[02:34] <teward> finally glad to see my Landscape Client memory consumption leak bug finally being addressed heh.  cc sarnold who I know has heard my complaints since I filed it in early 2017 about Landscape Client eating up *all* my systems' RAM to obscene levels
[02:37] <sarnold> teward: oh yeah? :) nice
[02:38] <teward> LP bug #1685885
[02:38] <teward> we can blame twisted logging :P
[02:38] <teward> biggest impact is on Xenial P
[02:39] <teward> but it still exists to a lesser degree elsewhere.  Their fix seems sane, dump the unused logs to a null handler and just discard, rather than 'storing' in memory in a buffer that won't be used.
[02:40] <teward> 'twas a nasty that technically could have been classified as an unintended DoS vector without any need to act because it'd just seize up the entire system's RAM and swap resources
[02:40] <teward> i didn't push for it to be clarified as such, but :P
[02:40] <teward> classified*
[02:40] <sarnold> "you end up with a log buffer totaling in the hundreds of megabytes, or even gigabytes"
[02:41] <sarnold> owwwwwww
[02:42] <teward> yep.  and that just ate RAM and swap (depending on the degree of swappiness set in the system)
[02:42] <sarnold> "Author: exarkun" .. there's a name I haven't heard in a while
[02:42] <teward> on Xenial from my initial report it ate 50% of RAM and 40%+ of 1GB of SWAP on a 1GB RAM machine :P
[02:43] <teward> heh
[02:44] <sarnold> amazing, it's a single-line bugfix.. I wonder how many people discarded landscape due to the memory use over the years due to it :(
[02:44] <teward> sarnold: judging by the number of people who were asking for the bug to be fixed?
[02:44] <teward> a substantial number.
[02:45] <teward> I know I abandoned it even though I had more than enough machine counts to manage *all* the systems I have, solely because of the resource usage being obscene and DoSing my servers simply by eating RAM and swap
[02:46] <teward> sarnold: the 'fix' upstream which limited the resource usage *was* made over 2 years ago, but *after* twisted had been in Ubuntu Xenial, it makes sense from this that the leak was unintentional but has a pretty easy fix of just initializing logging and discarding everything
[02:48] <teward> so I'm strongly hoping that SRU passes through fairly quick :P
[02:48] <teward> at least the fix is in disco currently xD
[11:23] <kstenerud> I'm merging a package that has some lintian errors due to debhelper. It has Build-Depends on debhelper-compat, but lintian complains that it doesn't have a Build-Depends on debhelper.
[11:23] <kstenerud> Should I be adding debhelper as well?
[11:53] <ahasenack> kstenerud: I'd check the history of debhelper-compat, see if it's just an old package, or metapackage, and if just debhelper replaces it
[12:30] <ahasenack> rbasak: to get git-ubuntu to work with pmdk again, the package should be synced first, and then our delta re-applied? Would that be one way?
[12:31] <rbasak> ahasenack: you could do that, but there's no need to sync first. Just branch your delta re-application from pkg/debian/sid.
[12:31] <rbasak> Then when you're ready (MP approved etc), upload tag that, push and upload.
[12:32] <ahasenack> ah, I see
[12:32] <rbasak> git-ubuntu will accept any upload tag you give it provided that the corresponding tree matches your upload.
[12:32] <ahasenack> ok, thanks
[16:15] <oussemos> Hi, I'm using an old Ubuntu AMI for EC2 (ami-02790d1ebf3b5181d) built on 2018-11-24, I found this morning that Docker is already the latest version
[16:16] <oussemos> How do you guys managing this ?
[16:19] <teward> oussemos: 'already the latest version' according to what?
[16:19] <teward> upstream or apt?
[16:21] <oussemos> teward: yes upstream (Docker 18.09.2)
[16:21] <oussemos> The image is supposed to be from 2018-11-24
[16:27] <teward> oussemos: is Docker installed via snap?
[16:27] <teward> `snap list` and see if Docker is in thelist
[16:28] <teward> oussemos: if Docker is installed via snap, then `snapd` will automatically update the snap when newer versions are available
[16:28] <teward> this is just how Snaps work :P
[16:28] <teward> nothing to do with the AMI image itself
[16:29] <sdeziel> docker's snap is dated from October which means it contains the recently discovered vuln
[16:29] <teward> sdeziel: interesting.
[16:29] <teward> sdeziel: then how does the AMI have the updated upstream Docker?
[16:29] <sdeziel> teward: I'd say worrying ;)
[16:29] <teward> sdeziel: i'd blame HACKS then but :|
[16:31] <sdeziel> Docker 18.09.2 isn't shipped in official repos so it seems like oussemos is using a custom source/PPA/etc
[16:33] <oussemos> no the package is not installed with snap
[16:33] <oussemos> it was installed from https://download.docker.com/linux/ubuntu source
[16:35] <sdeziel> oussemos: maybe you have unattended-upgrades
[16:35] <teward> oussemos: ^
[16:35] <teward> unattended-upgrades might do the updates like that
[16:35] <sdeziel> on second thoughts, I don't know if it would pull from non-official repos
[16:36] <sdeziel> could also be cloud-init
[16:39] <oussemos> yes exactly :) it's cloud-init
[16:39] <oussemos> with package-update-upgrade-install, it's updating all packages to the latest version found in repos
[16:39] <oussemos> found this in cloud-init logs
[16:40] <oussemos> Thanks teward and sdeziel
[16:40] <sdeziel> np
[17:46] <rawco> hello everyone, hoping to find a tutorial/guide on setting up LDAP+SAMBA with webmin and integrate them. I got both up and running but i want to create groups in LDAP and them also becoming SAMBA groups/users . webmin throws me an error everytime i try: Failed to save group : "Failed to add group to LDAP database : objectClass: value #1 invalid per syntax" -- It will, however, create the group if i select “no” on the “SAMBA GROUP?” option
[19:57] <Deihmos> is there an expert install of the server?
