/srv/irclogs.ubuntu.com/2018/01/09/#ubuntu-server.txt

naccslashd: thanks for the prompt help there00:01
cliluwWhere do I find the debug symbols for SSSD? I don't see a sssd-dbg package.01:35
sarnoldcliluw: probably http://ddebs.ubuntu.com/01:37
sarnoldsweet http://ddebs.ubuntu.com/pool/main/s/sssd/01:37
sarnoldcliluw: there's a handy way to add that repo to apt so you can use it exactly as you wish01:37
sarnoldhttps://wiki.ubuntu.com/Debug%20Symbol%20Packages01:38
cliluwsarnold: That's very informative. Thank you!01:39
tsimonq2Hey hey :)05:51
naccrbasak: fyi, i think it makes sense to stack all of my importer changes on top of yours -- turns out it actually rebased really easily; now to break it up so you can review :)06:14
cpaelzergood morning06:27
cpaelzernacc: thanks for your reply on the MP, I'm one level further on actually understanding what it is about07:00
cpaelzerI'll try my luck on discussing it again - which hopefully is again either helpful or drives it to be more understandable in general :-)07:01
lordievaderGood morning07:03
cpaelzerhiho lordievader07:07
lordievaderHey cpaelzer07:08
lordievaderHow are you doing?07:08
cpaelzeras I should :-)07:14
cpaelzerand you?07:14
lordievaderDoing good here :)07:20
cpaelzerglad to hear that07:20
promach_hi, I have https://paste.ubuntu.com/26351812/ but I still could not connect to internet for one of my Ubuntu box. May I know why ?07:58
cpaelzerpromach_: you have 100% loss of your ping08:01
cpaelzerso the assumption would be that you cannot be routed there08:01
cpaelzerpromach_: what kind of setup is that - home setup with computer+router or something more complex?08:02
promach_cpaelzer: I connected to my Ubuntu box through SSH08:02
cpaelzerso you have your system you are sitting in fornt of - and a box that you have connected to via ssh?08:04
promach_yes08:04
cpaelzerand you connected via ssh over local network?08:05
promach_local ==> My desktop connects to one ethernet port, my ubuntu box is connected to another. They are not physically connected08:06
promach_local ==> My desktop connects to one ethernet socket, my ubuntu box is connected to another ethernet socket. They are not physically connected08:06
cpaelzerok both plugged on the same local switch or router then I'd guess08:06
promach_I suppose08:07
cpaelzerpromach_: is your Desktop linux as well?08:07
promach_yes08:07
cpaelzerok, then for a start compare the network and routing of both08:07
cpaelzerthat would be something like08:07
promach_both my desktop and my box are using Ubuntu08:07
cpaelzerip route show08:07
cpaelzerand08:07
cpaelzerip addr show08:08
promach_for my box ?08:08
cpaelzerpromach_: do the following on both boxes08:08
cpaelzer(ip addr show; ip route show) |& pastebinit08:08
cpaelzerwell if you have no internet that won't help too much08:08
cpaelzerbut call the commands (without the redirection to pastebinit08:08
cpaelzerand compare the output08:09
promach_ok08:09
cpaelzeryour desktop should have routing set up correctly (we see you here) - but the other system seems to differ08:09
cpaelzeryour config has manually set gateway 172.21.150.1  on the server08:10
cpaelzerin case this is the wrong thing you should fix it08:10
cpaelzeryour desktop works so check what it has08:10
cpaelzerand that ip route show will tell you08:10
promach_https://www.diffchecker.com/JlL4Hy5x08:11
cpaelzerI won't recommend on network setup in general08:11
cpaelzerbut it seems your gateway should be 172.21.151.25408:12
promach_so, nameserver 172.21.151.254 for ubuntu box ?08:12
cpaelzerwhy not just use dhcp, that likely just works?08:12
promach_I need static IP08:12
cpaelzerI'd still recommend telling your dhcp server to make the ip reliable08:13
cpaelzerbut the shortest path to solve this for now is to set gateway to the address above08:13
promach_ok, now rebooting my ubuntu box after gateway address modification08:14
cpaelzerno need to fully reboot08:14
cpaelzerbut I assume you triggered it already08:14
promach_already rebooted08:15
promach_root@localhost:~# cat /etc/resolv.conf08:15
promach_# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)08:15
promach_#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN08:15
promach_nameserver 8.8.8.808:15
promach_nameserver 8.8.8.808:15
promach_nameserver 8.8.4.408:15
promach_nameserver 172.21.151.25408:15
promach_root@localhost:~#08:15
promach_thanks.08:16
promach_I could do08:16
promach_apt-get update08:16
promach_now08:16
promach_cpaelzer08:16
cpaelzerok, have fun promach_08:16
promach_ok08:16
joelioany idea what time the kernel patches land? thanks08:52
rbasakjoelio: please keep all spectre/meltdown discussion in #ubuntu-hardened.09:05
