tomreyn | how would you setup and manage networking on a single KVM based HV (no HA) with an IPv4 /28 and IPv6 /64 which you'll manage via CLI (libvirt-bin or similar) only? | 09:54 |
---|---|---|
mnms_ | Hi.. looking for solid guide about hardening fresh ubuntu server, could you recommend something? | 11:04 |
blackflow | mnms_: https://wiki.ubuntu.com/Security/Features and https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04 and employ AppArmor wherever possible. The second links a bit old, those aren't all security features available through systemd, so check its docs too. | 11:24 |
mnms_ | blackflow thx | 11:38 |
ahasenack | rbasak: hi, is the importer stuck by any chance? | 12:25 |
ahasenack | rbasak: https://git.launchpad.net/~usd-import-team/ubuntu/+source/autofs/tree/debian/changelog is at 5.1.2-3ubuntu2, rmadison shows cosmic at 5.1.2-4ubuntu1 | 12:25 |
rbasak | Looking | 12:26 |
rbasak | Yes, the host was rebooted a week ago | 12:28 |
rbasak | Looking into why | 12:28 |
rbasak | The logs have rotated out :( | 12:30 |
rbasak | Restarted | 12:31 |
ahasenack | jamespage: hi, isn't crmsh used quite a log in openstack xenial deployments? | 13:54 |
ahasenack | I came across https://bugs.launchpad.net/ubuntu/+source/crmsh/+bug/1687095 and "crm cluster health" just can't work in xenial because of the missing dep, and I also added the uca for a bunch of versions and the bug remains | 13:55 |
ubottu | Launchpad bug 1687095 in crmsh (Ubuntu) "crm cluster health: NameError: global name 'parallax' is not defined" [High,Confirmed] | 13:55 |
jamespage | ahasenack: we do but I don't think I have ever used 'crm cluster health' | 15:33 |
jamespage | we don't hold crmsh in the UCA, so I'm not surprised that made no difference | 15:33 |
ahasenack | jamespage: ok, thanks | 15:34 |
=== jdstrand_ is now known as jdstrand | ||
ahasenack | rbasak: are you aware of known issues doing release upgrades from trusty to xenial with a mysql server installed? | 17:29 |
nacc | iirc, there were a bunch of bugs filed when xenial came out | 17:30 |
nacc | because the config changed dramatically (again, iirc) | 17:30 |
ahasenack | let me paste something | 17:31 |
ahasenack | see if it rings a bell | 17:31 |
ahasenack | https://pastebin.ubuntu.com/p/M2RVQdv56P/ | 17:31 |
ahasenack | that bit about the version, looks like not all packages were upgraded yet | 17:31 |
ahasenack | there are some apparmor denied messages, but they look like the usual to me, that I have seen in other bugs already | 17:33 |
nacc | ahasenack: trusty has 5.5.60 | 17:33 |
nacc | ahasenack: and precise as 5.5.54 | 17:33 |
nacc | ahasenack: i guess maybe the upgraded at some point in the past? dunno, hard to say | 17:33 |
nacc | i *think* that's the postinst from mysql-server? | 17:34 |
nacc | ahasenack: which implies that it didn't stop the old one? | 17:34 |
nacc | stop/remove | 17:34 |
tomreyn | 5.5 to 5.7 involves innodb + utf-8 collation by default (for new DBs), and strict mode on by default, IIRC. | 17:34 |
ahasenack | yeah, something like that | 17:35 |
nacc | ahasenack: it feels faimilar, but i'm not 100%, i tihnk you'd need rbasak | 17:35 |
rbasak | I've not seen that before | 17:38 |
rbasak | The postinst is running mysql_upgrade as expected, but the server daemon appears not to have restarted | 17:39 |
rbasak | "start: Job is already running: mysql" | 17:40 |
rbasak | Did it fail to stop previously? | 17:40 |
rbasak | Need reproduction steps I think. Given I've not seen it before, I'd want to rule out user misconfiguration first. | 17:41 |
nacc | ahasenack: fwiw, per publishing history of mysql-5.5, that version was superseded in trusty around april 2017 | 17:42 |
nacc | actually january!@ | 17:42 |
nacc | so i'd be likely to suspect pebkac | 17:42 |
ahasenack | yeah, I got 5.5.60 when I created my test container | 17:43 |
rbasak | Some customisation of the service locally perhaps, which prevents the maintainer scripts from being able to affect it. | 17:43 |
ahasenack | rbasak: I don't see any messages about stopping mysql, or restarting | 17:43 |
rbasak | I'd expect that to be earlier in the log | 17:47 |
ahasenack | there is this, though | 17:47 |
ahasenack | 180723 11:46:14 [ERROR] /usr/sbin/mysqld: Table './asterisk/freepbx_settings' is marked as crashed and should be repaired | 17:47 |
ahasenack | 180723 11:46:14 [Warning] Checking table: './asterisk/freepbx_settings' | 17:47 |
rbasak | At least to see that the preinst i running, et | 17:47 |
ahasenack | don't know if that was just before the upgrade, or during | 17:47 |
ahasenack | https://launchpadlibrarian.net/379751877/DpkgTerminalLog.txt dpkg terminal log | 17:47 |
rbasak | I think it's fine to mark as Incomplete with our standard template. | 17:47 |
rbasak | If the user thinks it's a bug, they can provide reproduction steps | 17:48 |
ahasenack | that's usually hard with release-upgrade bugs | 17:48 |
rbasak | lxd helps with that | 17:48 |
ahasenack | "Restart services during package upgrades without asking?" <-- I wonder what he answered | 17:52 |
rbasak | I think that relates only to libc6. Not sure though. | 17:54 |
