[00:03] <Haunted330> This channel is closed. You are going to have to leave.
[00:03] <xrandr> Hi there.  I have an ubuntu 18.04 server, and used netplan to apply a set of static ip addresses. However, when i use ifconfig, I do not see the ips being bound to my server.
[00:04] <Haunted330> This channel is closed. You are going to have to leave.
[00:04] <Haunted330> We reopen at 8am CST.
[00:05] <teward> !ops | Haunted330 trollig the channel
[00:05] <ubottu> Haunted330 trollig the channel: Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!
[00:05] <Haunted330> !ops Everything is good
[00:05] <Haunted330> Leave the ops alone please.
[00:05] <Haunted330> Im just doing my job
[00:06] <hggdh> Haunted330: ok, then goodbye
[00:06] <Haunted330> yep, good bye
[00:07] <teward> hggdh: thanks.
[00:08] <hggdh> teward: yw
[00:08] <teward> xrandr: so `sudo netplan apply` doesn't apply the IPs?
[00:09] <teward> trying to make sure it's just a case of them not applying or whether Netplan's just derping at some point, or whether something else is up.
[00:10] <teward> seeing your config would be nice as well, xrandr, since it might be your config.  (cc TJ- since we said in #ubuntu to move here)
[00:10] <xrandr> sure
[00:10] <xrandr> one moment and i will pastebin it
[00:10] <xrandr> :q
[00:11] <xrandr> https://pastebin.com/3aR4J8B9
[00:12] <TJ-> xrandr: what does "ip addr show dev enp2s0" report?
[00:12] <xrandr> teward: and to answer your first question, it does not apply it
[00:13] <xrandr> https://pastebin.com/zt7L4RcM
[00:13] <TJ-> xrandr: also, check the service for clues "journalctl -u systemd-networkd"
[00:13] <TJ-> xrandr: looks correct to me, where is the problem?
[00:14] <xrandr> ifconfig doesn't report the ips, and also, I can't ping them. No firewall is currently active either (server was just deployed)
[00:14] <TJ-> xrandr: you've only assigned a single IPv4 address to the interface
[00:14] <sarnold> don't worry so much about ifconfig, it doesn't know networking as well as ip does
[00:15] <xrandr> TJ-: I thought by specifying the /29 it would add the range
[00:15] <TJ-> xrandr: 192.154.110.170 pings OK
[00:15] <xrandr> .170-.174
[00:15] <TJ-> xrandr: No, it assigns the single address in the /29 sub-net
[00:15] <xrandr> Well, that could be my issue lol.
[00:16] <TJ-> I'm not sure netplan knows how to assign all the possible IP addresses of a sub-net to a single interface
[00:16] <xrandr> How would I go about assigning the other ips to the server?
[00:16] <teward> add the addresses individually
[00:16] <teward> let me pull an example...
[00:16] <teward> I think i wrote one for the examples for netplan...
[00:16] <sarnold> see e.g. https://netplan.io/examples#multiple-addresses-on-an-interface
[00:16] <teward> *pulls up historical git commits*
[00:16] <teward> ohey that one
[00:17] <teward> i added the section underneatn that one ;P
[00:17] <teward> xrandr: you have to define each of the addresses.  The /29 is just to specify the subnet mask, it doesn't set all the addresses up (and is relevant to determining proper Broadcast and Gateway address)
[00:17] <teward> so you'd have 170/29, 171/29, etc. etc.
[00:18] <teward> *salts sarnold*
[00:20] <xrandr> Ah there we go
[00:20] <TJ-> It would be nice to be able to do ranges :)  "addresses: [ 192.154.110.170-177/29 ]"
[00:20] <xrandr> thank you all so much
[00:22] <teward> TJ-: indeed.  that's a proposal to suggest to cyphermox
[00:24] <TJ-> teward: I might find some time to attempt a patch but I suspect it'd be a rabbit-hole. Parsing is easy, figuring out the conrrect way to render it not so
[00:26] <teward> yep.
[00:26] <teward> hence why i said propose it in the netplan project and let them gauge interest/implementation
[00:26] <teward> it'd be tricky
[00:29] <TJ-> systemd-networkd is just a case of multiple Address= entries (I wonder what the limit is)
[00:30]  * TJ- stiffles a giggle
[00:30] <TJ-> It could get to be fun for IPv6
[00:31] <teward> TJ-: if you need more than 100 specific addresses added... it's being done wrong lol
[00:37] <TJ-> teward: you're reminding me of the famous 'never need more than 640KB' meme!