rbasakPeople in this channel don't know.09:05
joeliorbasak: sure, didn't know that was a channel!09:31
=== MannerMan_ is now known as MannerMan
=== albech1 is now known as albech
=== albech2 is now known as albech1
nacccpaelzer: +1 thank you!15:42
cpaelzernacc: the needs-review -> WIP changes are outdated things you want to update first?16:27
mtlI have been running kernel 4.10.0-30-generic for 153 days on Xenial, will there be a security kernel upgrade soon and do I need to reboot my server?16:58
patdk-lapyes, yes16:59
sdezielmtl: you'll be moving to 4.13 (see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown)17:00
ScottENo fixes for 4.10 per https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown - see the very bottom17:01
ScottEWhoops, sorry sdeziel - beat me to it :-)17:01
mtlthere's 4.13 package but I think I should just wait for the upgrade?17:09
sdezielmtl: you want at least 4.13.0-25.29 for Meltdown17:12
nacccpaelzer: yeah17:20
mwhahahacoreycb, jamespage: what is the default groups that are used for the services? is there a special group or is it just a group named after the service? ie heat, zaqar, etc18:01
coreycbmwhahaha: i think it typically corresponds to the service18:03
mwhahahaok wasn't sure if it was usually like adm or something as i've seen that for some stuff18:04
coreycbmwhahaha: i just grepped a few to be sure, and they correspond to the service. there may be some exceptions that i didn't come across, but in general this is the case at least.18:05
mwhahahasounds good, the policy.json file is going away and it used to be root:<service> so i'm needing to handle that in -puppet for continuity18:06
coreycbmwhahaha: ah right, the defaults are moving into the code now18:08
mwhahahayea so in RDO we're dropping the files18:08
mwhahahabut the way we manage the files in puppet assumes the existence of such files :D18:09
mwhahahai think it's always been broken for ubuntu tho18:09
mwhahahacause i'm not sure if they exist or not18:09
coreycbmwhahaha: well you should be able to just drop them for ubuntu if you want the defaults18:10
mwhahaharight, we have an optional ability to update the existing ones (or add new ones)18:10
coreycbmwhahaha: ok makes sense18:11
DexterFhi18:40
dpb1o/18:49
DexterFinstalled minimal ubuntu server and now want to turn it into an AP via a usb 11n stick. I'm fairly green with routing/AP setup and hostapd gives me trouble. so far I installed hostapd and dnsmasqd, modified a sample hostapd.conf and ran it against a strangely cryptic device name which according to ifconfig -a is the wifi device18:52
DexterF"wlx74da38e18cfb" namely - sounds odd, is this the wifi dev..?18:53
sdezielDexterF: yes as it has the "wl" prefix18:53
naccpowersj: fyi, i just reproduced our ci issue on bionic on my laptop18:54
naccpowersj: are we using x-backports in CI?18:55
UssatDexterF, why ??? buy a cheap AP and be done with it18:55
powersjnacc: interesting, when I ran it using the integration-test script, which launches a xenial cloud image to the testing it reproduced as well, but when I built the snap locally and installed it, everything worked18:55
naccpowersj: which snap locally?18:55
naccpowersj: i think it's a lxd bug18:55
powersjmaster18:55
naccpowersj: so you built the git-ubuntu snap, installed it, then ran the integrationn test using that snap:18:56
powersjgit-ubuntu from master (to be more clear)18:56
nacc?18:56
powersjThe failure seems to come from when you run your in-tree integration test, specifically18:56
powersjgit-ubuntu build-source18:56
DexterFUssat, last resort option. long story.18:56
naccpowersj: right, build-source launches a container18:56
naccpowersj: did you try that on your host?18:56
DexterFthis is hostapd -dd https://pastebin.com/Aaeuavvu18:56
powersjnacc: yes and that is what worked and completed as expected18:56
naccpowersj: that's what fails on bionic18:57
powersjnacc: https://paste.ubuntu.com/26354741/18:57
naccpowersj: does your host have x-backports enabled?18:57
powersjnacc: no I'm running artful and using the lxc/lxd snap18:57
naccah18:57
DexterFtells me a lot but not exactly what's a warning, what's a rightful error and its state. does not seem to be working though.18:57
powersjwhich I think is the same version of x-backports18:57
naccpowersj: i think that's the difference18:57
naccfound the bug18:57
powersjok :)18:57
nacc(I think)18:57
nacclol18:58
naccany snap that calls the host's LXC is busted18:58
naccstgraber: --^18:58
nacchttps://paste.ubuntu.com/26354780/18:58
nacccalling /usr/bin/lxc from a classic snap, where SNAP will be set, means /usr/bin/lxc thinks it is a snap :)18:59
