/srv/irclogs.ubuntu.com/2019/03/11/#ubuntu-server.txt

lordievaderGood morning07:33
=== lotuspsychje__ is now known as lotuspsychje
devster31hi guys, I was looking at RPI server images, what does the "preinstalled" mean? is it like the cloud images with some default users set but customizable with user-data?11:00
lotuspsychjemaybe the arm guys also know that devster3111:06
lotuspsychje!arm11:06
ubottuARM is a specific (RISC) processor architecture used in a variety of applications such as handhelds and networkdevices. For more information see https://wiki.ubuntu.com/ARM . For ARM specific support, stop by the #ubuntu-arm channel.11:06
devster31ok, thanks11:08
tomreyndevster31: i think "preinstalled" means they are disk images which can just be written to a storage using 'dd' or similar raw copy utilities.11:22
jamespagecpaelzer: coreycb may have already asked this but I have a problem with libvirt 5.0.0 on bionic via the UCA11:33
jamespagelibvirt/qemu is not reporting a capability of domain type=kvm11:33
jamespageonly type=qemu11:33
jamespageany ideas?11:33
khedrubhi there. I am a bit confused, I hope someone here may help me with that. :-) I need to set up a few services next to each other, for example nextcloud with web interface and discourse as a forum software. In my understanding the modern way to do this is to use containers. Snap or docker come to mind. So I used snap for nextcloud and it runs fine. But how does one go about setting up discourse as a seperate snap and tell it to also listen11:40
khedrubto port 80/443 but a different subdomain?11:40
khedrubWithout containers it would be easy, but I want to do it right from the beginning11:40
blackflowkhedrub: you don't need containers. they solve specific problems and you'd know if you had them. like inability to install some software regularly -- due to conflicts with system files, libs, other packages, or simply because there aren't any packaged for the distro.11:41
blackflowkhedrub: "containerization" -- like isolation, namespacing, permissions, can all be solved with system unit configuration of the services, without the need to exponentially raise the complexity of your system with "containers"11:42
khedrubarent containers also more secure because its isolating software similar to virtual machines?11:42
blackflowcontainers per se are NOT security boundaries.11:42
rbasakContainers are useful for trying things out.11:42
blackflowthey're totally not similar to virtual machines. they're just process (and uid and filesystem) namespacess11:43
rbasakSince what goes on in them generally doesn't affect the host system.11:43
rbasakFor example if a third party software wants to stomp all over your system, which is very common.11:43
blackflowright, the highly specific problems I mentioned above :)11:44
rbasakdiscourse and nextcloud are perfect examples11:44
blackflowkhedrub: btw, "listen on <same> port but different subdomain" does not work. you really need different IP, not subdomain per se. then, yes the different IP could be pointed at by the subdomain.11:45
khedrubOkay, so the old way of doing this (installing the software via git or apt and then configuring apache to use the sub domains for example) is still the good way to this nowadays? Because thats how we did it back in the days but I thought that is outdated and there are better ways in terms of security11:45
blackflowkhedrub: yes. use snaps if the snap'd versions offer some functionality that you specifically need.11:45
blackflowalso considering the drawbacks of snaps. for example they're rather bad for server applications because they autoupdate and you don't have any control over that.11:47
khedrubI see.11:48
blackflow(and you don't have the ability to supply your custom apparmor profile to them -- those two are for example the two biggest gripes I have against snaps at the moment, even if you ignore the "containerize everything" hype)11:48
jamespagecpaelzer: nm figured it out - perms on /dev/kvm where incorrect11:49
khedrubBut from what you say it sounds like containers are quite a rare usecase. I had the impression that they are the new stuff that everyone is using nowadawys11:49
blackflowkhedrub: they have their uses yes. it is _not_ to containerize everything by default, no questions asked. that's very bad.11:50