[00:38] <TJ-> teward: how can I have an IP-addressable display if the host can't have mor than 100 IP addresses?
[00:38] <teward> :P
[00:40] <TJ-> that brings up and interesting question - how *did* the 75-internet's worth of IPv6 address space get decoded and mapped - presumably it'd have to be a userspace network stack
=== lifeless_ is now known as lifeless
[07:07] <lordievader> Good morning
[12:08] <Raboo> Hi guys
[12:09] <Raboo> I have a strange issue on two of my Ubuntu 16.04.5, i have biosdevname package installed, but still my interfaces are named eno1/eno2
[12:10] <Raboo> I was under the conception that if you have biosdevname installed, predictable name would be applied
[12:19] <rbasak> Raboo: only if your BIOS actually provides device names.
[12:19] <rbasak> That was only a Dell thing and only for a while AFAIK.
[12:21] <Raboo> hmm, it is a dell server :-)
[12:22] <Raboo> rbasak is there a way to see if the bios provides a device name?
[12:23] <Raboo> but it's quite strange, cause when installing the node we use a centos image, there I believe the device names was em1/em2
[12:23] <Raboo> So i guess the whole bios part is working
[12:25] <Raboo> Yup, the devices was named em1/em2 when in centos
[12:26] <rbasak> Raboo: https://lists.ubuntu.com/archives/ubuntu-devel/2015-May/038761.html is a good writeup which hopefully will help you pin it down
[12:28] <rbasak> "70-persistent-net.rules trumps [biosdevname] trumps [ifnames]"
[12:30] <Raboo> yes, but there is no 70-persistent-net.rules
[12:31] <Raboo> in that e-mail it says about ifnames "Debian and Ubuntu disable this by
[12:31] <Raboo> default"
[12:32] <Raboo> so unless that has changed between Ubuntu 16.04.4 and 16.04.5, I should be getting em1/em2
[12:49] <Raboo> running `biosdevname -i eno1` returns a blank
[12:52] <rbasak> 16.04.4 likely had a different kernel to 16.04.5. You could try switching kernels.
[12:52] <rbasak> That is entirely a guess, to be clear.
[12:58] <leftyfb> Raboo: I know you said you have the package insalled, but have you tried putting biosdevname as one of your kernel parameters?
[13:01] <Raboo> leftyfb nope, it should be enabled by default, you usually put biosdevname=0 to turn it off
[13:02] <Raboo> Maybe it's a bios bug, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1578141
[13:02] <ubottu> Launchpad bug 1578141 in systemd (Ubuntu) "Predictable interface names partially broken with igb driver" [Medium,Confirmed]
[13:09] <Ool> isn't it: GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" to have the old name ?
[13:09] <Ool> after a update-grub of course
=== TheHonorableKitt is now known as THKitten
[13:15] <Raboo> well I want biosdevname=1
[13:15] <Raboo> i want em1/em2
[13:18] <Raboo> `biosdevname -d` reports em1 for both eno1 and eno2
[13:18] <Raboo> so it could be a similar bug with the launchpad link i pasted
[13:19] <Raboo> or it could be the mellanox driver, haven't really used mellanox nic before
[13:22] <Raboo> this sucks
[13:27] <rbasak> Raboo: you could manually override to the names you would get by biosdevname but without biosdevname as a workaround.
[13:29] <Raboo> rbasak ok, by adding a 70-persistent-net-rules file?
[13:50] <rbasak> Raboo: right
=== TheHonorableKitt is now known as THKitten
[15:05] <Raboo> well I found a bug that matches my case more.. https://bugs.launchpad.net/ubuntu/+source/biosdevname/+bug/1535045
[15:05] <ubottu> Launchpad bug 1535045 in biosdevname (Ubuntu) "Biosdevname does not provide interface naming information for ConnecX4 Devices" [Medium,In progress]
[15:07] <Raboo> very little hope on this getting fixed, the bug was filed 3 years ago
[15:08] <Raboo> Anyone know Brian Fromme?
