[00:59] <cathode> hi all, i'm trying to rescue a ubuntu server machine that is bricked after upgrading from 18.04 to 20.04 (grub error) and booting from the livecd just dumps me into the installer process, how do i boot into the actual livecd environment?
[01:00] <sarnold> iirc there's a menu entry in the upper right hand corner
[01:00] <sarnold> or you could ctrl+alt+f2 etc
[01:00] <cathode> ah nice. thanks
=== denningsrogue5 is now known as denningsrogue
[05:30] <neildugan> Hi, I am trying to get a lxc client to work with a dnsmasq server... The problem I am having is that when a 'router' dhcp option is sent to the client a default route isn't being setup... please have a look at https://pastebin.pl/view/86136053
[05:42] <TJ-> neildugan: what does the lxc client show in its logs? is it true LXC or an LXD container?
[05:43] <TJ-> neildugan: I'd be looking at the netplan-generated network config at /run/systemd/network/ and the log "journalctl -u systemd-networkd"
[05:43] <neildugan> TJ-, it was create as a LXD container.
[05:44] <TJ-> neildugan: that makes it easier, you've a PDI1 init system insinde
[05:44] <TJ-> errr, PID 1 even
[05:54] <neildugan> TJ-, I re-enabled the dhcp-option 3 in the dnsmasq conf. file ... there is more data in https://pastebin.pl/view/602e7f16
[05:59] <TJ-> neildugan: where's the client getting its IPv4 address from (192.168.128.3) --- because that isn't inside the dnsmasq range 192168.128.200-254
[05:59] <TJ-> neildugan: I suspect that might be part of the issue
[06:04] <neildugan> TJ-, this particular client is to be a server I have a 'dhcp-host' setup to always set the IP to 192.168.128.3
[06:06] <TJ-> neildugan: i didn't see that in the pasted dnsmasq config
[06:07] <TJ-> neildugan: well, the issue seems to be at the client side. I suspect something is removing the default route as soon as its applied - seen that a few times where systemd-networkd has conflicting configs or both it and NetworkManager are operating
[06:07] <neildugan> TJ-, the setup if 'dhcp-host=database,192.168.128.3,infinite'
[06:08] <neildugan> TJ-, I will check for a conflict
[06:11] <neildugan> TJ-, "dpkg --get-selections | grep network-manager" doesn't indicate the network-manager is installed
[06:12] <teward> TJ-: i'mma go to sleep now, but will check my pings in the morning - did that systemd generator you linked me also generate the corresponding service files too as well as the mounts?  Or, is there a way to write such a generator for a specific 'class' of service?
[06:18] <TJ-> teward: mine generates mounts and automounts - you'd need to extrapolate on the concept for service units
[06:18] <TJ-> neildugan: but what is systemd-networkd logs showing?
[06:19] <teward> TJ-: shouldn't be too hard, I already have working mounts (and the corresponding 'template' a generator would need), and unlike LVMs, they're on-system .img files so I'm probably not going to have the same problem as your LVM issue.
[06:19] <teward> i'll dig forward on that front to make this a more automated system but since i have the mounts made manually for my needs as well I think I'm good.
[06:19] <teward> thanks for sharing that by the way :)
[06:19] <teward> </offline for requisite sleep>
[06:29] <neildugan> TJ-, syslog has the following lines "networkd-dispatcher[201]: No valid path found for iwconfig" and "networkd-dispatcher[201]: No valid path found for iw"
[06:30] <neildugan> TJ-, there is no wireless network on this client.
[06:36] <neildugan> TJ-, I just created a new vm "lxc launch ubuntu:20.04 testing" and it has the same problem!
[06:37] <neildugan> TJ-, so it doesn't appear to be a configuration that I accidentally changed
[06:47] <TJ-> neildugan: sounds like it is something to do with the way you've got the LXC network profile set up
[06:48] <TJ-> neildugan: with LXC's default network (lxbr0) it operates its OWN COPY of dnsmasq for starters
[06:51] <neildugan> TJ-, I just tried using the '"lxc launch ubuntu:18.04 testing" to see if that did anything different... it didn't still a problem.
