Xasesarnold, https://pastebin.com/62dH02gj00:00
XaseCould it have to do with the fact I was previously running bind?00:00
XaseI'm still new to this, I apologize for any novice level questions.00:00
sarnoldheh, I've never seen dig used with just the @server parameter before..00:01
sarnoldtry dig @localhost www.google.com A00:01
XaseSame with different ID it seems00:02
XaseThis is the tutorial I followed https://webilicious.xyz/linux/complete-powerdns-setup-guide-on-ubuntu-server/00:03
XaseBut I previously had installed bind from another tutorial.00:03
XaseThe tutorial for powerdns shows there should be 1 server, but mine reports 2 servers with DiG00:03
sarnoldXase: okay, how about asking your server for a record that it should actually have? maybe smy suggestion of google.com was a bad ida00:06
Xasesarnold I haven't set any up. I was going to set it up to work with ISPConfig.00:08
cryptodannacc: I found a stable kernel and distro for my server02:03
=== Guest34494 is now known as karstensrage
=== xase_ is now known as Guest45743
=== mgagne is now known as Guest82592
lordievaderXase: I see now that I forgot to ask you yesterday if you were looking for a recursive resolver or an authoritative dns server.05:39
raddyHello Everybody06:03
raddyIs live patching available for Ubuntu 16.04.3 LTS06:06
lotuspsychjeraddy: first update your server, 16.04.5 is out06:06
lotuspsychjeraddy: alot of new security flaws came out since06:07
ubottuCanonical Livepatch is a service offered by Canonical for 64 bit 16.04 installs that modifies the currently running kernel for updates without the need to restart. More information can be found at https://ubottu.com/y/livepatch and https://www.ubuntu.com/server/livepatch06:07
lordievaderGood morning06:12
=== ogra_ is now known as ogra
jellybut can they live patch from .3 to .5 !07:43
tomreyni'm hosting a mirror server for getdeb/playdeb, a now unmaintained third party software repository for ubuntu. there are people using my mirror directly through apt. i'd like to use this opportunity to somehow indicate that they should remove this repository and run ppa-purge against it. is there a way i could send such a message?08:33
tomreyni've seen some kind of a redirect to a new hostname with a message (such as this-archive-is-no-longer-maintained.example.org) which then showed up on apt output in the past, but am not sure how to do this or whether it's a good idea.08:34
tomreynthuis was an earlier, unrelated occasion where some apt archive did this to send a message08:35
=== lifeless_ is now known as lifeless
=== lotuspsychje_ is now known as lotuspsychje
HelenahFor some reason the Ubuntu launchpad PPA keeps timing out on me, I'm not sure how to fix.13:03
blackflowHelenah: you could install mtr-tiny and check where the packet flow breaks.     mtr -i 1 -c 5 -r <hostname-or-ip>    it's an advanced tracert tool thingy.13:12
HelenahI'll give it a try13:12
blackflowalso check if the DNS is resolving, etc...13:12
HelenahIt is13:13
Helenahblackflow: Could node 7 be the problem? https://paste.ubuntu.com/p/RbY2tSpbvj/13:16
HelenahIt's never up13:16
blackflowHelenah: no, it only means that particular node is limiting/dropping icmp packets13:18
blackflowand loss% is only relevant if the _last_ node _upward_ shows any13:18
blackflowHelenah: welp looks like networking on your end is fine, the trace goes deep into canonical turf. what's teh PPA url?13:19
HelenahOr you mean the full URL?13:19
HelenahIt's the Greek Schools repo13:20
blackflowI don't know it, can you post it? or better yet, check via browser if it's accessible?13:21
Helenahblackflow: https://paste.ubuntu.com/p/X2G3zF6gWS/13:22
blackflowHelenah: well if you can ping or trace up to and including that ip  (use -n for mtr to see IPs), then I doubt there's anything you can do. possibly some transitional issue.13:24
HelenahI really need this software, it's used for my fat clients.13:24
blackflowsee if you can pull the file directly with wget,  eg.   wget http://ppa.launchpad.net/ts.sch.gr/ppa/ubuntu/pool/main/l/ldm/ldm_2.18.06-1+t201807230407~ubuntu18.04.1_amd64.deb13:25
