/srv/irclogs.ubuntu.com/2018/11/07/#ubuntu-server.txt

blackflowbut it's not installed, even on the server that does create /run/motd.dynamic. that'st he key here, what creates that file00:00
rbasakpam_motd creates it00:01
blackflow50-motd-news is apparently creating /var/cache/motd-news, but not /run/motd.dynamic. both are straight files, not a symlink or something00:01
rbasakFrom /etc/pam.d/login and /etc/pam.d/sshd00:01
blackflowno it doesn't _create_ it00:02
rbasakSee pam_motd(8)00:02
blackflowit _displays_ existing file, doesnt' trigger its creation00:02
rbasakNo. Read the man page.00:03
rbasaknoupdate: Don't run the scripts in /etc/update-motd.d to refresh the motd file.00:03
rbasakIOW, don't specify that, and it will update.00:03
blackflowthe server that has /run/motd.dynamic has that too00:04
blackflowso it's not it00:04
blackflowdo I need anything special after changing a pam.d/ config? restart something?00:06
sarnoldI think those changes are picked up by services without restarts00:07
blackflowwelp that didn't change anything. I removed "noupdate" both from login and sshd  pam.d modules. Still no /run/motd.dynamic and no MOTD on login via ssh.00:10
sarnoldtry fatrace or perf trace or something similar? strace might not be fantastic ..00:12
blackflowtrace what?00:12
sarnoldwhichever service you're using for testing00:12
blackflowI'm logging in via ssh00:13
cryptodan_mobileWouldnt motd go in /etc00:13
blackflowon the server installed from server ISO I get motd. On the server I installed from debootstrap, I don't.00:13
rbasakAre you using -Snone?00:14
blackflowand I tried forcign a static motd even, not /run/motd.dynamic,  it doesn't show00:14
rbasakCheck "sudo login -f root"00:14
blackflowthat shows the motd yes00:14
blackflow(twice, even)00:15
rbasakWhat about -Snone?00:15
blackflowwhat is -Snone ?00:15
rbasakTo ssh00:15
rbasakTo make sure you aren't sharing an existing connection00:15
sarnoldhahahahaha00:16
sarnoldoh man00:16
blackflowthere's no other connection and yeah I tried just with -Snone (on the client side), still no motd.00:16
rbasakYou messed with your PAM configuration, didn't you?00:17
rbasakFor ssh but not for login?00:17
blackflowI also don't have that local ~/.hushwhatever   file00:17
blackflowrbasak: just now to force a static /etc/motd since default configured /run/motd.dynamic   doesn't exist00:18
blackflowI touched nothing else in pam config00:18
* rbasak shrugs00:18
rbasakIf it works for login but not ssh it's either in your PAM configuration or in sshd configuration most likely.00:19
rbasakOr how you're using ssh.00:19
blackflowOh I see. Yes it's in sshd config00:19
blackflowUsePAM no00:20
blackflowyay, motd!00:21
blackflowthanks. herp derps like this one are impossible to solve without external input. I went through entire config tempalte twice, didn't see it until now.00:22
sarnoldnice find with UsePAM no.. I certainlywouldn't have stumbled on that quickly :)00:22
sarnold.. similarly to the -Snone, I probably wouldn't have thought of that, either.00:23
cryptodan_mobileblackflow: https://www.tecmint.com/protect-ssh-logins-with-ssh-motd-banner-messages/00:23
rbasakPeople trying ssh for unauthorised access use scripts and will never see a threatening motd. As if that would stop them anyway.00:25
blackflowheh00:26
blackflowk I got my static motd, now to solve the no dynamic motd.... reboot again, changing pam.d/* doesn't change anything (still uses static motd). restarted ssh.service even.00:26
rbasakI suggest you start by removing all your customisations and then add them bit by bit.00:29
blackflowrbasak: there aren't any for pam.d/* or /update-motd.d/*  . Now I can get a static /etc/motd displayed, but if I remove it and switch back pam.d/{login,sshd} to using /run/motd.dynamic (and drop the noupdate flag), I don't get any motd.00:31
blackflowthe part I don't understand is where does /run/motd.dynamic come from. /etc/update-motd.d/50-motd-news is writing to /var/cache/motd-news00:32
blackflowhmm... /var/cache/motd.news is just _part_ of entire motd which shows disk usage, memory,  updates...... now I'm intrigued, what is creating that?00:34
blackflowokay, update-motd(5) explains how /run/motd.dynamic is constructed, but it states it's done by update-motd!  that package is NOT installed, and the manapage is part of libpam-modules package. wth is this witchcraft! :)00:38
