/srv/irclogs.ubuntu.com/2018/11/28/#ubuntu-server.txt

DelvienUbuntu server 18.04 - when I lose internet connection it never comes back up. I have to reboot the server.01:37
Delvientried restarting /etc/init.d/networking, nothing01:37
Delvienits not running nmcli, or network-manager01:38
Delviennetplan apply does nothing.01:38
sarnolddon't do /etc/init.d/networking restart -- on 18.04 it'll probably be a harmless no-op, but on previous systems it could wedge the system bad enough that your only solution is to reboot it01:39
sarnoldyou'll have to figure out why you're losing networking. find that, then you can probably start on a solution.01:40
Delviensarnold: i lost internet connection because i was working on my firewall, however internet access should come right back up automatically, and its not01:55
sarnoldDelvien: how were you testing that you didn't have internet access?01:57
Delvienping, curl to a url01:58
Delvieni had LAN, but no WAN01:59
Delvienguess i should of been more specific01:59
sarnoldwere you pinging IPs or DNS names?01:59
sarnoldwhat does 'ip route get' show for IPs off your network?02:00
Delvien10.10.10.1 dev ens160 src 10.10.10.12 uid 100002:00
Delvien    cache02:00
Delvienfrom using 10.10.10.102:00
Delviensarnold so is there anyway i can fix this? I cant have it no automatically connect back if WAN drops.02:07
Delviencant have it not*02:07
sarnoldDelvien: sorry, I expected more results and popped back to code review..02:07
tewardjust a stupid question, but I did a clonezilla clone from a 256GB cruddy Samsung NVMe disk to a 512GB nice Samsung NVMe disk, but `efibootmgr` among others list UEFI as the original 256GB disk, is there a way to update the metadata for that EFI data via command line to reflect the newer disk?02:07
sarnoldDelvien: so that one bit you've got there shows me that you can route to a local address, but doesn't say anything about how you get to a remote address ..02:08
tewardasking here since I seek solely CLI options and I have a similar setup in a *new* server that's going to have the same problem once I finish the cloning of data over02:08
Delviensarnold: well im speaking to you from that same server, so02:09
tewardsarnold: would it helpt o have their entire `ip -4 route list` ?02:10
tewardwhich shows all system routes including their default.02:10
sarnoldteward: maaaaaybe. normally it's enough to ask for e.g. a route to 8.8.8.8 and make sure that the system uses the same route off the network as the admin expected :)02:11
tewardsarnold: well i have to assume some systems are stupid :P02:12
tewardbecause they never behave the way I expect them to :P02:12
teward'course that happened to me today when I touched the IO scheduler for a few VMs, but this is what backups are for :P02:12
tewardaaaaack more git vulns sarnold how come y'all didn't tell me >.<02:12
teward(unrelated I bother sarnold too often :P)02:13
Delvienthanks for your help, ill do some forum surfing02:13
sarnoldteward: heh, maybe we ought to machine up a plaque for you, "if git doesn't have a vulnerability then systemd does"  :)02:13
sarnoldheh02:13
tewardsarnold: Rule 9000 of the Internet: If a piece of software exists, there's a vulnerability in it.02:14
teward:P02:14
tewardsarnold: i dropped in late was Delvien trying to do autofailover WAN?02:14
teward'cause... i have that working with some pretty hefty evil scripts :|02:14
sarnoldteward: no, he was trying to debug "why his machine didn't reconnect with the internet"02:15
tewardah02:15
sarnoldbut couldn't describe in what way he *wasn't* connected to the internet.02:15
tewardheh, indeed.02:15
sarnoldand didn't bother to answer my questions02:15
sarnoldso02:15
tewardheh02:16
tewardcyphermox: I noticed netplan.io doesn't have any IPv4 and IPv6 examples of the two in conjuction with each other on the same box, would that be a nice example to add under static addressing on the site perhaps?02:53
acuI installed 18.04.1 Server as a virtual machine - and I see cloud init installed and also it seem there are a bunch of scripts - why do I need cloud init ? I run a small kvm server with around 15 virtual machines - so is mostly virt-manager virsh, so I am interested why cloud init launches by default, and what exactly it does ?05:46
bindiyo, installed updates and restarted, sendmail is having some trouble now though06:18
bindiNov 28 08:17:14 meskhenet sm-mta[19739]: My unqualified host name (meskhenet) unknown; sleeping for retry06:20
bindihttps://paste.ubuntu.com/p/ZzXR65ytwN/ is the last bit causing issues maybe? running dnsmasq06:21
bindi127.0.0.1       localhost.bindibox.net localhost meskhenet06:23
