[01:37] Ubuntu server 18.04 - when I lose internet connection it never comes back up. I have to reboot the server. [01:37] tried restarting /etc/init.d/networking, nothing [01:38] its not running nmcli, or network-manager [01:38] netplan apply does nothing. [01:39] don't do /etc/init.d/networking restart -- on 18.04 it'll probably be a harmless no-op, but on previous systems it could wedge the system bad enough that your only solution is to reboot it [01:40] you'll have to figure out why you're losing networking. find that, then you can probably start on a solution. [01:55] sarnold: i lost internet connection because i was working on my firewall, however internet access should come right back up automatically, and its not [01:57] Delvien: how were you testing that you didn't have internet access? [01:58] ping, curl to a url [01:59] i had LAN, but no WAN [01:59] guess i should of been more specific [01:59] were you pinging IPs or DNS names? [02:00] what does 'ip route get' show for IPs off your network? [02:00] 10.10.10.1 dev ens160 src 10.10.10.12 uid 1000 [02:00] cache [02:00] from using 10.10.10.1 [02:07] sarnold so is there anyway i can fix this? I cant have it no automatically connect back if WAN drops. [02:07] cant have it not* [02:07] Delvien: sorry, I expected more results and popped back to code review.. [02:07] just a stupid question, but I did a clonezilla clone from a 256GB cruddy Samsung NVMe disk to a 512GB nice Samsung NVMe disk, but `efibootmgr` among others list UEFI as the original 256GB disk, is there a way to update the metadata for that EFI data via command line to reflect the newer disk? [02:08] Delvien: so that one bit you've got there shows me that you can route to a local address, but doesn't say anything about how you get to a remote address .. [02:08] asking here since I seek solely CLI options and I have a similar setup in a *new* server that's going to have the same problem once I finish the cloning of data over [02:09] sarnold: well im speaking to you from that same server, so [02:10] sarnold: would it helpt o have their entire `ip -4 route list` ? [02:10] which shows all system routes including their default. [02:11] teward: maaaaaybe. normally it's enough to ask for e.g. a route to 8.8.8.8 and make sure that the system uses the same route off the network as the admin expected :) [02:12] sarnold: well i have to assume some systems are stupid :P [02:12] because they never behave the way I expect them to :P [02:12] 'course that happened to me today when I touched the IO scheduler for a few VMs, but this is what backups are for :P [02:12] aaaaack more git vulns sarnold how come y'all didn't tell me >.< [02:13] (unrelated I bother sarnold too often :P) [02:13] thanks for your help, ill do some forum surfing [02:13] teward: heh, maybe we ought to machine up a plaque for you, "if git doesn't have a vulnerability then systemd does" :) [02:13] heh [02:14] sarnold: Rule 9000 of the Internet: If a piece of software exists, there's a vulnerability in it. [02:14] :P [02:14] sarnold: i dropped in late was Delvien trying to do autofailover WAN? [02:14] 'cause... i have that working with some pretty hefty evil scripts :| [02:15] teward: no, he was trying to debug "why his machine didn't reconnect with the internet" [02:15] ah [02:15] but couldn't describe in what way he *wasn't* connected to the internet. [02:15] heh, indeed. [02:15] and didn't bother to answer my questions [02:15] so [02:16] heh [02:53] cyphermox: I noticed netplan.io doesn't have any IPv4 and IPv6 examples of the two in conjuction with each other on the same box, would that be a nice example to add under static addressing on the site perhaps? [05:46] I installed 18.04.1 Server as a virtual machine - and I see cloud init installed and also it seem there are a bunch of scripts - why do I need cloud init ? I run a small kvm server with around 15 virtual machines - so is mostly virt-manager virsh, so I am interested why cloud init launches by default, and what exactly it does ? [06:18] yo, installed updates and restarted, sendmail is having some trouble now though [06:20] Nov 28 08:17:14 meskhenet sm-mta[19739]: My unqualified host name (meskhenet) unknown; sleeping for retry [06:21] https://paste.ubuntu.com/p/ZzXR65ytwN/ is the last bit causing issues maybe? running dnsmasq [06:23] 127.0.0.1 localhost.bindibox.net localhost meskhenet [06:23] this fixed it [06:23] mind you i havent touched the hosts file in