blackflowinstalled update-motd package.  now I have /run/motd (as a straight file) but still no /run/motd.dynamic    LOL?00:40
blackflowokay update-motd is red herring, it just sources all the scripts in /etc/update-motd.d/   and outputs to /run/motd   (but not /run/motd.dynamic)00:42
cryptodan_mobileblackflow: did you read my link00:42
blackflowI skimmed through it00:44
blackflowthere's a serious disconnect here between sanity, consistency, manpages and what's actually going on :)00:45
blackflowI think something is wrong with systemd/session/sshd/pam integration in this server that was debootstrap'd. libpam-sytemd IS installed tho'. Thing is, unlike on the server that DOES show dynamic motd, this server does not seem to log same entries of User slice creation01:00
blackflowI think that's it, pam_motd(8) manapge states it's a session module type.01:01
blackflowhrm....... one forced reinstall of libpam-systemd and one reboot later it appears to be working now.01:09
blackflowI'm sure dpkg showed libpam-systemd installed, and I'm sure I rebooted.... a ton of times since enabling PAM for sshd....01:10
blackflowrbasak: sarnold: thanks for suggestions!01:14
sarnoldblackflow: are you all sorted? or just sick of it for the day? :) heh01:16
blackflowsarnold: sorted, I got it working. Now I'll disable it because it's friggin annoying, but the point was to understand how it works. :)01:17
Goopcryptodan_mobile, sarnold, blackflow I think I'm going to try Keycloaker. Only thing is that I have never really used docker before.01:17
sarnoldblackflow: hahahaha <3 that's awesome :)01:17
GoopKeycloak, sorry.01:18
sarnoldGoop: ooh. it looks neat.01:19
blackflowsarnold: it started with people complaining that it uses bit.ly links and I was like "Wait, I don't have that at all"... so naturally, me hating blackboxes, I had to get into that and figure out why I wasn't getting it. UsePAM no. Part of my sshd_config template for years.01:19
sarnoldblackflow: do you recall why you set usepam no in the first place?01:20
blackflow(and there was some derp with this particular machine as reinstallation of libpam-systemd fixed it -- I managed to replicate and confirm by removing the package and reinstalling, UsePAM it is)01:20
blackflowsarnold: not really, it was long time ago01:20
sarnoldI've got memories of setting it once upon a time too, back when it was first introduced..01:20
sarnoldprobably under the "pam looks complicated and underdocumented" gripe :)01:21
blackflowI think it's really jsut about it not being needed on my machines back then and for reasons of simplicitly and less moving parts, I disabled it.01:21
blackflowTruth be told.... I still don't need it, lol. :) it's jsut that now I understand fully the relationship between ssh, pam and motd.01:22
blackflowsarnold: yah that'd be the same gripe that got me disabling it :)01:22
sarnoldblackflow: quick, write it down, before you forget it all again, like me :)01:22
blackflowdid, added a comment in my standard sshd_config template :)01:23
sarnold:D01:24
blackflowand speaking of bit.ly complaints (like bug #1789850) .... I saw http://ubu.one/  shortened link in today's motd. why not use that?01:26
ubottubug 1789850 in update-motd (Ubuntu) "Advertising in the MOTD" [Undecided,Confirmed] https://launchpad.net/bugs/178985001:26
sarnoldthat's just another name for bitly iirc01:30
blackflowwhat is?  ubu.one is owned by canonical, bit.ly is..... LYbian Telecom.01:34
mybalzitchI'm never clicking on another bit.ly link01:35
sarnoldhost ubu.one --> 67.199.248.12 ; whois 67.199.248.12 | grep Organization --> Bitly Inc (BITLY)01:37
blackflowhuh, the plot thickens!01:38
blackflowthere's still that lybian telecom in the play and that's why people dislike it. using just ubu.one would aleviate that.01:39
Glorfindelblackflow: using ubu.one will not alleviate that until canonical stops relying on bitly for their link shortening service :P01:54
blackflowGlorfindel: which is what I sad. use ubu.one instead of bit.ly01:56
blackflow*said01:56
mybalzitchstill bitly infrastructure01:59
Glorfindelblackflow: but using ubu.one is still using bitly, like I just said02:00
sarnoldhow on earth libya's telecom came up with such a useful service I'll never understand :)02:00
blackflowthe telco is registrar only here, bitly is a US company02:02
blackflowI personally don't have an issue with it because it doesn't matter. gubermnts hijacking traffic via faek BGP, TLS CA security based *solely* on those CAs sayin "we swear we won't abuse".    shrug.02:04
