/srv/irclogs.ubuntu.com/2022/02/23/#ubuntu-server.txt

souldessinI will second the using of a command line editor. Personally, I use Emacs. After a little bit of configuring, I can start editing on any computer as if I was working on it for years. Instead of spending the time fighting to get a GUI, work towards getting a better feel for a terminal where it will do exactly what you tell it.01:49
=== genii is now known as genii-core
cpaelzergood morning05:53
lotuspsychje_morning cpaelzer 06:09
utkarsh2102\o06:19
=== lotuspsychje_ is now known as lotuspsychje
cpaelzergood morning06:38
mirespacegood morning08:19
papopepohello09:04
utkarsh2102\o09:31
athosGood morning :)10:38
athosnot entirely sure if I crafted this one right, but would anyone mind triggering this test:10:38
athoshttps://autopkgtest.ubuntu.com/request.cgi?release=jammy&arch=amd64&arch=arm64&arch=armhf&arch=ppc64el&arch=s390x&package=libreoffice&trigger=nss/2%3A3.68.2-0ubuntu1&trigger=libreoffice/1%3A7.3.1~rc1-0ubuntu310:38
utkarsh2102athos: done!10:39
athosthanks ;)10:40
mirespacehow do you test changes in other architectures? Would it be easier doing a recipe?11:16
ahasenackgood morning12:08
mirespacehi ahasenack12:09
ahasenackhi nmir12:10
ahasenackhi mirespace 12:10
mirespace:)12:10
ahasenackhi server guys, I could use reviews on freeradius and samba so I can hopefully upload them before feature freeze tomorrow12:37
athosahasenack: I will take freeradius. If nobody takes samba by the time I am done, I will do that one as well12:41
athosI will just need to step out for an hour or so now to solve some covid booster issues (the government did not enter my data into their system for some reason :/) and will jump right into it ;)12:43
sergiodjI can take samba12:43
sergiodjI was planning to take a look at it anyway12:43
ahasenackthanks athos12:45
ahasenackthanks sergio12:45
cpaelzerthanks athos and sergiodj for these fast reviews12:52
ahasenackathos: sergiodj I'll trade and go over the postgresql prs13:08
sergiodjahasenack: thanks13:09
athosthanks :)14:15
sergiodjcpaelzer: ahasenack has reviewed and approved my postgresql-13 MRE.  would you like to take a look or can I go ahead and upload it?14:18
=== lotuspsychje_ is now known as lotuspsychje
cpaelzersergiodj: I'll have a look after a call I'm in14:30
cpaelzersergiodj: not that I expect anything to be wrong, but better look before than complain after14:31
kanashiroaride, I am not sure what happened but the test script for the HA iSCSI target resources is missing from the main branch in server-test-scripts repo14:35
kanashiroparide, ^14:35
paridehmm14:36
paridelet me check14:36
kanashiroif you check the merge commit here it will not be present in any branch: https://github.com/canonical/server-test-scripts/pull/15114:36
ubottuPull 151 in canonical/server-test-scripts "Test iSCSI target resources" [Merged]14:36
kanashiroI can restore the branch I used to implement this (I removed it after the merge)14:37
paridekanashiro, just to cross-check, what's the HEAD of the branch where you developed resource_iscsi_target_test.sh? b397eb0f9936eb3db52e138d7884d09e5356de5e ?14:42
kanashiroparide, yes, that's the commit hash14:43
parideyes that14:43
paridekanashiro, OK, I'm not sure of what happened TBH. I have a copy of the branch locally, re-merging it14:44
kanashiroparide, thanks14:45
paridekanashiro, done and I retriggered ha-agent-virsh-jammy-resource_iscsi_target to be sure it's all fine14:46
kanashiroawesome ;)14:46
sergiodjcpaelzer: ack14:48
paridekanashiro, test passed, all good15:01
kanashiro\o/15:01
sergiodjbryyce: hey, is it OK if I get the openvpn merge?15:04
bryycesergiodj, sure15:08
sergiodjbryyce: thanks15:08
ahasenacksergiodj: oops, sorry about the d/changelog version mess. I reconstruct the changelog from git commits, but that doesn't have the version, which I have to paste in everytime. This time I missed "some numbers", heh15:57
