[00:02] <teward> the ability to import SSH keys from Launchpad is a nice touch though.  Hopefully this installs without issue on this VPS :p
[00:07] <h31_> Hello. https://www.ubuntu.com/download/alternative-downloads BitTorrent link for 18.04 Server is incorrect. Please fix it.
[00:07] <teward> um... you're kind of right
[00:09] <teward> for a minute i thought i was misreading the links but then i noticed you were right...
[00:09] <teward> sarnold: do you know who I need to poke for that :p
[00:10] <sarnold> teward: that's an excellent question. let me flail around a bit wildly.
[00:11] <teward> sarnold: being in multiple places at once and getting a ping in a pretty specific channel helps too
[00:11] <sarnold> *nod* :) your choice was better, it seems, hehe
[00:11] <teward> sarnold: indeed.
[00:11] <teward> h31_: we've prodded people who will prod the people who can fix it, no ETA on a fix, use http://releases.ubuntu.com/bionic/ubuntu-18.04-live-server-amd64.iso.torrent in the interim.
[00:12] <sarnold> thanks h31_ :D
[00:12] <h31_> Ok, I'm already seeding the torrent :)
[00:12] <sarnold> hah, nice
[00:13] <teward> i'd seed it if i weren't a security nutjob :P
[00:14] <teward> torrents are... a security nightmare at times
[00:14] <teward> :P
[00:18] <h31> teward: Why do you think that there's issues with torrents and security?
[00:19] <teward> not really *torrents* themselves, but having to open the NAT rules to permit inbound connections as sarnold just had to do :P
[00:20] <h31> Don't heard any news about vulnerable torrent clients
[00:21] <h31> Except Transmission with trojans included. But it's not about network security, essentially :)
[00:30] <teward> any port opened is a security risk, in theory.
[00:33] <h31> Your IRC client makes one of the external ports open
[00:34] <h31> And some types of NAT allow to access those port from all the internet.
[00:34] <h31> *this
[00:35] <teward> IRC client opens up a high number ephemeral port that in a stateful firewall setup will only permit traffic related to the established outgoing traffic, and deny other "NEW" inbound requests
[00:36] <teward> and to be honest keep in midn I've been in the IT SEcurity sector for some time, and the most *insane* people will make the arguments about 'any open port'
[00:37] <teward> and while I know what you're *trying* to say, it's not in the realm of what you *intended* to do to dispell/disprove my statement.  (so ultimately with *me* this is an argument that is going to be forever lost; as such I'm going to go mess with the 18.04 install that doesn't want to complete in a VM)
[00:38] <dpb1> teward: I'm doing 276KB/s up right now, I like that. :)
[00:38] <dpb1> to ~30 people
[00:39] <teward> remind me how I'd add secondary network interfaces (or equivalent of ens3:1 :2 :3 etc.) for additional IP addresses?
[00:39] <h31> teward: I don't planned to argue with you. Just wanted to hear your opinion.
[00:40] <teward> h31: i'm in the hardcore side of "Open ports are opened in a stateful manner, which is what NAT does, it doens't let new unwanted connections in while the other port is open, regardless of running service opened in an ephemeral type of setup.
[00:40]  * teward is still not well-versed in netplan >.<
[00:40] <sarnold> teward: ip addr add
[00:40] <sarnold> ohhhh netplan..
[00:41] <teward> sarnold: except if you need multiple gateways, and remember netplan's the default
[00:41] <teward> i need it persistent :P
[00:41] <teward> so short of disabling netplan... which is an option...
[00:41] <teward> ... remind me how I tell netplan to go away, again?  :P
[00:42] <sarnold> teward: here we are https://netplan.io/examples#multiple-addresses-on-an-interface
[00:43] <dpb1> teward: for netplan?
[00:43] <dpb1> sarnold++
[00:43] <dpb1> man, feels good to have that example written
[00:43] <dpb1> :)
[00:43] <sarnold> dpb1: was that you? :D
[00:43] <dpb1> team win
[00:43] <dpb1> :)
[00:44] <sarnold> *someone* had to write these things for "how do handle ___ case", so I'm glad they made it to a website before 18.04 release :D
[00:44] <dpb1> yup, indeed
[00:44] <sarnold> it would have been easy enough to let em languish once the tool was written
[00:44] <teward> sarnold: but not what I need, because I, in essence, need to replicate something like this: https://paste.ubuntu.com/p/ZXFdWt3ZpH/  (which is the /etc/network/interfaces way)
[00:45] <teward> so if *netplan* doesn't have this option (because different IP addresses with completely different gateways), then I'll have to go back to the old-school way
[00:45] <dpb1> Interface aliases (e.g. eth0:0) are not supported.
[00:45] <teward> and in reality, if netplan wants parity to the ifupdown method then it *should* offer a method here...
[00:45] <teward> dpb1: then I have no choice but to drop netplan, because of the way that this VPS system is.