bindithis fixed it06:23
bindimind you i havent touched the hosts file in ages06:23
bindiso some package started doing something differently, dnsmasq or sendmail :P06:23
bindialthough now if i use meskhenet locally I get both 192.168.1.1 and 127.0.0.1 as results, not ideal06:24
lordievaderGood morning06:57
lotuspsychjewelcome iron_houzi08:44
iron_houziThanks!08:44
iron_houziI wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space?08:45
lotuspsychjeiron_houzi: ask your issue here, but idle a bit as volunteers might not be all awake yet08:45
iron_houzi^^ - No worries08:46
lotuspsychjeiron_houzi: im not the server expert, but 2G sounds very low to do stuff properly08:47
lotuspsychjeeven on a mini ubuntu install, updates would still take a few space right08:48
sarnolddid you start from a cloud image or a server image? I think I would have expected something smaller..08:48
sarnoldgranted the smallest images I hear about in regular use are 10G..08:48
lotuspsychjeiron_houzi: ^08:54
wyseguyayeoo09:12
lotuspsychjewyseguy: i think this channel might suit you better for tips & tricks on the ubuntu move09:12
wyseguygot it09:12
lotuspsychjewyseguy: re-ask here please09:12
wyseguyso small business is running windows server 2016, they all use thin clients to rdp into the server. their current setup is offsite but they are going to be moving servers inhouse and are interested in linux if possible. Issue is they use quickbooks enterprise (they hate it and want to find something else) dazzle, ups worldship, shipgear, ms office and a few other programs...09:14
wyseguycurious if its possible to switch over the linux, not sure how this will be done with some programs that I believe only run on windows09:14
wyseguylast post here talks about worldship in 2015... https://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/09:15
wyseguyhttps://www.ups.com/lc/en/help-center/technology-support/worldship/system-requirements.page09:16
wyseguyeverything is on ESX, so we can spin up vm's as needed. Thinking maybe we have a "Shipping Room" vm that we put this program on and allow remote access to the program somehow on the linux desktops? ideas?09:17
avuwyseguy: generally, at least some of those programs (like ms office) won't be available on Linux. There are different strategies to cope with this. You can switch to alternatives (like LibreOffice) or you can use VMs either on the users' machines or on a server like you already mentioned09:20
wyseguyavu yes moving to libreoffice would be fine09:20
wyseguyother issue i see if ups worldship wont work on linux either09:20
wyseguyis*09:21
lotuspsychjewyseguy: just for personal interest, can i ask why the move?09:22
wyseguylotuspsychje licensing costs mainly, issues with windows in general, employees causing issues, malware, something more stable09:23
lotuspsychjenice mate09:25
wyseguybut i feel this is going to be an uphill battle unless i can find alternative programs09:25
lotuspsychjewyseguy: ubuntu has tons of alternative packages to play with09:26
wyseguywell main ones are ups worldship, quickbooks and dazzle09:27
wyseguythose are the ones holding me back09:27
wyseguyi looked at odoo (to replace quickbooks) but seems like a money pit09:27
lotuspsychjegnucash perhaps?09:28
lotuspsychjedazzle is for dvr cams?09:28
wyseguythey are pushing 20k different items that they sell, they required quickbooks enterprise for this09:29
wyseguydazzle if for USPS09:29
wyseguyis*09:29
wyseguydazzle = endicia09:29
wyseguyhttps://www.endicia.com/landing-pages/usps-shipping-software?referredby=wgpd&gclid=CjwKCAiAlvnfBRA1EiwAVOEgfId_6WPbEsM6YAyV1d2jTzvbRoAt4-g1XY9-XkUDH55OcEb3_xJXGBoCABIQAvD_BwE&gclsrc=aw.ds09:29
lotuspsychje!info libbusiness-us-usps-webtools-perl09:31
ubottulibbusiness-us-usps-webtools-perl (source: libbusiness-us-usps-webtools-perl): Perl module enabling use of USPS Web Tools services. In component universe, is optional. Version 1.11-2 (bionic), package size 13 kB, installed size 100 kB09:31
wyseguyhm09:32
lotuspsychjeim just poking around a bit09:32
wyseguyill have to look into that09:33
wyseguyya09:33
wyseguyor...09:33
wyseguymaybe have a windows vm that can somehow open a app window on their linux desktop for just that app...09:33
lotuspsychjethats possible too, or wine09:33
wyseguyand the app would be running in windows on another vm, but would need to present the app on the linux desktop as just an app09:34
wyseguywine wont work09:34
wyseguydatabase issues09:34
lotuspsychjewyseguy: these days, there's a lot of available in the cloud too09:34
wyseguyhttps://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/09:34
