/srv/irclogs.ubuntu.com/2019/06/13/#ubuntu-server.txt

wingsHopefully a silly question02:15
wingsHow do I make my DNS server accessible outside of the host that it's on?02:15
wingshaving issues hitting it from a different machine, and as far as I'm aware Ubuntu 18.04 doesn't have a firewall by default... or so I thought...02:15
wingsI've checked ufw is disabled02:16
sarnolddid you check what IP addresses your dns server is supposed to be listening on?02:17
sarnoldif you're running it on a cloud provider, did you let through both tcp and udp 53?02:17
wings...actually. I'm being stupid.02:17
wingsI'm trying to do this on an Ubuntu Desktop machine, and that is almost certainly causing a conflict.02:17
wingsI might try rebuilding on Ubuntu Server instead02:17
sarnoldwhy?02:18
wingswhy was I building on Desktop?02:18
sarnoldno, why would it make a difference?02:19
wingsit's just more complicated I guess?02:20
wingsanyways. The box is running on my machine, in VirtualBox02:20
wingshas the IP 10.21.30.2, and other machines can ping it just fine. I can hit port 53 on the machine via telnet and get a response, but not from another machine02:21
sarnoldhow about other services on the machine? sshd? web?02:26
patdk-laphmm, desktop and server are the exact same thing02:31
patdk-lapdefine another machine02:31
patdk-lapin virtualbox or actually a physical machine02:31
patdk-lapand always try to test with ping also :)02:32
sarnoldwell, server won't install with networkmanager as the default netplan renderer, but once you've got an ip address, they'll be pretty similar :)02:36
patdk-lapI dunno why netplan was put into place, so many things it doesn't support, again02:37
wingspatdk-lap: I'm just trying it as a hunch... worst case I learn something04:04
wingsAnd I meant another VM on the same network, which can ping, SSH and otherwise contact the DNS server, just no DNS...04:05
wingsI should say DNS *host*04:06
=== mIk3_09 is now known as mIk3_08
jamespagesahid: I'm going to start on neutron* and networking*08:18
sahidjamespage: ack08:37
jamespagesahid: making a fix to openstack-pkg-tools to restore the understanding of git snapshots when generated OSLO_VERSION08:41
jamespagethat was lost in the last sync from Debian08:41
sahidjamespage: how i determine the next version?08:51
jamespagesahid: I do previous release major version +108:52
jamespageso for neutron08:52
sahidexample for aodh, stein version is 8.* so i imagine for Train it's 9.08:52
jamespage14.0.x is stein; train is 15.0.0~b1 for snapshots (+ git references and date)08:53
jamespagesahid: yep you got it08:53
sahidjamespage: how do you handle (build-)depends?09:37
sahidjamespage: if you have a moment at some point to validate https://code.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/aodh/+git/aodh09:47
sahidat least to ensure that i'm doing it in the right way09:47
jamespagesahid: https://git.launchpad.net/~sahid-ferdjaoui/ubuntu/+source/aodh/commit/?id=a58ef18fd58dc74a67fc8cefc9d28e87fccdcaa509:56
jamespagewhen you version depends like this please add to both Build and Runtime Depends - the python3-aodh package should mirror the source package build depends versions09:57
jamespagesahid: other than that LGTM - are you build testing? I generally use a PPA and throw stuff at it until it works10:04
jamespagehttps://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3690/+packages10:04
jamespageexample10:04
jamespagesahid: https://launchpad.net/ubuntu/+source/openstack-pkg-tools/99ubuntu1 should re-enable the correct setting of OSLO_VERSION when using our git snapshot versioning semantics10:24
=== kuato is now known as dryliketoast
UssatCan someone comment on the accuracy of this statement, it is from IBM:  https://pastebin.com/VqHzmTYU10:38
