[07:08] <lordievader> Good morning
[08:47] <victorh> hi guys. is anyone experienced with running ubuntu server on a pci-express solid state drive?
[09:56] <oskie> is it safe to install a new Ubuntu server (bionic) on a public IP, unfirewalled?
[10:02] <TJ-> oskie: lotuspsychje just copied your question to me since I only just arrived. Generally the answer is 'yes' but it can depend on what packages were selected at install time.
[10:07] <TJ-> oskie: E.g. there is usually a package delta between the ISO and the archive now (as bug-fixes, etc. are published) which /theoretically/ may fix vulnerabilities that could be publicly exploitable, but if you follow the usual sys-admin procedure which would be to apply default firewall rules on first boot the time-window for such an attempt would be only a minute or so /and/ an attacker would have to
[10:07] <TJ-> know in advance of the IP address, the exact version being installed, its vulnerability, and be able to launch the attack in a very narrow time window measured in seconds
[10:14] <ahasenack> good morning
[10:25] <victorh> morning
[10:29] <victorh> oskie: the default settings for the iptables is that none of the ports are open except for standard services as ssh. but for that matter the root account is also disabled.
[10:29] <victorh> so you should be fine, but it is not recommended
[10:29] <victorh> of course it is best so set up everything exactly how you'd like it before hooking it up to the bad and evil interwebs
[10:30] <victorh> for the newcomers: is anyone experienced with running ubuntu server on a pci-express solid state drive?
[10:37] <lotuspsychje> victorh: do you have one, or think to buy one
[10:44] <vlt> victorh: There are default iptables settings on Ubuntu server?
[10:46] <blackflow> there aren't
[10:46] <blackflow> there's uwf present iirc, but the iptables chains are of default policy ACCEPT with no rules
[10:46] <blackflow> *ufw
[10:56] <victorh> lotus: i have one. somehow its not working well with the pci-express active state power management
[10:57] <lotuspsychje> victorh: can you provide us a link of your ssd, volunteers might have ideas
[11:00] <oskie> TJ-, victorh thanks
[11:01] <TJ-> victorh: there are quite a few bugs arouund ASPM, there is an option to disable it in-kernel
[11:01] <oskie> I'm installing bionic from the live server ISO. Does it require an internet connection
[11:02] <oskie> ? I can't seem to continue from network config because it times out.
[11:10] <victorh> tj-: how you can check if it's disabled. I also tried to set it to performance, but in /sys/module/pcie_aspm/parameters/policy it still says default
[11:12] <TJ-> there's a boot-time kernel command-line option "pcie_aspm=off"
[11:12] <TJ-> victorh: you could use that as a diagnostic aid to prove if ASPM is definitely the cause
[11:12] <victorh> TJ-: yes, and it's set in the grub right?
[11:13] <TJ-> victorh: yes, you can set it manually at boot-time by tapping Esc key to get to GRUB boot menu and editing the boot entry's command-line, or set it permanently via /etc/default/grub GRUB_CMDLINE_LINUX=
[11:14] <victorh> TJ-: i've set it in the cmdline_linux_default
[11:14] <TJ-> victorh: and do "sudo update-grub" of course!
[11:14] <victorh> now it's "pcie_aspm=performance"
[11:15] <victorh> haha yes of course. easy to forget though
[11:15] <TJ-> I don't see "performance" as an option, only "off" or "force"
[11:15] <victorh> $ cat /sys/module/pcie_aspm/parameters/policy => [default] performance powersave
[11:15] <TJ-> victorh: see https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
[11:16] <victorh> TJ-: Thanks
[11:16] <victorh> i'll hook up again when I have more info
[11:16] <victorh> *afk going for lunch
[12:29] <tobias-urdin> coreycb: are canonical publishing stein packages? it's hard working with centos packages based on master and ubuntu rocky packages
[12:29] <tobias-urdin> also do you know if there is any effort on debian based packaging for moving out placement?
[13:15] <victorh> tobias: no idea, sorry
[13:32] <coreycb> tobias-urdin: yes but i don't think it's been tested much. you'll have to do this to enable for now: https://paste.ubuntu.com/p/ZnGZq2HVBt/
[13:32] <coreycb> tobias-urdin: note that we've dropped py2 packages for stein
[13:32] <coreycb> tobias-urdin: and yes, we're aware of placement but haven't created the package yet. hopefully will get that done soon.
[13:41] <tobias-urdin> coreycb: ok thanks, we are working on py3 for the puppet projects where RDO is also working on porting the packages to py3
[13:42] <tobias-urdin> there is effort to move placement out of nova as well, that why i asked, since it's hard to perform unless both has moved out to separate packages
[13:42] <coreycb> tobias-urdin: ok yes. i'll make placement a priority for this week.
[13:43] <coreycb> tobias-urdin: yay py3 :)
[13:43] <tobias-urdin> thank you coreycb!