Helenahblackflow: Worked13:26
HelenahBut with APT, the same packages time out, there is no getting around it...13:26
HelenahThis is a fresh install.13:26
blackflowtry shove it in /var/cache/apt/archives/   and see if apt/dpkg will reuse it from there. Other than putting the file in the apt cache like that, I don't know if anything else needs to be done13:26
ahasenackHelenah: is apt using a proxy perhaps?13:57
ahasenackHelenah: check /etc/apt/apt.conf.d/* and related files, maybe do "grep -i proxy -r /etc/apt"13:57
sdezielthat ^ or this: apt-config shell PROXY Acquire::http::proxy13:59
ahasenackis that case insensitive?13:59
ahasenacklooks like13:59
sdezielin fact, this seems better: apt-config dump Acquire::http::prox13:59
ahasenack$ apt-config dump|grep -i proxy13:59
ahasenackAcquire::http::Proxy "http://squid-ds216.lxd:3128/";13:59
ahasenackyeah :)14:00
madLyfehey sdeziel i have my zfs smb share mounted on windows and nix but i cant seem to write anything to it.14:00
ahasenackcpaelzer: what is "preparing packages" here, do you know? https://bileto.ubuntu.com/#/ticket/339214:00
sdezielmadLyfe: by default, zfs filesystems are owned by root so maybe you need to chown some dirs?14:00
ahasenackthe packages are built in the ppa14:00
ahasenackyeah, first check the unix side: make sure the user you want can write to the dirs/files you want14:01
ahasenackthen repeat over samba14:01
ahasenackthere are layers of permissions here14:01
cpaelzerahasenack: I'm not remembering the prepare step14:04
ahasenackI also didn't see it mentioned in the dos14:04
ahasenackas a status14:04
ahasenackI did click "build" one more time after the packages were built in the ppa, and bileto wasn't "seeint" that14:04
cpaelzerdid you hit publish?14:05
ahasenackas usual, when creating the ticket, I forgot to select "cosmic"14:06
ahasenackit was at its default of zesty or something old like that14:06
ahasenackso I clicked build again after changing it to cosmic14:06
ahasenackoh, it moved14:06
cpaelzerit seems the diff is not created for cosmic14:06
ahasenacknow it's green14:06
cpaelzerI re-triggered the diff14:06
ahasenackI set lander to approved14:07
ahasenacknow it's starting the tests, all looks good14:07
cpaelzerahasenack: when you click on diff you'll see a log of the former diffs14:07
cpaelzerthere was none14:07
cpaelzerdespite the old (zesty) diff being exitsing14:07
cpaelzerso I thought why not re-create14:07
cpaelzerand that seems to have brought it back to normal14:07
Helenahahasenack: It isn't14:13
ahasenackHelenah: can you pastebin the apt-get update output?14:14
madLyfesdeziel: did you use the winbind to sync system users to samba usr db?14:33
sdezielmadLyfe: I only run smbd so I manually sync the users14:37
sdezielmadLyfe: I am probably using a weird setup though14:37
madLyfeatm im the only one accessing the share(from a couple locations), can i have it just inherit the ubuntu server user/pass?14:38
sdezielmadLyfe: I prefer to decouple the Unix and samba accounts14:38
sdezielmadLyfe: all my samba users have /bin/false as their shell14:38
madLyfesdeziel: /bin/false/ as their shell?14:40
sdezielmadLyfe: the samba accounts have matching Unix accounts but I set their shell to be /bin/false14:43
sdezielmadLyfe: the idea is those users can only use samba and not connect to the server using SSH for example14:44
madLyfecan you sync the unix accounts(only one in my case) and manually add on samba users later? ones that wouldnt be added to the server? or would it sync those as well?14:45
sdezielmadLyfe: I am not sure I understand your question. How could you sync Unix -> samba is the samba user is only created later?14:47
madLyfesdeziel: samba supports the ability(through another installed package?) to sync the systems users/password database? if i only had one user on the system i would only have one in samba. if i was to add more samba users later, would those then get synced to system as well? or is it only a one way sync from system to samba? or do i have the whole thing wrong?14:52