[00:46] <sarnold> dpb1: but adding two IPs with two different 'gateways' on a single nic ought to be supported... I just don't spot any examples of that here :/
[00:47] <teward> sarnold: which therein lies the question of "How to do this" to get similar functionality if not exact feature parity
[00:47] <teward> with ifupdow
[00:47] <teward> n
[00:47] <teward> gah i can't type today >.<
[00:48] <dpb1> teward: see this FAQ: https://netplan.io/faq#how-to-go-back-to-ifupdown
[00:48] <teward> i already have the method to go back to ifupdown
[00:48] <teward> i'm hoping to *not* have to yank netplan out and find a netplan solution
[00:48] <dpb1> teward: especially the bit about filing a bug request
[00:48] <teward> hence the original question
[00:48] <teward> ah
[00:49] <teward> um...
[00:49] <teward> dpb1: do they ahve docs on filing a Netplan bug?
[00:50] <teward> automagical methods don't work :P
[00:50] <teward> (nevermind found it)
[00:50] <dpb1> yay
[00:50] <dpb1> :)
[00:52] <dpb1> teward: sarnold, ya, I'm not sure about multiple addresses from different subnets on a single interface.  perhaps cyphermox knows.
[00:52] <sarnold> dpb1: it *kindof* looks like that'd be handled via the routes mapping ..
[00:52] <teward> well i'm adding a bug on it to state that either documentation or functionality doesn't exist.
[00:52] <teward> and then it can be attacked from either front.
[00:52] <sarnold> it appears it can take "from", "to" and "via"
[00:54] <dpb1> sarnold: ya, I think I'd try that.  I'd have to play with it in a container/vm, and I have no steam for it tonight. :)
[00:55] <sarnold> *nod* I knwo the feeling
[00:55] <teward> h31: the incorrect link to the Server torrent has been fixed according to people upstream from here.
[00:55] <teward> dpb1: sarnold: I'll fiddle with it on my own, probably in an LXD container this weekend.  either i'll find a solution, or the netplan team will find one and provide either documentation or confirmation the feature needs developed.
[00:56] <h31> teward: Yes, it's working now
[00:56] <teward> but for now, I'll settle for food.
[00:56] <teward> *goes to eat food*
[00:57] <dpb1> :)
[00:58] <runelind_q> you guys getting a lot of netplan questions today? :)
[00:59] <teward> I haven't seen many today.  I have them though :P
[00:59] <runelind_q> I'm like "oh no, not _another_ way of configuring networking", but it is not that bad once you get used to the YAML formatting/spacing
[00:59] <teward> dpb1: sarnold: on this VPS, at least, I'mma kick it back to ifupdown because that config "works" for this VPS
[00:59] <sarnold> runelind_q: no, I don't think 18.04's been out long enough for people to find it yet :)
[00:59] <teward> sarnold: 17.10 people had netplan too though :p
[00:59] <teward> so
[01:00] <sarnold> yeah, but loads of folks stick to ltses
[01:00] <runelind_q> yeh, but at least on the server side I think people are mostly sticking with LTS
[01:00] <dpb1> runelind_q: there is a #netplan channel, if you have a deep question
[01:00] <teward> sarnold: YOU MEAN LIKE ME?  :P
[01:00] <teward> oops, caps
[01:00] <runelind_q> and the desktop peeps have GUI
[01:00] <sarnold> teward: YES! :D
[01:00] <runelind_q> dpb1: I don't have any questions, I was just imagining a lot of people might
[01:00] <dpb1> runelind_q: but yes, it's a new thing, replace a 20 year old thing, bound to be niggly bits. :)
[01:01] <teward> I assume that if I yank out systemd-resolved then I have to edit resolv.conf by hand...
[01:01] <teward> right?
[01:02]  * sarnold stands by to pick up pieces
[01:09] <dpb1> yes, that sounds quite complex
[01:23] <runelind_q> wonder how long it will be before 18.04 LXD images are available on the official repo (I think it has been on the image server for a while)
[01:23] <runelind_q> don't know that it would be all that different from 16.04 though
[01:24] <axisys> something happend while I was trying to fix earlier today.. sudo does not work
[01:24] <axisys> $ sudo -s
[01:24] <axisys> sudo: PAM authentication error: Module is unknown
[01:24] <axisys> any suggestion where to look?
[01:24] <axisys> it is trusty
[01:25] <teward> axisys: did you make any changes to PAM or your underlying authentication librarires?
[01:25] <axisys> I can become root with su -
[01:25] <teward> sarnold: dpb1: so, I have a hatred of resolved because it doesn't work with my VPN assigned DNS nameservers properly
[01:25] <teward> and I can't get rid of it in 18.04 apparently on server
[01:25] <axisys> I did lot of apt-update, apt-get autoremove, apt-get install pkg..
[01:26] <sarnold> teward: hrm ;/ I'm surprised it doesn't work by now, it's not exactly new ..
[01:26] <teward> well, it's being an irritant right now
[01:26] <teward> and of course v6 is being a pain when I try and lock it down...
[01:26] <teward> *goes and does a drastic thing, setting up a local DNS recursive resolver*
[01:27] <teward> (I'd rather work with a bind9 instance for this server than fight resolved for v6 resolving)
[01:28] <sarnold> bind9 when there's powerdns and unbound to choose frmo?
[01:28] <teward> sarnold: because I have a working secure setup for it.
