/srv/irclogs.ubuntu.com/2018/10/31/#ubuntu-server.txt

Glorfindel	uhhhhhhhhhhhhghghghg. so. I created a xfs filesystem because I ran out of inodes on ext4, but I've also filled the inodes on this xfs disk. is there any other filesystem I could use that has more inodes?	00:46
sarnold	woah, really?? I didn't realize that was possible with xfs. I thought it was dynamic. heh.	00:48
Glorfindel	wait.... ncdu only reported 16gb used, but df -h shows I used all 20gb?	00:50
Glorfindel	maybe I didn't run out inodes, that would be good	00:50
sarnold	that makes more sense to me :)	00:50
Glorfindel	at the same time though, over 20gb of data to create a tileserver for a map that's kept in a ~200mb database seems a tad excessive	00:50
Glorfindel	7.9 million inodes.... yeah I'm submitting a bug that's ridiculous	00:51
sarnold	I suspect that means whoever made the database design really understood the principles of data normalization! :D	00:55
Glorfindel	lol	00:56
RoyK	and whoever wrote that software, didn't understand that millions of files is generally a bad idea…	00:56
RoyK	Glorfindel: keep in mind that metadata also takes up space	00:57
sarnold	Filesystem Inodes IUsed IFree IUse% Mounted on	00:58
sarnold	srv 12875952530 10 12875952520 1% /srv	00:58
sarnold	oh. don't mind me. I can't read.	00:59
RoyK	12 billion - should be enough for everyone (tm)	00:59
sarnold	:)	00:59
Glorfindel	one would think :o	00:59
sarnold	62 million files on that thing, give or take.	01:00
sarnold	suddenly 8 million for a mineserver map server seems pretty silly	01:00
RoyK	or someone aught to think that 8 million files in a directory (or tree) just means "you nee to use a database!"	01:00
RoyK	need	01:01
Glorfindel	sarnold: wow	01:01
sarnold	Glorfindel: my ubuntu mirror is ~800k inodes.. the unpacked sources are way bigger :)	01:02
Glorfindel	heh, makes sense	01:05
keithzg[m]	Huh, I wonder why multiple VMs of mine (three so far) are running into kernel panics on boot with the latest kernel :/	02:29
sarnold	:(	02:35
RoyK	keithzg[m]: which kernel is that?	02:36
keithzg[m]	Specifically, I'm seeing `Kernel panic - not syncing: VFS: Unable to moutn root fs on unknown-block(0,0)`. Kernel is "4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:58:23 UTC 2018 i686 athlon i686 GNU/Linux"	02:37
mason	keithzg[m]: Ah, sounds like your initramfs files didn't build...?	02:38
mason	keithzg[m]: Can you boot into older kernels and rebuild your initramfses?	02:38
RoyK	update-initramfs -a	02:38
RoyK	perhaps	02:38
keithzg[m]	mason: Yeah that's what I thought, although `sudo update-initramfs -u -k 4.15.0-38-generic` did not fix it.	02:38
keithzg[m]	RoyK: "Illegal option -a"	02:39
mason	-c -k all, isn't it?	02:39
mason	I confuse platforms sometimes.	02:39
mason	Yeah, try update-initramfs -c -k all	02:39
keithzg[m]	Shall do...	02:40
RoyK	keithzg[m]: out of curiousity - what sort of virtualisation?	02:42
keithzg[m]	I wonder if this all has to do with grub2, I got the "GRUB upgrade scripts have detected a GRUB Legacy setup in /boot/grub" message last week and accepted chainloading, intending on actually checking things sometime this week. All the VMs in question are quite old ones I inherited from my predecessor, they started out on at least 10.04!	02:42
keithzg[m]	RoyK: KVM	02:42
RoyK	ok	02:42
RoyK	10.04 is a wee bit old ;)	02:43
keithzg[m]	Yup they've had long lifespans, gone to 12.04 then 14.04 then 16.04 and recently finally 18.04 and a move to an entirely different machine a few months back!	02:43
keithzg[m]	Alas, `update-initramfs -c -k all` did nothing, the VM I tried still kernel panics.	02:44
mason	keithzg[m]: Hrm. I'd want to rip apart the initramfs at this point. Unsure what else to do.	02:44
keithzg[m]	Very oddly, the VM I first noticed this on earlier today worked fine after I rebooted into the prior kernel, applied pending updates, and rebooted again. It's also one of the old VMs.	02:45
mason	keithzg[m]: Make sure your /boot isn't out of space, although I'd think you'd see an error message to that effect when building.	02:45
mason	keithzg[m]: Another less-intense thing might be to delete the new kernel and reinstall, and capture the session in script(1) for further debugging.	02:46
RoyK	if it's out of space, remove old kernels - you may have to truncate some of the files to remove before running apt remove/purge, since apt uses some disk space just to remove things	02:47
RoyK	don't remove them manually - apt will be upset	02:47
RoyK	just run something like	02:47
RoyK	> /boot/somekernel	02:47
RoyK	to truncate it	02:48
keithzg[m]	mason: Yeah, these VMs don't even actually have a separate /boot partition, and / has plenty of space. Funny enough, the VM that recovered had run out of space, and I had initially thought that was a problem. Maybe in fact it was a problem on that VM and the same panic message is actually from a different underlying cause on the other VMs, although that seems like a huge coincidence if so.	02:48
mason	keithzg[m]: The initramfs having issues or being invalid is the most common cause of that error message. Kernel tries to load it and fails.	02:50