ahasenackmadLyfe: for every samba user, there needs to be a corresponding linux user14:52
ahasenackto sync passwords, the maybe simplest way (but also error prone?) is via "unix password sync"14:53
ahasenackyou will also need "passwd chat"14:53
ahasenackI think there is a default/example in ubuntu's smb.conf14:53
ahasenackbut I haven't used that in a while14:53
madLyfeso useradd also adds that user to the ubuntu server as well?14:53
Helenahahasenack: It's an LTSP chroot I'm trying to set up.14:54
franciscodelgadoHi people!14:55
Helenahsdeziel: You can configure SSH to only allow users in certain groups to SSH in.14:57
sdezielHelenah: yes, I know thanks :)14:57
franciscodelgadoHave an old computer, it was dumped on the trash lol, was wondering about to use it as server with ubuntu server: It's Intel Core 2 Duo e7500 @ 2.93GHZ, 4GB of RAM, 1 160G HDD (for system, i.e.) and another disk with 1TB. x64 arch. processor, what do you think about this for data, download and local apache server?14:57
sdezielpeople really throw away anything...14:58
Helenahfranciscodelgado: In the UK, that's called robbing14:58
franciscodelgadoWow so I don't want to live on the UK14:58
Helenah(Just saying)14:58
sdezielfranciscodelgado: this would make a pretty decent headless server14:58
franciscodelgadoIn spain it's called to take what another ones don't want anymore lol14:58
Helenahfranciscodelgado: I would've done the same thing tho14:58
sdezielthrowing computers in the trash should be criminal in the UK14:59
HelenahCore 2 Duo is nice btw, especially for a server.14:59
xasefranciscodelgado, run forensics on it first...14:59
Helenahsdeziel: Yeah, all those toxins, and that wasted metal14:59
franciscodelgadoHelenah: I feel like a little child on christmas now hahaha14:59
sdezielHelenah: yup14:59
ahasenackmadLyfe: /usr/sbin/useradd only cares about linux, and smbpasswd only cares about samba. There are effectively two user databases15:00
franciscodelgadoxase: forensic?15:00
HelenahI went passed a skip on my estate, it had computers, hifi systems, fridges, freezers, so much electronics, I believed most of it worked and was just thrown because the owner was looking for an excuse to buy new.15:00
ahasenackafter the users are created, then the password can be sort of kept in sync if it's changed via samba. If it's changed in linux, then maybe via a pam module to also change it in samba15:00
ahasenackmadLyfe: it gets complicated the more users you have, that's why such setups normally resort to using ldap15:00
xaseYeah like scrape the hard drive, make sure there isn't anything useful on it?15:00
sdezielfranciscodelgado: I run 80% of my home infra on a similar machine also with a Core 2 Duo15:00
xaseYou never know.15:01
franciscodelgadoxase, oh right15:01
HelenahHow about you shred the drive? I don't know about the laws in Spain, however in the UK, if there is illicit material on it, for example CP, it's enough to get you put on a criminal register.15:01
xaseOr just wipe the harddrive completely clean first. You don't want to be caught with someone else15:01
franciscodelgadoso I will give a try on it, it's incredibly silent also15:01
HelenahDon't even check what's on it.15:02
xaseYeah that Helenah15:02
xaseJust shred it.15:02
madLyfeahasenack: that seems way over my head15:02
franciscodelgadoDon't know what the hell was going on with this pc to waste it15:02
HelenahChecking is a way of incriminating yourself15:02
xaseHelenah, I thought about the CP issue after I said it.15:02
xaseShred the drive.15:02
franciscodelgadoI think there is an option on ubuntu-server installer to do womething like shred, right? like overwrite it with zeroes or similar15:03
sdezielmadLyfe: it's simpler than it sounds. The Linux/Unix account is used to access the files on the samba server itself. The samba account is used by clients to authenticate against the server15:03
