/srv/irclogs.ubuntu.com/2019/05/07/#ubuntu-server.txt

soulseekerhello I was using the mini.iso and the select and install software pretty much skips selection03:26
soulseekerdoes the server iso have a software selection03:26
soulseekerthe alternate iso is nonexist for ubuntu 14 and higher03:27
soulseekerit looks like alternate is on ubuntu 1203:27
soulseekrhello which install method allows the installer to select which software is installed03:31
qpohow to select which software to install during installation04:10
qpoapparently a full iso is downloading installer components as if it were a netinstaller04:10
qpohello it is a simple question04:16
qpodifficulty rating 304:17
andolIf you don't know the answer, how can you then know the difficulty?04:28
qpoforesee what is needed to find out04:28
qposomebody who has used a recent installer04:28
qpopresumably anybody in the channel04:29
qpomaybe one could expect that an ubuntu server support channel has users who are using ubuntu server04:30
qpoyeah04:30
qpoI dont see the purpose of having a full installer iso if it does the same thing as the netinstaller either04:31
qpoI attempted to check for myself but it isnt efficient to download 300mb of installer components to look at the select software step04:31
qpowith a netinstaller the selectsoftware step has no selections04:33
qpoandol, what are you doing in ubuntuserver04:34
qpoin the past the installers had a list of software at the select software step so the installer can install only what is needed04:34
qpothat was maybe at lucid04:35
qpoubntu 1'04:35
qpoubntu 1004:35
Eickmeyer!ops | qpo aka ubuntu1 aka soulseeker ban evading again04:36
ubottuqpo aka ubuntu1 aka soulseeker ban evading again: Help! Channel emergency! infinity, soren, lamont, mathiaz, Pici, Daviey, Tm_T, Corey, IdleOne, ikonia, funkyhat, Myrtti, ocean, genii, phunyguy!04:36
bhuddahis there a working guide for ubuntu with pci dss?08:45
alocerhello guys. which packages do you exclude for production updates ?09:26
weedmicI clone each machine before lvl 4 updates (like kernel), then test them after the update.  I have only excluded 3 products ever for a specific machine, mesa, hwdetect, and nouveau.  alocer09:32
weedmicwhy would you want to exclude updates?09:32
weedmicjust do them controlled (not automatic) - imho09:32
alocerweedmic: i don't have the time for clone things .. and updates are nessecary for the security stuff .. you know what i mean.09:33
weedmicI update everything, but... know how to revert just in case I break something <(")09:33
alocerweedmic: in other words . i like to update or install only the security updates ..09:33
alocercurrent solution is enable only the security repository. don't know any other way :(09:34
weedmicoic - thinking about that - certainly would prevent broken items09:34
alocerweedmic: the unattended-upgrades never works .. why is it so hard ?09:35
alocerone of the reasons you should exclude: linux-image* packages takes space on /boot. so it will fill if not carefull. ;-)09:42
alocerif i upgrade apache2 package my webserver restarts right ?09:45
alocerso it will be down for couple of seconds ..09:45
aloceram i right ?09:45
alocerooh . what is apt-daily.timer ?09:47
aloceris it customisable ?09:47
weedmicalocer: I would set update-manager to never do automatic (I mentioned that above) - I research every update on impact and how to revert before I consider trying it.09:51
weedmicsome - never have negative impacts though, but level 4 for me - I clonezilla the sys volume first.09:52
alocerweedmic: i should probably do the same.09:52
alocerweedmic: clonezilla . yup . i totally forgot that. thanks.09:53
tomreynalocer: yes, daemons will be restarted when upgraded. but those outages are usually just seconds. if that's an issue, you need HA.09:55
weedmici like to compartmentalise - i have a sys volume for each machine (even PCs) and the data is either online in a container or separate volume.  I have a clone of each machine - something bad happens, turn machine off, swap out the sys vol, put it back up.  seconds09:55
tomreynalocer: enabling only ubuntu-security does not guarantee that you receive all security patches.09:56
weedmicthen I can figure out what went wrong later iin the lab.09:56
weedmicI have been using clonezilla since my attempts to build a symantec ghost look a like from dd commands took tooo long, clonezilla is like 7 mins done09:56
tomreynsecurity patches are only available via -security for a limited time before they move to -updates09:56
alocertomreyn: i trying to figure out how can reduce down time when i m upgrading apache2 and mysql server ... it may cause problems .09:57
tomreynhigh availability.09:57
alocerHA. lol.09:57
alocertomreyn: thanks .09:57
weedmicdo you mean create a HAS tomreyn - i have always wanted to do that, but never had enough resources09:57
weedmicsuse enterprise - does not require rebooting - but... i found for most machines a reboot is less than 30 seconds (once I stopped using dell)09:58
tomreynmany se3rvices can be setup in a high availability configuration. it can be somewhat costly, but if downtime is critical this is what you need to do.09:58
tomreynubunt also doesn't require you to reboot. and the effect is the same as on SLES: no patches are applied, or only those available via live kernel patching, if enabled.09:59
alocertomreyn: do you recommend unattended-upgrades . in centos yum-cron ?10:01
tomreynalocer: depends, most of the time, yes.10:02
weedmicwow - that is a really nice thing to know tomreyn - made my day10:02
tomreynalocer: note that just installing updates does not apply fixes to everything automatically. some daemons will restart, but there can be patches to e.g. shared libraries which do not cause all affected services to be restarted, causing those to remain vulnerable.10:04