lotuspsychjewyseguy: so combine ubuntu server/clients with cloud based services and your good to go09:35
wyseguyvery true09:35
wyseguywell...09:35
wyseguyups worldship is a big one09:35
wyseguythey set packages on a scale and press enter, label is printed and next package is put on scale, tons and tons of packages daliy09:35
wyseguyit ties directly to UPS09:35
lotuspsychjewyseguy: perhaps you could contact canonical on that one, see if they have experiences with it?09:36
wyseguythats an idea09:36
lotuspsychje!canonical09:37
ubottuCanonical Ltd. is committed to the development, distribution and promotion of open source software products, and to providing tools and support to the open source community. It is the driving force behind the Ubuntu, Kubuntu, Xubuntu, and Edubuntu Operating Systems. Canonical's website is at http://www.canonical.com/09:37
lotuspsychjeasking is free right09:37
wyseguywell it comes down to more of an issue with UPS i think09:37
wyseguyi believe they require you to use their software09:37
wyseguyis there a way to have an app run on a windows machine and be able to access just that app on a linux vm and "make it look like" its running on the linux desktop?09:38
lotuspsychjewyseguy: do they have webbased/cloud services? perhaps investigate that too?09:38
iron_houziI wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space?09:38
lotuspsychjeiron_houzi: answer the question sarnold asked you09:39
wyseguyiron_houzi you should be able to expand the drive09:39
lotuspsychje!ubuwin | wyseguy perhaps?09:39
ubottuwyseguy perhaps?: Windows 10 has a feature called Windows Subsystem for Linux, which allows it to run Ubuntu (and other Linux distro) userspace programs without porting/recompliation. For discussion and support, see #ubuntu-on-windows or ##windows. For installation instructions, see https://msdn.microsoft.com/en-us/commandline/wsl/install_guide09:39
iron_houziOh? I didn't catch that. Sorry09:39
wyseguylotuspsychje that sounds correct but backwards :p09:40
wyseguyneed it the other way around09:40
iron_houziI know how to "fix" the problem. I'm just checking if there are "Right Way (TM)"'s for keeping the system updated on a 2GB hard disk.09:40
wyseguyi think ill test out play on linux and crossover09:43
wyseguyhttps://www.codeweavers.com/compatibility/crossover/ups-worldship09:44
wyseguyhm.. seems to answer that one09:44
avuwyseguy: since I've seen the mention of libbusiness-us-usps-webtools-perl above: beware of relying on packages in universe. Ubuntu is very unreliable when it comes to providing critical (security) upgrades for such packages.09:49
wyseguygot it09:49
wyseguythanks09:49
=== lotuspsychje__ is now known as lotuspsychje
blackflowiron_houzi: that really depends on what you're installing on it. for example, we do debootstrap based installations, 700M is the base minimum for the bootable server OS.09:53
blackflowhuh... incredible how many important server packages are in universe. just looking at those on our installations. zfs-initramfs, python-virtualenv, uwsgi, munin, netfilter-persistent, busybox, dehydrated (ACME client), dropbear (initramfs ssh to unlock LUKS root), .....10:28
blackflowroundcube is completely neglected, that one I know, I install it from source.10:29
ahasenackgood morning11:06
cpaelzer_kstenerud: I see dovecot is not only green11:12
=== cpaelzer_ is now known as cpaelzer
cpaelzerit also completed migration11:13
cpaelzerhttps://launchpad.net/ubuntu/+source/dovecot/1:2.3.3-1ubuntu111:13
cpaelzershows it as released11:13
cpaelzerthanks11:13
cpaelzerI'll mark nspr and dovecot green on the roadmpa board11:13
cpaelzerif you have any other trackers please update them yourself11:13
kstenerudok11:14
avublackflow: yeah, it can be a bit daunting because you are essentially on your own when it comes to maintaining those packages, Canonical completely pushes the responsibility to the community. Tinc (a VPN package) has had unfixed CVEs since September for example. Canonical doesn't care.11:44
rbasakavu: we can't boil the ocean. Use openvpn if that matters to you, that's in main.12:32
rbasakavu: or, please contribute the fixes!12:33
avurbasak: I just switched back to Debian, somehow they do manage to provide security fixes for their complete archive12:33
rbasakThey have plenty of open CVEs too.12:34
rbasakThey're dependent on volunteers just as Ubuntu is for universe.12:34
avuMy experience when dealing with their security team has been completely different than what I experienced when dealing with Canonical when it comes to universe12:35
avuSure, they rely on volunteers for everything, they actually have processes set up for this where at least one team of those volunteers feels responsible for every security related issue12:35