rbasakkhedrub: I don't think blackflow's view is particularly representative of Ubuntu server users in genreal.11:50
rbasakTrying things out in containers is very common and is recommended.11:50
blackflow"trying things in containers" does not in any way conflict with anything I've said so far.11:50
khedrubokay, but what if you want to have the software as productive systems?11:51
blackflowI don't see "trying things" as specific requirement in the original question.11:51
rbasakIn general, "disposable" deployment platforms are extremely common.11:51
rbasakWhether that's "start a cloud instance" or "start a container".11:51
rbasakOr a VM.11:51
blackflowsure they are. which, again, does not contradict anything I've said.11:52
jamespagecpaelzer: hmm but...11:52
blackflowif your use case calls for a container, then by all means use it. with all the virtues AND drawbacks of them.11:52
rbasakSomething that encapsulates that part of the deployment, which you can throw away on a whim to try again, rather than doing anything on a host system installed by hand.11:52
cpaelzerjamespage: but why are they incorrect?11:53
cpaelzerthey should be set by udev11:53
jamespagecpaelzer: change in qemu packaging I think11:53
blackflowrbasak: that's a very specific use case, not a default state of production environments.11:53
cpaelzerjamespage: yeah I stopped doing to in qemu, as udev already did11:53
cpaelzerand was the right place to do so11:53
blackflowproduction environemnts, especially money making ones, want as little change as possible.11:53
jamespagecpaelzer: that probably works ok on disco, but not so well when we backport to bionic11:54
cpaelzerIt should even be on Bionic, but let me check to be sure11:54
cpaelzerif confirmed you can add it back on UCA11:54
rbasakblackflow: either you misunderstand my point, or your grossly incorrect. I'm not sure which.11:54
rbasakSee "devops", "pets vs. cattle", etc.11:54
blackflowkhedrub: one drawback of containers is that they contain and package ALL the libraries and requirements for a specific software.  that means, for example, if you had 100 containers on the system and each needed openssl, you'd have 100 individual openssl installations.11:54
jamespagebionic has 23711:55
jamespagemight be 239 where that comes in11:55
blackflowkhedrub: which also means that in case of security vulnerability, you'd HAVE to upgrade all 100 of them. which is a very complex situation. so this means that you need to upgrade EACH container separately which is a lot of work. that's why you use them only if they solve some specific use case you can't solve otherwise.11:55
cpaelzerjamespage: 239-611:56
rbasakblackflow: rubbish. You're making that out to be a big problem. It is not. You are exagerrating.11:56
rbasakblackflow: if I used 100 VMs or cloud instances, I'd have the same problem.11:56
khedrubblackflow, dont they autoupdate like you said earlier?11:56
blackflowrbasak: neither. the original question was not about "temporary testing environment" so I don't know why you're trying to present that to be somehow against what I've said, which it isn't11:56
rbasakblackflow: if local, then why would I have 100?11:57
rbasakblackflow: and if, as is current best practice, you have code that can redeploy, with CI, etc, then upgrading each container is absolutely not a lot of work. It's automatic.11:57
blackflowapt install <package>; done.    how's that worse than deploying containers around?11:59
khedrubIndeed, my usecase is a server which has a little as possible running on it, only the 2 - 4 webservices like nextcloud and discourse.11:59
rbasakBecause for server tasks you're not done after an apt install.11:59
blackflowor are you deliberately ignoring what I'm saying from teh beginning, in that containers DO have use cases, but they should NOT be a default solution, if another exists.11:59
blackflowrbasak: strawman11:59
blackflowneither you are with containers11:59
rbasakYou seem to have some obsession with container hate.12:00
rbasakNote that I'm not talking about containers specifically.12:00
rbasak<rbasak> Something that encapsulates that part of the deployment...12:00
blackflowkhedrub: snaps autoupdate, yes. I was talking in general that containers are isolated envs and if you build one, you have to maintain it as such.12:00
rbasakEncapsulation is something that is best practice.12:00