tomreynUssat: this may refer to https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes#A32-bit_PowerPC_Support_Dropped - see https://ubuntu.com/download/server/power for supported POWER platforms.10:45
UssatOK...thats to bad10:46
tomreyn32-bit POWER has kind of reached the end of its lifespan in general, though.10:48
UssatSure......I did not post the entire email......10:48
Ussatthis is referencing 64bit ppcle10:48
Ussatspecifically, bnot refering to the ppcle platform, but the PowerVM Hypervisor10:49
UssatPowerVM enables DLPAR and Logical Partition Mobility10:49
UssatHere is more detail:  https://paste.centos.org/view/bea7561010:51
Ussatgod dammit stripped the http10:52
Ussatsigh10:52
UssatThere:  https://pastebin.com/Tt3QZEET10:53
UssatThats the entire email minus identifying info, like names :)10:53
UssatNote, PowerVM is different than PowerPCle10:54
UssatPowerVM is a hypervisor that runs on PowerPCle10:54
Ussatand I have the 18.04ppcle iso10:54
tomreynPowerVM does not seem to be specific to 32-bit POWER platforms, support for which got removed between 16.04 LTS and 18.04 LTS. so i'm not sure what they're referring to.11:10
tomreynfor all i can tell there was never direct "support for PowerVM" by Ubuntu11:12
UssatOK, I will try to clarify with IBM, thanks11:12
tomreynso i'm not sure what they're referring to by stating "Ubuntu effectively stopped support for Ununtu PowerVM's with Version 16"11:13
tomreynUssat: Note that i'm just a volunteer, not a Cannical spokesperson nor Ubuntu developer.11:14
UssatI will try to get clarification from IBM on this, thanks11:14
UssatNP, all good and appreciate the info11:14
UssatI may call Canonical directly later, thanks again11:15
TJ-They may be referring to the fact that there's no certification beyond 16.04 for PowerVM11:36
UssatThats probably it, I have an email to my IBM rep11:47
UssatTJ-, if thats the case, its unfortunate11:47
UssatI also have an email to Canonical11:47
UssatIt really limits my choice to RHEL or Cent on PowerVM11:48
cyphermoxpatdk-lap: such as? (things that netplan does not support)12:44
patdk-lapdummy interfaces12:48
patdk-lapatleast that I ran across the first installed I did that had netplan12:49
jamespagesahid: do we need a futurist version bump?14:16
jamespagejust looking at your build errors14:16
sahidjamespage: the OSLO fix you did resolved an issue with oslo_upgradechck?14:16
sahidjamespage: i need to check that, currently i just reported the issue14:17
sahidjamespage: python3-futurist is in eoan-proposed14:19
sahidi mean the 1.8.1 version needed14:21
sahidperhaps the buildroot that i use in my ppa should be based on proposed?14:21
jamespagesahid: yes - you can tweak that in the ppa configuration screen14:51
=== waveform_ is now known as waveform
jc__Hi @TJ-15:44
sahidjamespage: the ppa is rejecting my new uploads, i guess is because the version does not change, any idea how i can force?16:01
jamespagesahid: you can't16:06
jamespageonce a version is uploaded its burned16:06
jamespagesahid: that's why I used a generated version ID - https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/369016:06
jamespagesahid: its just a wrapper around backportpackage - https://paste.ubuntu.com/p/KrJrfpFTMx/16:07
jamespageI build the source package with my intended upload to ubuntu version, and then backportppa -u <PPA> -d eoan -y <srcpackage>.dsc16:07
jamespagethe version has timestamp in it so always moves forward correctly16:07
jamespagesahid: PPA's work just like the main archive does from this perspective16:08
sahidack, wil try to understand all of that, thanks a lot16:09
jamespagesahid: you can delete the current set of packages from the PPA, and then use that script to upload new ones16:10
jamespagethat should work16:10
