/srv/irclogs.ubuntu.com/2018/01/30/#ubuntu-server.txt

Epx998its too bad i cannot pxe boot my pi300:48
TJ-Epx998: you can do network boot00:53
TJ-Epx998: see https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/net_tutorial.md00:53
=== nchambers is now known as DrZoidberg
Epx998think my pi is broken01:02
Epx998there is no standard pw for ub16 arm if you dont preseed is there?01:02
=== DrZoidberg is now known as nchambers
TJ-Epx998: I don't think so, it's either blank or 'ubuntu' I think01:07
Epx998hmm ill try ubuntu01:08
Epx998this arm64 box is wonky01:08
Epx998hmm nope01:11
Epx998aha ubuntu/ubuntu01:12
Epx998heh restarting the network after adding interfaces hung the system01:29
sarnolddid you do /etc/init.d/networking restart or its moral equivalent?01:29
Epx998service networking restart in the console, this hardware is bad - its not ubuntu at all01:30
Epx998im not a fan of this qualcomm eval01:30
sarnoldat least ubuntu doesn't handle "service networking restart" real well. I'm guessing debian doesn't handle it well either.01:30
Epx998ill do it the proper way going forward01:38
Epx998this server takes 5 minutes to restart01:38
Epx998heh its just spamming Ubuntu 16.04, guessing thats the prompt who knows -> https://gist.github.com/anonymous/309b9d3c30ea565b3af4c9fa49489d5a01:41
sarnoldcrazy01:42
Epx998its doing it again01:44
TJ-is that via a serial console or something else?01:48
Epx998yeah01:51
Epx998it came up eventually01:51
Epx998ipmi01:52
cryptodananyone running Dovecot, Postfix, and SASL successfully on Ubuntu Server 16.04?05:55
cpaelzergood morning06:49
lordievaderGood morning07:06
cpaelzerhiho lordievader07:07
lordievaderHey cpaelzer How are  you doing?07:08
cpaelzerfine, and you?07:08
lordievaderDoing good here, spitting through puppet emails -.-07:08
jamespagecoreycb: hmm we're starting to trip on debhelper >= 11~ for the queens UCA09:47
jamespagecpaelzer: hi - this was the qemu-block-extras  thingmy right?10:30
jamespagecpaelzer: replied to your email10:33
cpaelzerhi jamespage10:34
cpaelzerno this is "another one"10:34
cpaelzerbut in a simimlar spirit I'd say10:35
cpaelzerjamespage: think of it as "the qemu-block-extra" thing but for libvirt storage support10:35
cpaelzerjamespage: I discussed with coreycb yesterday and started as we did on qemu-block-extra10:35
cpaelzerwith making the suggest a recommend (for now)10:36
* cpaelzer reading mail ...10:36
jamespagecpaelzer: +110:36
jamespagethat's basically what I said :-)10:37
DammitJimwhat does this do? Unattended-Upgrade::Allowed-Origins {12:58
DammitJim        "${distro_id}:${distro_codename}";12:58
DammitJimI don't want anything to be updated automatically on my servers12:58
coreycbjamespage: saw that with debhelper, need to figure that out. maybe we can move those packages back to 10.12:59
coreycbjamespage: most of b3 is uploaded.  keystone has 1 test failure i'm trying to figure out and i'm creating a heat-dashboard package since that's been split from horizon. i left you gnocchi.13:00
rbasakDammitJim: "I don't want anything to be updated automatically" -> "I want to keep my servers insecure"13:10
rbasakYou should install security updates.13:10
rbasak99% of people who disable updates do not.13:10
rbasakBut if you insist, you can remove the unattended-upgrades package. That's probably the easiest way.13:10
rbasakAlternatively, disable unattended-upgrades in /etc/apt/apt.conf.d/20auto-upgrades13:10
rbasakThen the Allowed-Origins setting won't matter.13:11
jamespagecoreycb: ta (for gnocchi)  I'll do that work PM today and re-introduce the py2 gnocchi package for tobasco13:21
DammitJimrbasak, I have to test them before I roll them out13:21
DammitJimrbasak, how do I disable unattended-upgrades in /etc/apt/apt.conf.d/20auto-upgrades ? comment everything out?13:22