rbasak | (as in libc6's maintainer scripts) | 17:54 |
ahasenack | oops | 17:56 |
v0lksman | hello all! installing apache2 on 18.04 but it seems I | 18:41 |
v0lksman | 'm missing something cause php7 doesn't want to execute when hitting index.php | 18:41 |
v0lksman | any hints? seems apache2 comes pretty bare bones now and you have to manually enable all the mods | 18:42 |
v0lksman | ahh poop....libapache2-mod-php...thought that was already in | 18:43 |
tomreyn | neither is php only a web scripting language nor can apache httpd be only used with php (and scripting/programming language enabling modules are generally not part of the apache httpd core), so no, it's not. | 18:48 |
sarnold | v0lksman: did you a2enmod php or whatever? | 18:51 |
v0lksman | I was just missing the mod...thought I had already installed it | 18:52 |
nacc | v0lksman: it depends on the version of ubuntu you're on, but on 18.04 it should do what you said | 19:09 |
DammitJim | is there such a thing as a tomcat repo for ubuntu 18.04 ? | 19:39 |
nacc | DammitJim: probalby a ppa | 19:39 |
DammitJim | I've been googling but can't find one | 19:39 |
DammitJim | all the tutorials I see online now use wget to download the gz | 19:40 |
sarnold | if you're going to that much trouble you might as well maintain the one inthe archive :) | 19:42 |
DammitJim | which trouble and what archive? | 19:43 |
nacc | !info tomcat8 | 19:43 |
ubottu | tomcat8 (source: tomcat8): Apache Tomcat 8 - Servlet and JSP engine. In component universe, is optional. Version 8.5.30-1ubuntu1.2 (bionic), package size 43 kB, installed size 314 kB | 19:43 |
DammitJim | I was looking for a ppa... and was trying to make sure I wasn't missing something since I can't find it | 19:43 |
nacc | that one :) | 19:43 |
nacc | archive = Ubuntu archive | 19:43 |
DammitJim | oh, so there is no ppa | 19:43 |
sarnold | dunno, I never looked ;) | 19:43 |
sarnold | there is a package in the archive, but it's commuynity maintained | 19:44 |
nacc | DammitJim: i mean there can be PPAs of archive pacakges | 19:44 |
nacc | !ppa | 19:44 |
ubottu | A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge | 19:44 |
sarnold | which might mean, in practice, no one maintains it. | 19:44 |
nacc | you can search there --^ | 19:44 |
sarnold | and if you have to build one yourself, it'd probably be less effort to maintain the one inthe archive, and let everyone benefit from your work :) | 19:44 |
tomreyn | DammitJim: so why are yuo looking for a ppa? is the version in ubuntu too old / new for your needs? | 19:46 |
DammitJim | actually, you guys are right... man, the mind can screw you up if you don't learn how to control it | 19:47 |
DammitJim | I have been googling how to install tomcat on ubuntu 18 and all I find are tutorials to install from source | 19:48 |
DammitJim | I assumed that there is no way to say: apt-get install tomcat | 19:48 |
DammitJim | whoa | 19:48 |
tomreyn | you can even choose from major upstream versions | 19:49 |
genii | !info tomcat 9 | 19:56 |
ubottu | '9' is not a valid distribution: artful, artful-backports, artful-proposed, bionic, bionic-backports, bionic-proposed, cosmic, cosmic-backports, cosmic-proposed, kubuntu-backports, kubuntu-experimental, kubuntu-updates, partner, precise, precise-backports, precise-proposed, stable, testing, trusty, trusty-backports, trusty-proposed, unstable, utopic, utopic-backports, utopic-proposed, vivid, vivid-backports, vivid-proposed, wily, wily-backports, wi | 19:56 |
genii | !info tomcat9 | 19:56 |
ubottu | Package tomcat9 does not exist in bionic | 19:56 |
genii | OK so 8 and 7 still currently | 19:57 |
DammitJim | I think it's 8.5 | 19:57 |
DammitJim | https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1712645 | 20:02 |
ubottu | Launchpad bug 1662654 in tomcat8 (Ubuntu) "duplicate for #1712645 Please remove resteasy (3.1.0) from zesty-proposed" [Undecided,Fix released] | 20:03 |
DammitJim | weird | 20:03 |
DammitJim | tomcat 8 is end of life | 20:03 |
DammitJim | oh, interesting.. the package is called tomcat8, but it's acually 8.5.30 | 20:05 |
ScottE | Tomcat 8.0 and 8.5 are not completely compatible, either - just to make things more fun | 20:21 |
* RoyK thinks tomcat and other java stuff should be left untouched | 20:23 | |
DammitJim | RoyK, I'm with you; however, I'm forced to touch it since our company uses it... it's truly a mess... to keep Ubuntu Version + Tomcat Version + Java Version + Grails Version compatible and supported (not EOL) | 20:41 |
ScottE | If that's not all bad enough, soon to use Java in a production environment will require either using openjdk or paying oracle for a commercial license. | 20:45 |
teward | state your source? | 20:46 |
DammitJim | +1 teward | 20:49 |
ScottE | http://www.oracle.com/technetwork/java/eol-135779.html - "Beginning with Oracle Java SE 11 (18.9 LTS), the Oracle JDK will continue to be available royalty-free for development, testing, prototyping or demonstrating purposes." | 20:59 |
RoyK | DammitJim: my condolences | 21:01 |
DammitJim | lol | 21:02 |
DammitJim | ty | 21:02 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!