ages [06:23] so some package started doing something differently, dnsmasq or sendmail :P [06:24] although now if i use meskhenet locally I get both 192.168.1.1 and 127.0.0.1 as results, not ideal [06:57] Good morning [08:44] welcome iron_houzi [08:44] Thanks! [08:45] I wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space? [08:45] iron_houzi: ask your issue here, but idle a bit as volunteers might not be all awake yet [08:46] ^^ - No worries [08:47] iron_houzi: im not the server expert, but 2G sounds very low to do stuff properly [08:48] even on a mini ubuntu install, updates would still take a few space right [08:48] did you start from a cloud image or a server image? I think I would have expected something smaller.. [08:48] granted the smallest images I hear about in regular use are 10G.. [08:54] iron_houzi: ^ [09:12] ayeoo [09:12] wyseguy: i think this channel might suit you better for tips & tricks on the ubuntu move [09:12] got it [09:12] wyseguy: re-ask here please [09:14] so small business is running windows server 2016, they all use thin clients to rdp into the server. their current setup is offsite but they are going to be moving servers inhouse and are interested in linux if possible. Issue is they use quickbooks enterprise (they hate it and want to find something else) dazzle, ups worldship, shipgear, ms office and a few other programs... [09:14] curious if its possible to switch over the linux, not sure how this will be done with some programs that I believe only run on windows [09:15] last post here talks about worldship in 2015... https://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/ [09:16] https://www.ups.com/lc/en/help-center/technology-support/worldship/system-requirements.page [09:17] everything is on ESX, so we can spin up vm's as needed. Thinking maybe we have a "Shipping Room" vm that we put this program on and allow remote access to the program somehow on the linux desktops? ideas? [09:20] wyseguy: generally, at least some of those programs (like ms office) won't be available on Linux. There are different strategies to cope with this. You can switch to alternatives (like LibreOffice) or you can use VMs either on the users' machines or on a server like you already mentioned [09:20] avu yes moving to libreoffice would be fine [09:20] other issue i see if ups worldship wont work on linux either [09:21] is* [09:22] wyseguy: just for personal interest, can i ask why the move? [09:23] lotuspsychje licensing costs mainly, issues with windows in general, employees causing issues, malware, something more stable [09:25] nice mate [09:25] but i feel this is going to be an uphill battle unless i can find alternative programs [09:26] wyseguy: ubuntu has tons of alternative packages to play with [09:27] well main ones are ups worldship, quickbooks and dazzle [09:27] those are the ones holding me back [09:27] i looked at odoo (to replace quickbooks) but seems like a money pit [09:28] gnucash perhaps? [09:28] dazzle is for dvr cams? [09:29] they are pushing 20k different items that they sell, they required quickbooks enterprise for this [09:29] dazzle if for USPS [09:29] is* [09:29] dazzle = endicia [09:29] https://www.endicia.com/landing-pages/usps-shipping-software?referredby=wgpd&gclid=CjwKCAiAlvnfBRA1EiwAVOEgfId_6WPbEsM6YAyV1d2jTzvbRoAt4-g1XY9-XkUDH55OcEb3_xJXGBoCABIQAvD_BwE&gclsrc=aw.ds [09:31] !info libbusiness-us-usps-webtools-perl [09:31] libbusiness-us-usps-webtools-perl (source: libbusiness-us-usps-webtools-perl): Perl module enabling use of USPS Web Tools services. In component universe, is optional. Version 1.11-2 (bionic), package size 13 kB, installed size 100 kB [09:32] hm [09:32] im just poking around a bit [09:33] ill have to look into that [09:33] ya [09:33] or... [09:33] maybe have a windows vm that can somehow open a app window on their linux desktop for just that app... [09:33] thats possible too, or wine [09:34] and the app would be running in windows on another vm, but would need to present the app on the linux desktop as just an app [09:34] wine wont work [09:34] database issues [09:34] wyseguy: these days, there's a lot of available in the cloud too [09:34] https://www.linuxquestions.org/questions/linux-software-2/ups-worldship-419247/ [09:35] wyseguy: so combine ubuntu server/clients with cloud based services and your good to go [09:35] very true [09:35] well... [09:35] ups worldship is a big one [09:35] they set packages on a scale and press