jerichowasahoaxI've got an apt-get upgrade process running that I don't recall starting myself. Is there some way I can check its current status, make sure it's actually doing something?16:13
jerichowasahoaxI imagine this is just some automagic security update request or something so as long as it's not a zombie process I'm okay with letting it finish first.16:14
jerichowasahoaxps aux says "jun05" yeah it's probably a zombie nvm lol16:16
sudoISSthree cheers for openssl 1.1.1! hip hip, hooray! hip hip, hooray! hip hip, hooray!17:08
lordcirthOoh, TLS 1.3, 0-RTT, SHA3, nice!17:09
=== MassDebates_ is now known as MassDebates
masonHrm. So, the topic links https://help.ubuntu.com/16.04/serverguide/, but https://help.ubuntu.com/18.04/serverguide/ is available.18:39
masonJust saying.18:39
tomreynit should probably point to https://help.ubuntu.com/stable/serverguide/ instead18:48
masonEven better.19:03
masonSo, I'm curious... Is there a trick to getting a VM to support S3/S4?19:29
masonlibvirt/virsh, I see: "error: internal error: S3 state is disabled for this domain"19:30
lordcirthmason, what's S3 in this context?19:34
masonlordcirth: Sleep state. As in, "virsh dompmsuspend --target mem foo"19:34
tewardanyone know anything about STunnel?20:14
TJ-teward: yes :)20:15
TJ-teward: I used to use about 20 years ago with Windows :p as well as on Linux20:15
teward:P20:17
tewardtrying to use it to get a secure tunnel to Redis but...20:17
tewardgetting this on client side: SSL_connect: 14212044: error:14212044:SSL routines:tls_construct_ctos_early_data:internal error     and this server:  SSL_accept: 140940F4: error:140940F4:SSL routines:ssl3_read_bytes:unexpected message20:17
tewardmakes me think TLS 1.3 is at fault20:17
tewardbut this works between containers so IDK20:17
TJ-different ssl libraries at either end?20:18
sdezielearly_data sounds like 0-RTT20:18
tewardTJ-: 1.1.1 on both sides20:20
tewardunless stunnel4 needs a rebuild after the OpenSSL backport on 18.0420:20
tewardbut the odd thing is this works FINE on stunnel4 between containers20:21
tewardand the WEIRD part is it's accepting the connection from remote THEN barfing20:21
* teward grumbles.20:21
tomreynis "ssl3_read_bytes" still used with TLS 1.3?20:22
tewardno idea, but this is the OpenSSL error it triggers20:22
TJ-teward: have you done a test with openssl s_client ?20:23
mason<suspend-to-mem enabled='yes'/> fwiw20:23
sarnoldmason: hah, thanks20:23
TJ-teward: the failing connection is stunnel4<>stunnel4<>redis or stunnel4<>redis ?20:25
masonAh, didn't work. Still "S3 state is disabled"20:25
masonsigh20:25
tewardTJ-: python Redis client (PLAIN) <> stunnel4 CLIENT <> stunnel4 SERVER <> redis SERVER20:25
sdezielmason: not sure that interests you but there is 'virsh suspend $VM' that pauses the VM20:25
tewardbreaks between the two stunnels when actually going between networks20:25
tewardBUT20:25
masonI'll figure it out anyway. Tracking a suspend/resume bug, and it'd be a happier picture if I can debug it on a VM20:26
tewardsame setup worked FINE in same network between containers running the same OS (18.04)20:26
TJ-teward: so in all cases we're dealing with 2 stunnel4 instances20:26
tewardTJ-: correct20:26
masonsdeziel: It might help. Unsure. This manifests as an ACPI bug on real hardware.20:26
tewardbut it doesn't work over the Internet but DOES through the local containers subnet without going to the Internet or passing between network layers like that20:26
teward*shrugs*20:26
sdezielmason: if you want to debug a suspend/resume bug, I doubt cause 'virsh suspend' seems to just send a stop command to the QEMU20:27
masonoh, it overwrote the change on shutdown :P me--20:27
sarnold:(20:27
tewardoh hm hang on20:27
tewardi think i might've broke something here20:27
TJ-teward: it can happen if the ports are being scanned20:27
tewardTJ-: this can also happen if it doesn't get a cert20:28