rbasakDammitJim: as long as you do roll them out promptly, every time. What I'm saying is that I get the impression that 99% of the people who disable for this reason actually end up neglecting the roll out and leave everything vulnerable, which is also quite hostile to others on the Internet too.13:42
rbasakDammitJim: APT::Periodic::Unattended-Upgrade "0"; presumably13:42
DammitJimrbasak, that is very true!13:43
DammitJimwe are on a schedule... it's weird13:43
DammitJimwhen something really critical comes out, I have to manually go through stuff13:44
rbasakDammitJim: you should have it all automated13:44
rbasakDammitJim: automated deployment tests, and automatic rollout of security updates if green.13:44
DammitJimthe problem is that some of those updates will fill up your /boot partition also13:44
rbasakDammitJim: "apt autoremove" (optionally with --purge) should work well nowadays.13:45
rbasak(to clean /boot)13:45
DammitJimwhat is the configuration for that to be done automatically when it runs the critical update?13:45
rbasakFor what to be done automatically?13:45
DammitJimautoremove13:45
DammitJimbecause your /boot partition will get full otherwise13:46
rbasakUnattended-Upgrade::Remove-Unused-Dependencies13:46
rbasakSee 50unattended-upgrades13:46
rbasakBut test that first.13:46
rbasakDepending on how you've deployed, autoremove may remove extra stuff (if you don't have what you need marked as manual)13:46
rbasakBecause many people deploy in non-standard, unsupported ways.13:46
DammitJimI had that set on a server I tested this on and it never cleaned up /boot13:46
rbasakDid "apt autoremove" do it?13:47
DammitJimbut maybe I need to do more testing13:47
rbasakHow was the server installed?13:47
DammitJimso, you might be right and I have a weird setting13:47
DammitJimit's from a template13:47
rbasakDepends on what you mean by "template". Users often hack up their own deployment systems which are subtly broken in some way.13:48
DammitJimI could have possibly done that13:48
=== FalconMillennium is now known as FireExtinguisher
=== FireExtinguisher is now known as FalconMillennium
jamespagecoreycb: my head is still a bit fuzzy so going to work through the bom failures for queens pm today14:43
coreycbjamespage: great, thanks14:44
coreycbjamespage: keystone's uploaded. just working through heat-dashboard.14:44
jamespagecoreycb: awesome14:45
rh10guys, how can i find out - what processes exactly in buffer/cache?14:49
UssatI 100% disagree with automated updates, I have that off on all systems14:53
dpb1I used to feel that way.  But, I found that the vast majority of upgrades worked great for me on ubuntu, and taking the stance of security first helped me get over that hump.15:09
UssatI have monthly a monthly main downtime for my systems...15:13
Ussatmaint15:13
dpb1fair enough, good discipline to have15:13
UssatYa, I know I am lucky that way, I basically built our Linux infra from zero, so built that in from the start15:14
UssatSaid "this is how it is" and my director backed me up15:14
dpb1msft set the model with it's patch tuesday.  But, what do you do about the out of band hot security items?  just wait?15:16
Ussatdpb1, depends on the vuln and how me and the sec team here determine how bad we are effected.15:17
Ussatif it requires an immediate patch/reboot, well, we do that. TBH in this env not a lot does, 99% of my systems are not public facing and are VERY locked down15:18
Ussator I may sechedule a week out, it really depends on the issue it addresses15:18
Neo4what is crontab?15:20
Neo4for example I want create scraper and put there data using php, can I do it?15:21
Neo4* * * * * wget -q -O - http://google.com  >/dev/null 2>&115:21
jamespagecoreycb: hmm after fixing three debehlper downgrades, going todo a backport15:24
jamespagedebian have something in bpo which is close enough15:24
rbasakUssat: sounds like you're part of the 1% that actually follows through :)15:24