enter, label is printed and next package is put on scale, tons and tons of packages daliy [09:35] it ties directly to UPS [09:36] wyseguy: perhaps you could contact canonical on that one, see if they have experiences with it? [09:36] thats an idea [09:37] !canonical [09:37] Canonical Ltd. is committed to the development, distribution and promotion of open source software products, and to providing tools and support to the open source community. It is the driving force behind the Ubuntu, Kubuntu, Xubuntu, and Edubuntu Operating Systems. Canonical's website is at http://www.canonical.com/ [09:37] asking is free right [09:37] well it comes down to more of an issue with UPS i think [09:37] i believe they require you to use their software [09:38] is there a way to have an app run on a windows machine and be able to access just that app on a linux vm and "make it look like" its running on the linux desktop? [09:38] wyseguy: do they have webbased/cloud services? perhaps investigate that too? [09:38] I wanted an alternative to Alpine for a small VM, so I installed Bionic server on a 2GB hard drive. The system requirements state 1.5GB minimum. Now I cannot update due to insufficient space on the hard drive. Should it be possible to get updates with such a limited amount of space? [09:39] iron_houzi: answer the question sarnold asked you [09:39] iron_houzi you should be able to expand the drive [09:39] !ubuwin | wyseguy perhaps? [09:39] wyseguy perhaps?: Windows 10 has a feature called Windows Subsystem for Linux, which allows it to run Ubuntu (and other Linux distro) userspace programs without porting/recompliation. For discussion and support, see #ubuntu-on-windows or ##windows. For installation instructions, see https://msdn.microsoft.com/en-us/commandline/wsl/install_guide [09:39] Oh? I didn't catch that. Sorry [09:40] lotuspsychje that sounds correct but backwards :p [09:40] need it the other way around [09:40] I know how to "fix" the problem. I'm just checking if there are "Right Way (TM)"'s for keeping the system updated on a 2GB hard disk. [09:43] i think ill test out play on linux and crossover [09:44] https://www.codeweavers.com/compatibility/crossover/ups-worldship [09:44] hm.. seems to answer that one [09:49] wyseguy: since I've seen the mention of libbusiness-us-usps-webtools-perl above: beware of relying on packages in universe. Ubuntu is very unreliable when it comes to providing critical (security) upgrades for such packages. [09:49] got it [09:49] thanks === lotuspsychje__ is now known as lotuspsychje [09:53] iron_houzi: that really depends on what you're installing on it. for example, we do debootstrap based installations, 700M is the base minimum for the bootable server OS. [10:28] huh... incredible how many important server packages are in universe. just looking at those on our installations. zfs-initramfs, python-virtualenv, uwsgi, munin, netfilter-persistent, busybox, dehydrated (ACME client), dropbear (initramfs ssh to unlock LUKS root), ..... [10:29] roundcube is completely neglected, that one I know, I install it from source. [11:06] good morning [11:12] kstenerud: I see dovecot is not only green === cpaelzer_ is now known as cpaelzer [11:13] it also completed migration [11:13] https://launchpad.net/ubuntu/+source/dovecot/1:2.3.3-1ubuntu1 [11:13] shows it as released [11:13] thanks [11:13] I'll mark nspr and dovecot green on the roadmpa board [11:13] if you have any other trackers please update them yourself [11:14] ok [11:44] blackflow: yeah, it can be a bit daunting because you are essentially on your own when it comes to maintaining those packages, Canonical completely pushes the responsibility to the community. Tinc (a VPN package) has had unfixed CVEs since September for example. Canonical doesn't care. [12:32] avu: we can't boil the ocean. Use openvpn if that matters to you, that's in main. [12:33] avu: or, please contribute the fixes! [12:33] rbasak: I just switched back to Debian, somehow they do manage to provide security fixes for their complete archive [12:34] They have plenty of open CVEs too. [12:34] They're dependent on volunteers just as Ubuntu is for universe. [12:35] My experience when dealing with their security team has been completely different than what I experienced when dealing with Canonical when it comes to universe [12:35] Sure, they rely on volunteers for everything, they actually have processes set up for this where at least one team of those