mason	keithzg[m]: Might be worth update-grub as well, with a spelunk into the grub config files to make sure it's specifying the right files.	02:51
keithzg[m]	mason: yeah already tried `update-grub`.	02:51
keithzg[m]	Oho, I fixed it on one of the VMs at least; under the presumption that there's some sort of reason why last week that I was still on grub-legacy was flagged during the `apt upgrade` I ran on 'em all, I tried running the suggested `upgrade-from-grub-legacy` and then rebooted. Et voila!	02:53
keithzg[m]	Thank goodness for virtualization, if I hadn't been able to take a quick snapshot before hand it might have been quite a while before I worked up the courage to try that ;)	02:53
mason	Ah, good.	02:54
keithzg[m]	Other failing VMs seem to have been fixed by the same approach. Other than "dpkg-maintscript-helper: error: environment variable DPKG_MAINTSCRIPT_NAME is required" as the last output line, `update-from-grub-legacy` seems to have worked fine and resolved this. Phew!	02:58
n00bee	I upgraded a VPS from 16.04 to 18.04 and now there is no network. The VPS lets me log in via a web console but I can't even ping out from the server. How to troubleshoot?	04:02
n00bee	The outputs for some of the commands are here: https://imgur.com/a/cmqGEfE (sorry it's an image rather than text paste but the webconsole doesn't allow text copy)	04:03
nacc	n00bee: try `sudo systemctl status networking` and if it's off, try `sudo systemctl start networking` ?	04:05
nacc	n00bee: your interface has no IP address	04:06
n00bee	nacc: It's probably worse. It says Unit networking.service not found	04:07
n00bee	*could not be found	04:07
nacc	i might have the wrong service	04:07
nacc	n00bee: try `sudo ifup eth0` ?	04:09
n00bee	nacc: sudo systemctl restart NetworkManager.service ... also not found	04:09
n00bee	nacc: ifup command not found	04:10
nacc	n00bee: you're not on a desktop, so no NM	04:11
nacc	n00bee: ah it would appear that ifupdown maybe got purged	04:11
nacc	n00bee: you have two options, i think, follow what is written here: https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#New_since_16.04_LTS	04:12
nacc	n00bee: apt-cache policy ifupdown?	04:12
n00bee	nacc: apt-cache policy ifupdown suggests it may be installed	04:13
n00bee	wait..sorry..no	04:13
n00bee	installed: (none)	04:13
nacc	systemctl status systemd-networkd	04:14
n00bee	candidate: 0.8.17ubuntu1.1	04:14
nacc	may give you some debugging output	04:14
nacc	yeah, so if you want to keep using /e/n/i you need to have that installed, read the release notes above	04:14
n00bee	nacc: Sorry, what does /e/n/i mean?	04:15
nacc	n00bee: /etc/network/interfaces (which is what ifupown parses)	04:15
nacc	n00bee: sorry, gotta step away, read those docs	04:15
n00bee	nacc: ok. thanks	04:15
n00bee	nacc: So I read the docs and they specify the 18.04 counterparts to 16.04 commands and services. Using that I was able to start systemd-networkd and do the equivalent of ifup eth0. But still no network.	04:55
d-rock	When you say "no network", what do you mean?	04:56
d-rock	Does ifconfig show eth0 up and running?	04:56
n00bee	d-rock: I upgraded from 16.04 to 18.04 today and now have not network. Can't SSH in or ping out.	04:56
d-rock	OK, but "ifconfig eth0" shows that the interface is UP and RUNNING, and shows tx/rx activity?	04:57
n00bee	d-rock: The web console doesn't allow copy paste. Let me take a screenshot of the output of ifconfig eth0	04:57
genewitch	looking for a package (or whatever) that is like pfsense, a web frontend for NAT/router/gateway/firewall.. the simpler the better. I literally just need NAT/dhcpd and i will be running pihole for DNS	04:58
d-rock	I'm on a terminal, so I can't view graphics :)	04:58
n00bee	d-rock: :) so it says flags=4098 broadcast, multicast	04:58
d-rock	That's not up	04:58
n00bee	d-rock but it doesn't say anythign that indicates up or running. All packets RX, TX are 0	04:59
genewitch	also, i have eth1, but it's not getting a static IP, i have /etc/network/interfaces.d/eth1 populated	04:59
d-rock	For reference, my interface: enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500	04:59
d-rock	First, let's see if we can manually configure it	04:59
d-rock	Unless you've already verified that	04:59
genewitch	http://projectftm.com/#pAGR1e0AkCvAlV8xVaYeAA this is the eth1 file	05:00
n00bee	d-rock: OK wait. It is up now. I ran sudo ip link set eth0 up	05:00
n00bee	after that ifconfig eth0 shows up, broadcast, running, multicast	05:01
d-rock	OK, does it have an IP set?	05:01
d-rock	I suspect you'll need to re-ifup	05:01
d-rock	I can't remember the networkd command off the top of my head	05:01
n00bee	d-rock I don't know if it has an IP set. ifconfig does have a line for inet6 but ipv6 is not enabled for the server i think	05:02
d-rock	inet6 will always be set. At the very least, it gets the link-local address	05:02
d-rock	Do you see a line for just plain "inet"?	05:02
JanC	RoyK: a filesystem is a database	05:03
n00bee	d-rock: No line for inet	05:03
* JanC doesn't understand why people don't understand that		05:03
d-rock	OK, can you re-run the networkd command?	05:03
n00bee	d-rock: you mean sudo systemctl restart systemd-networkd	05:04