avuCanonical just dispatches into some ill defined cloud of volunteers and stops caring at that point when it comes to universe12:36
avuthe worst thing about this is, IMO, that they don't do a good job of communicating this. Universe should be disabled by default and when you install packages from it, there should be a warning. It should also be better documented how to curate a list of all packages you have installed from universe12:37
avuBut I guess the marketing folks wouldn't like that12:37
Ussatwhats this about ?12:38
Ussatavu, how about taking some responsibility for researching the software you decide to use ?12:39
Ussatbut ya its alwats easier to blame others12:40
rbasakavu: I think you're conflating Canonical with Ubuntu there.12:40
avuUssat: I do, that's why I tell people to beware when installing packages from universe, which started this discussion12:40
avurbasak: how?12:40
Ussatfree software has issues, news at 1112:41
Ussatyawn12:41
avuUssat: so what's your point? That we shouldn't talk about these issues?12:41
rbasakCanonical doesn't command the volunteers, and in fact has no say whatsoever over them. Debian doesn't have a company to command volunteers either.12:41
UssatNo, but playing the blame game doesnt help anything does it12:42
Ussatavu, my point is if you want something better do something about it12:42
avuI already did, thanks12:43
Ussatya ok12:43
avurbasak: maybe I just missed it, is there some kind of community team that deals with security issues in universe?12:43
rbasakI think you're missing my point.12:44
avufrom what I read and from the responses I've seen on launchpad, it all seemed very vague to me12:44
rbasakUbuntu has it's own governance, that isn't tied to Canonical.12:45
rbasak(except at the top there's a person who wears two leadership hats)12:45
avuSure, that's fine, totally unrelated to my question though, I wasn't trying to say that thi has to be a team designated/created/curated by Canonical12:45
avuI was just interested in the structures or processes that exist to deal with critical bugs in universe because to me it kind of seemed that there are basically none12:46
rbasakIt's down to individual volunteers to care about specific packages in universe.12:47
avuAh, so I was right, okay12:47
rbasakA process like Debian's won't work in Ubuntu because Ubuntu doesn't have individual maintainers for packages in universe that are synced from Debian.12:48
Ussatavu here is a thought, why dont you volunteer to pay somene so they can dedicate all their time to this, do you understand VOLUNTEER12:48
rbasakHowever I think you should look at the actual results, rather than deflecting into comparisons of process12:48
avuIn Debian, there's not only the individual maintainers though, there's also the security team who feel responsible for security issues in *all* packages12:48
avuSomething like that could be created for Ubuntu as well, no?12:48
rbasakI don't think that will work for Ubuntu.12:49
Ussatavu you volunteering to do that ?12:49
avu(And I'm not talking about Canonical paying someone to do that, I'm talking about a community effort)12:49
rbasakThere is a Launchpad team that I think was an attempt to do that, but it is inactive.12:49
rbasakhttps://launchpad.net/~motu-swat12:49
rbasakA community effort still needs volunteers :)12:50
fricklerjamespage: coreycb: could you consider adopting xmltooling into uca? we need a working version for keystone in bionic, and I don't think that 3.0 will be backported from cosmic. https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/177648912:50
ubottuLaunchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed]12:50
Ussatwhat avu is saying is OTHER poeple should volunteer their time do do this, I am content to sit here and complain12:51
rbasakThere are however some very well maintained packages in universe by volunteers. When enough people care about a package, that happens (and we're grateful to them)12:52
rbasakWe of course move the most popular packages into main.12:52
avuUssat: that's in no way what I said, that's just what you read into what I'm saying. All you are doing in fact is spew insults at me without even trying to contribute anything interesting to the discussion.12:52
rbasakI wonder how much that really leaves in universe that is actually a problem for real world users.12:53
Ussatavu, that is exactly what you are saying12:53
rbasakI use ejabberd from universe for example, but keep it confined quite severely with apparmor.12:53
avurbasak: Ubuntu doesn't run anything like Debian's popcon, right?12:53