=== genii-core is now known as genii
sergiodjahasenack: np; I saw the right version in the PPA, so I knew that this was just a small hiccup in the merge process15:58
smoserahasenack: still appropriate here to request import packages ? i'd like to have dracut imported.16:46
ahasenacksure16:46
ahasenacksmoser: added to the import queue, I'll let you know when it's done16:47
xnoxathos:  one can specify multiple arches simultaniously?!16:52
xnoxathos:  i used to always generate one click per arch.16:53
ahasenackwait, what?17:04
ahasenackautopkgtest retries?17:04
smoser /o\17:05
tewardany of the server guys got any good *up to date* guide on how to integrate LDAP / Active Directory access into a server env?  Everything I find has not been updated since 2013, or Canonical whitepapers that're hiding behind a subscribewall...17:14
athosxnox: yeah, from the results, it just picked up the first param17:17
ahasenackteward: I wrote something for the ubuntu server guide, would be interested in your opinion/results17:20
tewardahasenack: link?  'cause Google is failing me hardcore today17:20
teward(is it sssd driven?)17:20
teward(just curious)17:20
ahasenackyes17:20
ahasenackteward: https://ubuntu.com/server/docs/service-sssd17:20
tewardahasenack: thanks, i'll let you know.  this may be one of the few times I have to AD integrate the system at FT job, because it's going to be PAM integrated with JupyterHub which can use PAM for authentication >.<17:21
ahasenackit's also doable with just samba components, sure17:21
ahasenackif you are planning in using a samba server joined to the domain, then maybe using winbind is best17:21
ahasenackin any case, we went through some great lenghts to get realmd/adcli updated and in ubuntu main to get that working17:22
ahasenackbut there are many knobs to turn, obviously17:22
ahasenackthe simple case is what is in the guide, maybe a good enough starting point17:22
tewardall we need is the user PAM integration17:23
tewardno shares, etc. in use here :P17:24
ahasenackso a workstation authenticating against AD?17:24
tewardserver authenticating against AD in this case, but ye.17:24
ahasenackthen I would take the sssd approach17:24
tewardyep17:24
tewardthat's the plan17:24
ahasenackit handles sid/uid translation automatically. With winbind you have to pick a range17:24
tewardyeah the only guides I found were pam_ldap nss_ldap (2013 in the WIki), winbind (2015), and i know SSSD is a newer way so i was hunting the docs17:25
ahasenackjust beware if you are doing that inside containers (lxd), because they have a limited uid/gid range, and the range sssd picks is quite high17:25
tewardthere USED to be a whitepaper on this with SSSD but i'm lazy :P17:25
tewardahasenack: how fortunate this is a VM :P17:25
ahasenackshould be fine17:26
tewardbut yeah indeed.  i'm waiting on the VMware person to deploy the system then i'll have access, will let you know how my progress goes17:26
ahasenacksergiodj: I didn't remove the dh_perl override because I wasn't sure if the normal debhelper call included that -a parameter used in the override (dh_perl -a), do you know?17:27
ahasenackotherwise I'll do a build without the override and see how dh_perl is called17:27
pksatoHello, I have a issue with php-fpm and email() function, and I not have a current plan on install any replacemente to mail(). Ubuntu 20.04.3 php from ondrej. System email is working as intended.   But mail() don't  nooting, no email, no error, just 'silence'. Any direction?17:29
sergiodjahasenack: that "-a" parameter is used for arch-dependent rules, and given that the override is for dh_perl-arch, then yeah, the "-a" should be added automatically17:31