volunteers feels responsible for every security related issue [12:36] Canonical just dispatches into some ill defined cloud of volunteers and stops caring at that point when it comes to universe [12:37] the worst thing about this is, IMO, that they don't do a good job of communicating this. Universe should be disabled by default and when you install packages from it, there should be a warning. It should also be better documented how to curate a list of all packages you have installed from universe [12:37] But I guess the marketing folks wouldn't like that [12:38] whats this about ? [12:39] avu, how about taking some responsibility for researching the software you decide to use ? [12:40] but ya its alwats easier to blame others [12:40] avu: I think you're conflating Canonical with Ubuntu there. [12:40] Ussat: I do, that's why I tell people to beware when installing packages from universe, which started this discussion [12:40] rbasak: how? [12:41] free software has issues, news at 11 [12:41] yawn [12:41] Ussat: so what's your point? That we shouldn't talk about these issues? [12:41] Canonical doesn't command the volunteers, and in fact has no say whatsoever over them. Debian doesn't have a company to command volunteers either. [12:42] No, but playing the blame game doesnt help anything does it [12:42] avu, my point is if you want something better do something about it [12:43] I already did, thanks [12:43] ya ok [12:43] rbasak: maybe I just missed it, is there some kind of community team that deals with security issues in universe? [12:44] I think you're missing my point. [12:44] from what I read and from the responses I've seen on launchpad, it all seemed very vague to me [12:45] Ubuntu has it's own governance, that isn't tied to Canonical. [12:45] (except at the top there's a person who wears two leadership hats) [12:45] Sure, that's fine, totally unrelated to my question though, I wasn't trying to say that thi has to be a team designated/created/curated by Canonical [12:46] I was just interested in the structures or processes that exist to deal with critical bugs in universe because to me it kind of seemed that there are basically none [12:47] It's down to individual volunteers to care about specific packages in universe. [12:47] Ah, so I was right, okay [12:48] A process like Debian's won't work in Ubuntu because Ubuntu doesn't have individual maintainers for packages in universe that are synced from Debian. [12:48] avu here is a thought, why dont you volunteer to pay somene so they can dedicate all their time to this, do you understand VOLUNTEER [12:48] However I think you should look at the actual results, rather than deflecting into comparisons of process [12:48] In Debian, there's not only the individual maintainers though, there's also the security team who feel responsible for security issues in *all* packages [12:48] Something like that could be created for Ubuntu as well, no? [12:49] I don't think that will work for Ubuntu. [12:49] avu you volunteering to do that ? [12:49] (And I'm not talking about Canonical paying someone to do that, I'm talking about a community effort) [12:49] There is a Launchpad team that I think was an attempt to do that, but it is inactive. [12:49] https://launchpad.net/~motu-swat [12:50] A community effort still needs volunteers :) [12:50] jamespage: coreycb: could you consider adopting xmltooling into uca? we need a working version for keystone in bionic, and I don't think that 3.0 will be backported from cosmic. https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1776489 [12:50] Launchpad bug 1776489 in xmltooling (Ubuntu) "libxmltooling7 depends on libcurl3, which has been replaced by libcurl4 in Bionic" [Undecided,Confirmed] [12:51] what avu is saying is OTHER poeple should volunteer their time do do this, I am content to sit here and complain [12:52] There are however some very well maintained packages in universe by volunteers. When enough people care about a package, that happens (and we're grateful to them) [12:52] We of course move the most popular packages into main. [12:52] Ussat: that's in no way what I said, that's just what you read into what I'm saying. All you are doing in fact is spew insults at me without even trying to contribute anything interesting to the discussion. [12:53] I wonder how much that really leaves in universe that is actually a problem for real world users. [12:53] avu, that is exactly what you are saying [12:53] I