/srv/irclogs.ubuntu.com/2018/07/04/#ubuntu-server.txt

jamespagecoreycb: hey - have you seen anything like this - https://launchpadlibrarian.net/377079438/buildlog_ubuntu-cosmic-amd64.horizon_3%3A14.0.0~b2-0ubuntu2~ubuntu18.10.1~ppa201807040545_BUILDING.txt.gz05:02
jamespagefor the life of me I can't see why those py3 package install failures are happening05:02
jamespagecoreycb: hmm that's a py3.7issue05:06
jamespagecoreycb: reference - https://github.com/pypa/pipenv/issues/95605:07
jamespagethat impacts05:07
jamespagehttps://www.irccloud.com/pastebin/wpe16Y9V/05:07
jamespagehurrah05:11
lordievaderGood morning06:07
manticorpusHello, I want your advice about one serie of operations :08:28
manticorpus1. I create one tar file (with medium size files like ~50mo)08:28
manticorpus2. A rsync process come and download the tar08:28
manticorpus3. The rsync process remove the file08:28
manticorpusI want to be sure the tar is completly write before the step 2 is done. Any advice ?08:28
manticorpusJustice: You need to do special rules for that, generally I follow this guide : https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System08:29
lordievaderCreate a script who does those steps sequentially?08:44
manticorpusThe rsync process is not in my control, it's a client of my server08:45
manticorpusMy best guess is that mv is atomic. So I create my tar in another directory and do a mv action08:45
blackflowmanticorpus: yes, that's usually how such atomic ops are done. don't even have to be another dir, could be the same with a different name. eg.    .tmp_somename.tar   that you rename to   somename.tar     keep in mind, if you create it somewhere else, that you're still on teh same filesystem, otherwise mv will take much longer because it has to copy, not just rename.09:11
manticorpusblackflow: Thank you, as the rsync take all the dir I will do in another dir. Thanks you for your feedback09:55
blackflowmanticorpus: just make sure it's on the same filesystem, or at least know what the consequences are if it's not.10:00
coreycbjamespage: i hadn't seen those issues yet but i think py3.7 just came out. i can dig into that tomorrow.10:40
manticorpusblackflow: It's thank you10:45
GargoyleOK. I've run out of Google Foo. I'm lost in a proxy terminology maze of transparent, forward, reverse, anonymous, ssl_bump, intercept... and on and on.11:59
GargoyleWhat I am trying to do is enable certain https requests from servers in a autoscale cluster to go out via a proxy server so that the receiving end gets the request from 1 or 2 fixed IP addresses and not all the random ephemeral ones that the autoscaling servers will have.12:01
GargoyleI'm not looking to intercept and decrypt, MITM style - I just want the destination to get the proxy server IPs.12:02
blackflowGargoyle: maybe with a tcp proxy? irrc nginx can do that too12:06
blackflow*iirc12:06
sdezielGargoyle: haproxy can do that too12:07
GargoyleI think that's what I'm going to have to do. I hit a bit of a wall with nginx and streams, so I've tried squid but that seems to focus around intercepting.12:07
blackflowGargoyle: what kind of wall? What was the problem with nginx?12:08
sdezielGargoyle: haproxy can be easily configured to terminate TCP or TLS or HTTP(S) and then hit a list of backends using TCP or TLS or HTTP(S)12:09
Gargoyleblackflow: Most likley me going code-blind. going to retry.12:09
Gargoylesdeziel: Not looking to terminate the ssl - just the opposite.12:10
sdezielGargoyle: then operate in TCP mode and it will be load balanced between healthy backend12:10
sdeziels/backend/backends/12:10
sdezielGargoyle: haproxy is nice because it supports doing fancy health checks on the backends. IIRC, the same requires NGINX Plus12:11
Gargoylenot doing reverse proxying. doing forward proxying - don't know what the destination is.12:12
GargoyleSo it will be requests to external apis like google, etc.12:13
