[03:26] <soulseeker> hello I was using the mini.iso and the select and install software pretty much skips selection
[03:26] <soulseeker> does the server iso have a software selection
[03:27] <soulseeker> the alternate iso is nonexist for ubuntu 14 and higher
[03:27] <soulseeker> it looks like alternate is on ubuntu 12
[03:31] <soulseekr> hello which install method allows the installer to select which software is installed
[04:10] <qpo> how to select which software to install during installation
[04:10] <qpo> apparently a full iso is downloading installer components as if it were a netinstaller
[04:16] <qpo> hello it is a simple question
[04:17] <qpo> difficulty rating 3
[04:28] <andol> If you don't know the answer, how can you then know the difficulty?
[04:28] <qpo> foresee what is needed to find out
[04:28] <qpo> somebody who has used a recent installer
[04:29] <qpo> presumably anybody in the channel
[04:30] <qpo> maybe one could expect that an ubuntu server support channel has users who are using ubuntu server
[04:30] <qpo> yeah
[04:31] <qpo> I dont see the purpose of having a full installer iso if it does the same thing as the netinstaller either
[04:31] <qpo> I attempted to check for myself but it isnt efficient to download 300mb of installer components to look at the select software step
[04:33] <qpo> with a netinstaller the selectsoftware step has no selections
[04:34] <qpo> andol, what are you doing in ubuntuserver
[04:34] <qpo> in the past the installers had a list of software at the select software step so the installer can install only what is needed
[04:35] <qpo> that was maybe at lucid
[04:35] <qpo> ubntu 1'
[04:35] <qpo> ubntu 10
[04:36] <Eickmeyer> !ops | qpo aka ubuntu1 aka soulseeker ban evading again
[08:45] <bhuddah> is there a working guide for ubuntu with pci dss?
[09:26] <alocer> hello guys. which packages do you exclude for production updates ?
[09:32] <weedmic> I clone each machine before lvl 4 updates (like kernel), then test them after the update.  I have only excluded 3 products ever for a specific machine, mesa, hwdetect, and nouveau.  alocer
[09:32] <weedmic> why would you want to exclude updates?
[09:32] <weedmic> just do them controlled (not automatic) - imho
[09:33] <alocer> weedmic: i don't have the time for clone things .. and updates are nessecary for the security stuff .. you know what i mean.
[09:33] <weedmic> I update everything, but... know how to revert just in case I break something <(")
[09:33] <alocer> weedmic: in other words . i like to update or install only the security updates ..
[09:34] <alocer> current solution is enable only the security repository. don't know any other way :(
[09:34] <weedmic> oic - thinking about that - certainly would prevent broken items
[09:35] <alocer> weedmic: the unattended-upgrades never works .. why is it so hard ?
[09:42] <alocer> one of the reasons you should exclude: linux-image* packages takes space on /boot. so it will fill if not carefull. ;-)
[09:45] <alocer> if i upgrade apache2 package my webserver restarts right ?
[09:45] <alocer> so it will be down for couple of seconds ..
[09:45] <alocer> am i right ?
[09:47] <alocer> ooh . what is apt-daily.timer ?
[09:47] <alocer> is it customisable ?
[09:51] <weedmic> alocer: I would set update-manager to never do automatic (I mentioned that above) - I research every update on impact and how to revert before I consider trying it.
[09:52] <weedmic> some - never have negative impacts though, but level 4 for me - I clonezilla the sys volume first.
[09:52] <alocer> weedmic: i should probably do the same.
[09:53] <alocer> weedmic: clonezilla . yup . i totally forgot that. thanks.
[09:55] <tomreyn> alocer: yes, daemons will be restarted when upgraded. but those outages are usually just seconds. if that's an issue, you need HA.
[09:55] <weedmic> i like to compartmentalise - i have a sys volume for each machine (even PCs) and the data is either online in a container or separate volume.  I have a clone of each machine - something bad happens, turn machine off, swap out the sys vol, put it back up.  seconds
[09:56] <tomreyn> alocer: enabling only ubuntu-security does not guarantee that you receive all security patches.
[09:56] <weedmic> then I can figure out what went wrong later iin the lab.
[09:56] <weedmic> I have been using clonezilla since my attempts to build a symantec ghost look a like from dd commands took tooo long, clonezilla is like 7 mins done
[09:56] <tomreyn> security patches are only available via -security for a limited time before they move to -updates
[09:57] <alocer> tomreyn: i trying to figure out how can reduce down time when i m upgrading apache2 and mysql server ... it may cause problems .
[09:57] <tomreyn> high availability.
[09:57] <alocer> HA. lol.
[09:57] <alocer> tomreyn: thanks .
[09:57] <weedmic> do you mean create a HAS tomreyn - i have always wanted to do that, but never had enough resources
[09:58] <weedmic> suse enterprise - does not require rebooting - but... i found for most machines a reboot is less than 30 seconds (once I stopped using dell)
[09:58] <tomreyn> many se3rvices can be setup in a high availability configuration. it can be somewhat costly, but if downtime is critical this is what you need to do.
[09:59] <tomreyn> ubunt also doesn't require you to reboot. and the effect is the same as on SLES: no patches are applied, or only those available via live kernel patching, if enabled.
[10:01] <alocer> tomreyn: do you recommend unattended-upgrades . in centos yum-cron ?
[10:02] <tomreyn> alocer: depends, most of the time, yes.