tomreynso a full reboot is occasionally necessary.10:04
tomreynor restarting all processes (possbily including PID 1)10:05
alocerhow does facebook do it then ? HA ?10:05
tomreyn!info needrestart10:05
ubottuneedrestart (source: needrestart): check which daemons need to be restarted after library upgrades. In component universe, is optional. Version 3.1-1 (bionic), package size 39 kB, installed size 241 kB10:05
tomreynthis can help you better understand what needs to be restarted after patching10:06
tomreyni don't know much about how facebook operates, but expect them to do HA on everything.10:06
aloceryea i m thinking clusters of containers and HA .. .10:07
tomreynthey are a bad example, too large, too many custom solutions.10:07
alocerthanks tomreyn. needrestart was really helpfull.10:07
tomreyn!livepatch10:08
ubottuCanonical Livepatch is a service offered by Canonical for 64 bit 14.04 and higher installs that modifies the currently running kernel for updates without the need to restart. More information can be found at https://ubottu.com/y/livepatch and https://www.ubuntu.com/server/livepatch10:08
lotuspsychjewelcome to ubuntu server aleksandrM11:26
aleksandrMGreetings, I would like to implement auditD rules on most of my environment, can someone steer me in the right direction or documentation. This is more from a security point of view.11:27
alocerdoumentation for auditD ?11:28
aleksandrMalocer: correct, I know its usually the man page.11:29
aloceryeap . sry .11:29
aleksandrMI'm looking at advacned rules that will make the load less on other systems like password managers etc...11:30
aloceraleksandrM: github maybe ?11:42
alocerfor samples.11:42
aleksandrMGot it, will build from there.11:43
=== cpaelzer__ is now known as cpaelzer
leftyfbSo I reported bug #1820096 and it got fixed. The problem is, I cannot seem to recreate the issue and in fact, have found that adding the hosts entry back in breaks tools like dnsdomainname. So now I'm debating whether or not the fix should be reverted.13:56
ubottubug 1820096 in subiquity "/etc/hosts not populated, preventing dns registration with dhcp" [High,Fix released] https://launchpad.net/bugs/182009613:56
AvidWolf43Hi Everyone14:04
AvidWolf43Im very new to SSL certs in general. I am trying to setup a webserver with SSL using letsencrypt, the webserver I'm trying to setup is canonical landscape, I have already successfully generated the certs using certbot, I need to know where do I need to change the conf files to point to these new certs, and if service apache2 restart would suffice in registering the change and letting my browse14:05
AvidWolf43to my webserver with a secure connection14:05
cryptodanAvidWolf43: https://community.letsencrypt.org/t/recommended-apache-config/5829414:09
ahasenackrbasak: hi, is this a known issue with mysql on xenial?14:13
ahasenackChecking if update is needed.14:13
ahasenackChecking server version.14:13
ahasenackError: Server version (5.7.25-0ubuntu0.16.04.2-log) does not match with the version of14:13
ahasenackthe server (5.7.26) with which this program was built/distributed. You can14:13
ahasenackuse --skip-version-check to skip this check.14:13
ahasenackmysql_upgrade failed with exit status 314:13
ahasenacksorry for the paste, didn't realize it was long14:13
rbasakI'm familiar with the error message, but don't remember the details.14:14
rbasakAsk Skuggen for help perhaps? He's in #ubuntu-devel.14:14
ahasenackcpaelzer: I believe https://bugs.launchpad.net/ubuntu/+source/rdma-core/+bug/1827840 is a dupe of https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1823836, can you confirm?14:24
ubottuLaunchpad bug 1827840 in rdma-core (Ubuntu) "Failed to create Receive Work Queue indirection table when the number of work handler equal 1" [Undecided,New]14:24
ubottuLaunchpad bug 1823836 in The Ubuntu-power-systems project "dpdk app is reporting: net_mlx5: probe of PCI device xxxx aborted after encountering an error: Unknown error -95" [High,In progress]14:24
cpaelzerahasenack: checking14:44
cpaelzerahasenack: yes14:45
ahasenackcpaelzer: thx, marked as such14:45
AvidWolf43cryptodan: thanks that was an easy fix15:08
cryptodanAvidWolf43: welcome15:09
ixilHello, I'm a bit lost with configuring the network for the ubuntu container15:29
tewardlost how?15:30
ixilI'm unsure which service / which config I should configure - since there's netplan, cloudconfig, the nspawn flags etc15:32
ixilI want the hostname to be set from the .nspawn file, and for it to use the networking given. systemd-networkd times out however, and the hostname was reset to 'ubuntu'15:36
tewardixil: to my knwoledge, Netplan handles the configuration for networking.  cloud-init is annoying so once your container is spun I would remove cloud-init because it can mess with the hostname.16:10
tewardnot sure how to use the nspawn flags unfortunately16:10
cyphermoxwat?16:12
tewardcyphermox: i'm confused too :|16:18
ixilI suspect actually it's that my flags on nspawn are being ignored, for removing cloud-init -> `apt purge cloud-init`?16:18
jellyhow does Canonical know which versions of device-mapper, lvm and friends to go with for LTS releases?  RedHat typically ports the latest of those to all currently support EL releases, together with kernel bits needed16:48
xibalbawith bash, how would i read a line from a file and use different elements as variables in a loop ? My file is "x.x.x.x hostname", and i just want to loop through those and place $ip and $hostname into another command16:56
xibalbathis did nothing for me;  while IFS=" " read -r value1 value2 /tmp/iplist.txt ; do echo "value 1 $value1" ; done16:57
xibalbaah figured out my issue16:58
=== andreas31 is now known as andreas303

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!