rbasakDo it with containers, or something else, doesn't matter.12:00
blackflowI do not have obsession with container hate. I've been doing this for over 10 years, even before the "container hype" with freebsd jails.   I _do_ have obsession with as simple as possible systems.12:01
rbasakAs yes, the cost is that you have to maintain multiple encapsulations, but we have automation to help with that.12:01
blackflowI do have a problem with "containerize everything" hype which is misplaced. Again, they do have use cases, but they should not be defaulted to with no clear idea what problem you're trying to solve.12:02
rbasakMuddling everything together into a host system that you have to sysadmin by hand because so many things have happened to multiple tasks on the system that redeploying is now a huge task is not the way.12:02
blackflowrbasak: so you're saying apt should be replaced by snaps? you really ARE saying that, which that blueprint was apparently misquoted for?12:02
khedrubbut if I used containers, how would I tell the nextcloud snap to use cloud.xyz.org and the discourse snap to use discourse.xyz.org? Since they are using seperate apache instances...12:03
rbasakNope. I'm not saying that.12:03
rbasakWhen did I even mention snaps?12:03
blackflow"mudding everything" ... why would you do that? if a package exists, it's obviously integrated with the system, tested and available as part of the distro12:03
rbasakI'm talking about _encapsulation_12:03
rbasakWhether that's inside snaps, containers, VMs, cloud instances...doesn't matter.12:03
blackflowof what exactly?12:03
rbasakI think you should take a break, and read this conversation again tomorro.w12:04
blackflowif an apt package exists, why is a container of that software better solution?12:04
ahasenackgood morning12:04
rbasakYou can use apt inside a container.12:04
cpaelzerhi ahasenack12:04
blackflowand I'll repeat what I said earlier, service containerization IS achievable with systemd unit configuration WITHOUT the expense and complexity of handling a whole isolated OS tree environment.12:04
rbasakNow you can undo the entire container in one go.12:04
ahasenackhi cpaelzer12:05
rbasakYou can do your service containerization with systemd units inside a container.12:05
blackflowrbasak: right, and why would you do that unless you had a specific need for a container? you mentioned test environments -- sure I agree, containers are very suitable for those. that, however was not the original question.12:05
rbasakA container is just a nested Ubuntu.12:05
blackflowsans the kernel, yes.12:06
rbasak(well, it can be many things, but it can be that)12:06
rbasakSure. A nested Ubuntu userspace then.12:06
blackflowso why manage 100 copies of ubuntu if that can be solved with SHARED libraries, especially since you can STILL isolate the services with systemd unit config?12:06
rbasakAgain, you're exaggerating12:07
blackflowI totally am not. the shared library model exists for a reason12:07
blackflowcontainers exist for a reason too. my whole point so far is unless you really need to isolate software in it, do yourself a favor and don't complicate the system.12:07
rbasakMy point is that you _always_ want at least one level of isolation.12:08
rbasakSince the host system is always one part that's the most expensive to redo/redeploy.12:08
jamespagecpaelzer: right so a chgrp and chmod on /dev/kvm fixes things up12:08
cpaelzerjamespage: ok, glad to know12:09
blackflowrbasak: right. ProtectSystem= systemd directive seems to be one level of isolation (which I'm using, among other things, quite extensively).12:09
jamespagecpaelzer: I'm guessing you'd want to hold this as a patch for the UCA backport right?12:09
rbasakNo, because to do that you already taint your host system configuration.12:09
khedrubblackflow, I am trying to find some info on isolating services with systemd unit configs. The search results are a bit unrelated though. Do you have any link to further reading or a good search term for this specific use case of unit files?12:09
blackflowthere's no need to install a whole new Ubuntu, inside your existing Ubuntu, sans the kernel, just to run nginx off of it, for example.12:09