[01:28] <sarnold> ah. alright. can't argue too much work "working"
[01:28] <teward> *points at his own 16.04 laptop running a 'last resort' local resolver via bind9*
[01:29] <axisys> http://dpaste.com/3CY34B7.txt
[01:29] <axisys> any pam module missing ^ ?
[01:29] <axisys> or pkg rather
[01:30] <teward> sarnold: i'm kinda glad this VPS has a VNC emergency connection... I've fubar'd the networking twice already xD
[01:30] <sarnold> axisys: check auth logs to find out *which* pam module it is complaining about?
[01:30] <axisys> only ref is showing pam_unix
[01:31] <sarnold> huh. you're not the first one to have a pam_unix bug recently. but .. your machine was *really* unhappy.
[01:31] <axisys> pam_ldap
[01:32] <sarnold> what's debsums -ac libpam-modules  look like?
[01:32] <teward> oh, FUN.  sarnold: systemd-resolved doesn't like non-netplan I think
[01:33] <axisys> I don't have that install.. but i do see it is complaining about pam_ldap.. not pam_unix
[01:33] <teward> or i botched networking again
[01:33] <teward> at least, not with v6 resolving
[01:33] <sarnold> axisys: you're gonna be pretty unhappy without libpam-modules installed
[01:34] <axisys> that was it
[01:34] <axisys> libpam-ldap
[01:34] <axisys> sarnold: thank you!
[01:36] <dpb1> teward: what kind of VPN
[01:36] <dpb1> openvpn?
[01:36] <teward> dpb1: this one's not a VPN
[01:36] <teward> this one's basic v6
[01:37] <teward> and systemd-resolved *not* returning me results
[01:38] <teward> I know that v6 is 'permitted' and works because I can make v6 HTTP requests, but the DNS portion fails
[01:40] <teward> dpb1: any idea why system services like curl can't resolve v6 lookups or get any lookup results at all, while a direct systemd-resolved *can*?
[01:40] <teward> it's like 127.0.0.53:53 isn't responding to DNS requests from local
[01:41] <teward> and doesn't reply to `dig` inquiries either, which is highly abnormal
[01:45] <dpb1> hm
[01:46] <dpb1> teward: no... but other people in here will
[01:46] <dpb1> but likely everyone is tired out from today. :)
[01:47] <teward> hmm, well at this rate I'm going to have no choice but to kill resolved...
[01:47] <teward> since it's not responding to DNS requests for most applications
[01:47] <teward> i wonder if removing netplan from the equation is the problem
[02:05] <teward> yeah so something about resolved's stub resolver doens't like to behave.  I'll just edit /etc/network/interfaces directly for now.
[06:59] <twb> What's UbuntuESM ?  It's mentioned in a trusty-updates change to unattended-upgrades
[07:00] <twb> I found https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg5186543.html and tried browsing to esm.ubuntu.com, but it wants a password
[07:00] <twb> Aha, https://www.ubuntu.com/support/esm
[07:01] <sarnold> https://www.ubuntu.com/legal/ubuntu-advantage/service-description
[07:01] <sarnold> oh that's a better url :D
[08:07] <RoyK> twb: better just upgrade to something more recent ;)
[08:08] <twb> dude I still have customers sitting on lucid because they won't pay for an upgrade
[08:33] <Checkmate> Hello
[08:33] <Checkmate> i have big problem
[08:33] <Checkmate> Warning: Unknown: open(/var/lib/php/sessions/sess_2frkklvllkgt00bbh52j4trmn2, O_RDWR) failed: No space left on device (28) in Unknown on line 0
[08:33] <Checkmate> i cannot access to mysql or phpmyadmin
[08:34] <Checkmate> df -h https://pastebin.com/raw/7aixrp3v
[08:34] <twb> ploop is a VM virtual filesystem, no?
[08:35] <Checkmate> yes
[08:35] <twb> So maybe the underlying storage is full
[08:35] <Checkmate> twb but i can see 599G free
[08:35] <twb> Checkmate: that's only what the guest sees, right?
[08:36] <twb> Checkmate: maybe the host OS has overcommitted
[08:36] <Checkmate> no i have full access
[08:36] <Checkmate> df -h dont lie
[08:36] <twb> Checkmate: the filesystem is ext4?
[08:37] <Checkmate> twb i'm not sure
[08:37] <twb> Check with "blkid /dev/ploop17418p1"
[08:39] <Checkmate> twb nothing printed on result
[08:39] <twb> Do you have access to the host OS?
[08:40] <Checkmate> yes
[08:40] <twb> Check df on the host OS
[08:40] <twb> Also check any per-container limits
[08:41] <twb> 1008GB is suspiciously close to 1024GB i.e. 1TiB, so I'm guessing you have an artificial limit somewhere that df doesn't know about
[08:41] <twb> "df doesn't lie" is not a safe assumption in all cases
[08:45] <Checkmate> twb i think is a problem allocated with mysql
[08:45] <Checkmate> because this problem happen only when i'm trying to use mysqldump
[08:45] <twb> how are you running mysqldump?
[08:46] <twb> Maybe if mysqldump runs out of space halfway, it removes the file it was writing to
[08:47] <Checkmate> twb is mysqldump have limits ?