[15:23] <THKitten> well, this is fun. I've got a diaspora server up, and a mastodon server up on my ubuntu server. Apparently both of them are using the same f*$#@$ing redis server, so sidekiq is giving me the finger because each is trying to read the other's database queries, and they can't understand them, so they toss them, therefore, I lose posts. I have no idea
[15:23] <THKitten> how to fix this, and the dev team are being a bunch of a$$ hats. Suffice to say, I'll ask the clearly better support team, you guys with Ubuntu. Any thoughts here on how I can get both applications to use their own redis database?
[15:24] <TJ-> THKitten: containers might be the quick way - separate them
[15:24] <lordcirth> THKitten, well, this may be overkill for your use case, but at work I would put each in an LXC container. You could also look at running 2 redis servers on different ports and changing the redis port of at least one service
[15:25] <THKitten> I'm relatively new to this, it looks like containers might be the way to go, but I don't have a clue how to do that. I mean ffs diaspora's setup is complex enough as is without screwing with it. It might be better to stick mastodon in its own container and leave diaspora be
[15:28] <TJ-> THKitten: yes, only one needs to move :)
[15:28] <lordcirth> THKitten, apt install lxc lxc-templates && lxc-create -n mastodon -t ubuntu
[15:28] <lordcirth> Actually, you might want to use the newer LXD tools
[15:29] <lordcirth> We haven't moved to those yet, but they are nice
[15:29]  * THKitten bangs head on desk
[15:30] <THKitten> I hate this. Apparently the main dev for diaspora told me this wouldn't work "on the same server" in october, but I dismissed it. Why the hell can't developers make their platforms unique? KNOWING other platforms use similar tools to them? fffffff
[15:31] <lordcirth> It could be that they are assuming that everyone will use containers or VMs anyway
[15:32] <Raboo> would #ubuntu-devel or #ubuntu-bugs be a better channel to find someone to squash the bug?
[15:33] <THKitten> it looks like containers it is. is there a youtube video instructional that can walk me through everything I need to know about containers?
[15:33] <THKitten> is 'docker' one of these containers?
[15:33] <teward> Raboo: neither.  #ubuntu-bugs is for triage, #ubuntu-devel would bring attention to the bug but the package is in Universe since Xenial so unless someone *really* wants to patch it...
[15:33] <teward> it's probably not going to get attention
[15:33] <TJ-> THKitten: yes
[15:34] <lordcirth> THKitten, docker is a container system, but you might find LXC/LXD easier, as it's more like a normal server
[15:34] <Raboo> teward what can I do then? Cause a patch have been available forever and the bugreport has no activity since 2016.
[15:36] <THKitten> awesome, mastodon dev is far more helpful and friendly than diaspora dev. Apparently mastodon has a redis_namespace option, so let's try that
[15:37] <lordcirth> THKitten, that sounds like a good solution too
[15:38] <THKitten> it's a far better solution than the "mastodon and diaspora won't work on the same server" that diaspora dev gave to me -_-
[15:39] <TJ-> this is what happens when you have more Dev than Ops !
[15:40] <THKitten> I already feel like this dev doesn't like me, he and I have gotten into so many arguments, all because he's an aggressive ass
[15:49] <THKitten> ok guys, I'm gonna give this a shot....here's what I'm gonna do, but I'm gonna need some help (like, if you can essentially hold my hand, I'd super appreciate that, because this is TOTALLY out of my realm of comfort and skill).
[15:50] <THKitten> I'm going to setup two redis databases in their own docker container and have them hosted on different ports
[15:50] <THKitten> then configure each platform to use that port for their redis databases
[16:28] <teward> Raboo: i saw your ping, apologies I died shortly thereafter I had to do some emergency system reboots on my bouncer for maintenance.  I'm not sure what the 'patch' is or the established 'solution' will be, so i'll have to take a look, it's possible we'd have to look into a better solution for this, but it's not a package on my radar at present, nor is that bug, and I don't see a patch specified in the bug that'd be used to fix it
[16:29] <teward> Raboo: what's the target release you're trying to make this work on?
[16:29] <teward> Xenial?  Bionic?  Trusty?
