[00:05] <nacc> powersj: if possible, could you look at the health of the jenkins? i'm having some of the snapcraft cleanbuild jobs randomly die
[00:06] <nacc> powersj: nm, answerd in #snappy
[06:10] <lordievader> Good morning
[12:08] <coreycb> jamespage: i'm adding a liblasso3.symbols file to lasso for the MIR
[12:08] <coreycb> jamespage: first time creating one. for the versions i only went back to precise, mainly because that's all i could access. does that make sense?
[12:09] <coreycb> jamespage: following this: https://wiki.debian.org/UsingSymbolsFiles
[12:32] <ahasenack> good morning
[12:33] <RoyK> good localtime() ;)
[12:36] <ahasenack> the best
[13:47] <smoser> rbasak: https://code.launchpad.net/~smoser/ubuntu/+source/ssh-import-id/+git/ssh-import-id/+merge/342231
[13:47] <smoser> that was fixed... can you re-review ? if you had anything else.
[13:51] <ahasenack> why does ubuntu-server (the metapackage) pull in open-iscsi, does anybody know?
[13:54] <RoyK> ahasenack: doubt it
[13:54] <RoyK> ahasenack: better install the package yourself (or add it to the ansible playbook of choice)
[13:54] <compdoc> never noticed open-iscsi installed on my servers
[14:02] <ahasenack> compdoc: at least in bionic, the ubuntu-server package pulls open-iscsi in
[14:04] <sdeziel> it's also pulled in Xenial
[14:05] <sdeziel> ahasenack: my guess would be to simplify boot from iSCSI root
[14:05] <compdoc> iscsiadm is installed :/
[15:11] <eraserpencil> Hi! I am asking question about hosting a site on an ubuntu server. Is this the correct place?
[15:15] <sdeziel> eraserpencil: yes
[15:19] <eraserpencil> So I have a domain name from namecheap, a VPS on linode, name servers are set correctly (tested by going to www.mydomain.com and seeing the default "welcome to nginx page"
[15:19] <eraserpencil> I got round to getting Pelican SSG, I've copied all the .html file, css and images files over to the /var/mydomain/html/ on my VPS.
[15:19] <eraserpencil> But I'm not seeing any changes
[15:19] <eraserpencil> Is this something got to do with waiting for it to get indexed?
[15:20] <sdeziel> eraserpencil: is your nginx vhost configured to use /var/mydomain/html/ as its "root" ?
[15:21] <eraserpencil> how could i check?
[15:22] <sdeziel> vhost/site definitions are in /etc/nginx/sites-enabled/
[15:25] <eraserpencil> ahhh
[15:26] <eraserpencil> is that what is meant by root?
[15:26] <eraserpencil> yes
[15:26] <sdeziel> no, by root I meant https://nginx.org/en/docs/http/ngx_http_core_module.html#root
[15:27] <sdeziel> which in your case should be "root /var/mydomain/html;" assuming you want to serve stuff out of that dir
[15:28] <eraserpencil> ahhh
[15:28] <eraserpencil> I have it commented out
[15:31] <eraserpencil> but are changes instant?
[15:31] <eraserpencil> if i changed the html code
[15:32] <sdeziel> eraserpencil: when you changes files served by nginx it's immediate
[15:32] <sdeziel> but when you change nginx configs, they are not picked up automatically, you need to reload nginx for that (sudo service nginx configtest && sudo service nginx reload)
[15:33] <eraserpencil> kk thanks.. that means something is broken
[18:24] <ahasenack> nacc: hi, do you know something about tomcat in bionic? In particular, why do we seem to have tomcat8.0 and tomcat8?
[18:25] <ahasenack> and tomcat8 (not 8.0) seems to have many more binary packages
[18:41] <nacc> ahasenack: 8.0 is probably referring to 8.0.x versus 8 is at 8.5?
[18:41] <nacc> ahasenack: i'm not sure, though, let m elook
[18:42] <nacc> ahasenack: also, the 8.0 may be purely for libs that other packages need that aren't compatible with 8.5?
