[00:36] <Deihmos> winscp looks interesting. trying it out now
[00:39] <Deihmos> yep this is perfect
[01:38] <Deihmos> is there a command to see resources used?
[01:39] <sarnold> hundreds :)
[01:39] <sarnold> Deihmos: this is a decent very fast introduction http://www.brendangregg.com/blog/2015-12-03/linux-perf-60s-video.html
[06:10] <killown> what does that mean AppArmor parser error for /etc/apparmor.d/usr.sbin.mysqld in /etc/apparmor.d/usr.sbin.mysqld at line 74: syntax error, unexpected TOK_CLOSE, expecting TOK_END_OF_RULE
[06:10] <killown> error after apt upgrade
[06:10] <killown> invoke-rc.d: initscript apparmor, action "reload" failed.
[06:11] <killown> isn't ubuntu server supposed to be stable?
[06:11] <killown> it's just a fresh install without update for two months
[06:12] <killown> ubuntu 18.04...
[06:43] <lotuspsychje> killown: without update?
[08:35] <lordievader> Good morning
[11:05] <ahasenack> good morning
[11:20] <ahasenack> I forget, the installation tests done in the migration step, are they done with -proposed enabled overall, or just for the package that is undergoing migration?
[14:47] <evit> Does anyone know if the Ubuntu Repo PHP PEAR package is affected by this https://www.grahamcluley.com/poisoned-pear-php-extension-repository-download-infected-for-up-to-six-months/
[14:56] <rbasak> evit: I expect so, yes, based on that article. It sounds like the compromise was in the repository. The point of the Ubuntu Repo PHP PEAR package is to connect to that external repository.
[14:59] <evit> rbasak, Should I remove the package till it is updated? What are others doing?
[15:04] <rbasak> evit: the package isn't the vulnerable part.
[15:04] <rbasak> You'll need to track what others are doing upstream. You aren't any different from those on other distributions or installing from upstream sources who use PEAR.
[15:05] <evit> Is it just the single go-pear.phar file?
[15:21] <evit> The tightlipped (lacking in details) response from the PHP/Pear team doesn't help
[15:58] <kstenerud> some investigation into openvpn service: "service openvpn start" changes state to "active (exited)", regardless of whether --daemon is specified or not.
[15:58] <kstenerud> The "state" of the openvpn service doesn't affect nmcli behavior. You can start and stop VPN connections regardless of whether it's active or not.
[15:59] <kstenerud> There are also no processes running when the service is "active"
[15:59] <rbasak> It sounds like there's a general problem if it still stays active, but not related to the --daemon bug report I think then?
[16:00] <kstenerud> From what I can tell, it doesn't need a service at all...
[16:00] <kstenerud> Everything works regardless
[16:00] <kstenerud> Or maybe that's just with network manager?
[16:01] <kstenerud> The only time an openvpn process opens is when you nmcli start a VPN connection
[16:03] <sdeziel> kstenerud: "systemctl cat openvpn" shows that it only calls /bin/true so probably not what one wants
[16:04] <sdeziel> kstenerud: on the CLI, the new way is to call "service openvpn@$foo start" or "service openvpn-{client,server}@$foo" where foo is the name of the .conf file
[16:07] <Deihmos> why would ubuntu use swap when there is so much ram
[16:11] <kstenerud> sdeziel: Where would these .conf files be?
[16:11] <sdeziel> kstenerud: for the openvpn@ version they are in /etc/openvpn/*.conf. for the openvpn-{client,server}@ ones, in /etc/openvpn/{client,server}/*.conf
[16:12] <ahasenack> careful, there is an hierarchy
[16:12] <ahasenack> there's /lib/systemd, /etc/systemd, and /run/systemd (not 100% about the path for the last one)
[16:13] <sdeziel> ahasenack: those path are for the unit definition not the config of the OpenVPN instance
[16:13] <ahasenack> sdeziel: ah, right
[16:13] <ahasenack> sorry
[16:13] <sdeziel> kstenerud: try "systemctl cat openvpn{,-client,-server}@" and you'll see they set a workingdir and tune execstart
[16:14] <kstenerud> so is that the same as the .sesame dir in the homedir?
[16:14] <sdeziel> ahasenack: hehe, always good to make people aware of those multiple hierarchy being in play
[16:14] <sdeziel> kstenerud: sorry, never heard about a .sesame dir
[16:14] <rbasak> That's a Canonical-internal thing for our VPN configuration.
