rzgdon the ubuntu server installer with pre-exiting and unlocker dm-crypt partitions, the installer is trying  to read keyfiles when not needed, and throws an error on block_meta.py line 1384, but being a preserved partition it shouldn't, error doesnt happen in the desktop version00:34
sarnoldrzgd: I think there's a 'report bug' entry in the menu in the upper right hand corner00:48
sarnoldrzgd: could you file one on this? :) thanks00:48
mwhudsonthe handling of existing dm-crypt devices is not so great :(00:55
sarnoldmorning mwhudson :)00:56
rzgdsarnold: i sent several reports yesterday :)02:59
rzgdjust wondering if there is an easy way to by-pass, i tried commenting the line but the snap is read-only02:59
mwhudsonyou can play bind mount games to get around that but it's tedious03:37
albechAnyone here who is a champ in mail headers and SPF that will have a look at mail to see why the SPF is not being validated?07:18
iceyHey jamespage - I'm seeing a new set of test failures in the latest OpenStack milestone and couldn't figure anything, so I retried the m2 packages, and they're failing the same way. I'm not sure what the best approach is to ride tidying what changed but it looks like something landed in G that's hurting me08:40
jamespageicey: log?08:43
iceyjamespage: https://pastebin.ubuntu.com/p/8TD5j233GD/08:45
jamespageicey: hmm yeah08:48
jamespageicey: I'd probably look at the build logs for the last built version in groovy and try to figure out which deps have changed08:48
iceyjamespage: I don't know where to look to find the last built version in groovy08:55
iceycould you give me a pointer please?08:55
jamespageicey: https://launchpad.net/ubuntu/+source/designate09:05
jamespagefollow the links to the individual package versions09:05
iceythanks jamespage09:06
iceyjamespage: only 61 package changes it looks like ;-P https://pastebin.ubuntu.com/p/cd6K2nZnNN/09:37
jamespageyeah but you can probably narrow it down - maybe dnspython?10:15
jamespagethat's a major version bump10:15
jamespageicey: I would suspect that - upstream is pinned to 1.16.010:16
iceyjamespage: well, pinned-ish, maybe - dnspython>=1.16.010:17
jamespagelook at upper-constraints.txt in the requirements project as well10:18
jamespagethat's used to limit transient breaks10:18
iceyI see what you mean10:19
iceyso jamespage, it seems like openstack packages are now conflicting on groovy, since they can't be 1.16?10:20
jamespageicey: welcome to being a distribution10:20
jamespagemoving backwards is not possible, so we need to debug and fix designate to be compat with 2.0.0 of dnspython I would suspect10:20
iceyand any other consumers of dnspython10:22
iceyjamespage: it just gets better and better: eventlet 0.26.1 has requirement dnspython<2.0.0,>=1.15.0, but you'll have dnspython 2.0.0 which is incompatible.11:01
iceyand the version of eventlet actually in groovy is 0.25.211:02
iceythat version hasn't (yet) pinned the dnspython to less than 2 :-P11:06
iceyon the plus side, forcing it to work with dnspython>=2 fails in the same way, so I'll work on a fix (that won't be acceptable upstream until the rest of the ecosystem moves forward :-/)11:09
iceyjamespage: this is looking bad - eventlet downgraded from dnspython2 because it broke a lot of bits - Nova folk are also commenting on this issue: https://github.com/eventlet/eventlet/issues/61912:23
iceyso, with an older eventlet in groovy, we can install it, but things using eventlet may be very broken12:23
=== benpro0 is now known as benpro
gunixis there any way to downgrade this? https://packages.ubuntu.com/xenial/libc-bin16:28
gunixi can find only the latest version in the mirrors16:28
gunixi need 2.23-0ubuntu11, not 2.23-0ubuntu11.216:28
RoyKwhat's wrong with the new one?16:29
gunixRoyK: some very old internal library is failing with the new one16:31
gunixcan we rsync this from another node that still has the older packages? :-D16:32
sdezielgunix: you can get the old binaries from https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu1116:47
RoyKgunix: I guess setting up a vm or container to run that archaic code would be a better idea and just isolate it from everything else on the net17:07
RoyKgunix: or just recompile the old lib17:34
gunixRoyK: that is sadly not an option18:46
RoyKgunix: neither of them?18:58
gunixno  :-(19:07
RoyKgunix: why not a vm?19:12
gunixRoyK: cause the server is already deployed on hundreds of physical servers19:13
gunixand they have to stay alive19:13
RoyKhm - ok - so you have an old library and its app to which you don't have any code and that is running on hundreds of physical machines? sounds a wee bit like bad planning to me19:14
oerhekssuch ol' glibc, there is no reason to use it.19:19
RoyKgunix: from where did this software come?19:24
gunixinternal software. The legacy one, nobody touched in years19:24
RoyKbut the code is there somewhere?19:25
RoyKand someone can probably read it, even if it was written in FORTRAN7719:25
znfHey - question question in regards to UFW20:04
znfI haven't really dabbled with iptables/netfilter in ages, so I just resorted to use UFW20:04
znfI did a fresh install of UFW, I only enabled ssh/http/https20:04
znfeverything works when I test, I haven't gotten any reports of it not working20:04
znfyet... I get messages in my log about blocks to port 8020:05
znfMost of my traffic on that server comes from Cloudflare, so I see a lot of their IPs in the logs, but I don't get why20:06
oerheksznf,  i would start with enable ufw logs https://help.ubuntu.com/community/UFW#Logging20:22
TJ-znf: multiple IP addresses and/or interfaces?20:23
oerhekssome blocks are explainable, old post; https://askubuntu.com/questions/299964/why-is-ufw-logging-block-messages-regarding-a-port-for-which-ufw-is-configured20:23
znfTJ-: multiple IPs yes20:24
znfAs far as I can tell, there is no actual block20:24
znfJust... Logging? For... Reasons?20:24
TJ-znf: maybe there's just a logging rule enabled20:25
TJ-znf: is the log entry in the kernel log? is it prefixed with a UFW indicator so you can tell what is generating it?20:25
TJ-znf: "sudo iptables -nvL INPUT" might help spot the rule doing the reporting20:25
znfthe output of -S does show logs, yes: https://pastie.dev/uh7gO220:28
znfbut it's so very weird to have them show up as UFW BLOCK when... there's no actual blocking20:28
TJ-It looks like that is due to the limit rules, when the number of connections exceeds the limit in a certain time they get blocked (anti denial of service rules)20:30
znfbut there doesn't actually seem to be a limit20:32
znfit's just -j LOG20:32
znfat least taht's what I understand20:35
znfoerheks, I believ that logging is enabled by default, hence... why I see the log messages :)20:46
znfand yes, setting logging off gets rid of the messages20:47
znfnot something I really want20:47
TJ-znf: is the target i/f or IP on the local host or in a container (and thus affected by FORWARD rules) ?20:47
znfnope, it's a stand-alone server, no container, just runs nginx20:47
TJ-znf: I was going to point to the ufw-before-logging-input chain but that's empty, and the ufw-user-input is called from ufw-before-input so port 80 connections shouldn't reach the -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "20:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!