sdezielfranciscodelgado: before the installer started its thing, you can fire up another console and do something like that: cat /dev/zero > /dev/sda15:04
franciscodelgadosdeziel: oh, cool, another command to my notebook :D15:05
Helenahfranciscodelgado: If you really want to use the drive, do dd if=/dev/zero of=/dev/sda several times15:05
HelenahYou wanna overwrite the shadow several times15:05
franciscodelgadoHelenah, yes, I think it's the best option, clean it all and forget what the HDD could contains15:06
Helenahfranciscodelgado: The idea is to "Not know".15:07
franciscodelgadoWill begin with this tonight15:07
HelenahYou don't wanna have yourself know by checking the drive.15:07
HelenahBecause that's where information slips if you get put under suspicion.15:07
franciscodelgadoHelenah, sorry, maybe it's because of my english, i tried to say "forget the idea of wanting to know what is inside"15:07
HelenahI understand15:08
HelenahThere are more non-natives on IRC than there are natives.15:08
franciscodelgadoYes, and the fact is almost people on IRC speaks in english so, everyone have to learn some to come here15:09
HelenahIt's better to know English anyway, if you have to join a channel like #ubuntu-es, you are missing out on the majority of the community which could've supported you otherwise.15:10
franciscodelgadoof course15:11
sdezielfranciscodelgado: I use this for extra safety when erasing drives: https://paste.ubuntu.com/p/rSJhqT2XkR/15:14
franciscodelgadoAnd, about here in Spain, about CP, if I find a computer or HDD or whatever containing CP the first thing to do is call the police, they will try to find the owner and you will be left on the shadows, you are suposed to be helping them15:15
sdezielbut now that I look at man shred, it seems that is supports shredding whole drives too15:15
HelenahIn data centres, drives are shredded, even if they are only a week old, if they had somes data on them, they are shredded, never reused.15:17
HelenahIt's to protect the data centre15:17
HelenahSo there is no room for accusions15:17
sdezielthere is shred(1) and shred (physically)15:18
tomreynunfortunately the former can't really be relied on.15:20
sdezieltomreyn: on files, I'd agree but on whole disks/partitions I'd be much less worried15:21
tomreynif its whole disks, i'd rather use ata 'secure' erase, or rather combine the two, but only if i failed to use full disk encryption.15:22
xasealright... so I purged bind, and reinstalled bind. but I still have my local router ip listening on port 53 AND and :::53. I'm having trouble setting up bind for my name servers.15:28
xaseAll the tutorials seem to be for local dns. Or isn't quite clear on how to configure for external.15:29
xaseI can't use powerdns which seemed to be a lot easier, it's not supported real well by ispconfig.15:30
GumaHello, I was asked to figure out how to setup up a "stage" server for productions machines so they all will point for all updates to our internal server that I need to setup. This server would be a gate keeper between ubuntu server and out production servers. So all of our production servers would be getting updates only from our internal "stage" server. When ever I update stage server then productions machines will upgrade to that version as well. Well15:51
Guma in reality there would be development stage server and production stage server. Production stage server would be pointing to development. I never did set this up. Where do I start? Any suggestions or links?15:51
nacccryptodan_mobile: nice16:09
ahasenackkstenerud_: following your freeipa pastebin instructions now (https://pastebin.ubuntu.com/p/8pnKw3pHj4/) to see what's going on17:03
ahasenackkstenerud_: so two things missing from that pastebin so far17:13
ahasenackkstenerud_: one we talked about, the reboot.17:13
ahasenackkstenerud_: the other one I just remembered is to make the ip a static one, and not dhcp assigned, to avoid surprises17:13
ahasenackI'm doing that now over here17:14
ahasenackkstenerud_: third, I think this answer is wrong:17:17