[08:47] <twb> so your filesystem was 100% full when mysqldump ran out of space, then it deleted it's 599GB incomplete file
[08:48] <Checkmate> twb mysqldump have limits ?
[08:48] <twb> I don't know about mysql, sorry
[08:48] <twb> ask #mysql about that
[08:49] <Checkmate> ok
[08:49] <twb> I typically do something like this:   pgdumpall | xz -v >/var/backup/postgres/backup_"$(date +%d)".sql.xz
[08:50] <mjoseph> re-asking here from #ubuntu, as this is more server related -- Does anyone know how to get netplan working with SR-IOV VFs?  it seems to delete all existing VFs when netplan apply is run
[08:50] <twb> Checkmate: if you're running that by hand it'll give you progress output so you can easily see if the output size lines up with the too-much-space
[08:51] <RoyK> twb: pg_dump -F c $dbname > $dbname.dump # ;)
[08:52] <RoyK> twb: then just write a wrapper that lists databases and dump each of them
[08:54] <twb> RoyK: meh
[08:54] <RoyK> twb: I have one handy if you need it ;)
[08:54] <twb> -r--r----- 1 root postgres 1.2M Apr 27 02:00 pg_dumpall.Fri.sql.xz
[08:54] <twb> :-)
[08:55] <twb> I did have a wrapper before; I threw it away because it wasn't worth maintaining for that system
[08:56] <RoyK> my point was using -F c to allow restores of separate tables in a database, and separating databases in a wrapper to ease restoring them instead of everything, or separating the sql file manually
[08:56] <Checkmate> twb all is fine i have free space
[08:57] <RoyK> and -F c uses gzip, so albeit lower compression than xz, it's ok
[09:09] <blackflow> zfs snapshot -r /zdata/postgresql@Fri    ftw  :)
[09:10] <blackflow> s/\/zdata/zdata/
[09:51] <RattleBattle79> what happend to mdadm raid setup in Subiquity?
[10:00] <tomreyn> RattleBattle79: i dont think it's supported, yet.
[10:15] <RattleBattle79> tomreyn: OK. I thinkt it's weird to use Subiquity as default, then. But maybe "noone" is really using mdam? At least for enterprise
[10:19] <tomreyn> RattleBattle79: i have not verified that it is the default, but if so, that seems wrong to me, too.
[10:36] <blackflow> which program is used to share HW info in Bionic? Does it exist for server installations / upgrades?
[10:40] <RattleBattle79> tomreyn: It is the default for Ubuntu 18.04 server
[10:43] <RattleBattle79> luckily the netinstall i not using Subiquity, so that's an alternative
[10:43] <RattleBattle79> is not*
[10:45] <RoyK> RattleBattle79: I've been ranting about this for a while
[11:16] <RattleBattle79> RoyK: Yeah I really don't get it. Maybe I'm blind, but I really don't see the big deal about Subiquity and what justifies a premature release.
[11:18] <RoyK> don't ask me
[11:19] <RoyK> I first tried 18.04 a week or two ago, the beta, and complained here about the lack of support for raid/lvm, and apparently it also lacks support for recognising those if already setup
[11:19] <RoyK> and encryption, and a few more things
[11:21] <RattleBattle79> If they decided to ship it with 18.10, I would've supported it, but this is an LTS for... sake
[12:42] <rbasak> ahasenack: o/
[12:42] <ahasenack> hello rbasak
[12:42] <rbasak> ahasenack: could you review https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/344705 for me please? Though I can work around, it's currently blocking my easiest path to fix the importer.
[12:43] <ahasenack> ok, let me check
[12:58] <ahasenack> rbasak: approved
[12:58] <rbasak> Thanks!
[13:09] <thresh> hello.  no i386 for servers anymore, right?
[13:13] <ahasenack> right
[13:13] <ahasenack> nor desktop I think
[13:14] <thresh> sweet.  one less architecture to target!
[13:39] <teward> so, an interesting dilemma I'm running into.  I've got a 18.04 VPS but because I only have one NIC, I can't use Netplan because it's undocumented how to have multiple public IP addresses with completely different gateways set up in Netplan.  As such, I had to revert ot the old-school 'ifupdown' method to properly get the IPs set up and working.  Now, systemd-resolved's 'stub' at 127.0.0.53:53 is not responding to DNS lookup requests, and all
[13:39] <teward> DNS is broken, unless I remove the /etc/resolv.conf symlink and replace it with an old-style resolv.conf declaring the nameservers I want to use.
[13:39] <teward> anyone got any ideas why systemd-resolved is busted this way?
[13:42] <cyphermox> teward: networkd has no idea what your nameservers are
[13:42] <cyphermox> teward: you'd want to say, add them to /etc/systemd/networkd.conf in DNS=
[13:43] <cyphermox> or better, back to netplan, add your multiple addresses, and add your own default gateways using routes:
[13:45] <ahasenack> what is the scenario? One nic with multiple ips?