coreycbjamespage: ok15:25
Ussatrbasak, I work in healthcare/edu we are pretty regulated....15:25
Neo4does exist difference  between curl and wget?15:26
Neo4why we install curl if we can use wget?15:26
rbasakHere in the UK, healthcare is also pretty regulated but they still run tons of XP and the NHS were infected by that ransomware not long ago. I'm not sure regulation and security are correlated :)15:26
rbasakNeo4: relatively little difference from a user point of view. Use whichever you prefer.15:27
Ussatrbasak, true, but at least here we try to keep a tight grip on things15:27
Neo4rbasak: I try bread down php code there however used exec function and installed crontab and this wget15:28
Neo4code is very complicated, can't understand how it works...15:28
Neo4it seems use wget for get ulrs from internet15:29
rbasakI wouldn't use exec from PHP to call wget or curl. That's pretty dangerous.15:29
Neo4rbasak: do you know what is crontab?15:29
rbasakDoes PHP have a built in function to do that?15:29
rbasakNeo4: I do, but please try Google first.15:29
Neo4rbasak: it has exec() function15:29
rbasakNeo4: which is dangerous to use from a web app.15:30
Neo4we can do exec('pwd', $output, $result); and in result should be path to our current dirrectory where is file15:30
Neo4rbasak: php can run shell commands15:30
Neo4rbasak: what is dengerous? wget?15:32
Neo4crontab is dangerous?15:32
rbasakNeo4: calling exec from a PHP script is dangerous if based on unvalidated input15:35
rbasakNeo4: search "input validation"15:35
rbasakSince otherwise an attacker can inject arbitrary shell commands.15:35
Neo4rbasak: ok15:45
cpaelzerFYI - Server Team Office hours started - https://wiki.ubuntu.com/ServerTeam/Meeting16:06
cpaelzerwe actually don't mind when questions are asked, but if - for whatever reason - you held back questions, now is the time16:07
cpaelzeraround should be atm rbasak, nacc, dpb1, ahasenack, powersj and myself16:07
ahasenacko/16:07
ahasenackcpaelzer: hm, I missed a universe dependency in the new bind9 package16:09
ahasenacklmdb16:09
ahasenackI'll check16:09
cpaelzersure I saw it in excuses16:14
cpaelzerbut libvirt also complains and it is a false positive16:15
cpaelzerso I wanted to give britney a chance to overthink things16:15
nacco/ as well16:23
ahasenackcpaelzer: you mean about lmdb?16:25
ahasenackah, no, your case is glusterfs16:25
|\nhello, i was looking for some channel where i could possibly ask a stupid hardware-related question, any hints are appreciated sincerely16:32
nacc|\n: #hardware?16:33
nacc!alis | |\n16:33
ubottu|\n: Alis is an IRC service to help you find channels. For help on using it, see "/msg Alis help list" or ask in #freenode. Example usage: "/msg Alis list http"16:33
|\nah, thanks nacc16:33
nacc|\n: can't remember if it's #hardware or ##hardware16:33
|\nwill try both, thanks, i'm slow =)16:33
jamespagecoreycb, beisner: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/howtos/upgrade_guide.html16:47
coreycbjamespage: seems simple enough. does the package need to run the upgrade commands or can that be left to the user?16:51
jamespagecoreycb: well... I think I see why this is not part of the pkg upgrade16:51
tdbhi! the xenial daily images here http://cdimage.ubuntu.com/ubuntu-server/xenial/daily/ - when will they start using the newer 4.13 HWE kernel for the installer? I notice 4.13 kernel packages in the install media, but not for running the installer itself17:27
nacciirc, isn't that a menu choice?17:28
naccpowersj: --^17:28
tdbit is, but the hwe option still uses the older 4.10 kernel17:29
tdb(as opposed to 4.4, for non-hwe)17:29
nacctdb: hrm, i'm not sure how that's decided, powersj would know17:29
tdbI heard the 16.04.4 release has been put back, which is totally understandable, but I thought the daily builds might be ready for some testing17:30