ahasenack* Enter an IP address for a DNS forwarder, or press Enter to skip: (machine's IP address)17:17
ahasenackit's not your own address: it's your home dns,17:17
ahasenackor the libvirt provided one17:18
ahasenackusing yourself as a forwarder would create a loop17:18
kstenerud_ahasenack: So if I'm using libvirt provided one, what would it be? Would I find it in resolv.conf?17:22
ahasenackit would be x.x.x.117:22
ahasenackthe .1 of the libvirt network17:22
ahasenackor, another way, it would be the bridge ip on the host17:23
ahasenackin my case,17:23
ahasenackvirbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 150017:23
ahasenack        inet  netmask  broadcast
ahasenack192.168.122.0/24 is the libvirt "default" network17:23
ahasenackor, don't set any forwarder, but then you won't take advantage of the host's dns cache17:23
ahasenackor its knowledge about other libvirt networks17:24
ahasenackI use squid in a lxd container, in another network, so I use libvirt's .1 DNS so that I can reach the proxy by name17:24
ahasenackfrom the vm17:24
ahasenackkstenerud_: the dns forwarder config means, "forward the dns request to this forwarder if the name being asked is not one of my own zones"17:25
ahasenackusually that would be the root servers, but if you have a forwarder configured, the forwarder is asked instead17:25
kstenerud_but if I don't configure a forwarder it should still complete installation, right?17:25
ahasenackkstenerud_: yeah, that must have been it, the config just finished for me on a brand new vm17:26
ahasenackkstenerud_: yes, but I haven't gone down that route17:26
ahasenackin my case it probably wouldn't finish because of my proxy named "squid-ds216.lxd", I would have to replace that with an IP, or not use the proxy17:26
ahasenacksince the root servers don't know about squid-ds216.lxd :)17:27
ahasenackkstenerud_: I also did the other two changes: fixed ip, and reboot after that17:27
kstenerud_ahasenack: OK so just to be clear, you used the x.x.x.1 address for the dns forwarder, and also to make the address static, and the reboot?17:27
ahasenacknow, don't follow the ip tip blindly17:27
ahasenackmake sure your x.x.x.1 is a dns server17:27
ahasenacktry dig with it17:28
kstenerud_In theory it should work fine with DHCP since I'm only going to run it for a few mins17:28
ahasenackdig @x.x.x.1 gnu.org17:28
ahasenackyeah, it's just to avoid surprises17:28
kstenerud_hmm install failed again :/17:38
ahasenackdid you check /etc/hosts?17:39
ahasenackyou must have something else going on17:39
ahasenackdid you use the bind9 ppa?17:40
kstenerud_Do you have this in your hosts:17:40
kstenerud_127.0.1.1       cosmic-freeipa.example.com      cosmic-freeipa17:40
ahasenackno, that's what I told you to remove :)17:40
kstenerud_Without that it won't auto-populate fields17:40
ahasenackyou have to have that entry with the real ip17:40
ahasenacknot 127.x.x.x17:40
ahasenackand drop the bit without the domain17:40
ahasenack192.168.122.40 cosmic-freeipa.example.com17:40
ahasenackjust one line, like that17:41
sylarioHi, I am trying to instal NVM on an ubuntu server, and despite bashrc being modified, it seems the added lines have no effect : https://github.com/creationix/nvm17:42
sylarioThoses are the lines added in bashrc :17:42
sylarioexport NVM_DIR="$HOME/.nvm"17:42
sylario[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm17:42
sylario[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion17:42
sylarioBut even after a new login, nvm is undefined and $NVM_DIR is empty17:43
sylarioI had no problem installing nvm on a non server ubuntu17:44
ahasenacksylario: what's with the \.?17:44
ahasenackuse just ., or replace "." with "source" (no quotes)17:44
ahasenackand no \17:44
sylarioIt changed nothing17:46
sylarioThis code is the same on my ubuntu workstation and it works17:46
sylarioAnd echo $NVM_DIR is still empty17:47
sylarionot sure why17:47
ahasenackif you source .bashrc, does it get defined?17:47
sylarioYes, with the first line I posted here17:47
