[00:23] <nacc> ahasenack: total guess, but bin/python/setup.py seems to be missing any statement of its dependnecies
[00:25] <TJ-> Had a strange lvm issue here. LV mirror with 2 sides plus log. Made it inactive to "lvextend -L 60G Archive/SourceCode" and then "lvchange -aly Archive/SourceCode" fails with 'device or resource busy. Eventually noticed with "lvs -a -o +devices" the attributes of the mirror sides were marked I (inconsistent) and the mlog no longer had the 'l' flag - compared to other similar mirrored LVs. Then, after
[00:25] <TJ-> having used the 'lvs' command, 'lvchange -aly' worked!' I'd already tried to force a resync and that hadn't helped. Any ideas what was going on?
[01:05] <b18c5> do i just install squid and im on a proxy server ? or how does that work ?
[01:10] <tomreyn> b18c5: if you are connected to a server and install squid there then you're on a proxy server since squid is that. but i'm not sure that's what you're trying to do.
[01:10] <b18c5> honestly im new on this o/s im used to windows, looking for a sense of security lol
[01:12] <tomreyn> installing squid will not magically provide security. in fact any extra listening service you install increases the attack surface.
[01:12] <tomreyn> what are you trying to achieve?
[01:13] <b18c5> blocking my i.p adress
[01:13] <tomreyn> if you block your ip address from your server then you won't be able to connect to your server anymore.
[01:14] <b18c5> sorry, i'm trying to block my i.p adress from other people
[01:14] <tomreyn> maybe you want to access the internet (or services on the internet) without disclosing the ip address of your router at home?
[01:14] <sarnold> I'd suggest grabbing a book such as TCP/IP Network Adminstration before going any further
[01:15] <b18c5> mainly on irc lol i feel like a target on here
[01:16] <sarnold> if you wish to irc slightly anonymously then your best bet is Tor
[01:16] <tomreyn> also read up on "irc bouncer"
[01:16] <b18c5> how would tor work ? isn't that for web browsing ?
[01:16] <tomreyn> tor works for any tcp protocol
[01:17] <tomreyn> irc is a tcp protocol, as is http(s)
[01:17] <b18c5> when i whois myself though my information pops up
[01:17] <TJ-> b18c5: if you've a registered nickname on Freenode you can ask in #freenode for a mask
[01:17] <b18c5> i did lol
[01:17] <sarnold> note that a mask is only a 'best effort'; if services is down when you connect it can't help.
[01:18] <b18c5> i tried a vpn but that shit was confusing
[01:21] <b18c5> besides that issue, how would i do a disc clean up on a linux based system ?
[01:22] <sarnold> sudo dd if=/dev/zero of=/dev/whatever bs=131072
[01:22] <sarnold> that block size is just 128 kilobytes. there's nothing magical about that number. It's just big and a power of two.
[01:23] <sarnold> some guy has put together 'dban', 'derik's boot and nuke', iirc, that does something similar for all connected hard drives.
[01:25] <tomreyn> the names' "darik", and that's not really ubuntu related, but it's a commonly used option for overwriting hdd's.
[01:25] <TJ-> it's easy to do from initrd; just boot with "break=premount" and then use the shell and dd to do parallel dd's on each device
[01:26] <b18c5> i think i ended  up deleting and upgrading everything
[01:26] <sarnold> tomreyn: d'oh! thanks :)
[01:27] <tomreyn> sarnold: and i mixed you up with b18c5, sorry.
[02:06] <mbff> Hello, I'm running into an issue where my Ubuntu server is not responding to port forwarded requests.
[02:06] <mbff> I have disabled ufw. Nginx for example works on the lan and localhost but not from wan
[02:07] <sarnold> what error messages do you get onthe clients and the server?
[02:07] <mbff> nothing, it just hangs
[02:07] <mbff> I see the packets hit with tcpdump, but curl hangs
[06:21] <HateNetPlan> Hello, I asked this over in #ubuntu and they directed me here. I am trying to convert my /etc/network/interfaces to netplan, and am having trouble getting the routes to work the same. I was hoping someone would be able to help me make a new netplan yaml file based on my old config. Here is a picture of it (with netmask having a typo, woops) https://puu.sh/z9RAL.png
[06:28] <cpaelzer> goot morning
[06:28] <cpaelzer> taking a look HateNetPlan ...
[06:28] <HateNetPlan> Good to hear!