use ejabberd from universe for example, but keep it confined quite severely with apparmor. [12:53] rbasak: Ubuntu doesn't run anything like Debian's popcon, right? [12:53] Ubuntu does have a popcon, but it is not opt-in and so probably isn't that reflective of Ubuntu users. [12:53] Especially on server I suspect. [12:54] V [12:54] https://popcon.ubuntu.com/ [13:11] frickler: can libapache2-mod-auth-mellon be used instead? that is in main and thus has security support for 5 years in bionic. [13:12] well, i guess longer than that based on recent news [13:12] not sure of those details though [13:13] frickler: fyi bug 1610286 [13:13] bug 1610286 in libapache2-mod-auth-mellon (Ubuntu) "[MIR] libapache2-mod-auth-mellon, liblasso3" [Medium,Fix released] https://launchpad.net/bugs/1610286 [13:14] coreycb: that may be possible, but I don't know enough of the details. I'll forward that suggestion to the keystone folks. or maybe you can add that comment on https://bugs.launchpad.net/keystone/+bug/1802901 yourself? [13:14] Launchpad bug 1802901 in OpenStack Identity (keystone) "Federation functional job failing on Bionic" [Undecided,New] [13:15] frickler: sure i'll comment on the bug [13:16] coreycb: cool, thx [13:42] kstenerud: the samba-eexist ppa needs a newer build, but I will push a bileto ticket for you, so we will also get the dep8 test run done forus [13:43] ahasenack: OK. Do I need to do anything from my end? [13:44] kstenerud: no, just give me an ok to tag an upload, via a hash, if the tests are ok [13:45] kstenerud: 4f81d752ad1daac7575255baba1721358d5fa52e I believe is the current head, right? [13:48] cpaelzer: the "irc nicks" list in bileto, is it comma separated, space separated, or what? It doesn't say [13:49] * ahasenack guesses space [13:50] ahasenack: space [13:50] kstenerud: if you join #ubuntu-ci-eng, your nick will be pinged with status changes [13:50] about this test run [13:51] oh cool [14:03] kstenerud: ok to sponsor tomcat8? https://code.launchpad.net/~kstenerud/ubuntu/+source/tomcat8/+git/tomcat8/+merge/359229 [14:03] hash 4d56628304b1c3a940067debbffa71faa7123324 [14:11] kstenerud? [14:11] sec let me make absolutely sure [14:11] k [14:12] ahasenack: Yes please sponsor [14:12] k [14:12] thank you [14:28] jamespage: placement is in the new queue for disco. i'll seed that and get an MIR opened. [14:36] Hello guys, [14:36] got a little issue whtn trying to install ubuntu via pxe [14:36] it fails on the mirror archive selection [14:37] I've copied the extracted iso file to /var/www/html/ubuntu and I can reach it by using the browser [14:37] not sure what I'm doing wrong [14:44] avu: rbasak: problem is, at least some popular server packages should be in main. I mean, if Canonical wants to compete with RH (and judging by Mark's recent "attack" at RH's OpenStack back in May), then Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't. [14:45] blackflow: not sure I follow. A lot of popular server packages are in main [14:46] blackflow: What do you base this opinion on? "Canonical really should become a viable alternative to the enterprise grade support of RH. So far it isn't." [14:48] cyphermox: and a lot aren't. and it's not obvious to users that, say, roundcube (the most popular webmail) is pulled once for each ubuntu release and never patched for security for the duration of that release. [14:48] setuid: from personal interaction with both. [14:48] blackflow: I'm forever dealing with weird customer requests including putting stuff nobody else cares about into main. When Canonical has a customer that wants it it generally happens. So appealing to the business end doesn't really work in an argument. [14:48] blackflow: we can't make it more obvious than it currently is. supported things do show a supported: like in apt. [14:48] blackflow: businesses typically don't use roundcube. [14:49] Everything you can install on server, doesn't belong in main, and thus, doesn't require or merit the same support as those packages found in Universe. [14:49] blackflow: you'll always be able to pick an example of something that is in universe and "popular" given some arbitrary metric. What I'm saying is that when we see something is very popular we often pull them in to main [14:50] blackflow: additionally, there is a process through which you can request for something to be put in main [14:50] rbasak: which is beside the point. the point here is that packages like roundcube shouldn't be in official