ahasenackdo you have a ~/.profile?17:48
sylarioThoses line have been added by the nvm install script17:48
ahasenackthat is what sources ~/.bashrc17:48
ahasenackdo you have a $BASH_VERSION variable defined? Try echo $BASH_VERSION17:49
ahasenackalso check "getent passwd <youruser>" and confirm that the shell for that user is /bin/bash (it's the last field)17:49
sylarioIt seems my bashrc is full of config for color prompt, yet <hen I ssh this server it'sq monochrome17:51
ahasenackthen you will have to trace the login path17:51
ahasenackcheck if ~/.bashrc could be exiting before your NVM_DIR addition17:52
sylariohow do I do that?17:52
JanCsylario: that's usual because the shell on the server doesn't know your terminal can show colours17:57
sylarioIs there something I could put in bashrc or profile to check if they have been run?18:00
sylarioHow do I debug that?18:00
tomreynhave them touch a file in /tmp18:00
JanCthey are just shell scripts, so you can echo something or create a file or such18:00
sylarioI added touch /tmp/profile at the start of profile, i delogged relogged, and the file is not in tmp18:03
tomreynso your shell is probably bash18:03
sylariowhat does that mean?18:03
tomreynhead -n 5 ~/.profile18:04
sylario# ~/.profile: executed by the command interpreter for login shells.18:05
sylario# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login18:05
sylariols -l18:05
tomreynthat's just 2 of 5 lines, but yes18:05
sylarioI  have no idea what I should conclude from that18:06
tomreynso do you have ~/.bash_profile or ~/.bash_login ?18:07
sylarioI have a bash_profile18:07
tomreynwell, as the message on top of ~/.profile you just partially quoted says, if you run bash, then ~/.bash_profile (if it exists) is executed instead of ~/.profile18:08
sylarioso RVM tanked my shell18:08
JanC~/.bash_profile can source ~/.profile18:09
sylariomaybe I can put that in bashrc and delete bash_profile ?18:10
tomreynmaybe. and maybe the script it sources is not compatible with other shells18:11
tomreyn* scriptS18:12
sylarioThanks a lot18:14
sylarioit works!18:14
sylarioI added source ~/.profile18:14
sylarioNow I have coloration in ls18:15
sdezielsylario: hmm, aliases for ls are added in the standard .bashrc on Ubuntu IIRC18:16
sdezielsylario: weird that you had to do anything to get those18:16
sylarioyes, and my bashrc was not run18:16
sylariobecause rvm created a bash_profile18:16
tomreyni think ~/.profile sources bash_rc if run by bash18:16
tomreyni think ~/.profile sources ~/.bash_rc if run by bash18:17
sylarionow I can install node and npm to restart the cursed deployment tool that use npm and bower and node and ember (and bootstrap)18:19
outernationalhowdy. getting "We are currently unable to retrieve the requested key. Please try again later." on https://auth.livepatch.canonical.com/. email is verified.18:20
tomreynsylario: had you considered https://github.com/rvm/ubuntu_rvm18:20
sylarioI should try to do more bash instead of doing python/ruby script18:21
sylario@tomreyn did not knew it existed18:21
tomreynsylario: it's the first thing said under 'basic install' at https://rvm.io/rvm/install18:21
sylarioI installed rvm on this server 5 years ago18:22
tomreynmaybe you followed some other instructions18:22
tomreyni see18:22
tomreyn5 years is when ubuntu goes EOl, hope you upgraded in the meantime18:23
sylarioit's ubuntu 18.0418:23
kstenerud_ahasenack: I'm not sure what I'm doing wrong, but no matter what it always fails with Unable to retrieve CA chain: [Errno 111] Connection refused18:23
ahasenackkstenerud_: did you check /etc/hosts? :)18:23
ahasenackdid you test the forwarder with the dig command?18:24
ahasenackis the output of the hostname command the fqdn?18:24
sylarioIt was an unbuntu 12.04 at first according to the hosting interface18:24
ahasenackkstenerud_: what is on line 13?18:25
kstenerud_Not sure. That got added by one of the apt installs I think18:25
kstenerud_Line 12 is what I added18:26
ahasenackand when you added it, the other one was there alreayd?18:26
