[11:32] <athos> good morning :)
[12:43] <pulasti> good morning mf
[12:43] <pulasti> (my friend)
[13:08] <ahasenack> sergiodj: hi, I am looking at that glewxxxx pr, and noticed armhf failed in https://launchpad.net/~sergiodj/+archive/ubuntu/nodejs-glewlwyd-openssl-fix/+packages but with no log
[13:08] <ahasenack> if you could retrigger it
[13:09] <ahasenack> (not that I'm testing in armhf, just for completeness)
[14:18] <ahasenack> athos: what does this versioning scheme mean again?  "psr/container": "^2.0",
[14:18] <ahasenack> the ^
[14:20] <ogra> "newer than" IIRC
[14:20] <schopin> Don't know the language but it usually means "semver compatible", i.e. >= 2.0 && < 3
[14:21] <ahasenack> hm, https://getcomposer.org/doc/articles/versions.md#caret-version-range- maybe
[14:21] <athos> ahasenack: it a constraint to stick to semantic versioning compatible with 2.0
[14:21] <athos> ahasenack: https://getcomposer.org/doc/articles/versions.md#next-significant-release-operators
[14:21] <ahasenack> "^1.2.3 is equivalent to >=1.2.3 <2.0.0"
[14:24] <athos> ahasenack: for our composer debhelper purposes, note that if the composer requirement has an '||' (e.g. ^2.0 || ^3.0) no version constraints will be added to the binary package Requires. Not sure if this is relevant for what you are doing there though :)
[15:08] <sergiodj> ahasenack: thanks for the heads up; I've retriggered the build now.  it will probably take a long time because the armhf builders seem to be very busy
[16:58] <jrwren> systemctl status (and others) say: "Failed to connect to bus: Connection refused" I cannot reboot this node. Anyone know how I can recover? systemd is running, the socket is at /run/dbus/system_bus_socket
[18:15] <ahasenack> kanashiro: pcs is the new guy, crmsh is the obsolete one? Or reversed?
[18:26] <ahasenack> yep, just found this in the server guide: "
[18:26] <ahasenack>     Note: pcs will likely replace crmsh in [main] repository in future Ubuntu versions.
[18:26] <ahasenack> "
[18:52] <rbasak> Yep it's that way round
[19:10] <kanashiro> ahasenack, sorry, my irc client did not notify me about your message. But yes, pcs is the new one
[19:10] <ahasenack> kanashiro: have you successfully used `crm cluster init` in focal or jammy?
[19:11] <kanashiro> ahasenack, I did not try that tbh, I've been using the scripts that I presented to the team
[19:11] <ahasenack> it doesn't seem to generate a valid corosync.conf
[19:11] <ahasenack> ok
[19:11] <kanashiro> and they set up the cluster "manually" (editing files)
[19:12] <kanashiro> for pcs I want to make sure the commands to set up the cluster are working and support all of that
[19:13] <ahasenack> it doesn't generate the `nodelist {}` block :/
[19:14] <ahasenack> I wonder what crm does with the `--nodes="a b c"` parameter it is given then
[19:14] <kanashiro> yeah, redhat is not using crmsh and suse is still using it but I think they provide their own scripts to set up the cluster
[19:20] <ahasenack> ah, I needed to specify `-u`, for unicast
[19:20] <ahasenack> that got me further
[19:22] <ahasenack> I'm having to install csync2, and remove inetd because csync2 is socket activated
[19:27] <kanashiro> ahasenack, if you finish the setup configuration using crmsh it would be great to at least see what you did
[19:28] <ahasenack> yeah, I want to try crmsh, then pcs
[19:28] <ahasenack> then manual
[19:28] <ahasenack> or some other order, depending which one works first :)
[19:28] <ahasenack> do you commonly install `csync2`?
[19:28] <ahasenack> crm asks for it
[19:28] <kanashiro> no, I've never installed it manually
[19:29] <ahasenack> this is what's failing here now I think (I mean, the blocking failure)
[19:29] <ahasenack> May 20 19:26:03 f3 csync2[7734]: SSL: failed to use key file /etc/csync2_ssl_key.pem and/or certificate file /etc/csync2_ssl_cert.pem: Error while reading file. (GNUTLS_E_FILE_ERROR)
[19:30] <ahasenack> that pem file does not exist :P
[19:31] <kanashiro> I do not even know what csync2 does :)
[19:31] <ahasenack> something something keep files in sync between nodes
[19:33] <ahasenack> it's a Suggests of crmsh, probably because only this init command needs it, not the rest
[19:33] <kanashiro> yes
[19:43] <jrwren> I've a few 18.04 hosts I've noticed some strange behavior with unattended-upgrades. The first thing I noticed was it spinning forever (a month before I killed it) - when I run with -d I see many "adjusting candidate version" for packages and then "falling back to adjusting <PKG>'s dependencies recursively" and it just outputs that seemingly forever. I'm guessing there is some recursive dep that it 
[19:43] <jrwren> can't resolv? anyone ever seen this or have advise?