d-rock	That'll do it	05:04
d-rock	There's another, more surgical command, but I can't remember it	05:04
n00bee	d-rock: That didn't do anything :(	05:05
n00bee	It didn't throw any errors but I still can't ping out. And ifconfig eth0 still doesn't show an inet	05:05
d-rock	Then let's just try to bring this up manually	05:05
d-rock	ip addr add <ip/mask> dev eth0	05:06
buddhirt	some query if anyone knows? i have installed isc-dhcp-server in 18.04. Seems like in 18.04 interface is not auto-up without connecting network cable to client machine, so dhcp server cannot listen to defined interface. Any solution	05:06
n00bee	d-rock: I have the static IP address. and in /etc/network/interfaces the netmast is 255.255.255.0. So you're saying the sommand is ip addr add 192.241.x.x/255.255.255.0 ?	05:07
genewitch	are you freaking kidding me	05:07
genewitch	network configuguration is done through YAML?	05:07
genewitch	come on, guys, seriously	05:07
genewitch	ubuntu drives me batty	05:07
d-rock	genewitch: I kinda had the same reaction when I saw netplan	05:07
d-rock	n00bee: ip addr add 192.241.x.x/24 dev eth0	05:08
n00bee	d-rock: Thanks!	05:08
d-rock	255.255.255.0 is a 24 bit mask	05:08
n00bee	d-rock: OK so now I see that in ifconfig eth0. Now restart systemd-networkd ?	05:09
d-rock	No, let's hold off	05:09
d-rock	Can you ping your gateway now?	05:09
JanC	you don't have to use netplan	05:09
n00bee	d-rock: Web console hung	05:10
d-rock	n00bee: when you set the ip address?	05:11
n00bee	d-rock: yay! i can ping the gateway	05:11
d-rock	Huzzah!	05:11
d-rock	ip route add 0/0 via <gateway>	05:11
n00bee	d-rock : done	05:12
d-rock	Should be able to ping, say, 8.8.8.8	05:12
n00bee	YES!!	05:12
JanC	and netplan makes lots of sense when you have to do cloud configurations	05:12
d-rock	Should be able to reach it from outside, as well	05:12
n00bee	d-rock: yes, it's back online and accessible from the outside as well	05:13
n00bee	d-rock: are these changes going to stick after a reboot?	05:13
d-rock	They will not	05:13
d-rock	But, it does confirm that this is an issue with networkd and/or netplan, not the NIC or network itself	05:14
n00bee	d-rock: hmm...so what should i do	05:14
JanC	or with the netplan configuration ;)	05:14
d-rock	Sure, it could be the config	05:15
d-rock	To be honest, I'm fighting my own battle with 18.04 networking. I ended up just writing a shell script to init things the way I wanted	05:15
JanC	there is a #netplan channel to discuss that BTW	05:15
n00bee	d-rock: I could probably just move stuff out of this server and set up a new one from scratch	05:16
d-rock	I hesitate to project my own experience, but that might be simpler :P	05:16
genewitch	so is there a simple answer? webgui for all the firewall-y stuff in linux? Like pfsense/monowal/ipcop for BSD	05:17
d-rock	In any case, I need to drop off. Good luck!	05:17
n00bee	d-rock: Thanks much. You were a life saver and hero today!	05:18
d-rock	NP, glad I could repay some of the help I've gotten on this channel :)	05:18
JanC	(although e.g. cyphermox is in here too it's easier for them to miss discussions of netplan maybe)	05:18
genewitch	is there a guide to having 3 routable networks under netplan?	05:20
genewitch	i have 10.0.0.0/8 192.168.1.1/24 and WAN	05:20
genewitch	which is technicaly 192.168.42.1/something	05:20
JanC	genewitch: that's exactly the sort of thing you want to ask in the #netplan channel (if it's not in their documentation) ;)	05:23
genewitch	GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH	05:23
JanC	and do you really need a web interface for the firewall? or is a descriptive configuration file also useful?	05:24
genewitch	ubuntu implemented netplan	05:24
genewitch	they broke 10 years of working network config	05:24
JanC	you don't have to use netplan if you don't want to...	05:24
JanC	ifupdown still works if you prefer that	05:24
genewitch	/etc/network/interfaces.d/eth1	05:24
genewitch	doesn't work	05:24
genewitch	this used to be stupidly obnoxiously straightforward, it's taken hours out of my night	05:25
JanC	if you don't have a netplan config and ifupdown is installed, that should still work, I guess?	05:26
genewitch	i have a netplan config but it is complaining about something	05:26
JanC	if not, file a bug report :)	05:26
katamo	genewitch you should be able to `netplan generate --debug` and get more verbose information on what it errors about	05:27
genewitch	http://projectftm.com/#EfzbyVArZW8ykjaekYCE_w	05:28
genewitch	exact same output	05:28
genewitch	Error in network definition //etc/netplan/eth1.yaml line 5 column 17: expected sequence	05:29
JanC	shouldn't addresses take a sequence?	05:32
JanC	simply said: put it between []	05:33
JanC	(I'm not a netplan expert, so this is just a guess, to be fair)	05:34
* katamo had a toddler interruption		05:34
genewitch	yeah that's all working now, but the routes are wrong	05:34
JanC	you have "addresses: [10.0.0.1]" instead of "addresses: 10.0.0.1" now?	05:36
katamo	http://projectftm.com/#FD5qmugC0YFFuZUHIlvuFQ	05:37
katamo	genewitch ^	05:37
katamo	does that get closer?	05:37
