh I'm a bit baffled - libvirt and qemu are identitical to pike, where I've not seen this issue
[11:17] <jamespage> I guess its possible non of my hypervisors landed on a newer hardware machine
[11:19] <jamespage> coreycb: good and bad news
[11:20] <jamespage> good news is I have a oct profile that will configure a queens v3 cloud and tempest configuration
[11:20] <jamespage> bad news - https://bugs.launchpad.net/cloud-archive/+bug/1739585
[11:20] <jamespage> I found a bug!
[11:20] <jamespage> \o/
[12:05] <cpaelzer> hmm
[12:05] <cpaelzer> back with you and reading jamespage
[12:20] <cpaelzer> jamespage: I can't reproduce, maybe all my chips are just too old
[12:20] <cpaelzer> jamespage: I tried to add all the custom cpu magic, but that isn't (as expected) compatible with the cpus I have
[12:20] <cpaelzer> and with a smaller set it doesn't trigger
[12:21] <cpaelzer> jamespage: I updated the bug but wanted to ask how much you have control over what cpu definition openstack adds in these cases?
[13:44] <jamespage> cpaelzer: I can tweak what the L2 hypervisors do, but not really the L1's
[13:45] <cpaelzer> hmm
[13:45] <cpaelzer> for now that is the best I could recommend to try
[13:45] <cpaelzer> too bad you can't normalize L1's
[13:46] <cpaelzer> as there will be the HW dependent part
[13:46] <cpaelzer> likely L2 only carries things forward
[13:46] <cpaelzer> but it looks broken enough that even only tweaking L2 might help
[15:12] <jamespage> cpaelzer: actually I'm not sure this is not a longstanding issue
[15:12] <jamespage> cpaelzer: I just think I tripped ont he same problem with a xenial/pike test
[15:13] <jamespage> yes indded i have
[15:14] <cpaelzer> ok
[15:14] <cpaelzer> so less of a regression than we thougth
[15:14] <cpaelzer> but still an issue that stalls/stops your tests
[15:14] <cpaelzer> any luck with trying to convince openstack not to try to define the custom cpu?
[17:07] <ToAruShiroiNeko> I am trying to follow https://www.ostechnix.com/install-and-configure-dns-server-ubuntu-16-04-lts/
[17:08] <ToAruShiroiNeko> I am a bit confused
[17:11] <Ussat> My first question would be, why do you want to run a DNS server ?
[17:19] <ToAruShiroiNeko> My hostname provider does not provide dns as well
[17:19] <ToAruShiroiNeko> It was quite shocking so I am trying to learn how to do this thing.
[17:20] <ToAruShiroiNeko> basically all the DNS server will do is to resolve two websites and its relevant subdomains
[17:24] <rbasak> That tutorial doesn't really do what you want.
[17:25] <rbasak> All the right pieces are there, but you need to understand which bits you want. It might be easier to find a more suited tutorial.
[17:25] <ToAruShiroiNeko> yes, it seems to be creating a local dns server
[17:26] <rbasak> Yeah. For a LAN, with reverse DNS, and with the local machine configured to use its own service.
[17:26] <rbasak> None of those things are relevant for an Internet DNS server to host a properly delegated name.
[17:26] <rbasak> It's usually an error to point anything directly to a master DNS server, too.
[17:27] <ToAruShiroiNeko> right so do you have a tutorial or keyword in mind for me?
[17:27] <ToAruShiroiNeko> I am uncertain what I should seek :/
[17:29] <metastable> It may be more helpful to find a DNS hosting service than to try to roll your own, as a misconfigured public-facing DNS server can be exploited to leverage attacks on others.
[17:31] <rbasak> Depnds on the goal.
[17:31] <rbasak> As a learning experience, it's fine :)
[17:32] <rbasak> A misconfigured anything on the the Internet can be exploited.
[17:32] <metastable> A misconfigured DNS server especially so. Saying that it's as bad as anything else is a false equivalence.
[17:33] <rbasak> Installing bind in Ubuntu should be safe on its default.
[17:33] <rbasak> And so should simply adding a zone.
[17:33] <rbasak> Which I believe is all that is needed here.
[17:34] <rbasak> If it is not safe by default, please file a security bug, and I'll be happy to look at it urgently.
[17:35] <rbasak> Following unsafe third party instructions (such as enabling forwarding) is not safe.
[17:35] <sdeziel> ToAruShiroiNeko: part 2 of the tutorial you referenced touches on how to setup a master server, that's probably a good starting point
[17:35] <rbasak> But then that's sort of a tautology.
[17:36] <rbasak> sdeziel, ToAruShiroiNeko: it does, but it also conflates that with adding a reverse zone and pointing the server to its own master DNS server. The first is not necessary, and the second would be a misconfiguration in this case.
[17:38] <Ussat> Running a public facing DNS server correctly is not trivial, I would find a hosting service that will do it
[17:39] <sdeziel> rbasak: ToAruShiroiNeko: yeah, I don't know why they are putting it as dns-nameservers in /etc/network/interfaces. It wouldn't work if only part 2 is followed
[17:39] <Ussat> I would seriousely consider finding a service to do this
[17:39] <Ussat> a mis-confgured public facing dns server is a huger target
[17:39] <Ussat> huge
[17:41] <ToAruShiroiNeko> Are there free providers for this where I can simply register a domain?
[17:41] <ToAruShiroiNeko> in the past I have only used godaddy
[17:41] <Ussat> I dont know about free, but most are inexpensive
[17:41] <metastable> CloudFlare will host your DNS for free. You just need to change the nameservers at the domain's current registrar.
[17:41] <Ussat> there ya go
[17:41] <ToAruShiroiNeko> I can do that, sure
[17:42] <metastable> DNS updates are also VERY, VERY quick. Seconds, in most cases.
[17:42] <ToAruShiroiNeko> yes but my goal was to run this for two domains only and forward everything else to a known one, if I can out source this for free, I will love to do that
[17:43] <metastable> CloudFlare will do what you want.
[17:43] <ToAruShiroiNeko> yup, creating and account etc
[17:45] <metastable> Note that CloudFlare does a lot more than just DNS, but I don't use any of those features.