cpaelzerrbasak: blackflow: you two do realize that the problem of your discussion is, that you are both right - you can do things with/without containers (of various types) - and it depends on your problem if you want/need to use them (and there everyone can decide where to make the cut on their own - and it is ok that you two do so at different places)12:10
blackflowkhedrub: https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db0412:10
blackflowkhedrub: and of course respective manpages for each of the directives12:10
blackflowcpaelzer: which is what I've been saying from the beginning, with the addition of don't _default_ to using a container unless you understand fully, what problem that will solve? why is that in any shape or form bad advice? it's GOOD system administration pattern.12:11
khedrubblackflow, thank you!12:11
khedrubIt was very worthwhile for me that you two had that discussion. It brought some clarity about the pros and cons of either solution, if nothing else. :-) So thank you both12:14
blackflowrbasak: "taint your host system configuration" -- yes, so? if there's a conflict, please report a bug against the specific package. there can also be bugs with snaps you know. let's begin with all the littering of /snap, ~/snap and loop mounts.......12:15
blackflowif that is not tainting the host system, I don't know what is.12:15
cryptodanthats one of the first things i did when i installed ubuntu server was to remove snap from the system12:16
blackflowkhedrub: and all I'm saying is don't default to them unless you understand the problems containers solve, if that fits your use case, and you're aware of all the drawbacks of containers.12:16
blackflowcryptodan: everyone does it, where I've been called to maintain Ubuntu systems. but somehow my views are not representative..... I think Ubuntu devs have a huge disconnect between what they think users want and what users actually DO in practice.12:17
masonblackflow: So, you've missed one critical point with containers vs a base system service - service stability. Even for a singleton, there's not live migration of containers.12:17
blackflowmason: you mean of base system service12:18
cryptodani also removed the cloud stuff from the base install12:18
masonOr perhaps that should be *especially* for a singleton.12:18
cryptodanmason: then it should be optional12:18
cryptodannot forced12:18
masonblackflow: No, live migration of containers and a network config that goes with them.12:18
masonWhich is to say, live migration of services.12:19
blackflowmason: sorry I don't follow what you wanted to say then12:19
cryptodanthey should have the mentality of a single use server for base installs12:19
masonblackflow: You were arguing that containers aren't at all like VMs, but that's no longer quite true.12:19
cryptodanno added crap like snapd, cloud stuff, or anything like containers12:19
blackflowmason: I was arguing from the standpoint of ISOLATION, which as the discussion. one is process namespace, the other is a whole kernel running on the CPU with host-side irq handlers triggering on hardware virt12:20
blackflowwhich *was . VMs area  whole different level. not just from the CPU standpoint, but also from the hardware standpoint. memory compartmentalization. context switches.12:21
masonIf isolation is the critical thing, it's also worth bringing up type I vs type II hypervisors, then.12:21
blackflowmason: sure but this convo and my original objection was only this:  don't use containers as _Default_ solution unless you understand what they do, what problems they'd solve for you, and what are the drawbacks.12:21
masonYou'd hate my answer, then. For me, I like containers as lighter-weight VMs.12:22
blackflowthe original question was about "In my understanding the modern way to do this is to use containers" -- for running services.  and I said, no, not by default.12:22
blackflowmason: if that solves your use case and you know what you're doing, that's not in any way contrary to what I'm saying :)12:22
masonYeah. I was just thinking about it. If the *only* reason for using containers is isolation, that's still not *bad* in any way. It's like using a shorthand to talk about separation, rather than depending on not missing any of a range of available tools.12:23
masonAs for the scale of managing one system's updates vs dozens, that's something to be automated anyway. The exact number shouldn't matter at all.12:24