repos to begin with. look at xenial's 1.2-beta-...... with a myriad of CVEs unpatched since Mar 2016 [14:50] It's also a matter of dependencies [14:50] it requires review (I'm part of that review team), and you'll need buy-in from the server team in the case of server packages, but thre is a way to do it [14:50] blackflow: if you care, why haven't you patched it? [14:51] available in some way in universe is also better than not available at all; we're derived from Debian after all [14:53] cyphermox: I disagree with that tho'. universe is obviously to some extent supported by canonical. I mean why would postgresql-server-dev-10 be in universe if it wasn't. [14:53] anyone ? [14:53] As someoine who has BOTH RH and Ubuntu in his enterprise, RH's "support" isnt all its cracked up to be [14:53] so the problem here is some packages get support, some don't and generally it's advised to be wary of "universe", is it not? [14:54] blackflow: only "supported" in that it's in the archive, we only officially support what's in main. [14:54] talx: What did the console logs show? [14:54] blackflow: Ubuntu is not just Canonical, it's the entire community [14:54] talx: alt-left-arrow, activate console, look at syslog [14:54] I'm in the middle of installation [14:54] you are talking about using alt + f3 ? [14:54] its smart to be wary of ALL OSS, no matter where its from [14:54] cyphermox: hence my opinion that it better not be in repos at all, if it's gonna be pulled once in 2016 and never touched again. [14:54] blackflow: has it been updated in Debian since? [14:54] The problem is that the term "support" has always been overloaded. [14:54] talx: No, I'm talking about activating the console, not jumping out of graphical install [14:54] In Debian, the entire archive is community support. [14:55] In RHEL, the entire archive is unavailable unless you already pay for support. [14:55] blindly installing in an enterprise is stupid, no matther where its from [14:55] cyphermox: it has been dropped in debian because of lack of maitainer support, for jessie, then reinstated in Debian and yes patched for recent CVEs [14:55] rbasak: yeah: universe is community support -- if someone cares enough it will get updated/fixed/wahtever [14:55] In Ubuntu, you can buy support from Canonical, and in practice I see things in universe updated based on customer request. [14:55] However for the general public, main has a support commitment from Canonical and universe doesn't. [14:55] rbasak: he has a good point for roundcube, it probably needs a bit of kicking [14:55] This has always been perfectly clear IMHO. [14:55] it says Warrning mirror does not support the specified release (xenial) [14:56] blackflow: I think the point above all is that we're relatively few employees, can't be expected to care and see everything that happens to every of the 40k+ packages in the archive [14:56] so yeah, some things may be dropped, not cared for for a while [14:56] setuid: it says Warrning mirror does not support the specified release (xenial) [14:57] its from /var/log/syslog [14:57] We have dropped and blacklisted things from universe in the past. [14:57] bitcoin comes to mind. [14:57] I'm going to look at roundcube but it's likely been patched in ubuntu, or blocked in the same state because of the drop from Debian ? [14:57] cyphermox: that's understandable, and, again, in my opinion packages that aren't / can't be cared about (for whatever reason) should be kicked out [14:57] rbasak: we also had additional reason to blacklist Bitcoin [14:57] rbasak: yeah, but we need a good reason to not provide something in the archive at all [14:57] because hardforks, constant dev, no revcompat, etc. [14:57] bitcoin was blacklisted for a good reason :) [14:57] yes it was, I was partly involved :P [14:57] cyphermox: I agree that's the current status quo. [14:58] * teward still subs to the bitcoin blacklist bugs heh [14:58] I personally sway towards removing things more readily though. [14:58] rbasak: I don't think there needs to be any change [14:58] I mean I just came from a meeting with a client whose infra we have to support and who had hard time understanding that half of packages they use are basically unsupported. [14:58] (because "but it's in the repos!") [14:58] blackflow: that's not quite valid... 