[13:45] <ahasenack> I'd like to see this final netplan file when it's working
[13:46] <cyphermox> yeah
[13:46] <cyphermox> I can quickly put together an example
[13:46]  * dpb1 would love that
[13:51]  * cyphermox tests in a VM
[14:00] <cyphermox> https://paste.ubuntu.com/p/Z2KvM66rbp/
[14:01] <cyphermox> teward: ahasenack:
[14:10] <rbasak> nacc: I'm going to bring beta up to current edge and put the importer host onto beta.
[14:14] <ahasenack> teward: does that work?
[14:20] <teward> ahasenack: one nic with multiple public IPs each on their own gateway.  VPSes are not fun
[14:21] <teward> i'll have to check, I've got an issue at work I had to fix first
[14:21] <teward> cyphermox: I... think that'll work.  Let me do some tests.
[14:26] <cyphermox> fwiw, this path in general is frought with danger, routing on different gateway means traffic might be going places it doesn't expect -- it's highly dependent on the network in general being configured to allow this
[14:27] <cyphermox> ie. you send traffic from one IP to the gateway of another subnet, since they're all directly connected that's allowed, but the behavior is unspecified
[14:28] <cyphermox> teward: if you had 'ip rule' commands in your ifupdown config, you'll need more things in the netplan yaml (the equivalent is entries under 'routing-policy')
[14:31] <dpb1> cyphermox: here is what he posted yesterday... https://paste.ubuntu.com/p/ZXFdWt3ZpH/
[14:32] <cyphermox> right, well that should just work
[14:34] <Epx998> Anyone familiar with isc-dhcp-server?
[14:35]  * cyphermox hides in a corner
[14:35] <tomreyn> when even some of the more experienced ubuntu sysadmins run into issues with something as crucial as the central network configuration, it's good to have its developer around.
[14:35] <cyphermox> Epx998: what do you want to know? we can probably find someone who knows
[14:46] <teward> cyphermox: nah I didn't have any ip command calls, it was more the 'routing' component that I had to worry about.  Not to mention I have some pretty chaotic evil firewall rules and IP bindings on the services that'll be on this box to restrict traffic flow.
[14:46] <teward> the core problem was getting netplan to work properly.  And it's more crazy that when I had this set up without netplan, I added into resolved.conf the Google DNS servers to use.  And it *still* doesn't respond on its stub handler.
[14:47] <teward> the only thing I need to backup on this server right now is a set of SSL certs and keys, then I'll just 'blow it away' and start over.
[14:47] <teward> since this VPS is only a day old and doesn't have that much data on it
[14:47] <teward> i have a meeting in 10 minutes, so if I don't get to it now, I'll get to it later, and let you know how it went.
[15:11] <The_Sorce> Hi! I'm looking to do a fresh install of 18.04, but apparently the server install is graphical nowadays? This is fine, but I require some "advanced features" such as LVM, RAID, vlans during the installation phase.
[15:12] <The_Sorce> https://www.ubuntu.com/download/alternative-downloads talks about an "Alternative Ubuntu Server installer" for precisely this purpose, and offers a link to http://cdimage.ubuntu.com/releases/18.04/release/, where there is no alternate installer... So, is the documentation wrong or is the alternate installer iso missing? :D
[15:14] <tomreyn> The_Sorce: i think the ubuntu-18.04-server-... images there are the alternative ones you're looking for.
[15:15] <nacc> rbasak: any reason not to put stable there too?
[15:15] <nacc> rbasak: or wait til release?
[15:16] <tomreyn> The_Sorce: actually i may be wrong on this
[15:16] <The_Sorce> tomreyn: Actually, that makes sense. Just noticed that the official release iso is named ubuntu-18.04-live-server-amd64.iso, so I suppose -server is indeed the alternate installer despite the naming. I'll check it out.
[15:16] <tomreyn> The_Sorce: okay then i was right ;)
[15:17] <The_Sorce> Sure, and no problem if you were wrong. Then I'll be back. ;)
[15:17] <cyphermox> yeah, if you see -live-, then it's the new installer, which does not yet have LVM, RAID, etc.
[15:18] <cyphermox> the ones on cdimage under releases should be the good old non-live debian-installer based images
[15:18] <tomreyn> there si also http://cdimage.ubuntu.com/netboot/bionic/ - but it looks like the bionic files there are not those of the release, yet (based on both the timestamps and the html page saying "beta")
[15:19] <The_Sorce> It makes more sense looking at the folder for 17.10, http://cdimage.ubuntu.com/releases/17.10/release/, where there are both -live-server and -server. For 18.04 -live-server is not found at http://cdimage.ubuntu.com/releases/18.04/release/.
[15:21] <tomreyn> the *live* ones are hosted at http://releases.ubuntu.com/18.04/
[15:23] <The_Sorce> Apparently. Well this helps a lot, thanks guys! Happy to be able to throw out 16.04 and do some clean reinstalls, perfect weekend project. :)
[15:31] <teward> cyphermox: in the netplan config file, i can make comments with # right?  (Not sure, hence asking)
[15:45] <cyphermox> yup, it's fine
[15:47] <teward> cool, I'd like to be able to ID which IP is which (one is DDoS-protected, the other isn't heh)
[15:47] <teward> cyphermox: your example worked fine.  Now I just have to set up IP bindings for the services, and have some fun with the firewall.