stgraberhmm, indeed, not sure what we can really do about that, all the other env variables are likely to be just as wrong :)19:00
naccstgraber: yeah19:00
naccstgraber: i *could* unset the SNAP env variables in that subcommand's call19:00
naccthat entails a lot of knowledge of lxd in our code :)19:01
naccwell, "a lot" == any :)19:01
naccpowersj: so you're off the hook, can you re-assign the bug to me?19:01
powersjnacc: will do!19:01
stgraberwe could change the logic in LXD to check for some other variable that we set in the snap wrappers but that'd take a while for us to do as we don't have any planned LXD releases until 3.019:02
naccstgraber: yeah -- i can do the above in our code for now, with a comment19:02
naccit would be nice if there was some way to know you're a re-exec from snapd, but i suppose that's something that should be transparent to the child19:02
powersjnacc: I could unassign myself, but not assign19:04
naccpowersj: ok19:04
naccpowersj: i'll fix it19:04
naccstgraber: i don't have a repo in front of me, was that introduced with 2.0.21?19:08
stgraberprobably around 2.18 for the feature releases and definitely 2.0.11 for the LTS19:09
stgraber2.0.11 is the first LXD LTS release to work as a snap19:09
nacchrm, strange that we only started hittig this recently19:10
naccstgraber: or was that a typo? 2.0.11 is what is in x-updated19:10
stgraber2.0.11 is the latest LXD LTS release and what's currently in xenial-updates19:11
naccstgraber: ok, just double-checking19:11
nacci wonder if this is a snapd change19:14
powersjnacc: builds started failing on build 119 which was Dec 11 according to jenkins19:18
powersjhere is the upgrade log: https://paste.ubuntu.com/26354850/19:18
powersjwhich shows snapcraft, but no snapd upgrade till new year19:19
naccyeah it's weird19:22
naccwell that works19:27
naccpowersj: and i think, funnily, if i run the job with the fix, it will pass CI :)19:27
powersjawesome19:27
powersjhave a diff?19:27
naccpowersj: about to propose the MP, one sec19:29
naccpowersj: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/33590019:32
powersjok :) now let's watch ci pass19:33
=== Neo5 is now known as Neo4
naccpowersj: just to confirm, the git-ubuntu ci is still using lxd as a deb, right?20:28
powersjnacc: correct, it uses the lxd that comes with the xenial cloud image20:28
naccpowersj: ok, the job still failed, i'm looking20:29
powersjwe do all the testing in a vm20:29
DexterFwhy do wifi interfaces have these terribly cryptic names in u/s? 16.04?20:33
DexterF[10425.671179] rtl8192cu 1-3:1.0 wlxe84e0633374f: renamed from wlan020:34
DexterFwlan0 would have been nice actually20:34
naccDexterF: feel like you are 2+ years too late to the party: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/20:35
naccDexterF: it's been that way since 16.04, at lleast20:36
naccDexterF: you can disable it if you want, but it does solve a large class of problems20:36
mdeslaursuch as making the systemd gods angry20:38
naccmdeslaur: :)20:38
mdeslaur;)20:38
DexterFok, if that's a legitimate dev name then. still cannot figure why hostapd tears down the AP again but I guess that's one for the forums20:38
mdewHello. Has anyone had any luck disabling EUI64 IPv6 addresses on 17.10? I've applied a static IPv6 address via netplan, but it's still leasing that address 'link-local' to my eth0.21:10
gunixguys, when is ubuntu releasing kernel update for meltdown security vulnerability for 16.04? the latest kernel from repo is from dec 11 and it's vulnerbale21:10
TJ-gunix: kernels are in testing, some possible regressions still being investigated21:11
gunixTJ-: so debian released the kernel update without testing?21:12
=== lol768_ is now known as lol768
TJ-gunix: you'd have to ask Debian that. There are many variations of the Ubuntu kernel images requires a lot of testing. Some Red Hat/CentOS systems have been suffering inability to boot after applying the RHEL patches too.21:24
gunixTJ-: redhat had to backport to kernel 3 ... i'm not amazed21:25
TJ-gunix: the 4.13 kernel is -proposed right now, for wider testing, and a later version is in the kernel PTI PPA21:29
gunixTJ-: kernel 4.13 is proposed for whaT?21:29
gunixTJ-: arch is on 4.15, deb is on 4.9, ubuntu LTS is on 4.4 :D21:29
TJ-gunix: 4.13 is the hwe-edge kernel for 16.04; the current 4.10 hwe (from 17.04) is out of support on 13th Jan so no patches being applied to that. 4.4.0-108.131 is currently in the kernel PTI PPA21:31
Odd_Bloke-108 just migrated to -security, should be available to install on machines any minuten now.21:33
cyphermoxmdew: I think you want to set "accept-ra: no"22:28
