| === vlm_ is now known as vlm | ||
| === scoobydoob is now known as scoobydoo | ||
| === scoobydoob is now known as scoobydoo | ||
| === scoobydoob is now known as scoobydoo | ||
| athos | good morning :) | 11:32 |
|---|---|---|
| pulasti | good morning mf | 12:43 |
| pulasti | (my friend) | 12:43 |
| ahasenack | sergiodj: hi, I am looking at that glewxxxx pr, and noticed armhf failed in https://launchpad.net/~sergiodj/+archive/ubuntu/nodejs-glewlwyd-openssl-fix/+packages but with no log | 13:08 |
| ahasenack | if you could retrigger it | 13:08 |
| ahasenack | (not that I'm testing in armhf, just for completeness) | 13:09 |
| === scoobydoob is now known as scoobydoo | ||
| ahasenack | athos: what does this versioning scheme mean again? "psr/container": "^2.0", | 14:18 |
| ahasenack | the ^ | 14:18 |
| ogra | "newer than" IIRC | 14:20 |
| schopin | Don't know the language but it usually means "semver compatible", i.e. >= 2.0 && < 3 | 14:20 |
| ahasenack | hm, https://getcomposer.org/doc/articles/versions.md#caret-version-range- maybe | 14:21 |
| athos | ahasenack: it a constraint to stick to semantic versioning compatible with 2.0 | 14:21 |
| athos | ahasenack: https://getcomposer.org/doc/articles/versions.md#next-significant-release-operators | 14:21 |
| ahasenack | "^1.2.3 is equivalent to >=1.2.3 <2.0.0" | 14:21 |
| athos | ahasenack: for our composer debhelper purposes, note that if the composer requirement has an '||' (e.g. ^2.0 || ^3.0) no version constraints will be added to the binary package Requires. Not sure if this is relevant for what you are doing there though :) | 14:24 |
| sergiodj | ahasenack: thanks for the heads up; I've retriggered the build now. it will probably take a long time because the armhf builders seem to be very busy | 15:08 |
| jrwren | systemctl status (and others) say: "Failed to connect to bus: Connection refused" I cannot reboot this node. Anyone know how I can recover? systemd is running, the socket is at /run/dbus/system_bus_socket | 16:58 |
| ahasenack | kanashiro: pcs is the new guy, crmsh is the obsolete one? Or reversed? | 18:15 |
| ahasenack | yep, just found this in the server guide: " | 18:26 |
| ahasenack | Note: pcs will likely replace crmsh in [main] repository in future Ubuntu versions. | 18:26 |
| ahasenack | " | 18:26 |
| rbasak | Yep it's that way round | 18:52 |
| kanashiro | ahasenack, sorry, my irc client did not notify me about your message. But yes, pcs is the new one | 19:10 |
| ahasenack | kanashiro: have you successfully used `crm cluster init` in focal or jammy? | 19:10 |
| kanashiro | ahasenack, I did not try that tbh, I've been using the scripts that I presented to the team | 19:11 |
| ahasenack | it doesn't seem to generate a valid corosync.conf | 19:11 |
| ahasenack | ok | 19:11 |
| kanashiro | and they set up the cluster "manually" (editing files) | 19:11 |
| kanashiro | for pcs I want to make sure the commands to set up the cluster are working and support all of that | 19:12 |
| ahasenack | it doesn't generate the `nodelist {}` block :/ | 19:13 |
| ahasenack | I wonder what crm does with the `--nodes="a b c"` parameter it is given then | 19:14 |
| kanashiro | yeah, redhat is not using crmsh and suse is still using it but I think they provide their own scripts to set up the cluster | 19:14 |
| ahasenack | ah, I needed to specify `-u`, for unicast | 19:20 |
| ahasenack | that got me further | 19:20 |
| ahasenack | I'm having to install csync2, and remove inetd because csync2 is socket activated | 19:22 |
| kanashiro | ahasenack, if you finish the setup configuration using crmsh it would be great to at least see what you did | 19:27 |
| ahasenack | yeah, I want to try crmsh, then pcs | 19:28 |
| ahasenack | then manual | 19:28 |
| ahasenack | or some other order, depending which one works first :) | 19:28 |
| ahasenack | do you commonly install `csync2`? | 19:28 |
| ahasenack | crm asks for it | 19:28 |
| kanashiro | no, I've never installed it manually | 19:28 |
| ahasenack | this is what's failing here now I think (I mean, the blocking failure) | 19:29 |
| ahasenack | May 20 19:26:03 f3 csync2[7734]: SSL: failed to use key file /etc/csync2_ssl_key.pem and/or certificate file /etc/csync2_ssl_cert.pem: Error while reading file. (GNUTLS_E_FILE_ERROR) | 19:29 |
| ahasenack | that pem file does not exist :P | 19:30 |
| kanashiro | I do not even know what csync2 does :) | 19:31 |
| ahasenack | something something keep files in sync between nodes | 19:31 |
| ahasenack | it's a Suggests of crmsh, probably because only this init command needs it, not the rest | 19:33 |
| kanashiro | yes | 19:33 |
