[01:05] <auggies> Hello
[01:05] <auggies> o/
[01:05] <sarnold> hello auggies
[01:05] <auggies> I have always wondered, when installing postfix, what the hell should I put for the host name? I have read all kinds of tutorials and they all say the same exact things that are way to vague
[01:06] <auggies> Hi sarnold
[01:06] <sarnold> man ain't that the truth
[01:06] <auggies> haha
[01:06] <sarnold> if your machine has a real routable dns name, probably that
[01:06] <sarnold> if not, well, uh, I get fuzzy :)
[01:06] <auggies> It is a VPS on Azure free
[01:07] <auggies> I suppose I can just try mydomain.com and see if it will send mail. if now I should keep a backup of the detected name
[01:07] <auggies> not*
[01:07] <sarnold> if it's only ever going to *send* mail then it likely doesn't matter
[01:07] <sarnold> but if you intend to receive mail it might require more thinking
[01:07] <auggies> Only send mail
[01:08] <sarnold> (note that my mail server knowledge is a good 20 years out of date, I don't know how modern antispam things work)
[01:09] <auggies> G Suite has a good thing going on where you can have it only receive mail from your server IP plus spf=mydomain (close to that) and dkim which I haven't learned yet
[01:09] <auggies> For DNS records of course
[01:12] <sarnold> how much does azure charge for ip addresses? if it's a problem that's solved by three bucks a month or something it might be worth it
[01:21] <auggies> It has a free plan that I am currently using and it comes with an IP
[01:21] <sarnold> nice
[01:21] <auggies> It is called Azure free VPS I think
[01:23] <auggies> Yeah and I installed their Ubuntu 16.04 but upgraded to 18.04
[01:26] <auggies> To do this you sign into portal.azure.com and search the marketplace for "Free account virtual machine"
[06:25] <lordievader> Good morning
[07:51] <sahid> coreycb, jamespage I will start new point stable updates for queens
[07:54] <sahid> hum we actually have bug/1830341 not yet in 'updates'
[08:13] <sahid> coreycb: cinder did not passed autopkgbuild for some reason
[08:27] <sahid> looks like a dns issue, perhps we could just trigger an other attempt?
[08:27] <sahid> ^ jamespage http://autopkgtest.ubuntu.com/packages/n/nova/bionic/armhf
=== Napsterbater is now known as Guest36397
=== Napsterbater_ is now known as Napsterbater
[10:27] <caribou> Hello everyone, who looks after the QEMU bugs nowadays ? it used to be cpaelzer but I don't see him around
[10:52] <john3voltas[m]> hello.
[10:52] <john3voltas[m]> i'm looking into using 'ubuntu core' on a raspberry pi.
[10:52] <john3voltas[m]> is this the best channel to talk about 'ubuntu core'?
[11:10] <compdoc> best to use the versions already made for pi
[11:11] <compdoc> unless youre planning to develop and program ubuntu to make it run
[11:15]  * john3voltas[m] sent a long message:  < https://matrix.org/_matrix/media/v1/download/matrix.org/tRqsWyWaeHReQTWTFwxKQTCE >
[11:16] <john3voltas[m]> googling i found a version for the compute module 3, but i want the latest for the full RPi 3B+
[11:22] <john3voltas[m]> ok, i've found it
[11:22] <john3voltas[m]> https://ubuntu.com/download/iot/raspberry-pi-2-3-core
[11:22] <john3voltas[m]> thanks though
[11:58] <lotuspsychje> re-ask your issues here haiiokarin
[11:58] <haiiokarin> hey guys
[11:58] <haiiokarin> lotuspsychje: yes one sec :)
[11:59] <haiiokarin> so basically i have droplet on the digitalocean on which iinstall only one dependency - LibreTime ( it's made for hosting radio station using icecast as server ) . So i want this IP that i received with droplet to make SSL secure, is there any easy way implementing that in the digitalocean with let's encrypt? Do i have to install any more depedency like Apache ( this i saw on some blog )
[12:00] <lotuspsychje>  Ubuntu 16.04.6 x64 ,  4.4.0-154-generic server ^
[12:00] <haiiokarin> lotuspsychje: ty
[12:05] <haiiokarin> hmmm but as i am looking around this is more like digitalocean type of question
[12:06] <haiiokarin> there is not much up to ubuntu - Let's Encrypt doesn't provide ssl certificates for IP adresses so far
[12:09] <avu> haiiokarin: you can use certbot in standalone mode
[12:09] <avu> no need for a dedicated webserver
[12:09] <haiiokarin> avu: yes? i just want to make ip adress secure not domain
[12:10] <haiiokarin> avu: this ip adress doesn't need to have for example "www.domain.com" but i need to stay it as ip but ssl secure
[12:10] <haiiokarin> this is what i found - https://www.digitalocean.com/community/questions/ssl-for-ip-address
[12:10] <avu> yes, don't think that work with letsencrypt
[12:10] <haiiokarin> avu: yeah :/
[12:11] <avu> doesn't but doesn't icecast stream using HTTP?