blackflowbut I get it why someone would dislike .ly in their MOTD feeds.02:04
cpaelzergood morning06:17
kstenerudI've gotten myself stuck with dput. I uploaded a ppa but not to the right place, and I got a rejection email as a result. Now when I try to upload to the right place:09:51
kstenerud$ dput ppa:kstenerud/xenial-tomcat-resource-names-1606331 tomcat8_8.0.32-1ubuntu1.9_source.changes09:51
kstenerudPackage has already been uploaded to ppa on ppa.launchpad.net09:51
kstenerudNothing more to do for tomcat8_8.0.32-1ubuntu1.9_source.changes09:51
DK2im wanting to apt-get upgrade my mailserver: https://paste.ee/p/6h6P409:59
DK2im a bit afraid because it says: following new packages will be installed: dovecot-core {..} etc.10:00
DK2however they will also be upgraded10:00
DK2is smth broken here?10:00
ahasenackgood morning11:13
ahasenackrbasak: cpaelzer what shall I do when there have been other seed changes besides the one I did for server? They are surfacing when I re-generate the ubuntu-meta pacakges: https://pastebin.ubuntu.com/p/7VKt2zzWsh/12:46
ahasenack(d/changelog automatically updated by the update script)12:46
xnoxahasenack, that debdiff looks incomplete. first upload to new series must also include updates to update.cfg to switch to the new series.12:48
xnoxahasenack, cause you want this for disco, right?!12:48
ahasenackyes, I did update and commit update.cfg in the git branch, I just didn't update d/changelog with it. It's my first run ever of that script and I didn't know all that it would do12:50
xnoxahasenack, e.g. see the end of http://launchpadlibrarian.net/370085872/ubuntu-meta_1.417_1.418.diff.gz12:50
xnoxahasenack, well, you should paste complete debdiff then =) and you should mention that you are switching to new series.12:51
ahasenacksure12:51
xnox(in debian/changelog that is)12:51
ahasenackI was specifically asking about the results of the update script, which showed to be there are other seed changes12:51
ahasenacki.e., others made seed changes and didn't update the ubuntu-meta package (yet?)12:52
ahasenackI should probably wait for disco to be opened12:52
cpaelzerahasenack: it is usually fine and correct to pick those changes up12:58
cpaelzerahasenack: the question is more why they ahve not yet been picked up, but for disco the reason is clear if changes are recent12:58
ahasenackyeah, I didn't check how recent12:58
ahasenackbut since the archive is still closed12:58
ahasenackit's moot anyway12:58
ahasenackI'll leave that card in the doing lane together with all the others (or TODO)12:59
rbasakI think people generally leave ubuntu-meta updates to be batched.13:05
rbasak(unless they want to see the results immediately)13:05
ahasenackbut there is no way to upload it with just your changes, right13:09
ahasenackignoring the other seed changes13:09
ahasenackit's not how it's supposed to be done, I mena13:09
ahasenackmean13:09
rbasakRight13:10
shubjero# timedatectl15:29
shubjeroFailed to create bus connection: No such file or directory15:29
shubjeroanyone see this before? just trying to use timedatectl on a vanilla ubuntu 16.04 server. no docker containers or anything going on...15:29
setuidconnect(3, {sa_family=AF_UNIX, sun_path="/run/dbus/system_bus_socket"}, 29) = 015:30
openfireshubjero: apt install dbus15:31
setuid^^ shubjero15:31
shubjeroit appears to be installed already15:32
shubjerodbus:15:32
shubjero  Installed: 1.10.6-1ubuntu3.315:32
shubjero  Candidate: 1.10.6-1ubuntu3.315:32
openfireIs it running?15:33
setuidstrace timedatectl15:33
setuidSee what it's failing on15:34
TJ-shubjero: check /var/log/syslog - look for the dbus service starting, and any apparmor messages (especially DENYs)15:34
shubjerohttps://paste.ubuntu.com/p/BvVBCX38tt/15:35
shubjeroyeah the service wont start and i dont see any apparmor about denying it15:35
TJ-shubjero: you'd expect something like this https://paste.ubuntu.com/p/G3fCmQc2ns/15:35
openfire"failed to create bus connection" generally implies that dbus either isn't installed or failed to start.15:35
TJ-shubjero: does "/var/run/dbus/system_bus_socket" exist?15:36
openfireYou could just check dbus' service status via systemctl.15:36
shubjerohmm yeah dbus isnt started and wont let me start it15:36
openfirejournalctl -u dbus |& curl -F c=@- https://ptpb.pw15:37
shubjerohttps://paste.ubuntu.com/p/QCcK2t3tpX/15:37