katamo	note the use of space between addresses & eliminating the genmask/netmask lines in favor of / address syntax	05:38
genewitch	JanC: yes	05:38
genewitch	i had that originally :-) but it doesn't look right, you know?	05:38
genewitch	a single IP is a /32	05:38
genewitch	katamo: i did addresses: [10.0.0.1/9]	05:40
genewitch	er /8 obviously	05:40
katamo	genewitch I just ran `netplan generate --debug` after copy paste of the link I shared with you. it completed without error	05:41
genewitch	katamo: yes mine works fine too, except i can't ping 10.0.0.2 :-)	05:42
katamo	`ip r \| pastebinit`	05:42
genewitch	i can't do that, because the internet isn't working now	05:43
katamo	fair enough lol. whats the output?	05:44
genewitch	http://projectftm.com/#n3T06ci4QHs35bHBQYdPWQ	05:44
genewitch	lemme if down eth1 this is ridic	05:44
katamo	`ip r del default via 192.168.1.1 dev eth0`	05:44
katamo	for testing	05:44
katamo	or that works	05:45
genewitch	i can ping 192.168.1.1 after running that, but nothing else	05:45
genewitch	default route is for what, internet?	05:46
JanC	default route is for everything that doesn't have a specific route	05:46
JanC	usually that means the general internet ;)	05:47
katamo	Okay, can we get the full output for configs on all interfaces?	05:48
katamo	for one thing in the "routes", your 192.168.1.1 dev eth0 network has no netmask definition	05:48
genewitch	http://projectftm.com/#ZbbJinc8BCQs-wI-SOKPuQ	05:48
genewitch	192.168.1.0/24 is going to be out of band, the only two networks that should be routable outbound are 10.0.0.0 and whatever usb0 is	05:49
katamo	config files. either netplan or interfaces(.d)/* ? sorry I'm not used to reading ifconfig output any more lol. woe is me	05:49
genewitch	the yaml?	05:49
genewitch	eth1.yaml http://projectftm.com/#HKWqhJ0ub1YeoPaZs72tUQ	05:50
genewitch	eth0.yaml http://projectftm.com/#3fWxIdIZ-5dpFLaSRUr-WQ	05:50
genewitch	there's no usb0 in either location	05:50
genewitch	usb0 is brought up with dhclient usb0	05:51
genewitch	i wanna make sure i can still access the internet if i disable eth1.service	05:52
JanC	the output of "ip route" might be relevant...	05:52
katamo	okay. lets do one interface at a time then. that was a good idea. and i'm still hung up on "192.168.1.1 dev eth0"	05:52
katamo	are you okay with bringing all interfaces down, then raising eth1 first? sounds like you're concerned about that.	05:52
genewitch	ip route with `systemctl disable eth1` http://projectftm.com/#bTUtehwmWwosE68B7sj8_A	05:53
katamo	JanC I think we have that output here: http://projectftm.com/#n3T06ci4QHs35bHBQYdPWQ	05:53
genewitch	i can ping both public (4.2.2.2) and private (192.168.1.12) with that setup	05:53
JanC	(remember 'ifconfig' has been deprecated for over a decade and in theory might disappear any day now :P )	05:53
katamo	Okay, we should not have multiple default routes.	05:53
JanC	ah, right	05:54
genewitch	i want eth1 to provide NAT from usb0 to the 192.168.1.1 network	05:54
genewitch	but not via this device	05:54
genewitch	I got a router connected to eth1	05:54
katamo	we're doing routing from this box?	05:54
genewitch	on the WAN port	05:54
genewitch	NAT only	05:54
genewitch	well i guess routing, but i just want to be able to ping 10.0.0.2, 192.168.1.1, 192.168.1.12, 4.2.2.2, google.com	05:55
genewitch	once i am there, i know what to do	05:55
katamo	Okay. can we bring the eth0 down? `ip link set eth0 down` ?	05:56
genewitch	katamo: should i reboot with eth1 enabled first?	05:56
genewitch	and this is going to slow me down since i have to physically access the machine which is not in this room	05:56
katamo	wait a sec	05:57
genewitch	eth1 systemd service is disagbled right now	05:57
genewitch	and everything is working as i'd expect	05:57
genewitch	i know i am rough	05:58
katamo	okay you specifically mentioned every network except the 192.168.1.0/24 dev eth0 network	05:58
katamo	what is the .0/24 network?	05:58
katamo	and why does .1.0/24 have a netmask/24 whereas the 1.1 network has implied /32?	05:59
genewitch	inet 192.168.1.6 netmask 255.255.255.0 broadcast 192.168.1.255	06:00
genewitch	192.168.1.1/24? it's a class C handed out by another router right now	06:00
genewitch	it's out of band	06:00
katamo	admittedly i'm a server engineer not a networking engineer and I deal mostly in virtual networks/servers	06:01
genewitch	yeah this is a unique thing.	06:02
genewitch	It's a SBC with two nics that actually operate at gigabit so i was hoping i could set this up	06:02
katamo	sounds like a fairly complex network for usb nic's?	06:02
katamo	ah	06:02
genewitch	the usb nic is a cellphone	06:02
genewitch	my cellular modem got taken out by lightning	06:02
katamo	oic. cellular gateway?	06:02
genewitch	yes	06:03
genewitch	so usb0 is just going to NAT to eth1	06:03
katamo	I use LXD ubuntu servers as routers with odd nic devices & client wifi radios as wan all day so it should be straightforward	06:03
katamo	hrm	06:03
genewitch	eth0 is just out of band so i can get in if those are down	06:03
genewitch	As i said, i just need to ssh IN to eth0, eth0 doesn't need to route anywhere	06:04
katamo	Okay, do you ssh into it via the 192.168.1.1 or 192.168.42.129 address?	06:04