rbasakUbuntu does have a popcon, but it is not opt-in and so probably isn't that reflective of Ubuntu users.12:53
rbasakEspecially on server I suspect.12:53
rbasakV12:54
rbasakhttps://popcon.ubuntu.com/12:54
coreycbfrickler: can libapache2-mod-auth-mellon be used instead? that is in main and thus has security support for 5 years in bionic.13:11
coreycbwell, i guess longer than that based on recent news13:12
coreycbnot sure of those details though13:12
coreycbfrickler: fyi bug 161028613:13
ubottubug 1610286 in libapache2-mod-auth-mellon (Ubuntu) "[MIR] libapache2-mod-auth-mellon, liblasso3" [Medium,Fix released] https://launchpad.net/bugs/161028613:13
fricklercoreycb: that may be possible, but I don't know enough of the details. I'll forward that suggestion to the keystone folks. or maybe you can add that comment on https://bugs.launchpad.net/keystone/+bug/1802901 yourself?13:14
ubottuLaunchpad bug 1802901 in OpenStack Identity (keystone) "Federation functional job failing on Bionic" [Undecided,New]13:14
coreycbfrickler: sure i'll comment on the bug13:15
fricklercoreycb: cool, thx13:16
ahasenackkstenerud: the samba-eexist ppa needs a newer build, but I will push a bileto ticket for you, so we will also get the dep8 test run done forus13:42
kstenerudahasenack: OK. Do I need to do anything from my end?13:43
ahasenackkstenerud: no, just give me an ok to tag an upload, via a hash, if the tests are ok13:44
ahasenackkstenerud: 4f81d752ad1daac7575255baba1721358d5fa52e I believe is the current head, right?13:45
ahasenackcpaelzer: the "irc nicks" list in bileto, is it comma separated, space separated, or what? It doesn't say13:48
* ahasenack guesses space13:49
cpaelzerahasenack: space13:50
ahasenackkstenerud: if you join #ubuntu-ci-eng, your nick will be pinged with status changes13:50
ahasenackabout this test run13:50
kstenerudoh cool13:51
ahasenackkstenerud: ok to sponsor tomcat8? https://code.launchpad.net/~kstenerud/ubuntu/+source/tomcat8/+git/tomcat8/+merge/35922914:03
ahasenackhash 4d56628304b1c3a940067debbffa71faa712332414:03
ahasenackkstenerud?14:11
kstenerudsec let me make absolutely sure14:11
ahasenackk14:11
kstenerudahasenack: Yes please sponsor14:12
ahasenackk14:12
kstenerudthank you14:12
coreycbjamespage: placement is in the new queue for disco. i'll seed that and get an MIR opened.14:28
talxHello guys,14:36
talxgot a little issue whtn trying to install ubuntu via pxe14:36
talxit fails on the mirror archive selection14:36
talxI've copied the extracted iso file to /var/www/html/ubuntu and I can reach it by using the browser14:37
talxnot sure what I'm doing wrong14:37
blackflowavu: rbasak: problem is, at least some popular server packages should be in main. I mean, if Canonical wants to compete with RH (and judging by Mark's recent "attack" at RH's OpenStack back in May), then Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't.14:44
cyphermoxblackflow: not sure I follow. A lot of popular server packages are in main14:45
setuidblackflow: What do you base this opinion on? "Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't."14:46
blackflowcyphermox: and a lot aren't. and it's not obvious to users that, say, roundcube (the most popular webmail) is pulled once for each ubuntu release and never patched for security for the duration of that release.14:48
blackflowsetuid: from personal interaction with both.14:48
rbasakblackflow: I'm forever dealing with weird customer requests including putting stuff nobody else cares about into main. When Canonical has a customer that wants it it generally happens. So appealing to the business end doesn't really work in an argument.14:48
cyphermoxblackflow: we can't make it more obvious than it currently is. supported things do show a supported: like in apt.14:48
rbasakblackflow: businesses typically don't use roundcube.14:48
setuidEverything you can install on server, doesn't belong in main, and thus, doesn't require or merit the same support as those packages found in Universe.14:49
cyphermoxblackflow: you'll always be able to pick an example of something that is in universe and "popular" given some arbitrary metric. What I'm saying is that when we see something is very popular we often pull them in to main14:49
cyphermoxblackflow: additionally, there is a process through which you can request for something to be put in main14:50
blackflowrbasak: which is beside the point. the point here is that packages like roundcube shouldn't be in official repos to begin with. look at xenial's 1.2-beta-...... with a myriad of CVEs unpatched since Mar 201614:50
setuidIt's also a matter of dependencies14:50