[12:12] <haiiokarin> avu: hmmm yes it does
[12:12] <avu> then using a letsencrypt domain certificate should work?
[12:14] <haiiokarin> i'm new into this so let me understand - will Let's Encrypt let encrypt over ip adress?
[12:14] <haiiokarin> or it does look for the actually domain?
[12:15] <supaman> its dependent on a domain name, doesn't provide certificates for IP addresses
[12:15] <haiiokarin> ooor maybe i'm not googlin to much and right asking you ( my bad ) - https://libretime.org/manual/secure-login-with-ssl/ this is what i found now
[12:15] <avu> not sure what you mean by "encrypt over ip address", letsencrypt will issue certificates for a domain, you can then use that domain in your icecast server to encrypt the traffic between it and its clients
[12:16] <haiiokarin> avu: yes my bad with typing
[12:17] <supaman> haiiokarin: that link at libretime, these directions also depend on you having a domain name
[12:17] <lordievader> If you don't care about certificate validation you can just use a self-signed cert, that way you can encrypt your connections with SSL without the need for a domain (for LE).
[12:18] <haiiokarin> supaman: right, that is just settings after i acquire domain.
[12:20] <supaman> haiiokarin: what is usually meant with a certificate is to provide the https capability, but a certificate can be used for a bit more then just that (it can be used to encrypt all traffic, be it through a webbrowser or some other internet service)
[12:21] <supaman> haiiokarin: when you say you want to get a certificate for an IP address, that has no meaning, what you need to ask yourself is "how do I encrypt the service that I am providing"
[12:22] <supaman> haiiokarin: in your case your setting up icecast right?
[12:22] <supaman> haiiokarin: so you need to figure out how to encrypt that, and how to let users know what a valid certificate is
[12:22] <haiiokarin> supaman: right, ty for brief explanation. Yes, not exactly icecast but LibreTime which is mix of icecast and liqudisoap ( it's web managment for radio station )
[12:22] <haiiokarin> supaman: yes
[12:24] <supaman> haiiokarin: well, I don't have an answer unfortunately, but that is the problem that you are having and since you don't have a domain name then letsencrypt and other services like that are of no help since they all depend on domain name.
[12:24] <supaman> haiiokarin: but self signed certificates can do this I think, then its the problem of letting users know what is the correct certificate and that is not easy
[12:25] <haiiokarin> yes i guess i'll have to buy domain and encrypt service as provided up there in the guideline of libretime
[12:25] <supaman> haiiokarin: that is the best solution yes
[12:26] <supaman> haiiokarin: you don't own any domains at the moment? you could put this as a subdomain then (if you own example.com, then you could use radio.example.com)
[12:27] <haiiokarin> i have domain on which my website for the radio is - radio itself is hosted on this droplet since i wanted them separated
[12:27] <supaman> haiiokarin: a subdomain doesn't have to be on the same IP address
[12:28] <haiiokarin> because for musicians and developers to not cross each other ( that's just my way of seeing it )
[12:28] <supaman> you can have domain at x.y.z.k and radio.example.com at a.b.c.d
[12:28] <supaman> then you don't have to buy a new domain
[12:29] <haiiokarin> oh right
[12:29] <haiiokarin> so i can put that on the subdomain
[12:30] <supaman> haiiokarin: yes, you can put the icecast/liquidsoap on the subdomain
[12:31] <haiiokarin> supaman: just by following that exact path on guide libretime?
[12:33] <supaman> haiiokarin: well, that one is using a self signed certificate, but since you will be having a URL for the service then its best to use certbot for it since other computers trust certificates from them
[12:33] <haiiokarin> oh right, thank you for clarifying things
[12:34] <haiiokarin> i'm learning every day by asking this type of questions but i have to :D
[12:34] <supaman> haiiokarin: no problem :-)
[13:01] <coreycb> sahid: sounds good. I re-ran the cinder test.