[06:51] <TJ-> neildugan: is it using the default lxdbr0 network profile?
[06:53] <neildugan> TJ-, when I setup LXD I just told it to use an already existing bridge (br0) that I had setup... so I can bring these VMs into the production system easier... I will look into the network setup for lxc.
[06:54] <TJ-> neildugan: OK, so then there's a problem with your config somewhere if clients aren't accepting the gateway
[06:56] <neildugan> TJ-, a libvirt VM using the same bridge does setup correctly, with a default route.
[07:10] <neildugan> TJ-, do you think that the container privilege matter?
[14:41] <ygk_12345> hi all
[14:41] <ygk_12345> how to disable unattended security upgrades  through autoinstall for ubuntu 20.04 ?
[14:45] <tomreyn> ygk_12345: i'm not sure that's the best possible approach, but you could probably uninstall the package at the end of the installation process
[14:46] <ygk_12345> tomreyn as of now the installation is taking a lot of time due to these upgrades. I want to stop those at the time of installation itself
[14:46] <ygk_12345> not post installation
[14:47] <ygk_12345> is there a way to affect the install through autoinstall ?
[14:48] <tomreyn> you could also modify / set "packages" to uninstall the package, by setting it to "unattended-upgrades-"
[14:49] <tomreyn> (the trailing "-" should cause it to be uninstalled)
[14:49] <ygk_12345> tomreyn where exactly I have to define this ? which file ?
[14:49] <tomreyn> i did not mean "post installation" originally, but "at the end of the installation", i.e. "late-commands". but this may not suffice for working around upgrades during installation.
[14:50] <tomreyn> https://ubuntu.com/server/docs/install/autoinstall-reference
[14:51] <ygk_12345> tomreyn i need something to stop the unattended security from installing at all
[14:51] <tomreyn> or this rather https://ubuntu.com/server/docs/install/autoinstall-quickstart
[14:53] <tomreyn> well, the installation is based on an image (with packages pre-installed), you can only modify it once the image is written to the installation location, which is also what the installer does.
[14:54] <ygk_12345> is the installer downloaded form the internet during the install ?
[14:54] <ygk_12345> I mean the subiquity installer ?
[14:55] <tomreyn> depends on what you choose. if you go with the one that's on the installer iso, then not, otherwise, if you choose to live update the installer, then it's downloaded, as a snap, and installed.
[14:56] <ygk_12345> tomreyn for an autoinstall, is the subiquity part of the iso files ?
[14:56] <ygk_12345> I mean where is this subiquity code stored ?
[14:56] <ygk_12345> is ti downloaded from the internet ?
[14:56] <ygk_12345> *is it
[14:57] <rbasak> IIRC, it's included in the image but there's an option to update from the Internet
[14:58] <ygk_12345> rbasak in which folder is the subiquiy stored in the ubuntu iso image when mounted ?
[14:58] <ygk_12345> can we search it ?
[14:59] <ygk_12345> i want to test if we can modify or is it hard coded ?
[14:59] <rbasak> It's a snap, so I suspect it's not trivial to modify at runtime, if that's what you're asking. You'd have to unpack, or use "snap try", etc.
[14:59] <rbasak> I don't know if the implementation on the ISO is different to how snaps work normally.
[15:00] <rbasak> It's all Free Software so ultimately you can view/modify everything of course, in the same way that Ubuntu developers do. It's just a question of how difficult it is in your particular circumstances.
[15:01] <ygk_12345> i want to search the subiquity code in the iso
[15:02] <rbasak> https://github.com/CanonicalLtd/subiquity
[15:02] <rbasak> That'll be far easier than trying to examine the "built" subiquity on the ISO.
