=== havenstance_ is now known as havenstance
[03:53] <havenstance> is there a viable open-source alternative to ntopng other than darkstat that runs on ubuntu-server?
[04:27] <MartesZibellina> Interested in reasonably priced GLOBAL IRC ADVERTISING? Contact me on twitter https://twitter.com/nenolod or linkedin https://www.linkedin.com/in/nenolod
[05:18] <whislock> That's a new one.
[07:27] <allaga> hey
[12:18] <Bert_2> Hi, we're updating our webworkers from 16.04 to 18.04 and noticed there's a bit of a problem in 18.04 with libcurl. Both libcurl3 and libcurl4 actually supply .so files for libcurl4 (so that's weird for sure), on top of that some packages depends on the 3 package and others on the 4 package, so that leaves it difficult to keep everything installed (php-curl requires 4, shibboleth requires 3)
[12:18] <Bert_2> So, is that a mistake or what's the idea behind that?
[12:21] <TJ-> Bert_2: read the changelog for curl (7.58.0-2ubuntu2): "* Rename libcurl3 to libcurl4, because libcurl exposes an SSL_CTX via
[12:21] <TJ->     CURLOPT_SSL_CTX_FUNCTION, and this object changes incompatibly between
[12:21] <TJ->     openssl 1.0 and openssl 1.1.
[12:21] <Bert_2> TJ-: shouldn't the dependencies of shibboleth (namely libxmltooling7) then have been edited?
[12:22] <TJ-> Bert_2: I have no idea - the transition to openssl 1.1 has been extremely complicated. Your best source is Marc Deslauriers in #ubuntu-hardened, part of the security team
[12:23] <TJ-> Bert_2: there should be some discussion of it in the ubuntu-devel mailing list too, from around the start of the 18.04 cycle in October 2017
[12:27] <TJ-> Bert_2: I think the initial discussion started at https://lists.ubuntu.com/archives/ubuntu-devel/2017-December/040087.html
[12:28] <Bert_2> TJ-: thx, I've also posted in hardened, let me look at the list now
[12:28] <TJ-> Yeah, I noticed, but it being Sunday you may need to wait until weekdays to get a reply
[12:29] <Bert_2> I'm afraid so
[12:29] <Bert_2> which would mean more downtime than expected because someone accidentally started all webworkers at the same time :/
[12:34] <Bert_2> We're getting more and more convinced it's just a mistake in the dependencies of libxmltooling and it should just be 4
[12:35] <TJ-> is it shibboleth-sp2 you're using?
[12:35] <Bert_2> libapache2-mod-shib2 and the like, yes
[12:36] <Bert_2> (that includes common and utils of shibboleth-sp2)
[12:39] <Bert_2> oh, wait, it's more complicated
[12:40] <Bert_2> libxmltooling does not support the new openssl stuff
[12:40] <Bert_2> so libcurl3 is the dependency since it's compiled with the older openssl
[12:40] <Bert_2> but you can't have 3 and 4 installed side by side
[12:40] <TJ-> Bert_2: according to the upstream wiki "The OpenSAML 2 software has reached its End of Life and is no longer supported." so that might be to do with it https://wiki.shibboleth.net/confluence/display/OpenSAML/XMLTooling-C
[12:40] <Bert_2> even though that would fix things
[12:41] <Bert_2> yeah, well I must admit I was really surprised that 18.04 does not feature shib3
[12:44] <TJ-> It's in Universe so it depends on having an interested maintainer. Generally Ubuntu syncs from Debian at the start of each development cycle
[12:45] <Bert_2> Yeah, debian is still on the old ssl and uses 2.6.1
[12:45] <Bert_2> and well, 2.6.1 does make sense with the release schedule
[13:20] <Bert_2> TJ-: seems like 1 other person also has this issue and the only solution I can only describe as disgusting and shameful: https://depts.washington.edu/bitblog/2018/06/libcurl3-libcurl4-shibboleth-php-curl-ubuntu-18-04/
[13:26] <TJ-> Bert_2: I've not looked in detail at your scenario but I'm wondering if there's a way to use an LXD container to put the libcurl3/xmltooling in and still be able to call into it (via TCP socket) from the host? That would prevent messing with packaging in any way. Won't work of course if it is all library calls
[13:27] <Bert_2> Seems like libcurl3 and 4 should both be installable (so no conflict) and then have some packages specifically linked to 3
[13:28] <Bert_2> TJ-: we wouldn't want to isolate shib, since it integrated into an apache mod
[13:28] <Bert_2> we can't isolate php and shib from each other but they specifically cause the problem (3 vs4)
[13:28] <Bert_2> we are following up on https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1776489
[13:28] <ubottu> Launchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed]
[16:43] <tempest> Hey anyone know how I could completely purge all custom ACL's set recursively in a directory?