[13:05] <sahid> coreycb: i'm on https://bugs.launchpad.net/cloud-archive/+bug/1837866
[13:05] <ubottu> Launchpad bug 1837866 in Ubuntu Cloud Archive " [SRU] rocky stable releases" [Undecided,New]
[13:08] <coreycb> sahid: sounds good, that can go straight to rocky uca (cosmic is EOL)
[13:08] <coreycb> sahid: anything new for stein should get done first though
[13:16] <sahid> coreycb: for stein i can only see cinder
[13:17] <coreycb> sahid: ok. we might as well get that prepped and in the queue.
[14:31] <m_tadeu> hi...I'm trying to change the hostname (sudo hostnamectl set-hostname newhostname), but it won't persist after boot...how to persist it?
[15:01] <tomreyn> m_tadeu: this rings a bell, but i don't know whether that's still an issue currently. which ubuntu server version are you asking about?
[15:02] <m_tadeu> I'm using 18.04.2
[15:03] <tomreyn> and you installed fresh using the default server installer (the 'new' one)?
[15:03] <tomreyn> have a look at /var/log.cloud-init.log (if it exists), see if there are hints on it changing the hostname perpetually.
[15:09] <tomreyn> check whether the desired hostname is set in one or both of /etc/hosts and /etc/hostname
[15:09] <tomreyn> https://bugs.launchpad.net/ubuntu/+source/cloud-init?field.searchtext=hostname or https://bugs.launchpad.net/cloud-init?field.searchtext=hostname might have relevant bug reports.
[15:17] <m_tadeu> tomreyn: thanks...seems setting the preserve_hostname in /etc/cloud/cloud.cfg did the job
[15:18] <tomreyn> m_tadeu: could you please file a bug on this?
[15:18] <teward> tomreyn: that's a known issue, because cloud-init defaults to locking the hostname, editing the cloud.cfg as m_tadeu did (or just removing cloud-init) solves the issue
[15:18] <teward> tomreyn: i remember filing such a bug let me dig it up
[15:19] <teward> i think https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1780867 was where it was filed, invalid for cloud-init but valid against Subiquity and 'fixed' but not sure that's leaked its way into LTS installers
[15:19] <ubottu> Launchpad bug 1780867 in subiquity "hostname unchangeable / some daemon changes and resets /etc/hostname" [Critical,Fix released]
[15:19] <teward> will be present in .3 though I think
[15:20] <teward> tomreyn: so "Fixed" for .3, but they'd need to respin the ISOs to fix it for .2
[15:20] <teward> with the easy workaroudns identified here already until .3 is spun
[15:20] <teward> m_tadeu:
[15:20] <teward> see above
[15:20] <tomreyn> preserve_hostname is not mentioned in there
[15:20] <tomreyn> thanks for digging it up, though
[15:22] <teward> tomreyn: no, it isn't, but it's in my other bug
[15:22] <teward> https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/1809155 <-- the dupe I filed
[15:22] <ubottu> Launchpad bug 1780867 in subiquity "duplicate for #1809155 hostname unchangeable / some daemon changes and resets /etc/hostname" [Critical,Fix released]
[15:23] <teward> copied that bit over
[15:24] <tomreyn> oh i see. i should have set the search to show dupes
[15:24] <teward> so now the workaround is mentioned
[15:24] <teward> yeppers.
[15:24] <tomreyn> it's only a few more weeks to 18.04.3 thankfully
[15:24] <teward> but the issue *was* known and *is* fixed going forward and will be picked up in 18.04.3 ISOs
[15:24] <teward> yep
[15:25] <tomreyn> actually les than a week
[15:25] <tomreyn> or exactly 1 week. ;) aug 1st
[15:29] <teward> assuming nothing bad happens, yes :P
[15:29] <teward> you never know because of kernel issues or last minute crit patches
[15:33]  * tomreyn crosses fingers
[15:46] <Ussat> gonna drop this here just in case anyone is interested: https://uiowa.referrals.selectminds.com/jobs/linux-senior-systems-administrator-4273
[16:15] <Greyztar> hello,if i drop all traffick to my server and then allow only ssh the sshd service refuse to start and just hangs if i do systemctl start sshd,if i run /usr/sbin/sshd manually its starts without a problem though,how can i find out whats stopping me from starting the service?In syslog theres no information of it also so im kind of at a loss journcalctl -ue sshd is empty aswell ,when i run sshd manually it uses the same config /etc/ssh/sshd_co
[16:16] <Greyztar> t it either,maybe its some dependency of the service?