'unsupported' does not mean the same thing as 'community supported' [14:58] FOr example the long tail of PHP reverse dependencies in universe - I feel that it causes far too much effort to maintain these over PHP transitions versus the very small (possibly zero, if they have users at all) user benefit. [14:58] things come in from Debian, why would we decide not balcklist it because it's unmaintained, only to lose it completely and then forget to unblacklist it when it's fixed in Debian later. [14:58] setuid: for them, it's the same thing :) [14:58] You mean 'Not included in UA Support from Canonical'? [14:58] setuid ? [14:59] rbasak: I think in all these cases whether something is "popular" or "beneficial to the user" is very subjective. [14:59] talx: Are you installing from a pxe/netboot image? an ISO? and is it correctly xenial? [14:59] I believe so [14:59] * cyphermox goes to have a look at roundcube [14:59] cyphermox: I agree it's a tough call but that's not a reason to make a decision by inaction. Somebody has to make the call. [15:00] and yes I'm installing from pxe [15:00] roundcube is pretty legacy, iirc, last release was 2012? [15:00] lolno [15:00] it's very much alive and supported upstream. [15:00] 1.3.8 was released on 26 Oct 2018. [15:00] hrm, maybe I'm thikning of Squirrel [15:01] yah that's a bit on the ancient side. [15:01] blackflow: clearly you're talking about roundcube in xenial [15:01] IMHO, webapps are a poor fit for the distribution model. [15:01] cyphermox: yeah [15:01] wordpress is another example [15:01] rbasak: I'm not advocating decision by inaction. I'm saying things are broken doesn't mean they're completely useless [15:01] Tools like roundcube have a mountain of deps, depending on plugins, php versions, php's own deps, etc. [15:01] not quie [15:01] *quite [15:02] and there's a cost-benefit analysis to be made, given that you and I alone can't cover the entire archive [15:02] cyphermox: I think we agree then :) [15:02] it's not much effort to remove something from the archive, but it *is* effort if you count that you remove it when it's going to be readded a few months later because the debian maintainer woke up. [15:03] apt-rdepends on roundcube shows 650 deps. [15:03] and in the meantime, we make such a package useless to those people who might be able to use it, despite whatever issues it might have [15:03] I run roundcube from upstream tarball. all I needed for it is regular PHP from Bionic [15:03] 158 top-level dependencies [15:04] those 650 probably come from the full dep tree, including glibc and the core of the core :) [15:04] ie. if you're installing roundcube internally for a company, behind a firewall, you don't necessarily care much about /some/ of the CVEs. [15:04] cyphermox: not true. recent ones had incoming mail XSS their way into stuff... [15:04] setuid: I've deleted everyting [15:04] blackflow: I don't know nor use roundcube, it was an example. [15:05] problem is even if behind the firwall, it deals with data (email) coming from outside of the firewall and is this equally exposed as if it wasn' behind the firewall [15:05] setuid: which iso should I use for installing ubuntu 16.04 via pxe [15:05] *is thus [15:05] http://releases.ubuntu.com/16.04/ [15:05] talx: server [15:06] cyphermox: Assuming that the internal network is more trustworthy than external networks is a fallacy. [15:06] hyperlumic: it was an example, without knowing what the CVEs were about [15:06] oaky downloading [15:06] cyphermox: aka uneducated opinion ;) [15:06] does anything have a good manual for setting up pxe ? [15:06] no. [15:06] cyphermox: I understand that, but the notion itself is incorrect. [15:06] talx: yes [15:06] google gave me just troubles [15:07] talx: there's an ubuntu wiki article on pxebooting [15:07] orly [15:07] I'd like to have the link for it if possible [15:07] talx: i assume you mean PXE boot the installer [15:07] yea [15:07] https://help.ubuntu.com/community/PXEInstallServer [15:07] blackflow: not uneducated. if it doesn't do auth quite correctly, you might not care that much [15:07] https://wiki.ubuntu.com/UEFI/PXE-netboot-install [15:07] XSS, you obviously should care. [15:07] thank you [15:07] one or both of those, talx [15:08] havent tested either but they're there so [15:08] you are awesome thanks [15:08] nah I just have google-fu ;) [15:08] (uneducated in the way you said you didn't use it (and thus have no experience with what it does and what the vectors are) and dint' know what the usual CVEs for it are, and yet you had an opinion that it's okay to run it behind a firewall) [15:08] cyphermox: not