hydrianEllo all02:07
hydriangot an odd issue.02:08
hydrianMy 16.04.6 server is not applying / keeping my changes to my sysctl parameters I'm setting.02:09
hydrianI'm trying to disable the netfilter filtering across bridges becuase it mucking up my KVM VMs.02:09
tomreynhydrian: so how are you configuring them?02:11
hydriantried making a /etc/sysctl.d/60-kvm.conf file02:12
hydrianAfter a reboot they didn't apply. I then added them to /etc/sysctl.conf and reboot. Same issue.02:12
hydrianIf I set them manually, they seem to work.02:13
hydrianMy thought is that a service may be changing them.02:14
hydrianThe odd thing is that this issue came out of no where. My kvm setup had been working find for months. Then I rebooted yesterday and it stared having this issue.02:15
hydrianNone of my guest VM can get any networking what-so-ever02:16
hydrianThe ubuntu host is fine.02:16
hydrianAfter some research it seems that the issue is the default behaviour of NetFilter is to block all non-explicitly allowed bridge traffic.02:17
tomreynwhich configurations do you have on the file then?02:18
tomreynif you're saying a softwares' behaviour changed as part of an in-release update in a way that is not a bugfix, then it should probably be reported as a bug02:20
tomreyn(if this has not already been done by someone else)02:21
hydrianI can't figure what the RCA of the sysctl changes not being applied / overwritten are so it a bit vague.02:22
hydrianI was hoping somebody here may have had a similar issue / story.02:22
hydrianSo I can get a better diagnostics of this issue.02:24
tomreynit worked for me last time i tried in sysctl.d/02:27
tomreyncheck file ownership, permissions02:27
hydrianI did. root:root:64402:27
tomreynmaybe rgrep for the settings you applied there in /lib/systemd and /etc to get an idea of where else whey may be changed02:28
tomreyn(keep in mind those settings can be formatted in diffferent ways)02:28
hydrianI think it may be the ebtables service02:28
NotSoFastJamesis it possible that a breacher may of left a cron job on my server to disable all my defenses?06:09
GerowenNotSoFastJames: Anything is possible.  You can view cron jobs with crontab -l06:11
=== mIk3_09 is now known as mIk3_08
sveinseIs snapd and lxcfs strictly needed for the health on a 18.04 server?12:30
sveinseNot that they are spending lots of resources, but I generally don't like keeping unneeded services running12:31
fooWell that's strange. Using screen. Opening new window. The buffer seems jacked on new screen windows... I have to run reset to get it to work properly. Not sure what kind of weird quirk would cause this.12:37
fooI wonder if I hit a screen bug or something is borked, must be12:37
=== mIk3_09 is now known as mIk3_08
blackflowsveinse: they're needed only if you intend to use them. If it helps, I'm running a bunch of servers in support of a web based saas, none of which use lxcfs or snaps.13:35
RoyKfoo: try tmux ;)13:53
sveinseblackflow: do you disable them, or do you leave the server as vanilla as possible even thou you don't use it?14:26
blackflowsveinse: I install from debootstrap (due to root on ZFS on LUKS) and so I don't even add those packages. In fact, I don't even add ubuntu-server, only ubuntu-minimal and whatever I explicitly need14:52
blackflowand I'll continue debootstrapping even if the installer grows the ZFS functionality, there's too much bloat installed by default for the regular server installation.14:53
sveinseblackflow: yeah. Its a tradeoff between sticking with standard ubuntu-server vs setting up your own from minimal.14:55
sveinseI.e. I'm conflicted about it14:55
tomreyni think snapd is only really required for gnome on a desktop (no more in 19.04) and for livepatch on a server14:56
tomreynif it becomes mandatory on a sevrer, i'll switch to debian14:57
sveinsetomreyn: it kinda is (that an lxcfs). You can disable it, but its a manual process from the default out of box ubuntu server14:58
blackflowwell there are snaps for server roles, like Postgres for example. I don't like that, as they auto-update at times out of my control.15:07
tomreynsveinse: i see. i don't use containers much.15:09
blackflowtomreyn: or you think you don't :) that's the thing about "containers" on linux, it's such a broad term. for example I don't use docker, lxc, lxd or any of those tools. I do however use containerization facilities of systemd to confine services. The end result is the same, since the same kernel APIs are used - namespaces.15:11
lotuspsychjedocker had big breach15:17
tomreynblackflow: right, more precisely i should have said: i don't usually use container frameworks which, to date, rely on snapd.15:22
sveinse(For those of you using ubuntu-server) how do you guys disable snapd?16:21
blackflowsveinse: stop/disable the snapd.service? you can also just uninstall the `snapd` package16:34
faekjarzWhere can i find a list of keyboard shortcuts in order to send signals to processes in a terminal? (e.g.: Ctrl+c = SIGINT) …in particular, i want to motivate "ping" to produce a summary BUT without terminating.17:05
thefatmaHey guys is there a way to check if my ubuntu is server or desktop ?17:06
thefatmabut a 100% way17:06
testpil0tuse "stty -a"17:07
testpil0tstty -a | grep -oE '(intr|quit|susp) = [^;]+'17:08
faekjarztestpil0t: that's it! Thanks! :)17:13
faekjarzthefatma: dpkg --status ubuntu-server17:23
thefatmafaekjarz: but that can be installed on desktop version aswell no? so it's not that valid of a check17:25
faekjarzwell, it's a package (Section: metapackages) and default behaviour seems to be that it's not automatically installed on desktops17:27
faekjarz"lsb_release -a" doesn't include desktop / server17:32
faekjarzthefatma: also, you could look for display managers / X servers …but similar situation here; those could be installed on a server as well.17:39
faekjarzthefatma: maybe, you could also rephrase your question …or play with "dmidecode -t bios" or "...-t baseboard"17:40
testpil0tbut most likely, thee is no 100% way17:41
testpil0tI dont see how there should be any.17:41
faekjarzi agree17:44
faekjarzjust a funny thought: Supermicro makes RGB GAMING mobos now, so the "Manufacturer:" string from "dmidecode -t baseboard" wouldn't even be a sure-fire method any more ;D17:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!