genewitch	192.168.1.6	06:05
genewitch	.42 is cellular	06:05
genewitch	ip a without eth1 http://projectftm.com/#iXR_MMRn9J7DXpLxooHptQ	06:05
genewitch	all this routes. i can ping google.com and i can ssh in	06:06
genewitch	lemme reboot with eth1 enabled	06:06
genewitch	baby steps	06:06
katamo	Okay http://projectftm.com/#lmhaVjJrGSozjkZ5hIKL0A	06:07
katamo	that accurate?	06:07
genewitch	yes	06:08
genewitch	working networking http://projectftm.com/#loQFlNCyXBQso4LWCf84UA	06:09
genewitch	not working networking http://projectftm.com/#wnB3yyIcgi4U-81DDvd3SQ	06:09
katamo	okay, please amuse me for a sec. can you cp your eth1.yaml to a safe place, then make a new one with copy paste of http://projectftm.com/#OMMBbGahZEd0nkjU5hvALw ?	06:11
genewitch	of course	06:11
katamo	then `ip link set eth1 down; ip link set eth1 up`	06:11
katamo	wait	06:11
katamo	`ip link set eth1 down; netplan generate --debug && netplan apply && ip link set eth1 up`	06:12
genewitch	stand by	06:13
genewitch	ok	06:14
katamo	how's our ping 4.2.2.2 look?	06:14
genewitch	can't ping 4.2.2.2	06:14
katamo	:*(	06:14
genewitch	:-D	06:14
genewitch	From 10.0.0.1 icmp_seq=4 Destination Host Unreachable	06:15
genewitch	so it thinks 10.0.0.1 is the default route	06:15
genewitch	whereas it should be 192.168.42.whatever	06:15
katamo	if its not a route, than remove the gateway line from your .yaml	06:15
genewitch	^	06:15
katamo	wait.... this is.... duh. its trying to use its own interface as the default route	06:15
katamo	shoulda seen that sooner. i'm silly after hours	06:16
genewitch	i'm just happy ssh always works on reboot right now	06:17
katamo	haha no doubt. you shouldnt have to reboot between netplan config changes though	06:18
genewitch	i do anyhow	06:18
genewitch	it's like 6 seconds	06:18
katamo	fair enough then	06:18
genewitch	okay now i can ping 192.168.1.12 (that network) and the internet	06:18
katamo	woohoo!	06:19
katamo	and everything else?	06:19
genewitch	so why is gateway not necessary? does that autoconfigure a route or something?	06:19
katamo	gateway tells the OS that it is a route. IE if there's not an obvious alternate, that is where to pass traffic for up stream nat	06:20
genewitch	everything else isn't set up yet and i imagine the reason i can't ping 10.0.0.2 is that the router that is connected to has "ignore WAN ping" rofl	06:20
katamo	likely	06:20
katamo	cell phones are a pita	06:20
genewitch	if this works it saves me literally $200	06:20
genewitch	so that's why i am so dedicated	06:20
katamo	absolutely! I've used my cell hotspot as WAN for 2 days for fail over	06:21
genewitch	that cellular modem costs a bit, and even that is double NAT - if i have to deal with double NAT i'd rather do it on my software	06:21
genewitch	oh this is my primary internet	06:21
katamo	:O	06:21
genewitch	i'm using my personal cellphone for testing, the actual cellphone is on a windows machine, i'm talking to you on an ubuntu VM in Los Angeles while sitting at a windows desktop in louisiana	06:22
katamo	do what works lol	06:22
genewitch	indeed.	06:23
katamo	genewitch given your use-case can I ping you with a thought out of channel? Its not ubuntu-server specific but relevant	06:26
genewitch	sure	06:26
katamo	ping sent	06:27
=== crimastergogo_ is now known as crimastergogo
ahasenack	good morning	12:19
ahasenack	kstenerud: I still see two issues in d/changelog in https://code.launchpad.net/~kstenerud/ubuntu/+source/tmux/+git/tmux/+merge/357991, not sure if you are still working on that or waiting for another review pass	12:46
ahasenack	xnox: hey, question about a server seed change you made a while ago	12:55
xnox	ahasenack, Which one? ^_0	12:55
ahasenack	xnox: you added both gnupg and dirmngr to server seeds, but gnupg has a depends on dirmngr, is the latter really necessary?	12:56
* xnox does a lot of seed changes		12:56
ahasenack	xnox: https://pastebin.ubuntu.com/p/dnDZDwy8Md/	12:56
xnox	ahasenack, need to check things...... back in the day gnupg and dirmngr got split out and at one point did not have the dep between themselves.	12:56
ahasenack	could be	12:57
xnox	but now gnupg is a metapackage effectively	12:57
kstenerud	ahasenack: I've pushed changes to address that. Do I need to write a comment about it?	12:57
ahasenack	kstenerud: I don't know if just pushing changes sends out an email notification, a ping/comment would be nice	12:58
ahasenack	kstenerud: but I see two other issues there still, I don't think he commented on them	12:58
ahasenack	kstenerud: the bug number is missing a #,	12:58
ahasenack	kstenerud: and the new version number is incorrect	12:58
xnox	ahasenack, right. So i think the change still stands. Albeit redundant now, but was not much so before.	12:58
kstenerud	what should the version number be?	12:59
xnox	ahasenack, this could be made lighter, by replacing "gnupg dirmngr" with "gpg dirmngr gpg-agent"	12:59
ahasenack	kstenerud: check the security team's page with that table	12:59
xnox	ahasenack, but imho having the full gnupg suite of utils is nice.	12:59
ahasenack	xnox: I agree with having gpg and dirmngr for the reasons you stated, I was just wondering if I was missing something since gnupg has a depends on dirmngr	12:59