openfireOr that.15:37
openfireAny error messages in 'journalctl -u dbus'?15:38
shubjerono entries15:38
shubjeroi have a fleet of compute nodes and two of them are behaving this way.. so its nice to be able to compare working / not working15:39
shubjerojust not sure why these two are misbehaving :)15:39
TJ-shubjero: maybe there's a dbus system-local.conf ?15:42
shubjeroTJ-: /var/run/dbus/system_bus_socket exists on systems where i dont have an issue, but not on the two systems that dont appear to be working properly15:55
shubjeroinfact on the broken systems i dont even have /var/run/dbus15:57
TJ-shubjero: right; that socket is created by the service to listen on. You need to deep-dive into the dbus service/config16:02
shubjeroyeah, fun16:03
shubjerolol16:03
TJ-shubjero: are the hosts supposed to be identical clones?16:04
shubjeropretty much16:11
TJ-which means "no" :D16:14
shubjerohaha well you know how things go16:15
shubjerowe try to manage configs with ansible so things should be changed and configured in the same way16:15
TJ-shubjero: right, so can you do a diff of a good and bad system's /etc/dbus-1/ directories? maybe start with a simple 'md5sum' complare16:19
TJ-shubjero: also /usr/share/dbus-1/16:20
TJ-shubjero: as in "find /usr/share/dbus-1 /etc/dbus-1 -type f -exec md5sum {} \; "16:21
shubjeroapt-install --reinstall dbus16:23
shubjerofixed :)16:23
shubjeroTJ-: thank you for your help & support :), cheers16:23
shubjeroand others :)16:23
smoserrbasak: how do the 'Approved' branches get landed?17:28
rbasaksmoser: I merge and push manually. Then from master I grab the snap from the Jenkins nightly job and upload it.17:36
rbasaksmoser: I was planning to build a snap from the MPs I approved and do a bit of testing first.17:37
rbasak(so using "Approved" as a holding place really)17:37
ahasenackhas anybody else seen this pattern in a cosmic server: https://pastebin.ubuntu.com/p/yHMdN8Dgxc/19:45
ahasenackthe stuck "mount" call19:45
ahasenackit's in this line of code:19:46
ahasenack    ext_partitions=$(mount | awk '$5 ~ /^ext(2|3|4)$/ { print $1 }')19:46
ahasenackfrom, rather19:46
ahasenackwhich I can call interactively just fine:19:46
ahasenackroot@duo:~# mount | awk '$5 ~ /^ext(2|3|4)$/ { print $1 }'19:47
ahasenack /dev/sdb219:47
sarnoldahasenack: try mounting an nfs server and then take away the nfs server19:47
ahasenackbut it's in R state19:47
ahasenacknot D19:47
sarnoldoh. good point.19:48
sarnoldhow'd it get stuck there? :)19:48
ahasenackfd 0 is /dev/null, 1 is pipe, 2 is /dev/null19:48
sarnolddo you have one *currently* stuck?19:48
ahasenackyes19:49
sarnoldYES19:49
ahasenackit's that pastebin19:49
ahasenackusing 100% cpu19:49
sarnoldstrace it?19:49
sarnoldwhat syscalls is this stupid thing doing? :)19:49
ahasenackshows nothing19:49
ahasenackroot@duo:~# strace -f -p 639519:49
ahasenackstrace: Process 6395 attached19:49
ahasenack(stuck)19:49
sarnoldneat. not at all what I expected.19:49
sarnoldltrace?19:49
ahasenackand ctrl-c doesn't kill strace19:50
ahasenackI have to ctrl-z and do some kill %119:50
sarnoldhah. that sure smells like hung NFS..19:50
sarnoldbut again, R. you've got a crazy problem there :)19:50
ahasenackltrace is also silent19:50
sarnoldI bet that strace is still there?19:50
ahasenackI killed it with -919:51
ahasenackand it died19:51
sarnoldokay, that feels like a good sign19:51
ahasenackI can probably kill that mount in the same way19:51
sarnolddon't :)19:51
sarnoldperf top?19:51
ahasenackI've seen it a few times already, I don't think it will be hard to reproduce19:52
ahasenackwhat's perf top?19:52
ahasenackfrom linux-tools-common?19:52
sarnoldahasenack: yes19:54
sarnoldahasenack: here's my favourite perf guide http://www.brendangregg.com/perf.html#OneLiners19:54
sarnoldperf top is just the easiest thing to recall off the top of my head :)19:54
ahasenacksarnold: what it is showing: https://pastebin.ubuntu.com/p/HBsbSDHRCy/19:55
sarnoldahasenack: hrm. I expected it to be spining in userspace.. since strace didn't show an *entry* into a syscall, I assumed it wasn't *in* the kernel. but that perf top output sure looks like something in the kernel is spinning madly19:56
ahasenackhttps://pastebin.ubuntu.com/p/tbH4t2P2rF/ that's the mount process19:56
ahasenackwonder what branches is19:57
sarnoldifeq, ifneq, etc19:58
ahasenackmachine load is 120:01

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!