[15:03] <faekjarz> Hi! Is there any boot option, or installer option, command line switch, that causes the alternate server installer (18.04.1 / LTS) to not setup any SWAP?
[15:04] <Slashman> hello, where can I ask about the ubuntu certification for Dell servers?
[15:05] <Slashman> previously I saw that the Dell R6415 was certified with ubuntu and now it seems it's not anymore
[15:05] <sdeziel> faekjarz: there should be a swap *file* in the root, no?
[15:06] <Slashman> in fact this server is completely gone from the ubuntu website https://certification.ubuntu.com/server/models/?query=R6415
[15:06] <sdeziel> faekjarz: what do you get from "swapon -s"?
[15:10] <faekjarz> sdeziel: in this case it's not relevant whether it's a file or a partition. The installer sets up swap, and i want to tell it not to do it. (i know, i can disable it later, but that's not the problem i intend to solve right now.)
[15:11] <sdeziel> faekjarz: oh OK, that's not what I understood, sorry
[15:12] <faekjarz> no worries
[15:55] <faekjarz> i could use btrfs; afaik, there's no swap allowed on btrfs …and the installer would comply
[16:00] <faekjarz> i stand corrected, just tested it and the alternate server installer creates a swap file on a btrfs m)
[16:45] <lordcirth> Can someone familiar with netplan tell me why this seemingly simple config doesn't work?  It works without the bridge, but the moment I add the bridge, it stops working.  Regardless of whether I put the address on the vlan or bridge.  Thanks!
[16:45] <lordcirth> http://paste.ubuntu.com/p/hT3f7BGpCs/
[16:46] <compdoc> are the bridges used for kvm?
[16:46] <compdoc> oh, vlans
[16:48] <lordcirth> For lxc, similar
[16:49] <lordcirth> We have 16.04 IaaS systems that have a 10Gb/s link with various dotted interfaces, each with a matching bridge, which lxc containers get attached to.  Works great. Trying to move to 18.04/netplan and it all breaks
[16:49] <lordcirth> Also we don't normally need an address on the lxc interface, but this machine does.
[16:50] <compdoc> I had problems too, but found that everything worked if I used netplan for the interfaces, then added the bridges in /etc/network/interfaces
[16:50] <compdoc> in 18.04
[16:52] <lordcirth> Well that's a bit odd
[16:54] <cyphermox> lordcirth: try something like this: https://paste.ubuntu.com/p/4WJZQ8DTCp/
[16:54] <cyphermox> if you define the physical interface by mac address it helps networkd do the right thing
[16:55] <lordcirth> cyphermox, ah, ok, I was about to ask what the key difference was.  I will try, thanks
[16:55] <cyphermox> the key diff is really the fact that there's a "match: macaddress: " for the physical device
[16:57] <lordcirth> cyphermox, should I use a custom name instead of enp0s8?
[16:57] <lordcirth> Does it matter?
[16:58] <cyphermox> nope
[16:58] <cyphermox> use whatever you want
[16:58] <cyphermox> in there I was testing more things
[16:58] <cyphermox> this is a config I have in production, but I do use that server to test some of the hairier configs
[16:59] <lordcirth> does rebooting without running 'netplan apply' apply things, or do you have to run it first?
[17:03] <cyphermox> rebooting always applies whatever is in the file
[17:03] <cyphermox> 'netplan apply' is just for if you want the changes to take effect immediately
[17:46] <xnox> jamespage, openstack-dashboard & ceph => are they switching to python3 by default and/or what is that blocked on?
[17:46] <xnox> i've tried looking into it, but failed to establish the missing parts.
[17:50] <lordcirth> cyphermox, so, I switched to matching on mac, and now it gets stuck on boot trying to bring the network up for ages, then it boots and works.  I'm confused
[17:55] <cyphermox> lordcirth: maybe run 'systemd-analyze blame' to see what is taking up time
[17:56] <lordcirth> cyphermox, 2min 66ms systemd-networkd-wait-online.service
[17:58] <lordcirth> syslog: systemd-networkd[465]: enp0s8: Link is not managed by us
[17:58] <lordcirth> That's odd
[17:58] <lordcirth> Does netplan rendering to networkd not count as managed by networkd?
[18:04] <cyphermox> probably a red herring unless you do DHCPv6
[18:08] <lordcirth> Ok.  Not sure how to track down the error
[18:18] <lordcirth> cyphermox, hmm, networkctl status -a shows br10 as "nocarrier: configuring" and the vlan tagged iface doesn't exist
[18:22] <lordcirth> enp0s8 is 'off'
[18:23] <cyphermox> that certainly won't help
[18:24] <cyphermox> you'll want to check your config, but also if the device is correctly connected, etc.
[18:24] <cyphermox> not much else I can help with; this depends a lot on your hardware and networkd
[18:24] <cyphermox> *network
[18:25] <lordcirth> It's in virtualbox, actually.  The virtual network is quite standard and functional
[18:34] <teward> does anyone know what the default I/O scheduler settings are for Ubuntu?