blackflowmason: and even then, what kind of isolation. it's all bout namespaces. process, pid, filesystem, network.12:25
masonsure12:25
blackflowfor example, in my use case, the packaged nginx, postgres, dovecot, and postfix  -- they all fit my needs. I isolate them with sytemd unit configuration options. additionally with apparmor profiles. and I benefit from those packages being maintained in the way they are, stable and with backported fixes.  I trust that way more than a random docker someone plopped on a hub somewhere, or a random12:29
blackflowsnap someone uploaded.12:29
blackflowif I needed to use or test the super bleeding edge version of nginx for example, then totally yes, I'd use a container (LXD probably) for all the reasons mentioned here as benefits: full isolation without affecting the base OS.12:30
cryptodanid do it in a vm12:34
masonblackflow: Ah, that's different, pulling in the notion of random dockers.12:54
masonHand-maintained homebrew containers can still use the nice, curated system packages.12:54
blackflowmason: yes, and then you have that problem if having to maintain multiple systems (sans the kernel) yourself manually. which is fine if that solves your case. unnecessariy complexity if `apt install X` would've solved your case in the first place.12:56
blackflow*of having12:56
masonI assume I already have that problem in all cases, though.12:56
blackflowmason: sure but the orig question was about using third-party prepackaged containers with snap or docker. those contain additional "don't do it unless you really need it and really know what you're doing" stickers. it's one thing to "I need to isolate this thing here in a way LXD does it, so I'll build an LXD container and apt install what I need, in there."    and quite anotehr to  " I'll13:03
blackflowinstall a docker or snap of package X because it's the 'modern thing to do' without undrestanding what that really means".13:03
blackflowI'll always bark against the latter.13:03
masonAh. Ah. I'd missed that. I skimmed backlog to get an idea of things, but yeah, using someone else's packaged bundle leaves me cold too.13:05
jamespagecoreycb: I'll make a start on the oslo.* ones13:24
coreycbjamespage: sounds good. i'm going to fix up the vitrageclient backport and then i'll get started13:48
coreycbsahid: nova 16.1.7 pushed and uploaded to pike-staging. thank you.14:29
mwhahahacoreycb, jamespage: we're getting tempest failures in puppet openstack because we appear to be missing https://review.openstack.org/#/c/605851/ in keystone. when's the next time you're going to update the stein packages?14:44
sahidcoreycb: ack thanks14:50
jamespagemwhahaha: next 24-48hrs15:03
mwhahahak thanks15:03
jamespagewe're working deps first, and then will do the core projects15:03
ykarelmwhahaha, so till then we pin tempest, or wait?15:09
mwhahahai'll propose a tempest pin if ic an figure out the patch that broke it15:10
ykarelmwhahaha, should i propose15:10
ykarelwas preparing a patch15:10
ykarelcommit message should explain it15:10
mwhahahak15:11
mwhahahaif you have it sure15:11
ykarelok15:11
=== ykarel is now known as ykarel|afk
jamespagecoreycb: awesome new unpackaged dep for oslo.service16:00
jamespage\o/16:00
coreycbjamespage: oh great16:00
coreycbjamespage: let me know if i can help16:00
=== ykarel_ is now known as ykarel
CPresslandAfternoon all, was wondering if somebody could help me with Netplan? I'm spinning up a VM on Azure with multiple DHCP IPs per NIC for use in a Kubernetes Cluster. Netplan is detecting the Primary IP but cannot see any additional IPs. How do I configure Netplan to get all secondary IPs (30 of them)?16:25
=== ykarel is now known as ykarel|away
ruben23guys my ubuntu server has some big text on my monitor screen, how do i adjust it to be smaller16:31
ruben23and a bit high res16:31
ruben23anyone here guys16:36
lotuspsychje!patience | ruben2316:36
ubotturuben23: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or https://ubuntuforums.org or https://askubuntu.com/16:36
sdezielruben23: that's usually something you send in your client's terminal16:38
sdeziels/send/set/16:38
tomreynCPressland: looking this up a little, i think this is bug 175901416:38
ubottubug 1759014 in netplan.io (Ubuntu Cosmic) "Netplan has no way to control DHCP client" [Undecided,Confirmed] https://launchpad.net/bugs/175901416:38