[19:45] <samy1028> Hello all, I have another problem with Ubuntu 20.04 FIPS on Azure.  We're trying to install Zabbix-agent2 and I'm getting ":digital envelope routines:EVP_CipherInit_ex:disabled for FIPS:" when using a PSK for TLS connection.  Any ideas?
[19:46] <ahasenack> jrwren: check if `apt-get -f install` gives you any hint
[19:46] <sarnold> jrwren: that reminds me a little bit of https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1396787 -- but it kind of looks like it should have been addressed a few years ago
[19:46] <jrwren> ahasenack: nope. just a list of autoremoves.
[19:46] <samy1028> I know this may not be strictly Ubuntu related as it's deploying from the Zabbix hosted Ubuntu package.
[19:47] <sarnold> samy1028: perhaps the peer you're trying to negotiate with doesn't support FIPS-allowed algorithms?
[19:48] <jrwren> the first thing I did was apt update ; apt install unattended-upgrades to make sure i had the latest unattended-upgrades package.
[19:49] <samy1028> sarnold: hmm..  You know, we've been looking at the agent, perhaps it is the Zabbix server causing the issue, not the client.  I'll pass that idea to my tech working on Zabbix.
[19:49] <samy1028> (sometimes you just need a second set of eyes) :)
[19:49] <sarnold> samy1028: if the zabbix server is reachable by qualys's tls scanner, that might be worth starting up before going on a coffee break :)
[19:50] <sarnold> so true
[19:50] <sarnold> even asking on irc is often enough to help you find the problem yourself :)
[19:50] <sarnold> nothing quite like having a few hundred rubber ducks around to help debug a problem :)
[19:51]  * genii 's ears stick up for moment at the mention of coffee
[19:53] <sarnold> mmm coffee
[20:20] <scortal> scortal here
[20:21] <sarnold> scortal: please stop that
[20:23] <scortal> scortal ubuntu server here.
[20:26] <yurtesen> utkarsh2102: but we also did not get any response from Debian people about my suggestion of removing the ownership config from the logrotate/syslog? or did we? 
[20:31] <ahasenack> kanashiro: pcs is easier, just two extra steps needed that were not documented
[20:31] <ahasenack> `pcs cluster destroy` before starting
[20:31] <ahasenack> and `systemctl start corosync pacemaker` at the end, on each node
[20:31] <ahasenack> for some reason it didn't start the services after configuring them, I think
[20:32] <ahasenack> crmsh was a nightmare, all sorts of extra steps, and I couldn't get it to work in the end
[20:32] <kanashiro> ahasenack, nice, I'll try that as well
[20:32] <ahasenack> pcs is
[20:32] <ahasenack> pcs cluster destroy
[20:32] <ahasenack> passwd hacluster
[20:32] <ahasenack> pcs host auth node1 node2 node3
[20:32] <ahasenack> pcs cluster setup myclustername node1 node2 node3
[20:32] <ahasenack> `systemctl start corosync pacemaker` on each node
[20:33] <ahasenack> that gives the basic 3 cluster node, with no resources configured
[20:33] <ahasenack> I used focal, btw
[20:33] <ahasenack> not jammy
[20:33] <ahasenack> I was checking that `node1` thing that is focal only
[20:36] <ahasenack> ah, I may have missed `pcs cluster start --all`
[21:17] <samy1028> sarnold: in case anyone else has the same problem with Zabbix and FIPS on Ubuntu, you have to add "TLSCipherPSK13=TLS_AES_128_GCM_SHA256" to the Zabbix server in order to allow zabbix-agent2 on Ubunto 20.04 FIPS to talk correctly over TLS PSK.
[21:18] <samy1028> It was a server based issue, not the agent.  You pointed us in the right direction sarnold. :)
[21:23] <scortal> ubuntu appsec ftw
[21:25] <sarnold> samy1028: woohoo, thanks for reporting back :D
[21:29] <samy1028> that makes 3 FIPS related items found in the past week and a half. :)
[21:29] <samy1028> One already has a patch in the ubuntu-advantage packages in 20.04.
[21:29] <samy1028> just came out yesterday I think.
[21:38] <sarnold> yeah, FIPS is like a magical "find a lot of assumptions" button