xnox	ahasenack, any particular reason why you are asking about this? do you want to drop all of gnupg? or does this gnupg-metapackage-of-doom pulling in too much now?	12:59
xnox	ahasenack, when we still had gnupg2 package and were transitioning to the new one, the dirmngr depends was not there.	13:00
xnox	so historical.	13:00
ahasenack	xnox: ok, thanks	13:00
xnox	but i'd want to keep it there, such that it doesn't regress again	13:00
ahasenack	agreed	13:01
xnox	cause to talk to keyservers one needs dirmngr installed.	13:01
ahasenack	yes, the network part	13:01
y1ds	Hello	14:03
y1ds	i`m having some problems with slapd on ubuntu 16.04 and was wondering if someone has some tips	14:04
y1ds	I want to change my admin password but I keep getting inufficient acces errors, something like this http://www.mehic.info/2014/05/rootdn-ldap_add-insufficient-access-50/	14:05
y1ds	but i dont want to go and change those files	14:05
y1ds	ive noticed a few thinfs	14:05
y1ds	in my olcDatabase={1}hdb,cn=config i have an olcRootDN and olcRootPW, this is the password i want to change	14:06
y1ds	but it seems i need to use the creds from olcDatabase={0}config	14:06
y1ds	but in there i only see a olcRootDN, no olcRootPW	14:06
y1ds	i`m reading here https://help.ubuntu.com/lts/serverguide/openldap-server.html	14:06
y1ds	and in the post install chapter i see this command: sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn	14:07
y1ds	this returns No such object (32)	14:07
y1ds	but i see the file strucute that is above in the docs	14:07
y1ds	any clues?	14:07
y1ds	ive tried ldappasswd -Y EXTERNAL -H ldapi:/// -s welkom123 cn=Manager,dc=yo,dc=lo	14:09
y1ds	ive tried making an ldiff and trying to put it in using my admin account but im not allowed	14:09
ahasenack	y1ds: do you know the existing password for cn=admin?	14:31
y1ds	well i know the password for manager, wich is the rootdn of the database, but not of the config	14:33
ahasenack	y1ds: try this example:	14:35
ahasenack	ldappasswd -x -D cn=admin,dc=lxd -w secret -s newsecret cn=admin,dc=lxd	14:35
ahasenack	-w: existing password	14:35
ahasenack	-s: new password	14:35
y1ds	that doesnt work	14:35
ahasenack	-D: dn of the admin	14:35
ahasenack	it does, I just did it	14:35
ahasenack	cn=admin,dc=lxd: dn whose password you want to change (same as -D for this casE)	14:35
ahasenack	note I provided the existing password	14:36
y1ds	yes i tried that	14:36
ahasenack	because the acl for the userPassword attribute reads, among other things: by self write	14:36
ahasenack	root@xenial-foo:~# ldappasswd -x -D cn=admin,dc=lxd -w secret -s newsecret cn=admin,dc=lxd	14:36
ahasenack	root@xenial-foo:~# echo $?	14:36
ahasenack	0	14:36
ahasenack	I jsut did it	14:36
y1ds	sec	14:37
ahasenack	there are two admins here, btw	14:37
ahasenack	one is for the cn=config db, the other is for the dc=lxd (or whatever domain you have) db	14:37
ahasenack	my line above changes the pw for the dc=lxd suffix	14:38
y1ds	ldap_bind: Invalid credentials (49)	14:39
ahasenack	then -w has the wrong password	14:39
ahasenack	or -D is incorrect	14:39
y1ds	it is not	14:40
ahasenack	to change olcRootPW in the cn=config db (for the olcRootDN "user"), you need ldapmodify, not ldappasswd	14:40
ahasenack	ldappasswd only changes the userPassword attribute	14:40
ahasenack	try ldapwhoami with the same -D and -w	14:41
y1ds	ldap_bind: Invalid credentials (49)	14:41
y1ds	yeah i tried changint it with ldapmodify and an ldiff	14:42
y1ds	but i think the problem is that i need to be the root of olcDatabase={0}config	14:42
y1ds	there is also a olcRootDN in there, namely cn=config, but not a olcRootPW	14:43
y1ds	yeah what you say aboce	14:43
y1ds	above	14:43
ahasenack	it's not clear to me which password you want to update	14:44
y1ds	i think i need to be the one for the cn-config db, but that one does not have a password	14:44
ahasenack	RootDN is the admin of the database, and it doesn't have to have an entry in the directory	14:44
ahasenack	its password is RootPW	14:44
ahasenack	that's like the old rootpw setting in the old slapd.conf	14:44
ahasenack	you need an ldapmodify operation to change that, authenticated with -Y EXTERNAL	14:44
y1ds	well, i want to change the password for the admin user of the dc=blabla, but i think i need the password for the admin of the cn=config db	14:45
ahasenack	you don't have the existing password corresponding to the userPassword attribute of cn=admin,dc=blabla?	14:45
y1ds	yes i do	14:45
ahasenack	then prove it with ldapwhoami, using that DN and password	14:46
y1ds	ah yeah that works	14:47
y1ds	made a typo before	14:47
ahasenack	in this example, https://pastebin.ubuntu.com/p/QjbPKCSkRZ/, you want to change userPassword from cn=admin,dc=lxd in line 24?	14:47
ahasenack	for the example above, it would be: ldappasswd -x -D cn=admin,dc=lxd -w <existingpassword> -s <newpass> cn=admin,dc=lxd	14:48
ahasenack	that treats cn=admin,dc=lxd just like any other entry, nothing special about it being admin, because you are binding as the entry itself	14:49
ahasenack	if you didn't have the existing password, then you would have to bind as the rootdn, and that password is rootpw, defined in the cn=config suffix	14:49