cyphermoxotoh, you're talking about the link-local address...22:28
mdewcyphermox: I have accept_ra=0 in sysctl, but no luck. I am talking about the link-local address. I'm able to remove it via 'ip addr delete', but I'd like it to not even try to get that address on boot.22:32
mdewcyphermox: net.ipv6.conf.default(and eth0, and lo, and all).accept_ra=0, as well as .autoconf=022:33
cyphermoxmdew: right, but this is something else22:34
mdewcyphermox: "something else?" are you speaking in regards to the netplan yaml config, or..?22:36
cyphermoxmdew: both really22:37
cyphermoxnetplan does not currently support this22:37
cyphermoxsystemd *might*, but I'd want to test it first to see if it really does the right thing22:38
cyphermoxmdew: the true "link-local" addresses over fe80:: can't currently be disabled via netplan, accept-ra is to disable SLAAC using the prefix coming from RAs22:39
cyphermoxmdew: please file a bug at https://bugs.launchpad.net/netplan/+filebug  so I don't forget to implement this22:41
tsimonq2o/22:41
tsimonq2grr22:41
tsimonq2(upped two times instead of one)22:42
gunixTJ-: ubuntu 16.04 is LTS distro so people expect to have the LTS kernel on it, not 4.1322:47
Odd_Blokegunix: 4.13 is more recent, so the patches were easier to apply there (and there's less risk), which I believe is why it landed first.22:48
Odd_Blokegunix: That said, the LTS kernel is now available in xenial-security. :)22:48
mdewcyphermox: I misinformed what I was talking about. It wasn't the link-local, but a couple of other IPs in a similar net-space that I had statically assigned.  EUI64. I attempted to apply 'accept-ra: no' in the yaml config before you had responded, applied, and rebooted. Came back up without those other two global IPs, just the one that I assigned, and the link-local. So I think I've got it figured out.22:51
mdewThanks22:51
gunixOdd_Bloke: checking now, i hope it exists on the mirror from romania22:53
gunixOdd_Bloke: TJ-: yes, the kernel update is here!22:53
Odd_Blokegunix: :)22:54
Odd_Blokegunix: To avoid relying on your mirror for important security updates, it's recommended to keep security.ubuntu.com in your sources.list for -security.22:54
cyphermoxmdew: alright22:54
cyphermoxmdew: if there's anything, there's #netplan, don't hesitate :)22:55
naccstgraber: hrm, so i'm doing a bunch of logging and i see that i'm correclty unsetting SNAP in the env before calling lxc. But it still is using /var/lib/snapd/hostfs ... any ideas?23:25
keithzgOho, here I was refreshing https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html wheras I should've just been `apt update`ing!23:26
stgrabernacc: hmm, our test is litteraly os.Getenv("SNAP") != "", so unsetting should do the right thing...23:28
naccstgraber: yeah23:28
naccstgraber: there's not an easy way for me to debug that, is there?23:29
stgrabernacc: so you're seeing it attempt to connect to the wrong socket path?23:32
naccstgraber: first line is the env sent to subprocess.run23:33
stgraberhmm, actually, that wouldn't make sense, the socket path is determined based on the LXD_DIR env variable (if present), so I'm guessing you're talking about file transfers or something else that uses paths?23:33
naccstgraber: yeah, it's `lxc file push` that's failing for us23:34
naccstgraber: you cann see line 4 is passing a normal host path and then line 6 is using snapped-path23:35
stgrabernacc: line 4 of?23:35
naccthe pastebin23:35
naccbah which i didn't paste!23:35
nacchttps://paste.ubuntu.com/26356323/23:35
naccstgraber: sorry!23:35
stgraber:)23:35
stgrabernacc: not sure what to tell you, the only mention of the /var/lib/snapd/hostfs path in our entire codebase is in our HostPath() function here https://github.com/lxc/lxd/blob/master/shared/util.go#L10623:37
naccstgraber: yep, that's where i saw the bit about SNNAP23:38
nacc*SNAP23:38
stgrabernacc: and an unset/empty SNAP should definitely get you out of there (3rd if)23:38
naccyep23:38
stgrabernacc: just for fun, did you try running /usr/bin/env rather than "lxc", do see what the actual env is for a subcommand?23:39
naccstgraber: let me do that now23:39
naccstgraber: oh bother23:40
naccstgraber: i see it now23:40
naccstgraber: totally my fault23:40
naccstgraber: does the hostpath stuff affect pull too?23:41
stgraberyep23:42
naccstgraber: ok, let me test this fix23:42
naccstgraber: i was dumbly changing the env of commands run with `lxc exec ...` rather than the `lxc file ...` commands23:47
naccstgraber: so the one place it matters wasn't being affected :)23:47
stgraber:)23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!