cyphermoxit requires review (I'm part of that review team), and you'll need buy-in from the server team in the case of server packages, but thre is a way to do it14:50
rbasakblackflow: if you care, why haven't you patched it?14:50
cyphermoxavailable in some way in universe is also better than not available at all; we're derived from Debian after all14:51
blackflowcyphermox: I disagree with that tho'. universe is obviously to some extent supported by canonical. I mean why would postgresql-server-dev-10 be in universe if it wasn't.14:53
talxanyone ?14:53
UssatAs someoine who has BOTH RH and Ubuntu in his enterprise, RH's "support" isnt all its cracked up to be14:53
blackflowso the problem here is some packages get support, some don't and generally it's advised to be wary of "universe", is it not?14:53
cyphermoxblackflow: only "supported" in that it's in the archive, we only officially support what's in main.14:54
setuidtalx: What did the console logs show?14:54
cyphermoxblackflow: Ubuntu is not just Canonical, it's the entire community14:54
setuidtalx: alt-left-arrow, activate console, look at syslog14:54
talxI'm in the middle of installation14:54
talxyou are talking about using alt + f3 ?14:54
Ussatits smart to be wary of ALL OSS, no matter where its from14:54
blackflowcyphermox: hence my opinion that it better not be in repos at all, if it's gonna be pulled once in 2016 and never touched again.14:54
cyphermoxblackflow: has it been updated in Debian since?14:54
rbasakThe problem is that the term "support" has always been overloaded.14:54
setuidtalx: No, I'm talking about activating the console, not jumping out of graphical install14:54
rbasakIn Debian, the entire archive is community support.14:54
rbasakIn RHEL, the entire archive is unavailable unless you already pay for support.14:55
Ussatblindly installing in an enterprise is stupid, no matther where its from14:55
blackflowcyphermox: it has been dropped in debian because of lack of maitainer support, for jessie, then reinstated in Debian and yes patched for recent CVEs14:55
cyphermoxrbasak: yeah: universe is community support -- if someone cares enough it will get updated/fixed/wahtever14:55
rbasakIn Ubuntu, you can buy support from Canonical, and in practice I see things in universe updated based on customer request.14:55
rbasakHowever for the general public, main has a support commitment from Canonical and universe doesn't.14:55
cyphermoxrbasak: he has a good point for roundcube, it probably needs a bit of kicking14:55
rbasakThis has always been perfectly clear IMHO.14:55
talxit says Warrning mirror does not support the specified release (xenial)14:55
cyphermoxblackflow: I think the point above all is that we're relatively few employees, can't be expected to care and see everything that happens to every of the 40k+ packages in the archive14:56
cyphermoxso yeah, some things may be dropped, not cared for for a while14:56
talxsetuid: it says Warrning mirror does not support the specified release (xenial)14:56
talxits from /var/log/syslog14:57
rbasakWe have dropped and blacklisted things from universe in the past.14:57
rbasakbitcoin comes to mind.14:57
cyphermoxI'm going to look at roundcube but it's likely been patched in ubuntu, or blocked in the same state because of the drop from Debian ?14:57
blackflowcyphermox: that's understandable, and, again, in my opinion packages that aren't / can't be cared about (for whatever reason) should be kicked out14:57
tewardrbasak: we also had additional reason to blacklist Bitcoin14:57
cyphermoxrbasak: yeah, but we need a good reason to not provide something in the archive at all14:57
tewardbecause hardforks, constant dev, no revcompat, etc.14:57
cyphermoxbitcoin was blacklisted for a good reason :)14:57
tewardyes it was, I was partly involved :P14:57
rbasakcyphermox: I agree that's the current status quo.14:57
* teward still subs to the bitcoin blacklist bugs heh14:58
rbasakI personally sway towards removing things more readily though.14:58
cyphermoxrbasak: I don't think there needs to be any change14:58
blackflowI mean I just came from a meeting with a client whose infra we have to support and who had hard time understanding that half of packages they use are basically unsupported.14:58
blackflow(because "but it's in the repos!")14:58
setuidblackflow: that's not quite valid... 'unsupported' does not mean the same thing as 'community supported'14:58
rbasakFOr example the long tail of PHP reverse dependencies in universe - I feel that it causes far too much effort to maintain these over PHP transitions versus the very small (possibly zero, if they have users at all) user benefit.14:58