powersjlooks like the udeb are all still 4.1017:30
powersjbasically those udeb (listed in the list file) need to be updated17:32
powersjoh wait, I see 4.13 as well :) http://cdimage.ubuntu.com/ubuntu-server/xenial/daily/current/xenial-server-amd64.list17:33
tdbyeah :)17:33
tdbthat's what made me think the installer itself might be using the newer kernel too17:34
powersjsure enough uname -a shows 4.10 still17:34
tdbI have new hardware which won't work with 4.10 :/17:35
powersjnot sure what project makes sense for a bug17:41
dpb1I'm looking for the same17:41
powersjubiquity? syslinux?17:41
dpb1powersj: https://bugs.launchpad.net/ubuntu-cdimage17:42
powersjSince the kernel is already there I don't think hwe-linux17:42
dpb1?17:42
powersjyeah17:42
dpb1tdb: could you please file a bug there and report back?17:42
tdbI wasn't sure if it was a bug, or just a "not yet done" thing17:43
powersjit is worth filing to track it in either case17:43
dpb1+117:43
tdbok17:43
powersjtdb: and please let us know the bug #17:44
tdbpowersj: 174630417:51
powersjtdb: great thanks!17:51
tdbthanks for your help :)17:52
rlangford77Where can I find out if ubuntu/canonical has an SNS topic for ami publish events?  Trying to keep things updated response to spectre/meltdown. I'm aware of the cloud image tracker, but we're looking to automate things like we're currently doing for amazon linux18:05
naccOdd_Bloke: --^ ?18:07
naccrbasak: grr, think i found a bug in debian_support.py's Version regex :/ upstream_version for e.g. 57ubuntu1 gets set to '57ubuntu1'19:00
nacc:)19:00
Pinkamena_DI have been using x2go+xfce4 for remote desktop connections but sometimes it is very slow, esp with internet browsers / any transitions. Is there any faster remote desktop software you would recommend? I like evrything about x2go except for the performance issues.20:08
sarnoldhow does x2go compare to plain old ssh -X ?20:09
dpb1Xrdp is an option.20:14
rbasaknacc: that's a native package. It it supposed to be a debian version only in that case? I don't recall the spec.22:27
naccrbasak: yeah, see my MP, i'lll try to find the docs22:27
naccrbasak: i guess i should clarify here and there22:29
naccrbasak: it is 'correct' by the spec22:29
naccbut is not at all what anyone wants :)22:29
naccsince the point is to compare between ubuntu and debian packages22:29
rbasaknacc: which MP please?22:31
naccrbasak: one moment22:31
rbasakhttps://code.launchpad.net/~usd-import-team/usd-importer/+git/usd-importer/+ref/master/+activereviews is rather crowded right now :-/22:31
naccrbasak: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/33687022:31
rbasaknacc: or actually, which MP do you want me to look at first right now?22:31
naccrbasak: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/336645 is the one i need the most help with22:32
naccrbasak: and is probably chronologically the most urgent (so we cann start phasing main)22:32
rbasakOK22:32
naccrbasak: iiuc, you're under the weather, though, so take care of yoursellf first :)22:33
dpb1nacc: +122:33
rbasakI'm wide awake and alert right now22:33
naccloll22:33
rbasakSo I might as well look :)22:33
naccrbasak: if you want to chat about it, just let me know22:34
rbasakack22:34
dpb1rbasak: :)22:34
naccrbasak: if you are around, though, I did have one question for you that is probably easiest to do in a HO22:40
rbasakI'm around but not really in a position to join a HO22:43
rbasakIYSWIM :)22:44
naccrbasak: i do :)22:44
naccnot urgent, so that's fine22:44
rbasaknacc: for that MP, +1 up to and including 4c6e3c7de122:44
rbasakThat all looks reasonable, so please put that in a separate MP and land it to avoid another mega MP22:44
naccrbasak: oh sure, i can do that22:45
naccyeah those were cleanups i pulled up the stack as i went22:45
naccrbasak: i'll do that now?22:45
rbasaksURE22:45