[10:02] <weedmic> wow - that is a really nice thing to know tomreyn - made my day
[10:04] <tomreyn> alocer: note that just installing updates does not apply fixes to everything automatically. some daemons will restart, but there can be patches to e.g. shared libraries which do not cause all affected services to be restarted, causing those to remain vulnerable.
[10:04] <tomreyn> so a full reboot is occasionally necessary.
[10:05] <tomreyn> or restarting all processes (possbily including PID 1)
[10:05] <alocer> how does facebook do it then ? HA ?
[10:05] <tomreyn> !info needrestart
[10:06] <tomreyn> this can help you better understand what needs to be restarted after patching
[10:06] <tomreyn> i don't know much about how facebook operates, but expect them to do HA on everything.
[10:07] <alocer> yea i m thinking clusters of containers and HA .. .
[10:07] <tomreyn> they are a bad example, too large, too many custom solutions.
[10:07] <alocer> thanks tomreyn. needrestart was really helpfull.
[10:08] <tomreyn> !livepatch
[11:26] <lotuspsychje> welcome to ubuntu server aleksandrM
[11:27] <aleksandrM> Greetings, I would like to implement auditD rules on most of my environment, can someone steer me in the right direction or documentation. This is more from a security point of view.
[11:28] <alocer> doumentation for auditD ?
[11:29] <aleksandrM> alocer: correct, I know its usually the man page.
[11:29] <alocer> yeap . sry .
[11:30] <aleksandrM> I'm looking at advacned rules that will make the load less on other systems like password managers etc...
[11:42] <alocer> aleksandrM: github maybe ?
[11:42] <alocer> for samples.
[11:43] <aleksandrM> Got it, will build from there.
[13:56] <leftyfb> So I reported bug #1820096 and it got fixed. The problem is, I cannot seem to recreate the issue and in fact, have found that adding the hosts entry back in breaks tools like dnsdomainname. So now I'm debating whether or not the fix should be reverted.
[14:04] <AvidWolf43> Hi Everyone
[14:05] <AvidWolf43> Im very new to SSL certs in general. I am trying to setup a webserver with SSL using letsencrypt, the webserver I'm trying to setup is canonical landscape, I have already successfully generated the certs using certbot, I need to know where do I need to change the conf files to point to these new certs, and if service apache2 restart would suffice in registering the change and letting my browse
[14:05] <AvidWolf43> to my webserver with a secure connection
[14:09] <cryptodan> AvidWolf43: https://community.letsencrypt.org/t/recommended-apache-config/58294
[14:13] <ahasenack> rbasak: hi, is this a known issue with mysql on xenial?
[14:13] <ahasenack> Checking if update is needed.
[14:13] <ahasenack> Checking server version.
[14:13] <ahasenack> Error: Server version (5.7.25-0ubuntu0.16.04.2-log) does not match with the version of
[14:13] <ahasenack> the server (5.7.26) with which this program was built/distributed. You can
[14:13] <ahasenack> use --skip-version-check to skip this check.
[14:13] <ahasenack> mysql_upgrade failed with exit status 3
[14:13] <ahasenack> sorry for the paste, didn't realize it was long
[14:14] <rbasak> I'm familiar with the error message, but don't remember the details.
[14:14] <rbasak> Ask Skuggen for help perhaps? He's in #ubuntu-devel.
[14:24] <ahasenack> cpaelzer: I believe https://bugs.launchpad.net/ubuntu/+source/rdma-core/+bug/1827840 is a dupe of https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1823836, can you confirm?
[14:44] <cpaelzer> ahasenack: checking
[14:45] <cpaelzer> ahasenack: yes
[14:45] <ahasenack> cpaelzer: thx, marked as such
[15:08] <AvidWolf43> cryptodan: thanks that was an easy fix
[15:09] <cryptodan> AvidWolf43: welcome
[15:29] <ixil> Hello, I'm a bit lost with configuring the network for the ubuntu container
[15:30] <teward> lost how?
[15:32] <ixil> I'm unsure which service / which config I should configure - since there's netplan, cloudconfig, the nspawn flags etc
[15:36] <ixil> I want the hostname to be set from the .nspawn file, and for it to use the networking given. systemd-networkd times out however, and the hostname was reset to 'ubuntu'
[16:10] <teward> ixil: to my knwoledge, Netplan handles the configuration for networking.  cloud-init is annoying so once your container is spun I would remove cloud-init because it can mess with the hostname.
[16:10] <teward> not sure how to use the nspawn flags unfortunately
[16:12] <cyphermox> wat?
[16:18] <teward> cyphermox: i'm confused too :|
[16:18] <ixil> I suspect actually it's that my flags on nspawn are being ignored, for removing cloud-init -> `apt purge cloud-init`?
[16:48] <jelly> how does Canonical know which versions of device-mapper, lvm and friends to go with for LTS releases?  RedHat typically ports the latest of those to all currently support EL releases, together with kernel bits needed
[16:56] <xibalba> with bash, how would i read a line from a file and use different elements as variables in a loop ? My file is "x.x.x.x hostname", and i just want to loop through those and place $ip and $hostname into another command
[16:57] <xibalba> this did nothing for me;  while IFS=" " read -r value1 value2 /tmp/iplist.txt ; do echo "value 1 $value1" ; done
[16:58] <xibalba> ah figured out my issue