cyphermoxthings come in from Debian, why would we decide not balcklist it because it's unmaintained, only to lose it completely and then forget to unblacklist it when it's fixed in Debian later.14:58
blackflowsetuid: for them, it's the same thing :)14:58
setuidYou mean 'Not included in UA Support from Canonical'?14:58
talxsetuid ?14:58
cyphermoxrbasak: I think in all these cases whether something is "popular" or "beneficial to the user" is very subjective.14:59
setuidtalx: Are you installing from a pxe/netboot image? an ISO? and is it correctly xenial?14:59
talxI believe so14:59
* cyphermox goes to have a look at roundcube14:59
rbasakcyphermox: I agree it's a tough call but that's not a reason to make a decision by inaction. Somebody has to make the call.14:59
talxand yes I'm installing from pxe15:00
setuidroundcube is pretty legacy, iirc, last release was 2012?15:00
blackflowlolno15:00
blackflowit's very much alive and supported upstream.15:00
hyperlumic1.3.8 was released on 26 Oct 2018.15:00
setuidhrm, maybe I'm thikning of Squirrel15:00
blackflowyah that's a bit on the ancient side.15:01
cyphermoxblackflow: clearly you're talking about roundcube in xenial15:01
rbasakIMHO, webapps are a poor fit for the distribution model.15:01
blackflowcyphermox: yeah15:01
rbasakwordpress is another example15:01
cyphermoxrbasak: I'm not advocating decision by inaction. I'm saying things are broken doesn't mean they're completely useless15:01
setuidTools like roundcube have a mountain of deps, depending on plugins, php versions, php's own deps, etc.15:01
blackflownot quie15:01
blackflow*quite15:01
cyphermoxand there's a cost-benefit analysis to be made, given that you and I alone can't cover the entire archive15:02
rbasakcyphermox: I think we agree then :)15:02
cyphermoxit's not much effort to remove something from the archive, but it *is* effort if you count that you remove it when it's going to be readded a few months later because the debian maintainer woke up.15:02
setuidapt-rdepends on roundcube shows 650 deps.15:03
cyphermoxand in the meantime, we make such a package useless to those people who might be able to use it, despite whatever issues it might have15:03
blackflowI run roundcube from upstream tarball. all I needed for it is regular PHP from Bionic15:03
setuid158 top-level dependencies15:03
blackflowthose 650 probably come from the full dep tree, including glibc and the core of the core :)15:04
cyphermoxie. if you're installing roundcube internally for a company, behind a firewall, you don't necessarily care much about /some/ of the CVEs.15:04
blackflowcyphermox: not true. recent ones had incoming mail XSS their way into stuff...15:04
talxsetuid: I've deleted everyting15:04
cyphermoxblackflow: I don't know nor use roundcube, it was an example.15:04
blackflowproblem is even if behind the firwall, it deals with data (email) coming from outside of the firewall and is this equally exposed as if it wasn' behind the firewall15:05
talxsetuid: which iso should I use for installing ubuntu 16.04 via pxe15:05
blackflow*is thus15:05
talxhttp://releases.ubuntu.com/16.04/15:05
cyphermoxtalx: server15:05
hyperlumiccyphermox: Assuming that the internal network is more trustworthy than external networks is a fallacy.15:06
cyphermoxhyperlumic: it was an example, without knowing what the CVEs were about15:06
talxoaky downloading15:06
blackflowcyphermox: aka uneducated opinion ;)15:06
talxdoes anything have a good manual for setting up pxe ?15:06
cyphermoxno.15:06
hyperlumiccyphermox: I understand that, but the notion itself is incorrect.15:06
cyphermoxtalx: yes15:06
talxgoogle gave me just troubles15:06
tewardtalx: there's an ubuntu wiki article on pxebooting15:07
talxorly15:07
talxI'd like to have the link for it if possible15:07
tewardtalx: i assume you mean PXE boot the installer15:07
talxyea15:07
tewardhttps://help.ubuntu.com/community/PXEInstallServer15:07
cyphermoxblackflow: not uneducated. if it doesn't do auth quite correctly, you might not care that much15:07
tewardhttps://wiki.ubuntu.com/UEFI/PXE-netboot-install15:07
cyphermoxXSS, you obviously should care.15:07
talxthank you15:07
tewardone or both of those, talx15:07
tewardhavent tested either but they're there so15:08
talxyou are awesome thanks15:08
tewardnah I just have google-fu ;)15:08
blackflow(uneducated in the way you said you didn't use it (and thus have no experience with what it does and what the vectors are) and dint' know what the usual CVEs for it are, and yet you had an opinion that it's okay to run it behind a firewall)15:08