[16:47] <TJ-> tempest: see "man setfacl"
[16:47] <TJ-> tempest: "setfacl --recursive --remove-all" I suspect
[19:22] <mivance> looks like 18.04.1 came out three days ago; are we still in the intermediate period where distribution upgrade isn't yet supported?
[20:26] <cryptodan_mobile> im sick and tired ubuntu no longer supports my dell poweredge server
[20:26] <cryptodan_mobile> noting but hassel and quite frusterated
[20:35] <cryptodan_mobile> its rather frusterating to see aacraid hung error then all of a suddent rjecting i/o due to offline device errors  the drives are all fine and error free and are running perfect and optimly per the raid controller.  only after boot does this issue happen. happens in kernel 4.4 and 4.15 it is frustrating.
[20:37] <cryptodan_mobile> and now my server wont even boot up properly and will just hang with rejecting i/o errors with fake file system corruption errors.
[20:37] <cryptodan_mobile> it boots fine 2 times then does this
[20:40] <TJ-> cryptodan_mobile: is it related to Bug #1770095
[20:40] <ubottu> bug 1770095 in linux (Ubuntu Cosmic) "Need fix to aacraid driver to prevent panic" [Critical,Fix committed] https://launchpad.net/bugs/1770095
[20:40] <cryptodan_mobile> and I am quite sure and confident that if any drive was having issues the raid controller would me know if its running in degraded mode and needed replacing.  But that is not the case.  All drives are green and optimal
[20:41] <cryptodan_mobile> i needs to be fixed faster and new iso's respun to propagate the fix
[20:43] <cryptodan_mobile> I cant even download and test those kernels onto the machine as it will not boot at all now and this is a 1 day fresh install
[20:43] <cryptodan_mobile> 14.04 fails and 16.04 fails
[20:44] <TJ-> cryptodan_mobile: boot from a rescue USB/CDROM with 12.04 on maybe?
[20:45] <TJ-> cryptodan_mobile: that'd allow you to chroot mount and install additional kernels
[20:45] <TJ-> cryptodan_mobile: presumably GRUB is fine, its when linux takes over it drops the ball?
[20:46] <cryptodan_mobile> pe4600 has no usb boot option and for some reason installtion of ubuntu took my cdrom and ide port offline
[20:46] <cryptodan_mobile> yup it quits mounting all together
[20:47] <cryptodan_mobile> so if this bug is in newer kernels and effects adaptec raid controllers of all types then there will be a lot of servers not booting
[20:48] <TJ-> I used to have a PE with similar PERC controller. The issue seems to be with a subset of aacraid hardware
[20:48] <TJ-> Here's another current Bug #1777586
[20:48] <ubottu> bug 1777586 in linux (Ubuntu Bionic) "Ubuntu Server 18.04 LTS aacraid error" [High,Confirmed] https://launchpad.net/bugs/1777586
[20:48] <cryptodan_mobile> add 14.04 and 16.04 to it
[20:49] <TJ-> that first bug seems to have the fix published in  bionic-proposed
[20:50] <cryptodan_mobile> it goes back to 4.4 kernel in 14.04
[20:51] <cryptodan_mobile> bionic has no i386 so i cant run it on my pe4600
[20:56] <TJ-> what do you mean? there aren't i386 ISOs but there are i386 packages
[20:59] <cryptodan_mobile> I386 isos on ubuntu 18.04 I only saw 64bit available to download
[20:59] <TJ-> what about using an original 14.04 ISO from old-releases that has the 3.13 kernel?
[21:00] <TJ-> as in http://old-releases.ubuntu.com/releases/trusty/
[21:01] <TJ-> use a desktop LiveISO from there, then you can do "Try Ubuntu" (hopefully, if the DVD drive is recognised!) and a chroot into the installed system to add additional kernels
[21:01] <TJ-> Does it have a DVD, or is it only a CD-ROM drive? Could be a capacity issue if so
[21:06] <cryptodan_mobile> it has a dvd drive
[21:08] <TJ-> so that's good, you can use one of those 907MB ISO images
[21:09] <cryptodan_mobile> Here is a video I made of it booting https://youtu.be/jDVOKubgG6s
=== minipini is now known as Guest23440