[15:47] <teward> but that's not a netplan thing.
[15:48] <teward> cyphermox: can this example be added to the netplan site/documentation?
[15:48] <teward> (which would close https://bugs.launchpad.net/netplan/+bug/1767227 which I filed about this specific issue, I had a feeling the functionality existed, but documentation/examples didn't...)
[15:48] <teward> shush bot.
[15:58] <nacc> rbasak: since you are presumably mid-review still, I'll hold off on rebasing the importer test MP? but we'll need to rebase before landing to ensure CI
[15:58] <nacc> rbasak: I rebased the cleanup branch already
[15:59] <rbasak> nacc: ack.
[15:59] <rbasak> nacc: did you say you were going to post a replacement cleanup branch that uses the close method stuff?
[16:08] <nacc> rbasak: already done
[16:09] <nacc> rbasak: that's the rebased branch
[16:14] <rbasak> Ah, thanks
[16:16] <nacc> rbasak: np, let me know; given that I am testing the git_repository changes separately, if you'd rather i just drop the unit tests for the importer I can do that
[17:11] <axisys> ifup em4 says ... RTNETLINK answers: File exists \n Failed to bring up em4.
[17:11] <axisys> but ifdown em4 says ..
[17:11] <axisys> ifdown: interface em4 not configured
[17:11] <axisys> I do not understand
[17:12] <axisys> trusty
[17:13] <axisys> ifquery -l shows em4 in the list
[17:14] <axisys> hmm.. # ls /run/network
[17:14] <axisys> ifstate  ifup.em1  ifup.em2  ifup.em3  ifup.lo
[17:14] <axisys> no em4 ..
[17:14] <axisys> any idea what is going on?
[17:15] <ahasenack> I've seen that happenning when I chaged /etc/network/interfaces between ifup/down commands
[17:15] <dpb1> was in midstream of typing just that
[17:15] <axisys> I did not
[17:16] <axisys> em4 is up .. but up ip route did not work for those under .. that I why I was trying to simulate the ifup
[17:16] <axisys> trying to see why ip route did not run
[17:17] <dpb1> ip link shows em4?
[17:17] <axisys> ifquery em4 shows all those ip routes.. so for "some reason" they did not run when rebooted.. this server is not in production yet
[17:25] <axisys> what is the command to restart the network? service networking restart says stop: Job failed while stopping
[17:25] <mtl> ifup and ifdown?
[17:26] <axisys> mtl: ifdown -a does not take em4 donw
[17:26] <axisys> down*
[17:26] <axisys> all the others are down
[18:11] <runelind_q> interesting, landscape-client appears to be a bit broken when setting up registration in an 18.04 container
[18:11] <runelind_q> I get to the end of the configuration/registration step when it barfs
[18:11] <runelind_q> 'ascii' codec can't encode character '\u201c' in position 193: ordinal not in range(128)
[18:13] <sarnold> "LEFT DOUBLE QUOTATION MARK"
[18:13] <sarnold> does that sound familiar runelind_q?
[18:13] <runelind_q> oh, maybe
[18:13] <runelind_q> I probably pasted something wrong ;p
[18:14] <runelind_q> my bad - you may go about your business
[18:15] <sarnold> runelind_q: it might still be worth a bug report -- python stack dumps aren't the politest error reports :)
[18:15] <ahasenack> +1
[18:21] <irwiss> are the language-pack-en and the ...-base packages necessary on a console-only server if i want only english / C.utf8 "locale" support?
[18:22] <sarnold> I've never tried removing them but I expect nearly everything includes reasonable messages in that case
[18:22] <sarnold> it's strictly possible for messages to be looked up by an *id* and thus not have any messages if you don't have language packs installed, but I can't recall ever seeing any code that does this.
[18:23] <dpb1> runelind_q: yes please on the bug report, if you file let me know please
[18:29] <irwiss> guess i'll try it out then :)
[18:30] <sarnold> irwiss: please do report back how it goes :D
[18:41] <Edgan> Anyone know when the 18.04 amis are likely to come out?
[18:44] <sarnold> rcj: ^^ is this you?
[18:45] <dpb1> https://cloud-images.ubuntu.com/locator/ --
[18:45] <dpb1> they are there
[18:47] <Odd_Bloke> Edgan: Yep, they are already out. :)
[18:47] <sarnold> huhn, they aren't listed on http://cloud-images.ubuntu.com/locator/ec2/
[18:48] <sarnold> (the url I had in my firefox history :)
[18:50] <Odd_Bloke> Yeah, that one uses different metadata that is slower to update.
[18:50] <Odd_Bloke> Let me chase that up.
[18:52] <sarnold> thanks Odd_Bloke
[18:52] <sarnold> rcj: unping :D
[18:53] <dpb1> sarnold: oh
[18:53] <dpb1> didn't know about that one
[18:53] <sarnold> I guess it just goes to show the importance of being specific :)
[18:54] <dpb1> sarnold: I know the ones I linked are good at least, I launched one last night. :)
[18:54] <sarnold> woot
[18:59] <Edgan> dpb1: Odd_Bloke: I looked at that earlier and they weren't. Awesome!