[19:58] <lordcirth_> Deihmos, could you be more specific?
[19:58] <lordcirth_> What does the default installer not let you do?
[19:58] <Deihmos> expert install like debian where you have some customization of what is included. the installation is very basic
[19:59] <teward> Deihmos: are you using the live subiquity based installer or the original alterante installer that is d-i based?
[19:59] <lordcirth_> Deihmos, these have the debian installer, I think: http://cdimages.ubuntu.com/ubuntu/releases/bionic/release/
[20:00] <teward> if it's subiquity then you're right, that's not really designed for ultimate heavy duty expert installation like d-i has, you want to use ^ those instead
[20:00] <teward> from lordcirth_'s link :[
[20:00] <teward> :P *
[20:01] <Deihmos> thanks
[20:08] <Deihmos> the installer doesn't give much customization. i guess that's just not what ubuntu does
[20:09] <lordcirth_> Deihmos, just curious, what customization did you want?
[20:09] <Deihmos> by default ubuntu installs a lot of stuff that i don't need.
[20:10] <Deihmos> i can install debian server and it is just 720MB. Ubuntu minimum is 1.5GB
[20:14] <cuken> I'm having problems installing ubuntu server behind my corporate firewall. I was able to put my corporate proxy server in during the install, but it requires an additional HTML login page. Is there a way for me to disable it from checking the archive repo's for release files?
[20:19] <sarnold> there ought to be a way to disable installing updates during install, but be warned that you ought to perform those updates asap before creating untrusted users on the system
[20:21] <cuken> I tried disabling my interface and it restarts the install. Looks like I require an internet connection now?
[20:21] <sarnold> cuken: there's both a debian-based installer and a subuiqity-based installer; you could try the other one?
[20:28] <lordcirth_> cuken, the debian installer will work offline. Then you can set up your proxy after rebooting.
[20:31] <genii> cuken: If your work uses a captured portal system, you might be able to use a liveusb to access the login page and get the machine's MAC address on the authorized list of the portal long enough for it to still be in effect if you try to reinstall server just after that
[21:19] <cuken> genii: tried with the live ISO, looks like we cache with a mixture of the machine name :/
[21:25] <genii> cuken: Another way that occurs to me is during install, alt-f2 or alt-f3 to gain a terminal, then edit /target/etc/apt/sources.list to comment out all entries and Prompt=never in /target/etc/update-manager/release-upgrades
[21:25] <genii> alt-f1 would bring you back to the installer console, alt-f4 to installer output messages
[21:27] <RoyK> or ctrl+alt+f1 if you're in X
[22:11] <Deihmos> teward: the mini.iso is what i needed for the expert install.
[23:05] <Deihmos> does the server auto install updates?
[23:08] <tomreyn> Deihmos: only if you choose it
[23:08] <Deihmos> the install didn't have an option
[23:09] <tomreyn> so you'll need to install unattended-upgrades and configure it in /etc/apt/apt.conf.d/50-unattended-upgrades
[23:09] <tomreyn> this path is from memory, might have changed since.
[23:09] <sarnold> hmm, seeded-in-ubuntu reports that unattended-upgrades is in ubuntu-server: daily, daily-live, daily-preinstalled
[23:10] <tomreyn> installed != enabled
[23:14] <sarnold> hrmph. I really thought we had it enabled eveyrwhere by default now :(
[23:18] <tomreyn> not on either of the server installers, i would think. on desktops you can choose, but i'm not sure whether there is a (GUI) default.
[23:21] <tomreyn> rbasak was saying he thinks ubuntu core does updates by default (but also wasn't 100% certain, though i guess it surely makes sense for the iot use case).
[23:23] <tomreyn> on the other hand, if hundreds of remote, badly connected and basically pysically unserviable systems were to fail due to a regression, that'd be pretty bad.
[23:27] <Ussat> I rip out unattended-upgrades on all my server installs
[23:28] <mwhudson> the d-i installer asks you if you want it enabled, the default is "security only"
[23:29] <mwhudson> live server doesn't ask (yet)
[23:30] <tomreyn> oh so d-i defaults to on for security, i wasn't aware.
[23:30] <tomreyn> since when is this?
[23:33] <tomreyn> i see, 18.04 d-i has it enabled.
[23:35] <Ussat> FWIW I really dislike this "hand holding let us preconfigure and protect you from yourself" direction
[23:40] <tomreyn> i might add that i'm still disappointed with the feature coverage and quality the default server installer will have in the third 18.04 release.
[23:41] <tomreyn> i do recognize that some bugs git fixed, which is great., but also other didn't or maybe just the bug reports didn't get updated, not sure.
[23:42] <tomreyn> as always, this is not to blame anyone, i'm just looking at things remotely and with the high expectations I got used to during the past years.
[23:52] <mwhudson> tomreyn: yeah we didn't get much done for .2
[23:54] <tomreyn> there's always the option of switching defaults again until things work well.
[23:59] <tomreyn> (i realize this may be a difficult thing to sell both inside and outside the company)