CPresslandtomreyn: That looks like it almost exactly! Thanks!16:40
tomreynCPressland: Consider clicking on "This bug affects 14 people. Does this bug affect you?"16:41
tomreyn+ subscribing16:41
CPresslandDone! Fingers crossed for a backport. For now I'll do my prototyping on 16.0416:45
CPresslandThanks again.16:45
sarnoldruben23: is it coming up with 80x25 vga? or a framebuffer console? or X11? what do you want it to do?16:58
ruben23 sarnold:  coming from vga, the res is too big i cant see the whole picture of the server most specify when i try to check logs , how do i adjust it to smaller and high res a bit16:59
sarnoldruben23: most people just ssh into their machines and don't care about the display attached to it17:01
sarnoldruben23: there are a few kernel command line parameters you can try -- look at video= and vga= in https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt#L494017:02
sarnoldruben23: you can also install X11 if you want to17:02
ruben23sarnold: if there is X11 it will automatically adjust right.?17:04
sarnoldruben23: yeah I think it'll try to run at the best the video card and monitor can support17:04
ChmEarlCPressland, /usr/share/doc/netplan.io/examples/17:08
CPresslandChmEarl: Thanks, unfortunately those examples don't cover off what I'm trying to achieve here. Basically Azure has provisioned 31 IP Addresses for a single NIC, but I can only get Ubuntu itself to see the "Primary" IP. I can manually assign secondary IPs and it works just fine, but the point is that I won't always know what the IP address is (nor will Chef) as we're using DHCP.17:15
CPresslandLooks like the Azure CNI may actually handle some of this for me. I'll do some further testing on that assumption.17:22
Jofi00hi, can anyone help me with first steps in ubuntu-server installation?18:55
lordcirthJofi00, what is going wrong?18:56
Jofi00I have installed ubuntu-server and have nextcloud running, but I cannot find any apache folder to mod the configuration18:56
lordcirthJofi00, /etc/apache2 should have your config18:57
tomreynJofi00: how did oyu install nextcloud?18:57
Jofi00in etc I cannot find the folder18:58
Jofi00I did install nextocloud via the menue in the installation process18:58
Jofi00could it be that by default any other server is running?18:59
sdezielJofi00: that sounds like the snap version of nextcloud18:59
tomreynJofi00: aaw snap, i think this installed a snap then.18:59
lordcirthI've never used that method. Perhaps it's a snap?18:59
Jofi00could be18:59
Jofi00so this would use its own server then?18:59
lordcirthJofi00, run 'locate nextcloud'19:01
Jofi00untortunately, it doesnt return anything19:02
lordcirthActually, snap info nextcloud19:02
Jofi00ah19:03
tewardif you used the server live installer (subiquity based) and selected nextcloud, it used the snap.19:04
tewardcan guarantee that19:04
Jofi00ok, this is a good start for me to search for the config file, thanks19:05
blackflowthat's terribad. this default to snaps nonsense must stop.19:05
Jofi00snaps are no good? havent used them before19:06
sarnoldsnaps aren't a bad way to try to get some of the benefits of windows-style software distribution19:07
blackflowI didn't say that. I said _default to snaps_ is bad. snaps per se are solving particular problems, yes.19:07
Jofi00gotcha19:07
blackflowin so that if you want to use the snap, then it should be a deliberate, conscious action of `snap install nextcloud`. not automagic where you're left wondering wth is this, where's ther files. ooh, in some squashfs loopbackmounted readonly dir.19:08
sarnoldif your machine exists to do nextcloud, then using a nextcloud snap is a pretty decent idea. if it's just something that'll be there, and you don't care about specific features, specific bug fixes, upgrading every release, etc, then a deb might fit nicely19:08
sdezielJofi00: snaps are nice self contained software a bit less flexible than what you'd get from a .deb package. Could be either good or bad depending on what you are looking for19:08
lordcirthsnap is a great way to install ipfs. But it puts its config files in ~/.ipfs anyway.19:09
sdezielblackflow: IIRC, the live installer clearly mentions snap when providing a list of snaps to pick from19:09
blackflowapparently that didn't help. :)19:11
Jofi00it didnt help from getting me confused19:12