=== TheHonorableKitt is now known as THKitten
=== TheHonorableKitt is now known as THKitten
[19:59] <theGoat> so i have an ubuntu 14.04 server vm running on esxi.  and when i reboot it, it always fails on bringing up the network interfaces, once the vm is booted, i can log in and bring up the interfaces with ifconfig, and i can't figure out why.  everything looks good with the interfaces config
[20:00] <TJ-> Finally figured out how to bind entire /massive/ subnets to the host. "ip [-4|-6] route add local network/prefix dev lo" ... can now make my IPv6 addressable display :)
[20:00] <sarnold> TJ-: lol
[20:02] <sarnold> TJ-: btw https://www.jinglepings.com/
[20:04] <TJ-> sarnold: Yes, that is what inspired me before xmas
[20:04] <TJ-> sarnold: I knew there had to be a way to do it easily but they didn't publish any tech details
[20:05] <sarnold> TJ-: aha :)
[20:05] <sarnold> yeah it'd be fun to know a bit more about how they put it together
[20:07] <TJ-> I was thinking of doing something along the lines of the 'million dollar web-page' :D
[20:10] <sarnold> haha :D
[20:10] <sarnold> a friend put together https://ascii.town/explore.html
[20:30] <xrandr> This is probably a bad idea, but is there an easy way to have ufw allow everything EXCEPT icmp?
[20:31] <sarnold> why yes that *is* a bad idea :)
[20:32] <xrandr> sarnold: Well, I am running a game server with multiple games. Instead of adding a firewall rule for each game a customer wants to run, I figured I'd just leave it all open. I don't want ICMP attacks though
[20:32] <sarnold> xrandr: what's an ICMP attack?
[20:32] <xrandr> sarnold: ping flood, etc.
[20:33] <sarnold> xrandr: if you're under volumetric attack the right answer is to ask your ISPs to add filtering rules
[20:35] <xrandr> sarnold: Yes. that would be if they did that. As I rent the server from them, their policy states it is my job to secure the server. One of the major problems I have had in the past (especially with IRC servers) was the ping flood. So that is why I am asking how to allow everything EXCEPT icmp.
[20:35] <sdeziel> ICMP shouldn't be blocked because it breaks PMTU (among other things)
[20:35] <sdeziel> xrandr: ^
[20:35] <xrandr> sdeziel: PMTU?
[20:35] <sdeziel> xrandr: Path MTU discovery to be precise, aka how big can the packets be on a given path between your clients and the server
[20:36] <xrandr> alright
[20:36] <sdeziel> xrandr: not everyone support a MTU of 1500 so PMTU is a way to find which size is right
[20:37] <xrandr> sdeziel: ok, well my goal is to prevent a ping attack. What would you suggest then?
[20:37] <sdeziel> xrandr: if you want to drop ping, drop that specific ICMP type
[20:38] <xrandr> so ICMP ECHO then
[20:40] <sdeziel> xrandr: echo request is probably what you want to drop/reject
[20:40] <xrandr> ok.
[20:40] <xrandr> but it is still possible to allow everything else through, correct?
[20:43] <sdeziel> xrandr: if you only want to drop ICMP echo requests, I'd say that using ufw is way over kill
[20:43] <sdeziel> xrandr: I don't know/use ufw so I can't guide you with it but it would be trivial to do with iptables-persistent
[20:44] <sarnold> I don't think it's even worth bothering
[20:44] <xrandr> sdeziel: alrighty
[20:44] <sarnold> if you configure your machine to not send back ping replies, that'll annoy you when you want to debug it
[20:44] <sarnold> and people can simply send tcp floods anyway
[20:44] <sarnold> or udp floods
[20:45] <sdeziel> xrandr: sarnold has a good point. An compromise might be to use --limit to permit some ping through
[20:46] <xrandr> that could work too
=== markthomas|PTO is now known as markthomas
[22:01] <DammitJim> I'm on Ubuntu 16
[22:02] <DammitJim> how do I disable automatic updates from happening?
[22:02] <DammitJim> there information online is so confusing
[22:02] <DammitJim> I am fine with the system telling me how many updates available there are
[22:02] <DammitJim> but I can't figure out where the system says, oh, I have to update
[22:08] <OerHeks> https://askubuntu.com/questions/953779/programmatically-disable-apt-unattended-upgrades
[22:47] <TJ-> Is there a way to acquire a replacement IPv6 address when DAD stops the requested assignment. Network is using prefix delegation and due to the gateway/router being rebooted systems ended up with duplicates but didn't try to drop the duplicate and request a fresh address ?