sergiodjit's a good idea to build the package without it just to confirm, but if it's too much trouble then I'm OK with keeping the override there FWIW17:32
ahasenackok17:32
* sergiodj -> lunch17:33
ahasenacksmoser: done https://code.launchpad.net/ubuntu/+source/dracut17:40
ahasenack(and will be kept up-to-date from now on)17:40
smoserthank you.17:41
=== MJCD is now known as MJCDzZz
pksatomy issue with php mail() solved. After 'moving' msmtprc to other directory, start showing apparmor error logs. add new dir to apparmor and start sending mail. :P. 18:13
tewardahasenack: looks like it worked fine, but i have a question on sssd - can you restrict it so only certain AD groups can actually login?19:27
ahasenackprobably, there are many tunables for sssd.conf19:28
ahasenackalso be sure to check the provider-specific manpages, i.e., sssd-ad19:28
sergiodjOK, vsftpd MP is up, and realmd MP has just been reviewed19:50
sergiodjnow onto investigating what's going on with the grafana snap19:51
=== shokohsc4 is now known as shokohsc
=== Morfeus^ is now known as list
=== list is now known as Morfeus^
utkarsh2102sergiodj: I'll take vsftpd :)21:05
sergiodjutkarsh2102: thanks21:09
kilroyso I thought I set up the GRE tunneling correctly, but they won't talk to one onther 22:19
kilroyhttps://0bin.net/paste/JPvpb1RN#8D7HrKppIqCtMFVYzndtAFO-xRBiBEY6SI/YGvSsc/j22:22
sdezielkilroy: are you seeing your GRE packets showing in tcpdump on both sides?22:33
kilroylet me check22:33
kilroyI think so?22:36
sdezielkilroy: `sudo tcpdump -ni any proto gre` should provide a definitive answer22:37
kilroyno I am not seeing anything22:39
sdezielkilroy: can you share the steps you've done to configure both sides?22:41
kilroyon server 1 ping 10.10.10.2 (server 2)22:41
kilroyon server 2 ping 10.10.10.1 (server 1)22:41
kilroyoh config22:41
kilroysorry I thought you said capture 22:41
kilroyI used this https://www.xmodulo.com/create-gre-tunnel-linux.html22:42
sdezielkilroy: cool, I just tested with the same reference. My only divergence were: replace gre0 by gre1 (like you) and omit the `local` part as this one is then autofilled by the kernel22:43
kilroyI only used gre1 because I could not use gre1 and do you want me to remove the gre1 and try with out the local part22:44
sdezielkilroy: `permaddr 127.0.0.1` in your paste is something I don't see here22:44
kilroyyea I don't know were that came from22:44
kilroymight of been from me testing22:45
sdezielkilroy: yeah, you can try leaving the local part out, one less source of possible mistake22:45
kilroyok22:45
sdezielkilroy: it is only useful if you have multiple IPs locally and want your GRE traffic to come from a specific one22:46
kilroyI am trying two remote servers22:48
kilroyI think it is working now22:51
sdezielkilroy: cool now if you want to have that tunnel brought up on boot, you might want to put it in Netplan22:52
kilroynetplan? is that that .yaml file that I never touch because I end up breaking it?22:53
sdezielkilroy: here's an example https://termbin.com/ylt222:53
kilroyok thank you so much sdeziel 22:54
sdezielkilroy: you are weldome22:54
sdezielwelcome*22:54
kilroynow that is working I just need to figure out step 222:55
sdezielkilroy: lastly, the `local: 0.0.0.0` in the above is to please netplan and let the kernel autoselect the right source (same as omitting the local param in your `ip tunnel` command)22:55
kilroyah22:56
sdezielwhat's step 2?22:57
kilroymake it so website traffic goes from server 2 to server 1 with out messing up the current website 22:58
kilroymake it so website traffic goes from server 2 to server 1 with out messing up the current website on server 222:58
sdezielOK, good luck and pipe up if you run into some problem23:02
kilroyok thank you again sdeziel 23:23

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!