mason\o/20:28
tewardssl handshake failure sclient20:28
teward1 moment20:28
TJ-teward: I thought you said it had connected?20:28
tewardTJ-: it had guess I did a stupid somewhere20:28
tewardhang on20:28
TJ-mason: you changed a manual config which got replaced? I had that happen to me earlier20:29
masonTJ-: My mistake was changing the config before killing the VM.20:30
TJ-mason: yeah, annoying when it writes the existing in-memory config out after you've edited it :D20:30
masonchanging it afterwards worked20:30
masonyeah20:30
TJ-spend time wondering how it got unset :p20:30
masonYEP20:30
masonWe can get a vagrant VM to sleep. Odd.20:33
sarnoldsing it a sweet little song, rock it back and forth..20:34
masonheh20:36
tewardTJ-: i think i failed in cert config21:07
tewardbut i will test at home :p21:07
Nikita790hello21:59
Nikita790Can someone help me with configureing ubuntu server with my network card? i am only familler with linux gui, im stuck at the installer becase its only looking on eathernet22:02
sarnoldNikita790: what release of ubuntu? what are you trying to do? where are you stuck?22:08
Nikita790sorry22:10
Nikita790i am used to discords bleep msg sounds22:10
Nikita790Basicly im trying to install 19.04 and i am stuck at the network connections setup, it will not see my network card, it only sees my eathernet22:11
Nikita790How can i get it to see my network card?22:11
OerHeksso, you want wireless networking?22:11
Nikita790yes22:11
OerHeksfind out what adapter, lspci would tell22:12
OerHeksand ifconfig would show more..22:12
Nikita790one second22:13
OerHeksbtw one must have a reason not to use 18.04 LTS ..22:13
Nikita790oh22:14
Nikita790i just chose 19.04 becase i tought it would be fastest22:14
Nikita790should i burn a 18.04 and use thatt instead?22:14
OerHeksyes, preferrably22:15
Nikita790ok i will do that right now22:15
OerHeksstable and well tested. and lots of guides only handle 18.0422:16
Nikita790the card is a linksys 2.4g wmp54G22:17
Nikita790i know it works on lubuntu 19.0422:17
Nikita790i am burning dvd now22:18
Nikita790thank you so much22:19
sarnoldno usb memory sticks?22:20
Nikita790no22:21
Nikita790i do not have one22:21
Nikita790sorry, i am not used to checking my irc becase im used to discords msg sounds, sorry22:22
sarnoldNikita790: don't worry about it, people come and go all the time on irc22:22
Nikita790ok the iso is almost done downloading22:23
Nikita790then i can burn, hopefully it will recognize my linksys 2.4g wmp54G PCI wifi card22:23
Nikita790ok its burning at 8x speed22:24
OerHeksoke, after installing, use wired networking >>  To use wifi with netplan.io and systemd-networkd, you need to manually install the wpasupplicant package. It is not automatically installed as a dependency since wifi support is optional on servers.22:26
Nikita790ok... thank you22:27
Nikita790I will do my best22:27
Nikita790ok22:30
Nikita790so22:30
Nikita790does usb eathernet work for the installer? thats all i have acces too22:30
patdk-lapdepends22:32
Nikita790i am going to try to use the ios hotspot one22:32
Nikita790thats all i have acces to other then wifi22:32
patdk-lapif your usb network adapter has a linux driver in the kernel or not, likely does22:32
Nikita790i will try22:32
patdk-lapit just gets so iffy, as it can take a few years sometimes for new device chipsets to get drivers into the kernel22:33
Nikita790ok i hope my iphone has it, im gonna use the hostspot22:33
Nikita790im booting up server 18.04 now22:33
tewardTJ-: well it 'connects' but... this is now what s_client shows: SSL_accept: 14201076: error:14201076:SSL routines:tls_choose_sigalg:no suitable signature algorithm22:34
teward:|22:34
TJ-looks like the key exchange algo lists are different?22:35
tewardpossibly22:35