lordcirthIt mentions snap, yes, but I don't think it defines the term or mentions that nothing will be where you'd expect.19:12
sdezielyes, clearly the notice wasn't noticeable/clear enough ;)19:13
sdezielthe good thing is there is one so it's just a matter of improving it19:13
sarnoldit's hard to convey the full range of pros and cons in one installer screen though :)19:14
sdezielcould be improved by dropping a motd snippet with a brief intro on snaps if one was picked during the installation?19:15
blackflowhow about don't treat server users as idiots. unlike desktops, servers _should_ by all means be installed by skilled and experienced people who then will learn what snaps are, and whether they want it, with all the pros AND cons of it.19:17
Jofi00Maybe it was just me being completely unaware of snaps. However, some kind of notice or explanation would have helped.19:17
blackflowand as such, power users will have a choice to `snap install anything` should they decide to do so, being made aware of pros AND cons.19:17
sdezielblackflow: such admins are likely not going to click anywhere in the installer's list and will deal with any snap installation later on19:19
sdezielsnaps are new so they need some kind of introduction that's not required for debs19:20
sdezielJofi00: you can learn more about that nextcloud snap in the README at https://github.com/nextcloud/nextcloud-snap19:22
Jofi00thanks19:22
blackflowJofi00: and be aware that snaps update automatically and you have no control over it. depending on your use case, this might not be desireable. restarting server services should be a controled, scheduled activity. -- depending on your use case of course, perhaps you don't care about that at all19:24
Jofi00yes, I'll probably go with the non-snap installation19:26
blackflowsdeziel: definitely because as it is now, it's just a "Featured Server Snaps" selection menu with no explanation what snaps are, what are pros and cons.19:29
sdezielJofi00: in the nextcloud case, my personal recommendation would be to stick with the snap, or at least carefully consider what it means to not use it: no auto update, no automatic HTTPS cert, etc19:31
sdezielnextcloud will be hosting potentially important data so updates and HTTPS are desirable19:32
sdezielmy 2c ;)19:32
blackflowand quite doable by the sysadmin even without the snap.19:32
lordcirththe snap comes with certbot?19:33
blackflowso, sure, if "Just gimme nextcloud, I don't care about the details" is what you want, snaps are fine. my whole objection is "the admin shoudl be aware of all those details and make a conscious decision".19:34
sdeziellordcirth: dunno what client they use but they integrate seamlessly with Let's Encrypt19:35
blackflowlordcirth: it's a kitchen sink of Apache, MySQL, Redis, PHP and then some.19:35
blackflowso that's basically a whole appliance consisting of several software suites. people should _really_ be made aware of things like that.19:37
blackflowOHLOL AGPL licensed.... yeah be VERY very careful with that.19:38
lordcirthIf you aren't changing the source, I don19:39
lordcirth*'t see why AGPL would be a problem?19:39
lordcirthThough you should be aware, yes19:40
JanCor when you are just running it for yourself19:40
blackflowfor personal use it's okay. if you use it in conjunction with other sofware (eg. in a SaaS scenario) you have to release that other software source as well19:42
JanCAGPL only applies to the software itself & its dependencies19:43
blackflowanother general license to be VERY careful with, is the new Commons Clause, you can't use it in conjunction with commercial products.19:43
blackflowJanC: and software that uses the AGPL'd component as its own dependency19:43
sdezielAFAICT, that AGPL license is not specific to the snap though19:45
JanConly if it's really a dependency (e.g. a control panel doesn't become AGPL because it can start/configure an AGPL service)19:45
blackflowwell thing is. AGPL and GPL'd software can't be made together into a single work (the snap). Also Redis now has its own, totally separate and totally FOSS unfriendly license, so whoever is packaging that snap, should be careful about which version its using.19:46