ahasenack	confusing, agreed	14:49
ahasenack	I'm not a super fan of this cn=config structure	14:49
y1ds	ah okay no but its differentin my setup	14:52
y1ds	the admin is not a user	14:52
y1ds	it is the rootdn in the cn=config	14:53
ahasenack	ok, then you need an ldapmodify operation on cn=config	14:53
ahasenack	something like	14:53
ahasenack	sudo ldapmodify -Y EXTERNAL -H ldapi:///	14:53
ahasenack	then feed it	14:53
ahasenack	dn: cn=config	14:53
ahasenack	changetype: modify	14:53
ahasenack	replace: olcRootPW	14:53
ahasenack	olcRootPW: <newhash>	14:53
ahasenack	I think the dn in this example is wrong, locate the right one by dumping with slapcat -n 0	14:54
ahasenack	y1ds: https://pastebin.ubuntu.com/p/SBZMKGP7Qq/ that set the new password to the plaintext value of "secreT" (no hash: don't do that)	14:56
y1ds	https://pastebin.ubuntu.com/p/zdyQvR2xfk/	14:57
ahasenack	your rootdn is just cn=config?	14:58
y1ds	apperently	14:58
y1ds	i must say i dont know much about ldap, and didnt set this up, im just trying to change some things	14:59
ahasenack	see if this works: https://pastebin.ubuntu.com/p/xHYJjPnh9P/	15:00
ahasenack	note I used slappasswd to generate a hash for "newsecret"	15:00
ahasenack	use whatever password you want	15:00
ahasenack	ah, use sudo ldapmodify, not just ldapmodify, of course	15:01
y1ds	yes	15:01
y1ds	insuficient access	15:04
ahasenack	check if the acls are about uidnumber=0+gidnumber=0, that's when root connects to the ldapi socket and is what we are doing here when calling ldapmodify with sudo and -H ldapi:///	15:06
y1ds	but is my assumption that i need to authenticate as the rootdn from olcDatabase={0}config,cn=config incorrect?	15:06
ahasenack	the acls under cn=config	15:07
ahasenack	well, depends on the acls	15:07
y1ds	uhm how do I check that	15:07
ahasenack	look for attributes olcAccess	15:07
ahasenack	for example, this is what allows that uidnumber=0+... to manage the db:	15:07
ahasenack	olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern	15:07
ahasenack	al,cn=auth manage by * break	15:07
ahasenack	in my example db	15:08
y1ds	okay im gonna check	15:08
ahasenack	access to * by thatgui manage	15:08
ahasenack	"thatguy" being what ldapwhoami returned, in this case	15:08
y1ds	hm I see olcAccess: {0}to * by * none under dn: olcDatabase={0}config,cn=config	15:09
ahasenack	it's the last entry that wins	15:15
ahasenack	I mean, if there was no match before	15:15
ahasenack	so I guess it's the first one that wins	15:16
ahasenack	you go from specific to generic	15:16
y1ds	hm okay well im calling it a day for now thanks for the tips :)	15:24
ahasenack	y1ds: cheers, good luck	15:25
ahasenack	kstenerud: remember you have to explicitly ask for sponsorship in the MP before someone will just tag and upload a package for you	16:41
kstenerud	ahasenack: So I just write "please sponsor this"?	17:01
ahasenack	something like that	17:01
ahasenack	I'd also add the git hash, confirming that's what you want sponsored	17:01
kstenerud	ok	17:01
ahasenack	rbasak: looking at https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1745185 that person could be using that other mysql package that has no "initscripts", right?	18:08
ubottu	Launchpad bug 1745185 in mysql-5.5 (Ubuntu) "If apt-get upgrade is run on mysql server when the server is disabled, the upgrade fails." [High,Confirmed]	18:08
ahasenack	wouldn't be solving the bug, though	18:08
rbasak	ahasenack: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1592669 is related	18:09
ubottu	Launchpad bug 1592669 in mysql-5.7 (Ubuntu) "postinst fails when daemon is not running (or is disabled by policy-rc.d)" [High,Fix released]	18:09
rbasak	ahasenack: apart from that bug (which we've fixed now, not sure about what release the reporter is using), I think that correct behaviour and any bugs in postinsts attempting to restart masked services is down to debhelper.	18:10
rbasak	ahasenack: I'd like to know exactly what Ubuntu release and package version the reporter is reporting against, and exactly how (what command) the reporter is disabling the service. Ie. full steps to reproduce. Until then, Incomplete IMHO.	18:11
ahasenack	that was mysql 5.5, command was systemctl disable mysqld	18:12
ahasenack	which indicates it was...	18:12
ahasenack	trusty	18:13
sdeziel	systemd and trusty?	18:13
* ahasenack wonders that		18:13
* ahasenack does a quick check on bionic fwiw		18:13
sdeziel	bionic didn't ship mysql 5.5 AFAIK	18:14
rbasak	I think that's why he's wondering :)	18:14
ahasenack	I meant I will try a sequence of disable + upgrade on bionic	18:15
sdeziel	oh upgrades could explain the oddity	18:15
ahasenack	worked just fine in bionic	18:21
ahasenack	it got started up again during the pkg upgrade, but was stopped at the end	18:22
ahasenack	failed in xenial	18:24
ahasenack	which also has mysql-server-5.7	18:24
chillage	Good time, i wanna wondering maybe someone have appboxes.co server or maybe some one have server something like appbox?	18:45
ahasenack	I don't	18:51