[06:28] <nacc> cpaelzer: thanks
[06:29] <cpaelzer> get to bed nacc!
[06:29] <nacc> cpaelzer: yeah :)
[06:32] <mason> HateNetPlan: FWIW, I don't think ifupdown is going away. Merely deprecated.
[06:32] <mason> I plan to cling to it like grim death.
[06:32] <nacc> mason: +1
[06:33] <nacc> i believe the default on fresh installs may have switched, or might switch, or something
[06:33] <HateNetPlan> Someone will save it, that much I am sure
[06:33] <nacc> but upgrades should keep ifupdown going forward
[06:33] <nacc> and you can always install it manally
[06:33] <HateNetPlan> Ubuntu 17.10 swapped already
[06:33] <cpaelzer> yes
[06:33] <HateNetPlan> It's default netplan
[06:33] <cpaelzer> it is no more there by default
[06:33] <cpaelzer> ifup/down
[06:33] <cpaelzer> but still exists
[06:35] <cpaelzer> HateNetPlan: as you already found hooks no more directly exist in netplan (as some of the backends don't have them)
[06:35] <cpaelzer> see https://wiki.ubuntu.com/Netplan#Frequently-asked_questions
[06:35] <cpaelzer> so for your case the recomended way is to encode the former logic in systemd services afaik
[06:35] <cpaelzer> like https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ and such
[06:36] <cpaelzer> it is a bad time of the day - afaik cyphermox works on converting some packages with hooks
[06:36] <cpaelzer> I know they work on a how-to describing how to convert several old cases
[06:36] <cpaelzer> but it doesn't exist yet (not that I'd know of)
[06:37] <cpaelzer> HateNetPlan: I assume based on your eni-rule you wanted it to push/pop the routing rule every time it does up/down
[06:37] <HateNetPlan> Yes.
[06:41] <cpaelzer> to my lack of good phrasing netplan is meant to provide one simple config so that you don't mind to have to understand networkd and/or networkmanager - so you become independent where you are for the most common cases
[06:41] <cpaelzer> I think we can agree that your case is interesting, but maybe not the most common one
[06:41] <cpaelzer> netplan doesn't prevent you to use any special backend features
[06:41] <cpaelzer> so on a server it would render to systemd-networkd
[06:42] <cpaelzer> I wonder if we could express it there somehow
[06:42] <cpaelzer> but https://www.freedesktop.org/software/systemd/man/systemd.network.html is rather lengthy for a fast "ah there it is" :-)
[06:42] <HateNetPlan> Maybe I should have started around there haha, spent more time then I care to admit on this
[06:48] <HateNetPlan> Thanks by the way. Now that it can even connect to the internet I can grab ifupdown as a backup
[06:48] <cpaelzer> HateNetPlan: like this maybe as a start https://serverfault.com/questions/667319/systemd-networkd-and-direct-routes
[06:49] <cpaelzer> if you want to go on trying to convert it fully
[06:49] <HateNetPlan> Actually, based on that link
[06:49] <HateNetPlan> That explains how much lxc is connected correctly
[06:50] <HateNetPlan> Because that's how the .network file looks
[06:51] <HateNetPlan> Ok, well I need sleep. It's 1 am for another day in a row, and I am just happy someone was able to help me
[06:51] <HateNetPlan> I'll leave this open just to look back later to be sure
[06:52] <cpaelzer> good luck on your way to a nic rename one day :-)
[06:58] <lordievader> Good morning
[06:58] <cpaelzer> hi lordievader, great Friday morning to you as well
[07:01] <lordievader> Hey cpaelzer How are you doing?
[07:03] <cpaelzer> good
[07:03] <cpaelzer> after all - its Friday :-)
[07:03] <lordievader> Indeed
[08:25] <rzo1> Any plans on https://bugs.launchpad.net/ubuntu-release-notes/+bug/1531864 in the near feature? I think, people should decide themself, if they want to enable http2 support for there Apache2 from official packages...