ahasenacktry removing 13 again, and reboot. See if it's cloud-init during boot that is adding it18:26
kstenerud_yup it got added after reboot18:28
ahasenackkstenerud_: ok, so it's cloud-init18:29
ahasenackmaybe mine isn't messing with it because I supply a custom user-data to import my ssh key, set my local proxy and local ubuntu mirror18:29
ahasenackkstenerud_: there are a few ways to sort it18:29
ahasenackhammer, and non-hammer18:30
ahasenackhammer is "apt purge cloud-init"18:30
ahasenacknon-hammer is to edit /etc/cloud/cloud.cfg and remove some lines18:30
ahasenackmaybe these 3:18:30
ahasenack - set_hostname18:30
ahasenack - update_hostname18:30
ahasenack - update_etc_hosts18:30
kstenerud_ugh it did it again19:00
kstenerud_hosts is clean. hostname returns fqdn, but I still get connection refused19:00
kstenerud_This is what I'm doing: https://pastebin.ubuntu.com/p/yj35Gp8GSK/19:03
kstenerud_  [13/28]: publishing the CA certificate19:04
kstenerud_  [error] RuntimeError: Unable to retrieve CA chain: [Errno 111] Connection refused19:04
sdezielkstenerud_: it would be nice to see where it's trying to connect. strace/tcpdump should tell you19:05
dpb1DNS/Cert/hosts modifications/FreeIPA, what could go wrong!19:06
ahasenackkstenerud_: do you have cosmic-proposed enabled by any chance?19:07
kstenerud_grep proposed /etc/apt/sources.list returns nothing19:07
ahasenackthe ca server probably failed to start, the logs could tell why, maybe it's obvious in there19:07
ahasenackbut it just worked out of the box for me, in a fresh cosmic vm19:08
ahasenackand your bind9 ppa19:08
sarnoldkstenerud_: note there's also /etc/apt/sources.list.d19:08
kstenerud_I'm running all of this in a uvt-kvm created vm. Everything in that pastebin is exactly what I did, in that order19:09
dpb1can I attempt?19:09
ahasenackwell, we did changes after that pastebin19:09
ahasenackdo you have an updated?19:09
ahasenackah, I see19:09
ahasenacklet me check that19:09
kstenerud_I literally copy-paste that line by line into a terminal19:10
ahasenackdid you test the forwarder with dig?19:10
ahasenackthe one thing we still have different is that I setup a static ip19:11
dpb1/etc/hostname as the FQDN?19:13
dpb1installing from the PPA now19:14
dpb1402 packages19:15
ahasenackdpb1: yeah, freeipa is weird19:15
ahasenackI think it's a redhat bug, and since they develop on rh...19:15
ahasenackkstenerud_: in the meantime, can you try to fetch some logs?19:18
ahasenacklike the install log it suggests19:18
kstenerud_The logs just reiterate the error, and a python stack trace leading to a cli call19:19
dpb1those packages are finished installing19:19
dpb1now next19:19
ahasenackno, something must have failed to start, otherwise there wouldn't be a connection refused19:21
ahasenackcheck /var/log/pki19:21
kstenerud_ok hang on I need to rebuild the vm. Running a static address broke things and I can't get into it anymore19:22
ahasenackyou didn't copy mine bit by bit, did you? :)19:23
dpb1I'm in the magic phase now19:23
kstenerud_It's the same subnet so it should have worked19:23
ahasenackbut I also had a mac address in there19:23
dpb1my cpu is really churning19:23
dpb1it's like I'm on hangouts19:23
ahasenackkstenerud_: careful what you copy and paste from the internet! :)19:24
ahasenackthe mac address isn't needed19:24
ahasenackbut it was there already, so I kept it19:24
ahasenackhttps://netplan.io/examples has a static address config example19:24
kstenerud_oh just to stop it from cycling ips?19:24
ahasenackit's what cloud-init generated for me19:25
tewarddpb1: stop mining bitcoins, that'll solve the CPU usage :P  (just kidding xD019:25
ahasenackit's a filter19:25
ahasenackdpb1: check your /etc/hosts, in another terminal probably19:25
dpb1teward: my nuc has thusfar mined .0000000001 bitcoins, I'm afraid19:25
dpb1kstenerud_: I'm past the 13/28 failure you pasted earlier at least, still chugging19:26
* dpb1 wonders why he has 3 other uvt-kvm machines19:26
dpb1ahasenack: http://paste.ubuntu.com/p/Jv7ZWgGCbT/19:27