[15:03] <ygk_12345> rbasak I am interested t o know where these fies are stored in an iso. is it possible to search it ?
[15:03] <rbasak> I don't know, sorry. I'd have to look.
[15:39] <znf> hmm, so I'm trying to grow a RAID10 to RAID0 (I don't need the redundancy, data is easily replaceable)
[15:39] <znf> I've done:
[15:39] <znf> mdadm /dev/md3 --grow --level=0
[15:40] <znf> which didn't really seem to work like expected, it ejected the mirror drives so it only kept half the drives as raid0
[15:40] <znf> then I read more, so I've done
[15:40] <znf> mdadm --grow /dev/md3 --raid-devices=22 --backup-file=/root/raid.bak --add /dev/sdo1 /dev/sdm1 /dev/sdk1 /dev/sdi1 /dev/sdw1 /dev/sdg1 /dev/sdu1 /dev/sde1 /dev/sds1 /dev/sdc1 /dev/sdr1
[15:40] <znf> which goes trough a process of reshaping the array via a RAID4
[15:40] <znf> which has finally completed after about ~10 hours
[15:41] <znf> but now I'm "stuck" with a raid4
[15:42] <znf> do I just --grow to --level=0 again?
[16:41] <znf> the answer was yes: just --grow
[20:14] <asbachb> Hi. Is it normal that /sys/kernel/debug is loaded on server installations? It seems like it's just used for development purposes: https://de.wikipedia.org/wiki/Debugfs
[20:15] <sarnold> asbachb: I don't have a 'clean' machine handy, I've probably run things that require it on all my machines, heh
[20:16] <sdeziel> it is loaded by default AFAIK
[20:16] <asbachb> Found that: https://askubuntu.com/questions/954786/what-are-the-implications-of-disabling-debugfs-for-ubuntu
[20:17] <sarnold> well there it is, /lib/systemd/system/sys-kernel-debug.mount
[20:18] <sarnold> asbachb: could you file a bug on this against the systemd package? this feels worth a conversation if this is really intentional / desirable / etc
[20:19] <asbachb> If I get it right it's needed for ext4 fs checks.
[20:20] <sarnold> hmm
[20:21] <sarnold> it's got lots of neat uses but I didn't think any of them were *vital*
[20:21] <sdeziel> Kees Cook wanted to have it disabled back in 2011 https://lists.ubuntu.com/archives/kernel-team/2011-January/013418.html
[20:23] <sarnold> yes that sounds like him :)
[20:25] <sdeziel> it seems there was a general agreement to not have it mounted by default
[20:25] <sdeziel> but that was a long time ago. asbachb do you have a pointer to the ext4 fsck requiring this?
[20:25] <asbachb> sdeziel: Nah just that articale from 2011
[20:35] <sdeziel> asbachb: seems I can fsck.ext4 just fine without having debugfs mounted
[20:40] <asbachb> sdeziel: I guess e2fs contains debugfs which relies on debugfs mounts?
[20:41] <sarnold> debugfs is definitely not needed for usual system use
[20:41] <asbachb> Any ideas how to at least deactivate it?
[20:42] <sdeziel> masking the .mount didn't work here
[20:42] <sarnold> try systemctl disable sys-kernel-debug.mount
[20:42] <sarnold> o_O
[20:44] <asbachb> Ah ok. It's mounted by systemd. Now I got it.
[20:48] <sdeziel> https://paste.ubuntu.com/p/mxZyGWYtG7/ so masked but still mounted on boot, not nice
[20:50] <asbachb> sdeziel: Maybe a service which depends on that mount?
[20:50] <sarnold> sdeziel: if you're up for another test... sys-kernel-debug-tracing.mount  ?
[20:51] <sdeziel> sarnold: I could only find sys-kernel-tracing.mount which is equally refusing to be masked
[20:52] <sdeziel> asbachb: in theory, masked units are not startable
[20:52] <sarnold> sdeziel: hmm :(
[20:53] <sdeziel> I'm testing with a lxd container so maybe there's some magic happening due to that
[20:53] <sarnold> hmm. I'd kinda hope lxd containers couldn't mount it at all.