[16:15] <sdeziel> hmm
[16:16] <sdeziel> kstenerud: I'm not familiar with the above but if it resides in $HOME, openvpn-client@ will by default not have access to files in there due to the ProtectHome=true it has. Dunno if that's relevant for you but I'd though I'd mention this little gotcha
[16:17] <sdeziel> err, this ^ applies to all openvpn instance units in fact
[16:26] <sdeziel> Deihmos: what's the output of "free -mt"?
[17:19] <Ark74> Hello guys!
[17:20] <teward> *sits on Ark74*  (I'm in here too LOL)
[17:20] <teward> @Ark74: FYI that on Xenial HTTP/2 support is spotty because of OpenSSL lib versions and such
[17:20] <Ark74> I'm looking forward http2, I've build apache2 (2.4.34) from disco, but seems it doesn't have http2 enable
[17:20] <teward> Ark74: a2enmod http2 does nothing?
[17:21] <Ark74> teward, yeah, I had to backport several packages openssl 1.1.1a included
[17:22] <Ark74> it does, I mean it links to /usr/lib/apache2/modules/mod_http2.so
[17:22] <Ark74> I've configured h2 in apache
[17:22] <teward> I know that in Bionic it's got HTTP2 support via nghttp2 package.
[17:22] <teward> and Cosmic and assumingly Disco, but that's not in my radar typically
[17:23] <Ark74> but it keeps serving http/1.1
[17:23] <teward> backporting that to Xenial will meet you with mixed results (you're probably better off just upgrading)
[17:23] <teward> Ark74: how're you testing?
[17:23] <teward> Ark74: do you have HTTPS enabled?
[17:23] <teward> which is part of http2's requirements?
[17:23] <teward> most browsers don't support HTTP/2 without HTTPS enabled as well
[17:24] <Ark74> loading the browser page with DevTools and also using nghttp client
[17:24] <Ark74> I've tried apache2 ppa with http2 support
[17:24] <Ark74> and it worked
[17:25] <Ark74> I'm trying to backport form oficial packages
[17:25] <Ark74> yeah, https is used
[17:27]  * Ark74 points -> https://launchpad.net/~ondrej/+archive/ubuntu/apache2
[17:31] <teward> on DIsco or on Xenial?
[17:31] <teward> Pretty sure trying to do this on Xenial will fail without some workl
[17:36] <tomreyn> also there's no disco builds on this ppa
[17:39] <mason> LXD question if anyone knows - if I want to point LXD to a local dataset when I run lxd init, it sees that and makes some datasets under it, but then "lxc profile show default" says "path: /" and "pool: local" and I see /var/lib/lxd on root being populated. Do I need to have my target dataset mount on /var/lib/lxd? Is the fact that I didn't define a mountpoint problematic, and it'd have been happy
[17:39] <mason> planting itself anywhere as long as it had a mountpoint? I'm brand new to LXD and curious about this.
[17:40] <Ark74> teward, the ppa is for Xenial.
[17:40] <Ark74> I'm using apache2 shipped on disco (2.4.34)
[17:41] <Ark74> hoping it is included there, but seems it doesn't
[17:41] <rbasak> mason: try #lxcontainers (IIRC)
[17:41] <mason> rbasak: ty
[17:42] <mason> It seems to exist. Thank you. Asked there.
[17:47] <mason> Of course, they're all quiet in there. I guess I'll test on a VM later and let it create a pool, and see how it handles the mountpoint.
[17:49] <rbasak> The lxd developers do hang out in there, but perhaps they're not available right now.
[17:49] <mason> Mm, no idea what timezones they inhabit.
[17:52] <sdeziel> mason: AFAIK, no need to have anything mounted in the host, lxd takes care of that
[17:57] <Ark74> the question remains, does apache2 (2.4.34)on disco have http2 support?
[17:57] <Ark74> thanks!
[17:58] <mason> sdeziel: Hm, it seems not to do that, though - the init clearly creates datasets below the one I specify, but then everything populates inside /var/lib/lxd and the dataset is left untouched.
[17:59] <mason> sdeziel: What you're describing is what I'd have expected.
[17:59] <sdeziel> mason: what's the storage backend you are using?
[17:59] <mason> sdeziel: ZFS, specifying a dataset that's part of an existing pool.
[18:00] <sdeziel> mason: OK great, so that matches my setup. So to be sure I understand your problem, if you stop a container then manually mounts it's fs, you have nothing?
[18:00] <mason> The tutorials all show the admin letting LXD create pool, so it's easy enough to do that and see what it sets up.
[18:01] <mason> sdeziel: I am at the very beginning. Didn't notice this until I didn't see the dataset untouched as I was downloading a container.
[18:01] <sdeziel> mason: the downloading doesn't touch the storage pool
[18:01] <sdeziel> mason: IIRC, it stores temporary files in /var/lib/lxd
[18:02] <mason> Hrm.