[18:42] <ahasenack> it's what I'm thinking
[18:42] <ahasenack> that 8.0 is for legacy stuff
[18:43] <nacc> ahasenack: we did have a tough time transitioning to 8.5, for freeipa and dogtag-pki, iirc
[18:44] <nacc> ahasenack: https://bugs.debian.org/cgi-bin/b
[18:44] <nacc> bah
[18:44] <nacc> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876115
[18:44] <ahasenack> yeah, freeipa is what I'm looking at now, and that led me to tomcat8x
[18:45] <ahasenack> that's good info, thanks
[18:45] <ahasenack> I think it's also incompatible with java9, according to an error message I saw
[18:45] <ahasenack> I'll try with java8
[18:46] <nacc> ahasenack: yeah, i'd believe that
[19:03] <nacc> powersj: so i'm thinmking to test the snapcraft fix (pending), could we add a PPA to the xenial VM spawned?
[19:05] <powersj> nacc: here's the script I run https://github.com/canonical-server/test-scripts/blob/master/git-ubuntu/vm_setup
[19:05] <powersj> You can give it a spin locally
[19:07] <nacc> powersj: thanks
[19:22] <nacc> rbasak: fyi, found a bug in source_builer, i'll push it separately
[19:25] <nacc> rbasak: hey and first import parenting test bumped us to 40% coverage on importer.py :)
[21:36] <nacc> rbasak: up to 43% coverage of importer.py :)
[21:37] <nacc> rbasak: it's amazing how easy it is to write tests now!
[21:38] <nacc> powersj: each jenkins job gets a fresh VM right?
[21:38] <powersj> nacc: yes
[21:38] <nacc> powersj: ack, ok
[21:39] <nacc> powersj: we might be hitting a nuance of cleanbuild, per the latest analysis, which we might be able to avoid using (since we are going to start a fresh VM, we don't tehcnically need to spawn the lxd in it, i don't think)
[21:39] <nacc> powersj: just an FYI, it's still being analyzed by snapcraft folk
[21:40] <powersj> ok :) thanks for update
[21:40] <powersj> where is this discussion happening?
[21:41] <nacc> powersj: PM currently with kyrofa, but there is a pending PR on github
[21:41] <powersj> ok
[22:09] <ProCycle> I'm messing around with self-signing SSL keys and noticed that in /etc/ssl/certs everything in there is world writeable (the CA certs)
[22:10] <sarnold> the symlinks? or the actual files?
[22:10] <ProCycle> Why is it like that? isn't that a security risk? (other people can replace ca keys with thier own
[22:10] <ProCycle> I guess they're all symlinks
[22:11] <ProCycle> I'm trying to figure out where I put my internal CA key and the certificate. I've already got the private key in /etc/ssl/private
[22:14] <ProCycle> Oh I see it now. There's so many results in there it makes it hard to find the actual files. ssl-cert-snakeoil.pem is read only except for the owner
[22:15] <sarnold> you can try e.g. find /etc/ssl -type f -ls   to see just the files
[22:15] <ProCycle> I don't know how symlinks work, do they actually have permissions or is ls -l just displaying it that way because they're symlinks?
[22:17] <sarnold> linux doesn't care about the permissions on symlinks
[22:17] <sarnold> chmod(2) doesn't even have a way to change them
[22:18] <sarnold> they can still get non-777 modes via other filesystems, fuse, etc., but I don't think linux even follows the permissions when they're set that way.
[22:18] <ProCycle> So whatever the actual file has is what the effective permissions are on the symlink
[22:18] <sarnold> there's some nuance that the YAMA security module influences if symlinks are followed or not
[22:19] <ProCycle> And to create symlinks you'd need write perms to the directory right?
[22:20] <sarnold> yes
[22:20] <ProCycle> makes sense, thanks for the clarification
[22:20] <sarnold> thanks for double-checking :D
[22:22] <ProCycle> I'm writing a guide for internal nginx servers with internal CA signed certs so I want to make sure I get things right
[22:22] <sarnold> nice
[22:23] <ProCycle> shame there's no certbot for internal CAs, would make things so much easier
[23:10] <nacc> rbasak: fyi, just force-pushed import-tests, which is now a little better organized and more unit tests (still not at a 100% for added code, but 30% bump in importer.py coverage is pretty good :)