sure if you saw my message last night, my ZNC derped and didn't send me scrollback today - would a combo IPv4 and Ipv6 static config example be nice to have for the netplan examples on netplan.io? [15:08] because I didn't see any v6 examples :P [15:08] had to go digging in documentation [15:08] teward: yes, I saw [15:08] had to go digging in documentation to find how [15:09] hmm [15:09] it's fine to add in the addresses: array [15:09] I've fast read it, it looks great [15:09] cyphermox: yeah that's what i discovered digging in the docs. :) [15:09] teward: as for the website, I'll fix it when I next upload I guess [15:09] cyphermox: ack, no problem or rush :) [15:09] I need to see if I can still fix it easily or if it's paperworks ;) [15:11] heheh === crimastergogo_ is now known as crimastergogo [15:48] Is there some solution from Canonical that will generate and possibly deploy(not as important) an ubuntu and run post-install on it? I know all about MAAS but that doesn't really fit our needs. [15:53] leftyfb: you're going to have to be more specific, otherwise my answer is going to be MAAS. [15:57] Right now we're booting via PXE, doing a d-i install, some basic post-installation via kickstart and then a post-post install on next boot via a script pulled down during the kickstart [15:58] The first step is to get away from d-i. [16:06] leftyfb, MAAS does PXE boot, blasts a preinstalled squash image on disk, and can run arbitrary post-installation scripts / stuff, i.e. via trivial cloud-config/cloud-init yaml specified hooks. [16:07] leftyfb, neat thing it's just $ apt install maas [16:07] leftyfb, it's based on preinstalled/bootable cloud-images and curtin. [16:07] leftyfb, is this for servers? desktops? cloud? baremetal? [16:13] robots [16:14] moving robots only accessible via wifi once the NUC is in the robot [16:14] the initial deployment is fine to rely on ethernet [18:00] On 16.04, we have a network setup like so: eth1 -> vlan10@eth1 -> br10. LXC containers attach to br10 or other bridges and get put on the right VLAN. I can't get this to work in systemd-networkd on 18.04. [18:03] Does anyone have a similar setup they could paste? [18:36] nevermind, figured it out. The bridge needs VLANFiltering=false, and have the same MAC as the physical interface. [19:40] jamespage: ok i've pushed the placement seed. fyi i didn't add breaks/replaces as nova still has placement code. [19:56] Should I see an amd64 version of a iso in -> http://cdimage.ubuntu.com/ubuntu/releases/16.04/release/ [19:57] Epx998: http://releases.ubuntu.com/16.04/ [19:58] Epx998: releases.u.c, not cdimage.u.c, for standard ISOs :) [19:58] as sarnold linked :) [19:59] gotcha [20:25] when the iso installer fails on apt get heh [20:26] o_O [20:27] sounds like internet fail in those cases heh [20:27] its just a cd install [20:29] meh [20:30] must be the network mounted cd image [20:31] hash sum mismatch from the cdrom, ok. guess i can see if i can use ub18 [20:32] uhhhh.. how'd that happen? [20:38] who knows [20:39] https://ibb.co/vwLCYvy [20:42] yikes. memtest86 on that machine? [20:43] it might not hurt to try mounting the image from elsewhere and manually walking through the InRelease and Packages.gz files to make sure hashes match [20:44] id just talk them into a working distro ;P got a few to choose from in this lab. [20:45] the question is, is the image busted? or your network? or your machine? [20:46] Epx998: have you validated the integrity of the iso with http://releases.ubuntu.com/16.04/SHA256SUMS ? [20:46] issue was duplicated on 3 chassis, going to see if i have issues with rhel7.6 and maybe sles12 [20:46] i grabbed the cd off the ubuntu torrent [20:46] hmm, interesting [20:47] Epx998: I mean in the long run I think you'd be better served by using the cloud images anyway, but if you want to keep using a cd-based installer to get to finished systems, then it'd be worth finding out *why* you've got broken bits :) [20:47] ill grab it off release.ubntu as well [20:48] cd installer was cause the cloud image wasnt grabbing the kickstart, i wanted to see if it was a network issue [20:48] i used the dell lifecycle for fun, maybe that was it [20:48] you'd want to use cloud-init instead of kickstart for cloud images [20:49] we typically do not use cloud images [20:49] though i do have a sprint item for working with RH on something cloud based [20:59] Look like it was Dell's lifecycle bit === cshep is now known as platonical