TJ-teward: or is it the certificate signing algo its on about?22:35
tewardbut that's s_client -> the stunnel4 server where redis is22:35
tewarddirectly22:35
TJ-can you tell from the debug point22:35
tewardTJ-: can't tell22:35
TJ-s_client can have very very verbose debug logging, which might help figure out which stage it is at22:36
tewardwell if i drop to TLS1.222:36
tewardit says no shared cipher22:36
tewardwhich is a different error :|22:36
tewardthis is annoying me22:36
Nikita790i wish there was a version of ubuntu server with all the ubuntu desktop wifi drivers baked in22:37
TJ-teward: bingo "DSA certificates are no longer allowed in TLSv1.3. "22:37
tewardi'm not using DSA22:37
tewardthey're RSA22:37
tewardand i'm forcing 1.2 now22:37
tewardbleh might blast this config and start over22:38
tewardsee if i did something wrong in the config22:38
TJ-teward: hmmm, see https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ where they show that exact error22:38
sarnoldNikita790: if you've got monitor on the computer you could probably install the ubuntu desktop and just remove the packages you don't want22:38
tewardTJ-: going to blast the configs and start over22:38
tewardwith something that 'just works' to start22:38
tewardthen try and add auth, etc.22:38
* teward goes to copy directly the configs from the containers22:38
Nikita790Sarnold i used to do that but i heard it was very bad for the preformace22:39
Nikita790and i need max preformace becase this is a low end pc thats gonna host a game server22:39
sarnoldNikita790: there's not much difference between the two, beside the desktop version installs a GUI and uses networkmanager to configure networking22:40
sarnoldyou could easily uninstall both those if you wished22:40
Nikita790wow, ok i might keep my lubuntu installation then22:40
Nikita790i just cant get the bloody screensaver to be disabled lol. thank you so much for your wisdom22:40
Nikita790thanks22:41
sarnoldheh if that's the problem with your existing system I'm sure there's a solution of some sort :) dpkg -l '*screen*' might be a good start22:44
Nikita790oh yes i used screen :D i just heard that a entire gui killed the servers preformace22:46
sarnoldit depends what it's doing, how much GPU vs CPU vs memory it takes up, etc..22:48
sarnoldthe dpkg -l '*screen*' is to try to figure out what screensaver lubuntu might be using. it might be as easy as apt-get purge :)22:48
tewardTJ-: huh, you know what..22:52
tewardthis might mean the ssl-cert package that generates snakeoil certs needs updated22:52
tewardsarnold: ^22:52
TJ-teward: DSA cert?22:52
tewardTJ-: not 100% sure but I'd like to FORCE it to use RSA22:52
tewardchecking now22:52
TJ-there's an openssl.cnf in stunnel's /usr/share/doc/stunnel4/examples/ too, which might need looking at (it's for generating certs)22:53
tewardhuh nope it's an RSA cert22:53
tewardTJ-: i was just trying to PSK the thing22:53
tewardlooks like the system is weird :|22:53
tewardworks FINE now i think22:53
tewardbut i'll have to add PSK stuff in again for testing22:53
Nikita790OH i was told if i use the alternative iso i can use wifi22:54
tewardcert auth is even more painful22:54
Nikita790im trying that22:54
tewardso PSK for now with LONG keystrings22:54
TJ-I never had a problem with certs; I use a USB Armory for issuing/signing certs22:55
tewardTJ-: yep working now.22:55
tewardTJ-: I use XCA but it's unclear what certs go where, and /usr/share/doc/stunnel4/* doesn't seem to exist22:55
tewardor at least it DIDN'T22:55
teward:|22:55
tewardnow it's here22:55
tewardi can generate the cert inside XCA now though22:56
tewardnow that i now what extensions it needs xD22:56
TJ-:)22:56
tewardbut what I really need is client cert auth working22:56
tewardand I can't find examples of that22:56