blackflowin other words it's a potential minefield, kitchen sink bloatwares like this, made of so many differently licensed components.  all the details people should be very much aware of before they one-click install a conveniently featured snap.19:47
JanCI assume they use an open source version of Redis19:47
JanC?19:47
lordcirthJanC, I wasn't aware there was a proprietary version?19:48
blackflowyou're confusing "open source" with "libre". Redis still is open source. it ain't libre no more tho'19:48
JanCCommons Clause isn't considered an Open Source license AFAIK19:49
blackflow"open source" or "libre"?19:49
blackflowopen source means literally "here's the source code of this program". just that, nothing more.19:50
lordcirthhttps://redis.io/topics/license19:50
lordcirthblackflow, no, that would be "shared source" https://opensource.org/osd19:51
JanCthe source being available doesn't make it Open Source19:51
JanCthe source of MS Windows is also available19:51
JanCif you sign a whole bunch of NDAs etc.19:51
blackflowlordcirth:  https://techcrunch.com/2019/02/21/redis-labs-changes-its-open-source-license-again/19:52
blackflowhttps://www.gnu.org/philosophy/free-software-for-freedom.html19:52
blackflowStallman on libre vs open source19:52
Odd_Blokeblackflow: Your definition of open source is not a generally accepted one.19:53
blackflowopen source is literally "here's the source code with your fries". libre/free licenses give you rights wrt redistribution of that software, which is commonly (mistakingly) known as "open source"19:53
blackflowOdd_Bloke: ain't _mine_ tho :)19:53
lordcirth"Redis Source Available License" oof. But it only applies to certain modules so far, not the actual redis server19:54
Odd_BlokeYeah, it's Redis Labs and not Redis itself that is affected.19:54
lordcirthSomething to keep an eye on, though.19:54
Odd_BlokeIndeed.19:55
blackflowstill something to be careful about, esp. in whole wheat packaged solutions. which redis modules are inside?19:55
Odd_BlokeYep, it definitely makes Redis usage more fraught than it used to be.19:56
sdezielhttps://github.com/nextcloud/nextcloud-snap/blob/master/snap/snapcraft.yaml#L22819:57
JanCthe new Redis Labs license doesn't satisfy https://opensource.org/osd-annotated AFAIK, meaning it's not Open Source19:59
Odd_Blokeblackflow: I believe you're also mistaken about AGPL/GPL compatibility: https://opensource.stackexchange.com/a/172620:01
blackflowor that SO poster is. my ideas of AGPL+GPL (v2 btw) compat is not mine alone. our lawyers have pretty much explained to us to stay away from agpl and commons clause like plague. my company does a SaaS.20:05
Odd_BlokeAnd, furthermore, I don't believe that a snap would be considered a 'work'; snaps are filesystem images, so them being a work would mean that any ISO would be, for example.20:08
Odd_BlokeYeah, you should definitely stay away from both of those licenses, but presumably not because they'll compromise your GPL-licensed code but because they'll compromise your proprietary code.20:09
blackflowyes, that's the part in danger here. and btw, I think you're right, the AGPL part affects modified code only. if we modified and used an AGPL component, we'd have to release it even though we're not redistributing anything (it being SaaS)20:10
lordcirthYes, that is the whole purpose of the AGPL20:15
JanCI wouldn't mind using AGPL for most purposes20:17
rbasakblackflow: AGPL-3 is DFSG compatible. If you don't like it or can't use it, then fair enough, but Debian (and therefore Ubuntu) already include AGPL-3 software, so you can't expect the distro to eliminate that for you.22:09
fooI'm looking for a monitoring system that has an API that I can feed an IP address (publicly accessible) and it can "onboard" that IP and then monitor. Specifically, I'd like it to determine how it can be monitored - eg. what ports are open, what ports share a banner, is it pingable - then share back when the system goes offline via an API and via whatever it originally found to be "onboarded." Maybe23:53
foowith a confidence score. eg. if 6 ports are open, and it's pingable, and everything goes unresponsive... it's likely it's all offline. Or, if 6 ports open and it's not pingable and 1 port closes, then there "may be" an issue. Does nagios or zenoss or something else happen to provide something like this? Or do we need to roll our own system23:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!