[10:26] <cpaelzer> rz_o1: yeah
[10:26] <cpaelzer> rz_o1: that is done actually
[10:27] <cpaelzer> well I need to read the details of the bug you linked, but I enabled http2 for apache in 18.04
[10:28] <rz_o1> any plans for 16.04 too? :) but i am glad to here that for 18.04
[10:29] <cpaelzer> rz_o1: not that I'd know of any 16.04 plans for it
[10:29] <cpaelzer> the security maintenance ack for the http2 lib that is used only covers the version in bionic onwards
[10:30] <cpaelzer> nginx had it earlier since they use a different implementation which was ack'ed before
[10:30] <cpaelzer> by getting nghttp2 not only apache but also curl got http2 now - so you get a test tool against http2 with it as well now
[10:36] <rz_o1> ok thansk for the info
[10:36] <cpaelzer> yw
[11:38] <jamespage> coreycb: I've done all of those dep updates apart from os-vif - which is being awkward with unit tests under py3
[11:38] <jamespage> working that atm
[11:38] <jamespage> tobasco: hi expect to get to re-adding the py2 compat patckage for gnocchi next week when we do m3
[11:41] <jamespage> coreycb: re pxc-5.7 - I'm fairly happy with my branch now - its in https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3110
[12:06] <ahasenack> nacc: indeed (wrt python3-ply), this fixed it: https://pastebin.ubuntu.com/26463772/
[12:31] <coreycb> jamespage: great, thanks. I'll take a look at 5.7 and try it out. i see a lot of b3's are out too so i'll plan on starting on those today.
[13:08] <coreycb> jamespage: i'm getting started on b3's
[13:43] <ahasenack> rbasak: hi, could you please kick an import of sssd into git-ubuntu? 1.16.0-5 showed up in debian unstable
[13:43] <ahasenack> g-u still has 1.16.0-3
[13:43] <rbasak> ahasenack: running
[13:43] <ahasenack> thx
[13:51] <jamespage> coreycb: bah minor upgrade issue from 5.6->5.7 - that split out of wsrep.cnf is going to break things so will drop it
[13:51] <coreycb> jamespage: ok that's fine with me
[13:51] <tobasco> jamespage: cool, thx for the update, i will make sure to work on the puppet side when its available
[13:55] <rbasak> ahasenack: should be done
[13:56] <ahasenack> rbasak: hm, pkg/debian/sid is still at 1.16.0-3 instead of 1.16.0-5. LP could be lagging behind then?
[13:56] <rbasak> ahasenack: yes: https://launchpad.net/debian/+source/sssd
[13:57] <ahasenack> ah, I see
[14:01] <jamespage> coreycb: btw did you confirm that pxc 5.7 is broken with gcc-7 or was that a forward copy from pxc 5.6?
[14:02] <coreycb> jamespage: i think i confirmed that but it's been a while so i'm not positive
[14:04] <coreycb> jamespage: i feel like it had compile errors with gcc-7
[15:40] <xchat> hi
[15:40] <xchat> i would like to know how we can custom package on a OS ISO ?
[15:41] <xchat> like that all require package are ready on the OS by defautl
[16:54] <ahasenack> rbasak: when you have a moment, could you chime in on my zstd branches that are up for review?
[16:54] <ahasenack> rbasak: cpaelzer already did, but you have way more context
[16:54] <ahasenack> rbasak: btw, cpaelzer's needs-fixing were addressed (I had forgotten to run update-maintainer)
[16:55] <ahasenack> rbasak: and one more thing for your queue, if you could: I'd like to know if having a build-dep on python3-distutils-extra (universe) for landscape-client (main) in bionic is ok: https://bugs.launchpad.net/landscape-client/+bug/1743562
[16:56] <ahasenack> I think it's used just when building the package and no code from it will be used at runtime, and I think that's accepted, but I wanted to be sure
[16:59] <rbasak> OK
[17:03] <nacc> ahasenack: yep, makes sense
[17:03] <nacc> ahasenack: seems like an upstream bug then?
[17:04] <nacc> cpaelzer: we had a separate discussion on this, and mayb ewill backport it to 16.04
[17:04] <nacc> cpaelzer: but only if we backport nghttp2 as in bionic to it, as well
[17:04] <nacc> rbasak: around?
[17:06] <rbasak> nacc: o/
[17:06] <nacc> rbasak: HO?
[17:06] <rbasak> We can sync?
[17:06] <rbasak> Yep. Two minutes
[17:06] <nacc> rbasak: yeah
[17:06] <nacc> sure
[17:06] <rbasak> Standup HO?