[16:19] <Greyztar> or it has to be with the blocking of traffick,it starts when i open all traffick again,how come it starts manually though
[16:20] <tomreyn> did you only block inbound or also outbound traffic?
[16:20] <Greyztar> tomreyn: only inbound,though it completely works if i start it manually when i block all other traffick than ssh
[16:22] <tomreyn> you can strace the service, i guess. but i'm not sure whether sshd or apparmor has counter measures to try and prevent this
[16:22] <tomreyn> or try the same configuration on a newly configured VM, see if it behaves the same there.
[16:22] <Greyztar> ok ill try an strace and see what comes up,just find it really weird it works when started manually though
[16:23] <tomreyn> newly *installed*, i mean
[17:02] <seven-eleven> i found this in preseed.cfg:  tasksel tasksel/first multiselect ubuntu-desktop
[17:03] <seven-eleven> i want to install ubuntu server so i replace ubuntu-desktop with ubuntu-server right?
[17:08] <tomreyn> seven-eleven: there's no "ubuntu-server" task in bionic (18.04 LTS), but there is "server", and several other server related tasks.
[17:08] <seven-eleven> tomreyn, ah thanks! then i will just use "server"
[17:08] <tomreyn> https://termbin.com/of0b
[17:08] <tomreyn> ^  tasksel --list-tasks | grep server | nc termbin.com 9999
[17:08] <OerHeks> #tasksel tasksel/first multiselect lamp-server, print-server  ...
[17:09] <OerHeks> and tons of other services
[17:09] <seven-eleven> yeah, basic ubuntu server just what i need :-)
[17:09] <seven-eleven> i need openssh though
[17:09] <seven-eleven> but later in the preseed there's d-i pkgsel/include string openssh-server
[17:09] <seven-eleven> so it's kind of in two places
[17:10] <seven-eleven> i wonder if I can feed the preseed with my public ssh key
[17:11] <seven-eleven> or i simply login from ansible with the password and let ansible do the job
[17:12] <tomreyn> "apt-get -s install server^ | grep ssh" has no output, making me think that the "server" task does no install an openssh server (nor client)
[17:12] <seven-eleven> nope i think server doesn't
[17:12] <tomreyn> you can do late_command
[17:12] <seven-eleven> but I think you can install it later on via d-i pgsel/include
[17:13] <seven-eleven> yeah, late_command is an option
[17:15] <tomreyn> keep in mind the installer is not a standard server environment, ansible might run into issues.
[17:16] <tomreyn> seven-eleven: also consider commenting on https://community.ubuntu.com/t/please-review-design-for-automated-server-installs/11923
[17:18] <seven-eleven> ok
[17:19] <mmercer> does apt have something akin to yums 'history' ?
[17:20] <mmercer> that allows you to review each of the transacted invocations?
[17:20] <tomreyn> there are logs, two types
[17:20] <mmercer> yeap, just found the apt log :)
[17:21] <tomreyn> history lists requested actions, term lists what actually happened as a result (but less readable)
[17:24] <seven-eleven> i've created my preseed.cfg, now I have two options: remaster an ISO with the preseed or use netinstaller, by using netinstaller i simply point to ubuntu's netinstaller package on ubuntu.com?
[17:29] <seven-eleven> oh seems remastered ISO is much easier, net install over internet requires grub preinstalled and booted
[17:29] <seven-eleven> https://help.ubuntu.com/community/Installation#Server_and_network_installations
[17:29] <Greyztar> tomreyn: first of thanks for help,i just found out,all my other servers are working fine with same setup so coudlnt figure it out,it seems my vps provider runs a script to import ssh keys from managment page and it cant fetch it unless appropriate port is open and somehow the ssh server depends on that script to run successfully else it wont start who would know,it was really weird i didnt find an dependency for no script in unit file or so,
[17:30] <Greyztar> file
[17:31] <tomreyn> glad you solved it
[17:33] <tomreyn> seven-eleven: are you aware of https://help.ubuntu.com/lts/installation-guide/amd64/apb.html (especially step B.2.5.)
[18:05] <seven-eleven> tomreyn, didn't know about dhcp preseeding
[18:06] <seven-eleven> which way should I choose?
[18:07] <seven-eleven> I would have go for remastered iso, but if dhcp preseeding is recommended; I'd go for that
[18:10] <tomreyn> seven-eleven: there are multiple options, you choose based on your needs and preferences. if you need to install a lot of systems or need to install often, PXE booting is probably the best approach (most of the time).