[20:53] <stgraber> that could simply be because those are pre-mounted
[20:54] <asbachb> I guess it's premounted by lxd.
[20:54] <asbachb> Ah stgraber faster. ^^
[20:54] <stgraber> just checked and we indeed do pre-mount a bunch of things:
[20:54] <stgraber> »···»···"/proc/sys/fs/binfmt_misc",
[20:54] <stgraber> »···»···"/sys/firmware/efi/efivars",
[20:54] <stgraber> »···»···"/sys/fs/fuse/connections",
[20:54] <stgraber> »···»···"/sys/fs/pstore",
[20:54] <stgraber> »···»···"/sys/kernel/config",
[20:54] <stgraber> »···»···"/sys/kernel/debug",
[20:54] <stgraber> »···»···"/sys/kernel/security",
[20:54] <stgraber> »···»···"/sys/kernel/tracing",
[20:55] <RoyK> !pastebin
[20:55] <ubot3> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
[20:55] <asbachb> That's more or less my problem. I'm running an lxd container which tries to mount that sys-kernel-debug, but fails since it's cannot be remounted.
[20:55] <RoyK> stgraber: please
[20:55] <stgraber> RoyK: I wrote pastebinit, I know about it, thank you ;)
[20:55] <RoyK> !pastebinit
[20:55] <ubot3> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the « pastebinit » package from a package manager - Simple usage: command | pastebinit
[20:56] <asbachb> stgraber: Do you know the reason /sys/kernel/debug is mounted by default?
[20:57] <stgraber> the reason why we have this logic in place in LXD is because unprivileged users aren't allowed to mount those, so an unprivileged container couldn't mount them. But some init systems (upstart at least) will fail to boot if they can't mount those.
[20:57] <stgraber> so instead LXD will pre-mount those things and then use apparmor to prevent actual use of those mount points
[20:57] <sdeziel> on a physical machine, sys-kernel-debug.mount and sys-kernel-tracing.mount are mask'able
[20:58] <stgraber> sdeziel: right because on a physical machine, those are mounted by systemd, in a container, they're pre-mounted and systemd doesn't unmount things on boot
[21:00] <sdeziel> indeed, now you've mentioned upstart being the reason for some of those FSes to be mounted by default. Upstart is probably no longer a concern, are you aware of other potential users of those?
[21:04] <stgraber> centos 6 sure still is a thing
[21:04] <sdeziel> oh, right upstart was a thing outside of Ubuntu
[21:05] <stgraber> yeah and even Ubuntu, 12.04 and 14.04 both have extended support so we can't really break them either
[21:06] <asbachb> stgraber: is it hard baked into lxd or can it be configured?
[21:07] <stgraber> it's hardcoded in LXD, you could use raw.lxc to clear it and set something else, but that will clear every single mount LXD does so you may run into some surprises
[21:08] <asbachb> stgraber: I see. Thanks.
[21:14] <sdeziel> so back to the previous question: should it be mounted by default on a physical/virtual Ubuntu machine?
[21:17] <sarnold> my knee-jerk reaction is it ought to be available only when the admin wants it
[21:20] <sdeziel> https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1912855
[21:20] <ubot3> Launchpad bug 1912855 in systemd (Ubuntu) "debugfs shouldn't be mounted by default" [Undecided, New]
[21:21] <sdeziel>  /sys/kernel/tracing is potentially also something that shouldn't be mounted by default
[21:23] <sdeziel> hmm, tracefs was created to allow tracing without depending on debugfs due to its security implications ;)
[21:25] <sarnold> thanks sdeziel
[21:30] <sdeziel> I've only done the easy part ;)
=== Napsterbater is now known as Guest4904
=== Napsterbater_ is now known as Napsterbater