[17:06] <nacc> rbasak: yep
[17:12] <ahasenack> nacc: bind? Yes, I filed it upstream and with debian
[17:12] <nacc> ahasenack: yeah cool
[17:13] <ahasenack> nacc: right now, that is our only delta with debian :)
[17:13] <nacc> ahasenack: seems fien :)
[17:21] <ahasenack> rbasak: the importer picked up sssd 1.16.0-5 \o/
[17:21] <ahasenack> 30 minutes ago	
[17:21] <ahasenack> DSC file for 1.16.0-5
[17:21] <ahasenack> nice
[18:12] <boxrick> Is there any reason that loads of services still exist in /etc/init.d when a real systemd service would be much more suitable?
[18:14] <ahasenack> nothing specific, no
[18:14] <ahasenack> some packages even ship both
[18:18] <ahasenack> nacc: hmm, old/debian seems wrong in this output, no? https://pastebin.ubuntu.com/26465717/
[18:18] <ahasenack> it should have been 1:9.10.3.dfsg.P4-12.6
[18:28] <sdeziel> boxrick: not every packages are shipping systemd units.
[18:28] <ahasenack> nacc: ah, it's a difference between the current snap and the code from the MP with the branch ubuntu-package-merge-base
[18:28] <ahasenack> the branch gets it right
[18:29] <ahasenack> $ ~/git/projects/usd-importer/bin/git-ubuntu merge start --tag-only pkg/ubuntu/devel -f
[18:29] <ahasenack> 01/26/2018 16:28:20 - INFO:Created tag old/ubuntu for version 1:9.10.3.dfsg.P4-12.6ubuntu1
[18:29] <ahasenack> 01/26/2018 16:28:20 - INFO:Created tag old/debian for version 1:9.10.3.dfsg.P4-12.6
[18:29] <ahasenack> 01/26/2018 16:28:21 - INFO:Created tag new/debian for version 1:9.11.2.P1-1
[18:29] <sdeziel> boxrick: if you know how to create systemd units, you could propose those to the package maintainer in Debian
[18:31] <ahasenack> nacc: but then the lint from that branch gets it wrong again
[18:52] <Epx998> is there any known issues upgrading to a 4.4.x kernel on a stock trusty server?  the upgrade is failing and I am getting stuck in initramfs after a restart
[18:53] <ahasenack> have you tried regenerating the initramfs?
[18:53] <ahasenack> did you also look for disk full issues, specially in /boot?
[18:54] <Epx998> i ran update-grub, dont think ive ever needed to regenerate that before
[18:54] <ahasenack> (if you have that as a separate partition)
[18:54] <Epx998> we do, but never had an apt-get install linux-image... error before
[18:56] <genii> I had some weirdnesses lately with this. It tried to do Grub1 things when the machine is actually using GRUB2. Like, it wanted to do changes to menu.lst
[19:01] <Epx998> lets see if this works, round 2.
[19:01] <Epx998> im scared to reboot lol
[19:03] <Epx998> nope failed
[19:07] <Epx998> seeing if i can do it at preseed
[19:13] <ahasenack> Epx998: did you check the things I mentioned?
[19:13] <ahasenack> update-grub doesn't regenerate the initramfs file, fwiw
[19:14] <Epx998> yeah on a reimage, I ran update initramfs -c -k linux-image-4.4.0-31-generic
[19:15] <Epx998> then update-grub again, rebooted
[19:15] <sdeziel> Epx998: "update-initramfs -uk all" is what I use usually
[19:15] <ahasenack> it can't find the root device/fs?
[19:15] <ahasenack> yeah, -k all
[19:16] <ahasenack> to avoid silly mistakes typing the kernel version
[19:16] <Epx998> I saw the all option, I wasnt sure about it
[19:16] <ahasenack> but it could break your older kernel/boot
[19:16] <Epx998> i added a d-i option to my preseed to use the kernel i want, its restarting now
[19:16] <ahasenack> I'm assuming you are rebooting into that
[19:16] <ahasenack> or it's a new install?
[19:16] <sdeziel> the -k option wants only 4.4.0-31-generic (aka uname -r)
[19:16] <Epx998> new install
[19:16] <ahasenack> ah
[19:16] <ahasenack> this 4.4.x is an hwe kernel?