[18:13] <seven-eleven> hm, I don't need to install often, but if PXE is used most of the time I think I'd go for it
[18:47] <seven-eleven> i worry about PXE security concerns https://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe
[18:48] <seven-eleven> what's the #2 alternative to PXE?
[18:50] <sarnold> if your network isn't secure from MITM attacks, then your best bet is to walk a USB stick from machine to machine
[18:52] <seven-eleven> i think i can avoid PXE and still have a convenient auto install, because in my case I install not on physicial computers, but auto install vms with a preseed
[18:53] <sarnold> oh in that case you probably want to use the cloud images and cloud-init scripts instead
[20:04] <seven-eleven> sarnold, guess then I dont need a preseed.cfg anymore :-)
[20:05] <seven-eleven> i found this script for QEMU https://github.com/giovtorres/kvm-install-vm
[20:07] <seven-eleven> it uses cloud-init - i think here it creates an ISO with the cloud-init config data, not the whole distro iso https://github.com/giovtorres/kvm-install-vm/blob/master/kvm-install-vm#L501
[20:08] <sarnold> seven-eleven: hmm, look around a bit, I have a feeling virt-install's no longer the new hotness; it may or may not still exist in newer releases
[20:08] <sarnold> seven-eleven: I've heard good things about https://multipass.run/ but haven't tried it yet
[20:11] <seven-eleven> sarnold, oh, maybe with multipass I don't need that intermediate github script anymore, because it takes care of all that
[20:11] <sarnold> right
[20:11] <sarnold> I'm sure it has new restrictions of its own of course
[20:11] <seven-eleven> i'll check it out, thanks!
[20:11] <seven-eleven> yeah
[20:11] <sarnold> but I once said aloud "I wish there was a user interface like lxd for kvm" and someone replied "check out multipass" :) heh
[20:12] <seven-eleven> hehe :-)
[20:12] <sarnold> (I might have also said some naughty words in the general direction of libvirt, I just wanted something simpler to run qemu directly without the N layers of abstraction libvirt gives.. and multipass adds yet another layer of abstraction.. but still, it sounds like a nice wrapper :)
[20:14] <seven-eleven> i wonder if I can run libvirt and multipass at the same time
[20:14] <seven-eleven> if you run virtualbox and libvirt together it doesn't work without a workaround
[20:14] <sarnold> libvirt and multipass should work together
[20:14] <sarnold> multipass and virtualbox probably won't
[20:15] <seven-eleven> mhm
[20:15] <sarnold> and I'm even surprised to hear there's a workaround available to let vbox and libvirt play nice
[20:15] <sarnold> I thought those were just using different kernel modules and that's that
[20:15] <seven-eleven> it's cli looks so easy, so I can easily give it a try on my libvirt host
[20:16] <seven-eleven> hm, i found an article last week how to run them together, but it looked too hackerish that i didnt try
[20:16] <sarnold> "buy a second computer" would be my starting point :)
[20:16] <sarnold> lunch time here, have fun seven-eleven :)
[20:17] <seven-eleven> thanks! have a nice lunch :-)
[20:21] <ezio> I'm having a problem with installing server.  I can install desktop.  I've done that.  Here's the error.  I see other people with this error and no resolution. https://imgur.com/jO3SCIC
[20:30] <lordcirth> ezio, is this when  loading the installer, or after rebooting? What ISO?
[20:44] <zyga> hello, who can I talk to about potential issue with xenial amazon images?
[20:52] <ezio> zyga, just ask
[20:53] <zyga> we got an IRC report about xenial based aws instance using lots of CPU and disk for 30 minutes until it was killed
[20:53] <zyga> it was a fresh instance, derived from xenial,
[20:53] <zyga> it is presumed that the source of the resource usage was snapd
[20:55] <zyga> I didn't attempt to reproduce the issue, all the information we got was: "eu-west-1a, t2.large, xenial-based image"
[20:55] <zyga> I was wondering if anyone could check if the vanilla image has similar problems
[20:55] <zyga> it had two snaps seeded: core and amazon agent
[22:23] <sarnold> zyga: interesting, someone reported snapd chewing cpu a few hours ago in #ubuntu: https://irclogs.ubuntu.com/2019/07/25/%23ubuntu.html#t19:20
[22:24] <sarnold> zyga: ahhh, I see, he mentions aws, it might be the same guy