[18:59] <Odd_Bloke> Edgan: Note the difference between /locator/ and /locator/ec2/.
[19:00] <Odd_Bloke> Regardless, both are now up to date. :)
[19:01] <sarnold> yay
[19:54] <Neo4> Hi
[19:54] <Neo4> I'm going to leanr vim, from what get started?
[19:55] <Neo4> I know common commands and use it, but I want more deep to learn it
[19:55] <TJ-> Neo4: :help within vim itself is very useful
[19:55] <Neo4> TJ-: would be good something apps like solo on keyboard
[19:56] <Neo4> exists vimtutor
[19:56] <thresh> Neo4, https://ru.wikibooks.org/wiki/Vim seems a good start
[19:56] <Neo4> or do you think I need to try all day use only vim when I will edit code on php?
[19:56] <Neo4> then after sufferin a few day you will know vim
[19:57] <blackflow> more like weeks or months. but yes, dive into it.
[19:57] <Neo4> but vim not useful it doesn't have pannel where plaed all files like sublime
[19:57] <blackflow> there are plugins.
[19:58] <Neo4> I know :e. command it's file explorer
[19:58] <Neo4> in vim not exists tabs and file panel
[19:58] <blackflow> surely there's a plugin for that.
[19:58] <Neo4> I ask in #vim now
[20:00] <Neo4> continue here, there mortal silence
[20:01] <Neo4> use vimtutor and try edit more files in vim instead sublime, I think it's help
[20:01] <Neo4> new a few commands
[20:01] <Neo4> gg - go to top
[20:01] <Neo4> G - go to buttom
[20:01] <Neo4> set number  - set number
[20:01] <Neo4> etc
[20:02] <Neo4> I know many
[20:02] <Neo4> how to search, press / and then n for continue
[20:02] <Neo4> dd - delete line
[20:02] <Neo4> x - delete symbol
[20:02] <Neo4> w! file name - write in new file
[20:03] <blackflow> Neo4: search for "vim cheatsheet" on google. Use that and simply dive into editing. After some time, you will gain muscle memory and won't need to look up the cheatsheet.
[20:03] <blackflow> I'm sure it's otherwise kinda offtopic here.
[20:03] <Neo4> CTR + Z go out from vim than we can return back type 'fg'
[20:04] <Neo4> blackflow: I would use it like regular editor if there were tabs and panel, It might be I need google how to add tabs and panels to vim
[20:04] <Neo4> php project has many files and I cant always close and open close and open by one
[20:04] <blackflow> you can open multiple files at once.   see  :sp and :vsp
[20:05] <blackflow> and I'm sure there are plugins for tabs and whatnots.
[20:06] <blackflow> Learning vim bindings has huge benefits. Nowadays I rarely use vim directly, I use PyCharm IDE with vim bindings.
[20:06] <blackflow> otherwise I can't imagine editing text without them.
[20:11] <jaimehrubiks_> The only way to learn vim is to force yourself not to give up, and don't switch to other sw. Just for every barrier find a solution on Google and note it down
[20:13] <Neo4> jaimehrubiks_: ok, I'll try :)
[20:14] <jaimehrubiks_> I use my config files and have a system to autodownload them on any server, but it is also worth learning "the basics" first, using default configuration
[20:15] <jaimehrubiks_> As blackflow suggested, moving around text is the most awesome thing, at least for me. Nowadays I tend to use plain vim for little changes and Ides or spacemacs with vim keybindigs for other stuff, but plain vim is a must learn
[20:18] <Neo4> try to move in vim using ssh, type there :e. you will see real filemanager and can easy navigate on files
[20:19] <Neo4> I've read in book that it is possible run files over ssh on remote computer using real text editor, I forgot how it called, seems like x ssh
[20:19] <Neo4> is it really we can connect to remote computer nad run those files in (for example ) sublime or gedit?
[20:25] <jaimehrubiks_> You can do it in several ways. Use remote vim via ssh. Use scp method which is supported in vim. Mount remote file system. And some others. I don't really have good experience editing remote files. I prefer editing with remote vim. Or edit locally and send after save with a command
[20:33] <Neo4> jaimehrubiks_: yes, connect using filezila
[20:34] <Neo4> yesterday I tried to connect my laptop and desktop , there in both ubuntu and install sumba
[20:34] <Neo4> samba is use for windows share folder
[20:35] <Neo4> I did connection using ssh, simple ssh user@ip
[20:35] <Neo4> it is right way to connect two linux computer?
[20:35] <Neo4> it looks so easy, much easier than was connect two windows computers
[20:36] <Neo4> put connection in filezilla and can easy copy files
[20:37] <Neo4> ssh doesnt work if doesn't install openssh.server
[20:37] <Neo4> ubuntu doesn't have it by default, for did coonection I installed ssh
[20:46] <Neo4> jaimehrubiks_: see http://pix.toile-libre.org/?img=1524861959.png
[20:46] <Neo4> what does it means?
