| nacc | powersj: if possible, could you look at the health of the jenkins? i'm having some of the snapcraft cleanbuild jobs randomly die | 00:05 |
|---|---|---|
| nacc | powersj: nm, answerd in #snappy | 00:06 |
| === aaa is now known as Hofman | ||
| === Hofman is now known as slopisadictator | ||
| === slopisadictator is now known as aaa | ||
| lordievader | Good morning | 06:10 |
| === beatzz_ is now known as beatzz | ||
| === hehehe is now known as ubuntum | ||
| coreycb | jamespage: i'm adding a liblasso3.symbols file to lasso for the MIR | 12:08 |
| coreycb | jamespage: first time creating one. for the versions i only went back to precise, mainly because that's all i could access. does that make sense? | 12:08 |
| coreycb | jamespage: following this: https://wiki.debian.org/UsingSymbolsFiles | 12:09 |
| ahasenack | good morning | 12:32 |
| RoyK | good localtime() ;) | 12:33 |
| ahasenack | the best | 12:36 |
| smoser | rbasak: https://code.launchpad.net/~smoser/ubuntu/+source/ssh-import-id/+git/ssh-import-id/+merge/342231 | 13:47 |
| smoser | that was fixed... can you re-review ? if you had anything else. | 13:47 |
| ahasenack | why does ubuntu-server (the metapackage) pull in open-iscsi, does anybody know? | 13:51 |
| RoyK | ahasenack: doubt it | 13:54 |
| RoyK | ahasenack: better install the package yourself (or add it to the ansible playbook of choice) | 13:54 |
| compdoc | never noticed open-iscsi installed on my servers | 13:54 |
| ahasenack | compdoc: at least in bionic, the ubuntu-server package pulls open-iscsi in | 14:02 |
| sdeziel | it's also pulled in Xenial | 14:04 |
| sdeziel | ahasenack: my guess would be to simplify boot from iSCSI root | 14:05 |
| compdoc | iscsiadm is installed :/ | 14:05 |
| eraserpencil | Hi! I am asking question about hosting a site on an ubuntu server. Is this the correct place? | 15:11 |
| sdeziel | eraserpencil: yes | 15:15 |
| eraserpencil | So I have a domain name from namecheap, a VPS on linode, name servers are set correctly (tested by going to www.mydomain.com and seeing the default "welcome to nginx page" | 15:19 |
| eraserpencil | I got round to getting Pelican SSG, I've copied all the .html file, css and images files over to the /var/mydomain/html/ on my VPS. | 15:19 |
| eraserpencil | But I'm not seeing any changes | 15:19 |
| eraserpencil | Is this something got to do with waiting for it to get indexed? | 15:19 |
| sdeziel | eraserpencil: is your nginx vhost configured to use /var/mydomain/html/ as its "root" ? | 15:20 |
| eraserpencil | how could i check? | 15:21 |
| sdeziel | vhost/site definitions are in /etc/nginx/sites-enabled/ | 15:22 |
| eraserpencil | ahhh | 15:25 |
| eraserpencil | is that what is meant by root? | 15:26 |
| eraserpencil | yes | 15:26 |
| sdeziel | no, by root I meant https://nginx.org/en/docs/http/ngx_http_core_module.html#root | 15:26 |
| sdeziel | which in your case should be "root /var/mydomain/html;" assuming you want to serve stuff out of that dir | 15:27 |
| eraserpencil | ahhh | 15:28 |
| eraserpencil | I have it commented out | 15:28 |
| eraserpencil | but are changes instant? | 15:31 |
| eraserpencil | if i changed the html code | 15:31 |
| sdeziel | eraserpencil: when you changes files served by nginx it's immediate | 15:32 |
| sdeziel | but when you change nginx configs, they are not picked up automatically, you need to reload nginx for that (sudo service nginx configtest && sudo service nginx reload) | 15:32 |
| eraserpencil | kk thanks.. that means something is broken | 15:33 |
| === MartesZibellina is now known as FalconMillennium | ||
| ahasenack | nacc: hi, do you know something about tomcat in bionic? In particular, why do we seem to have tomcat8.0 and tomcat8? | 18:24 |
| ahasenack | and tomcat8 (not 8.0) seems to have many more binary packages | 18:25 |
| nacc | ahasenack: 8.0 is probably referring to 8.0.x versus 8 is at 8.5? | 18:41 |
| nacc | ahasenack: i'm not sure, though, let m elook | 18:41 |
| nacc | ahasenack: also, the 8.0 may be purely for libs that other packages need that aren't compatible with 8.5? | 18:42 |
| ahasenack | it's what I'm thinking | 18:42 |
| ahasenack | that 8.0 is for legacy stuff | 18:42 |
| nacc | ahasenack: we did have a tough time transitioning to 8.5, for freeipa and dogtag-pki, iirc | 18:43 |