tewardcyphermox: not sure if you saw my message last night, my ZNC derped and didn't send me scrollback today - would a combo IPv4 and Ipv6 static config example be nice to have for the netplan examples on netplan.io?15:08
tewardbecause I didn't see any v6 examples :P15:08
tewardhad to go digging in documentation15:08
cyphermoxteward: yes, I saw15:08
tewardhad to go digging in documentation to find how15:08
talxhmm15:09
cyphermoxit's fine to add in the addresses: array15:09
talxI've fast read it, it looks great15:09
tewardcyphermox: yeah that's what i discovered digging in the docs.  :)15:09
cyphermoxteward: as for the website, I'll fix it when I next upload I guess15:09
tewardcyphermox: ack, no problem or rush :)15:09
cyphermoxI need to see if I can still fix it easily or if it's paperworks ;)15:09
tewardheheh15:11
=== crimastergogo_ is now known as crimastergogo
leftyfbIs there some solution from Canonical that will generate and possibly deploy(not as important) an ubuntu and run post-install on it? I know all about MAAS but that doesn't really fit our needs.15:48
rbasakleftyfb: you're going to have to be more specific, otherwise my answer is going to be MAAS.15:53
leftyfbRight now we're booting via PXE, doing a d-i install, some basic post-installation via kickstart and then a post-post install on next boot via a script pulled down during the kickstart15:57
leftyfbThe first step is to get away from d-i.15:58
xnoxleftyfb, MAAS does PXE boot, blasts a preinstalled squash image on disk, and can run arbitrary post-installation scripts / stuff, i.e. via trivial cloud-config/cloud-init yaml specified hooks.16:06
xnoxleftyfb, neat thing it's just $ apt install maas16:07
xnoxleftyfb, it's based on preinstalled/bootable cloud-images and curtin.16:07
xnoxleftyfb, is this for servers? desktops? cloud? baremetal?16:07
leftyfbrobots16:13
leftyfbmoving robots only accessible via wifi once the NUC is in the robot16:14
leftyfbthe initial deployment is fine to rely on ethernet16:14
lordcirthOn 16.04, we have a network setup like so: eth1 -> vlan10@eth1 -> br10.  LXC containers attach to br10 or other bridges and get put on the right VLAN.  I can't get this to work in systemd-networkd on 18.04.18:00
lordcirthDoes anyone have a similar setup they could paste?18:03
lordcirthnevermind, figured it out.  The bridge needs VLANFiltering=false, and have the same MAC as the physical interface.18:36
coreycbjamespage: ok i've pushed the placement seed. fyi i didn't add breaks/replaces as nova still has placement code.19:40
Epx998Should I see an amd64 version of a iso in -> http://cdimage.ubuntu.com/ubuntu/releases/16.04/release/19:56
sarnoldEpx998: http://releases.ubuntu.com/16.04/19:57
tewardEpx998: releases.u.c, not cdimage.u.c, for standard ISOs :)19:58
tewardas sarnold linked :)19:58
Epx998gotcha19:59
Epx998when the iso installer fails on apt get heh20:25
sarnoldo_O20:26
tewardsounds like internet fail in those cases heh20:27
Epx998its just a cd install20:27
Epx998meh20:29
Epx998must be the network mounted cd image20:30
Epx998hash sum mismatch from the cdrom, ok. guess i can see if i can use ub1820:31
sarnolduhhhh.. how'd that happen?20:32
Epx998who knows20:38
Epx998https://ibb.co/vwLCYvy20:39
sarnoldyikes. memtest86 on that machine?20:42
sarnoldit might not hurt to try mounting the image from elsewhere and manually walking through the InRelease and Packages.gz files to make sure hashes match20:43
Epx998 id just talk them into a working distro ;P got a few to choose from in this lab.20:44
sarnoldthe question is, is the image busted? or your network? or your machine?20:45
sdezielEpx998: have you validated the integrity of the iso with http://releases.ubuntu.com/16.04/SHA256SUMS ?20:46
Epx998issue was duplicated on 3 chassis, going to see if i have issues with rhel7.6 and maybe sles1220:46
Epx998i grabbed the cd off the ubuntu torrent20:46
sdezielhmm, interesting20:46
sarnoldEpx998: I mean in the long run I think you'd be better served by using the cloud images anyway, but if you want to keep using a cd-based installer to get to finished systems, then it'd be worth finding out *why* you've got broken bits :)20:47
Epx998ill grab it off release.ubntu as well20:47
Epx998cd installer was cause the cloud image wasnt grabbing the kickstart, i wanted to see if it was a network issue20:48
Epx998i used the dell lifecycle for fun, maybe that was it20:48
sarnoldyou'd want to use cloud-init instead of kickstart for cloud images20:48
Epx998we typically do not use cloud images20:49
Epx998though i do have a sprint item for working with RH on something cloud based20:49
Epx998Look like it was Dell's lifecycle bit20:59
=== cshep is now known as platonical

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!