[18:34] <teward> Ubuntu Server*?
[18:34] <teward> I accidentally posted this in the wrong channel sorry for the crosspost
[18:36] <sdeziel> teward: grep CONFIG_DEFAULT_IOSCHED /boot/config-$(uname -r), says cfq here
[18:38] <sdeziel> teward: you might want to check /sys/block/$DEV/queue/scheduler as some dev type use a different scheduler (virtio == none)
[18:45] <teward> sdeziel: ack, #ubuntu-devel gave me some of the info too heh
[18:45] <teward> thanks
[18:45] <sdeziel> np
[18:52] <jamespage> xnox: tbh I think I'm just going to drop the py2 support from ceph and switch over to py3 wholesale
[18:52] <jamespage> xnox: coreycb is workingon the dashboard + plugins but it needs a new package to complete
[18:54] <coreycb> yep working on that right now (django-debreach for horizon)
[19:06] <xnox> jamespage, what about cloud-archive? are backports into that going to use py2 or py3?
[19:07] <xnox> coreycb, ooooh, nice.
[19:07] <jamespage> xnox: py3
[19:07] <xnox> ok
[19:45] <lordcirth> cyphermox, I'm trying netplan 0.40 from ubuntu-proposed, in case it's related to the bug...
[19:49] <lordcirth> Doesn't seem to have helped
[20:07] <lordcirth> cyphermox, so brctl show says the bridge has no interface.  adding 'vlan10' works perfectly and ping starts working.  Any idea why netplan refuses to connect br10 to vlan10?
[20:18] <cyphermox> lordcirth: not without looking at the full config
[20:18] <lordcirth> cyphermox, what files do you need?
[20:19] <cyphermox> anything in /etc/netplan
[20:20] <lordcirth> cyphermox, 10-tagged.yaml: http://paste.ubuntu.com/p/XZyrc4cPdf/
[20:21] <lordcirth> 01-netcfg.yaml: http://paste.ubuntu.com/p/pw3j3pbnPz/
[20:21] <lordcirth> That's all
[20:22] <lordcirth> I've also tried with and without /etc/systemd/network/50-netplan-brup.network: http://paste.ubuntu.com/p/fVNXdgB954/
[20:25] <cyphermox> lordcirth: I guess missing dhcp4: no  dhcp6: no  accept-ra: no for vlan10
[20:27] <lordcirth> cyphermox, no change
[20:28] <cyphermox> ok, then let's look at the files in /run/systemd/network
[20:29] <TheBloke> Hi all. I have an Ubuntu Server system with two 3TB disks. Currently only one disk is in use.  Is it possible to convert this to an LLVM array, without losing data?  The active disk has three partitions (8GB swap, 40 GB for OS, then the remainder for data.)  The second disk is blank (or will be).   Is it possible to activate the second disk as part of a RAID-0 stripe or RAID-1 mirror with the active disk, while preserving the existing
[20:29] <TheBloke>  partitions and data on disk1?
[20:29] <cyphermox> lordcirth: can you send the files to me (cyphermox at ubuntu.com)
[20:30] <lordcirth> cyphermox, does this work? http://paste.ubuntu.com/p/jmHCKwC4xM/
[20:30] <lordcirth> They are fairly short
[20:30] <cyphermox> yeah that works
[20:32] <lordcirth> 'tail -n 100 *' is handy, it puts those headers in automatically
[20:34] <lordcirth> An interesting thing is that if I add the interface to br10 manually, it brings it up automatically, like something was blocking on it
[20:34] <cyphermox> I see nothing wrong with the config
[20:35] <cyphermox> didn't you say earlier than enp0s8 was down initially?
[20:36] <cyphermox> here, assuming you have access to the console and not just remotely, I'd reboot and check what networkd says its state is, whether it is degraded or what, and then the output of 'ip link'
[20:36] <cyphermox> lordcirth: maybe file a bug in Launchpad
[20:37] <lordcirth> Yeah it's a VM on my workstation
[20:38] <lordcirth> networkctl status -a : http://paste.ubuntu.com/p/k37RzBfrRV/
[20:38] <lordcirth> ip link : http://paste.ubuntu.com/p/GwvMtGCC5y/
[20:38] <lordcirth> Anything else?
[20:39] <lordcirth> I'm not even sure where the problem lies, to report it properly
[22:53] <TJ-> lordcirth: I can't compare this locally at present, but in the status output for vlan10 it reports "/run/systemd/network/10-netplan-enp0s8.network" ... I'm wondering if that should be "10-netplan-vlan10.network"
[22:53] <TJ-> lordcirth: what does it show when the interface is up correctly?
[23:05] <blackflow> TJ-: unit filename is not directly related to NIC name (it only matters when overriding through the hierarchy of systemd dirs)
[23:08] <TJ-> blackflow: right, but there is a glitch there so it could be a clue.
[23:09] <blackflow> hrm, possibly yes