| nacc | ahasenack: https://bugs.debian.org/cgi-bin/b | 18:44 |
| nacc | bah | 18:44 |
| nacc | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876115 | 18:44 |
| ubottu | Debian bug 876115 in wnpp "ITP: tomcat8.0" [Wishlist,Fixed] | 18:44 |
| ahasenack | yeah, freeipa is what I'm looking at now, and that led me to tomcat8x | 18:44 |
| ahasenack | that's good info, thanks | 18:45 |
| ahasenack | I think it's also incompatible with java9, according to an error message I saw | 18:45 |
| ahasenack | I'll try with java8 | 18:45 |
| nacc | ahasenack: yeah, i'd believe that | 18:46 |
| nacc | powersj: so i'm thinmking to test the snapcraft fix (pending), could we add a PPA to the xenial VM spawned? | 19:03 |
| powersj | nacc: here's the script I run https://github.com/canonical-server/test-scripts/blob/master/git-ubuntu/vm_setup | 19:05 |
| powersj | You can give it a spin locally | 19:05 |
| nacc | powersj: thanks | 19:07 |
| nacc | rbasak: fyi, found a bug in source_builer, i'll push it separately | 19:22 |
| nacc | rbasak: hey and first import parenting test bumped us to 40% coverage on importer.py :) | 19:25 |
| === beisner is now known as beisner-afk | ||
| nacc | rbasak: up to 43% coverage of importer.py :) | 21:36 |
| nacc | rbasak: it's amazing how easy it is to write tests now! | 21:37 |
| nacc | powersj: each jenkins job gets a fresh VM right? | 21:38 |
| powersj | nacc: yes | 21:38 |
| nacc | powersj: ack, ok | 21:38 |
| nacc | powersj: we might be hitting a nuance of cleanbuild, per the latest analysis, which we might be able to avoid using (since we are going to start a fresh VM, we don't tehcnically need to spawn the lxd in it, i don't think) | 21:39 |
| nacc | powersj: just an FYI, it's still being analyzed by snapcraft folk | 21:39 |
| powersj | ok :) thanks for update | 21:40 |
| powersj | where is this discussion happening? | 21:40 |
| nacc | powersj: PM currently with kyrofa, but there is a pending PR on github | 21:41 |
| powersj | ok | 21:41 |
| ProCycle | I'm messing around with self-signing SSL keys and noticed that in /etc/ssl/certs everything in there is world writeable (the CA certs) | 22:09 |
| sarnold | the symlinks? or the actual files? | 22:10 |
| ProCycle | Why is it like that? isn't that a security risk? (other people can replace ca keys with thier own | 22:10 |
| ProCycle | I guess they're all symlinks | 22:10 |
| ProCycle | I'm trying to figure out where I put my internal CA key and the certificate. I've already got the private key in /etc/ssl/private | 22:11 |
| ProCycle | Oh I see it now. There's so many results in there it makes it hard to find the actual files. ssl-cert-snakeoil.pem is read only except for the owner | 22:14 |
| sarnold | you can try e.g. find /etc/ssl -type f -ls to see just the files | 22:15 |
| ProCycle | I don't know how symlinks work, do they actually have permissions or is ls -l just displaying it that way because they're symlinks? | 22:15 |
| sarnold | linux doesn't care about the permissions on symlinks | 22:17 |
| sarnold | chmod(2) doesn't even have a way to change them | 22:17 |
| sarnold | they can still get non-777 modes via other filesystems, fuse, etc., but I don't think linux even follows the permissions when they're set that way. | 22:18 |
| ProCycle | So whatever the actual file has is what the effective permissions are on the symlink | 22:18 |
| sarnold | there's some nuance that the YAMA security module influences if symlinks are followed or not | 22:18 |
| ProCycle | And to create symlinks you'd need write perms to the directory right? | 22:19 |
| sarnold | yes | 22:20 |
| ProCycle | makes sense, thanks for the clarification | 22:20 |
| sarnold | thanks for double-checking :D | 22:20 |
| ProCycle | I'm writing a guide for internal nginx servers with internal CA signed certs so I want to make sure I get things right | 22:22 |
| sarnold | nice | 22:22 |
| ProCycle | shame there's no certbot for internal CAs, would make things so much easier | 22:23 |
| nacc | rbasak: fyi, just force-pushed import-tests, which is now a little better organized and more unit tests (still not at a 100% for added code, but 30% bump in importer.py coverage is pretty good :) | 23:10 |
| === beisner-afk is now known as beisner | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!