chillage	You know, my friend got rented server for him from him admins.. ant we don't know how open port at that specific "appbox" (Ubuntu 18.10 VNC) for znc, there are not default firewall i think there are specific firewall..	19:01
chillage	specific firewall	19:02
teward	chillage: well if there's no firewall that you can manage on the server, it'd have to be form the appbox control panel	19:08
teward	and if there's not a firewall there you can control then you have to contact the admins	19:08
chillage	i'll ask him about control panel, he told me that are desktop and terminal window.. contact with admins who give him server it's little bit dificult because they can't know about znc.. se if we don't found control panel then we try write to appboxes.co a	19:15
chillage	so thank you for help:) nice halloween night then, until	19:17
plm	Hi all	19:26
chillage	good time, plm,	19:42
chillage	ok, i'm away, good luck	19:44
teward	chillage: if they can't know about ZNC, that suggests that it's not permitted on their infrastructure, so you should avoid running it there.	19:59
memphisto	hi, how do i share printscreen here	20:07
sdeziel	ahasenack: I too don't know what acpid is used for these days	20:07
sdeziel	ahasenack: I've be purging this on servers since Xenial IIRC	20:07
ahasenack	heh :)	20:07
ahasenack	that's good info :)	20:07
memphisto	i can't pass the filesystem setup screen , i'm doing manual partition with LVM, /(root)as btrfs , ext4 home...	20:10
memphisto	i'd like to share screenshot but don't know how/where to uplaod	20:10
ahasenack	rbasak: (for whenever you read this) is linux-meta (src) a known git-ubuntu import failure? It's a main package, but not imported	20:11
ahasenack	memphisto: you should upload it somewhere, there are some free image hosting services	20:11
ahasenack	or even dropbox and the like	20:12
ahasenack	google drive	20:12
memphisto	thanks	20:12
memphisto	https://imagebin.ca/v/4L1qdANGnY4j	20:12
sdeziel	ahasenack: I dig a little and found a commit in my puppet stuff: "remove acpid from Xenial VMs (not needed thanks to systemd)" dated Oct 17 10:15:24 2017	20:15
ahasenack	memphisto: is this 18.04 or 18.10?	20:15
memphisto	ahasenack: 18.04.1	20:16
ahasenack	sdeziel: I tried a trusty vm, but could still power it off externally without acpid, so I wasn't sure what was going on there	20:16
ahasenack	memphisto: that looks like a bug, let me give it a try	20:17
memphisto	ahasenack: yes, it looks like it	20:17
ahasenack	memphisto: have you tried 18.10 also?	20:18
sdeziel	ahasenack: interesting, found another note where I concluded that 15.04+ only needed the dbus package to properly handle ACPI signals in KVM	20:18
ahasenack	sdeziel: interesting, I saw dbus messages in the console when I pressed the power button	20:18
memphisto	ahasenack: no, i haven't...i like using only lts	20:18
sdeziel	ahasenack: I may have missed that 14.04 was also OK	20:18
ahasenack	memphisto: that's fine, just checking if it was perhaps fixed in the 18.10 installer	20:18
ahasenack	memphisto: the whole disk is a pv, right	20:20
memphisto	ahasenack: yes	20:20
ahasenack	memphisto: yeah, same here	20:24
ahasenack	memphisto: let me try 18.10 to compare	20:25
memphisto	ahasenack: great, thanks ... for a moment i thought i'm going crazy	20:25
ahasenack	I think it might be because /boot (part of / in this case) is not in its own partition	20:27
ahasenack	verifying that oo	20:27
memphisto	yesss	20:29
memphisto	does it really have to be separate?	20:30
ahasenack	don't know yet	20:31
ahasenack	the moment I add an actual partition for /boot, I can't setup lvm anymore	20:31
ahasenack	yeah, it was /boot	20:34
memphisto	ok, how did you create /boot and lvm ?	20:34
ahasenack	so I think it's bug https://bugs.launchpad.net/subiquity/+bug/1785332	20:34
ubottu	Launchpad bug 1785332 in subiquity "18.04.1 can't put /boot on SW RAID" [High,Triaged]	20:34
ahasenack	memphisto: I created a big partition to hold the PV, and left it "unformatted"	20:34
ahasenack	memphisto: then created the PV in that unformatted partition	20:35
ahasenack	after that I was able to add a /boot partition with the remaining space, outside the pv	20:35
ahasenack	and add the lvs to the vg as usual	20:35
ahasenack	let me share a screenshot	20:35
ahasenack	but the order was important, because the moment you create a /boot partition, the lvm option becomes grayed out	20:35
memphisto	no need, got it	20:36
memphisto	doing it right now	20:36
ahasenack	memphisto: http://people.ubuntu.com/~ahasenack/partitioning.png fwiw	20:36
UsQUE	Anyone did migration from FreeBSD samba dc to Ubuntu Server Samba dc?	20:42
ahasenack	any sort of samba migration sounds hard on its own	20:45
UsQUE	nah I think its pretty easy :P	20:47
UsQUE	just backing up the correct files and restore them back on the new system	20:47
UsQUE	anyone got HyperV server + Samba DC constrained deligation working ?	21:25
compdoc	Hyper-V is too slow for my guests	21:50
nacc	UsQUE: isn't that question for either samba or hyperv?	21:52
nacc	(/ microsoft)	21:52
RoyK	!ask \| UsQUE	23:32
ubottu	UsQUE: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience	23:32
rbasak	ahasenack: it's blacklisted.	23:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!