rzgd | on the ubuntu server installer with pre-exiting and unlocker dm-crypt partitions, the installer is trying to read keyfiles when not needed, and throws an error on block_meta.py line 1384, but being a preserved partition it shouldn't, error doesnt happen in the desktop version | 00:34 |
---|---|---|
sarnold | rzgd: I think there's a 'report bug' entry in the menu in the upper right hand corner | 00:48 |
sarnold | rzgd: could you file one on this? :) thanks | 00:48 |
mwhudson | the handling of existing dm-crypt devices is not so great :( | 00:55 |
sarnold | morning mwhudson :) | 00:56 |
rzgd | sarnold: i sent several reports yesterday :) | 02:59 |
rzgd | just wondering if there is an easy way to by-pass, i tried commenting the line but the snap is read-only | 02:59 |
mwhudson | you can play bind mount games to get around that but it's tedious | 03:37 |
albech | Anyone here who is a champ in mail headers and SPF that will have a look at mail to see why the SPF is not being validated? | 07:18 |
icey | Hey jamespage - I'm seeing a new set of test failures in the latest OpenStack milestone and couldn't figure anything, so I retried the m2 packages, and they're failing the same way. I'm not sure what the best approach is to ride tidying what changed but it looks like something landed in G that's hurting me | 08:40 |
jamespage | icey: log? | 08:43 |
icey | jamespage: https://pastebin.ubuntu.com/p/8TD5j233GD/ | 08:45 |
jamespage | icey: hmm yeah | 08:48 |
jamespage | icey: I'd probably look at the build logs for the last built version in groovy and try to figure out which deps have changed | 08:48 |
icey | jamespage: I don't know where to look to find the last built version in groovy | 08:55 |
icey | could you give me a pointer please? | 08:55 |
jamespage | icey: https://launchpad.net/ubuntu/+source/designate | 09:05 |
jamespage | follow the links to the individual package versions | 09:05 |
icey | thanks jamespage | 09:06 |
icey | jamespage: only 61 package changes it looks like ;-P https://pastebin.ubuntu.com/p/cd6K2nZnNN/ | 09:37 |
jamespage | yeah but you can probably narrow it down - maybe dnspython? | 10:15 |
jamespage | that's a major version bump | 10:15 |
jamespage | icey: I would suspect that - upstream is pinned to 1.16.0 | 10:16 |
icey | jamespage: well, pinned-ish, maybe - dnspython>=1.16.0 | 10:17 |
jamespage | look at upper-constraints.txt in the requirements project as well | 10:18 |
jamespage | that's used to limit transient breaks | 10:18 |
icey | I see what you mean | 10:19 |
icey | so jamespage, it seems like openstack packages are now conflicting on groovy, since they can't be 1.16? | 10:20 |
jamespage | icey: welcome to being a distribution | 10:20 |
jamespage | :) | 10:20 |
jamespage | moving backwards is not possible, so we need to debug and fix designate to be compat with 2.0.0 of dnspython I would suspect | 10:20 |
icey | and any other consumers of dnspython | 10:22 |
icey | jamespage: it just gets better and better: eventlet 0.26.1 has requirement dnspython<2.0.0,>=1.15.0, but you'll have dnspython 2.0.0 which is incompatible. | 11:01 |
icey | and the version of eventlet actually in groovy is 0.25.2 | 11:02 |
icey | that version hasn't (yet) pinned the dnspython to less than 2 :-P | 11:06 |
icey | on the plus side, forcing it to work with dnspython>=2 fails in the same way, so I'll work on a fix (that won't be acceptable upstream until the rest of the ecosystem moves forward :-/) | 11:09 |
icey | jamespage: this is looking bad - eventlet downgraded from dnspython2 because it broke a lot of bits - Nova folk are also commenting on this issue: https://github.com/eventlet/eventlet/issues/619 | 12:23 |
icey | so, with an older eventlet in groovy, we can install it, but things using eventlet may be very broken | 12:23 |
=== benpro0 is now known as benpro | ||
gunix | is there any way to downgrade this? https://packages.ubuntu.com/xenial/libc-bin | 16:28 |
gunix | i can find only the latest version in the mirrors | 16:28 |