rbasaknacc: next, in 4c6e3c7de1, what's the reasoning to not use pytest exactly? I don't mind but it feels inconsistent. We're already using pytest when we need to parameterise.22:46
naccrbasak: it was from my discussion with powersj22:46
rbasak(IOW, we have exactly one pattern for parameterisation right now)22:46
naccon getting to one model for our testing22:46
nacci think he suggested unittest over pytest, but i might be misremembering22:47
naccalso this way we don't need pytest in the snap..22:47
naccbut i can switch it back22:47
powersjheh I've had separate conversations with each of you, but think we reached different conclusions.22:47
naccheh22:47
rbasakI'm open to discussion on this22:47
rbasakIf we can replace everything we're doing with pytest I'm happy to lose pytest entirely.22:48
powersjwhen I talked to rbasak last fall it was pytest, as it was very handy, even though other projects were using unittests/nose/etc.22:48
naccrbasak: (and i assume you meant a differenrt hash, as that's the one you just hacked)?22:48
nacc*acked22:48
rbasaknacc: sorry, 23729b322:48
rbasak...but if we can't drop pytest, then it would be nice to have a consistent set of patterns to use for the different test needs we have in the project.22:49
rbasakeg. "need parameterisation? Use _this_ pattern"22:49
naccright22:49
naccto be clear the subTest thing is newer in unittest22:49
naccso maybe it wasn't there when you looked before22:49
naccand i thnk we could abstract it up one level so it isn't so nest-y/indented22:50
rbasakIn any case, perhaps that's a discussion we need to have.22:51
naccyeah22:51
nacci guess i preempted it with code :)22:51
rbasakIf we do decide to switch the parameterisation pattern, we'll need to change all the other occurances.22:51
nacci also, for whatever reason, found unittest easier to understand then pytest22:51
rbasakSo how about, for now, we keep the existing pattern?22:51
rbasakRather than have two in the codebase at once.22:51
rbasakIf we decide to switch patterns, then we can have a single commit switching them all over22:52
rbasakAnd the subsequently not use the old pattern again22:52
rbasakIntroducing a second pattern forces a future fix regardless of which way we go22:52
naccrbasak: ok, the other thing i found handy is that unittest can do test discovery, perhaps pytest can as well22:52
rbasakpytest does test discovery by default. So I'm not sure what you mean22:53
naccrbasak: right now we have to pass files to pytest22:53
naccrbasak: unittest can find them from the modulel22:53
rbasakYou can just give it a directory22:53
naccrbasak: https://code.launchpad.net/~nacc/usd-importer/+git/usd-importer/+merge/336877 cleanups only22:54
rbasaknacc: +1'd22:54
naccrbasak: and resubmitted the fixes as dependent o that one22:54
naccrbasak: i'll land it once CI passes (I expect it to)22:59
rbasakOK23:01
naccpowersj: can i tell tox to use a particular version of python3?23:13
naccpowersj: i think the CI env (xenial?) has 3.5.1-3, while we use 3.6.3 in the snap, so there might issues23:14
nacce.g https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/274/console which passes locally on bionic23:14
rbasaknacc: for testing the Sources file downloads, verification, etc, I'd either get some small files from the archive (eg. restricted?) and put them in a test directory and use those instead of HTTP, or I'd prepare my own minimal ones, sign them with a test key and adjust the code to verify with the test public key. The test keys would want to be text in the repo though, so there'd have to be a test23:15
rbasakfixture to import them into a keyring.23:15
rbasakThe latter is cleaner but possibly more work.23:15
powersjnacc: my understanding is the version of python you want to use has to be installed23:15
naccrbasak: ah that's a good idea23:16
powersjso even if you add a py34 (for 3.4) or py36 in your case, if that version of python is not already installed it will fail trying to find that version of the interpreter23:16