[20:48] <Neo4> passed, it's not what I thought
[20:52] <Neo4> I guessed it means if there install gedit we can use it as well as other grafical applications
[20:53] <Neo4> we don't have to use vi if we use ssh -x
[20:54] <sarnold> you can use both! ssh -X gvim ...   :D
[20:55] <jaimehrubiks_> Neo4, you should use ssh keys, so much secure, fun and faster than passwords
[20:56] <Neo4> sarnold: I will use vim, it's just for to know about this possibility
[20:56] <Neo4> jaimehrubiks_: right :)
[20:59] <jaimehrubiks_> Ubuntu server does have ssh by default I guess. You can select to enable it during install if I recall well
[21:27] <irwiss> sarnold: nothing seems to have crashed or burning yet after removing the language-pack, though i'm running a very small subset of software on this server, not much beyond sshd/tmux/git/docker/mc/ssmtp and a bunch of even smaller utilities
[21:27] <sarnold> irwiss: nice! :D
[21:27] <sarnold> irwiss: how much disk space did that save?
[21:29] <irwiss> not much i think, a few megabytes ^^ just wanted as few packages marked installed manually and those 2 stuck out
[21:29] <sarnold> heh, oh well, I guess that shouldn't be a *real* surprise ..
[21:29] <sarnold> thanks irwiss :)
[21:34] <sdeziel> irwiss: I ditched ssmtp for msmtp-mta and if you do TLS, you should consider doing the same as ssmtp doesn't do authentication checks
[21:35] <sarnold> ew
[21:43] <lauren> hi folks! what options do y'all know of for continuous bandwidth usage monitoring per process per host (or per host class), for use in billing by io? I'd like to find something that allows monitoring per host-class, ie internet vs local net or etc.
[21:44] <irwiss> sdeziel: huh apparently ssmtp isn't maintained anymore as well... i'll check msmtp, thanks!
[21:44] <sarnold> lauren: I haven't used anything myself, but I know many tools interoperate with netflow format
[21:44] <sarnold> irwiss: I've been using msmtp for ~six years without complaint :) easiest MTA setup I've ever had
[21:44] <lauren> sarnold: where would I find some of those? what would I have to search for?
[21:45] <sdeziel> irwiss: indeed. My only grip with msmtp is how passwords are stored in the config file (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883349)\
[21:45] <sarnold> lauren: it depends where / how you want to do the accounting .. apt-cache search netflow finds a bunch of tools, some intended for on-host use, some for on-router use
[21:46] <lauren> ah nice
[21:46] <sarnold> netflow's not the only tool around but I know there's entire ecosystems around it :) hehe
[21:47] <sarnold> sdeziel: hrm, not sure I love that patch :/ ... normally most tools aren't written robustly enough to be setgid
[21:48] <sarnold> sdeziel: if a user config file asks to log to something writable by group mail, what happens?
[21:48] <sdeziel> sarnold: hrm, very good point
[21:49] <sdeziel> sarnold: I'm culprit of proposing the same patch to sSMTP (was accepted and included in Ubuntu long ago)
[21:49] <sarnold> ha :)
[21:49] <sarnold> oh man. ssmtp's still in bionic. sigh :)
[21:50] <sdeziel> sarnold: it's not a very good counter-argument but I also proposed an Apparmor profile in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883354 which should prevent such writes
[21:51] <sarnold> sdeziel: <3
[21:51] <sarnold> sdeziel: I thought I had an apparmor profile for mine. I apparently don't :/
[21:51]  * sarnold proceeds to steal
[21:52] <sdeziel> sarnold: re msmtp's setgid, how about making this only when installing msmtp-mta which provides sendmail?
[21:53] <sdeziel> I think the mail group should only have write access to /var/mail by default
[21:53] <sdeziel> would probably be easier to make a new dedicated group I guess
[21:53] <sdeziel> s/easier/safer/
[21:54] <sarnold> a dedicated group would definitely be safer
[21:54] <sarnold> sdeziel: thanks for the apparmor profile :)
[21:56] <sdeziel> sarnold: I will happily integrate any changes you feel necessary to it and feed them to the Debian bug ;)
[21:56] <sarnold> it'll be fun to find out what's changed since then :)
[21:56] <sarnold> I added 'm' to the executable
[21:56] <sarnold> before finding out that's needed
[21:57] <sdeziel> hmm, not needed here on 16.04
[22:01] <sdeziel> sarnold: I added the "m", let me know when you are done testing so that I can incorporate more diff
[22:01] <sarnold> sdeziel: 9f834ec18defc369d73ccf9e87a2790bfa05bf46 changed when the kernel checks privileges .. so 'm' is required in 16.10 and newer
[22:01] <sdeziel> yeah, I vaguely remember it being kernel dependant
[22:02] <sdeziel> so you guessed that I only run 4.4 everywhere ;)
[22:02] <sarnold> yup :)
[22:02] <sarnold> as apparently I do too..
[22:04] <sdeziel> I have quite a few profile to future proof then
[22:07] <irwiss> thanks msmtp-mta seems to have replaced it nicely
[22:14] <sdeziel> thanks for the patch review sarnold, have a nice weekend!
[22:26] <sopparus> hello nginx-full doesnt seem to work with webdav on 18.04
[22:26] <nacc> teward: --^ ?
[22:26] <sopparus>  nginx: [emerg] unknown directive "dav_ext_methods"