gunix | i need 2.23-0ubuntu11, not 2.23-0ubuntu11.2 | 16:28 |
RoyK | what's wrong with the new one? | 16:29 |
gunix | RoyK: some very old internal library is failing with the new one | 16:31 |
gunix | can we rsync this from another node that still has the older packages? :-D | 16:32 |
sdeziel | gunix: you can get the old binaries from https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu11 | 16:47 |
gunix | ty | 16:54 |
RoyK | gunix: I guess setting up a vm or container to run that archaic code would be a better idea and just isolate it from everything else on the net | 17:07 |
RoyK | gunix: or just recompile the old lib | 17:34 |
gunix | RoyK: that is sadly not an option | 18:46 |
RoyK | gunix: neither of them? | 18:58 |
gunix | no :-( | 19:07 |
RoyK | gunix: why not a vm? | 19:12 |
gunix | RoyK: cause the server is already deployed on hundreds of physical servers | 19:13 |
gunix | and they have to stay alive | 19:13 |
RoyK | hm - ok - so you have an old library and its app to which you don't have any code and that is running on hundreds of physical machines? sounds a wee bit like bad planning to me | 19:14 |
oerheks | such ol' glibc, there is no reason to use it. | 19:19 |
RoyK | gunix: from where did this software come? | 19:24 |
gunix | internal software. The legacy one, nobody touched in years | 19:24 |
gunix | :-D | 19:24 |
RoyK | but the code is there somewhere? | 19:25 |
RoyK | and someone can probably read it, even if it was written in FORTRAN77 | 19:25 |
znf | Hey - question question in regards to UFW | 20:04 |
znf | I haven't really dabbled with iptables/netfilter in ages, so I just resorted to use UFW | 20:04 |
znf | I did a fresh install of UFW, I only enabled ssh/http/https | 20:04 |
znf | everything works when I test, I haven't gotten any reports of it not working | 20:04 |
znf | yet... I get messages in my log about blocks to port 80 | 20:05 |
znf | Most of my traffic on that server comes from Cloudflare, so I see a lot of their IPs in the logs, but I don't get why | 20:06 |
oerheks | znf, i would start with enable ufw logs https://help.ubuntu.com/community/UFW#Logging | 20:22 |
TJ- | znf: multiple IP addresses and/or interfaces? | 20:23 |
oerheks | some blocks are explainable, old post; https://askubuntu.com/questions/299964/why-is-ufw-logging-block-messages-regarding-a-port-for-which-ufw-is-configured | 20:23 |
znf | TJ-: multiple IPs yes | 20:24 |
znf | As far as I can tell, there is no actual block | 20:24 |
znf | Just... Logging? For... Reasons? | 20:24 |
TJ- | znf: maybe there's just a logging rule enabled | 20:25 |
TJ- | znf: is the log entry in the kernel log? is it prefixed with a UFW indicator so you can tell what is generating it? | 20:25 |
TJ- | znf: "sudo iptables -nvL INPUT" might help spot the rule doing the reporting | 20:25 |
znf | the output of -S does show logs, yes: https://pastie.dev/uh7gO2 | 20:28 |
znf | but it's so very weird to have them show up as UFW BLOCK when... there's no actual blocking | 20:28 |
TJ- | It looks like that is due to the limit rules, when the number of connections exceeds the limit in a certain time they get blocked (anti denial of service rules) | 20:30 |
znf | but there doesn't actually seem to be a limit | 20:32 |
znf | it's just -j LOG | 20:32 |
znf | at least taht's what I understand | 20:35 |
znf | oerheks, I believ that logging is enabled by default, hence... why I see the log messages :) | 20:46 |
znf | and yes, setting logging off gets rid of the messages | 20:47 |
znf | not something I really want | 20:47 |
TJ- | znf: is the target i/f or IP on the local host or in a container (and thus affected by FORWARD rules) ? | 20:47 |
znf | nope, it's a stand-alone server, no container, just runs nginx | 20:47 |
TJ- | znf: I was going to point to the ufw-before-logging-input chain but that's empty, and the ufw-user-input is called from ufw-before-input so port 80 connections shouldn't reach the -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | 20:50 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!