sarnoldteward: https://launchpad.net/ubuntu/+source/ssl-cert/+changelog .. most recent change from 2017 .. since 1.1.1 is in cosmic, disco, eoan, without trouble, I'm guessing it's probably not in immediate need of update..22:58
tewardsarnold: yeah i poked it's an RSA cert22:58
tewardi think SOMETHING was just fubar with the cert when being parsed, redid the cert by hand and made a selfsigned and it "just worked"22:59
teward*shrugs*23:00
Selfsigned:/23:01
sarnold:D23:02
EickmeyerSelfsigned: Username checks out.23:10
tewardTJ-: OK so...23:16
tewardcan't use SSL with PSK23:16
tewardso i'll have to just use a redis auth PW then23:16
tewardwhich i should do anyways lol23:16
tewardsarnold: is there any guide for converting a sysvinit into a SystemD unit?23:17
sarnoldteward: this is a nice overview https://wiki.ubuntu.com/SystemdForUpstartUsers23:19
sarnoldteward: (not of the exact sysv->systemd, but systemd in general)23:19
tewardyeah i'm going to futz with the stunnel4 package locally to see if I can't SystemD unit the entire thing23:20
tewardget it off the older methods23:20
tewardgoing to be an evil project but xD23:20
tewardtired of using sysvinit evil23:20
sarnoldyeah; I don't love systemd, but sysv-init isn't my idea of great either :)23:23
sarnoldteward: there's too much documenation for systemd unit files, and throwing you into the docs feels mean.. but if you've got a cause to run one stunnel4, you probably have cause to run several of them. and they might be similar enough to justify learning the 'template' support, mentioned on https://www.freedesktop.org/software/systemd/man/systemd.unit.html23:25
sarnold(and the manpages, of course, but the hyperlinked ones are actually kind of nice)23:25
tewardsarnold: true.  but I'm curious why we don't unzip and copy the sample config into /etc/stunnel/23:26
tewardbecause it's weird, there's LITERALLY no config examples there by default23:26
tewardit's all dug deep in /usr/share/doc/...23:26
tewardmaybe that's normal but eh23:26
sarnoldteward: yeah I always prefer having example configs in /etc .. but I can kind of understand the folks who want /etc to say what's *different* about the machine in question. it's weird.23:26
tewardi looked at the stunnel config example though23:28
tewardEVERY unit in its example is commented out23:28
tewardand /etc/default/stunnel4 has to have ENABLED=1 to actually start23:28
tewardso IDK23:28
tewardit'll be a long term project to SystemD-ify stunnel423:28
sarnoldor ignore the configs / initscript shipped in the packages?23:29
tewardlol indeed23:30
tewardsarnold: well i would want to ship it as by default NOT enabled23:30
tewardis that even doable in the package policy to autodisable the service at install?23:30
tewardbecause it would NEED configured to even run23:30
tewardper my testing at least23:30
tewardno config, megaerror23:30
sarnoldteward: good question. it's my understanding that systemd comes from the land of 'installed packages don't automatically run anything'.. I'm not sure how well that'd fit in debian23:31
tewardwell i an't touching Debian with a fifty foot pole23:31
teward:p23:31
tewardwhich reminds me23:31
tewardI still need to distropatch NGINX Eoan23:31
tewardwith that PIDfile handling thing23:31
=== BrianBlaze420 is now known as brianblaze
CurtmanI'm trying to set up an iSCSI target with targetcli, I'm confused why various tutorials, and even the manpage refer to a systemd unit I don't have and cant find any info about how to install. Eg: "$ sudo systemctl enable target.service"23:48
CurtmanDoes anyone know what package provides that?23:48
Curtmanhttp://manpages.ubuntu.com/manpages/bionic/man8/targetcli.8.html23:48
TJ-teward: I can systemd-ify stunnel if you want the package updating; it doesn't require much at all23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!