dpb1note, the magic is still running.19:27
ahasenackthis thumbs up looks remarkably different from the web page where I copied it from19:28
ahasenackit's even the wrong hand19:28
kstenerud_Doesn't render with the default font19:28
sarnoldI get a nice square box19:29
sarnoldvery solid, sturdy looking19:29
dpb1OK, it's done now kstenerud_ I have a nice 'next steps' screen19:30
kstenerud_using exactly what I posted?19:31
dpb1my uvt-kvm is not virgin, but it's pretty unmodified19:31
kstenerud_mine is whatever the defaults are19:31
dpb1that's the ubuntu font, no clue why the emoji doesn't render19:32
tewarddpb1: black magic from the system perhaps?  (Emoji don't work in a lot of IRC clients heh...)19:32
dpb1teward: ya, I have to admit, I may have done something to get it working.  been a while19:33
tewardi keep having to ask this, is there a way to run package autopkgtests from within a 16.04 system, and if so what's the commands :P19:33
kstenerud_Rerunning the install with a static address and grabbing lunch brb19:33
dpb1(I'm on weechat)19:33
dpb1so terminal comes into play for me19:33
ahasenackteward: there is a bunch (of commands)19:33
dpb1kstenerud_: ko19:33
tewardahasenack: i forget what they are for 16.04's commands, happen to know any of them offhand or where I can find details?19:33
ahasenackteward: you basically need to setup vms or lxds first, and then run the tests in them with an autopkgtest (or adt?) command19:33
tewardi know they cahnged names between 16.04 and 18.0419:33
ahasenackteward: are the executables autopkgtest* or adt*?19:34
ahasenackkstenerud_: do you have that autopkgtest session noted down somewhere?19:34
tewardand LXD isn't much of a problem, I already use it so I can utilize those pretty well19:34
tewardutilize that environment (and build the LXDs for the autopkgtests)*19:34
ahasenackteward: here is an irc session I had with kstenerud_ about autopkgtests: https://irclogs.ubuntu.com/2018/08/17/%23ubuntu-server.html#t16:5919:35
ahasenackjust rename the autopkgtest prefix to adt I think19:35
ahasenackor maybe check if there isn't something in xenial backports19:35
ahasenackkstenerud_: you can put that bind9 mp up I think, with these instructions you have, since they worked for dpb119:36
dpb1ahasenack: +119:36
tewardahasenack: that helped.  But so did this thing I found: https://people.debian.org/~mpitt/autopkgtest/README.running-tests.html19:42
teward(google helps?)19:42
teward(at least to run the basic autopkgtests I need to run)19:42
=== miguel is now known as Guest7814
kstenerud_OK, MP is in. The fact that different uvt-kvm setups can cause app installs to succeed or fail is worriesome, though20:59
ahasenackkstenerud_: maybe we can revisit this one at the sprint. You seem to have gotten it to work yesterday21:00
ahasenackthen today all is failing21:00
kstenerud_yeah :/21:00
ahasenackkstenerud_: please also mention in the MP (description I think: can't think of a DEP3 header for this now) that debian is using the same patch21:02
ahasenackwe are always conserned with adding delta to debian21:02
kstenerud_Oh. I got the patch from fedora. Is it in debian?21:02
ahasenackyou can find a link to debian's patch in salsa.debian.org, bind9 project21:02
ahasenacktimo pushed it to debian21:03
ahasenackkstenerud_: see https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/comments/56 and https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440/comments/5921:03
ubottuLaunchpad bug 1769440 in bind9 (Ubuntu) "freeipa server install fails - named-pkcs11 fails to run" [High,Confirmed]21:03
ahasenackkstenerud_: take a look at some logwatch bugs, see if perhaps many can be killed in one swoop: https://bugs.launchpad.net/ubuntu/+source/logwatch21:10
ahasenackall the "unmatched" types21:10
ahasenackkstenerud_: also, https://code.launchpad.net/~kstenerud/ubuntu/+source/bind9/+git/bind9/+merge/354002 should be against ubuntu/devel, since cosmic isn't released yet21:11

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!