[18:03] <mason> Maybe I've misread the lxc profile show default output then. That's possible too.
[18:18] <teward> Ark74: let me spin a container and test.
[18:18] <teward> i'm still doing stuff at work lol
[18:22] <Ark74> teward, Thanks!, please take the time you need, I'll be around the whole day if necessary
[18:22] <Ark74> :)
[18:28] <tomreyn> disco is: /join #ubuntu+1
[18:30] <tomreyn> https://httpd.apache.org/docs/2.4/howto/http2.html#building states you need to ./configure with --enable-http2 during build time to create the mod_http2 module, and this module is included in disco packages: https://packages.ubuntu.com/disco/amd64/apache2-bin/filelist
[18:31] <tomreyn> the other requirements of "at least version 1.2.1 of libnghttp2", at least version 1.0.2 of openssl" are also satisfied.
[18:31] <teward> Ark74: #ubuntu+1
[18:32] <teward> tomreyn: Ark74: in the interim, confirmed it works.  https://paste.ubuntu.com/p/JN6q3n7F3j/
[18:32] <teward> disco container, bionic host with cURL calls and verbose output, showing the SSL negotiation and the use of HTTP/2
[18:32] <tomreyn> i haven't checked whether "LoadModule http2_module modules/mod_http2.so" is included by default, may require "a2enmod http2"
[18:32] <teward> Ark74: so you've got a misconfigure somewhere most likely.
[18:32] <teward> tomreyn: it needs a2enmod http2 which i said above
[18:32] <teward> tomreyn: it also needs enabled with a Protocols directive to include h2
[18:33] <teward> i included an example ssl config that works with http2 as well using the default site/docroot/welcome page
[18:33] <tomreyn> right makes sense
[18:36] <Ark74> teward, hmmm, yeah then I'll make the same test as you to confirm on my side then go back in my footsteps see where it broke
[18:38] <teward> Ark74: note you'll need ssl-cert as well to use the template I gave.
[18:38] <teward> which generates snakeoil certs
[18:38] <teward> and now to put better thermal pads on my laptop's mosfets.  back later.
[18:38] <Ark74> yeah, don't worry I got that covered
[18:39] <Ark74> thank you very mush teward
[19:45] <teward> *returns*
[19:45] <teward> Ark74: you're welcome.  Sorry to constantly claim you did it wrong, but yeah with the tests provided it should give you the ability to test yourself :)
[19:45] <teward> (sorry I had to go into a meeting right after I got the thermal pads on my MOSFETs to help with cooling)
[19:58] <Deihmos> https://usercontent.irccloud-cdn.com/file/GxXwrqhv/IMG_0149.JPG
[19:59] <Deihmos> sdeziel: see pic
[20:30] <sdeziel> Deihmos: pastebinit for next time
[20:31] <sdeziel> Deihmos: looks like some tasks needed a lot of RAM in the past pushing some unused chunks to be put to swap to free RAM
[20:32] <sdeziel> Deihmos: you may want to use "vmstat" to check if there is some I/O traffic to/from swap. This will tell you when something is actively causing swap to occur
[20:54] <Ark74> teward, no problem, I'm aware of the high chances getting something wrong. It's great to have the confirmation, though
[21:36] <Ark74> teward, yep. Confirmed (yet again). apache2 2.4.34 has http2 capabilities ;) my backport compilation surely was broken.
[22:37] <silentfury> Hi there. Setting up an ubuntu linux lab on an old ibm systemx server i have. Would I be better to go with the latest release 18.10 or or the 18.04 lts?
[22:38] <benharri> lts
[22:38] <benharri> generally preferable to use lts releases on servers
[22:39] <silentfury> even if it's just a test lab?
[22:39] <benharri> 18.10 will have some newer packages
[22:39] <sdeziel> silentfury: none LTS releases are only supported for 9m so probably worth it if you need something not in the previous LTS and also want to upgrade your lab frequently
[22:40] <sdeziel> s/none LTS/non-LTS/
[22:40] <silentfury> i'll try out 18.10 then. we'll see if it even likes this old hw i have
[22:40] <benharri> if you don't mind upgrading with each non-lts release, then go for it
[22:42] <silentfury> yeah, im mostly a windows server guy, so that's par for the course
[23:02] <sarnold> silentfury: LTS releases if you just want things to work, non-lts releases if you like filing bug reports :D
[23:04] <silentfury> i'll keep that in mind
[23:15] <lunaphyte> is there a dpkg mechanism or such that controls the contents of /etc/initramfs-tools/conf.d/driver-policy ?