[19:17] <Epx998> no just out of the repo after a new install
[19:17] <sdeziel> you said it was a trusty server so a 4.4 outta be a HWE one
[19:17] <Epx998> same result with a preseedf
[19:18] <Epx998> funny thing is my installer image is using 4.4 heh
[19:19] <Epx998> ill try again manually with the -uk all, if that fails ill hand off with the stock image and let dev deal with it
[19:20] <sdeziel> Epx998: with 14.04, at some point release the ISO got the HWE kernel added IIRC
[19:20] <Epx998> sdeziel: this is a pxe/netboot install
[19:21] <sdeziel> Epx998: then you must be shipping a 4.4 vmlinuz ;)
[19:22] <sdeziel> running "file vmlinuz" on the pxe box should tell you
[19:23] <Epx998> pxe box? you mean tftp server?
[19:23] <sdeziel> yes
[19:24] <Epx998> yeah i remade my netboot images, trusty is using an updated 4.4
[19:24] <Epx998> i think even my precise images are 4.4
[19:24] <Epx998> wait no
[19:24] <Epx998> but trusty is yeah
[19:26] <sdeziel> Epx998: I'd try https://askubuntu.com/questions/953430/using-preseed-how-do-i-select-the-hwe-kernel with sed 's/hwe-16.04/lts-xenial/'
[19:28] <Epx998> hwe kernel is married to a specific version right?
[19:29] <sdeziel> Epx998: for Trusty, the HWE kernel you'll get will always be a 4.4 one
[19:30] <sdeziel> I think that earlier some other older versions were made available but they are now superseeded by the one backported from Xenial
[19:31] <sdeziel> https://wiki.ubuntu.com/Kernel/LTSEnablementStack#Kernel.2FSupport.A14.04.x_Ubuntu_Kernel_Support shows it well
[19:32] <Epx998> ok reinstalled, about to do the kernel
[19:32] <Epx998> so give linux-hwe-generic-trusty a try?
[19:33] <sdeziel> not sure such package exist
[19:34] <Epx998> that was in my search for anything hwe
[19:34] <sdeziel> sorry, you are right it does exist
[19:35] <Epx998> trying this 1 last time with "update-initramfs -uk all"
[19:35] <sdeziel> the HWE wiki page mentions "linux-generic-lts-trusty" though
[19:35] <Epx998> yeah I saw that to
[19:39] <Epx998> well fiddlesticks
[19:39] <sbeattie> the version in the name is the release version the kernel is based off of. for 14.04, to get the 4.4 kernel, you want linux-image-generic-lts-xenial.
[19:40] <Epx998>  sudo apt-get install --install-recommends linux-generic-lts-xenial
[19:40] <Epx998>  - this just aborts after I type 'y' heh
[19:42] <Epx998> ok reboot with lts-xenial
[19:44] <Epx998> i think that one worked
[19:44] <Epx998> now to see if the ixgbe driver builds
[19:45] <Epx998> ah no need, awesome.  i think this is as close as ill get to what dev wants
[19:55] <akern07> How do you set up new users for FTP or SFTP to only have access to a certain folder? (ex: /var/www/html)
[19:56] <dlloyd> chroot is the safest way
[20:00] <sdeziel> akern07: openssh has a nice way to do chrooted SFTP, man sshd_config and search for "internal-sftp"
[20:00] <akern07> Thanks I'm going to try that out
[20:07] <Epx998> ok thanks for the help, i think i got these 2 hosts where they need to be
[20:08] <sdeziel> great
[20:47] <nacc> ahasenack: please file bugs, i'm not context switched in
[20:59] <nacc> powersj: is there any equivalent to pytest's parameterize that unittest supports? Or do we nneed to use a framework (either pytest or nosetest) to do it?
[21:02] <powersj> nacc: I don't recall there being a direct way
[21:02] <nacc> powersj: found it (subTest() context manager)
[21:02] <nacc> it's new in 3.4
[21:02] <powersj> ah
[21:02] <nacc> https://docs.python.org/3/library/unittest.html#distinguishing-test-iterations-using-subtests
[21:03] <nacc> means i can drop one import from my newe tests :)
[21:40] <Epx998> i have to try for 4.4.0-31 again
[22:01] <nacc> powersj: what's the preferred layout for tests? if testing script.py, script_test.py?
[22:03] <powersj> nacc: I prefer tests in the same directory as code and name_test.py as you state
[22:03] <nacc> powersj: ack
[22:12] <Epx998> my workmate tried 4.4.0-31, might be we need extras as well, which ive not seen that req before
[22:30] <Epx998> yeah added the extras results in the happy path