| jrwren | I've a few 18.04 hosts I've noticed some strange behavior with unattended-upgrades. The first thing I noticed was it spinning forever (a month before I killed it) - when I run with -d I see many "adjusting candidate version" for packages and then "falling back to adjusting <PKG>'s dependencies recursively" and it just outputs that seemingly forever. I'm guessing there is some recursive dep that it | 19:43 |
| jrwren | can't resolv? anyone ever seen this or have advise? | 19:43 |
| samy1028 | Hello all, I have another problem with Ubuntu 20.04 FIPS on Azure. We're trying to install Zabbix-agent2 and I'm getting ":digital envelope routines:EVP_CipherInit_ex:disabled for FIPS:" when using a PSK for TLS connection. Any ideas? | 19:45 |
| ahasenack | jrwren: check if `apt-get -f install` gives you any hint | 19:46 |
| sarnold | jrwren: that reminds me a little bit of https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1396787 -- but it kind of looks like it should have been addressed a few years ago | 19:46 |
| ubottu | Launchpad bug 1396787 in unattended-upgrades (Ubuntu Bionic) "checking trust of archives eats a lot of cpu" [Undecided, Fix Released] | 19:46 |
| jrwren | ahasenack: nope. just a list of autoremoves. | 19:46 |
| samy1028 | I know this may not be strictly Ubuntu related as it's deploying from the Zabbix hosted Ubuntu package. | 19:46 |
| sarnold | samy1028: perhaps the peer you're trying to negotiate with doesn't support FIPS-allowed algorithms? | 19:47 |
| jrwren | the first thing I did was apt update ; apt install unattended-upgrades to make sure i had the latest unattended-upgrades package. | 19:48 |
| samy1028 | sarnold: hmm.. You know, we've been looking at the agent, perhaps it is the Zabbix server causing the issue, not the client. I'll pass that idea to my tech working on Zabbix. | 19:49 |
| samy1028 | (sometimes you just need a second set of eyes) :) | 19:49 |
| sarnold | samy1028: if the zabbix server is reachable by qualys's tls scanner, that might be worth starting up before going on a coffee break :) | 19:49 |
| sarnold | so true | 19:50 |
| sarnold | even asking on irc is often enough to help you find the problem yourself :) | 19:50 |
| sarnold | nothing quite like having a few hundred rubber ducks around to help debug a problem :) | 19:50 |
| * genii 's ears stick up for moment at the mention of coffee | 19:51 | |
| sarnold | mmm coffee | 19:53 |
| scortal | scortal here | 20:20 |
| sarnold | scortal: please stop that | 20:21 |
| scortal | scortal ubuntu server here. | 20:23 |
| yurtesen | utkarsh2102: but we also did not get any response from Debian people about my suggestion of removing the ownership config from the logrotate/syslog? or did we? | 20:26 |
| ahasenack | kanashiro: pcs is easier, just two extra steps needed that were not documented | 20:31 |
| ahasenack | `pcs cluster destroy` before starting | 20:31 |
| ahasenack | and `systemctl start corosync pacemaker` at the end, on each node | 20:31 |
| ahasenack | for some reason it didn't start the services after configuring them, I think | 20:31 |
| ahasenack | crmsh was a nightmare, all sorts of extra steps, and I couldn't get it to work in the end | 20:32 |
| kanashiro | ahasenack, nice, I'll try that as well | 20:32 |
| ahasenack | pcs is | 20:32 |
| ahasenack | pcs cluster destroy | 20:32 |
| ahasenack | passwd hacluster | 20:32 |
| ahasenack | pcs host auth node1 node2 node3 | 20:32 |
| ahasenack | pcs cluster setup myclustername node1 node2 node3 | 20:32 |
| ahasenack | `systemctl start corosync pacemaker` on each node | 20:32 |
| ahasenack | that gives the basic 3 cluster node, with no resources configured | 20:33 |
| ahasenack | I used focal, btw | 20:33 |
| ahasenack | not jammy | 20:33 |
| ahasenack | I was checking that `node1` thing that is focal only | 20:33 |
| ahasenack | ah, I may have missed `pcs cluster start --all` | 20:36 |
| samy1028 | sarnold: in case anyone else has the same problem with Zabbix and FIPS on Ubuntu, you have to add "TLSCipherPSK13=TLS_AES_128_GCM_SHA256" to the Zabbix server in order to allow zabbix-agent2 on Ubunto 20.04 FIPS to talk correctly over TLS PSK. | 21:17 |
| samy1028 | It was a server based issue, not the agent. You pointed us in the right direction sarnold. :) | 21:18 |
| scortal | ubuntu appsec ftw | 21:23 |
| sarnold | samy1028: woohoo, thanks for reporting back :D | 21:25 |
| samy1028 | that makes 3 FIPS related items found in the past week and a half. :) | 21:29 |
| samy1028 | One already has a patch in the ubuntu-advantage packages in 20.04. | 21:29 |
| samy1028 | just came out yesterday I think. | 21:29 |
| sarnold | yeah, FIPS is like a magical "find a lot of assumptions" button | 21:38 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!