naccpowersj: so how should i do this? :)23:16
powersjwell do we know for a fact that 3.5 fails? or has consequences for running with it?23:18
powersjof course testing on the version you are using is probably more important :)23:19
powersjso we could run tox in bionic a container23:19
naccpowersj: right, the latter is the relevant point, but let me spin up a xenial23:19
naccpowersj: right, but that doesnt' really solve the problem, it just punts it furhter into the future?23:19
* powersj thinks he messed up the word order there23:19
powersjnacc: how so?23:20
naccpowersj: let's say we envetually move ahead of the bionic python323:20
naccthe bionic container doesn't help us :)23:20
powersjtrue - we could still use a container and install the version that you are using23:20
naccpowersj: we build it from source, though, meaning it might not be available as a package23:21
powersjnacc: I guess I don't see that as an issue we can do the same thing, it only makes testing longer and more complicated23:23
naccpowersj: ok, i just didn't wannt to have to have our testing infra build python3 every time23:23
naccit's not exactly fast23:23
powersjyeah :\23:23
powersjI guess the other alternative is install from something close? or try to get your own development stuck to a specific version and if you move we have to move testing as well?23:23
naccyep23:24
naccpowersj: confirmed xenial's python3 does not work23:24
naccand there is no python3.6 in xeniall23:25
nacchrm23:25
naccrbasak: --^ thoughts?23:26
nacc(i think the big thing is it looks like NamedTuple support is either different or missing)23:26
naccpossibly in pylint323:26
nacci wondner23:26
rbasakWe should develop and test against whatever version the snap uses23:26
rbasakRight?23:26
naccthat would be ideal23:27
naccbut that wouldl mean every CI job needs to buildl the snap's env23:27
powersjwe could try using pyenv maybe? I haven't played much with it23:27
naccoutside of the snap23:27
rbasakCould it be cached somehow?23:27
rbasakFeels like a fundamental issue with developing a project deploying with snaps23:27
rbasakSnap upstream should have a solution for us on this23:27
nacci'll ask23:28
rbasakThanks23:28
naccmeanwhile, do we want to bump our tox env?23:29
naccartful would be sufficient for now23:29
powersjnacc: when you said didn't work on xenial? was that using python3.6 because it doesn't exist? or something else?23:30
naccpowersj: tox itself fails on xenial with the branch referred to above23:30
naccpowersj: because it's using 3.6 features and only 3.5 is available to run23:31
nacc(we currently just call python3)23:31
naccrbasak: if we were to add pylint to our snap, i thinnk we can run the tests as an app23:31
naccpossiblly using tox itself23:31
rbasakI have no objection to that23:32
naccpowersj: if we did that, we'd change the jenkins to something like git-ubuntu.self-test23:32
rbasakWe might need to add pytest though23:32
naccyeah23:32
naccrbasak: true, if we were to lift up all of CI, that's true23:32
nacci was initially just suggesting the bit we know is broken23:33
naccbut might as well fix it rigth :)23:33
naccpowersj: if i get you a branch with the corresponding changes, wouldl you be able to do a test CI run with it?23:33
naccnot sure how easy it is to do a one-off pipelline23:33
powersjnacc: branch changing the CI?23:36
* powersj is also confused why you are changing how you call tox23:36
naccpowersj: have a moment for a quick HO?23:37
powersjyeah23:37
naccpowersj: i think i can expllain it better that way :) standup-server23:38
naccpowersj: do you have a link to your script running pytest3?23:52
powersjnacc: https://github.com/canonical-server/jenkins-jobs/blob/master/git-ubuntu/jobs-ci.yaml23:53
naccpowersj: ta23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!