Gargoyleback to nginx... vagrant destroy, vagrant up for about the 50th time already today! :P12:14
blackflowconsider also some iptables routing magick on the "proxy node"12:14
blackflows/routing/NAT/12:15
GargoyleHow would that work, blackflow. I originally came up with a NAT solution which required updating routing tables for the destination IP addresses so that traffic went out via the NAT box. Hit a hurdle with one of the 3rd parties not having fixed IP addresses.12:16
sdezielGargoyle: oh, sorry, I missed the forward part12:17
Gargoylesdeziel: No worries - it's a bit of a oddball problem!12:18
ahasenackmorning12:18
blackflowGargoyle: depends on your network layout, whether you have some wan/lan boundary through a router, or if you just have to solve it at the dns level, designating a "proxy node"'s IP for all outbound domains, then it should be relatively straightforward to NAT, on that node, between LAN subnet and   ! LAN subnet12:19
GargoyleOK. So I think nginx is working now... X-)12:21
blackflow:)12:21
GargoyleI had missed the "resolver" directive...12:21
Gargoylehttps://gist.github.com/gargoyle/851b8628099307581485e181cd5898c012:22
GargoyleTIL: nginx only does dns lookups on start/restart/reload12:23
blackflowhuh, TIL ssl_preread12:23
GargoyleUnless you have "resolver"12:23
GargoyleYeah... grabs the host from the SNI header.12:23
blackflowyah12:23
blackflowbut eh.... 8.8.8.8?   eeeew. :)12:24
Gargoylehe he. It's easy to remember though. :D12:31
Gargoyle1.1.1.1 ?12:31
sdezielGargoyle: beware that nginx's DNS resolver is vulnerable to DNS poisoning so you may want to use a closer resolver12:34
blackflowGargoyle: I was hinting at "run your own caching resolver " :)12:35
GargoyleGood to know, thanks.12:35
blackflowBind9 works for me nicely, though Unbound is not bad either. Supposedly less vulnerable, but I suspect it's just a consequence of it being used less (and attempted against less)12:41
RoyKblackflow: and 8.8.4.412:43
blackflowRoyK: hmm?12:50
=== Jare__ is now known as Jare
Ubu-1604question : I was wondering about the SIZE of my 'snap' directories that have been made, this notepad program I am using seems to have made 3 snaps now (60 Meg each), and I was wondering can I delete these .. they all show to be 100% full.15:04
Ubu-1604guess I'll just try the unmount and remove the older snaps :)15:14
GargoyleSo I've pinged server.xyz and got 1.2.3.4 - great. But now I have added 4.5.6.7 server.xyz to /etc/hosts but I am still pinging the old IP address. systemd-resolver --flush-caches doesn't seem to do anything (18.04) any ideas?15:14
Ubu-1604Gargoyle: could try disconnect / reconnect to the net ... or even a full reboot .. at least in windowz the dns cache is loaded and the real only way to reload is is a reboot (works best) or try disconnect/reconnect.15:16
Ubu-1604Gargoyle: or stop/start the dns service .. just a thought.15:17
GargoyleBut this is linux!15:17
GargoyleThere is no separate service - i think it's all systemd15:17
Ubu-1604Gargoyle: ya I know .. I was njust trying to impress upon you that this dns cache is sometimes hard to FORCE to reload itself.15:17
blackflowone more reason to ditch it.15:18
Ubu-1604sorry I asked my snap question in the wrong channel ;)15:19
mystici installed wine but it wont run19:00
ahasenackrbasak: for tomorrow likely, could you please check if the importer is still running? I'm seeing sssd is behind debian:20:21
ahasenackhttps://code.launchpad.net/~usd-import-team/ubuntu/+source/sssd/+git/sssd/+ref/debian/sid is 1.16.1-120:22
ahasenackbut rmadison shows 1.16.2-1 to be in debian's testing and unstable20:22
ahasenackhttp://reqorts.qa.ubuntu.com/reports/ubuntu-server/merges.html agrees that sssd 1.16.2-1 has been uploaded on jun 27th20:22
ahasenackrbasak: I also don't see ubuntu/devel updated with our recent samba upload, that no-change rebuild one20:32

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!